diff --git a/cryptotest/tests/KEMTests.java b/cryptotest/tests/KEMTests.java index c218673..b1ab6ca 100644 --- a/cryptotest/tests/KEMTests.java +++ b/cryptotest/tests/KEMTests.java @@ -114,6 +114,8 @@ protected void checkAlgorithm(Provider.Service service, String alias) throws Alg KeyPairGenerator kpg = null; if (service.getAlgorithm().equals("DHKEM")) { kpg = KeysNaiveGenerator.getKeyPairGenerator("X25519", service.getProvider()); + } else if (service.getAlgorithm().startsWith("ML-")) { + kpg = KeysNaiveGenerator.getKeyPairGenerator(service.getAlgorithm(), service.getProvider()); } else { throw new RuntimeException("Unsupported KEM algorithm: " + service.getAlgorithm()); } diff --git a/cryptotest/tests/KeyFactoryTests.java b/cryptotest/tests/KeyFactoryTests.java index 41f7bf5..3a7ce2e 100644 --- a/cryptotest/tests/KeyFactoryTests.java +++ b/cryptotest/tests/KeyFactoryTests.java @@ -106,7 +106,7 @@ protected void checkAlgorithm(Provider.Service service, String alias) throws Alg privateKeySpec = keyFactory.getKeySpec(kp.getPrivate(), privateKeyClass); publicKeySpec = keyFactory.getKeySpec(kp.getPublic(), publicKeyClass); } - } else if (service.getAlgorithm().contains("DSA")) { + } else if (service.getAlgorithm().contains("DSA") && !service.getAlgorithm().startsWith("ML-")) { KeyPair kp = KeysNaiveGenerator.getDsaKeyPair(p); translated = keyFactory.translateKey(kp.getPublic()); if (!pkcs11fips) { @@ -123,26 +123,11 @@ protected void checkAlgorithm(Provider.Service service, String alias) throws Alg privateKeySpec = keyFactory.getKeySpec(kp.getPrivate(), RSAPrivateKeySpec.class); publicKeySpec = keyFactory.getKeySpec(kp.getPublic(), RSAPublicKeySpec.class); } - } else if (service.getAlgorithm().contains("X25519")) { - KeyPairGenerator kpg = KeysNaiveGenerator.getKeyPairGenerator("X25519", p); - KeyPair kp = kpg.generateKeyPair(); - translated = keyFactory.translateKey(kp.getPublic()); - if (!pkcs11fips) { - // pkcs11 provider in FIPS mode cannot obtain RAW keys - privateKeySpec = keyFactory.getKeySpec(kp.getPrivate(), PKCS8EncodedKeySpec.class); - publicKeySpec = keyFactory.getKeySpec(kp.getPublic(), X509EncodedKeySpec.class); - } - } else if (service.getAlgorithm().contains("X448")) { - KeyPairGenerator kpg = KeysNaiveGenerator.getKeyPairGenerator("X448", p); - KeyPair kp = kpg.generateKeyPair(); - translated = keyFactory.translateKey(kp.getPublic()); - if (!pkcs11fips) { - // pkcs11 provider in FIPS mode cannot obtain RAW keys - privateKeySpec = keyFactory.getKeySpec(kp.getPrivate(), PKCS8EncodedKeySpec.class); - publicKeySpec = keyFactory.getKeySpec(kp.getPublic(), X509EncodedKeySpec.class); - } - } else if (service.getAlgorithm().contains("XDH")) { - KeyPairGenerator kpg = KeysNaiveGenerator.getKeyPairGenerator("XDH", p); + } else if (service.getAlgorithm().contains("X25519") + || service.getAlgorithm().contains("X448") + || service.getAlgorithm().contains("XDH") + || service.getAlgorithm().startsWith("ML-")) { + KeyPairGenerator kpg = KeysNaiveGenerator.getKeyPairGenerator(service.getAlgorithm(), p); KeyPair kp = kpg.generateKeyPair(); translated = keyFactory.translateKey(kp.getPublic()); if (!pkcs11fips) { diff --git a/cryptotest/tests/KeyPairGeneratorTests.java b/cryptotest/tests/KeyPairGeneratorTests.java index f9a7375..561f103 100644 --- a/cryptotest/tests/KeyPairGeneratorTests.java +++ b/cryptotest/tests/KeyPairGeneratorTests.java @@ -80,6 +80,14 @@ protected void checkAlgorithm(Provider.Service service, String alias) throws keySize = 2048; } else if (service.getAlgorithm().contains("RSA")) { keySize = 2048; + } else if (service.getAlgorithm().contains("ML-")) { + // keySize is intentionally -1 here, KPG of this provider [1] + // does not override default initialize method [2], + // internal (in-tree) tests do the same [3], see: + // [1] https://github.com/openjdk/jdk/blob/da2b4f0749dffc99fa42c7311fbc74231af273bd/src/java.base/share/classes/com/sun/crypto/provider/ML_KEM_Impls.java#L40 + // [2] https://github.com/openjdk/jdk/blob/da2b4f0749dffc99fa42c7311fbc74231af273bd/src/java.base/share/classes/sun/security/provider/NamedKeyPairGenerator.java#L153 + // [3] https://github.com/openjdk/jdk/blob/da2b4f0749dffc99fa42c7311fbc74231af273bd/test/jdk/sun/security/provider/all/Deterministic.java#L208 + keySize = -1; } keyPairGenerator.initialize(keySize, random); KeyPair pair = keyPairGenerator.genKeyPair(); diff --git a/cryptotest/tests/SignatureTests.java b/cryptotest/tests/SignatureTests.java index f7f85c5..6192160 100644 --- a/cryptotest/tests/SignatureTests.java +++ b/cryptotest/tests/SignatureTests.java @@ -99,7 +99,7 @@ protected void checkAlgorithm(Provider.Service service, String alias) throws Alg } } key = getEcPrivateKey(service.getProvider()); - } else if (service.getAlgorithm().equals("Ed25519") || service.getAlgorithm().equals("EdDSA") || service.getAlgorithm().equals("Ed448")) { + } else if (service.getAlgorithm().equals("Ed25519") || service.getAlgorithm().equals("EdDSA") || service.getAlgorithm().equals("Ed448") || service.getAlgorithm().startsWith("ML-")) { KeyPairGenerator kpg = KeyPairGenerator.getInstance(service.getAlgorithm(), service.getProvider()); KeyPair kp = kpg.generateKeyPair(); key = kp.getPrivate();