search

bcgit / bc-java

Bouncy Castle Java Distribution (Mirror)
https://www.bouncycastle.org/java.html
MIT License
2.28k stars 1.13k forks source link

Dilithium object identifier mismatch with OQS provider #1583

Closed hwupathum closed 6 months ago

hwupathum commented 7 months ago

Hi,

We have a problem when trying to use a Dilithium keypair created using liboqs with BC provider. Since OIDs for Dilithium in BC and OQS are different, the code gives InvalidKeyException.

KeyStore keyStore = getKeystore(KEYS_FILE, KEYSTORE_PASSWORD);
PrivateKey privateKey = getPrivateKey(keyStore, KEY_ALIAS, KEYSTORE_PASSWORD);

String message = "Sign this message";

Signature sig = Signature.getInstance(DILITHIUM_3, "BC");
sig.initSign(privateKey);
sig.update(message.getBytes());
System.out.println(sig.sign());
Unable to get private key from KeyStore: Get Key failed: 1.3.6.1.4.1.2.267.7.6.5 KeyFactory not available
unknown private key passed to Dilithium
Exception in thread "main" java.lang.RuntimeException: java.security.InvalidKeyException: unknown private key passed to Dilithium
    at org.example.CryptoUtil.sign(CryptoUtil.java:21)
    at org.example.Main.signDilithium3(Main.java:64)
    at org.example.Main.main(Main.java:85)
Caused by: java.security.InvalidKeyException: unknown private key passed to Dilithium
    at org.bouncycastle.pqc.jcajce.provider.dilithium.SignatureSpi.engineInitSign(Unknown Source)
    at java.base/java.security.Signature.initSign(Signature.java:635)
    at org.example.CryptoUtil.sign(CryptoUtil.java:16)
    ... 2 more

Following are the OIDs for Dilithium 3

dghgit commented 7 months ago

The BC OID is actually an OQS OID but it's for the most recent version of Dilithium, as described in the draft of FIPS PUB 204 - the keys have changed so I'm not even sure if you'd be able to load the old one if the OID did match.

The current "official" OID table is here:

https://github.com/IETF-Hackathon/pqc-certificates/blob/master/docs/oid_mapping.md

I have no idea why:

https://github.com/open-quantum-safe/oqs-provider/blob/main/ALGORITHMS.md

is still referring to the old one. I thought the library had been updated (perhaps it has, just not the documentation).

I'd recommend converting the key to the new OID, it might still work, you may need to regenerate it otherwise.

cipherboy commented 6 months ago

OQS now supports ML-DSA keys officially (latest draft spec), which matches the OIDs we use. Therefore, closing.