git.stella-ops.org/src/__Libraries/StellaOps.Cryptography.Plugin.PqSoft/PqSoftCryptoProvider.KeyFactory.cs

using Org.BouncyCastle.Crypto.Digests;
using Org.BouncyCastle.Crypto.Generators;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Crypto.Prng;
using Org.BouncyCastle.Pqc.Crypto.Falcon;
using Org.BouncyCastle.Security;
using StellaOps.Cryptography;
using System;

namespace StellaOps.Cryptography.Plugin.PqSoft;

public sealed partial class PqSoftCryptoProvider
{
    private static PqKeyEntry CreateDilithiumEntry(CryptoSigningKey signingKey)
    {
        var parameters = MLDsaParameters.ml_dsa_65;

        var random = CreateSeededRandom(signingKey.PrivateKey);
        var generator = new MLDsaKeyPairGenerator();
        generator.Init(new MLDsaKeyGenerationParameters(random, parameters));
        var pair = generator.GenerateKeyPair();

        var priv = (MLDsaPrivateKeyParameters)pair.Private;
        var pub = (MLDsaPublicKeyParameters)pair.Public;

        var descriptor = new CryptoSigningKey(
            signingKey.Reference,
            SignatureAlgorithms.Dilithium3,
            priv.GetEncoded(),
            signingKey.CreatedAt,
            signingKey.ExpiresAt,
            pub.GetEncoded(),
            signingKey.Metadata);

        return new MLDsaKeyEntry(descriptor, priv, pub);
    }

    private static PqKeyEntry CreateFalconEntry(CryptoSigningKey signingKey)
    {
        var parameters = FalconParameters.falcon_512;
        var random = CreateSeededRandom(signingKey.PrivateKey);
        var generator = new FalconKeyPairGenerator();
        generator.Init(new FalconKeyGenerationParameters(random, parameters));
        var pair = generator.GenerateKeyPair();

        var priv = (FalconPrivateKeyParameters)pair.Private;
        var pub = (FalconPublicKeyParameters)pair.Public;

        var descriptor = new CryptoSigningKey(
            signingKey.Reference,
            SignatureAlgorithms.Falcon512,
            priv.GetEncoded(),
            signingKey.CreatedAt,
            signingKey.ExpiresAt,
            pub.GetEncoded(),
            signingKey.Metadata);

        return new FalconKeyEntry(descriptor, priv, pub);
    }

    private static SecureRandom CreateSeededRandom(ReadOnlyMemory<byte> seed)
    {
        var generator = new DigestRandomGenerator(new Sha512Digest());
        generator.AddSeedMaterial(seed.ToArray());
        return new SecureRandom(generator);
    }
}