The private key encoding formats of ML-KEM and ML-DSA are updated to match the latest IERTF drafts at: https://datatracker.ietf.org/doc/html/draft-ietf-lamps-dilithium-certificates-06 and https://datatracker.ietf.org/doc/html/draft-ietf-lamps-kyber-certificates-07. Most importantly, the seed used to generate a key pair is now stored in the private key.
Both the seed and the expanded format are stored inside a `NamedPKCS8Key` now. When loading from a PKCS #8 key that contains the seed, both fields will be filled. If the PKCS #8 encoding only contains the expanded key (which does not conform to the current drafts but might have been created earlier), the expanded key will be read and used in KEM and signature operations. ------------- Commit messages: - clean executable bits - the fix Changes: https://git.openjdk.org/jdk/pull/23376/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=23376&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8347938 Stats: 1744 lines in 19 files changed: 1375 ins; 302 del; 67 mod Patch: https://git.openjdk.org/jdk/pull/23376.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/23376/head:pull/23376 PR: https://git.openjdk.org/jdk/pull/23376
