Update NIST PQC Algorithms in X.509 Certificates and CMS

[Guiliano99]

The CMP test suite currently lacks finished coverage for X.509 certificates that use the
NIST-standardized post-quantum algorithms (ML-KEM, ML-DSA, SLH-DSA) with final LAMPS profiles.
This includes issuing, parsing, and validating certificates and PKIMessages that use these algorithms.

Motivation and Context

• The final FIPS releases (203/204/205) are the baseline for PQC adoption in X.509 PKI.
• Several CMP flows rely on correct PQC certificate handling across Robot Framework suites
  and Python utilities.
• Aligning with the published LAMPS specifications keeps the suite interoperable with
  other PQC-enabled ecosystems.

Desired Support

• Fix references to drafts inside the RF test cases.
• Check if the Robot Framework test cases cover all necessary scenarios and conditions.
• Add the test cases to the SERVER_PQC_AND_HYBRID_TEST_COVERAGE.md and
  SERVER_ALGORITHM_TEST_COVERAGE.md files.

Required Work Items

1. Refresh data/rfc_test_vectors/ to match the finalized RFC artifacts and unit tests, if needed.

2. Validate existing test cases
   Validate the existing Robot Framework test cases in tests_pq_and_hybrid/ to ensure they cover:

   • Issuance of certificates with ML-KEM, ML-DSA, and SLH-DSA algorithms.
   • Parsing and validation of such certificates in various CMP message types
     (P10CR, IR, CR, KUR, RR).

3. Add minimal examples
   Add minimal examples inside
   kem_tests.robot and
   pq_sig_tests.robot.
   Use a configuration variable to define the default algorithm for all three supported PQC algorithms.

4. Update generation scripts
   Update
   generate_alg_test_cases.py and
   generate_pki_prot_tests.py
   to generate verbose test cases for all three algorithms inside:

   • kem_tests.robot
   • pq_sig_alg.robot
   • pq_sig_pkiprotection.robot

5. Add verbose parameter-set tests
   Add verbose tests for all different parameter sets of ML-KEM, ML-DSA, and SLH-DSA algorithms inside:

   • kem_alg.robot
   • pq_sig_alg.robot
   • generate_pki_prot_tests.py

6. Run and verify with MockCA
   Run the tests against MockCA, fix any issues found during testing, or open a new issue for later resolution.

7. Update the REFERENCES.md to match the final RFCs.

Should be added later

• Add Certificate Confirmation tests to check the usage of the correct hash algorithm
  inside the certConf messages and the correct acceptance with a returned pkiconf message.
  To perform this test, the CA must know which signing algorithm should be used,
  so for simplicity a new URL endpoint is advised. Unless there is a better solution.

• There is no official solution, so it is advised to use, for SLH-DSA, the hash algorithm
  defined in the CMS RFC. For ML-DSA, it is advised to use SHA-512 as the hash algorithm.

Test Coverage

• Ensure Robot suites under tests_pq_and_hybrid/ validate both
  acceptance and rejection paths for the final PQC certificate standards.
• Update ALGORITHM_TEST_COVERAGE.md and SERVER_TEST_COVERAGE.md to reflect the new PQC scenarios.

Implementation Notes

• Existing test cases for draft versions of the algorithms should be reviewed and potentially adapted.
• Should wait until all RFCs are published.

References

• FIPS 203 — Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM).
• FIPS 204 — Module-Lattice-Based Digital Signature Algorithm (ML-DSA).
• FIPS 205 — Stateless Hash-Based Digital Signature Algorithm (SLH-DSA).
• RFC 9814 — Use of the SLH-DSA Signature Algorithm in CMS.
• RFC 9882 — Use of the ML-DSA Signature Algorithm in CMS.
• RFC 9881 — Use of the ML-DSA in X.509.*
• RFC 9909 — Use of the SLH-DSA in X.509..*

Latest LAMPS Drafts

• draft-ietf-lamps-kyber-certificates (in RFC Ed Queue)
• draft-ietf-lamps-cms-kyber: Use of ML-KEM in CMS (RFC Ed Queue)