Merge pull request #137 from dghgit/master

addition of pre-hash certificates
IETF-Hackathon · Sep 30, 2024 · 8f1f6bb · 8f1f6bb
2 parents 1caea6e + dc1fc88
commit 8f1f6bb
Show file tree

Hide file tree

Showing 4 changed files with 120 additions and 1 deletion.
diff --git a/providers/bc/artifacts_certs_r3.zip b/providers/bc/artifacts_certs_r3.zip
diff --git a/providers/bc/src/main/java/R3ArtifactGenerator.java b/providers/bc/src/main/java/R3ArtifactGenerator.java
@@ -75,6 +75,9 @@ public class R3ArtifactGenerator
             NISTObjectIdentifiers.id_ml_dsa_44,
             NISTObjectIdentifiers.id_ml_dsa_65,
             NISTObjectIdentifiers.id_ml_dsa_87,
+            NISTObjectIdentifiers.id_hash_ml_dsa_44_with_sha512,
+            NISTObjectIdentifiers.id_hash_ml_dsa_65_with_sha512,
+            NISTObjectIdentifiers.id_hash_ml_dsa_87_with_sha512,
             BCObjectIdentifiers.falcon_512,
             BCObjectIdentifiers.falcon_1024,
             NISTObjectIdentifiers.id_slh_dsa_sha2_128f,
@@ -89,6 +92,18 @@ public class R3ArtifactGenerator
             NISTObjectIdentifiers.id_slh_dsa_shake_192s,
             NISTObjectIdentifiers.id_slh_dsa_shake_256f,
             NISTObjectIdentifiers.id_slh_dsa_shake_256s,
+            NISTObjectIdentifiers.id_hash_slh_dsa_sha2_128f_with_sha256,
+            NISTObjectIdentifiers.id_hash_slh_dsa_sha2_128s_with_sha256,
+            NISTObjectIdentifiers.id_hash_slh_dsa_sha2_192f_with_sha512,
+            NISTObjectIdentifiers.id_hash_slh_dsa_sha2_192s_with_sha512,
+            NISTObjectIdentifiers.id_hash_slh_dsa_sha2_256f_with_sha512,
+            NISTObjectIdentifiers.id_hash_slh_dsa_sha2_256s_with_sha512,
+            NISTObjectIdentifiers.id_hash_slh_dsa_shake_128f_with_shake128,
+            NISTObjectIdentifiers.id_hash_slh_dsa_shake_128s_with_shake128,
+            NISTObjectIdentifiers.id_hash_slh_dsa_shake_192f_with_shake256,
+            NISTObjectIdentifiers.id_hash_slh_dsa_shake_192s_with_shake256,
+            NISTObjectIdentifiers.id_hash_slh_dsa_shake_256f_with_shake256,
+            NISTObjectIdentifiers.id_hash_slh_dsa_shake_256s_with_shake256,
             MiscObjectIdentifiers.id_MLDSA44_RSA2048_PSS_SHA256,
             MiscObjectIdentifiers.id_MLDSA44_RSA2048_PKCS15_SHA256,
             MiscObjectIdentifiers.id_MLDSA44_Ed25519_SHA512,
@@ -113,6 +128,9 @@ public class R3ArtifactGenerator
             "ml-dsa-44",
             "ml-dsa-65",
             "ml-dsa-87",
+            "ml-dsa-44-with-sha512",
+            "ml-dsa-65-with-sha512",
+            "ml-dsa-87-with-sha512",
             "falcon-512",
             "falcon-1024",
             "slh-dsa-sha2-128f",
@@ -127,6 +145,18 @@ public class R3ArtifactGenerator
             "slh-dsa-shake-192s",
             "slh-dsa-shake-256f",
             "slh-dsa-shake-256s",
+            "slh-dsa-sha2-128f-with-sha256",
+            "slh-dsa-sha2-128s-with-sha256",
+            "slh-dsa-sha2-192f-with-sha512",
+            "slh-dsa-sha2-192s-with-sha512",
+            "slh-dsa-sha2-256f-with-sha512",
+            "slh-dsa-sha2-256s-with-sha512",
+            "slh-dsa-shake-128f-with-shake128",
+            "slh-dsa-shake-128s-with-shake128",
+            "slh-dsa-shake-192f-with-shake256",
+            "slh-dsa-shake-192s-with-shake256",
+            "slh-dsa-shake-256f-with-shake256",
+            "slh-dsa-shake-256s-with-shake256",
             "MLDSA44-RSA2048-PSS-SHA256",
             "MLDSA44-RSA2048-PKCS15-SHA256",
             "MLDSA44-Ed25519-SHA512",
@@ -375,7 +405,7 @@ public static void main(String[] args)
             KeyPairGenerator kpGen = KeyPairGenerator.getInstance(sigAlgorithms[alg].getId());
 
             KeyPair taKp = kpGen.generateKeyPair();
-
+                    
             X509Certificate taCert = createTACertificate(sigAlgNames[alg], taKp);
 
             //derOutput(aDir, sigAlgorithms[alg] + "_ta.der", taCert);

diff --git a/providers/bc/src/main/java/Verify.java b/providers/bc/src/main/java/Verify.java
@@ -0,0 +1,77 @@
+import java.io.ByteArrayInputStream;
+import java.io.FileInputStream;
+import java.io.FileReader;
+import java.security.Security;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+
+import org.bouncycastle.cert.X509CertificateHolder;
+import org.bouncycastle.jcajce.provider.asymmetric.X509;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.openssl.PEMParser;
+import org.bouncycastle.util.io.Streams;
+
+public class Verify
+{
+    public static void main(String[] args)
+        throws Exception
+    {
+        Security.addProvider(new BouncyCastleProvider());
+
+        CertificateFactory certFact = CertificateFactory.getInstance("X.509", "BC");
+
+        if (args.length != 2)
+        {
+            System.out.println("usage: " + "Verify self-signed <certfile>");
+        }
+        else if (args[0].equals("self-signed"))
+        {
+            byte[] data = null;
+            if (args[1].endsWith(".pem"))
+            {
+                PEMParser pemPrs = new PEMParser(new FileReader(args[1]));
+
+                X509CertificateHolder hld = (X509CertificateHolder)pemPrs.readObject();
+
+                pemPrs.close();
+
+                data = hld.getEncoded();
+            }
+            else if (args[1].endsWith(".der"))
+            {
+                FileInputStream fIn = new FileInputStream((args[1]));
+
+                data = Streams.readAll(fIn);
+
+                fIn.close();
+            }
+            else
+            {
+                System.out.println("unknown file: " + args[1]);
+                System.exit(1);
+            }
+
+            X509Certificate cert = (X509Certificate)certFact.generateCertificate(new ByteArrayInputStream(data));
+
+            try
+            {
+                cert.verify(cert.getPublicKey());
+
+                System.out.println(args[1] + " verified");
+                System.exit(0);
+            }
+            catch (Exception e)
+            {
+                System.out.println(args[1] + " failed verification");
+                System.exit(1);
+            }
+        }
+        else
+        {
+            System.out.println("unknown command: " + args[0]);
+        }
+
+        System.exit(1);
+    }
+}
+
diff --git a/providers/bc/verify_r3.sh b/providers/bc/verify_r3.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+set -e
+
+
+cd $SCRIPT_DIR
+
+base=`cat lib/beta.ver`
+
+javac -d classes -cp lib/bcprov-${base}.jar:lib/bcutil-${base}.jar:lib/bcpkix-${base}.jar src/main/java/*.java
+
+java -cp classes:lib/bcprov-${base}.jar:lib/bcutil-${base}.jar:lib/bcpkix-${base}.jar Verify self-signed $1