Skip to content

Commit 326c037

Browse files
author
royb
committed
Updated tls and fixed x9146 bugs. Updated codepoints
1 parent 631757d commit 326c037

22 files changed

Lines changed: 1283 additions & 596 deletions

tls/src/main/java/org/bouncycastle/jsse/provider/SignatureSchemeInfo.java

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -72,9 +72,9 @@ private enum All
7272
sm2sig_sm3(SignatureScheme.sm2sig_sm3, "SM3withSM2", "EC"),
7373

7474
// TODO[tls] Need mechanism for restricting signature schemes to TLS 1.3+ before adding
75-
// DRAFT_mldsa44(SignatureScheme.DRAFT_mldsa44, "ML-DSA-44", "ML-DSA-44"),
76-
// DRAFT_mldsa65(SignatureScheme.DRAFT_mldsa65, "ML-DSA-65", "ML-DSA-65"),
77-
// DRAFT_mldsa87(SignatureScheme.DRAFT_mldsa87, "ML-DSA-87", "ML-DSA-87"),
75+
DRAFT_mldsa44(SignatureScheme.DRAFT_mldsa44, "ML-DSA-44", "ML-DSA-44"),
76+
DRAFT_mldsa65(SignatureScheme.DRAFT_mldsa65, "ML-DSA-65", "ML-DSA-65"),
77+
DRAFT_mldsa87(SignatureScheme.DRAFT_mldsa87, "ML-DSA-87", "ML-DSA-87"),
7878

7979
/*
8080
* Legacy/Historical: mostly not supported in 1.3, except ecdsa_sha1 and rsa_pkcs1_sha1 are

tls/src/main/java/org/bouncycastle/tls/SignatureAlgorithm.java

Lines changed: 92 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -41,13 +41,30 @@ public class SignatureAlgorithm
4141
public static final short gostr34102012_512 = 65;
4242

4343
/*
44-
* couldn't-find-a-draft-for-dilithium-r3-used-for-x9.164
44+
* custom values to link mldsa
4545
*/
4646
public static final short falcon_512 = 12;
4747
public static final short falcon_1024 = 13;
48-
public static final short dilithiumr3_2 = 0xD0;
49-
public static final short dilithiumr3_3 = 0xD1;
50-
public static final short dilithiumr3_5 = 0xD2;
48+
public static final short custom_mldsa44 = 0x94;
49+
public static final short custom_mldsa65 = 0x95;
50+
public static final short custom_mldsa87 = 0x96;
51+
52+
public static final short custom_mldsa44_ecdsa_secp256r1_sha256 = 0x97;
53+
public static final short custom_mldsa65_ecdsa_secp384r1_sha384 = 0x98;
54+
public static final short custom_mldsa87_ecdsa_secp521r1_sha51 = 0x99;
55+
public static final short custom_mldsa44_ed25519 = 0x9A;
56+
public static final short custom_mldsa65_ed25519 = 0x9B;
57+
public static final short custom_mldsa44_rsa2048_pkcs1_sha256 = 0x9C;
58+
public static final short custom_mldsa65_rsa3072_pkcs1_sha256 = 0x9D;
59+
public static final short custom_mldsa65_rsa4096_pkcs1_sha384 = 0x9E;
60+
public static final short custom_mldsa44_rsa2048_pss_pss_sha256 = 0x9F;
61+
public static final short custom_mldsa65_rsa3072_pss_pss_sha256 = 0xA0;
62+
public static final short custom_mldsa65_rsa4096_pss_pss_sha384 = 0xA1;
63+
public static final short custom_mldsa87_ed448 = 0xA2;
64+
65+
// public static final short id_ml_dsa_44 = 0xD0;
66+
// public static final short id_ml_dsa_65 = 0xD1;
67+
// public static final short id_ml_dsa_87 = 0xD2;
5168

5269
public static short getClientCertificateType(short signatureAlgorithm)
5370
{
@@ -85,6 +102,71 @@ public static short getClientCertificateType(short signatureAlgorithm)
85102
}
86103
}
87104

105+
106+
107+
public static int getSignatureScheme(short signatureAlgorithm)
108+
{
109+
switch (signatureAlgorithm)
110+
{
111+
case custom_mldsa44:
112+
return SignatureScheme.DRAFT_mldsa44;
113+
case custom_mldsa44_ecdsa_secp256r1_sha256:
114+
return SignatureScheme.mldsa44_ecdsa_secp256r1_sha256;
115+
case custom_mldsa44_ed25519:
116+
return SignatureScheme.mldsa44_ed25519;
117+
case custom_mldsa44_rsa2048_pkcs1_sha256:
118+
return SignatureScheme.mldsa44_rsa2048_pkcs1_sha256;
119+
case custom_mldsa44_rsa2048_pss_pss_sha256:
120+
return SignatureScheme.mldsa44_rsa2048_pss_pss_sha256;
121+
case custom_mldsa65:
122+
return SignatureScheme.DRAFT_mldsa65;
123+
case custom_mldsa65_ecdsa_secp384r1_sha384:
124+
return SignatureScheme.mldsa65_ecdsa_secp384r1_sha384;
125+
case custom_mldsa65_ed25519:
126+
return SignatureScheme.mldsa65_ed25519;
127+
case custom_mldsa65_rsa3072_pkcs1_sha256:
128+
return SignatureScheme.mldsa65_rsa3072_pkcs1_sha256;
129+
case custom_mldsa65_rsa4096_pkcs1_sha384:
130+
return SignatureScheme.mldsa65_rsa4096_pkcs1_sha384;
131+
case custom_mldsa65_rsa3072_pss_pss_sha256:
132+
return SignatureScheme.mldsa65_rsa3072_pss_pss_sha256;
133+
case custom_mldsa65_rsa4096_pss_pss_sha384:
134+
return SignatureScheme.mldsa65_rsa4096_pss_pss_sha384;
135+
case custom_mldsa87:
136+
return SignatureScheme.DRAFT_mldsa87;
137+
case custom_mldsa87_ecdsa_secp521r1_sha51:
138+
return SignatureScheme.mldsa87_ecdsa_secp521r1_sha51;
139+
case custom_mldsa87_ed448:
140+
return SignatureScheme.mldsa87_ed448;
141+
default:
142+
return -1;
143+
}
144+
}
145+
public static boolean isMLDSA(short signatureAlgorithm)
146+
{
147+
switch (signatureAlgorithm)
148+
{
149+
case custom_mldsa44:
150+
case custom_mldsa65:
151+
case custom_mldsa87:
152+
case custom_mldsa44_ecdsa_secp256r1_sha256:
153+
case custom_mldsa65_ecdsa_secp384r1_sha384:
154+
case custom_mldsa87_ecdsa_secp521r1_sha51:
155+
case custom_mldsa44_ed25519:
156+
case custom_mldsa65_ed25519:
157+
case custom_mldsa44_rsa2048_pkcs1_sha256:
158+
case custom_mldsa65_rsa3072_pkcs1_sha256:
159+
case custom_mldsa65_rsa4096_pkcs1_sha384:
160+
case custom_mldsa44_rsa2048_pss_pss_sha256:
161+
case custom_mldsa65_rsa3072_pss_pss_sha256:
162+
case custom_mldsa65_rsa4096_pss_pss_sha384:
163+
case custom_mldsa87_ed448:
164+
return true;
165+
default:
166+
return false;
167+
}
168+
}
169+
88170
public static String getName(short signatureAlgorithm)
89171
{
90172
switch (signatureAlgorithm)
@@ -123,6 +205,12 @@ public static String getName(short signatureAlgorithm)
123205
return "gostr34102012_256";
124206
case gostr34102012_512:
125207
return "gostr34102012_512";
208+
case custom_mldsa44:
209+
return "DRAFT_mldsa44";
210+
case custom_mldsa65:
211+
return "DRAFT_mldsa65";
212+
case custom_mldsa87:
213+
return "DRAFT_mldsa87";
126214
default:
127215
return "UNKNOWN";
128216
}

tls/src/main/java/org/bouncycastle/tls/SignatureAndHashAlgorithm.java

Lines changed: 70 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -20,27 +20,38 @@ public class SignatureAndHashAlgorithm
2020
public static final SignatureAndHashAlgorithm ed448 =
2121
create(SignatureScheme.ed448);
2222

23-
public static final SignatureAndHashAlgorithm dilithiumr3_2 =
24-
create(SignatureScheme.dilithiumr3_2);
25-
public static final SignatureAndHashAlgorithm dilithiumr3_3 =
26-
create(SignatureScheme.dilithiumr3_3);
27-
public static final SignatureAndHashAlgorithm dilithiumr3_5 =
28-
create(SignatureScheme.dilithiumr3_5);
29-
30-
public static final SignatureAndHashAlgorithm falcon_512 =
31-
create(SignatureScheme.falcon_512);
32-
public static final SignatureAndHashAlgorithm falcon_1024 =
33-
create(SignatureScheme.falcon_1024);
34-
35-
//TODO[x9146]: make an alt signature here and have hyrbids no relay on other methods to figure out alt signature!
36-
public static final SignatureAndHashAlgorithm hybrid_p256_dilithiumr3_2 = create(SignatureScheme.hybrid_p256_dilithiumr3_2);
37-
public static final SignatureAndHashAlgorithm hybrid_rsa3072_dilithiumr3_2 = create(SignatureScheme.hybrid_rsa3072_dilithiumr3_2);
38-
public static final SignatureAndHashAlgorithm hybrid_p384_dilithiumr3_3 = create(SignatureScheme.hybrid_p384_dilithiumr3_3);
39-
public static final SignatureAndHashAlgorithm hybrid_p521_dilithiumr3_5 = create(SignatureScheme.hybrid_p521_dilithiumr3_5);
40-
41-
public static final SignatureAndHashAlgorithm hybrid_p256_falcon_512 = create(SignatureScheme.hybrid_p256_falcon_512);
42-
public static final SignatureAndHashAlgorithm hybrid_rsa3072_falcon_512 = create(SignatureScheme.hybrid_rsa3072_falcon_512);
43-
public static final SignatureAndHashAlgorithm hybrid_p521_falcon_1024 = create(SignatureScheme.hybrid_p521_falcon_1024);
23+
//TODO[x9145]: add falcon
24+
public static final SignatureAndHashAlgorithm DRAFT_mldsa44 =
25+
create(SignatureScheme.DRAFT_mldsa44);
26+
public static final SignatureAndHashAlgorithm DRAFT_mldsa65 =
27+
create(SignatureScheme.DRAFT_mldsa65);
28+
public static final SignatureAndHashAlgorithm DRAFT_mldsa87 =
29+
create(SignatureScheme.DRAFT_mldsa87);
30+
public static final SignatureAndHashAlgorithm mldsa44_ecdsa_secp256r1_sha256 =
31+
create(SignatureScheme.mldsa44_ecdsa_secp256r1_sha256);
32+
public static final SignatureAndHashAlgorithm mldsa65_ecdsa_secp384r1_sha384 =
33+
create(SignatureScheme.mldsa65_ecdsa_secp384r1_sha384);
34+
public static final SignatureAndHashAlgorithm mldsa87_ecdsa_secp521r1_sha51 =
35+
create(SignatureScheme.mldsa87_ecdsa_secp521r1_sha51);
36+
public static final SignatureAndHashAlgorithm mldsa44_ed25519 =
37+
create(SignatureScheme.mldsa44_ed25519);
38+
public static final SignatureAndHashAlgorithm mldsa65_ed25519 =
39+
create(SignatureScheme.mldsa65_ed25519);
40+
public static final SignatureAndHashAlgorithm mldsa44_rsa2048_pkcs1_sha256 =
41+
create(SignatureScheme.mldsa44_rsa2048_pkcs1_sha256);
42+
public static final SignatureAndHashAlgorithm mldsa65_rsa3072_pkcs1_sha256 =
43+
create(SignatureScheme.mldsa65_rsa3072_pkcs1_sha256);
44+
public static final SignatureAndHashAlgorithm mldsa65_rsa4096_pkcs1_sha384 =
45+
create(SignatureScheme.mldsa65_rsa4096_pkcs1_sha384);
46+
public static final SignatureAndHashAlgorithm mldsa44_rsa2048_pss_pss_sha256 =
47+
create(SignatureScheme.mldsa44_rsa2048_pss_pss_sha256);
48+
public static final SignatureAndHashAlgorithm mldsa65_rsa3072_pss_pss_sha256 =
49+
create(SignatureScheme.mldsa65_rsa3072_pss_pss_sha256);
50+
public static final SignatureAndHashAlgorithm mldsa65_rsa4096_pss_pss_sha384 =
51+
create(SignatureScheme.mldsa65_rsa4096_pss_pss_sha384);
52+
public static final SignatureAndHashAlgorithm mldsa87_ed448 =
53+
create(SignatureScheme.mldsa87_ed448);
54+
4455
public static final SignatureAndHashAlgorithm gostr34102012_256 =
4556
create(HashAlgorithm.Intrinsic, SignatureAlgorithm.gostr34102012_256);
4657
public static final SignatureAndHashAlgorithm gostr34102012_512 =
@@ -58,19 +69,20 @@ public class SignatureAndHashAlgorithm
5869
public static final SignatureAndHashAlgorithm rsa_pss_pss_sha512 =
5970
create(SignatureScheme.rsa_pss_pss_sha512);
6071

72+
//TODO[x9145]: No hash algorithm, find another way
6173
public static SignatureAndHashAlgorithm getHybrid(SignatureAndHashAlgorithm nativeAlg, SignatureAndHashAlgorithm altAlg)
6274
{
63-
if (nativeAlg.equals(create(SignatureScheme.ecdsa_secp256r1_sha256)) && altAlg.equals(dilithiumr3_2))
75+
if (nativeAlg.equals(create(SignatureScheme.ecdsa_secp256r1_sha256)) && altAlg.equals(SignatureAndHashAlgorithm.getInstanceIntrinsic(SignatureAlgorithm.custom_mldsa44)))
6476
{
65-
return hybrid_p256_dilithiumr3_2;
77+
return SignatureAndHashAlgorithm.mldsa44_ecdsa_secp256r1_sha256;
6678
}
67-
if (nativeAlg.equals(create(SignatureScheme.ecdsa_secp384r1_sha384)) && altAlg.equals(dilithiumr3_3))
79+
if (nativeAlg.equals(create(SignatureScheme.ecdsa_secp384r1_sha384)) && altAlg.equals(SignatureAndHashAlgorithm.getInstanceIntrinsic(SignatureAlgorithm.custom_mldsa65)))
6880
{
69-
return hybrid_p384_dilithiumr3_3;
81+
return SignatureAndHashAlgorithm.mldsa65_ecdsa_secp384r1_sha384;
7082
}
71-
if (nativeAlg.equals(create(SignatureScheme.ecdsa_secp521r1_sha512)) && altAlg.equals(dilithiumr3_5))
83+
if (nativeAlg.equals(create(SignatureScheme.ecdsa_secp521r1_sha512)) && altAlg.equals(SignatureAndHashAlgorithm.getInstanceIntrinsic(SignatureAlgorithm.custom_mldsa87)))
7284
{
73-
return hybrid_p521_dilithiumr3_5;
85+
return SignatureAndHashAlgorithm.mldsa87_ecdsa_secp521r1_sha51;
7486
}
7587
return null;
7688
}
@@ -115,16 +127,37 @@ private static SignatureAndHashAlgorithm getInstanceIntrinsic(short signatureAlg
115127
return ecdsa_brainpoolP384r1tls13_sha384;
116128
case SignatureAlgorithm.ecdsa_brainpoolP512r1tls13_sha512:
117129
return ecdsa_brainpoolP512r1tls13_sha512;
118-
case SignatureAlgorithm.falcon_512:
119-
return falcon_512;
120-
case SignatureAlgorithm.falcon_1024:
121-
return falcon_1024;
122-
case SignatureAlgorithm.dilithiumr3_2:
123-
return dilithiumr3_2;
124-
case SignatureAlgorithm.dilithiumr3_3:
125-
return dilithiumr3_3;
126-
case SignatureAlgorithm.dilithiumr3_5:
127-
return dilithiumr3_5;
130+
case SignatureAlgorithm.custom_mldsa44:
131+
return DRAFT_mldsa44;
132+
case SignatureAlgorithm.custom_mldsa65:
133+
return DRAFT_mldsa65;
134+
case SignatureAlgorithm.custom_mldsa87:
135+
return DRAFT_mldsa87;
136+
case SignatureAlgorithm.custom_mldsa44_ecdsa_secp256r1_sha256:
137+
return mldsa44_ecdsa_secp256r1_sha256;
138+
case SignatureAlgorithm.custom_mldsa65_ecdsa_secp384r1_sha384:
139+
return mldsa65_ecdsa_secp384r1_sha384;
140+
case SignatureAlgorithm.custom_mldsa87_ecdsa_secp521r1_sha51:
141+
return mldsa87_ecdsa_secp521r1_sha51;
142+
case SignatureAlgorithm.custom_mldsa44_ed25519:
143+
return mldsa44_ed25519;
144+
case SignatureAlgorithm.custom_mldsa65_ed25519:
145+
return mldsa65_ed25519;
146+
case SignatureAlgorithm.custom_mldsa44_rsa2048_pkcs1_sha256:
147+
return mldsa44_rsa2048_pkcs1_sha256;
148+
case SignatureAlgorithm.custom_mldsa65_rsa3072_pkcs1_sha256:
149+
return mldsa65_rsa3072_pkcs1_sha256;
150+
case SignatureAlgorithm.custom_mldsa65_rsa4096_pkcs1_sha384:
151+
return mldsa65_rsa4096_pkcs1_sha384;
152+
case SignatureAlgorithm.custom_mldsa44_rsa2048_pss_pss_sha256:
153+
return mldsa44_rsa2048_pss_pss_sha256;
154+
case SignatureAlgorithm.custom_mldsa65_rsa3072_pss_pss_sha256:
155+
return mldsa65_rsa3072_pss_pss_sha256;
156+
case SignatureAlgorithm.custom_mldsa65_rsa4096_pss_pss_sha384:
157+
return mldsa65_rsa4096_pss_pss_sha384;
158+
case SignatureAlgorithm.custom_mldsa87_ed448:
159+
return mldsa87_ed448;
160+
//TODO[x9146]: add falcon
128161
default:
129162
return create(HashAlgorithm.Intrinsic, signatureAlgorithm);
130163
}

0 commit comments

Comments
 (0)