Updated tls and fixed x9146 bugs. Updated codepoints

Author: royb

mls/build.gradle

@@ -43,6 +43,7 @@ dependencies {
     implementation(files("../test/libs/grpc-protobuf-lite-1.58.0.jar"))
     implementation(files("../test/libs/failureaccess-1.0.1.jar"))
     implementation(files("../test/libs/grpc-protobuf-1.58.0.jar"))
+    implementation project(':core')
 
     //Compile
     compileOnly(files("../test/libs/grpc-services-1.58.0.jar"))

pkix/build.gradle

@@ -18,6 +18,7 @@ dependencies {
 
     implementation project(':prov')
     implementation project(':util')
+    implementation project(':core')
 
     java9Implementation project(':prov')
     java9Implementation project(':util')

tls/build.gradle

@@ -49,6 +49,7 @@ dependencies {
     implementation project(':prov')
     implementation project(':util')
     implementation project(':pkix')
+    implementation project(':core')
 
     java9Implementation project(':prov')
     java9Implementation project(':util')

tls/src/main/java/org/bouncycastle/tls/SignatureAlgorithm.java

@@ -40,31 +40,6 @@ public class SignatureAlgorithm
     public static final short gostr34102012_256 = 64;
     public static final short gostr34102012_512 = 65;
 
-    /*
-     * custom values to link mldsa
-     */
-    public static final short falcon_512 = 12;
-    public static final short falcon_1024 = 13;
-    public static final short custom_mldsa44 = 0x94;
-    public static final short custom_mldsa65 = 0x95;
-    public static final short custom_mldsa87 = 0x96;
-
-    public static final short custom_mldsa44_ecdsa_secp256r1_sha256 = 0x97;
-    public static final short custom_mldsa65_ecdsa_secp384r1_sha384 = 0x98;
-    public static final short custom_mldsa87_ecdsa_secp521r1_sha51 = 0x99;
-    public static final short custom_mldsa44_ed25519 = 0x9A;
-    public static final short custom_mldsa65_ed25519 = 0x9B;
-    public static final short custom_mldsa44_rsa2048_pkcs1_sha256 = 0x9C;
-    public static final short custom_mldsa65_rsa3072_pkcs1_sha256 = 0x9D;
-    public static final short custom_mldsa65_rsa4096_pkcs1_sha384 = 0x9E;
-    public static final short custom_mldsa44_rsa2048_pss_pss_sha256 = 0x9F;
-    public static final short custom_mldsa65_rsa3072_pss_pss_sha256 = 0xA0;
-    public static final short custom_mldsa65_rsa4096_pss_pss_sha384 = 0xA1;
-    public static final short custom_mldsa87_ed448 = 0xA2;
-
-//    public static final short id_ml_dsa_44 = 0xD0;
-//    public static final short id_ml_dsa_65 = 0xD1;
-//    public static final short id_ml_dsa_87 = 0xD2;
 
     public static short getClientCertificateType(short signatureAlgorithm)
     {
@@ -93,80 +68,12 @@ public static short getClientCertificateType(short signatureAlgorithm)
         case SignatureAlgorithm.gostr34102012_512:
             return ClientCertificateType.gost_sign512;
 
-//        case SignatureAlgorithm.dilithiumr3_2:
-//        case SignatureAlgorithm.dilithiumr3_3:
-//        case SignatureAlgorithm.dilithiumr3_5:
-
         default:
             return -1;
         }
     }
 
 
-
-    public static int getSignatureScheme(short signatureAlgorithm)
-    {
-        switch (signatureAlgorithm)
-        {
-        case custom_mldsa44:
-            return SignatureScheme.DRAFT_mldsa44;
-        case custom_mldsa44_ecdsa_secp256r1_sha256:
-            return SignatureScheme.mldsa44_ecdsa_secp256r1_sha256;
-        case custom_mldsa44_ed25519:
-            return SignatureScheme.mldsa44_ed25519;
-        case custom_mldsa44_rsa2048_pkcs1_sha256:
-            return SignatureScheme.mldsa44_rsa2048_pkcs1_sha256;
-        case custom_mldsa44_rsa2048_pss_pss_sha256:
-            return SignatureScheme.mldsa44_rsa2048_pss_pss_sha256;
-        case custom_mldsa65:
-            return SignatureScheme.DRAFT_mldsa65;
-        case custom_mldsa65_ecdsa_secp384r1_sha384:
-            return SignatureScheme.mldsa65_ecdsa_secp384r1_sha384;
-        case custom_mldsa65_ed25519:
-            return SignatureScheme.mldsa65_ed25519;
-        case custom_mldsa65_rsa3072_pkcs1_sha256:
-            return SignatureScheme.mldsa65_rsa3072_pkcs1_sha256;
-        case custom_mldsa65_rsa4096_pkcs1_sha384:
-            return SignatureScheme.mldsa65_rsa4096_pkcs1_sha384;
-        case custom_mldsa65_rsa3072_pss_pss_sha256:
-            return SignatureScheme.mldsa65_rsa3072_pss_pss_sha256;
-        case custom_mldsa65_rsa4096_pss_pss_sha384:
-            return SignatureScheme.mldsa65_rsa4096_pss_pss_sha384;
-        case custom_mldsa87:
-            return SignatureScheme.DRAFT_mldsa87;
-        case custom_mldsa87_ecdsa_secp521r1_sha51:
-            return SignatureScheme.mldsa87_ecdsa_secp521r1_sha51;
-        case custom_mldsa87_ed448:
-            return SignatureScheme.mldsa87_ed448;
-        default:
-            return -1;
-        }
-    }
-    public static boolean isMLDSA(short signatureAlgorithm)
-    {
-        switch (signatureAlgorithm)
-        {
-        case custom_mldsa44:
-        case custom_mldsa65:
-        case custom_mldsa87:
-        case custom_mldsa44_ecdsa_secp256r1_sha256:
-        case custom_mldsa65_ecdsa_secp384r1_sha384:
-        case custom_mldsa87_ecdsa_secp521r1_sha51:
-        case custom_mldsa44_ed25519:
-        case custom_mldsa65_ed25519:
-        case custom_mldsa44_rsa2048_pkcs1_sha256:
-        case custom_mldsa65_rsa3072_pkcs1_sha256:
-        case custom_mldsa65_rsa4096_pkcs1_sha384:
-        case custom_mldsa44_rsa2048_pss_pss_sha256:
-        case custom_mldsa65_rsa3072_pss_pss_sha256:
-        case custom_mldsa65_rsa4096_pss_pss_sha384:
-        case custom_mldsa87_ed448:
-                return true;
-        default:
-            return false;
-        }
-    }
-
     public static String getName(short signatureAlgorithm)
     {
         switch (signatureAlgorithm)
@@ -205,12 +112,6 @@ public static String getName(short signatureAlgorithm)
             return "gostr34102012_256";
         case gostr34102012_512:
             return "gostr34102012_512";
-        case custom_mldsa44:
-            return "DRAFT_mldsa44";
-        case custom_mldsa65:
-            return "DRAFT_mldsa65";
-        case custom_mldsa87:
-            return "DRAFT_mldsa87";
         default:
             return "UNKNOWN";
         }

tls/src/main/java/org/bouncycastle/tls/SignatureAndHashAlgorithm.java

@@ -21,6 +21,24 @@ public class SignatureAndHashAlgorithm
         create(SignatureScheme.ed448);
 
     //TODO[x9145]: add falcon
+    public static final SignatureAndHashAlgorithm OQS_CODEPOINT_P256_MLDSA44 =
+            create(SignatureScheme.OQS_CODEPOINT_P256_MLDSA44);
+    public static final SignatureAndHashAlgorithm OQS_CODEPOINT_RSA3072_MLDSA44 =
+            create(SignatureScheme.OQS_CODEPOINT_RSA3072_MLDSA44);
+    public static final SignatureAndHashAlgorithm OQS_CODEPOINT_P384_MLDSA65 =
+            create(SignatureScheme.OQS_CODEPOINT_P384_MLDSA65);
+    public static final SignatureAndHashAlgorithm OQS_CODEPOINT_P521_MLDSA87 =
+            create(SignatureScheme.OQS_CODEPOINT_P521_MLDSA87);
+    public static final SignatureAndHashAlgorithm WOLFSSL_HYBRID_P256_MLDSA_LEVEL2 =
+            create(SignatureScheme.WOLFSSL_HYBRID_P256_MLDSA_LEVEL2);
+    public static final SignatureAndHashAlgorithm WOLFSSL_HYBRID_RSA3072_MLDSA_LEVEL2 =
+            create(SignatureScheme.WOLFSSL_HYBRID_RSA3072_MLDSA_LEVEL2);
+    public static final SignatureAndHashAlgorithm WOLFSSL_HYBRID_P384_MLDSA_LEVEL3 =
+            create(SignatureScheme.WOLFSSL_HYBRID_P384_MLDSA_LEVEL3);
+    public static final SignatureAndHashAlgorithm WOLFSSL_HYBRID_P521_MLDSA_LEVEL5 =
+            create(SignatureScheme.WOLFSSL_HYBRID_P521_MLDSA_LEVEL5);
+
+
     public static final SignatureAndHashAlgorithm DRAFT_mldsa44 =
         create(SignatureScheme.DRAFT_mldsa44);
     public static final SignatureAndHashAlgorithm DRAFT_mldsa65 =
@@ -72,17 +90,17 @@ public class SignatureAndHashAlgorithm
 //TODO[x9145]: No hash algorithm, find another way
     public static SignatureAndHashAlgorithm getHybrid(SignatureAndHashAlgorithm nativeAlg, SignatureAndHashAlgorithm altAlg)
     {
-        if (nativeAlg.equals(create(SignatureScheme.ecdsa_secp256r1_sha256)) && altAlg.equals(SignatureAndHashAlgorithm.getInstanceIntrinsic(SignatureAlgorithm.custom_mldsa44)))
+        if (nativeAlg.equals(create(SignatureScheme.ecdsa_secp256r1_sha256)) && altAlg.equals(SignatureAndHashAlgorithm.DRAFT_mldsa44))
         {
-            return SignatureAndHashAlgorithm.mldsa44_ecdsa_secp256r1_sha256;
+            return SignatureAndHashAlgorithm.WOLFSSL_HYBRID_P256_MLDSA_LEVEL2;
         }
-        if (nativeAlg.equals(create(SignatureScheme.ecdsa_secp384r1_sha384)) && altAlg.equals(SignatureAndHashAlgorithm.getInstanceIntrinsic(SignatureAlgorithm.custom_mldsa65)))
+        if (nativeAlg.equals(create(SignatureScheme.ecdsa_secp384r1_sha384)) && altAlg.equals(SignatureAndHashAlgorithm.DRAFT_mldsa65))
         {
-            return SignatureAndHashAlgorithm.mldsa65_ecdsa_secp384r1_sha384;
+            return SignatureAndHashAlgorithm.WOLFSSL_HYBRID_P384_MLDSA_LEVEL3;
         }
-        if (nativeAlg.equals(create(SignatureScheme.ecdsa_secp521r1_sha512)) && altAlg.equals(SignatureAndHashAlgorithm.getInstanceIntrinsic(SignatureAlgorithm.custom_mldsa87)))
+        if (nativeAlg.equals(create(SignatureScheme.ecdsa_secp521r1_sha512)) && altAlg.equals(SignatureAndHashAlgorithm.DRAFT_mldsa87))
         {
-            return SignatureAndHashAlgorithm.mldsa87_ecdsa_secp521r1_sha51;
+            return SignatureAndHashAlgorithm.WOLFSSL_HYBRID_P521_MLDSA_LEVEL5;
         }
         return null;
     }
@@ -127,36 +145,6 @@ private static SignatureAndHashAlgorithm getInstanceIntrinsic(short signatureAlg
             return ecdsa_brainpoolP384r1tls13_sha384;
         case SignatureAlgorithm.ecdsa_brainpoolP512r1tls13_sha512:
             return ecdsa_brainpoolP512r1tls13_sha512;
-        case SignatureAlgorithm.custom_mldsa44:
-            return DRAFT_mldsa44;
-        case SignatureAlgorithm.custom_mldsa65:
-            return DRAFT_mldsa65;
-        case SignatureAlgorithm.custom_mldsa87:
-            return DRAFT_mldsa87;
-        case SignatureAlgorithm.custom_mldsa44_ecdsa_secp256r1_sha256:
-            return mldsa44_ecdsa_secp256r1_sha256;
-        case SignatureAlgorithm.custom_mldsa65_ecdsa_secp384r1_sha384:
-            return mldsa65_ecdsa_secp384r1_sha384;
-        case SignatureAlgorithm.custom_mldsa87_ecdsa_secp521r1_sha51:
-            return mldsa87_ecdsa_secp521r1_sha51;
-        case SignatureAlgorithm.custom_mldsa44_ed25519:
-            return mldsa44_ed25519;
-        case SignatureAlgorithm.custom_mldsa65_ed25519:
-            return mldsa65_ed25519;
-        case SignatureAlgorithm.custom_mldsa44_rsa2048_pkcs1_sha256:
-            return mldsa44_rsa2048_pkcs1_sha256;
-        case SignatureAlgorithm.custom_mldsa65_rsa3072_pkcs1_sha256:
-            return mldsa65_rsa3072_pkcs1_sha256;
-        case SignatureAlgorithm.custom_mldsa65_rsa4096_pkcs1_sha384:
-            return mldsa65_rsa4096_pkcs1_sha384;
-        case SignatureAlgorithm.custom_mldsa44_rsa2048_pss_pss_sha256:
-            return mldsa44_rsa2048_pss_pss_sha256;
-        case SignatureAlgorithm.custom_mldsa65_rsa3072_pss_pss_sha256:
-            return mldsa65_rsa3072_pss_pss_sha256;
-        case SignatureAlgorithm.custom_mldsa65_rsa4096_pss_pss_sha384:
-            return mldsa65_rsa4096_pss_pss_sha384;
-        case SignatureAlgorithm.custom_mldsa87_ed448:
-            return mldsa87_ed448;
         //TODO[x9146]: add falcon
         default:
             return create(HashAlgorithm.Intrinsic, signatureAlgorithm);

tls/src/main/java/org/bouncycastle/tls/SignatureScheme.java

@@ -53,6 +53,23 @@ public class SignatureScheme
     public static final int DRAFT_mldsa87 = 0x0906;
 
 
+    /*
+     * LIB OQS CODEPOINTS FOR WOLFSSL
+     */
+    public static final int OQS_CODEPOINT_P256_MLDSA44 = 0xff06;
+    public static final int OQS_CODEPOINT_RSA3072_MLDSA44 = 0xff07;
+    public static final int OQS_CODEPOINT_P384_MLDSA65 = 0xff08;
+    public static final int OQS_CODEPOINT_P521_MLDSA87 = 0xff09;
+
+    /*
+     * wolf ssl hybrid codepoints
+     */
+
+    public static final int WOLFSSL_HYBRID_P256_MLDSA_LEVEL2    = 0xFEA1;
+    public static final int WOLFSSL_HYBRID_RSA3072_MLDSA_LEVEL2 = 0xFEA2;
+    public static final int WOLFSSL_HYBRID_P384_MLDSA_LEVEL3    = 0xFEA4;
+    public static final int WOLFSSL_HYBRID_P521_MLDSA_LEVEL5    = 0xFEA6;
+
     /*
      * draft-reddy-tls-composite-mldsa-01
      */
@@ -106,11 +123,6 @@ public static int from(SignatureAndHashAlgorithm sigAndHashAlg)
             throw new NullPointerException();
         }
 
-        if (SignatureAlgorithm.isMLDSA(sigAndHashAlg.getSignature()))
-        {
-            return SignatureAlgorithm.getSignatureScheme(sigAndHashAlg.getSignature());
-        }
-
         return from(sigAndHashAlg.getHash(), sigAndHashAlg.getSignature());
     }
 
@@ -263,23 +275,13 @@ public static int getRSAPSSCryptoHashAlgorithm(int signatureScheme)
 
     public static short getHashAlgorithm(int signatureScheme)
     {
-        if(isMLDSA(signatureScheme))
-        {
-            return HashAlgorithm.Intrinsic;
-        }
-
         return (short)((signatureScheme >>> 8) & 0xFF);
     }
 
     public static short getSignatureAlgorithm(int signatureScheme)
     {
         // TODO[RFC 8998] sm2sig_sm3
 
-        if(isMLDSA(signatureScheme))
-        {
-            signatureScheme = getMLDSASignatureAlgorithm(signatureScheme);
-        }
-
         return (short)(signatureScheme & 0xFF);
     }
 
@@ -313,46 +315,6 @@ public static boolean isECDSA(int signatureScheme)
         }
     }
 
-    public static short getMLDSASignatureAlgorithm(int signatureScheme)
-    {
-        switch (signatureScheme)
-        {
-            case SignatureScheme.DRAFT_mldsa44:
-                return SignatureAlgorithm.custom_mldsa44;
-            case mldsa44_ecdsa_secp256r1_sha256:
-                return SignatureAlgorithm.custom_mldsa44_ecdsa_secp256r1_sha256;
-            case mldsa44_ed25519:
-                return SignatureAlgorithm.custom_mldsa44_ed25519;
-            case mldsa44_rsa2048_pkcs1_sha256:
-                return SignatureAlgorithm.custom_mldsa44_rsa2048_pkcs1_sha256;
-            case mldsa44_rsa2048_pss_pss_sha256:
-                return SignatureAlgorithm.custom_mldsa44_rsa2048_pss_pss_sha256;
-
-            case SignatureScheme.DRAFT_mldsa65:
-                return SignatureAlgorithm.custom_mldsa65;
-            case mldsa65_ecdsa_secp384r1_sha384:
-                return SignatureAlgorithm.custom_mldsa65_ecdsa_secp384r1_sha384;
-            case mldsa65_ed25519:
-                return SignatureAlgorithm.custom_mldsa65_ed25519;
-            case mldsa65_rsa3072_pkcs1_sha256:
-                return SignatureAlgorithm.custom_mldsa65_rsa3072_pkcs1_sha256;
-            case mldsa65_rsa4096_pkcs1_sha384:
-                return SignatureAlgorithm.custom_mldsa65_rsa4096_pkcs1_sha384;
-            case mldsa65_rsa3072_pss_pss_sha256:
-                return SignatureAlgorithm.custom_mldsa65_rsa3072_pss_pss_sha256;
-            case mldsa65_rsa4096_pss_pss_sha384:
-                return SignatureAlgorithm.custom_mldsa65_rsa4096_pss_pss_sha384;
-            case SignatureScheme.DRAFT_mldsa87:
-                return SignatureAlgorithm.custom_mldsa87;
-            case mldsa87_ecdsa_secp521r1_sha51:
-                return SignatureAlgorithm.custom_mldsa87_ecdsa_secp521r1_sha51;
-            case mldsa87_ed448:
-                return SignatureAlgorithm.custom_mldsa87_ed448;
-            default:
-                return -1;
-        }
-    }
-
     public static boolean isMLDSA(int signatureScheme)
     {
         switch (signatureScheme)

tls/src/main/java/org/bouncycastle/tls/TlsExtensionsUtils.java

@@ -562,6 +562,12 @@ public static int[] getHybridSchemeList(Hashtable extensions) throws IOException
         byte[] extensionData = TlsUtils.getExtensionData(extensions, EXT_hybrid_scheme_list);
         return extensionData == null ? null : readHybridSchemeList(extensionData);
     }
+
+    public static boolean hasCertificationKeySelections(Hashtable extensions) throws IOException
+    {
+        byte[] extensionData = TlsUtils.getExtensionData(extensions, EXT_certificate_key_selection);
+        return extensionData != null;
+    }
     public static boolean hasClientCertificateURLExtension(Hashtable extensions) throws IOException
     {
         byte[] extensionData = TlsUtils.getExtensionData(extensions, EXT_client_certificate_url);

tls/src/main/java/org/bouncycastle/tls/TlsServerProtocol.java

@@ -426,12 +426,14 @@ else if (NamedGroup.refersToASpecificKem(namedGroup))
 
         TlsUtils.establish13PhaseSecrets(tlsServerContext, pskEarlySecret, sharedSecret);
 
-        // X9.146 Add CKS extension
+        // X9.146 Add CKS extension to serverHelloExt
         short cksCode = TlsExtensionsUtils.getCertificationKeySelection(clientHelloExtensions);
-        if (cksCode != 0)
-        {
-            TlsExtensionsUtils.addCertificationKeySelection(serverHelloExtensions, cksCode);
-        }
+        //TODO[x9147]: This throws an error for wolfssl client!
+//        if (cksCode != 0)
+//        {
+//            TlsExtensionsUtils.addCertificationKeySelection(serverHelloExtensions, cksCode);
+//            TlsExtensionsUtils.addCertificationKeySelections(serverHelloExtensions, new byte[] {3, 2, 1});
+//        }
 
         this.serverExtensions = serverEncryptedExtensions;
 

tls/src/main/java/org/bouncycastle/tls/TlsUtils.java

@@ -133,9 +133,10 @@ private static Hashtable createCertSigAlgOIDs()
         addCertSigAlgOID(h, EdECObjectIdentifiers.id_Ed25519, SignatureAndHashAlgorithm.ed25519);
         addCertSigAlgOID(h, EdECObjectIdentifiers.id_Ed448, SignatureAndHashAlgorithm.ed448);
 
-        addCertSigAlgOID(h, NISTObjectIdentifiers.id_ml_dsa_44, HashAlgorithm.Intrinsic, SignatureAlgorithm.custom_mldsa44);
-        addCertSigAlgOID(h, NISTObjectIdentifiers.id_ml_dsa_65, HashAlgorithm.Intrinsic, SignatureAlgorithm.custom_mldsa65);
-        addCertSigAlgOID(h, NISTObjectIdentifiers.id_ml_dsa_87, HashAlgorithm.Intrinsic, SignatureAlgorithm.custom_mldsa87);
+        addCertSigAlgOID(h, NISTObjectIdentifiers.id_ml_dsa_44, SignatureAndHashAlgorithm.DRAFT_mldsa44);
+        addCertSigAlgOID(h, NISTObjectIdentifiers.id_ml_dsa_65, SignatureAndHashAlgorithm.DRAFT_mldsa65);
+        addCertSigAlgOID(h, NISTObjectIdentifiers.id_ml_dsa_87, SignatureAndHashAlgorithm.DRAFT_mldsa87);
+
 //        addCertSigAlgOID(h, BCObjectIdentifiers.dilithium3, SignatureAndHashAlgorithm.dilithiumr3_3);
 //        addCertSigAlgOID(h, BCObjectIdentifiers.dilithium5, SignatureAndHashAlgorithm.dilithiumr3_5);
 //