feat(toolkit/certviewer): Add composite ML-DSA (MLDSA65-Ed25519-SHA512) certificate support to certviewer

Signed-off-by: Francesco Rollo <eferollo@gmail.com>

Author: eferollo

toolkit/components/certviewer/content/certDecoder.mjs

@@ -9,6 +9,7 @@ import {
   RSAPublicKey,
   MLDSAPublicKey,
   SLHDSAPublicKey,
+  CompositeMLDSAPublicKey,
 } from "./vendor/pkijs.js";
 
 const getTimeZone = () => {
@@ -67,6 +68,15 @@ const getPublicKeyInfo = x509 => {
       rhoT1: hashify(keyHex),
     };
   }
+  if (publicKey instanceof CompositeMLDSAPublicKey) {
+    let keyHex = publicKey.blob.valueBlock.valueHex;
+    let keyBytes = new Uint8Array(keyHex);
+    return {
+      kty: publicKey.alg,
+      keysize: keyBytes.length,
+      rhoT1: hashify(keyHex),
+    };
+  }
   return { kty: "Unknown" };
 };
 
@@ -1163,6 +1173,7 @@ const strings = {
     "2.16.840.1.101.3.4.3.29": "SLH-DSA-SHAKE-192F",
     "2.16.840.1.101.3.4.3.30": "SLH-DSA-SHAKE-256S",
     "2.16.840.1.101.3.4.3.31": "SLH-DSA-SHAKE-256F",
+    "2.16.840.1.114027.80.9.1.11": "MLDSA65-Ed25519-SHA512",
   },
 
   aia: {

toolkit/components/certviewer/content/certviewer.mjs

@@ -86,6 +86,7 @@ const getSecurityLevel = signatureName => {
     case "ML-DSA-65":
     case "SLH-DSA-SHAKE-192S":
     case "SLH-DSA-SHAKE-192F":
+    case "MLDSA65-Ed25519-SHA512":
       return "Level 3 (NIST)";
     case "ML-DSA-87":
     case "SLH-DSA-SHAKE-256S":
@@ -205,6 +206,11 @@ export const adjustCertInformation = cert => {
             cert.subjectPublicKeyInfo.seedRoot,
             true
           ),
+          createEntryItem(
+            "composite-mldsa-public-value",
+            cert.subjectPublicKeyInfo.blob,
+            true
+          ),
         ].filter(elem => elem != null);
       }
       return items;

toolkit/components/certviewer/content/vendor/pkijs.js

@@ -8757,6 +8757,74 @@ class SLHDSAPublicKey extends PkiObject {
     }
 }
 
+/*
+ * @see https://datatracker.ietf.org/doc/draft-ietf-lamps-pq-composite-sigs/
+ * Here the seriealized public key (mldsaPK, tradPK) is treated as a whole blob.
+ */
+const BLOB = "blob";
+/* ALG is defined above */
+const CLEAR_PROPS_CompositeMLDSA = [BLOB, ALG];
+class CompositeMLDSAPublicKey extends PkiObject {
+    constructor(parameters = {}) {
+        super();
+
+        this.blob = getParametersValue(parameters, BLOB, CompositeMLDSAPublicKey.defaultValues(BLOB));
+        this.alg = getParametersValue(parameters, ALG, CompositeMLDSAPublicKey.defaultValues(ALG));
+
+        if (parameters.json) {
+            this.fromJSON(parameters.json);
+        }
+
+        if (parameters.schema) {
+            this.fromSchema(parameters.schema);
+        }
+    }
+
+    static defaultValues(memberName) {
+        switch (memberName) {
+            case BLOB:
+                return new BitString();
+            case ALG:
+                return "";
+            default:
+                return super.defaultValues(memberName);
+        }
+    }
+
+    static schema(parameters = {}) {
+        const names = getParametersValue(parameters, "names", {});
+        return new BitString({ name: names.blob || BLOB });
+    }
+
+    fromSchema(schema) {
+        clearProps(schema, CLEAR_PROPS_CompositeMLDSA);
+
+        const asn1 = compareSchema(schema, schema, CompositeMLDSAPublicKey.schema({
+            names: { blob: BLOB }
+        }));
+
+        AsnError.assertSchema(asn1, this.className);
+
+        this.blob = asn1.result.blob;
+    }
+
+    toSchema() {
+        return this.blob;
+    }
+
+    toJSON() {
+        return {
+            blob: Convert.ToBase64Url(this.blob.valueBlock.valueHexView),
+            alg: this.alg
+        };
+    }
+
+    fromJSON(json) {
+        ParameterError.assert("json", json, "blob");
+        const rawBuffer = stringToArrayBuffer(fromBase64(json.blob, true));
+        this.blob = new BitString({ valueHex: rawBuffer });
+    }
+}
 
 const ALGORITHM$1 = "algorithm";
 const SUBJECT_PUBLIC_KEY = "subjectPublicKey";
@@ -8842,6 +8910,9 @@ class PublicKeyInfo extends PkiObject {
                     /* Already a bitstring */
                     this._parsedKey = new SLHDSAPublicKey({ seedRoot: this.subjectPublicKey, alg: "SLH-DSA-SHAKE-256F" });
                     break;
+                case "2.16.840.1.114027.80.9.1.11":
+                    this._parsedKey = new CompositeMLDSAPublicKey({ blob: this.subjectPublicKey, alg: "MLDSA65-Ed25519-SHA512" });
+                    break;
             }
             this._parsedKey || (this._parsedKey = null);
         }
@@ -8936,6 +9007,9 @@ class PublicKeyInfo extends PkiObject {
             case "2.16.840.1.101.3.4.3.31":
                 jwk.kty = "SLH-DSA-SHAKE-256F";
                 break;
+            case "2.16.840.1.114027.80.9.1.11":
+                jwk.kty = "MLDSA65-Ed25519-SHA512";
+                break;
         }
         const publicKeyJWK = this.parsedKey.toJSON();
         Object.assign(jwk, publicKeyJWK);
@@ -9021,6 +9095,13 @@ class PublicKeyInfo extends PkiObject {
                         algorithmParams: new Null()
                     });
                     break;
+                case "MLDSA65-Ed25519-SHA512":
+                    this.parsedKey = new CompositeMLDSAPublicKey({ json });
+                    this.algorithm = new AlgorithmIdentifier({
+                        algorithmId: "2.16.840.1.114027.80.9.1.11",
+                        algorithmParams: new Null()
+                    });
+                    break;
                 default:
                     throw new Error(`Invalid value for "kty" parameter: ${json.kty}`);
             }
@@ -24353,4 +24434,4 @@ function initCryptoEngine() {
 
 initCryptoEngine();
 
-export { AbstractCryptoEngine, AccessDescription, Accuracy, AlgorithmIdentifier, AltName, ArgumentError, AsnError, AttCertValidityPeriod, Attribute, AttributeCertificateInfoV1, AttributeCertificateInfoV2, AttributeCertificateV1, AttributeCertificateV2, AttributeTypeAndValue, AuthenticatedSafe, AuthorityKeyIdentifier, BasicConstraints, BasicOCSPResponse, CAVersion, CRLBag, CRLDistributionPoints, CertBag, CertID, Certificate, CertificateChainValidationEngine, CertificatePolicies, CertificateRevocationList, CertificateSet, CertificateTemplate, CertificationRequest, ChainValidationCode, ChainValidationError, ContentInfo, CryptoEngine, DigestInfo, DistributionPoint, ECCCMSSharedInfo, ECNamedCurves, ECPrivateKey, ECPublicKey, EncapsulatedContentInfo, EncryptedContentInfo, EncryptedData, EnvelopedData, ExtKeyUsage, Extension, ExtensionValueFactory, Extensions, GeneralName, GeneralNames, GeneralSubtree, HASHED_MESSAGE, HASH_ALGORITHM, Holder, InfoAccess, IssuerAndSerialNumber, IssuerSerial, IssuingDistributionPoint, KEKIdentifier, KEKRecipientInfo, KeyAgreeRecipientIdentifier, KeyAgreeRecipientInfo, KeyBag, KeyTransRecipientInfo, MICROS, MILLIS, MacData, MessageImprint, NameConstraints, OCSPRequest, OCSPResponse, ObjectDigestInfo, OriginatorIdentifierOrKey, OriginatorInfo, OriginatorPublicKey, OtherCertificateFormat, OtherKeyAttribute, OtherPrimeInfo, OtherRecipientInfo, OtherRevocationInfoFormat, PBES2Params, PBKDF2Params, PFX, PKCS8ShroudedKeyBag, PKIStatus, PKIStatusInfo, POLICY_IDENTIFIER, POLICY_QUALIFIERS, ParameterError, PasswordRecipientinfo, PkiObject, PolicyConstraints, PolicyInformation, PolicyMapping, PolicyMappings, PolicyQualifierInfo, PrivateKeyInfo, PrivateKeyUsagePeriod, PublicKeyInfo, QCStatement, QCStatements, RDN, RSAESOAEPParams, RSAPrivateKey, RSAPublicKey, RSASSAPSSParams, RecipientEncryptedKey, RecipientEncryptedKeys, RecipientIdentifier, RecipientInfo, RecipientKeyIdentifier, RelativeDistinguishedNames, Request, ResponseBytes, ResponseData, RevocationInfoChoices, RevokedCertificate, SECONDS, SafeBag, SafeBagValueFactory, SafeContents, SecretBag, Signature, SignedAndUnsignedAttributes, SignedCertificateTimestamp, SignedCertificateTimestampList, SignedData, SignedDataVerifyError, SignerInfo, SingleResponse, SubjectDirectoryAttributes, TBSRequest, TSTInfo, TYPE$4 as TYPE, TYPE_AND_VALUES, Time, TimeStampReq, TimeStampResp, TimeType, V2Form, VALUE$5 as VALUE, VALUE_BEFORE_DECODE, checkCA, createCMSECDSASignature, createECDSASignatureFromCMS, engine, getAlgorithmByOID, getAlgorithmParameters, getCrypto, getEngine, getHashAlgorithm, getOIDByAlgorithm, getRandomValues, id_AnyPolicy, id_AuthorityInfoAccess, id_AuthorityKeyIdentifier, id_BaseCRLNumber, id_BasicConstraints, id_CRLBag_X509CRL, id_CRLDistributionPoints, id_CRLNumber, id_CRLReason, id_CertBag_AttributeCertificate, id_CertBag_SDSICertificate, id_CertBag_X509Certificate, id_CertificateIssuer, id_CertificatePolicies, id_ContentType_Data, id_ContentType_EncryptedData, id_ContentType_EnvelopedData, id_ContentType_SignedData, id_ExtKeyUsage, id_FreshestCRL, id_InhibitAnyPolicy, id_InvalidityDate, id_IssuerAltName, id_IssuingDistributionPoint, id_KeyUsage, id_MicrosoftAppPolicies, id_MicrosoftCaVersion, id_MicrosoftCertTemplateV1, id_MicrosoftCertTemplateV2, id_MicrosoftPrevCaCertHash, id_NameConstraints, id_PKIX_OCSP_Basic, id_PolicyConstraints, id_PolicyMappings, id_PrivateKeyUsagePeriod, id_QCStatements, id_SignedCertificateTimestampList, id_SubjectAltName, id_SubjectDirectoryAttributes, id_SubjectInfoAccess, id_SubjectKeyIdentifier, id_ad, id_ad_caIssuers, id_ad_ocsp, id_eContentType_TSTInfo, id_pkix, id_sha1, id_sha256, id_sha384, id_sha512, kdf, setEngine, stringPrep, verifySCTsForCertificate, MLDSAPublicKey, SLHDSAPublicKey };
+export { AbstractCryptoEngine, AccessDescription, Accuracy, AlgorithmIdentifier, AltName, ArgumentError, AsnError, AttCertValidityPeriod, Attribute, AttributeCertificateInfoV1, AttributeCertificateInfoV2, AttributeCertificateV1, AttributeCertificateV2, AttributeTypeAndValue, AuthenticatedSafe, AuthorityKeyIdentifier, BasicConstraints, BasicOCSPResponse, CAVersion, CRLBag, CRLDistributionPoints, CertBag, CertID, Certificate, CertificateChainValidationEngine, CertificatePolicies, CertificateRevocationList, CertificateSet, CertificateTemplate, CertificationRequest, ChainValidationCode, ChainValidationError, ContentInfo, CryptoEngine, DigestInfo, DistributionPoint, ECCCMSSharedInfo, ECNamedCurves, ECPrivateKey, ECPublicKey, EncapsulatedContentInfo, EncryptedContentInfo, EncryptedData, EnvelopedData, ExtKeyUsage, Extension, ExtensionValueFactory, Extensions, GeneralName, GeneralNames, GeneralSubtree, HASHED_MESSAGE, HASH_ALGORITHM, Holder, InfoAccess, IssuerAndSerialNumber, IssuerSerial, IssuingDistributionPoint, KEKIdentifier, KEKRecipientInfo, KeyAgreeRecipientIdentifier, KeyAgreeRecipientInfo, KeyBag, KeyTransRecipientInfo, MICROS, MILLIS, MacData, MessageImprint, NameConstraints, OCSPRequest, OCSPResponse, ObjectDigestInfo, OriginatorIdentifierOrKey, OriginatorInfo, OriginatorPublicKey, OtherCertificateFormat, OtherKeyAttribute, OtherPrimeInfo, OtherRecipientInfo, OtherRevocationInfoFormat, PBES2Params, PBKDF2Params, PFX, PKCS8ShroudedKeyBag, PKIStatus, PKIStatusInfo, POLICY_IDENTIFIER, POLICY_QUALIFIERS, ParameterError, PasswordRecipientinfo, PkiObject, PolicyConstraints, PolicyInformation, PolicyMapping, PolicyMappings, PolicyQualifierInfo, PrivateKeyInfo, PrivateKeyUsagePeriod, PublicKeyInfo, QCStatement, QCStatements, RDN, RSAESOAEPParams, RSAPrivateKey, RSAPublicKey, RSASSAPSSParams, RecipientEncryptedKey, RecipientEncryptedKeys, RecipientIdentifier, RecipientInfo, RecipientKeyIdentifier, RelativeDistinguishedNames, Request, ResponseBytes, ResponseData, RevocationInfoChoices, RevokedCertificate, SECONDS, SafeBag, SafeBagValueFactory, SafeContents, SecretBag, Signature, SignedAndUnsignedAttributes, SignedCertificateTimestamp, SignedCertificateTimestampList, SignedData, SignedDataVerifyError, SignerInfo, SingleResponse, SubjectDirectoryAttributes, TBSRequest, TSTInfo, TYPE$4 as TYPE, TYPE_AND_VALUES, Time, TimeStampReq, TimeStampResp, TimeType, V2Form, VALUE$5 as VALUE, VALUE_BEFORE_DECODE, checkCA, createCMSECDSASignature, createECDSASignatureFromCMS, engine, getAlgorithmByOID, getAlgorithmParameters, getCrypto, getEngine, getHashAlgorithm, getOIDByAlgorithm, getRandomValues, id_AnyPolicy, id_AuthorityInfoAccess, id_AuthorityKeyIdentifier, id_BaseCRLNumber, id_BasicConstraints, id_CRLBag_X509CRL, id_CRLDistributionPoints, id_CRLNumber, id_CRLReason, id_CertBag_AttributeCertificate, id_CertBag_SDSICertificate, id_CertBag_X509Certificate, id_CertificateIssuer, id_CertificatePolicies, id_ContentType_Data, id_ContentType_EncryptedData, id_ContentType_EnvelopedData, id_ContentType_SignedData, id_ExtKeyUsage, id_FreshestCRL, id_InhibitAnyPolicy, id_InvalidityDate, id_IssuerAltName, id_IssuingDistributionPoint, id_KeyUsage, id_MicrosoftAppPolicies, id_MicrosoftCaVersion, id_MicrosoftCertTemplateV1, id_MicrosoftCertTemplateV2, id_MicrosoftPrevCaCertHash, id_NameConstraints, id_PKIX_OCSP_Basic, id_PolicyConstraints, id_PolicyMappings, id_PrivateKeyUsagePeriod, id_QCStatements, id_SignedCertificateTimestampList, id_SubjectAltName, id_SubjectDirectoryAttributes, id_SubjectInfoAccess, id_SubjectKeyIdentifier, id_ad, id_ad_caIssuers, id_ad_ocsp, id_eContentType_TSTInfo, id_pkix, id_sha1, id_sha256, id_sha384, id_sha512, kdf, setEngine, stringPrep, verifySCTsForCertificate, MLDSAPublicKey, SLHDSAPublicKey, CompositeMLDSAPublicKey };

toolkit/locales/en-US/toolkit/about/certviewer.ftl

@@ -49,6 +49,7 @@ certificate-viewer-protocol = Protocol
 certificate-viewer-public-value = Public Value
 certificate-viewer-mldsa-public-value = Public Value
 certificate-viewer-slhdsa-public-value = Public Value
+certificate-viewer-composite-mldsa-public-value = Public Value
 certificate-viewer-purposes = Purposes
 certificate-viewer-qualifier = Qualifier
 certificate-viewer-qualifiers = Qualifiers