added PKCS12 example using PBMac1

dghgit · dghgit · commit 0f08ecdd242e · 2025-03-10T21:26:27.000+11:00
additional PQC tests
added support for AES_WRAP_PAD to CMS.
diff --git a/core/src/main/java/org/bouncycastle/asn1/x509/PrivateKeyStatement.java b/core/src/main/java/org/bouncycastle/asn1/x509/PrivateKeyStatement.java
@@ -0,0 +1,91 @@
+package org.bouncycastle.asn1.x509;
+
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1Object;
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.pkcs.IssuerAndSerialNumber;
+
+/**
+ * <pre>
+ * PrivateKeyStatement ::= SEQUENCE {
+ *       signer  IssuerAndSerialNumber,
+ *       cert    Certificate OPTIONAL }
+ * </pre>
+ */
+public class PrivateKeyStatement
+    extends ASN1Object
+{
+    private final IssuerAndSerialNumber signer;
+    private final Certificate cert;
+
+    public static PrivateKeyStatement getInstance(Object obj)
+    {
+        if (obj instanceof PrivateKeyStatement)
+        {
+            return (PrivateKeyStatement)obj;
+        }
+
+        if (obj != null)
+        {
+            return new PrivateKeyStatement(ASN1Sequence.getInstance(obj));
+        }
+
+        return null;
+    }
+
+    private PrivateKeyStatement(ASN1Sequence seq)
+    {
+        if (seq.size() == 1)
+        {
+             this.signer = IssuerAndSerialNumber.getInstance(seq.getObjectAt(0));
+             this.cert = null;
+        }
+        else if (seq.size() == 2)
+        {
+             this.signer = IssuerAndSerialNumber.getInstance(seq.getObjectAt(0));
+             this.cert = Certificate.getInstance(seq.getObjectAt(1));
+        }
+        else
+        {
+             throw new IllegalArgumentException("unknown sequence in PrivateKeyStatement");
+        }
+    }
+
+    public PrivateKeyStatement(IssuerAndSerialNumber signer)
+    {
+        this.signer = signer;
+        this.cert = null;
+    }
+
+    public PrivateKeyStatement(Certificate cert)
+    {
+        this.signer = new IssuerAndSerialNumber(cert.getIssuer(), cert.getSerialNumber().getValue());
+        this.cert = cert;
+    }
+
+    public IssuerAndSerialNumber getSigner()
+    {
+        return signer;
+    }
+
+    public Certificate getCert()
+    {
+        return cert;
+    }
+
+    public ASN1Primitive toASN1Primitive()
+    {
+        ASN1EncodableVector v = new ASN1EncodableVector(2);
+
+        v.add(signer);
+
+        if (cert != null)
+        {
+            v.add(cert);
+        }
+
+        return new DERSequence(v);
+    }
+}
diff --git a/core/src/main/java/org/bouncycastle/asn1/x509/X509AttributeIdentifiers.java b/core/src/main/java/org/bouncycastle/asn1/x509/X509AttributeIdentifiers.java
@@ -7,23 +7,25 @@ public interface X509AttributeIdentifiers
     /**
      * @deprecated use id_at_role
      */
-    static final ASN1ObjectIdentifier RoleSyntax = new ASN1ObjectIdentifier("2.5.4.72");
+    ASN1ObjectIdentifier RoleSyntax = new ASN1ObjectIdentifier("2.5.4.72");
 
-    static final ASN1ObjectIdentifier id_pe_ac_auditIdentity = X509ObjectIdentifiers.id_pe.branch("4");
-    static final ASN1ObjectIdentifier id_pe_aaControls       = X509ObjectIdentifiers.id_pe.branch("6");
-    static final ASN1ObjectIdentifier id_pe_ac_proxying      = X509ObjectIdentifiers.id_pe.branch("10");
+    ASN1ObjectIdentifier id_pe_ac_auditIdentity = X509ObjectIdentifiers.id_pe.branch("4");
+    ASN1ObjectIdentifier id_pe_aaControls = X509ObjectIdentifiers.id_pe.branch("6");
+    ASN1ObjectIdentifier id_pe_ac_proxying = X509ObjectIdentifiers.id_pe.branch("10");
 
-    static final ASN1ObjectIdentifier id_ce_targetInformation= X509ObjectIdentifiers.id_ce.branch("55");
+    ASN1ObjectIdentifier id_ce_targetInformation = X509ObjectIdentifiers.id_ce.branch("55");
 
-    static final ASN1ObjectIdentifier id_aca = X509ObjectIdentifiers.id_pkix.branch("10");
+    ASN1ObjectIdentifier id_aca = X509ObjectIdentifiers.id_pkix.branch("10");
 
-    static final ASN1ObjectIdentifier id_aca_authenticationInfo    = id_aca.branch("1");
-    static final ASN1ObjectIdentifier id_aca_accessIdentity        = id_aca.branch("2");
-    static final ASN1ObjectIdentifier id_aca_chargingIdentity      = id_aca.branch("3");
-    static final ASN1ObjectIdentifier id_aca_group                 = id_aca.branch("4");
+    ASN1ObjectIdentifier id_aca_authenticationInfo = id_aca.branch("1");
+    ASN1ObjectIdentifier id_aca_accessIdentity = id_aca.branch("2");
+    ASN1ObjectIdentifier id_aca_chargingIdentity = id_aca.branch("3");
+    ASN1ObjectIdentifier id_aca_group = id_aca.branch("4");
     // { id-aca 5 } is reserved
-    static final ASN1ObjectIdentifier id_aca_encAttrs              = id_aca.branch("6");
+    ASN1ObjectIdentifier id_aca_encAttrs = id_aca.branch("6");
 
-    static final ASN1ObjectIdentifier id_at_role = new ASN1ObjectIdentifier("2.5.4.72");
-    static final ASN1ObjectIdentifier id_at_clearance = new ASN1ObjectIdentifier("2.5.1.5.55");
+    ASN1ObjectIdentifier id_at_role = new ASN1ObjectIdentifier("2.5.4.72");
+    ASN1ObjectIdentifier id_at_clearance = new ASN1ObjectIdentifier("2.5.1.5.55");
+
+    ASN1ObjectIdentifier id_at_privateKeyStatement = new ASN1ObjectIdentifier("1.3.6.1.4.1.22112.2.1");
 }
diff --git a/pkix/src/main/java/org/bouncycastle/cert/crmf/CertificateRepMessageBuilder.java b/pkix/src/main/java/org/bouncycastle/cert/crmf/CertificateRepMessageBuilder.java
@@ -30,6 +30,7 @@ public CertificateRepMessageBuilder(X509CertificateHolder... caCerts)
             this.caCerts[i] = new CMPCertificate(caCerts[i].toASN1Structure());
         }
     }
+
     public CertificateRepMessageBuilder addCertificateResponse(CertificateResponse response)
     {
         responses.add(response.toASN1Structure());
diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSAlgorithm.java b/pkix/src/main/java/org/bouncycastle/cms/CMSAlgorithm.java
@@ -46,6 +46,9 @@ public class CMSAlgorithm
     public static final ASN1ObjectIdentifier  AES128_WRAP     = NISTObjectIdentifiers.id_aes128_wrap.intern();
     public static final ASN1ObjectIdentifier  AES192_WRAP     = NISTObjectIdentifiers.id_aes192_wrap.intern();
     public static final ASN1ObjectIdentifier  AES256_WRAP     = NISTObjectIdentifiers.id_aes256_wrap.intern();
+    public static final ASN1ObjectIdentifier  AES128_WRAP_PAD     = NISTObjectIdentifiers.id_aes128_wrap_pad.intern();
+    public static final ASN1ObjectIdentifier  AES192_WRAP_PAD     = NISTObjectIdentifiers.id_aes192_wrap_pad.intern();
+    public static final ASN1ObjectIdentifier  AES256_WRAP_PAD     = NISTObjectIdentifiers.id_aes256_wrap_pad.intern();
     public static final ASN1ObjectIdentifier  CAMELLIA128_WRAP = NTTObjectIdentifiers.id_camellia128_wrap.intern();
     public static final ASN1ObjectIdentifier  CAMELLIA192_WRAP = NTTObjectIdentifiers.id_camellia192_wrap.intern();
     public static final ASN1ObjectIdentifier  CAMELLIA256_WRAP = NTTObjectIdentifiers.id_camellia256_wrap.intern();
diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/CMSUtils.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/CMSUtils.java
@@ -52,6 +52,9 @@ class CMSUtils
        wrapAlgNames.put(CMSAlgorithm.AES128_WRAP, "AESWRAP");
        wrapAlgNames.put(CMSAlgorithm.AES192_WRAP, "AESWRAP");
        wrapAlgNames.put(CMSAlgorithm.AES256_WRAP, "AESWRAP");
+       wrapAlgNames.put(CMSAlgorithm.AES128_WRAP_PAD, "AES-KWP");
+       wrapAlgNames.put(CMSAlgorithm.AES192_WRAP_PAD, "AES-KWP");
+       wrapAlgNames.put(CMSAlgorithm.AES256_WRAP_PAD, "AES-KWP");
     }
 
     static
@@ -264,15 +267,15 @@ static Cipher createAsymmetricWrapper(JcaJceHelper helper, ASN1ObjectIdentifier
     public static int getKekSize(ASN1ObjectIdentifier symWrapAlg)
     {
         // TODO: add table
-        if (symWrapAlg.equals(CMSAlgorithm.AES256_WRAP))
+        if (symWrapAlg.equals(CMSAlgorithm.AES256_WRAP) || symWrapAlg.equals(CMSAlgorithm.AES256_WRAP_PAD))
         {
             return 32;
         }
-        else if (symWrapAlg.equals(CMSAlgorithm.AES128_WRAP))
+        else if (symWrapAlg.equals(CMSAlgorithm.AES128_WRAP) || symWrapAlg.equals(CMSAlgorithm.AES128_WRAP_PAD))
         {
             return  16;
         }
-        else if (symWrapAlg.equals(CMSAlgorithm.AES192_WRAP))
+        else if (symWrapAlg.equals(CMSAlgorithm.AES192_WRAP) || symWrapAlg.equals(CMSAlgorithm.AES192_WRAP_PAD))
         {
             return  24;
         }
diff --git a/pkix/src/main/java/org/bouncycastle/pkcs/bc/BcPKCS12PBMac1CalculatorBuilder.java b/pkix/src/main/java/org/bouncycastle/pkcs/bc/BcPKCS12PBMac1CalculatorBuilder.java
@@ -1,5 +1,7 @@
 package org.bouncycastle.pkcs.bc;
 
+import java.io.IOException;
+
 import org.bouncycastle.asn1.pkcs.PBKDF2Params;
 import org.bouncycastle.asn1.pkcs.PBMAC1Params;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -8,8 +10,6 @@
 import org.bouncycastle.operator.OperatorCreationException;
 import org.bouncycastle.pkcs.PKCS12MacCalculatorBuilder;
 
-import java.io.IOException;
-
 public class BcPKCS12PBMac1CalculatorBuilder
     implements PKCS12MacCalculatorBuilder
 {    
@@ -27,7 +27,11 @@ public BcPKCS12PBMac1CalculatorBuilder(PBMAC1Params pbeMacParams) throws IOExcep
                 throw new IOException("Key length must be present when using PBMAC1.");
             }
         }
-        // TODO handle other cases
+        else
+        {
+            // TODO: add scrypt support.
+            throw new IllegalArgumentException("unrecognised PBKDF");
+        }
     }
 
     @Override
diff --git a/pkix/src/test/java/org/bouncycastle/pkcs/test/PQCPKCS10Test.java b/pkix/src/test/java/org/bouncycastle/pkcs/test/PQCPKCS10Test.java
@@ -0,0 +1,97 @@
+package org.bouncycastle.pkcs.test;
+
+import java.math.BigInteger;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.Security;
+import java.util.Date;
+
+import junit.framework.TestCase;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x509.BasicConstraints;
+import org.bouncycastle.asn1.x509.Extension;
+import org.bouncycastle.asn1.x509.PrivateKeyStatement;
+import org.bouncycastle.asn1.x509.X509AttributeIdentifiers;
+import org.bouncycastle.cert.CertException;
+import org.bouncycastle.cert.CertIOException;
+import org.bouncycastle.cert.X509CertificateHolder;
+import org.bouncycastle.cert.X509v3CertificateBuilder;
+import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
+import org.bouncycastle.jcajce.spec.MLDSAParameterSpec;
+import org.bouncycastle.jcajce.spec.MLKEMParameterSpec;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.operator.ContentSigner;
+import org.bouncycastle.operator.ContentVerifierProvider;
+import org.bouncycastle.operator.OperatorCreationException;
+import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
+import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
+import org.bouncycastle.pkcs.PKCS10CertificationRequest;
+import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
+import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
+
+public class PQCPKCS10Test
+    extends TestCase
+{
+    public void setUp()
+    {
+        Security.addProvider(new BouncyCastleProvider());
+    }
+
+    public void testKEMPKCS10()
+        throws Exception
+    {
+        KeyPairGenerator dilKpGen = KeyPairGenerator.getInstance("ML-DSA", "BC");
+
+        dilKpGen.initialize(MLDSAParameterSpec.ml_dsa_65);
+
+        KeyPair dilKp = dilKpGen.generateKeyPair();
+
+        X509CertificateHolder sigCert = makeV3Certificate("CN=ML-KEM Client", dilKp);
+
+        KeyPairGenerator kemKpGen = KeyPairGenerator.getInstance("ML-KEM", "BC");
+
+        kemKpGen.initialize(MLKEMParameterSpec.ml_kem_768);
+
+        KeyPair kemKp = kemKpGen.generateKeyPair();
+
+        PKCS10CertificationRequestBuilder pkcs10Builder = new JcaPKCS10CertificationRequestBuilder(
+                                                        new X500Name("CN=ML-KEM Client"), kemKp.getPublic());
+
+        pkcs10Builder.addAttribute(X509AttributeIdentifiers.id_at_privateKeyStatement,
+                                        new PrivateKeyStatement(sigCert.toASN1Structure()));
+
+        PKCS10CertificationRequest request = pkcs10Builder.build(
+                            new JcaContentSignerBuilder("ML-DSA").setProvider("BC").build(dilKp.getPrivate()));
+
+        assertTrue(request.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(sigCert.getSubjectPublicKeyInfo())));
+    }
+
+    private static X509CertificateHolder makeV3Certificate(String _subDN, KeyPair issKP)
+        throws OperatorCreationException, CertException, CertIOException
+    {
+        PrivateKey issPriv = issKP.getPrivate();
+        PublicKey issPub = issKP.getPublic();
+
+        X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(
+            new X500Name(_subDN),
+            BigInteger.valueOf(System.currentTimeMillis()),
+            new Date(System.currentTimeMillis() - 5000L),
+            new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 100)),
+            new X500Name(_subDN),
+            issKP.getPublic());
+
+        certGen.addExtension(Extension.basicConstraints, true, new BasicConstraints(0));
+
+        ContentSigner signer = new JcaContentSignerBuilder("ML-DSA").build(issPriv);
+
+        X509CertificateHolder certHolder = certGen.build(signer);
+
+        ContentVerifierProvider verifier = new JcaContentVerifierProviderBuilder().build(issPub);
+
+        assertTrue(certHolder.isSignatureValid(verifier));
+
+        return certHolder;
+    }
+}
diff --git a/pkix/src/test/java/org/bouncycastle/pkcs/test/PfxPduTest.java b/pkix/src/test/java/org/bouncycastle/pkcs/test/PfxPduTest.java
diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/util/WrapUtil.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/util/WrapUtil.java
diff --git a/prov/src/test/java/org/bouncycastle/jce/provider/test/PQCDHTest.java b/prov/src/test/java/org/bouncycastle/jce/provider/test/PQCDHTest.java

Original file line number	Diff line number	Diff line change
`@@ -30,6 +30,7 @@ public CertificateRepMessageBuilder(X509CertificateHolder... caCerts)`
`30`	`30`	`this.caCerts[i] = new CMPCertificate(caCerts[i].toASN1Structure());`
`31`	`31`	`}`
`32`	`32`	`}`
	`33`	`+`
`33`	`34`	`public CertificateRepMessageBuilder addCertificateResponse(CertificateResponse response)`
`34`	`35`	`{`
`35`	`36`	`responses.add(response.toASN1Structure());`
Original file line number	Diff line number	Diff line change
`@@ -52,6 +52,9 @@ class CMSUtils`
`52`	`52`	`wrapAlgNames.put(CMSAlgorithm.AES128_WRAP, "AESWRAP");`
`53`	`53`	`wrapAlgNames.put(CMSAlgorithm.AES192_WRAP, "AESWRAP");`
`54`	`54`	`wrapAlgNames.put(CMSAlgorithm.AES256_WRAP, "AESWRAP");`
	`55`	`+ wrapAlgNames.put(CMSAlgorithm.AES128_WRAP_PAD, "AES-KWP");`
	`56`	`+ wrapAlgNames.put(CMSAlgorithm.AES192_WRAP_PAD, "AES-KWP");`
	`57`	`+ wrapAlgNames.put(CMSAlgorithm.AES256_WRAP_PAD, "AES-KWP");`
`55`	`58`	`}`
`56`	`59`
`57`	`60`	`static`
`@@ -264,15 +267,15 @@ static Cipher createAsymmetricWrapper(JcaJceHelper helper, ASN1ObjectIdentifier`
`264`	`267`	`public static int getKekSize(ASN1ObjectIdentifier symWrapAlg)`
`265`	`268`	`{`
`266`	`269`	`// TODO: add table`
`267`		`- if (symWrapAlg.equals(CMSAlgorithm.AES256_WRAP))`
	`270`	`+ if (symWrapAlg.equals(CMSAlgorithm.AES256_WRAP) \|\| symWrapAlg.equals(CMSAlgorithm.AES256_WRAP_PAD))`
`268`	`271`	`{`
`269`	`272`	`return 32;`
`270`	`273`	`}`
`271`		`- else if (symWrapAlg.equals(CMSAlgorithm.AES128_WRAP))`
	`274`	`+ else if (symWrapAlg.equals(CMSAlgorithm.AES128_WRAP) \|\| symWrapAlg.equals(CMSAlgorithm.AES128_WRAP_PAD))`
`272`	`275`	`{`
`273`	`276`	`return 16;`
`274`	`277`	`}`
`275`		`- else if (symWrapAlg.equals(CMSAlgorithm.AES192_WRAP))`
	`278`	`+ else if (symWrapAlg.equals(CMSAlgorithm.AES192_WRAP) \|\| symWrapAlg.equals(CMSAlgorithm.AES192_WRAP_PAD))`
`276`	`279`	`{`
`277`	`280`	`return 24;`
`278`	`281`	`}`