bcgit
diff --git a/‎tls/src/main/java/org/bouncycastle/jsse/provider/FipsUtils.java‎
Lines changed: 12 additions & 0 deletions b/‎tls/src/main/java/org/bouncycastle/jsse/provider/FipsUtils.java‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎tls/src/main/java/org/bouncycastle/jsse/provider/ProvAlgorithmChecker.java‎
Lines changed: 15 additions & 0 deletions b/‎tls/src/main/java/org/bouncycastle/jsse/provider/ProvAlgorithmChecker.java‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎tls/src/main/java/org/bouncycastle/jsse/provider/ProvX509KeyManager.java‎
Lines changed: 26 additions & 0 deletions b/‎tls/src/main/java/org/bouncycastle/jsse/provider/ProvX509KeyManager.java‎
Lines changed: 26 additions & 0 deletions
diff --git a/‎tls/src/main/java/org/bouncycastle/jsse/provider/SignatureSchemeInfo.java‎
Lines changed: 32 additions & 3 deletions b/‎tls/src/main/java/org/bouncycastle/jsse/provider/SignatureSchemeInfo.java‎
Lines changed: 32 additions & 3 deletions
diff --git a/‎tls/src/main/java/org/bouncycastle/tls/SignatureAndHashAlgorithm.java‎
Lines changed: 12 additions & 0 deletions b/‎tls/src/main/java/org/bouncycastle/tls/SignatureAndHashAlgorithm.java‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎tls/src/main/java/org/bouncycastle/tls/SignatureScheme.java‎
Lines changed: 98 additions & 0 deletions b/‎tls/src/main/java/org/bouncycastle/tls/SignatureScheme.java‎
Lines changed: 98 additions & 0 deletions
diff --git a/‎tls/src/main/java/org/bouncycastle/tls/TlsUtils.java‎
Lines changed: 15 additions & 1 deletion b/‎tls/src/main/java/org/bouncycastle/tls/TlsUtils.java‎
Lines changed: 15 additions & 1 deletion
@@ -218,6 +218,18 @@ static boolean isFipsSignatureScheme(int signatureScheme)
         case SignatureScheme.mldsa44:
         case SignatureScheme.mldsa65:
         case SignatureScheme.mldsa87:
+        case SignatureScheme.DRAFT_slhdsa_sha2_128s:
+        case SignatureScheme.DRAFT_slhdsa_sha2_128f:
+        case SignatureScheme.DRAFT_slhdsa_sha2_192s:
+        case SignatureScheme.DRAFT_slhdsa_sha2_192f:
+        case SignatureScheme.DRAFT_slhdsa_sha2_256s:
+        case SignatureScheme.DRAFT_slhdsa_sha2_256f:
+        case SignatureScheme.DRAFT_slhdsa_shake_128s:
+        case SignatureScheme.DRAFT_slhdsa_shake_128f:
+        case SignatureScheme.DRAFT_slhdsa_shake_192s:
+        case SignatureScheme.DRAFT_slhdsa_shake_192f:
+        case SignatureScheme.DRAFT_slhdsa_shake_256s:
+        case SignatureScheme.DRAFT_slhdsa_shake_256f:
         default:
             return false;
         }
 
@@ -68,9 +68,24 @@ private static Map<String, String> createSigAlgNames()
 
         names.put(EdECObjectIdentifiers.id_Ed25519.getId(), "Ed25519");
         names.put(EdECObjectIdentifiers.id_Ed448.getId(), "Ed448");
+
         names.put(NISTObjectIdentifiers.id_ml_dsa_44.getId(), "ML-DSA-44");
         names.put(NISTObjectIdentifiers.id_ml_dsa_65.getId(), "ML-DSA-65");
         names.put(NISTObjectIdentifiers.id_ml_dsa_87.getId(), "ML-DSA-87");
+
+        names.put(NISTObjectIdentifiers.id_slh_dsa_sha2_128s.getId(), "SLH-DSA-SHA2-128S");
+        names.put(NISTObjectIdentifiers.id_slh_dsa_sha2_128f.getId(), "SLH-DSA-SHA2-128F");
+        names.put(NISTObjectIdentifiers.id_slh_dsa_sha2_192s.getId(), "SLH-DSA-SHA2-192S");
+        names.put(NISTObjectIdentifiers.id_slh_dsa_sha2_192f.getId(), "SLH-DSA-SHA2-192F");
+        names.put(NISTObjectIdentifiers.id_slh_dsa_sha2_256s.getId(), "SLH-DSA-SHA2-256S");
+        names.put(NISTObjectIdentifiers.id_slh_dsa_sha2_256f.getId(), "SLH-DSA-SHA2-256F");
+        names.put(NISTObjectIdentifiers.id_slh_dsa_shake_128s.getId(), "SLH-DSA-SHAKE-128S");
+        names.put(NISTObjectIdentifiers.id_slh_dsa_shake_128f.getId(), "SLH-DSA-SHAKE-128F");
+        names.put(NISTObjectIdentifiers.id_slh_dsa_shake_192s.getId(), "SLH-DSA-SHAKE-192S");
+        names.put(NISTObjectIdentifiers.id_slh_dsa_shake_192f.getId(), "SLH-DSA-SHAKE-192F");
+        names.put(NISTObjectIdentifiers.id_slh_dsa_shake_256s.getId(), "SLH-DSA-SHAKE-256S");
+        names.put(NISTObjectIdentifiers.id_slh_dsa_shake_256f.getId(), "SLH-DSA-SHAKE-256F");
+
         names.put(OIWObjectIdentifiers.dsaWithSHA1.getId(), "SHA1withDSA");
         names.put(X9ObjectIdentifiers.id_dsa_with_sha1.getId(), "SHA1withDSA");
 
 
@@ -162,6 +162,19 @@ private static Map<String, PublicKeyFilter> createFiltersClient()
         addFilter(filters, "ML-DSA-65");
         addFilter(filters, "ML-DSA-87");
 
+        addFilter(filters, "SLH-DSA-SHA2-128S");
+        addFilter(filters, "SLH-DSA-SHA2-128F");
+        addFilter(filters, "SLH-DSA-SHA2-192S");
+        addFilter(filters, "SLH-DSA-SHA2-192F");
+        addFilter(filters, "SLH-DSA-SHA2-256S");
+        addFilter(filters, "SLH-DSA-SHA2-256F");
+        addFilter(filters, "SLH-DSA-SHAKE-128S");
+        addFilter(filters, "SLH-DSA-SHAKE-128F");
+        addFilter(filters, "SLH-DSA-SHAKE-192S");
+        addFilter(filters, "SLH-DSA-SHAKE-192F");
+        addFilter(filters, "SLH-DSA-SHAKE-256S");
+        addFilter(filters, "SLH-DSA-SHAKE-256F");
+
         addECFilter13(filters, NamedGroup.brainpoolP256r1tls13);
         addECFilter13(filters, NamedGroup.brainpoolP384r1tls13);
         addECFilter13(filters, NamedGroup.brainpoolP512r1tls13);
@@ -191,6 +204,19 @@ private static Map<String, PublicKeyFilter> createFiltersServer()
         addFilter(filters, "ML-DSA-65");
         addFilter(filters, "ML-DSA-87");
 
+        addFilter(filters, "SLH-DSA-SHA2-128S");
+        addFilter(filters, "SLH-DSA-SHA2-128F");
+        addFilter(filters, "SLH-DSA-SHA2-192S");
+        addFilter(filters, "SLH-DSA-SHA2-192F");
+        addFilter(filters, "SLH-DSA-SHA2-256S");
+        addFilter(filters, "SLH-DSA-SHA2-256F");
+        addFilter(filters, "SLH-DSA-SHAKE-128S");
+        addFilter(filters, "SLH-DSA-SHAKE-128F");
+        addFilter(filters, "SLH-DSA-SHAKE-192S");
+        addFilter(filters, "SLH-DSA-SHAKE-192F");
+        addFilter(filters, "SLH-DSA-SHAKE-256S");
+        addFilter(filters, "SLH-DSA-SHAKE-256F");
+
         addECFilter13(filters, NamedGroup.brainpoolP256r1tls13);
         addECFilter13(filters, NamedGroup.brainpoolP384r1tls13);
         addECFilter13(filters, NamedGroup.brainpoolP512r1tls13);
 
@@ -69,6 +69,19 @@ private enum All
         mldsa65(SignatureScheme.mldsa65, "ML-DSA-65", false),
         mldsa87(SignatureScheme.mldsa87, "ML-DSA-87", false),
 
+        slhdsa_sha2_128s(SignatureScheme.DRAFT_slhdsa_sha2_128s, "SLH-DSA-SHA2-128S", false),
+        slhdsa_sha2_128f(SignatureScheme.DRAFT_slhdsa_sha2_128f, "SLH-DSA-SHA2-128F", false),
+        slhdsa_sha2_192s(SignatureScheme.DRAFT_slhdsa_sha2_192s, "SLH-DSA-SHA2-192S", false),
+        slhdsa_sha2_192f(SignatureScheme.DRAFT_slhdsa_sha2_192f, "SLH-DSA-SHA2-192F", false),
+        slhdsa_sha2_256s(SignatureScheme.DRAFT_slhdsa_sha2_256s, "SLH-DSA-SHA2-256S", false),
+        slhdsa_sha2_256f(SignatureScheme.DRAFT_slhdsa_sha2_256f, "SLH-DSA-SHA2-256F", false),
+        slhdsa_shake_128s(SignatureScheme.DRAFT_slhdsa_shake_128s, "SLH-DSA-SHAKE-128S", false),
+        slhdsa_shake_128f(SignatureScheme.DRAFT_slhdsa_shake_128f, "SLH-DSA-SHAKE-128F", false),
+        slhdsa_shake_192s(SignatureScheme.DRAFT_slhdsa_shake_192s, "SLH-DSA-SHAKE-192S", false),
+        slhdsa_shake_192f(SignatureScheme.DRAFT_slhdsa_shake_192f, "SLH-DSA-SHAKE-192F", false),
+        slhdsa_shake_256s(SignatureScheme.DRAFT_slhdsa_shake_256s, "SLH-DSA-SHAKE-256S", false),
+        slhdsa_shake_256f(SignatureScheme.DRAFT_slhdsa_shake_256f, "SLH-DSA-SHAKE-256F", false),
+
         sm2sig_sm3(SignatureScheme.sm2sig_sm3, "SM3withSM2", "EC"),
 
         // Deprecated: only for certs in 1.3
@@ -577,10 +590,26 @@ private static int[] createCandidates(Map<Integer, SignatureSchemeInfo> index, S
     private static int[] createCandidatesDefault()
     {
         All[] values = All.values();
-        int[] result = new int[values.length];
-        for (int i = 0; i < values.length; ++i)
+        int count = values.length, pos = 0;
+        int[] result = new int[count];
+        for (int i = 0; i < count; ++i)
+        {
+            int signatureScheme = values[i].signatureScheme;
+
+            /*
+             * SLH-DSA signing is quite slow; users will most likely be interested in it for the certificate
+             * chain, so we'll leave it to them to configure signature_algorithms_cert.
+             */
+            if (!SignatureScheme.isSLHDSA(signatureScheme))
+            {
+                result[pos++] = signatureScheme;
+            }
+        }
+        if (pos < count)
         {
-            result[i] = values[i].signatureScheme;
+            int[] tmp = new int[pos];
+            System.arraycopy(result, 0, tmp, 0, pos);
+            return tmp;
         }
         return result;
     }
 
@@ -36,6 +36,18 @@ public class SignatureAndHashAlgorithm
         create(SignatureScheme.rsa_pss_pss_sha384);
     public static final SignatureAndHashAlgorithm rsa_pss_pss_sha512 =
         create(SignatureScheme.rsa_pss_pss_sha512);
+    public static final SignatureAndHashAlgorithm slhdsa_sha2_128s = create(SignatureScheme.DRAFT_slhdsa_sha2_128s);
+    public static final SignatureAndHashAlgorithm slhdsa_sha2_128f = create(SignatureScheme.DRAFT_slhdsa_sha2_128f);
+    public static final SignatureAndHashAlgorithm slhdsa_sha2_192s = create(SignatureScheme.DRAFT_slhdsa_sha2_192s);
+    public static final SignatureAndHashAlgorithm slhdsa_sha2_192f = create(SignatureScheme.DRAFT_slhdsa_sha2_192f);
+    public static final SignatureAndHashAlgorithm slhdsa_sha2_256s = create(SignatureScheme.DRAFT_slhdsa_sha2_256s);
+    public static final SignatureAndHashAlgorithm slhdsa_sha2_256f = create(SignatureScheme.DRAFT_slhdsa_sha2_256f);
+    public static final SignatureAndHashAlgorithm slhdsa_shake_128s = create(SignatureScheme.DRAFT_slhdsa_shake_128s);
+    public static final SignatureAndHashAlgorithm slhdsa_shake_128f = create(SignatureScheme.DRAFT_slhdsa_shake_128f);
+    public static final SignatureAndHashAlgorithm slhdsa_shake_192s = create(SignatureScheme.DRAFT_slhdsa_shake_192s);
+    public static final SignatureAndHashAlgorithm slhdsa_shake_192f = create(SignatureScheme.DRAFT_slhdsa_shake_192f);
+    public static final SignatureAndHashAlgorithm slhdsa_shake_256s = create(SignatureScheme.DRAFT_slhdsa_shake_256s);
+    public static final SignatureAndHashAlgorithm slhdsa_shake_256f = create(SignatureScheme.DRAFT_slhdsa_shake_256f);
 
     public static SignatureAndHashAlgorithm getInstance(short hashAlgorithm, short signatureAlgorithm)
     {
 
@@ -59,6 +59,22 @@ public class SignatureScheme
     /** @deprecated Use 'mldsa87' instead. */
     public static final int DRAFT_mldsa87 = mldsa87;
 
+    /*
+     * draft-reddy-tls-slhdsa-01
+     */
+    public static final int DRAFT_slhdsa_sha2_128s = 0x0911;
+    public static final int DRAFT_slhdsa_sha2_128f = 0x0912;
+    public static final int DRAFT_slhdsa_sha2_192s = 0x0913;
+    public static final int DRAFT_slhdsa_sha2_192f = 0x0914;
+    public static final int DRAFT_slhdsa_sha2_256s = 0x0915;
+    public static final int DRAFT_slhdsa_sha2_256f = 0x0916;
+    public static final int DRAFT_slhdsa_shake_128s = 0x0917;
+    public static final int DRAFT_slhdsa_shake_128f = 0x0918;
+    public static final int DRAFT_slhdsa_shake_192s = 0x0919;
+    public static final int DRAFT_slhdsa_shake_192f = 0x091A;
+    public static final int DRAFT_slhdsa_shake_256s = 0x091B;
+    public static final int DRAFT_slhdsa_shake_256f = 0x091C;
+
     /*
      * RFC 8446 reserved for private use (0xFE00..0xFFFF)
      */
@@ -87,6 +103,18 @@ public static int getCryptoHashAlgorithm(int signatureScheme)
         case mldsa44:
         case mldsa65:
         case mldsa87:
+        case DRAFT_slhdsa_sha2_128s:
+        case DRAFT_slhdsa_sha2_128f:
+        case DRAFT_slhdsa_sha2_192s:
+        case DRAFT_slhdsa_sha2_192f:
+        case DRAFT_slhdsa_sha2_256s:
+        case DRAFT_slhdsa_sha2_256f:
+        case DRAFT_slhdsa_shake_128s:
+        case DRAFT_slhdsa_shake_128f:
+        case DRAFT_slhdsa_shake_192s:
+        case DRAFT_slhdsa_shake_192f:
+        case DRAFT_slhdsa_shake_256s:
+        case DRAFT_slhdsa_shake_256f:
             return -1;
         case ecdsa_brainpoolP256r1tls13_sha256:
         case rsa_pss_pss_sha256:
@@ -169,6 +197,30 @@ public static String getName(int signatureScheme)
             return "mldsa65";
         case mldsa87:
             return "mldsa87";
+        case DRAFT_slhdsa_sha2_128s:
+            return "slhdsa_sha2_128s";
+        case DRAFT_slhdsa_sha2_128f:
+            return "slhdsa_sha2_128f";
+        case DRAFT_slhdsa_sha2_192s:
+            return "slhdsa_sha2_192s";
+        case DRAFT_slhdsa_sha2_192f:
+            return "slhdsa_sha2_192f";
+        case DRAFT_slhdsa_sha2_256s:
+            return "slhdsa_sha2_256s";
+        case DRAFT_slhdsa_sha2_256f:
+            return "slhdsa_sha2_256f";
+        case DRAFT_slhdsa_shake_128s:
+            return "slhdsa_shake_128s";
+        case DRAFT_slhdsa_shake_128f:
+            return "slhdsa_shake_128f";
+        case DRAFT_slhdsa_shake_192s:
+            return "slhdsa_shake_192s";
+        case DRAFT_slhdsa_shake_192f:
+            return "slhdsa_shake_192f";
+        case DRAFT_slhdsa_shake_256s:
+            return "slhdsa_shake_256s";
+        case DRAFT_slhdsa_shake_256f:
+            return "slhdsa_shake_256f";
         default:
             return "UNKNOWN";
         }
@@ -246,6 +298,30 @@ public static SignatureAndHashAlgorithm getSignatureAndHashAlgorithm(int signatu
             return SignatureAndHashAlgorithm.mldsa65;
         case mldsa87:
             return SignatureAndHashAlgorithm.mldsa87;
+        case DRAFT_slhdsa_sha2_128s:
+            return SignatureAndHashAlgorithm.slhdsa_sha2_128s;
+        case DRAFT_slhdsa_sha2_128f:
+            return SignatureAndHashAlgorithm.slhdsa_sha2_128f;
+        case DRAFT_slhdsa_sha2_192s:
+            return SignatureAndHashAlgorithm.slhdsa_sha2_192s;
+        case DRAFT_slhdsa_sha2_192f:
+            return SignatureAndHashAlgorithm.slhdsa_sha2_192f;
+        case DRAFT_slhdsa_sha2_256s:
+            return SignatureAndHashAlgorithm.slhdsa_sha2_256s;
+        case DRAFT_slhdsa_sha2_256f:
+            return SignatureAndHashAlgorithm.slhdsa_sha2_256f;
+        case DRAFT_slhdsa_shake_128s:
+            return SignatureAndHashAlgorithm.slhdsa_shake_128s;
+        case DRAFT_slhdsa_shake_128f:
+            return SignatureAndHashAlgorithm.slhdsa_shake_128f;
+        case DRAFT_slhdsa_shake_192s:
+            return SignatureAndHashAlgorithm.slhdsa_shake_192s;
+        case DRAFT_slhdsa_shake_192f:
+            return SignatureAndHashAlgorithm.slhdsa_shake_192f;
+        case DRAFT_slhdsa_shake_256s:
+            return SignatureAndHashAlgorithm.slhdsa_shake_256s;
+        case DRAFT_slhdsa_shake_256f:
+            return SignatureAndHashAlgorithm.slhdsa_shake_256f;
         default:
             return SignatureAndHashAlgorithm.getInstance(
                 getHashAlgorithm(signatureScheme),
@@ -304,4 +380,26 @@ public static boolean isRSAPSS(int signatureScheme)
             return false;
         }
     }
+
+    public static boolean isSLHDSA(int signatureScheme)
+    {
+        switch (signatureScheme)
+        {
+        case DRAFT_slhdsa_sha2_128s:
+        case DRAFT_slhdsa_sha2_128f:
+        case DRAFT_slhdsa_sha2_192s:
+        case DRAFT_slhdsa_sha2_192f:
+        case DRAFT_slhdsa_sha2_256s:
+        case DRAFT_slhdsa_sha2_256f:
+        case DRAFT_slhdsa_shake_128s:
+        case DRAFT_slhdsa_shake_128f:
+        case DRAFT_slhdsa_shake_192s:
+        case DRAFT_slhdsa_shake_192f:
+        case DRAFT_slhdsa_shake_256s:
+        case DRAFT_slhdsa_shake_256f:
+            return true;
+        default:
+            return false;
+        }
+    }
 }
@@ -120,6 +120,19 @@ private static Hashtable createCertSigAlgOIDs()
         addCertSigAlgOID(h, NISTObjectIdentifiers.id_ml_dsa_65, SignatureAndHashAlgorithm.mldsa65);
         addCertSigAlgOID(h, NISTObjectIdentifiers.id_ml_dsa_87, SignatureAndHashAlgorithm.mldsa87);
 
+        addCertSigAlgOID(h, NISTObjectIdentifiers.id_slh_dsa_sha2_128s, SignatureAndHashAlgorithm.slhdsa_sha2_128s);
+        addCertSigAlgOID(h, NISTObjectIdentifiers.id_slh_dsa_sha2_128f, SignatureAndHashAlgorithm.slhdsa_sha2_128f);
+        addCertSigAlgOID(h, NISTObjectIdentifiers.id_slh_dsa_sha2_192s, SignatureAndHashAlgorithm.slhdsa_sha2_192s);
+        addCertSigAlgOID(h, NISTObjectIdentifiers.id_slh_dsa_sha2_192f, SignatureAndHashAlgorithm.slhdsa_sha2_192f);
+        addCertSigAlgOID(h, NISTObjectIdentifiers.id_slh_dsa_sha2_256s, SignatureAndHashAlgorithm.slhdsa_sha2_256s);
+        addCertSigAlgOID(h, NISTObjectIdentifiers.id_slh_dsa_sha2_256f, SignatureAndHashAlgorithm.slhdsa_sha2_256f);
+        addCertSigAlgOID(h, NISTObjectIdentifiers.id_slh_dsa_shake_128s, SignatureAndHashAlgorithm.slhdsa_shake_128s);
+        addCertSigAlgOID(h, NISTObjectIdentifiers.id_slh_dsa_shake_128f, SignatureAndHashAlgorithm.slhdsa_shake_128f);
+        addCertSigAlgOID(h, NISTObjectIdentifiers.id_slh_dsa_shake_192s, SignatureAndHashAlgorithm.slhdsa_shake_192s);
+        addCertSigAlgOID(h, NISTObjectIdentifiers.id_slh_dsa_shake_192f, SignatureAndHashAlgorithm.slhdsa_shake_192f);
+        addCertSigAlgOID(h, NISTObjectIdentifiers.id_slh_dsa_shake_256s, SignatureAndHashAlgorithm.slhdsa_shake_256s);
+        addCertSigAlgOID(h, NISTObjectIdentifiers.id_slh_dsa_shake_256f, SignatureAndHashAlgorithm.slhdsa_shake_256f);
+
         addCertSigAlgOID(h, RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_256,
             SignatureAndHashAlgorithm.gostr34102012_256);
         addCertSigAlgOID(h, RosstandartObjectIdentifiers.id_tc26_signwithdigest_gost_3410_12_512,
@@ -1550,7 +1563,8 @@ static void verify12SignatureAlgorithm(SignatureAndHashAlgorithm signatureAlgori
             int signatureScheme = SignatureScheme.from(signatureAlgorithm);
 
             // TODO In future there might be more cases, so we'd need a more general method.
-            if (SignatureScheme.isMLDSA(signatureScheme))
+            if (SignatureScheme.isMLDSA(signatureScheme) ||
+                SignatureScheme.isSLHDSA(signatureScheme))
             {
                 throw new TlsFatalAlert(alertDescription);
             }