Merge branch 'rfc9708-cms-hss-lms' into 'main'

Rfc9708

See merge request root/bc-java!72

Author: dghgit

core/src/main/java/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java

@@ -278,6 +278,7 @@ public interface PKCSObjectIdentifiers
      * id-alg-hss-lms-hashsig OBJECT IDENTIFIER ::= { iso(1)
      *     member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
      *    smime(16) alg(3) 17 }
+     *    1.2.840.113549.1.9.16.3.17
      */
     public static final ASN1ObjectIdentifier id_alg_hss_lms_hashsig = smime_alg.branch("17");
 

core/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java

@@ -165,7 +165,8 @@ public static AsymmetricKeyParameter createKey(SubjectPublicKeyInfo keyInfo, Obj
         SubjectPublicKeyInfoConverter converter = (SubjectPublicKeyInfoConverter)converters.get(algID.getAlgorithm());
         if (null == converter)
         {
-            throw new IOException("algorithm identifier in public key not recognised: " + algID.getAlgorithm());
+            return org.bouncycastle.pqc.crypto.util.PublicKeyFactory.createKey(keyInfo, defaultParams);
+            //throw new IOException("algorithm identifier in public key not recognised: " + algID.getAlgorithm());
         }
 
         return converter.getPublicKeyParameters(keyInfo, defaultParams);

core/src/main/java/org/bouncycastle/crypto/util/SubjectPublicKeyInfoFactory.java

@@ -35,12 +35,17 @@
 import org.bouncycastle.crypto.params.X448PublicKeyParameters;
 import org.bouncycastle.internal.asn1.edec.EdECObjectIdentifiers;
 import org.bouncycastle.internal.asn1.rosstandart.RosstandartObjectIdentifiers;
+import org.bouncycastle.pqc.crypto.lms.Composer;
+import org.bouncycastle.pqc.crypto.lms.HSSPublicKeyParameters;
+import org.bouncycastle.pqc.crypto.lms.LMSPublicKeyParameters;
+import org.bouncycastle.util.Arrays;
 
 /**
  * Factory to create ASN.1 subject public key info objects from lightweight public keys.
  */
 public class SubjectPublicKeyInfoFactory
 {
+    private static final byte tag_OctetString = (byte)0x04;
     private static Set cryptoProOids = new HashSet(5);
 
     static
@@ -192,6 +197,20 @@ else if (publicKey instanceof Ed25519PublicKeyParameters)
 
             return new SubjectPublicKeyInfo(new AlgorithmIdentifier(EdECObjectIdentifiers.id_Ed25519), key.getEncoded());
         }
+        else if (publicKey instanceof HSSPublicKeyParameters)
+        {
+            HSSPublicKeyParameters params = (HSSPublicKeyParameters)publicKey;
+            byte[] encoding = Composer.compose().u32str(params.getL()).bytes(params.getLMSPublicKey()).build();
+            AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_alg_hss_lms_hashsig);
+            return new SubjectPublicKeyInfo(algorithmIdentifier, Arrays.concatenate(new byte[]{tag_OctetString, (byte)encoding.length}, encoding));
+        }
+        else if (publicKey instanceof LMSPublicKeyParameters)
+        {
+            LMSPublicKeyParameters params = (LMSPublicKeyParameters)publicKey;
+            byte[] encoding = Composer.compose().u32str(1).bytes(params).build();
+            AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_alg_hss_lms_hashsig);
+            return new SubjectPublicKeyInfo(algorithmIdentifier, Arrays.concatenate(new byte[]{tag_OctetString, (byte)encoding.length}, encoding));
+        }
         else
         {
             throw new IOException("key parameters not recognized");

core/src/main/java/org/bouncycastle/internal/asn1/kisa/KISAObjectIdentifiers.java

@@ -28,4 +28,7 @@ public interface KISAObjectIdentifiers
 
     /** RFC 4010: SeedEncryptionAlgorithmInCMS; OID 1.2.840.113549.1.9.16.0.24 */
     static final ASN1ObjectIdentifier id_mod_cms_seed = new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.0.24");
+
+    /** RFC 9708 MTS-HashSig-2013; OID 1.2.840.113549.1.9.16.0.64 */
+    static final ASN1ObjectIdentifier id_mod_mts_hashsig_2013 = new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.0.64");
 }

pkix/src/main/java/org/bouncycastle/operator/bc/BcHssLmsContentSignerBuilder.java

@@ -0,0 +1,106 @@
+package org.bouncycastle.operator.bc;
+
+import java.io.ByteArrayOutputStream;
+
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.CryptoException;
+import org.bouncycastle.crypto.DataLengthException;
+import org.bouncycastle.crypto.Signer;
+import org.bouncycastle.operator.OperatorCreationException;
+import org.bouncycastle.pqc.crypto.MessageSigner;
+import org.bouncycastle.pqc.crypto.lms.HSSPrivateKeyParameters;
+import org.bouncycastle.pqc.crypto.lms.HSSPublicKeyParameters;
+import org.bouncycastle.pqc.crypto.lms.HSSSigner;
+import org.bouncycastle.pqc.crypto.lms.LMSPrivateKeyParameters;
+import org.bouncycastle.pqc.crypto.lms.LMSPublicKeyParameters;
+import org.bouncycastle.pqc.crypto.lms.LMSSigner;
+
+/**
+ * Builder for creating content signers that use the HSS/LMS Hash-Based Signature Algorithm.
+ *
+ * <b>Reference:</b> Use of the HSS/LMS Hash-Based Signature Algorithm in the Cryptographic Message Syntax (CMS)
+ * <a href="https://datatracker.ietf.org/doc/rfc9708/">RFC 9708</a>.
+ */
+public class BcHssLmsContentSignerBuilder
+    extends BcContentSignerBuilder
+{
+    private static final AlgorithmIdentifier sigAlgId = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_alg_hss_lms_hashsig);
+
+    public BcHssLmsContentSignerBuilder()
+    {
+        super(sigAlgId, null);
+    }
+
+    protected Signer createSigner(AlgorithmIdentifier sigAlgId, AlgorithmIdentifier digAlgId)
+        throws OperatorCreationException
+    {
+        return new HssSigner();
+    }
+
+    static class HssSigner
+        implements Signer
+    {
+        private MessageSigner signer;
+        private final ByteArrayOutputStream stream = new ByteArrayOutputStream();
+
+        public HssSigner()
+        {
+        }
+
+        @Override
+        public void init(boolean forSigning, CipherParameters param)
+        {
+            if (param instanceof HSSPublicKeyParameters || param instanceof HSSPrivateKeyParameters)
+            {
+                signer = new HSSSigner();
+            }
+            else if (param instanceof LMSPublicKeyParameters || param instanceof LMSPrivateKeyParameters)
+            {
+                signer = new LMSSigner();
+            }
+            else
+            {
+                throw new IllegalArgumentException("Incorrect Key Parameters");
+            }
+
+            signer.init(forSigning, param);
+        }
+
+        @Override
+        public void update(byte b)
+        {
+            stream.write(b);
+        }
+
+        @Override
+        public void update(byte[] in, int off, int len)
+        {
+            stream.write(in, off, len);
+        }
+
+        @Override
+        public byte[] generateSignature()
+            throws CryptoException, DataLengthException
+        {
+            byte[] msg = stream.toByteArray();
+            stream.reset();
+            return signer.generateSignature(msg);
+        }
+
+        @Override
+        public boolean verifySignature(byte[] signature)
+        {
+            byte[] msg = stream.toByteArray();
+            stream.reset();
+            return signer.verifySignature(msg, signature);
+        }
+
+        @Override
+        public void reset()
+        {
+            stream.reset();
+        }
+    }
+}

pkix/src/main/java/org/bouncycastle/operator/bc/BcHssLmsContentVerifierProviderBuilder.java

@@ -0,0 +1,37 @@
+package org.bouncycastle.operator.bc;
+
+import java.io.IOException;
+
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.crypto.Signer;
+import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
+import org.bouncycastle.crypto.util.PublicKeyFactory;
+import org.bouncycastle.operator.OperatorCreationException;
+
+/**
+ * Builder for creating content verifier providers that support the HSS/LMS Hash-Based Signature Algorithm.
+ *
+ * <b>Reference:</b> Use of the HSS/LMS Hash-Based Signature Algorithm in the Cryptographic Message Syntax (CMS)
+ * <a href="https://datatracker.ietf.org/doc/rfc9708/">RFC 9708</a>.
+ * </p>
+ */
+public class BcHssLmsContentVerifierProviderBuilder
+    extends BcContentVerifierProviderBuilder
+{
+    public BcHssLmsContentVerifierProviderBuilder()
+    {
+    }
+
+    protected Signer createSigner(AlgorithmIdentifier sigAlgId)
+        throws OperatorCreationException
+    {
+        return new BcHssLmsContentSignerBuilder.HssSigner();
+    }
+
+    protected AsymmetricKeyParameter extractKeyParameters(SubjectPublicKeyInfo publicKeyInfo)
+        throws IOException
+    {
+        return PublicKeyFactory.createKey(publicKeyInfo);
+    }
+}