|
1 | 1 | // Licensed to the .NET Foundation under one or more agreements. |
2 | 2 | // The .NET Foundation licenses this file to you under the MIT license. |
3 | 3 |
|
| 4 | +using System.Diagnostics.CodeAnalysis; |
4 | 5 | using System.Globalization; |
5 | 6 | using System.Security.Cryptography; |
6 | 7 | using System.Security.Cryptography.X509Certificates; |
@@ -96,6 +97,23 @@ private static X509Certificate2 LoadCertificateKey(X509Certificate2 certificate, |
96 | 97 | const string DSAOid = "1.2.840.10040.4.1"; |
97 | 98 | const string ECDsaOid = "1.2.840.10045.2.1"; |
98 | 99 |
|
| 100 | + const string MLDsa44Oid = "2.16.840.1.101.3.4.3.17"; |
| 101 | + const string MLDsa65Oid = "2.16.840.1.101.3.4.3.18"; |
| 102 | + const string MLDsa87Oid = "2.16.840.1.101.3.4.3.19"; |
| 103 | + |
| 104 | + const string SlhDsaSha2_128sOid = "2.16.840.1.101.3.4.3.20"; |
| 105 | + const string SlhDsaSha2_128fOid = "2.16.840.1.101.3.4.3.21"; |
| 106 | + const string SlhDsaSha2_192sOid = "2.16.840.1.101.3.4.3.22"; |
| 107 | + const string SlhDsaSha2_192fOid = "2.16.840.1.101.3.4.3.23"; |
| 108 | + const string SlhDsaSha2_256sOid = "2.16.840.1.101.3.4.3.24"; |
| 109 | + const string SlhDsaSha2_256fOid = "2.16.840.1.101.3.4.3.25"; |
| 110 | + const string SlhDsaShake_128sOid = "2.16.840.1.101.3.4.3.26"; |
| 111 | + const string SlhDsaShake_128fOid = "2.16.840.1.101.3.4.3.27"; |
| 112 | + const string SlhDsaShake_192sOid = "2.16.840.1.101.3.4.3.28"; |
| 113 | + const string SlhDsaShake_192fOid = "2.16.840.1.101.3.4.3.29"; |
| 114 | + const string SlhDsaShake_256sOid = "2.16.840.1.101.3.4.3.30"; |
| 115 | + const string SlhDsaShake_256fOid = "2.16.840.1.101.3.4.3.31"; |
| 116 | + |
99 | 117 | // Duplication is required here because there are separate CopyWithPrivateKey methods for each algorithm. |
100 | 118 | var keyText = File.ReadAllText(keyPath); |
101 | 119 | switch (certificate.PublicKey.Oid.Value) |
@@ -142,6 +160,47 @@ private static X509Certificate2 LoadCertificateKey(X509Certificate2 certificate, |
142 | 160 | throw CreateErrorGettingPrivateKeyException(keyPath, ex); |
143 | 161 | } |
144 | 162 | } |
| 163 | + case MLDsa44Oid: |
| 164 | + case MLDsa65Oid: |
| 165 | + case MLDsa87Oid: |
| 166 | + { |
| 167 | +#pragma warning disable SYSLIB5006 // Type is for evaluation purposes only and is subject to change or removal in future updates. Suppress this diagnostic to proceed. |
| 168 | + using var mlDsa = ImportMLDsaKeyFromFile(keyText, password); |
| 169 | + |
| 170 | + try |
| 171 | + { |
| 172 | + return certificate.CopyWithPrivateKey(mlDsa); |
| 173 | + } |
| 174 | + catch (Exception ex) |
| 175 | + { |
| 176 | + throw CreateErrorGettingPrivateKeyException(keyPath, ex); |
| 177 | + } |
| 178 | + } |
| 179 | + case SlhDsaSha2_128sOid: |
| 180 | + case SlhDsaSha2_128fOid: |
| 181 | + case SlhDsaSha2_192sOid: |
| 182 | + case SlhDsaSha2_192fOid: |
| 183 | + case SlhDsaSha2_256sOid: |
| 184 | + case SlhDsaSha2_256fOid: |
| 185 | + case SlhDsaShake_128sOid: |
| 186 | + case SlhDsaShake_128fOid: |
| 187 | + case SlhDsaShake_192sOid: |
| 188 | + case SlhDsaShake_192fOid: |
| 189 | + case SlhDsaShake_256sOid: |
| 190 | + case SlhDsaShake_256fOid: |
| 191 | + { |
| 192 | + using var slhDsa = ImportSlhDsaKeyFromFile(keyText, password); |
| 193 | + |
| 194 | + try |
| 195 | + { |
| 196 | + return certificate.CopyWithPrivateKey(slhDsa); |
| 197 | + } |
| 198 | + catch (Exception ex) |
| 199 | + { |
| 200 | + throw CreateErrorGettingPrivateKeyException(keyPath, ex); |
| 201 | + } |
| 202 | + } |
| 203 | +#pragma warning restore SYSLIB5006 // Type is for evaluation purposes only and is subject to change or removal in future updates. Suppress this diagnostic to proceed. |
145 | 204 | default: |
146 | 205 | throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, CoreStrings.UnrecognizedCertificateKeyOid, certificate.PublicKey.Oid.Value)); |
147 | 206 | } |
@@ -174,6 +233,32 @@ private static void ImportKeyFromFile(AsymmetricAlgorithm asymmetricAlgorithm, s |
174 | 233 | } |
175 | 234 | } |
176 | 235 |
|
| 236 | + [Experimental("SYSLIB5006")] |
| 237 | + private static MLDsa ImportMLDsaKeyFromFile(string keyText, string? password) |
| 238 | + { |
| 239 | + if (password == null) |
| 240 | + { |
| 241 | + return MLDsa.ImportFromPem(keyText); |
| 242 | + } |
| 243 | + else |
| 244 | + { |
| 245 | + return MLDsa.ImportFromEncryptedPem(keyText, password); |
| 246 | + } |
| 247 | + } |
| 248 | + |
| 249 | + [Experimental("SYSLIB5006")] |
| 250 | + private static SlhDsa ImportSlhDsaKeyFromFile(string keyText, string? password) |
| 251 | + { |
| 252 | + if (password == null) |
| 253 | + { |
| 254 | + return SlhDsa.ImportFromPem(keyText); |
| 255 | + } |
| 256 | + else |
| 257 | + { |
| 258 | + return SlhDsa.ImportFromEncryptedPem(keyText, password); |
| 259 | + } |
| 260 | + } |
| 261 | + |
177 | 262 | private static X509Certificate2 LoadFromStoreCert(CertificateConfig certInfo) |
178 | 263 | { |
179 | 264 | var subject = certInfo.Subject!; |
|
0 commit comments