search

bcgit / bc-java

Bouncy Castle Java Distribution (Mirror)
https://www.bouncycastle.org/java.html
MIT License
2.29k stars 1.13k forks source link

Inconsistent mapping for SLH-DSA #1841

Closed Akretsch closed 5 days ago

Akretsch commented 1 week ago

I tested with 1.79-SNAPSHOT dated September 13, 2024 from https://downloads.bouncycastle.org/betas/.

The mapping style of signature algorithms in org.bouncycastle.jcajce.provider.asymmetric.SLHDSA is different from e.g. the mapping in org.bouncycastle.jcajce.provider.asymmetric.MLDSA.

The code below demonstrates the problem:


import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;

import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

public class TestNistSignature {

    private static final BouncyCastleProvider bcprov = new BouncyCastleProvider();

    private static Signature deriveSignatureFromKey(Key key) throws Exception {
        return Signature.getInstance(key.getAlgorithm(), bcprov);
    }

    public static void main(String[] args) {
        try {
            // works
            KeyPairGenerator ml_dsa_kp = KeyPairGenerator.getInstance(NISTObjectIdentifiers.id_ml_dsa_87.getId(), bcprov);          
            Signature ml_dsa_sig = deriveSignatureFromKey(ml_dsa_kp.generateKeyPair().getPrivate());
            System.out.println("got sig for " + ml_dsa_sig.getAlgorithm());

            // fails
            KeyPairGenerator slh_dsa_kp = KeyPairGenerator.getInstance(NISTObjectIdentifiers.id_slh_dsa_sha2_128s.getId(), bcprov);         
            Signature slh_dsa_sig = deriveSignatureFromKey(slh_dsa_kp.generateKeyPair().getPrivate());
            System.out.println("got sig for " + slh_dsa_sig.getAlgorithm());

        } catch (Exception e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
    }
}
roy-basmacier commented 5 days ago

Hey @Akretsch,

Thanks for catching this, it looks like the provider is not adding the specific parameter set name and is instead defaulting to just "SLH-DSA" (instead of "SLH-DSA-SHA2-128S" for the example above).

Patching it soon, ~ Roy Basmacier

roy-basmacier commented 5 days ago

Hey @Akretsch, Fixed! The following changes can be found in the beta download

Akretsch commented 4 days ago

Thanks for the fix, it works.