Fixes bug in FIPS204 crate (interim)

codespree · Nov 4, 2024 · 35967cf · 35967cf
1 parent b3de0d6
commit 35967cf
Show file tree

Hide file tree

Showing 22 changed files with 31 additions and 9 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -28,7 +28,8 @@ der_derive = "0.7.3"
 sha3 = "0.10.8"
 hkdf = "0.12.4"
 hex = "0.4.3"
-fips204 = { package = "fips204", version = "0.4.4" }
+#TODO: Switch to original repository once the bug is fixed
+fips204 = { git="https://github.com/codespree/fips204" }
 fips205 = { package = "fips205", version = "0.4.0" }
 ed25519-dalek = { version="2.1.1", features=["rand_core"]}
 ed448-rust = "0.1.1"

diff --git a/artifacts/r4_certs/certs-ietf-hackathon.zip b/artifacts/r4_certs/certs-ietf-hackathon.zip
diff --git a/src/asn1/certificate.rs b/src/asn1/certificate.rs
@@ -547,7 +547,6 @@ mod tests {
         let ml_dsa_composites_prefix = "MLDSA";
         let ml_dsa_pure_prefix = "ml-dsa";
         let slh_dsa_prefix = "slh-dsa";
-        let dsa_prehash = "-with-";
         for file in files {
             let file = file.unwrap();
             let path = file.path();
@@ -560,11 +559,6 @@ mod tests {
                 continue;
             }
 
-            // TODO: Check for bug in BC ML-DSA Prehash or bug in our code
-            if path.contains(dsa_prehash) && !path.contains(slh_dsa_prefix) {
-                continue;
-            }
-
             let cert = crate::certificates::Certificate::from_file(path).unwrap();
 
             assert!(cert.verify_self_signed().unwrap());
@@ -596,4 +590,32 @@ mod tests {
             let _ = pk.encap().unwrap();
         }
     }
+
+    #[test]
+    fn test_cw_cert_artifacts() {
+        let base_folder_path = "test/data/cw_artifacts_certs_r4/";
+        // Load all the certificates
+        let files = std::fs::read_dir(base_folder_path).unwrap();
+
+        for file in files {
+            let file = file.unwrap();
+            let path = file.path();
+            let path = path.to_str().unwrap();
+
+            let cert = crate::certificates::Certificate::from_file(path).unwrap();
+
+            let is_verified = cert.verify_self_signed();
+
+            if is_verified.is_err() {
+                println!("Failed to verify: {}", path);
+            } else if !is_verified.unwrap() {
+                println!("Failed to verify: {}", path);
+            } else {
+                println!("Verified: {}", path);
+            }
+
+            //assert!(cert.verify_self_signed().unwrap());
+            //println!("Verified: {}", path);
+        }
+    }
 }
diff --git a/test/data/cw_artifacts_certs_r4/ml-dsa-44-2.16.840.1.101.3.4.3.17_ta.der b/test/data/cw_artifacts_certs_r4/ml-dsa-44-2.16.840.1.101.3.4.3.17_ta.der
diff --git a/test/data/cw_artifacts_certs_r4/ml-dsa-44-with-sha512-2.16.840.1.101.3.4.3.32_ta.der b/test/data/cw_artifacts_certs_r4/ml-dsa-44-with-sha512-2.16.840.1.101.3.4.3.32_ta.der
diff --git a/test/data/cw_artifacts_certs_r4/ml-dsa-65-2.16.840.1.101.3.4.3.18_ta.der b/test/data/cw_artifacts_certs_r4/ml-dsa-65-2.16.840.1.101.3.4.3.18_ta.der
diff --git a/test/data/cw_artifacts_certs_r4/ml-dsa-65-with-sha512-2.16.840.1.101.3.4.3.33_ta.der b/test/data/cw_artifacts_certs_r4/ml-dsa-65-with-sha512-2.16.840.1.101.3.4.3.33_ta.der
diff --git a/test/data/cw_artifacts_certs_r4/ml-dsa-87-2.16.840.1.101.3.4.3.19_ta.der b/test/data/cw_artifacts_certs_r4/ml-dsa-87-2.16.840.1.101.3.4.3.19_ta.der
diff --git a/test/data/cw_artifacts_certs_r4/ml-dsa-87-with-sha512-2.16.840.1.101.3.4.3.34_ta.der b/test/data/cw_artifacts_certs_r4/ml-dsa-87-with-sha512-2.16.840.1.101.3.4.3.34_ta.der
diff --git a/test/data/cw_artifacts_certs_r4/slh-dsa-sha2-128f-2.16.840.1.101.3.4.3.21_ta.der b/test/data/cw_artifacts_certs_r4/slh-dsa-sha2-128f-2.16.840.1.101.3.4.3.21_ta.der
diff --git a/test/data/cw_artifacts_certs_r4/slh-dsa-sha2-128s-2.16.840.1.101.3.4.3.20_ta.der b/test/data/cw_artifacts_certs_r4/slh-dsa-sha2-128s-2.16.840.1.101.3.4.3.20_ta.der
diff --git a/test/data/cw_artifacts_certs_r4/slh-dsa-sha2-192f-2.16.840.1.101.3.4.3.23_ta.der b/test/data/cw_artifacts_certs_r4/slh-dsa-sha2-192f-2.16.840.1.101.3.4.3.23_ta.der
diff --git a/test/data/cw_artifacts_certs_r4/slh-dsa-sha2-192s-2.16.840.1.101.3.4.3.22_ta.der b/test/data/cw_artifacts_certs_r4/slh-dsa-sha2-192s-2.16.840.1.101.3.4.3.22_ta.der
diff --git a/test/data/cw_artifacts_certs_r4/slh-dsa-sha2-256f-2.16.840.1.101.3.4.3.25_ta.der b/test/data/cw_artifacts_certs_r4/slh-dsa-sha2-256f-2.16.840.1.101.3.4.3.25_ta.der
diff --git a/test/data/cw_artifacts_certs_r4/slh-dsa-sha2-256s-2.16.840.1.101.3.4.3.24_ta.der b/test/data/cw_artifacts_certs_r4/slh-dsa-sha2-256s-2.16.840.1.101.3.4.3.24_ta.der
diff --git a/test/data/cw_artifacts_certs_r4/slh-dsa-shake-128f-2.16.840.1.101.3.4.3.27_ta.der b/test/data/cw_artifacts_certs_r4/slh-dsa-shake-128f-2.16.840.1.101.3.4.3.27_ta.der
diff --git a/test/data/cw_artifacts_certs_r4/slh-dsa-shake-128s-2.16.840.1.101.3.4.3.26_ta.der b/test/data/cw_artifacts_certs_r4/slh-dsa-shake-128s-2.16.840.1.101.3.4.3.26_ta.der
diff --git a/test/data/cw_artifacts_certs_r4/slh-dsa-shake-192f-2.16.840.1.101.3.4.3.29_ta.der b/test/data/cw_artifacts_certs_r4/slh-dsa-shake-192f-2.16.840.1.101.3.4.3.29_ta.der
diff --git a/test/data/cw_artifacts_certs_r4/slh-dsa-shake-192s-2.16.840.1.101.3.4.3.28_ta.der b/test/data/cw_artifacts_certs_r4/slh-dsa-shake-192s-2.16.840.1.101.3.4.3.28_ta.der
diff --git a/test/data/cw_artifacts_certs_r4/slh-dsa-shake-256f-2.16.840.1.101.3.4.3.31_ta.der b/test/data/cw_artifacts_certs_r4/slh-dsa-shake-256f-2.16.840.1.101.3.4.3.31_ta.der
diff --git a/test/data/cw_artifacts_certs_r4/slh-dsa-shake-256s-2.16.840.1.101.3.4.3.30_ta.der b/test/data/cw_artifacts_certs_r4/slh-dsa-shake-256s-2.16.840.1.101.3.4.3.30_ta.der