Merge pull request #14 from codespree/upgrade_lib

Upgrade lib
codespree · Oct 31, 2024 · 71a6203 · 71a6203
2 parents ddfcd9f + 245fbaa
commit 71a6203
Show file tree

Hide file tree

Showing 41 changed files with 1,697 additions and 669 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -28,25 +28,26 @@ der_derive = "0.7.3"
 sha3 = "0.10.8"
 hkdf = "0.12.4"
 hex = "0.4.3"
-fips204 = { package = "fips204", version = "0.4.3" }
+fips204 = { package = "fips204", version = "0.4.4" }
 fips205 = { package = "fips205", version = "0.4.0" }
 ed25519-dalek = { version="2.1.1", features=["rand_core"]}
 ed448-rust = "0.1.1"
 pem = "3.0.4"
 x509-cert = { version="0.2.5", features=["builder"]}
-serde = "1.0.210"
+serde = "1.0.214"
 strum = "0.26.3"
 strum_macros = "0.26.4"
 zeroize = "1.8.1"
 chrono = "0.4.38"
-thiserror = "1.0.64"
+thiserror = "1.0.65"
 signature = "2.2.0"
 tiny-keccak = {version="2.0.2", features=["kmac"]}
 cms = {version="0.2.3", features=["builder", "alloc"]}
 spki = "0.7.3"
 const-oid = "0.9.6"
 
-
+[profile.dev]
+opt-level = 1
 
 
 
diff --git a/src/asn1/asn_util.rs b/src/asn1/asn_util.rs
@@ -1,7 +1,10 @@
 use der::{oid::ObjectIdentifier, Encode};
 
 use crate::{
-    dsa::common::dsa_type::DsaType, dsas::DsaAlgorithm, errors, kem::common::kem_type::KemType,
+    dsa::common::{dsa_type::DsaType, prehash_dsa_type::PrehashDsaType},
+    dsas::DsaAlgorithm,
+    errors,
+    kem::common::kem_type::KemType,
     kems::KemAlgorithm,
 };
 
@@ -72,7 +75,13 @@ pub fn is_composite_kem_or_dsa_oid(oid: &str) -> bool {
         false
     };
 
-    is_composite_kem || is_composite_dsa
+    let is_composite_prehash_dsa = if let Some(d_type) = PrehashDsaType::from_oid(oid) {
+        d_type.is_composite()
+    } else {
+        false
+    };
+
+    is_composite_kem || is_composite_dsa || is_composite_prehash_dsa
 }
 
 /// Check if an OID is a KEM OID
@@ -100,6 +109,7 @@ pub fn is_kem_oid(oid: &str) -> bool {
 pub fn is_dsa_oid(oid: &str) -> bool {
     DsaAlgorithm::from_oid(oid).is_some()
 }
+
 #[cfg(test)]
 mod tests {
     use super::*;

diff --git a/src/asn1/certificate.rs b/src/asn1/certificate.rs
@@ -1,5 +1,8 @@
 use crate::{
-    dsa::{common::dsa_trait::Dsa, dsa_manager::DsaManager},
+    dsa::{
+        common::{dsa_trait::Dsa, prehash_dsa_trait::PrehashDsa},
+        dsa_manager::{DsaManager, PrehashDsaManager},
+    },
     kem::{common::kem_trait::Kem, kem_manager::KemManager},
     keys::PublicKey,
 };
@@ -22,7 +25,7 @@ type Result<T> = std::result::Result<T, QuantCryptError>;
 /// # Example
 /// ```
 /// use quantcrypt::certificates::Certificate;
-/// let cert_path = "test/data/MlDsa44EcdsaP256SHA256-2.16.840.1.114027.80.8.1.4_ta.pem";
+/// let cert_path = "test/data/MlDsa44EcdsaP256Sha256-2.16.840.1.114027.80.8.1.43_ta.der";
 /// let cert = Certificate::from_file(cert_path).unwrap();
 /// assert!(cert.verify_self_signed().unwrap());
 /// ```
@@ -448,6 +451,9 @@ impl Certificate {
         if let Ok(man) = DsaManager::new_from_oid(&oid) {
             let info = man.get_dsa_info();
             format!("{:?}", info.dsa_type)
+        } else if let Ok(man) = PrehashDsaManager::new_from_oid(&oid) {
+            let info = man.get_dsa_info();
+            format!("{:?}", info.dsa_type)
         } else if let Ok(man) = KemManager::new_from_oid(&oid) {
             let info = man.get_kem_info();
             format!("{:?}", info.kem_type)
@@ -459,40 +465,38 @@ impl Certificate {
 
 #[cfg(test)]
 mod tests {
-    use crate::{certificates::CertValidity, certificates::Certificate};
-
-    //const USE_OLD_VERSION: bool = true;
-
-    #[test]
-    fn test_ml_dsa44_ecdsa_p256_sha256_self_signed_cert() {
-        let pem_bytes = include_bytes!(
-            "../../test/data/MlDsa44EcdsaP256SHA256-2.16.840.1.114027.80.8.1.4_ta.pem"
-        );
-
-        let pem = std::str::from_utf8(pem_bytes).unwrap().trim();
-        let cert = Certificate::from_pem(pem).unwrap();
-        assert!(cert.verify_self_signed().unwrap());
-    }
-
-    #[test]
-    fn test_ml_dsa_44_rsa2048_pss_sha256_self_signed_cert() {
-        let pem_bytes = include_bytes!(
-            "../../test/data/MlDsa44Rsa2048PssSha256-2.16.840.1.114027.80.8.1.1_ta.pem"
-        );
-        let pem = std::str::from_utf8(pem_bytes).unwrap().trim();
-        let cert = Certificate::from_pem(&pem).unwrap();
-        assert!(cert.verify_self_signed().unwrap());
-    }
-
-    #[test]
-    fn test_ml_dsa_44_rsa2048_pkcs15_sha256_self_signed_cert() {
-        let pem_bytes = include_bytes!(
-            "../../test/data/MlDsa44Rsa2048Pkcs15Sha256-2.16.840.1.114027.80.8.1.2_ta.pem"
-        );
-        let pem = std::str::from_utf8(pem_bytes).unwrap().trim();
-        let cert = Certificate::from_pem(&pem).unwrap();
-        assert!(cert.verify_self_signed().unwrap());
-    }
+    use crate::certificates::CertValidity;
+
+    // #[test]
+    // fn test_ml_dsa44_ecdsa_p256_sha256_self_signed_cert() {
+    //     let pem_bytes = include_bytes!(
+    //         "../../test/data/MlDsa44EcdsaP256SHA256-2.16.840.1.114027.80.8.1.4_ta.pem"
+    //     );
+
+    //     let pem = std::str::from_utf8(pem_bytes).unwrap().trim();
+    //     let cert = Certificate::from_pem(pem).unwrap();
+    //     assert!(cert.verify_self_signed().unwrap());
+    // }
+
+    // #[test]
+    // fn test_ml_dsa_44_rsa2048_pss_sha256_self_signed_cert() {
+    //     let pem_bytes = include_bytes!(
+    //         "../../test/data/MlDsa44Rsa2048PssSha256-2.16.840.1.114027.80.8.1.1_ta.pem"
+    //     );
+    //     let pem = std::str::from_utf8(pem_bytes).unwrap().trim();
+    //     let cert = Certificate::from_pem(&pem).unwrap();
+    //     assert!(cert.verify_self_signed().unwrap());
+    // }
+
+    // #[test]
+    // fn test_ml_dsa_44_rsa2048_pkcs15_sha256_self_signed_cert() {
+    //     let pem_bytes = include_bytes!(
+    //         "../../test/data/MlDsa44Rsa2048Pkcs15Sha256-2.16.840.1.114027.80.8.1.2_ta.pem"
+    //     );
+    //     let pem = std::str::from_utf8(pem_bytes).unwrap().trim();
+    //     let cert = Certificate::from_pem(&pem).unwrap();
+    //     assert!(cert.verify_self_signed().unwrap());
+    // }
 
     #[test]
     fn test_akid_skid() {

diff --git a/src/asn1/private_key.rs b/src/asn1/private_key.rs
@@ -7,7 +7,9 @@ use pkcs8::{spki::AlgorithmIdentifier, PrivateKeyInfo};
 use crate::asn1::asn_util::{is_composite_kem_or_dsa_oid, is_valid_kem_or_dsa_oid};
 use crate::asn1::signature::DsaSignature;
 use crate::dsa::common::dsa_trait::Dsa;
-use crate::dsa::dsa_manager::DsaManager;
+use crate::dsa::common::prehash_dsa_trait::PrehashDsa;
+use crate::dsa::common::prehash_dsa_type::PrehashDsaType;
+use crate::dsa::dsa_manager::{DsaManager, PrehashDsaManager};
 use crate::kem::common::kem_trait::Kem;
 use crate::kem::kem_manager::KemManager;
 use crate::{asn1::composite_private_key::CompositePrivateKey, errors};
@@ -42,10 +44,15 @@ impl Keypair for PrivateKey {
             panic!("Unsupported operation");
         }
 
-        let dsa = DsaManager::new_from_oid(&self.oid).unwrap();
-        let pk = dsa.get_public_key(&self.private_key).unwrap();
-
-        PublicKey::new(&self.oid, &pk).unwrap()
+        if let Ok(dsa) = DsaManager::new_from_oid(&self.oid) {
+            let pk = dsa.get_public_key(&self.private_key).unwrap();
+            PublicKey::new(&self.oid, &pk).unwrap()
+        } else if let Ok(dsa) = PrehashDsaManager::new_from_oid(&self.oid) {
+            let pk = dsa.get_public_key(&self.private_key).unwrap();
+            PublicKey::new(&self.oid, &pk).unwrap()
+        } else {
+            panic!("Unsupported operation");
+        }
     }
 }
 
@@ -260,11 +267,15 @@ impl PrivateKey {
             return Err(errors::QuantCryptError::UnsupportedOperation);
         }
 
-        let dsa = DsaManager::new_from_oid(&self.oid)?;
-
-        let sig = dsa.sign(&self.private_key, data)?;
-
-        Ok(sig)
+        if let Some(dsa_type) = PrehashDsaType::from_oid(&self.oid) {
+            let dsa_manager = PrehashDsaManager::new(dsa_type)?;
+            let sig = dsa_manager.sign(&self.private_key, data)?;
+            Ok(sig)
+        } else {
+            let dsa_manager = DsaManager::new_from_oid(&self.oid)?;
+            let sig = dsa_manager.sign(&self.private_key, data)?;
+            Ok(sig)
+        }
     }
 
     /// Use the private key to decapsulate a shared secret from a ciphertext
@@ -357,7 +368,7 @@ impl PrivateKey {
 #[cfg(test)]
 mod test {
     use crate::dsa::common::config::oids::Oid;
-    use crate::dsa::common::dsa_type::DsaType;
+    use crate::dsa::common::prehash_dsa_type::PrehashDsaType;
 
     use super::*;
 
@@ -368,7 +379,10 @@ mod test {
         let pk = PrivateKey::from_pem(pem).unwrap();
 
         assert!(pk.is_composite());
-        assert_eq!(pk.get_oid(), DsaType::MlDsa44EcdsaP256SHA256.get_oid());
+        assert_eq!(
+            pk.get_oid(),
+            PrehashDsaType::MlDsa44EcdsaP256Sha256.get_oid()
+        );
 
         let key_bytes = pk.get_key();
         let pk2 = CompositePrivateKey::from_der(&pk.oid, &key_bytes).unwrap();
@@ -379,7 +393,7 @@ mod test {
         let pem2 = pk2.to_pem().unwrap();
         assert_eq!(pem, pem2.trim());
 
-        let oid = DsaType::MlDsa44EcdsaP256SHA256.get_oid();
+        let oid = PrehashDsaType::MlDsa44EcdsaP256Sha256.get_oid();
         assert_eq!(pk.oid, oid);
     }
 
@@ -450,6 +464,15 @@ mod test {
 
     #[test]
     fn test_sk_serialization_deserialization() {
+        // First write the private key to a file
+        // let mut dsa_key_gen =
+        //     crate::dsas::DsaKeyGenerator::new(crate::dsas::DsaAlgorithm::MlDsa44EcdsaP256Sha256);
+        // let (pk, sk) = dsa_key_gen.generate().unwrap();
+        // sk.to_pem_file("test/data/mldsa44_ecdsa_p256_sha256_sk.pem")
+        //     .unwrap();
+
+        // pk.to_pem_file("test/data/mldsa44_ecdsa_p256_sha256_pk.pem").unwrap();
+
         let pem_bytes = include_bytes!("../../test/data/mldsa44_ecdsa_p256_sha256_sk.pem");
         let pem = std::str::from_utf8(pem_bytes).unwrap().trim();
         let pk = PrivateKey::from_pem(pem).unwrap();