diff --git a/providers/oqs/check_r3.sh b/providers/oqs/check_r3.sh new file mode 100755 index 00000000..d1c97c17 --- /dev/null +++ b/providers/oqs/check_r3.sh @@ -0,0 +1,88 @@ +#!/bin/bash + +#set -x + +function check_cert() { + + # We want to check that the needed structures + # are all in place + CERT=$1 + + # Checks if we have the PEM version of the RootCA + if ! [ -f "$CERT.pem" ]; then + + # Checks for the RootCA in DER format + if [ -f "$CERT.der" ] ; then + + # Providing the PEM version of the RootCA + # echo "Converting $CERT.der to $CERT.pem ... " + openssl x509 -inform DER -in "$CERT.der" -out "$CERT.pem" + if [ $? -gt 0 ] ; then + echo + echo "ERROR: Cannot convert $CERT.der into PEM format" + echo + exit 1 + fi + fi + fi +} + +check() { + + # Extracts the argument + PEM=$1 + + # Baseline test whether TA cert is well formed + openssl x509 -in $PEM -text -noout 2>/dev/null > /dev/null + if [ $? -ne 0 ]; then + # echo "${PEM} not suitable." + echo "N" + return + fi + # Baseline test whether TA cert is self-signed + openssl verify -CAfile $PEM $PEM 2>/dev/null >/dev/null + if [ $? -ne 0 ]; then + echo "N" + # echo "${PEM} not self-signed." + return + fi + # Checking for some parsing errors + openssl x509 -in $PEM -text -noout | grep error 2>/dev/null > /dev/null + if [ $? -ne 0 ]; then + #echo "No error parsing TA certificate in $1"; + # Extracting algorithm name + openssl x509 -in $PEM -text -noout | grep "Public Key Algorithm" 2>&1 > /dev/null + if [ $? -ne 0 ]; then + echo "N" + return + fi + else + echo "N" + # echo "Error parsing ${PEM}" + return + fi + + echo "Y" + cd .. +} + + if [ $# -ne 1 ]; then + echo "No target directory to check provided. Exiting." + exit -1 + else + pushd $1 >/dev/null 2>/dev/null + fi + #echo "Checking in $(pwd)" + if [ ! -d "artifacts" ]; then + echo "No artifacts found. Exiting." + exit -1 + fi + cd artifacts + echo "key_algorithm_oid,ta" + for oid_folder in 1*_ta.*; do + target=$(echo $oid_folder | sed -r "s/(.*)_ta.*/\1/g") + check_cert "${target}_ta" + result=$(check "${target}_ta.pem") + echo "${target},${result}" + done + popd 2>/dev/null >/dev/null diff --git a/providers/oqs/compatMatrices/bc_OQS b/providers/oqs/compatMatrices/bc_OQS deleted file mode 100644 index 1be80d32..00000000 --- a/providers/oqs/compatMatrices/bc_OQS +++ /dev/null @@ -1,11 +0,0 @@ -key_algorithm_oid,ta,ca,ee,csr,crl_ta,crl_ca -1.2.840.10045.4.3.2,N,N,N,N,N,N -1.3.6.1.4.1.2.267.11.4.4,N,N,N,N,N,N -1.3.6.1.4.1.2.267.11.6.5,N,N,N,N,N,N -1.3.6.1.4.1.2.267.11.8.7,N,N,N,N,N,N -1.3.6.1.4.1.2.267.7.4.4,Y,Y,Y,Y,Y,Y -1.3.6.1.4.1.2.267.7.6.5,Y,Y,Y,Y,Y,Y -1.3.6.1.4.1.2.267.7.8.7,Y,Y,Y,Y,Y,Y -1.3.9999.3.1,N,N,N,N,N,N -1.3.9999.3.4,N,N,N,N,N,N -2.16.840.1.114027.80.4.1,N,N,N,N,N,N diff --git a/providers/oqs/compatMatrices/bc_oqs-provider b/providers/oqs/compatMatrices/bc_oqs-provider new file mode 100644 index 00000000..72779b64 --- /dev/null +++ b/providers/oqs/compatMatrices/bc_oqs-provider @@ -0,0 +1,32 @@ +key_algorithm_oid,ta +1.3.6.1.4.1.2.267.12.4.4,N +1.3.6.1.4.1.2.267.12.6.5,N +1.3.6.1.4.1.2.267.12.8.7,N +1.3.9999.6.4.13,N +1.3.9999.6.4.16,N +1.3.9999.6.5.10,N +1.3.9999.6.5.12,N +1.3.9999.6.6.10,N +1.3.9999.6.6.12,N +1.3.9999.6.7.13,N +1.3.9999.6.7.16,N +1.3.9999.6.8.10,N +1.3.9999.6.8.12,N +1.3.9999.6.9.10,N +1.3.9999.6.9.12,N +key_algorithm_oid,ta +1.3.6.1.4.1.2.267.12.4.4,N +1.3.6.1.4.1.2.267.12.6.5,N +1.3.6.1.4.1.2.267.12.8.7,N +1.3.9999.6.4.13,N +1.3.9999.6.4.16,N +1.3.9999.6.5.10,N +1.3.9999.6.5.12,N +1.3.9999.6.6.10,N +1.3.9999.6.6.12,N +1.3.9999.6.7.13,N +1.3.9999.6.7.16,N +1.3.9999.6.8.10,N +1.3.9999.6.8.12,N +1.3.9999.6.9.10,N +1.3.9999.6.9.12,N diff --git a/providers/oqs/compatMatrices/botan_OQS b/providers/oqs/compatMatrices/botan_OQS deleted file mode 100644 index 6c7a8053..00000000 --- a/providers/oqs/compatMatrices/botan_OQS +++ /dev/null @@ -1,7 +0,0 @@ -key_algorithm_oid,ta,ca,ee,csr,crl_ta,crl_ca -1.3.6.1.4.1.2.267.11.4.4,N,N,N,N,N,N -1.3.6.1.4.1.2.267.11.6.5,N,N,N,N,N,N -1.3.6.1.4.1.2.267.11.8.7,N,N,N,N,N,N -1.3.6.1.4.1.2.267.7.4.4,N,N,N,N,N,N -1.3.6.1.4.1.2.267.7.6.5,N,N,N,N,N,N -1.3.6.1.4.1.2.267.7.8.7,N,N,N,N,N,N diff --git a/providers/oqs/compatMatrices/botan_oqs-provider b/providers/oqs/compatMatrices/botan_oqs-provider new file mode 100644 index 00000000..a5e6ef50 --- /dev/null +++ b/providers/oqs/compatMatrices/botan_oqs-provider @@ -0,0 +1,3 @@ +key_algorithm_oid,ta +1.3.6.1.4.1.2.267.7.4.4,Y +1.3.6.1.4.1.2.267.7.8.7,Y diff --git a/providers/oqs/compatMatrices/carl-redhound_oqs-provider b/providers/oqs/compatMatrices/carl-redhound_oqs-provider new file mode 100644 index 00000000..004fd8e5 --- /dev/null +++ b/providers/oqs/compatMatrices/carl-redhound_oqs-provider @@ -0,0 +1,6 @@ +key_algorithm_oid,ta +1.3.6.1.4.1.2.267.7.4.4,Y +1.3.6.1.4.1.2.267.7.6.5,Y +1.3.6.1.4.1.2.267.7.8.7,Y +1.3.9999.3.1,N +1.3.9999.3.4,N diff --git a/providers/oqs/compatMatrices/corey-digicert_OQS b/providers/oqs/compatMatrices/corey-digicert_OQS deleted file mode 100644 index fecf2ea7..00000000 --- a/providers/oqs/compatMatrices/corey-digicert_OQS +++ /dev/null @@ -1,17 +0,0 @@ -key_algorithm_oid,ta,ca,ee,csr,crl_ta,crl_ca -1.2.840.10045.2.1,Y,Y,Y,N,Y,Y -1.3.6.1.4.1.2.267.7.4.4,Y,Y,Y,N,Y,Y -1.3.6.1.4.1.2.267.7.6.5,Y,Y,Y,N,Y,Y -1.3.6.1.4.1.2.267.7.8.7,Y,Y,Y,N,Y,Y -1.3.9999.3.6,Y,Y,Y,N,Y,Y -1.3.9999.3.9,Y,Y,Y,N,Y,Y -2.16.840.1.114027.80.4.1,N,N,N,N,N,N -2.16.840.1.114027.80.5.1,N,N,N,N,N,N -base,Y,Y,Y,Y,Y,Y -chameleon-base,Y,Y,Y,Y,Y,Y -chameleon-delta,Y,Y,Y,N,Y,Y -chameleon-extracted-delta,Y,Y,Y,N,Y,Y -delta,Y,Y,Y,N,Y,Y -extracted,Y,Y,Y,N,Y,Y -hybrid,Y,N,N,N,N,N -hybrid-catalyst,Y,N,N,N,N,N diff --git a/providers/oqs/compatMatrices/corey-digicert_oqs-provider b/providers/oqs/compatMatrices/corey-digicert_oqs-provider new file mode 100644 index 00000000..77d89f02 --- /dev/null +++ b/providers/oqs/compatMatrices/corey-digicert_oqs-provider @@ -0,0 +1,6 @@ +key_algorithm_oid,ta +1.3.6.1.4.1.2.267.7.4.4,Y +1.3.6.1.4.1.2.267.7.6.5,Y +1.3.6.1.4.1.2.267.7.8.7,Y +1.3.9999.3.6,Y +1.3.9999.3.9,Y diff --git a/providers/oqs/compatMatrices/cryptonext_OQS b/providers/oqs/compatMatrices/cryptonext_OQS deleted file mode 100644 index 843f31b1..00000000 --- a/providers/oqs/compatMatrices/cryptonext_OQS +++ /dev/null @@ -1,15 +0,0 @@ -key_algorithm_oid,ta,ca,ee,csr,crl_ta,crl_ca -1.2.840.10045.2.1,Y,Y,Y,Y,N,N -1.3.6.1.4.1.2.267.7.4.4,N,N,N,N,N,N -1.3.6.1.4.1.2.267.7.6.5,N,N,N,N,N,N -1.3.6.1.4.1.2.267.7.8.7,N,N,N,N,N,N -1.3.6.1.4.1.22554.5.6.1,N,N,N,N,N,N -1.3.6.1.4.1.22554.5.6.2,N,N,N,N,N,N -1.3.6.1.4.1.22554.5.6.3,N,N,N,N,N,N -1.3.9999.3.1,N,N,N,N,N,N -1.3.9999.3.4,N,N,N,N,N,N -1.3.9999.6.7.4,N,N,N,N,N,N -1.3.9999.6.8.3,N,N,N,N,N,N -1.3.9999.6.9.3,N,N,N,N,N,N -2.16.840.1.114027.80.4.1,N,N,N,N,N,N -2.16.840.1.114027.80.4.1.2,N,N,N,N,N,N diff --git a/providers/oqs/compatMatrices/cryptonext_oqs-provider b/providers/oqs/compatMatrices/cryptonext_oqs-provider new file mode 100644 index 00000000..52050093 --- /dev/null +++ b/providers/oqs/compatMatrices/cryptonext_oqs-provider @@ -0,0 +1,9 @@ +key_algorithm_oid,ta +1.3.6.1.4.1.2.267.7.4.4,N +1.3.6.1.4.1.2.267.7.6.5,N +1.3.6.1.4.1.2.267.7.8.7,N +1.3.9999.3.1,N +1.3.9999.3.4,N +1.3.9999.6.7.4,N +1.3.9999.6.8.3,N +1.3.9999.6.9.3,N diff --git a/providers/oqs/compatMatrices/entrust_OQS b/providers/oqs/compatMatrices/entrust_OQS deleted file mode 100644 index b46c637f..00000000 --- a/providers/oqs/compatMatrices/entrust_OQS +++ /dev/null @@ -1,30 +0,0 @@ -key_algorithm_oid,ta,ca,ee,csr,crl_ta,crl_ca -1.3.6.1.4.1.2.267.11.4.4,N,N,N,N,N,N -1.3.6.1.4.1.2.267.11.6.5,N,N,N,N,N,N -1.3.6.1.4.1.2.267.11.8.7,N,N,N,N,N,N -1.3.6.1.4.1.2.267.7.4.4,N,N,N,N,N,N -1.3.6.1.4.1.2.267.7.6.5,N,N,N,N,N,N -1.3.6.1.4.1.2.267.7.8.7,N,N,N,N,N,N -1.3.9999.3.1,N,N,N,N,N,N -1.3.9999.3.4,N,N,N,N,N,N -1.3.9999.6.4.1,N,N,N,N,N,N -1.3.9999.6.4.10,N,N,N,N,N,N -1.3.9999.6.4.4,N,N,N,N,N,N -1.3.9999.6.4.7,N,N,N,N,N,N -1.3.9999.6.5.1,N,N,N,N,N,N -1.3.9999.6.5.3,N,N,N,N,N,N -1.3.9999.6.5.5,N,N,N,N,N,N -1.3.9999.6.5.7,N,N,N,N,N,N -1.3.9999.6.6.1,N,N,N,N,N,N -1.3.9999.6.6.3,N,N,N,N,N,N -1.3.9999.6.6.5,N,N,N,N,N,N -1.3.9999.6.6.7,N,N,N,N,N,N -2.16.840.1.114027.80.4.1,N,N,N,N,N,N -2.16.840.1.114027.80.5.1.1,N,N,N,N,N,N -2.16.840.1.114027.80.5.1.14,N,N,N,N,N,N -2.16.840.1.114027.80.5.1.2,N,N,N,N,N,N -2.16.840.1.114027.80.5.1.3,N,N,N,N,N,N -2.16.840.1.114027.80.5.1.5,N,N,N,N,N,N -2.16.840.1.114027.80.5.1.6,N,N,N,N,N,N -2.16.840.1.114027.80.5.1.8,N,N,N,N,N,N -2.16.840.1.114027.80.5.1.9,N,N,N,N,N,N diff --git a/providers/oqs/compatMatrices/entrust_oqs-provider b/providers/oqs/compatMatrices/entrust_oqs-provider new file mode 100644 index 00000000..f0a640e7 --- /dev/null +++ b/providers/oqs/compatMatrices/entrust_oqs-provider @@ -0,0 +1,12 @@ +key_algorithm_oid,ta +1.3.6.1.4.1.2.267.7.4.4,Y +1.3.6.1.4.1.2.267.7.6.5,Y +1.3.6.1.4.1.2.267.7.8.7,Y +1.3.9999.3.6,Y +1.3.9999.3.9,Y +1.3.9999.6.4.10,Y +1.3.9999.6.4.4,Y +1.3.9999.6.5.3,Y +1.3.9999.6.5.7,Y +1.3.9999.6.6.3,Y +1.3.9999.6.6.7,Y diff --git a/providers/oqs/compatMatrices/kris_oqs-provider b/providers/oqs/compatMatrices/kris_oqs-provider new file mode 100644 index 00000000..b9eeec13 --- /dev/null +++ b/providers/oqs/compatMatrices/kris_oqs-provider @@ -0,0 +1,6 @@ +key_algorithm_oid,ta +1.3.6.1.4.1.2.267.7.4.4,N +1.3.6.1.4.1.2.267.7.6.5,N +1.3.6.1.4.1.2.267.7.8.7,N +1.3.9999.3.1,N +1.3.9999.3.4,N diff --git a/providers/oqs/compatMatrices/openca_oqs-provider b/providers/oqs/compatMatrices/openca_oqs-provider new file mode 100644 index 00000000..004fd8e5 --- /dev/null +++ b/providers/oqs/compatMatrices/openca_oqs-provider @@ -0,0 +1,6 @@ +key_algorithm_oid,ta +1.3.6.1.4.1.2.267.7.4.4,Y +1.3.6.1.4.1.2.267.7.6.5,Y +1.3.6.1.4.1.2.267.7.8.7,Y +1.3.9999.3.1,N +1.3.9999.3.4,N diff --git a/providers/oqs/compatMatrices/oqs-gnutls_oqs-provider b/providers/oqs/compatMatrices/oqs-gnutls_oqs-provider new file mode 100644 index 00000000..ce051977 --- /dev/null +++ b/providers/oqs/compatMatrices/oqs-gnutls_oqs-provider @@ -0,0 +1,2 @@ +key_algorithm_oid,ta +1.3.6.1.4.1.2.267.7.6.5,Y diff --git a/providers/oqs/compatMatrices/oqs-openssl111_oqs-provider b/providers/oqs/compatMatrices/oqs-openssl111_oqs-provider new file mode 100644 index 00000000..ea19d332 --- /dev/null +++ b/providers/oqs/compatMatrices/oqs-openssl111_oqs-provider @@ -0,0 +1,8 @@ +key_algorithm_oid,ta +1.3.6.1.4.1.2.267.11.4.4,N +1.3.6.1.4.1.2.267.7.4.4,N +1.3.6.1.4.1.2.267.7.6.5,N +1.3.6.1.4.1.2.267.7.8.7,N +1.3.9999.3.1,N +1.3.9999.3.4,N +1.3.9999.6.4.1,N diff --git a/providers/oqs/compatMatrices/oqs-provider_oqs-provider b/providers/oqs/compatMatrices/oqs-provider_oqs-provider new file mode 100644 index 00000000..5e8caa07 --- /dev/null +++ b/providers/oqs/compatMatrices/oqs-provider_oqs-provider @@ -0,0 +1,19 @@ +key_algorithm_oid,ta +1.3.101.113,Y +1.3.6.1.4.1.2.267.7.4.4,Y +1.3.6.1.4.1.2.267.7.6.5,Y +1.3.6.1.4.1.2.267.7.8.7,Y +1.3.9999.3.6,Y +1.3.9999.3.9,Y +1.3.9999.6.4.13,Y +1.3.9999.6.4.16,Y +1.3.9999.6.5.10,Y +1.3.9999.6.5.12,Y +1.3.9999.6.6.10,Y +1.3.9999.6.6.12,Y +1.3.9999.6.7.13,Y +1.3.9999.6.7.16,Y +1.3.9999.6.8.10,Y +1.3.9999.6.8.12,Y +1.3.9999.6.9.10,Y +1.3.9999.6.9.12,Y diff --git a/providers/oqs/compatMatrices/oqsprovider_OQS b/providers/oqs/compatMatrices/oqsprovider_OQS deleted file mode 100644 index c2cccfda..00000000 --- a/providers/oqs/compatMatrices/oqsprovider_OQS +++ /dev/null @@ -1,19 +0,0 @@ -key_algorithm_oid,ta,ca,ee,csr,crl_ta,crl_ca -1.3.101.113,Y,Y,Y,Y,Y,Y -1.3.6.1.4.1.2.267.7.4.4,Y,Y,Y,Y,Y,Y -1.3.6.1.4.1.2.267.7.6.5,Y,Y,Y,Y,Y,Y -1.3.6.1.4.1.2.267.7.8.7,Y,Y,Y,Y,Y,Y -1.3.9999.3.6,Y,Y,Y,Y,Y,Y -1.3.9999.3.9,Y,Y,Y,Y,Y,Y -1.3.9999.6.4.13,Y,Y,Y,Y,Y,Y -1.3.9999.6.4.16,Y,Y,Y,Y,Y,Y -1.3.9999.6.5.10,Y,Y,Y,Y,Y,Y -1.3.9999.6.5.12,Y,Y,Y,Y,Y,Y -1.3.9999.6.6.10,Y,Y,Y,Y,Y,Y -1.3.9999.6.6.12,Y,Y,Y,Y,Y,Y -1.3.9999.6.7.13,Y,Y,Y,Y,Y,Y -1.3.9999.6.7.16,Y,Y,Y,Y,Y,Y -1.3.9999.6.8.10,Y,Y,Y,Y,Y,Y -1.3.9999.6.8.12,Y,Y,Y,Y,Y,Y -1.3.9999.6.9.10,Y,Y,Y,Y,Y,Y -1.3.9999.6.9.12,Y,Y,Y,Y,Y,Y diff --git a/providers/oqs/gen_r3.sh b/providers/oqs/gen_r3.sh new file mode 100755 index 00000000..b4de81fb --- /dev/null +++ b/providers/oqs/gen_r3.sh @@ -0,0 +1,47 @@ +#!/bin/bash + +set -e + +# be sure to not add wrapped pubkeys: +unset DRAFT_MASSIMO_LAMPS_PQ_SIG_CERTIFICATES_00 + +runandlog() { + ALG=$1 + OID=$2 + DIR="./oqsprovider/artifacts" + openssl req -x509 -config ta.cnf -new -newkey ${ALG} -extensions v3_ca -out ${DIR}/${OID}_ta.pem -nodes -subj "/CN=OQS TA" >> log 2>&1 + # openssl req -x509 -config ta.cnf -new -newkey ${ALG} -extensions v3_ca -keyout ${DIR}/${OID}_key.pem -out ${DIR}/${OID}_ta.pem -nodes -subj "/CN=OQS TA" >> log 2>&1 + echo "${ALG} done..." +} + + rm -rf log + + mkdir -p oqsprovider/artifacts + + # Classic/baseline test: + runandlog ed448 1.3.101.113 + + # Dilithium + runandlog dilithium2 1.3.6.1.4.1.2.267.7.4.4 + runandlog dilithium3 1.3.6.1.4.1.2.267.7.6.5 + runandlog dilithium5 1.3.6.1.4.1.2.267.7.8.7 + + # Falcon + runandlog falcon512 1.3.9999.3.6 + runandlog falcon1024 1.3.9999.3.9 + + # Sphincs+ + runandlog sphincssha2128fsimple 1.3.9999.6.4.13 + runandlog sphincssha2128ssimple 1.3.9999.6.4.16 + runandlog sphincssha2192fsimple 1.3.9999.6.5.10 + runandlog sphincssha2192ssimple 1.3.9999.6.5.12 + runandlog sphincssha2256fsimple 1.3.9999.6.6.10 + runandlog sphincssha2256ssimple 1.3.9999.6.6.12 + runandlog sphincsshake128fsimple 1.3.9999.6.7.13 + runandlog sphincsshake128ssimple 1.3.9999.6.7.16 + runandlog sphincsshake192fsimple 1.3.9999.6.8.10 + runandlog sphincsshake192ssimple 1.3.9999.6.8.12 + runandlog sphincsshake256fsimple 1.3.9999.6.9.10 + runandlog sphincsshake256ssimple 1.3.9999.6.9.12 + +echo "All data successfully generated." diff --git a/providers/oqs/oqsprovider/artifacts-certs_r3.zip b/providers/oqs/oqsprovider/artifacts-certs_r3.zip deleted file mode 100644 index 58d94c8a..00000000 Binary files a/providers/oqs/oqsprovider/artifacts-certs_r3.zip and /dev/null differ diff --git a/providers/oqs/oqsprovider/artifacts_certs_r3.zip b/providers/oqs/oqsprovider/artifacts_certs_r3.zip new file mode 100644 index 00000000..e04eb029 Binary files /dev/null and b/providers/oqs/oqsprovider/artifacts_certs_r3.zip differ