Use SHA3 for SLH with SHAKE (#187)

Co-authored-by: Viktor Dukhovni <ietf-dane@dukhovni.org>

Author: vdukhovni

providers/ossl35/artifacts_certs_r5.zip

@@ -27,6 +27,8 @@ do
         set -o pipefail
         shopt -s nullglob
         pubs=()
+        set -- "$tmp"/*-"${mldsa_oids[0]}"_*.der
+        if [[ $# -eq 0 ]]; then exit 2; fi
         for form in seed expandedkey both ta
         do
             pubout="$tmp/${mldsa_oids[0]}_${form}_pub.der"
@@ -66,8 +68,11 @@ do
                 "${mldsa_oids[0]}"
         fi
     )
-    if [[ $? -ne 0 ]]; then ok=N; else ok=Y; fi
-    printf "%s,%s\n" "${mldsa_oids[0]}" "$ok"
+    case $? in
+    0) printf "%s,%s\n" "${mldsa_oids[0]}" "Y";;
+    1) printf "%s,%s\n" "${mldsa_oids[0]}" "N";;
+    *) : ignored ;;
+    esac
 
     #
     # SLH-DSA
@@ -89,12 +94,13 @@ do
                 openssl verify -verify_depth 0 -trusted "$obj" "$obj" >/dev/null
                 count=$((count + 1))
             done
-            if [[ $count -ne 1 ]]; then
-                die 'Missing TA for %s\n' "${oid}"
-            fi
+            if [[ $count -eq 0 ]]; then exit 2; fi
         )
-        if [[ $? -ne 0 ]]; then ok=N; else ok=Y; fi
-        printf "%s,%s\n" "${oid}" "$ok"
+        case $? in
+        0) printf "%s,%s\n" "${oid}" "Y";;
+        1) printf "%s,%s\n" "${oid}" "N";;
+        *) : ignored ;;
+        esac
     done
 
     #
@@ -104,6 +110,8 @@ do
         set -e
         set -o pipefail
         shopt -s nullglob
+        set -- "$tmp"/*-"${mlkem_oids[0]}"_*.der
+        if [[ $# -eq 0 ]]; then exit 2; fi
         count=0; for ta in "$tmp"/*-"${mldsa_oids[0]}_ta.der"
         do
             if [[ $count > 0 ]]; then
@@ -112,10 +120,6 @@ do
             fi
             count=$((count + 1))
         done
-        if [[ $count -ne 1 ]]; then
-            die 'No TA file for %s\n' \
-                "${mldsa_oids[0]}"
-        fi
         count=0; for ct in "$tmp"/*-"${mlkem_oids[0]}_ciphertext.bin"
         do
             if [[ $count > 0 ]]; then
@@ -178,8 +182,11 @@ do
                 "${mlkem_oids[0]}"
         fi
     )
-    if [[ $? -ne 0 ]]; then ok=N; else ok=Y; fi
-    printf "%s,%s\n" "${mlkem_oids[0]}" "$ok"
+    case $? in
+    0) printf "%s,%s\n" "${mldsa_oids[0]}" "Y";;
+    1) printf "%s,%s\n" "${mldsa_oids[0]}" "N";;
+    *) : ignored ;;
+    esac
 
     unset "mldsa_oids[0]" 
     unset "mlkem_oids[0]"

providers/ossl35/artifacts_cms_v3.zip

@@ -14,7 +14,8 @@ slh3s_names=(slh-dsa-shake-{128,192,256}s)
 slh3s_oids=(2.16.840.1.101.3.4.3.{26,28,30})
 slh3f_names=(slh-dsa-shake-{128,192,256}f)
 slh3f_oids=(2.16.840.1.101.3.4.3.{27,29,31})
-md_names=(sha{256,512,512})
+md2_names=(sha{256,512,512})
+md3_names=(sha3-{256,512,512})
 
 mkdir -p cms
 printf 'Attack at dawn!\r\n' > cms/expected_plaintext.txt
@@ -74,7 +75,7 @@ do
         ;;
     esac
 
-    gencms "${mldsa_names[0]}" "${mldsa_oids[0]}" "${md_names[0]}"
+    gencms "${mldsa_names[0]}" "${mldsa_oids[0]}" "${md2_names[0]}"
 
     #
     # SLH-DSA
@@ -112,10 +113,10 @@ do
         -addext "basicConstraints=critical,CA:true" \
         -addext "keyUsage=critical,keyCertSign,cRLSign" -outform DER
 
-    gencms "${slh2f_names[0]}" "${slh2f_oids[0]}" "${md_names[0]}"
-    gencms "${slh2s_names[0]}" "${slh2s_oids[0]}" "${md_names[0]}"
-    gencms "${slh3f_names[0]}" "${slh3f_oids[0]}" "${md_names[0]}"
-    gencms "${slh3s_names[0]}" "${slh3s_oids[0]}" "${md_names[0]}"
+    gencms "${slh2f_names[0]}" "${slh2f_oids[0]}" "${md2_names[0]}"
+    gencms "${slh2s_names[0]}" "${slh2s_oids[0]}" "${md2_names[0]}"
+    gencms "${slh3f_names[0]}" "${slh3f_oids[0]}" "${md3_names[0]}"
+    gencms "${slh3s_names[0]}" "${slh3s_oids[0]}" "${md3_names[0]}"
 
     #
     # ML-KEM
@@ -149,7 +150,8 @@ do
         -out "${mlkem_der}_ciphertext.bin" \
         -secret "${mlkem_der}_ss.bin"
     #
-    unset "md_names[0]"; md_names=("${md_names[@]}")
+    unset "md2_names[0]"; md2_names=("${md2_names[@]}")
+    unset "md3_names[0]"; md3_names=("${md3_names[@]}")
     unset "mldsa_names[0]"; mldsa_names=("${mldsa_names[@]}")
     unset "mlkem_names[0]"; mlkem_names=("${mlkem_names[@]}")
     unset "slh2f_names[0]"; slh2f_names=("${slh2f_names[@]}")