Added compatibility testing results for Entrust

Author: ounsworth

pqc_hackathon_results.md

@@ -0,0 +1,10 @@
+"key_algorithm_oid","ta","ca","ee","crl_ta","crl_ca"
+"1.3.6.1.4.1.2.267.11.4.4","Y","Y","Y","Y","Y"
+"1.3.6.1.4.1.2.267.11.6.5","Y","Y","Y","Y","Y"
+"1.3.6.1.4.1.2.267.11.8.7","Y","Y","Y","Y","Y"
+"1.3.6.1.4.1.2.267.7.4.4","Y","Y","Y","Y","Y"
+"1.3.6.1.4.1.2.267.7.6.5","Y","Y","Y","Y","Y"
+"1.3.6.1.4.1.2.267.7.8.7","Y","Y","Y","Y","Y"
+"1.3.9999.3.1","Y","Y","Y","Y","Y"
+"1.3.9999.3.4","Y","Y","Y","Y","Y"
+"artifacts","","","","",""

providers/entrust/comptMatrices/bc_entrust.csv

@@ -0,0 +1,27 @@
+"key_algorithm_oid","ta","ca","ee","crl_ta","crl_ca"
+"1.2.840.10045.3.1.7","Y","Y","Y","Y","Y"
+"1.2.840.10045.3.1.7_1.3.6.1.4.1.2.267.7.4.4","Y","Y","Y","Y","Y"
+"1.2.840.10045.3.1.7_1.3.6.1.4.1.2.267.7.4.4_1.3.9999.3.4","Y","Y","Y","Y","Y"
+"1.2.840.10045.3.1.7_1.3.6.1.4.1.2.267.7.6.5","Y","Y","Y","Y","Y"
+"1.2.840.10045.3.1.7_1.3.6.1.4.1.2.267.7.6.5_1.3.9999.3.1","Y","Y","Y","Y","Y"
+"1.3.6.1.4.1.2.267.11.4.4","Y","Y","Y","Y","Y"
+"1.3.6.1.4.1.2.267.11.6.5","Y","Y","Y","Y","Y"
+"1.3.6.1.4.1.2.267.11.8.7","Y","Y","Y","Y","Y"
+"1.3.6.1.4.1.2.267.7.4.4","Y","Y","Y","Y","Y"
+"1.3.6.1.4.1.2.267.7.6.5","Y","Y","Y","Y","Y"
+"1.3.6.1.4.1.2.267.7.8.7","Y","Y","Y","Y","Y"
+"1.3.9999.3.1","Y","Y","Y","Y","Y"
+"1.3.9999.3.4","Y","Y","Y","Y","Y"
+"1.3.9999.6.4.1","Y","Y","Y","Y","Y"
+"1.3.9999.6.4.10","Y","Y","Y","Y","Y"
+"1.3.9999.6.4.4","Y","Y","Y","Y","Y"
+"1.3.9999.6.4.7","Y","Y","Y","Y","Y"
+"1.3.9999.6.5.1","Y","Y","Y","Y","Y"
+"1.3.9999.6.5.3","Y","Y","Y","Y","Y"
+"1.3.9999.6.5.5","Y","Y","Y","Y","Y"
+"1.3.9999.6.5.7","Y","Y","Y","Y","Y"
+"1.3.9999.6.6.1","Y","Y","Y","Y","Y"
+"1.3.9999.6.6.3","Y","Y","Y","Y","Y"
+"1.3.9999.6.6.5","Y","Y","Y","Y","Y"
+"1.3.9999.6.6.7","Y","Y","Y","Y","Y"
+"2.16.840.1.114027.80.5.1","N","N","N","N","N"

providers/entrust/comptMatrices/carlredhound_entrust.csv

@@ -0,0 +1,25 @@
+"key_algorithm_oid","ta","ca","ee","crl_ta","crl_ca"
+"1.2.840.10045.2.1","Y","Y","Y","Y","Y"
+"1.3.6.1.4.1.2.267.11.4.4","Y","Y","Y","Y","Y"
+"1.3.6.1.4.1.2.267.11.6.5","Y","Y","Y","Y","Y"
+"1.3.6.1.4.1.2.267.11.8.7","Y","Y","Y","Y","Y"
+"1.3.6.1.4.1.2.267.7.4.4","Y","Y","Y","Y","Y"
+"1.3.6.1.4.1.2.267.7.6.5","Y","Y","Y","Y","Y"
+"1.3.6.1.4.1.2.267.7.8.7","Y","Y","Y","Y","Y"
+"1.3.9999.3.1","Y","Y","Y","Y","Y"
+"1.3.9999.3.4","Y","Y","Y","Y","Y"
+"1.3.9999.6.4.1","Y","Y","Y","Y","Y"
+"1.3.9999.6.4.10","Y","Y","Y","Y","Y"
+"1.3.9999.6.4.4","Y","Y","Y","Y","Y"
+"1.3.9999.6.4.7","Y","Y","Y","Y","Y"
+"1.3.9999.6.5.1","Y","Y","Y","Y","Y"
+"1.3.9999.6.5.3","Y","Y","Y","Y","Y"
+"1.3.9999.6.5.5","Y","Y","Y","Y","Y"
+"1.3.9999.6.5.7","Y","Y","Y","Y","Y"
+"1.3.9999.6.6.1","Y","Y","Y","Y","Y"
+"1.3.9999.6.6.3","Y","Y","Y","Y","Y"
+"1.3.9999.6.6.5","Y","Y","Y","Y","Y"
+"1.3.9999.6.6.7","Y","Y","Y","Y","Y"
+"2.16.840.1.114027.80.4.1","Y","Y","Y","Y","Y"
+"2.16.840.1.114027.80.5.1","Y","Y","Y","Y","Y"
+"hybrid","Y","N","N","Y","N"

providers/entrust/comptMatrices/coreydigicert_entrust.csv

@@ -0,0 +1,11 @@
+"key_algorithm_oid","ta","ca","ee","crl_ta","crl_ca"
+"1.2.840.10045.2.1","N","N","N","",""
+"1.3.6.1.4.1.2.267.7.4.4","Y","Y","N","Y","Y"
+"1.3.6.1.4.1.2.267.7.6.5","Y","Y","N","Y","Y"
+"1.3.6.1.4.1.2.267.7.8.7","Y","Y","N","Y","Y"
+"1.3.9999.3.1","N","N","N","N","N"
+"1.3.9999.3.4","N","N","N","N","N"
+"1.3.9999.6.7.4","N","N","N","N","N"
+"1.3.9999.6.8.3","N","N","N","N","N"
+"1.3.9999.6.9.3","N","N","N","N","N"
+"2.16.840.1.114027.80.4.1","N","N","N","",""

providers/entrust/comptMatrices/cryptonext_entrust.csv

@@ -0,0 +1,2 @@
+"key_algorithm_oid","ta","ca","ee","crl_ta","crl_ca"
+"2.16.840.1.114027.80.4.1","Y","Y","Y","Y","Y"

providers/entrust/comptMatrices/entrust_entrust.csv

@@ -0,0 +1,6 @@
+"key_algorithm_oid","ta","ca","ee","crl_ta","crl_ca"
+"1.3.6.1.4.1.2.267.7.4.4","N","N","N","",""
+"1.3.6.1.4.1.2.267.7.6.5","N","N","N","",""
+"1.3.6.1.4.1.2.267.7.8.7","N","N","N","",""
+"1.3.9999.3.1","N","N","N","",""
+"1.3.9999.3.4","N","N","N","",""

providers/entrust/comptMatrices/kris_entrust.csv

@@ -0,0 +1,6 @@
+"key_algorithm_oid","ta","ca","ee","crl_ta","crl_ca"
+"1.3.6.1.4.1.2.267.7.4.4","N","N","N","N","N"
+"1.3.6.1.4.1.2.267.7.6.5","N","N","N","N","N"
+"1.3.6.1.4.1.2.267.7.8.7","N","N","N","N","N"
+"1.3.9999.3.1","N","N","N","N","N"
+"1.3.9999.3.4","N","N","N","N","N"

providers/entrust/comptMatrices/openca_entrust.csv

@@ -0,0 +1,2 @@
+"key_algorithm_oid","ta","ca","ee","crl_ta","crl_ca"
+"1.3.6.1.4.1.2.267.7.6.5","Y","Y","Y","Y","Y"

providers/entrust/comptMatrices/oqsgnutls_entrust.csv

@@ -0,0 +1,10 @@
+"key_algorithm_oid","ta","ca","ee","crl_ta","crl_ca"
+"1.3.6.1.4.1.2.267.11.4.4","N","N","N","N","N"
+"1.3.6.1.4.1.2.267.11.6.5","N","N","N","N","N"
+"1.3.6.1.4.1.2.267.11.8.7","N","N","N","N","N"
+"1.3.6.1.4.1.2.267.7.4.4","N","N","N","N","N"
+"1.3.6.1.4.1.2.267.7.6.5","N","N","N","N","N"
+"1.3.6.1.4.1.2.267.7.8.7","N","N","N","N","N"
+"1.3.9999.3.1","N","N","N","N","N"
+"1.3.9999.3.4","N","N","N","N","N"
+"1.3.9999.6.4.1","N","N","N","N","N"

providers/entrust/comptMatrices/oqsopenssl111_entrust.csv

@@ -0,0 +1,10 @@
+"key_algorithm_oid","ta","ca","ee","crl_ta","crl_ca"
+"1.3.6.1.4.1.2.267.11.4.4","N","N","N","N","N"
+"1.3.6.1.4.1.2.267.11.6.5","N","N","N","N","N"
+"1.3.6.1.4.1.2.267.11.8.7","N","N","N","N","N"
+"1.3.6.1.4.1.2.267.7.4.4","N","N","N","N","N"
+"1.3.6.1.4.1.2.267.7.6.5","N","N","N","N","N"
+"1.3.6.1.4.1.2.267.7.8.7","N","N","N","N","N"
+"1.3.9999.3.1","N","N","N","N","N"
+"1.3.9999.3.4","N","N","N","N","N"
+"1.3.9999.6.4.1","N","N","N","N","N"

providers/entrust/comptMatrices/oqsprovider_entrust.csv

@@ -0,0 +1,102 @@
+$INDIR=$args[0] + ".\artifacts"
+
+$compatMatrixFile = "compatMatrix.csv"
+Remove-Item $compatMatrixFile -ErrorAction SilentlyContinue
+
+
+Expand-Archive -Force -Path "$INDIR.zip" -DestinationPath $INDIR
+
+foreach ($oiddir in Get-ChildItem -Directory $INDIR ) {
+
+    $oid = $oiddir.FullName.split('\')[-1]
+    $compatMatrixEntry =[pscustomobject]@{
+        'key_algorithm_oid' = $oid
+        'ta' = ''
+        'ca' = ''
+        'ee' = ''
+        'crl_ta' = ''
+        'crl_ca' = ''
+    }
+
+
+    "" | Write-Output # newline to cluster OID groups
+    foreach ($dir in Get-ChildItem -Directory $oiddir.FullName) {
+
+        $fullDir = $dir.FullName
+        $basedir = $fullDir.Split('\')[-1]
+        switch ($baseDir)
+        {
+            "ta" {
+                $stdout = (.\pqutil.bat verify -certchain "$fullDir\ta.der") | Out-String
+
+                if ($stdout.Contains("Certificate Chain Verified!")) {
+                    "Passed: $oid TA Certificate" | Write-Output
+                    $compatMatrixEntry.ta = 'Y'
+
+                } else {
+                    "FAILED: $oid TA Certificate." | Write-Output
+                    $compatMatrixEntry.ta = 'N'
+                }
+            }
+
+            "ca" {
+                $stdout = (.\pqutil.bat verify -certchain "$fullDir\ca.der" -certchain "$fullDir\..\ta\ta.der") | Out-String
+                
+                if ($stdout.Contains("Certificate Chain Verified!")) {
+                    "Passed: $oid CA Certificate." | Write-Output
+                    $compatMatrixEntry.ca = 'Y'
+
+                } else {
+                    "FAILED: $oid CA Certificate." | Write-Output
+                    $compatMatrixEntry.ca = 'N'
+                }
+            }
+            "ee" {
+                # check the EE CSR
+                # TODO: this one's broken. 
+                # .\pqutil.bat verify -csr "$fullDir\ee.csr"
+
+                # check the EE cert
+                $stdout = (.\pqutil.bat verify -cer "$fullDir\cert.der" -certchain "$fullDir\..\ta\ta.der" -certchain "$fullDir\..\ca\ca.der") | Out-String
+
+                if ($stdout.Contains("Certificate Chain Verified!")) {
+                    "Passed: $oid EE Certificate Chain." | Write-Output
+                    $compatMatrixEntry.ee = 'Y'
+
+                } else {
+                    "FAILED: $oid EE Certificate Chain." | Write-Output
+                    $compatMatrixEntry.ee = 'N'
+                }
+            }
+            "crl" {
+                # verify TA crl
+                $stdout = (.\pqutil.bat verify -crl "$fullDir\crl_ta.crl" -certchain "$fullDir\..\ta\ta.der") | Out-String
+
+                if ($stdout.Contains("Certificate Chain Verified!")) {
+                    "Passed: $oid TA CRL." | Write-Output
+                    $compatMatrixEntry.crl_ta = 'Y'
+
+                } else {
+                    "FAILED: $oid TA CRL." | Write-Output
+                    $compatMatrixEntry.crl_ta = 'N'
+                }
+
+
+                # # verify CA CRL
+                $stdout = (.\pqutil.bat verify -crl "$fullDir\crl_ca.crl" -certchain "$fullDir\..\ta\ta.der" -certchain "$fullDir\..\ca\ca.der") | Out-String
+
+                if ($stdout.Contains("Certificate Chain Verified!")) {
+                    "Passed: $oid CA CRL." | Write-Output
+                    $compatMatrixEntry.crl_ca = 'Y'
+
+                } else {
+                    "FAILED: $oid CA CRL." | Write-Output
+                    $compatMatrixEntry.crl_ca = 'N'
+                }
+            }
+            "ocsp" {echo "It's OCSP. ... not implemented yet."}
+        }
+    }
+    $compatMatrixEntry | Export-CSV $compatMatrixFile -Append -NoTypeInformation
+}
+

providers/entrust/default/artifacts.zip

@@ -0,0 +1,127 @@
+$OUTDIR=".\artifacts"
+
+
+
+
+Function Create-TA([string] $OUTDIR, [string] $KEYALG, [string] $SIGALG) {
+    mkdir -Force $OUTDIR\ta
+    .\pqutil.bat keygen -alg $KEYALG -pubout "$OUTDIR\ta\ta_pub.der" -privout "$OUTDIR\ta\ta_priv.der"
+    .\pqutil.bat newcsr -pubkey "$OUTDIR\ta\ta_pub.der" -privkey "$OUTDIR\ta\ta_priv.der" -csrout "$OUTDIR\ta\ta.csr" -sigalg $SIGALG.Split(" ")
+    .\pqutil.bat newca -capubkey "$OUTDIR\ta\ta_pub.der" -caprivkey "$OUTDIR\ta\ta_priv.der" -certout "$OUTDIR\ta\ta.der" -sigalg $SIGALG
+}
+
+
+Function Create-CA([string] $OUTDIR, [string] $KEYALG, [string] $SIGALG) {
+    mkdir -Force $OUTDIR\ca
+    .\pqutil.bat keygen -alg $KEYALG -pubout "$OUTDIR\ca\ca_pub.der" -privout "$OUTDIR\ca\ca_priv.der"
+    .\pqutil.bat newcsr -pubkey "$OUTDIR\ca\ca_pub.der" -privkey "$OUTDIR\ca\ca_priv.der" -csrout "$OUTDIR\ca\ca.csr" -sigalg $SIGALG.Split(" ")
+    .\pqutil.bat issue -csr "$OUTDIR\ca\ca.csr.der" -caprivkey "$OUTDIR\ta\ta_priv.der" -certout "$OUTDIR\ca\ca.der" -sigalg $SIGALG.Split(" ") -subca
+}
+
+Function Create-EE([string] $OUTDIR, [string] $KEYALG, [string] $SIGALG) {
+    mkdir -Force $OUTDIR\ee
+    .\pqutil.bat keygen -alg $KEYALG -pubout "$OUTDIR\ee\cert_pub.der" -privout "$OUTDIR\ee\cert_priv.der"
+    .\pqutil.bat newcsr -pubkey "$OUTDIR\ee\cert_pub.der" -privkey "$OUTDIR\ee\cert_priv.der" -csrout "$OUTDIR\ee\cert.csr" -sigalg $SIGALG.Split(" ")
+    .\pqutil.bat issue -csr "$OUTDIR\ee\cert.csr.der" -caprivkey "$OUTDIR\ca\ca_priv.der" -certout "$OUTDIR\ee\cert.der" -sigalg $SIGALG.Split(" ")
+}
+
+Function Create-CRLs([string] $OUTDIR, [string] $SIGALG) {
+    mkdir -Force $OUTDIR\crl
+
+    # CRL for TA
+    .\pqutil.bat issuecrl -cacert "$OUTDIR\ta\ta.der" -caprivkey "$OUTDIR\ta\ta_priv.der" -crlfile "$OUTDIR\crl\crl_ta.crl" -createnew -sigalg $SIGALG.Split(" ")
+
+    # Create an EE to revoke
+    .\pqutil.bat issue -csr "$OUTDIR\ee\cert.csr.der" -caprivkey "$OUTDIR\ca\ca_priv.der" -certout "$OUTDIR\crl\revoked.der" -sigalg $SIGALG.Split(" ")
+
+    # CRL for CA
+    .\pqutil.bat issuecrl -cacert "$OUTDIR\ca\ca.der" -caprivkey "$OUTDIR\ca\ca_priv.der" -crlfile "$OUTDIR\crl\crl_ca.crl.der" -createnew -addrevocation "$OUTDIR\crl\revoked.der" -sigalg $SIGALG
+
+}
+
+Function Create([string] $OUTDIR, [string] $KEYALG, [string] $SIGALG) {
+    Create-TA -OUTDIR $OUTDIR -KEYALG $KEYALG -SIGALG $SIGALG
+    Create-CA -OUTDIR $OUTDIR -KEYALG $KEYALG -SIGALG $SIGALG
+    Create-EE -OUTDIR $OUTDIR -KEYALG $KEYALG -SIGALG $SIGALG
+    Create-CRLs -OUTDIR $OUTDIR -SIGALG $SIGALG
+}
+
+
+
+Function Create-Composite-TA([string] $OUTDIR, [string] $KEYALG1, [string] $KEYALG2, [string] $SIGALG1, [string] $SIGALG2) {
+    mkdir -Force $OUTDIR\ta
+    .\pqutil.bat keygen -alg $KEYALG1.Split(" ") -alg $KEYALG2.Split(" ") -pubout "$OUTDIR\ta\ta_pub.der" -privout "$OUTDIR\ta\ta_priv.der"
+    .\pqutil.bat newcsr -pubkey "$OUTDIR\ta\ta_pub.der" -privkey "$OUTDIR\ta\ta_priv.der" -csrout "$OUTDIR\ta\ta.csr" -sigalg $SIGALG1.Split(" ") -sigalg $SIGALG2.Split(" ")
+    .\pqutil.bat newca -capubkey "$OUTDIR\ta\ta_pub.der" -caprivkey "$OUTDIR\ta\ta_priv.der" -certout "$OUTDIR\ta\ta.der" -sigalg $SIGALG1.Split(" ") -sigalg $SIGALG2.Split(" ")
+}
+
+
+Function Create-Composite-CA([string] $OUTDIR, [string] $KEYALG1, [string] $KEYALG2, [string] $SIGALG1, [string] $SIGALG2) {
+    mkdir -Force $OUTDIR\ca
+    .\pqutil.bat keygen -alg $KEYALG1.Split(" ").Split(" ") -alg $KEYALG2.Split(" ") -pubout "$OUTDIR\ca\ca_pub.der" -privout "$OUTDIR\ca\ca_priv.der"
+    .\pqutil.bat newcsr -pubkey "$OUTDIR\ca\ca_pub.der" -privkey "$OUTDIR\ca\ca_priv.der" -csrout "$OUTDIR\ca\ca.csr.der" -sigalg $SIGALG1.Split(" ") -sigalg $SIGALG2.Split(" ")
+    .\pqutil.bat issue -csr "$OUTDIR\ca\ca.csr.der" -caprivkey "$OUTDIR\ta\ta_priv.der" -certout "$OUTDIR\ca\ca.der" -sigalg $SIGALG1.Split(" ") -sigalg $SIGALG2.Split(" ") -subca
+}
+
+Function Create-Composite-EE([string] $OUTDIR, [string] $KEYALG1, [string] $KEYALG2, [string] $SIGALG1, [string] $SIGALG2) {
+    mkdir -Force $OUTDIR\ee
+    .\pqutil.bat keygen -alg $KEYALG1.Split(" ") -alg $KEYALG2.Split(" ") -pubout "$OUTDIR\ee\cert_pub.der" -privout "$OUTDIR\ee\cert_priv.der"
+    .\pqutil.bat newcsr -pubkey "$OUTDIR\ee\cert_pub.der" -privkey "$OUTDIR\ee\cert_priv.der" -csrout "$OUTDIR\ee\cert.csr.der" -sigalg $SIGALG1.Split(" ") -sigalg $SIGALG2.Split(" ")
+    .\pqutil.bat issue -csr "$OUTDIR\ee\cert.csr.der" -caprivkey "$OUTDIR\ca\ca_priv.der" -certout "$OUTDIR\ee\cert.der" -sigalg $SIGALG1.Split(" ") -sigalg $SIGALG2.Split(" ")
+}
+
+Function Create-Composite-CRLs([string] $OUTDIR, [string] $SIGALG1, [string] $SIGALG2) {
+    mkdir -Force $OUTDIR\crl
+
+    # CRL for TA
+    .\pqutil.bat issuecrl -cacert "$OUTDIR\ta\ta.der" -caprivkey "$OUTDIR\ta\ta_priv.der" -crlfile "$OUTDIR\crl\crl_ta.crl.der" -createnew -sigalg $SIGALG1.Split(" ") -sigalg $SIGALG2.Split(" ")
+
+    # Create an EE to revoke
+    .\pqutil.bat issue -csr "$OUTDIR\ee\cert.csr.der" -caprivkey "$OUTDIR\ca\ca_priv.der" -certout "$OUTDIR\crl\revoked.der" -sigalg $SIGALG1.Split(" ") -sigalg $SIGALG2.Split(" ")
+
+    # CRL for CA
+    .\pqutil.bat issuecrl -cacert "$OUTDIR\ca\ca.der" -caprivkey "$OUTDIR\ca\ca_priv.der" -crlfile "$OUTDIR\crl\crl_ca.crl.der" -createnew -addrevocation "$OUTDIR\crl\revoked.der" -sigalg $SIGALG1.Split(" ") -sigalg $SIGALG2.Split(" ")
+
+}
+
+Function Create-Composite([string] $OUTDIR, [string] $KEYALG1, [string] $KEYALG2, [string] $SIGALG1, [string] $SIGALG2) {
+    Create-Composite-TA -OUTDIR $OUTDIR -KEYALG1 $KEYALG1 -KEYALG2 $KEYALG2 -SIGALG1 $SIGALG1 -SIGALG2 $SIGALG2
+    Create-Composite-CA -OUTDIR $OUTDIR -KEYALG1 $KEYALG1 -KEYALG2 $KEYALG2 -SIGALG1 $SIGALG1 -SIGALG2 $SIGALG2
+    Create-Composite-EE -OUTDIR $OUTDIR -KEYALG1 $KEYALG1 -KEYALG2 $KEYALG2 -SIGALG1 $SIGALG1 -SIGALG2 $SIGALG2
+    Create-Composite-CRLs -OUTDIR $OUTDIR -SIGALG1 $SIGALG1 -SIGALG2 $SIGALG2
+}
+
+
+
+
+#Create -OUTDIR $OUTDIR\"1.3.6.1.4.1.2.267.7.4.4" -KEYALG "Dilithium2" -SIGALG "Dilithium2"
+#Create -OUTDIR $OUTDIR\"1.3.6.1.4.1.2.267.7.6.5" -KEYALG "Dilithium3" -SIGALG "Dilithium3"
+#Create -OUTDIR $OUTDIR\"1.3.6.1.4.1.2.267.7.8.7" -KEYALG "Dilithium5" -SIGALG "Dilithium5"
+#Create -OUTDIR $OUTDIR\"1.3.6.1.4.1.2.267.11.4.4" -KEYALG "Dilithium2-AES" -SIGALG "Dilithium2-AES"
+#Create -OUTDIR $OUTDIR\"1.3.6.1.4.1.2.267.11.6.5" -KEYALG "Dilithium3-AES" -SIGALG "Dilithium3-AES"
+#Create -OUTDIR $OUTDIR\"1.3.6.1.4.1.2.267.11.8.7" -KEYALG "Dilithium5-AES" -SIGALG "Dilithium5-AES"
+#Create -OUTDIR $OUTDIR\"1.3.9999.3.1" -KEYALG "Falcon-512" -SIGALG "Falcon-512"
+#Create -OUTDIR $OUTDIR\"1.3.9999.3.4" -KEYALG "Falcon-1024" -SIGALG "Falcon-1024"
+
+# @John -- these ones throw an error in the toolkit about key length. You'll need to debug that.
+# Create -OUTDIR $OUTDIR\"1.3.9999.6.4.1" -KEYALG "SPHINCS+-SHA256-128f-robust" -SIGALG "SPHINCS+-SHA256-128f-robust"
+# Create -OUTDIR $OUTDIR\"1.3.9999.6.4.4" -KEYALG "SPHINCS+-SHA256-128f-simple" -SIGALG "SPHINCS+-SHA256-128f-simple"
+# Create -OUTDIR $OUTDIR\"1.3.9999.6.4.7" -KEYALG "SPHINCS+-SHA256-128s-robust" -SIGALG "SPHINCS+-SHA256-128s-robust"
+# Create -OUTDIR $OUTDIR\"1.3.9999.6.4.10" -KEYALG "SPHINCS+-SHA256-128s-simple" -SIGALG "SPHINCS+-SHA256-128s-simple"
+# Create -OUTDIR $OUTDIR\"1.3.9999.6.5.1" -KEYALG "SPHINCS+-SHA256-192f-robust" -SIGALG "SPHINCS+-SHA256-192f-robust"
+# Create -OUTDIR $OUTDIR\"1.3.9999.6.5.3" -KEYALG "SPHINCS+-SHA256-192f-simple" -SIGALG "SPHINCS+-SHA256-192f-simple"
+# Create -OUTDIR $OUTDIR\"1.3.9999.6.5.5" -KEYALG "SPHINCS+-SHA256-192s-robust" -SIGALG "SPHINCS+-SHA256-192s-robust"
+# Create -OUTDIR $OUTDIR\"1.3.9999.6.5.7" -KEYALG "SPHINCS+-SHA256-192s-simple" -SIGALG "SPHINCS+-SHA256-192s-simple"
+# Create -OUTDIR $OUTDIR\"1.3.9999.6.6.1" -KEYALG "SPHINCS+-SHA256-256f-robust" -SIGALG "SPHINCS+-SHA256-256f-robust"
+# Create -OUTDIR $OUTDIR\"1.3.9999.6.6.3" -KEYALG "SPHINCS+-SHA256-256f-simple" -SIGALG "SPHINCS+-SHA256-256f-simple"
+# Create -OUTDIR $OUTDIR\"1.3.9999.6.6.5" -KEYALG "SPHINCS+-SHA256-256s-robust" -SIGALG "SPHINCS+-SHA256-256s-robust"
+# Create -OUTDIR $OUTDIR\"1.3.9999.6.6.7" -KEYALG "SPHINCS+-SHA256-256s-simple" -SIGALG "SPHINCS+-SHA256-256s-simple"
+
+
+Create-Composite -OUTDIR $OUTDIR\"2.16.840.1.114027.80.4.1" -KEYALG1 "Dilithium3" -KEYALG2 "ECDSA P-256" -SIGALG1 "Dilithium3" -SIGALG2 "SHA256withECDSA"
+
+# TODO: @John add explicit composites
+
+
+# zip it up
+Compress-Archive -Force -Path "$OUTDIR\*" -DestinationPath "$OUTDIR.zip"

providers/entrust/entrust_hackathon_check.ps1

@@ -111,7 +111,7 @@ def main():
         m = _FILENAME_REGEX.match(os.path.basename(file))
 
         if m is None:
-            raise ValueError(f'Invalid file name: "{file}"')
+            raise ValueError(f'File name does not match naming convention: "{os.path.basename(file)}"')
 
         with open(file, 'r') as f:
             generator = m['generator']