Add size parameters to ASN.1 public and private key OCTET STRINGs (#13)

lamps-wg · Nov 22, 2024 · 75fd6c7 · 75fd6c7
1 parent 3355bc9
commit 75fd6c7
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 7 deletions.
diff --git a/ML-DSA-Module-2024.asn b/ML-DSA-Module-2024.asn
@@ -72,10 +72,9 @@ pk-ml-dsa-87 PUBLIC-KEY ::= {
     { digitalSignature, nonRepudiation, keyCertSign, cRLSign }
   -- PRIVATE-KEY no ASN.1 wrapping -- }
 
-ML-DSA-PublicKey ::= OCTET STRING
-
-ML-DSA-PrivateKey ::= OCTET STRING
+ML-DSA-PublicKey ::= OCTET STRING (SIZE (1312 | 1952 | 2592))
 
+ML-DSA-PrivateKey ::= OCTET STRING (SIZE (32))
 
 --
 -- Expand the signature algorithm set used by CMS [RFC5911]

diff --git a/draft-ietf-lamps-cms-ml-dsa.md b/draft-ietf-lamps-cms-ml-dsa.md
@@ -212,19 +212,20 @@ pk-ml-dsa-87 PUBLIC-KEY ::= {
     { digitalSignature, nonRepudiation, keyCertSign, cRLSign }
   -- PRIVATE-KEY no ASN.1 wrapping -- }
 
-ML-DSA-PublicKey ::= OCTET STRING
-ML-DSA-PrivateKey ::= OCTET STRING
+ML-DSA-PublicKey ::= OCTET STRING (SIZE (1312 | 1952 | 2592))
+
+ML-DSA-PrivateKey ::= OCTET STRING (SIZE (32))
 ~~~
 
 Algorithm 22 in Section 7.2 of {{FIPS204}} defines the raw byte string encoding of an ML-DSA public key.
 When used in a SubjectPublicKeyInfo type, the subjectPublicKey BIT STRING contains the raw byte string encoding of the public key.
 
-When an ML-DSA public key appears outside of a SubjectPublicKeyInfo type in an environment that uses ASN.1 encoding, the ML-DSA public key can be encoded as an OCTET STRING by using the ML-DSA-PublicKey type.
+When an ML-DSA public key appears outside of a SubjectPublicKeyInfo type in an environment that uses ASN.1 encoding, it can be encoded as an OCTET STRING by using the ML-DSA-PublicKey type.
 
 {{?RFC5958}} describes the Asymmetric Key Package CMS content type, and the OneAsymmetricKey type for encoding asymmetric keypairs.
 When an ML-DSA private key or keypair is encoded as a OneAsymmetricKey, it follows the description in {{Section 6 of I-D.ietf-lamps-dilithium-certificates}}.
 
-When the ML-DSA private key appears outside of an Asymmetric Key Package in an environment that uses ASN.1 encoding, the ML-DSA private key can be encoded as an OCTET STRING by using the ML-DSA-PrivateKey type.
+When the ML-DSA private key appears outside of an Asymmetric Key Package in an environment that uses ASN.1 encoding, it can be encoded as an OCTET STRING by using the ML-DSA-PrivateKey type.
 
 
 # Signed-data Conventions