diff --git a/Composite-KEM-2024.asn b/Composite-MLKEM-2024.asn similarity index 75% rename from Composite-KEM-2024.asn rename to Composite-MLKEM-2024.asn index 87ae0ca..2b42231 100644 --- a/Composite-KEM-2024.asn +++ b/Composite-MLKEM-2024.asn @@ -1,7 +1,7 @@ -Composite-KEM-2024 - {iso(1) identified-organization(3) dod(6) internet(1) +Composite-MLKEM-2024 + { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) - id-mod-composite-kems(TBDMOD) } + id-mod-composite-mlkem-2024(TBDMOD) } DEFINITIONS IMPLICIT TAGS ::= BEGIN @@ -51,6 +51,10 @@ der OBJECT IDENTIFIER ::= {joint-iso-itu-t asn1(1) ber-derived(2) distinguished-encoding(1)} +-- Just for testing, to be assigned by IANA +id-raw-key OBJECT IDENTIFIER ::= { + joint-iso-itu-t(2) country(16) us(840) organization(1) + entrust(114027) algorithm(80) composite(8) raw(999) 1 } -- -- Composite KEM basic structures @@ -68,34 +72,42 @@ CompositeKEMPrivateKey ::= SEQUENCE SIZE (2) OF OneAsymmetricKey CompositeCiphertextValue ::= SEQUENCE SIZE (2) OF OCTET STRING +RsaCompositeKemPublicKey ::= SEQUENCE { + firstPublicKey BIT STRING (ENCODED BY id-raw-key), + secondPublicKey BIT STRING (CONTAINING RSAPublicKey) + } + +EcCompositeKemPublicKey ::= SEQUENCE { + firstPublicKey BIT STRING (ENCODED BY id-raw-key), + secondPublicKey BIT STRING (CONTAINING ECPoint) + } + +EdCompositeKemPublicKey ::= SEQUENCE { + firstPublicKey BIT STRING (ENCODED BY id-raw-key), + secondPublicKey BIT STRING (ENCODED BY id-raw-key) + } -- -- Information Object Classes -- -pk-CompositeKEM { - OBJECT IDENTIFIER:id, FirstPublicKeyType, - SecondPublicKeyType} PUBLIC-KEY ::= - { +pk-CompositeKEM {OBJECT IDENTIFIER:id, PublicKeyType} + PUBLIC-KEY ::= { IDENTIFIER id - KEY SEQUENCE { - first BIT STRING (CONTAINING FirstPublicKeyType), - second BIT STRING (CONTAINING SecondPublicKeyType) - } + KEY PublicKeyType PARAMS ARE absent CERT-KEY-USAGE { keyEncipherment } } -kema-CompositeKEM { - OBJECT IDENTIFIER:id, +kema-CompositeKEM {OBJECT IDENTIFIER:id, PUBLIC-KEY:publicKeyType } KEM-ALGORITHM ::= { IDENTIFIER id VALUE CompositeCiphertextValue PARAMS ARE absent - PUBLIC-KEYS { publicKeyType } + PUBLIC-KEYS { publicKeyType } SMIME-CAPS { IDENTIFIED BY id } - } + } @@ -107,12 +119,12 @@ kema-CompositeKEM { -- TODO: OID to be replaced by IANA id-MLKEM768-RSA2048 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 13 } + entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 21 } pk-MLKEM768-RSA2048 PUBLIC-KEY ::= pk-CompositeKEM { id-MLKEM512-RSA2048, - OCTET STRING, RSAPublicKey } + RsaCompositeKemPublicKey } kema-MLKEM768-RSA2048 KEM-ALGORITHM ::= kema-CompositeKEM{ @@ -124,12 +136,12 @@ kema-MLKEM768-RSA2048 KEM-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-MLKEM768-RSA3072 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 4 } + entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 22 } pk-MLKEM768-RSA3072 PUBLIC-KEY ::= pk-CompositeKEM { id-MLKEM512-RSA3072, - OCTET STRING, RSAPublicKey } + RsaCompositeKemPublicKey } kema-MLKEM768-RSA3072 KEM-ALGORITHM ::= kema-CompositeKEM{ @@ -141,28 +153,28 @@ kema-MLKEM768-RSA3072 KEM-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-MLKEM768-RSA4096 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) explicitcomposite(5) kem(2) TBD } + entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 23 } pk-MLKEM768-RSA4096 PUBLIC-KEY ::= pk-CompositeKEM { - id-MLKEM512-RSA4096, - OCTET STRING, RSAPublicKey } + id-MLKEM768-RSA4096, + RsaCompositeKemPublicKey } kema-MLKEM768-RSA4096 KEM-ALGORITHM ::= kema-CompositeKEM{ - id-MLKEM512-RSA4096, - pk-MLKEM512-RSA4096 } + id-MLKEM768-RSA4096, + pk-MLKEM768-RSA4096 } -- TODO: OID to be replaced by IANA id-MLKEM768-ECDH-P384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 5 } + entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 25 } pk-MLKEM768-ECDH-P384 PUBLIC-KEY ::= pk-CompositeKEM { id-MLKEM768-ECDH-P384, - OCTET STRING, ECPoint } + EcCompositeKemPublicKey } kema-MLKEM768-ECDH-P384 KEM-ALGORITHM ::= kema-CompositeKEM{ @@ -173,12 +185,12 @@ kema-MLKEM768-ECDH-P384 KEM-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-MLKEM768-ECDH-brainpoolP256r1 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 6 } + entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 26 } pk-MLKEM768-ECDH-brainpoolP256r1 PUBLIC-KEY ::= pk-CompositeKEM { id-MLKEM768-ECDH-brainpoolP256r1, - OCTET STRING, ECPoint } + EcCompositeKemPublicKey } kema-MLKEM768-ECDH-brainpoolP256r1 KEM-ALGORITHM ::= kema-CompositeKEM{ @@ -189,12 +201,12 @@ kema-MLKEM768-ECDH-brainpoolP256r1 KEM-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-MLKEM768-X25519 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 7 } + entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 24 } pk-MLKEM768-X25519 PUBLIC-KEY ::= pk-CompositeKEM { id-MLKEM768-X25519, - OCTET STRING, OCTET STRING } + EdCompositeKemPublicKey } kema-MLKEM768-X25519 KEM-ALGORITHM ::= kema-CompositeKEM{ @@ -206,12 +218,12 @@ kema-MLKEM768-X25519 KEM-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-MLKEM1024-ECDH-P384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 8 } + entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 27 } pk-MLKEM1024-ECDH-P384 PUBLIC-KEY ::= pk-CompositeKEM { id-MLKEM1024-ECDH-P384, - OCTET STRING, ECPoint } + EcCompositeKemPublicKey } kema-MLKEM1024-ECDH-P384 KEM-ALGORITHM ::= kema-CompositeKEM{ @@ -222,12 +234,12 @@ kema-MLKEM1024-ECDH-P384 KEM-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-MLKEM1024-ECDH-brainpoolP384r1 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 9 } + entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 28 } pk-MLKEM1024-ECDH-brainpoolP384r1 PUBLIC-KEY ::= pk-CompositeKEM{ id-MLKEM1024-ECDH-brainpoolP384r1, - OCTET STRING, ECPoint } + EcCompositeKemPublicKey } kema-MLKEM1024-ECDH-brainpoolP384r1 KEM-ALGORITHM ::= kema-CompositeKEM{ @@ -238,12 +250,12 @@ kema-MLKEM1024-ECDH-brainpoolP384r1 KEM-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-MLKEM1024-X448 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 10 } + entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 29 } pk-MLKEM1024-X448 PUBLIC-KEY ::= pk-CompositeKEM { id-MLKEM1024-X448, - OCTET STRING, OCTET STRING } + EdCompositeKemPublicKey } kema-MLKEM1024-X448 KEM-ALGORITHM ::= kema-CompositeKEM{ diff --git a/draft-ietf-lamps-pq-composite-kem.md b/draft-ietf-lamps-pq-composite-kem.md index 3dbdd6e..0905e18 100644 --- a/draft-ietf-lamps-pq-composite-kem.md +++ b/draft-ietf-lamps-pq-composite-kem.md @@ -808,7 +808,7 @@ The SMIMECapability SEQUENCE representing a composite KEM Algorithm MUST include -{::include Composite-KEM-2024.asn} +{::include Composite-MLKEM-2024.asn} @@ -829,6 +829,11 @@ EDNOTE to IANA: OIDs will need to be replaced in both the ASN.1 module and in {{ ### Object Identifier Registrations - SMI Security for PKIX Algorithms +- id-raw-key + - Decimal: IANA Assigned + - Description: Designates a public key BIT STRING with no ASN.1 structure. + - References: This Document + - id-MLKEM768-RSA2048 - Decimal: IANA Assigned - Description: id-MLKEM768-RSA2048