Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updated ASN.1 module for Carl's feedback. #70

Merged
merged 2 commits into from
Sep 26, 2024
Merged

Updated ASN.1 module for Carl's feedback. #70

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e93756e
Updated ASN.1 module for Carl's feedback. Closes #26
ounsworth Sep 25, 2024
2eb343c
Updated ASN.1 module for Carl's feedback. Closes #29
ounsworth Sep 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
84 changes: 48 additions & 36 deletions Composite-KEM-2024.asn → Composite-MLKEM-2024.asn
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
Composite-KEM-2024
{iso(1) identified-organization(3) dod(6) internet(1)
Composite-MLKEM-2024
{ iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-composite-kems(TBDMOD) }
id-mod-composite-mlkem-2024(TBDMOD) }

DEFINITIONS IMPLICIT TAGS ::= BEGIN

Expand Down Expand Up @@ -51,6 +51,10 @@ der OBJECT IDENTIFIER ::=
{joint-iso-itu-t asn1(1) ber-derived(2) distinguished-encoding(1)}


-- Just for testing, to be assigned by IANA
id-raw-key OBJECT IDENTIFIER ::= {
joint-iso-itu-t(2) country(16) us(840) organization(1)
entrust(114027) algorithm(80) composite(8) raw(999) 1 }

--
-- Composite KEM basic structures
Expand All @@ -68,34 +72,42 @@ CompositeKEMPrivateKey ::= SEQUENCE SIZE (2) OF OneAsymmetricKey

CompositeCiphertextValue ::= SEQUENCE SIZE (2) OF OCTET STRING

RsaCompositeKemPublicKey ::= SEQUENCE {
firstPublicKey BIT STRING (ENCODED BY id-raw-key),
secondPublicKey BIT STRING (CONTAINING RSAPublicKey)
}

EcCompositeKemPublicKey ::= SEQUENCE {
firstPublicKey BIT STRING (ENCODED BY id-raw-key),
secondPublicKey BIT STRING (CONTAINING ECPoint)
}

EdCompositeKemPublicKey ::= SEQUENCE {
firstPublicKey BIT STRING (ENCODED BY id-raw-key),
secondPublicKey BIT STRING (ENCODED BY id-raw-key)
}

--
-- Information Object Classes
--

pk-CompositeKEM {
OBJECT IDENTIFIER:id, FirstPublicKeyType,
SecondPublicKeyType} PUBLIC-KEY ::=
{
pk-CompositeKEM {OBJECT IDENTIFIER:id, PublicKeyType}
PUBLIC-KEY ::= {
IDENTIFIER id
KEY SEQUENCE {
first BIT STRING (CONTAINING FirstPublicKeyType),
second BIT STRING (CONTAINING SecondPublicKeyType)
}
KEY PublicKeyType
PARAMS ARE absent
CERT-KEY-USAGE { keyEncipherment }
}

kema-CompositeKEM {
OBJECT IDENTIFIER:id,
kema-CompositeKEM {OBJECT IDENTIFIER:id,
PUBLIC-KEY:publicKeyType }
KEM-ALGORITHM ::= {
IDENTIFIER id
VALUE CompositeCiphertextValue
PARAMS ARE absent
PUBLIC-KEYS { publicKeyType }
PUBLIC-KEYS { publicKeyType }
SMIME-CAPS { IDENTIFIED BY id }
}
}



Expand All @@ -107,12 +119,12 @@ kema-CompositeKEM {
-- TODO: OID to be replaced by IANA
id-MLKEM768-RSA2048 OBJECT IDENTIFIER ::= {
joint-iso-itu-t(2) country(16) us(840) organization(1)
entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 13 }
entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 21 }

pk-MLKEM768-RSA2048 PUBLIC-KEY ::=
pk-CompositeKEM {
id-MLKEM512-RSA2048,
OCTET STRING, RSAPublicKey }
RsaCompositeKemPublicKey }

kema-MLKEM768-RSA2048 KEM-ALGORITHM ::=
kema-CompositeKEM{
Expand All @@ -124,12 +136,12 @@ kema-MLKEM768-RSA2048 KEM-ALGORITHM ::=
-- TODO: OID to be replaced by IANA
id-MLKEM768-RSA3072 OBJECT IDENTIFIER ::= {
joint-iso-itu-t(2) country(16) us(840) organization(1)
entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 4 }
entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 22 }

pk-MLKEM768-RSA3072 PUBLIC-KEY ::=
pk-CompositeKEM {
id-MLKEM512-RSA3072,
OCTET STRING, RSAPublicKey }
RsaCompositeKemPublicKey }

kema-MLKEM768-RSA3072 KEM-ALGORITHM ::=
kema-CompositeKEM{
Expand All @@ -141,28 +153,28 @@ kema-MLKEM768-RSA3072 KEM-ALGORITHM ::=
-- TODO: OID to be replaced by IANA
id-MLKEM768-RSA4096 OBJECT IDENTIFIER ::= {
joint-iso-itu-t(2) country(16) us(840) organization(1)
entrust(114027) algorithm(80) explicitcomposite(5) kem(2) TBD }
entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 23 }

pk-MLKEM768-RSA4096 PUBLIC-KEY ::=
pk-CompositeKEM {
id-MLKEM512-RSA4096,
OCTET STRING, RSAPublicKey }
id-MLKEM768-RSA4096,
RsaCompositeKemPublicKey }

kema-MLKEM768-RSA4096 KEM-ALGORITHM ::=
kema-CompositeKEM{
id-MLKEM512-RSA4096,
pk-MLKEM512-RSA4096 }
id-MLKEM768-RSA4096,
pk-MLKEM768-RSA4096 }


-- TODO: OID to be replaced by IANA
id-MLKEM768-ECDH-P384 OBJECT IDENTIFIER ::= {
joint-iso-itu-t(2) country(16) us(840) organization(1)
entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 5 }
entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 25 }

pk-MLKEM768-ECDH-P384 PUBLIC-KEY ::=
pk-CompositeKEM {
id-MLKEM768-ECDH-P384,
OCTET STRING, ECPoint }
EcCompositeKemPublicKey }

kema-MLKEM768-ECDH-P384 KEM-ALGORITHM ::=
kema-CompositeKEM{
Expand All @@ -173,12 +185,12 @@ kema-MLKEM768-ECDH-P384 KEM-ALGORITHM ::=
-- TODO: OID to be replaced by IANA
id-MLKEM768-ECDH-brainpoolP256r1 OBJECT IDENTIFIER ::= {
joint-iso-itu-t(2) country(16) us(840) organization(1)
entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 6 }
entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 26 }

pk-MLKEM768-ECDH-brainpoolP256r1 PUBLIC-KEY ::=
pk-CompositeKEM {
id-MLKEM768-ECDH-brainpoolP256r1,
OCTET STRING, ECPoint }
EcCompositeKemPublicKey }

kema-MLKEM768-ECDH-brainpoolP256r1 KEM-ALGORITHM ::=
kema-CompositeKEM{
Expand All @@ -189,12 +201,12 @@ kema-MLKEM768-ECDH-brainpoolP256r1 KEM-ALGORITHM ::=
-- TODO: OID to be replaced by IANA
id-MLKEM768-X25519 OBJECT IDENTIFIER ::= {
joint-iso-itu-t(2) country(16) us(840) organization(1)
entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 7 }
entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 24 }

pk-MLKEM768-X25519 PUBLIC-KEY ::=
pk-CompositeKEM {
id-MLKEM768-X25519,
OCTET STRING, OCTET STRING }
EdCompositeKemPublicKey }

kema-MLKEM768-X25519 KEM-ALGORITHM ::=
kema-CompositeKEM{
Expand All @@ -206,12 +218,12 @@ kema-MLKEM768-X25519 KEM-ALGORITHM ::=
-- TODO: OID to be replaced by IANA
id-MLKEM1024-ECDH-P384 OBJECT IDENTIFIER ::= {
joint-iso-itu-t(2) country(16) us(840) organization(1)
entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 8 }
entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 27 }

pk-MLKEM1024-ECDH-P384 PUBLIC-KEY ::=
pk-CompositeKEM {
id-MLKEM1024-ECDH-P384,
OCTET STRING, ECPoint }
EcCompositeKemPublicKey }

kema-MLKEM1024-ECDH-P384 KEM-ALGORITHM ::=
kema-CompositeKEM{
Expand All @@ -222,12 +234,12 @@ kema-MLKEM1024-ECDH-P384 KEM-ALGORITHM ::=
-- TODO: OID to be replaced by IANA
id-MLKEM1024-ECDH-brainpoolP384r1 OBJECT IDENTIFIER ::= {
joint-iso-itu-t(2) country(16) us(840) organization(1)
entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 9 }
entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 28 }

pk-MLKEM1024-ECDH-brainpoolP384r1 PUBLIC-KEY ::=
pk-CompositeKEM{
id-MLKEM1024-ECDH-brainpoolP384r1,
OCTET STRING, ECPoint }
EcCompositeKemPublicKey }

kema-MLKEM1024-ECDH-brainpoolP384r1 KEM-ALGORITHM ::=
kema-CompositeKEM{
Expand All @@ -238,12 +250,12 @@ kema-MLKEM1024-ECDH-brainpoolP384r1 KEM-ALGORITHM ::=
-- TODO: OID to be replaced by IANA
id-MLKEM1024-X448 OBJECT IDENTIFIER ::= {
joint-iso-itu-t(2) country(16) us(840) organization(1)
entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 10 }
entrust(114027) algorithm(80) explicitcomposite(5) kem(2) 29 }

pk-MLKEM1024-X448 PUBLIC-KEY ::=
pk-CompositeKEM {
id-MLKEM1024-X448,
OCTET STRING, OCTET STRING }
EdCompositeKemPublicKey }

kema-MLKEM1024-X448 KEM-ALGORITHM ::=
kema-CompositeKEM{
Expand Down
7 changes: 6 additions & 1 deletion draft-ietf-lamps-pq-composite-kem.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -808,7 +808,7 @@ The SMIMECapability SEQUENCE representing a composite KEM Algorithm MUST include

<CODE STARTS>

{::include Composite-KEM-2024.asn}
{::include Composite-MLKEM-2024.asn}

<CODE ENDS>

Expand All @@ -829,6 +829,11 @@ EDNOTE to IANA: OIDs will need to be replaced in both the ASN.1 module and in {{

### Object Identifier Registrations - SMI Security for PKIX Algorithms

- id-raw-key
- Decimal: IANA Assigned
- Description: Designates a public key BIT STRING with no ASN.1 structure.
- References: This Document

- id-MLKEM768-RSA2048
- Decimal: IANA Assigned
- Description: id-MLKEM768-RSA2048
Expand Down
Loading