Merge branch 'main' into 26-nist-is-suggesting-that-both-pq-l3-+-l5-s…

…hould-be-paired-with-p-384
lamps-wg · Sep 26, 2024 · 83ac90e · 83ac90e
2 parents 2c526f6 + caa9a90
commit 83ac90e
Show file tree

Hide file tree

Showing 3 changed files with 439 additions and 390 deletions.
diff --git a/Composite-MLDSA-2024.asn b/Composite-MLDSA-2024.asn
@@ -0,0 +1,349 @@
+Composite-MLDSA-2024
+  { iso(1) identified-organization(3) dod(6) internet(1)
+        security(5) mechanisms(5) pkix(7) id-mod(0)
+        id-mod-composite-mldsa(TBDMOD) }
+
+
+DEFINITIONS IMPLICIT TAGS ::= BEGIN
+
+EXPORTS ALL;
+
+IMPORTS
+  PUBLIC-KEY, SIGNATURE-ALGORITHM, AlgorithmIdentifier{}
+    FROM AlgorithmInformation-2009  -- RFC 5912 [X509ASN1]
+      { iso(1) identified-organization(3) dod(6) internet(1)
+        security(5) mechanisms(5) pkix(7) id-mod(0)
+        id-mod-algorithmInformation-02(58) }
+
+  SubjectPublicKeyInfo
+    FROM PKIX1Explicit-2009
+      { iso(1) identified-organization(3) dod(6) internet(1)
+        security(5) mechanisms(5) pkix(7) id-mod(0)
+        id-mod-pkix1-explicit-02(51) }
+
+  OneAsymmetricKey
+    FROM AsymmetricKeyPackageModuleV1
+      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
+        pkcs-9(9) smime(16) modules(0)
+        id-mod-asymmetricKeyPkgV1(50) }
+
+  RSAPublicKey, ECPoint
+    FROM PKIXAlgs-2009
+      { iso(1) identified-organization(3) dod(6)
+        internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+        id-mod-pkix1-algorithms2008-02(56) }
+
+  sa-rsaSSA-PSS
+    FROM PKIX1-PSS-OAEP-Algorithms-2009
+       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+       mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-rsa-pkalgs-02(54)}
+
+;
+
+--
+-- Object Identifiers
+--
+
+-- Defined in ITU-T X.690
+der OBJECT IDENTIFIER ::=
+  {joint-iso-itu-t asn1(1) ber-derived(2) distinguished-encoding(1)}
+
+
+-- Just for testing, to be assigned by IANA
+id-raw-key OBJECT IDENTIFIER ::= {
+   joint-iso-itu-t(2) country(16) us(840) organization(1)
+   entrust(114027) algorithm(80) composite(8) raw(999) 1 }
+
+
+--
+-- Signature Algorithm
+--
+
+
+--
+-- Composite Signature basic structures
+--
+
+CompositeSignaturePublicKey ::= SEQUENCE SIZE (2) OF BIT STRING
+
+CompositeSignaturePublicKeyOs ::= OCTET STRING (CONTAINING
+                                CompositeSignaturePublicKey ENCODED BY der)
+
+CompositeSignaturePublicKeyBs ::= BIT STRING (CONTAINING
+                                CompositeSignaturePublicKey ENCODED BY der)
+
+CompositeSignaturePrivateKey ::= SEQUENCE SIZE (2) OF OneAsymmetricKey
+
+CompositeSignatureValue ::= SEQUENCE SIZE (2) OF BIT STRING
+
+RsaCompositeSignaturePublicKey ::= SEQUENCE {
+        firstPublicKey BIT STRING (ENCODED BY id-raw-key),
+        secondPublicKey BIT STRING (CONTAINING RSAPublicKey)
+      }	  
+
+EcCompositeSignaturePublicKey ::= SEQUENCE {
+        firstPublicKey BIT STRING (ENCODED BY id-raw-key),
+        secondPublicKey BIT STRING (CONTAINING ECPoint)
+      }
+
+EdCompositeSignaturePublicKey ::= SEQUENCE {
+        firstPublicKey BIT STRING (ENCODED BY id-raw-key),
+        secondPublicKey BIT STRING (ENCODED BY id-raw-key)
+      }
+
+-- Composite Signature Value is just a sequence of OCTET STRINGS
+
+--   CompositeSignaturePair{FirstSignatureValue, SecondSignatureValue} ::=
+--     SEQUENCE {
+--      signaturevalue1 FirstSignatureValue,
+--      signaturevalue2 SecondSignatureValue }
+
+-- An Explicit Compsite Signature is a set of Signatures which
+-- are composed of OCTET STRINGS
+--   ExplicitCompositeSignatureValue ::= CompositeSignaturePair {
+--       OCTET STRING,OCTET STRING}
+
+
+--
+-- Information Object Classes
+--
+
+pk-CompositeSignature {OBJECT IDENTIFIER:id, PublicKeyType}
+    PUBLIC-KEY ::= {
+      IDENTIFIER id
+      KEY PublicKeyType
+      PARAMS ARE absent
+      CERT-KEY-USAGE { digitalSignature, nonRepudiation, keyCertSign, cRLSign}
+    }
+
+sa-CompositeSignature{OBJECT IDENTIFIER:id,
+   PUBLIC-KEY:publicKeyType }
+      SIGNATURE-ALGORITHM ::=  {
+         IDENTIFIER id
+         VALUE CompositeSignatureValue
+         PARAMS ARE absent
+         PUBLIC-KEYS {publicKeyType}
+      }
+
+-- TODO: OID to be replaced by IANA
+id-MLDSA44-RSA2048-PSS-SHA256 OBJECT IDENTIFIER ::= {
+   joint-iso-itu-t(2) country(16) us(840) organization(1)
+   entrust(114027) algorithm(80) composite(8) signature(1) 21 }
+
+pk-MLDSA44-RSA2048-PSS-SHA256 PUBLIC-KEY ::=
+  pk-CompositeSignature{ id-MLDSA44-RSA2048-PSS-SHA256,
+  RsaCompositeSignaturePublicKey}
+
+sa-MLDSA44-RSA2048-PSS-SHA256 SIGNATURE-ALGORITHM ::=
+    sa-CompositeSignature{
+       id-MLDSA44-RSA2048-PSS-SHA256,
+       pk-MLDSA44-RSA2048-PSS-SHA256 }
+
+-- TODO: OID to be replaced by IANA
+id-MLDSA44-RSA2048-PKCS15-SHA256 OBJECT IDENTIFIER ::= {
+   joint-iso-itu-t(2) country(16) us(840) organization(1)
+   entrust(114027) algorithm(80) composite(8) signature(1) 22 }
+
+pk-MLDSA44-RSA2048-PKCS15-SHA256 PUBLIC-KEY ::=
+  pk-CompositeSignature{ id-MLDSA44-RSA2048-PKCS15-SHA256,
+  RsaCompositeSignaturePublicKey}
+
+sa-MLDSA44-RSA2048-PKCS15-SHA256 SIGNATURE-ALGORITHM ::=
+    sa-CompositeSignature{
+       id-MLDSA44-RSA2048-PKCS15-SHA256,
+       pk-MLDSA44-RSA2048-PKCS15-SHA256 }
+
+
+-- TODO: OID to be replaced by IANA
+id-MLDSA44-Ed25519-SHA512 OBJECT IDENTIFIER ::= {
+   joint-iso-itu-t(2) country(16) us(840) organization(1)
+   entrust(114027) algorithm(80) composite(8) signature(1) 23 }
+
+pk-MLDSA44-Ed25519-SHA512 PUBLIC-KEY ::=
+  pk-CompositeSignature{ id-MLDSA44-Ed25519-SHA512,
+  EdCompositeSignaturePublicKey}
+
+sa-MLDSA44-Ed25519-SHA512 SIGNATURE-ALGORITHM ::=
+    sa-CompositeSignature{
+       id-MLDSA44-Ed25519-SHA512,
+       pk-MLDSA44-Ed25519-SHA512 }
+
+
+-- TODO: OID to be replaced by IANA
+id-MLDSA44-ECDSA-P256-SHA256 OBJECT IDENTIFIER ::= {
+   joint-iso-itu-t(2) country(16) us(840) organization(1)
+   entrust(114027) algorithm(80) composite(8) signature(1) 24 }
+
+pk-MLDSA44-ECDSA-P256-SHA256 PUBLIC-KEY ::=
+  pk-CompositeSignature{ id-MLDSA44-ECDSA-P256-SHA256,
+  EcCompositeSignaturePublicKey}
+
+sa-MLDSA44-ECDSA-P256-SHA256 SIGNATURE-ALGORITHM ::=
+    sa-CompositeSignature{
+       id-MLDSA44-ECDSA-P256-SHA256,
+       pk-MLDSA44-ECDSA-P256-SHA256 }
+
+
+-- TODO: OID to be replaced by IANA
+id-MLDSA44-ECDSA-brainpoolP256r1-SHA256 OBJECT IDENTIFIER ::= {
+   joint-iso-itu-t(2) country(16) us(840) organization(1)
+   entrust(114027) algorithm(80) composite(8) signature(1) 25 }
+
+pk-MLDSA44-ECDSA-brainpoolP256r1-SHA256 PUBLIC-KEY ::=
+  pk-CompositeSignature{ id-MLDSA44-ECDSA-brainpoolP256r1-SHA256,
+  EcCompositeSignaturePublicKey}
+
+sa-MLDSA44-ECDSA-brainpoolP256r1-SHA256 SIGNATURE-ALGORITHM ::=
+    sa-CompositeSignature{
+       id-MLDSA44-ECDSA-brainpoolP256r1-SHA256,
+       pk-MLDSA44-ECDSA-brainpoolP256r1-SHA256 }
+
+
+-- TODO: OID to be replaced by IANA
+id-MLDSA65-RSA3072-PSS-SHA512 OBJECT IDENTIFIER ::= {
+   joint-iso-itu-t(2) country(16) us(840) organization(1)
+   entrust(114027) algorithm(80) composite(8) signature(1) 26 }
+
+pk-MLDSA65-RSA3072-PSS-SHA512 PUBLIC-KEY ::=
+  pk-CompositeSignature{ id-MLDSA65-RSA3072-PSS-SHA512,
+  RsaCompositeSignaturePublicKey}
+
+sa-MLDSA65-RSA3072-PSS-SHA512 SIGNATURE-ALGORITHM ::=
+    sa-CompositeSignature{
+       id-MLDSA65-RSA3072-PSS-SHA512,
+       pk-MLDSA65-RSA3072-PSS-SHA512 }
+
+
+-- TODO: OID to be replaced by IANA
+id-MLDSA65-RSA3072-PKCS15-SHA512 OBJECT IDENTIFIER ::= {
+   joint-iso-itu-t(2) country(16) us(840) organization(1)
+   entrust(114027) algorithm(80) composite(8) signature(1) 27 }
+
+pk-MLDSA65-RSA3072-PKCS15-SHA512 PUBLIC-KEY ::=
+  pk-CompositeSignature{ id-MLDSA65-RSA3072-PKCS15-SHA512,
+  RsaCompositeSignaturePublicKey}
+
+sa-MLDSA65-RSA3072-PKCS15-SHA512 SIGNATURE-ALGORITHM ::=
+    sa-CompositeSignature{
+       id-MLDSA65-RSA3072-PKCS15-SHA512,
+       pk-MLDSA65-RSA3072-PKCS15-SHA512 }
+
+-- TODO: OID to be replaced by IANA
+id-MLDSA65-RSA4096-PSS-SHA512 OBJECT IDENTIFIER ::= {
+   joint-iso-itu-t(2) country(16) us(840) organization(1)
+   entrust(114027) algorithm(80) composite(8) signature(1) 34 }
+
+pk-MLDSA65-RSA4096-PSS-SHA512 PUBLIC-KEY ::=
+  pk-CompositeSignature{ id-MLDSA65-RSA4096-PSS-SHA512,
+  RsaCompositeSignaturePublicKey}
+
+sa-MLDSA65-RSA4096-PSS-SHA512 SIGNATURE-ALGORITHM ::=
+    sa-CompositeSignature{
+       id-MLDSA65-RSA4096-PSS-SHA512,
+       pk-MLDSA65-RSA4096-PSS-SHA512 }
+
+
+-- TODO: OID to be replaced by IANA
+id-MLDSA65-RSA4096-PKCS15-SHA512 OBJECT IDENTIFIER ::= {
+   joint-iso-itu-t(2) country(16) us(840) organization(1)
+   entrust(114027) algorithm(80) composite(8) signature(1) 35 }
+
+pk-MLDSA65-RSA4096-PKCS15-SHA512 PUBLIC-KEY ::=
+  pk-CompositeSignature{ id-MLDSA65-RSA4096-PKCS15-SHA512,
+  RsaCompositeSignaturePublicKey}
+
+sa-MLDSA65-RSA4096-PKCS15-SHA512 SIGNATURE-ALGORITHM ::=
+    sa-CompositeSignature{
+       id-MLDSA65-RSA4096-PKCS15-SHA512,
+       pk-MLDSA65-RSA4096-PKCS15-SHA512 }
+
+-- TODO: OID to be replaced by IANA
+id-MLDSA65-ECDSA-P256-SHA512 OBJECT IDENTIFIER ::= {
+   joint-iso-itu-t(2) country(16) us(840) organization(1)
+   entrust(114027) algorithm(80) composite(8) signature(1) 28 }
+
+pk-MLDSA65-ECDSA-P256-SHA512 PUBLIC-KEY ::=
+  pk-CompositeSignature{ id-MLDSA65-ECDSA-P256-SHA512,
+  EcCompositeSignaturePublicKey}
+
+sa-MLDSA65-ECDSA-P256-SHA512 SIGNATURE-ALGORITHM ::=
+    sa-CompositeSignature{
+       id-MLDSA65-ECDSA-P256-SHA512,
+       pk-MLDSA65-ECDSA-P256-SHA512 }
+
+
+-- TODO: OID to be replaced by IANA
+id-MLDSA65-ECDSA-brainpoolP256r1-SHA512 OBJECT IDENTIFIER ::= {
+   joint-iso-itu-t(2) country(16) us(840) organization(1)
+   entrust(114027) algorithm(80) composite(8) signature(1) 29 }
+
+pk-MLDSA65-ECDSA-brainpoolP256r1-SHA512 PUBLIC-KEY ::=
+  pk-CompositeSignature{ id-MLDSA65-ECDSA-brainpoolP256r1-SHA512,
+  EcCompositeSignaturePublicKey}
+
+sa-MLDSA65-ECDSA-brainpoolP256r1-SHA512 SIGNATURE-ALGORITHM ::=
+    sa-CompositeSignature{
+       id-MLDSA65-ECDSA-brainpoolP256r1-SHA512,
+       pk-MLDSA65-ECDSA-brainpoolP256r1-SHA512 }
+
+
+-- TODO: OID to be replaced by IANA
+id-MLDSA65-Ed25519-SHA512 OBJECT IDENTIFIER ::= {
+   joint-iso-itu-t(2) country(16) us(840) organization(1)
+   entrust(114027) algorithm(80) composite(8) signature(1) 30 }
+
+pk-MLDSA65-Ed25519-SHA512 PUBLIC-KEY ::=
+  pk-CompositeSignature{ id-MLDSA65-Ed25519-SHA512,
+  EdCompositeSignaturePublicKey}
+
+sa-MLDSA65-Ed25519-SHA512 SIGNATURE-ALGORITHM ::=
+    sa-CompositeSignature{
+       id-MLDSA65-Ed25519-SHA512,
+       pk-MLDSA65-Ed25519-SHA512 }
+
+
+-- TODO: OID to be replaced by IANA
+id-MLDSA87-ECDSA-P384-SHA512 OBJECT IDENTIFIER ::= {
+   joint-iso-itu-t(2) country(16) us(840) organization(1)
+   entrust(114027) algorithm(80) composite(8) signature(1) 31 }
+
+pk-MLDSA87-ECDSA-P384-SHA512 PUBLIC-KEY ::=
+  pk-CompositeSignature{ id-MLDSA87-ECDSA-P384-SHA512,
+  EcCompositeSignaturePublicKey}
+
+sa-MLDSA87-ECDSA-P384-SHA512 SIGNATURE-ALGORITHM ::=
+    sa-CompositeSignature{
+       id-MLDSA87-ECDSA-P384-SHA512,
+       pk-MLDSA87-ECDSA-P384-SHA512 }
+
+
+-- TODO: OID to be replaced by IANA
+id-MLDSA87-ECDSA-brainpoolP384r1-SHA512 OBJECT IDENTIFIER ::= {
+   joint-iso-itu-t(2) country(16) us(840) organization(1)
+   entrust(114027) algorithm(80) composite(8) signature(1) 32 }
+
+pk-MLDSA87-ECDSA-brainpoolP384r1-SHA512 PUBLIC-KEY ::=
+  pk-CompositeSignature{ id-MLDSA87-ECDSA-brainpoolP384r1-SHA512,
+  EcCompositeSignaturePublicKey}
+
+sa-MLDSA87-ECDSA-brainpoolP384r1-SHA512 SIGNATURE-ALGORITHM ::=
+    sa-CompositeSignature{
+       id-MLDSA87-ECDSA-brainpoolP384r1-SHA512,
+       pk-MLDSA87-ECDSA-brainpoolP384r1-SHA512 }
+
+
+-- TODO: OID to be replaced by IANA
+id-MLDSA87-Ed448-SHA512 OBJECT IDENTIFIER ::= {
+   joint-iso-itu-t(2) country(16) us(840) organization(1)
+   entrust(114027) algorithm(80) composite(8) signature(1) 33 }
+
+pk-MLDSA87-Ed448-SHA512 PUBLIC-KEY ::=
+  pk-CompositeSignature{ id-MLDSA87-Ed448-SHA512,
+  EdCompositeSignaturePublicKey}
+
+sa-MLDSA87-Ed448-SHA512 SIGNATURE-ALGORITHM ::=
+    sa-CompositeSignature{
+       id-MLDSA87-Ed448-SHA512,
+       pk-MLDSA87-Ed448-SHA512 }
+
+END