Initial port of content from EntrustCorporation repo

lamps-wg · May 9, 2024 · 999585a · 999585a
1 parent 5f79b57
commit 999585a
Show file tree

Hide file tree

Showing 6 changed files with 1,315 additions and 107 deletions.
diff --git a/Composite-Signatures-2023.asn b/Composite-Signatures-2023.asn
@@ -0,0 +1,349 @@
+
+   Composite-Signatures-2023
+      { joint-iso-itu-t(2) country(16) us(840) organization(1) entrust(114027)
+        algorithm(80) id-composite-signatures-2023 (TBDMOD) }
+
+DEFINITIONS IMPLICIT TAGS ::= BEGIN
+
+EXPORTS ALL;
+
+IMPORTS
+  PUBLIC-KEY, SIGNATURE-ALGORITHM, AlgorithmIdentifier{}
+    FROM AlgorithmInformation-2009  -- RFC 5912 [X509ASN1]
+      { iso(1) identified-organization(3) dod(6) internet(1)
+        security(5) mechanisms(5) pkix(7) id-mod(0)
+        id-mod-algorithmInformation-02(58) }
+
+  SubjectPublicKeyInfo
+    FROM PKIX1Explicit-2009
+      { iso(1) identified-organization(3) dod(6) internet(1)
+        security(5) mechanisms(5) pkix(7) id-mod(0)
+        id-mod-pkix1-explicit-02(51) }
+
+  OneAsymmetricKey
+    FROM AsymmetricKeyPackageModuleV1
+      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
+        pkcs-9(9) smime(16) modules(0)
+        id-mod-asymmetricKeyPkgV1(50) } 
+
+  RSAPublicKey, ECPoint
+    FROM PKIXAlgs-2009 
+      { iso(1) identified-organization(3) dod(6)
+        internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+        id-mod-pkix1-algorithms2008-02(56) }
+
+  sa-rsaSSA-PSS
+    FROM PKIX1-PSS-OAEP-Algorithms-2009
+       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+       mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-rsa-pkalgs-02(54)}
+
+;       
+
+--
+-- Object Identifiers
+--
+
+-- Defined in ITU-T X.690
+der OBJECT IDENTIFIER ::=
+  {joint-iso-itu-t asn1(1) ber-derived(2) distinguished-encoding(1)}
+
+
+
+
+--
+-- Signature Algorithm
+--
+
+
+--
+-- Composite Signature basic structures
+--
+
+CompositeSignaturePublicKey ::= SEQUENCE SIZE (2) OF BIT STRING
+
+CompositeSignaturePublicKeyOs ::= OCTET STRING (CONTAINING 
+                                CompositeSignaturePublicKey ENCODED BY der)
+
+CompositeSignaturePublicKeyBs ::= BIT STRING (CONTAINING 
+                                CompositeSignaturePublicKey ENCODED BY der)
+
+CompositeSignaturePrivateKey ::= SEQUENCE SIZE (2) OF OneAsymmetricKey
+
+CompositeSignatureValue ::= SEQUENCE SIZE (2) OF BIT STRING
+
+-- Composite Signature Value is just a sequence of OCTET STRINGS
+
+--   CompositeSignaturePair{FirstSignatureValue, SecondSignatureValue}  ::= 
+--     SEQUENCE {
+--      signaturevalue1 FirstSignatureValue,
+--      signaturevalue2 SecondSignatureValue }
+
+   -- An Explicit Compsite Signature is a set of Signatures which 
+   -- are composed of OCTET STRINGS
+--   ExplicitCompositeSignatureValue ::= CompositeSignaturePair {
+--       OCTET STRING,OCTET STRING}
+
+
+--
+-- Information Object Classes
+--
+
+pk-CompositeSignature {OBJECT IDENTIFIER:id, 
+  FirstPublicKeyType,SecondPublicKeyType} 
+    PUBLIC-KEY ::= {
+      IDENTIFIER id
+      KEY SEQUENCE {
+        firstPublicKey BIT STRING (CONTAINING FirstPublicKeyType),
+        secondPublicKey BIT STRING (CONTAINING SecondPublicKeyType)
+      }
+      PARAMS ARE absent
+      CERT-KEY-USAGE { digitalSignature, nonRepudiation, keyCertSign, cRLSign}
+    } 
+
+
+sa-CompositeSignature{OBJECT IDENTIFIER:id, 
+   PUBLIC-KEY:publicKeyType } 
+      SIGNATURE-ALGORITHM ::=  {
+         IDENTIFIER id
+         VALUE CompositeSignatureValue
+         PARAMS ARE absent
+         PUBLIC-KEYS {publicKeyType} 
+      }
+
+-- TODO: OID to be replaced by IANA
+id-MLDSA44-RSA2048-PSS-SHA256 OBJECT IDENTIFIER ::= {     
+   joint-iso-itu-t(2) country(16) us(840) organization(1) 
+   entrust(114027) algorithm(80) composite(8) signature(1) 1 }
+
+pk-MLDSA44-RSA2048-PSS-SHA256 PUBLIC-KEY ::=
+  pk-CompositeSignature{ id-MLDSA44-RSA2048-PSS-SHA256,
+  OCTET STRING, RSAPublicKey}
+
+sa-MLDSA44-RSA2048-PSS-SHA256 SIGNATURE-ALGORITHM ::= 
+    sa-CompositeSignature{
+       id-MLDSA44-RSA2048-PSS-SHA256, 
+       pk-MLDSA44-RSA2048-PSS-SHA256 }
+
+-- TODO: OID to be replaced by IANA
+id-MLDSA44-RSA2048-PKCS15-SHA256 OBJECT IDENTIFIER ::= {     
+   joint-iso-itu-t(2) country(16) us(840) organization(1) 
+   entrust(114027) algorithm(80) composite(8) signature(1) 2 }
+
+pk-MLDSA44-RSA2048-PKCS15-SHA256 PUBLIC-KEY ::=
+  pk-CompositeSignature{ id-MLDSA44-RSA2048-PKCS15-SHA256,
+  OCTET STRING, RSAPublicKey}
+
+sa-MLDSA44-RSA2048-PKCS15-SHA256 SIGNATURE-ALGORITHM ::= 
+    sa-CompositeSignature{
+       id-MLDSA44-RSA2048-PKCS15-SHA256, 
+       pk-MLDSA44-RSA2048-PKCS15-SHA256 } 
+
+
+-- TODO: OID to be replaced by IANA
+id-MLDSA44-Ed25519-SHA512 OBJECT IDENTIFIER ::= {     
+   joint-iso-itu-t(2) country(16) us(840) organization(1) 
+   entrust(114027) algorithm(80) composite(8) signature(1) 3 }
+
+pk-MLDSA44-Ed25519-SHA512 PUBLIC-KEY ::=
+  pk-CompositeSignature{ id-MLDSA44-Ed25519-SHA512,
+  OCTET STRING, ECPoint}
+
+sa-MLDSA44-Ed25519-SHA512 SIGNATURE-ALGORITHM ::= 
+    sa-CompositeSignature{
+       id-MLDSA44-Ed25519-SHA512, 
+       pk-MLDSA44-Ed25519-SHA512 } 
+
+
+-- TODO: OID to be replaced by IANA
+id-MLDSA44-ECDSA-P256-SHA256 OBJECT IDENTIFIER ::= {     
+   joint-iso-itu-t(2) country(16) us(840) organization(1) 
+   entrust(114027) algorithm(80) composite(8) signature(1) 4 }
+
+pk-MLDSA44-ECDSA-P256-SHA256 PUBLIC-KEY ::=
+  pk-CompositeSignature{ id-MLDSA44-ECDSA-P256-SHA256,
+  OCTET STRING, ECPoint}
+
+sa-MLDSA44-ECDSA-P256-SHA256 SIGNATURE-ALGORITHM ::= 
+    sa-CompositeSignature{
+       id-MLDSA44-ECDSA-P256-SHA256, 
+       pk-MLDSA44-ECDSA-P256-SHA256 }   
+
+
+-- TODO: OID to be replaced by IANA
+id-MLDSA44-ECDSA-brainpoolP256r1-SHA256 OBJECT IDENTIFIER ::= {     
+   joint-iso-itu-t(2) country(16) us(840) organization(1) 
+   entrust(114027) algorithm(80) composite(8) signature(1) 5 }
+
+pk-MLDSA44-ECDSA-brainpoolP256r1-SHA256 PUBLIC-KEY ::=
+  pk-CompositeSignature{ id-MLDSA44-ECDSA-brainpoolP256r1-SHA256,
+  OCTET STRING, ECPoint}
+
+sa-MLDSA44-ECDSA-brainpoolP256r1-SHA256 SIGNATURE-ALGORITHM ::= 
+    sa-CompositeSignature{
+       id-MLDSA44-ECDSA-brainpoolP256r1-SHA256, 
+       pk-MLDSA44-ECDSA-brainpoolP256r1-SHA256 }  
+
+
+-- TODO: OID to be replaced by IANA
+id-MLDSA65-RSA3072-PSS-SHA512 OBJECT IDENTIFIER ::= {     
+   joint-iso-itu-t(2) country(16) us(840) organization(1) 
+   entrust(114027) algorithm(80) composite(8) signature(1) 6 }
+
+pk-MLDSA65-RSA3072-PSS-SHA512 PUBLIC-KEY ::=
+  pk-CompositeSignature{ id-MLDSA65-RSA3072-PSS-SHA512,
+  OCTET STRING, RSAPublicKey}
+
+sa-MLDSA65-RSA3072-PSS-SHA512 SIGNATURE-ALGORITHM ::= 
+    sa-CompositeSignature{
+       id-MLDSA65-RSA3072-PSS-SHA512, 
+       pk-MLDSA65-RSA3072-PSS-SHA512 }   
+
+
+-- TODO: OID to be replaced by IANA
+id-MLDSA65-RSA3072-PKCS15-SHA512 OBJECT IDENTIFIER ::= {     
+   joint-iso-itu-t(2) country(16) us(840) organization(1) 
+   entrust(114027) algorithm(80) composite(8) signature(1) 7 }
+
+pk-MLDSA65-RSA3072-PKCS15-SHA512 PUBLIC-KEY ::=
+  pk-CompositeSignature{ id-MLDSA65-RSA3072-PKCS15-SHA512,
+  OCTET STRING, RSAPublicKey}
+
+sa-MLDSA65-RSA3072-PKCS15-SHA512 SIGNATURE-ALGORITHM ::= 
+    sa-CompositeSignature{
+       id-MLDSA65-RSA3072-PKCS15-SHA512, 
+       pk-MLDSA65-RSA3072-PKCS15-SHA512 } 
+
+
+-- TODO: OID to be replaced by IANA
+id-MLDSA65-ECDSA-P256-SHA512 OBJECT IDENTIFIER ::= {     
+   joint-iso-itu-t(2) country(16) us(840) organization(1) 
+   entrust(114027) algorithm(80) composite(8) signature(1) 8 }
+
+pk-MLDSA65-ECDSA-P256-SHA512 PUBLIC-KEY ::=
+  pk-CompositeSignature{ id-MLDSA65-ECDSA-P256-SHA512,
+  OCTET STRING, ECPoint}
+
+sa-MLDSA65-ECDSA-P256-SHA512 SIGNATURE-ALGORITHM ::= 
+    sa-CompositeSignature{
+       id-MLDSA65-ECDSA-P256-SHA512, 
+       pk-MLDSA65-ECDSA-P256-SHA512 }
+
+
+-- TODO: OID to be replaced by IANA
+id-MLDSA65-ECDSA-brainpoolP256r1-SHA512 OBJECT IDENTIFIER ::= {     
+   joint-iso-itu-t(2) country(16) us(840) organization(1) 
+   entrust(114027) algorithm(80) composite(8) signature(1) 9 }
+
+pk-id-MLDSA65-ECDSA-brainpoolP256r1-SHA512 PUBLIC-KEY ::=
+  pk-CompositeSignature{ id-MLDSA65-ECDSA-brainpoolP256r1-SHA512,
+  OCTET STRING, ECPoint}
+
+sa-id-MLDSA65-ECDSA-brainpoolP256r1-SHA512 SIGNATURE-ALGORITHM ::= 
+    sa-CompositeSignature{
+       id-MLDSA65-ECDSA-brainpoolP256r1-SHA512, 
+       pk-id-MLDSA65-ECDSA-brainpoolP256r1-SHA512 }       
+
+
+-- TODO: OID to be replaced by IANA
+id-MLDSA65-Ed25519-SHA512 OBJECT IDENTIFIER ::= {     
+   joint-iso-itu-t(2) country(16) us(840) organization(1) 
+   entrust(114027) algorithm(80) composite(8) signature(1) 10 }
+
+pk-MLDSA65-Ed25519-SHA512 PUBLIC-KEY ::=
+  pk-CompositeSignature{ id-MLDSA65-Ed25519-SHA512,
+  OCTET STRING, ECPoint}
+
+sa-MLDSA65-Ed25519-SHA512 SIGNATURE-ALGORITHM ::= 
+    sa-CompositeSignature{
+       id-MLDSA65-Ed25519-SHA512, 
+       pk-MLDSA65-Ed25519-SHA512 } 
+
+
+-- TODO: OID to be replaced by IANA
+id-MLDSA87-ECDSA-P384-SHA512 OBJECT IDENTIFIER ::= {     
+   joint-iso-itu-t(2) country(16) us(840) organization(1) 
+   entrust(114027) algorithm(80) composite(8) signature(1) 11 }
+
+pk-MLDSA87-ECDSA-P384-SHA512 PUBLIC-KEY ::=
+  pk-CompositeSignature{ id-MLDSA87-ECDSA-P384-SHA512,
+  OCTET STRING, ECPoint}
+
+sa-MLDSA87-ECDSA-P384-SHA512 SIGNATURE-ALGORITHM ::= 
+    sa-CompositeSignature{
+       id-MLDSA87-ECDSA-P384-SHA512, 
+       pk-MLDSA87-ECDSA-P384-SHA512 }   
+
+
+-- TODO: OID to be replaced by IANA
+id-MLDSA87-ECDSA-brainpoolP384r1-SHA512 OBJECT IDENTIFIER ::= {     
+   joint-iso-itu-t(2) country(16) us(840) organization(1) 
+   entrust(114027) algorithm(80) composite(8) signature(1) 12 }
+
+pk-MLDSA87-ECDSA-brainpoolP384r1-SHA512 PUBLIC-KEY ::=
+  pk-CompositeSignature{ id-MLDSA87-ECDSA-brainpoolP384r1-SHA512,
+  OCTET STRING, ECPoint}
+
+sa-MLDSA87-ECDSA-brainpoolP384r1-SHA512 SIGNATURE-ALGORITHM ::= 
+    sa-CompositeSignature{
+       id-MLDSA87-ECDSA-brainpoolP384r1-SHA512, 
+       pk-MLDSA87-ECDSA-brainpoolP384r1-SHA512 } 
+
+
+-- TODO: OID to be replaced by IANA
+id-MLDSA87-Ed448-SHA512 OBJECT IDENTIFIER ::= {     
+   joint-iso-itu-t(2) country(16) us(840) organization(1) 
+   entrust(114027) algorithm(80) composite(8) signature(1) 13 }
+
+pk-MLDSA87-Ed448-SHA512 PUBLIC-KEY ::=
+  pk-CompositeSignature{ id-MLDSA87-Ed448-SHA512,
+  OCTET STRING, ECPoint}
+
+sa-MLDSA87-Ed448-SHA512 SIGNATURE-ALGORITHM ::= 
+    sa-CompositeSignature{
+       id-MLDSA87-Ed448-SHA512, 
+       pk-MLDSA87-Ed448-SHA512 }  
+
+-- TODO: OID to be replaced by IANA
+id-Falon512-ECDSA-P256-SHA256 OBJECT IDENTIFIER ::= {     
+   joint-iso-itu-t(2) country(16) us(840) organization(1) 
+   entrust(114027) algorithm(80) composite(8) signature(1) 14 }
+
+pk-Falon512-ECDSA-P256-SHA256 PUBLIC-KEY ::=
+  pk-CompositeSignature{ id-Falon512-ECDSA-P256-SHA256,
+  OCTET STRING, ECPoint}
+
+sa-Falon512-ECDSA-P256-SHA256 SIGNATURE-ALGORITHM ::= 
+    sa-CompositeSignature{
+       id-Falon512-ECDSA-P256-SHA256, 
+       pk-Falon512-ECDSA-P256-SHA256 } 
+
+-- TODO: OID to be replaced by IANA
+id-Falcon512-ECDSA-brainpoolP256r1-SHA256 OBJECT IDENTIFIER ::= {     
+   joint-iso-itu-t(2) country(16) us(840) organization(1) 
+   entrust(114027) algorithm(80) composite(8) signature(1) 15 }
+
+pk-Falcon512-ECDSA-brainpoolP256r1-SHA256 PUBLIC-KEY ::=
+  pk-CompositeSignature{ id-Falcon512-ECDSA-brainpoolP256r1-SHA256,
+  OCTET STRING, ECPoint}
+
+sa-Falcon512-ECDSA-brainpoolP256r1-SHA256 SIGNATURE-ALGORITHM ::= 
+    sa-CompositeSignature{
+       id-Falcon512-ECDSA-brainpoolP256r1-SHA256, 
+       pk-Falcon512-ECDSA-brainpoolP256r1-SHA256 } 
+
+-- TODO: OID to be replaced by IANA
+id-Falcon512-Ed25519-SHA512 OBJECT IDENTIFIER ::= {     
+   joint-iso-itu-t(2) country(16) us(840) organization(1) 
+   entrust(114027) algorithm(80) composite(8) signature(1) 16 }
+
+pk-Falcon512-Ed25519-SHA512 PUBLIC-KEY ::=
+  pk-CompositeSignature{ id-Falcon512-Ed25519-SHA512,
+  OCTET STRING, ECPoint}
+
+sa-Falcon512-Ed25519-SHA512 SIGNATURE-ALGORITHM ::= 
+    sa-CompositeSignature{
+       id-Falcon512-Ed25519-SHA512, 
+       pk-Falcon512-Ed25519-SHA512 }                                      
+
+
+END
diff --git a/README.md b/README.md