Skip to content

Commit

Permalink
const-oid: add OIDs for ML-DSA and SLH-DSA (#1541)
Browse files Browse the repository at this point in the history
  • Loading branch information
baloo authored Oct 2, 2024
1 parent 2da5955 commit fcbea00
Show file tree
Hide file tree
Showing 5 changed files with 311 additions and 1 deletion.
22 changes: 22 additions & 0 deletions const-oid/oiddbgen/fips203.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
Object Identifiers (OID) for ML-KEM
-----------------------------------
This document lists the OIDs for
- ML-KEM-512,
- ML-KEM-768, and
- ML-KEM-1024.

This file was manually created, as there exists no offical document that is easily parsable.
The ML-KEM standard is specified in [FIPS 203](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.pdf).
The OIDs are defined in [Computer Security Objects Register (CSOR)]
(https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration),
which publishes the following ML-KEM OIDs:

nistAlgorithms OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) }

kems OBJECT IDENTIFIER ::= { nistAlgorithms 4 }

id-alg-ml-kem-512 OBJECT IDENTIFIER ::= { kems 1 }

id-alg-ml-kem-768 OBJECT IDENTIFIER ::= { kems 2 }

id-alg-ml-kem-1024 OBJECT IDENTIFIER ::= { kems 3 }
32 changes: 32 additions & 0 deletions const-oid/oiddbgen/fips204.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
Object Identifiers (OID) for ML-DSA
-----------------------------------
This document lists the OIDs for
- ML-DSA-44,
- ML-DSA-65,
- ML-DSA-87,
- HashML-DSA-44 with SHA512,
- HashML-DSA-65 with SHA512, and
- HashML-DSA-87 with SHA512.

This file was manually created, as there exists no offical document that is easily parsable.
The ML-DSA standard is specified in [FIPS 204](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf).
The OIDs are defined in [Computer Security Objects Register (CSOR)]
(https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration),
which publishes the following ML-DSA OIDs:

nistAlgorithms OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) }

sigAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 3 }

id-ml-dsa-44 OBJECT IDENTIFIER ::= { sigAlgs 17 }

id-ml-dsa-65 OBJECT IDENTIFIER ::= { sigAlgs 18 }

id-ml-dsa-87 OBJECT IDENTIFIER ::= { sigAlgs 19 }

id-hash-ml-dsa-44-with-sha512 OBJECT IDENTIFIER ::= { sigAlgs 32 }

id-hash-ml-dsa-65-with-sha512 OBJECT IDENTIFIER ::= { sigAlgs 33 }

id-hash-ml-dsa-87-with-sha512 OBJECT IDENTIFIER ::= { sigAlgs 34 }

85 changes: 85 additions & 0 deletions const-oid/oiddbgen/fips205.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
Object Identifiers (OID) for SLH-DSA
------------------------------------
This document lists the OIDs for
- SLH-DSA-SHA2-128s,
- SLH-DSA-SHA2-128f,
- SLH-DSA-SHA2-192s,
- SLH-DSA-SHA2-192f,
- SLH-DSA-SHA2-256s,
- SLH-DSA-SHA2-256f,
- SLH-DSA-SHAKE-128s,
- SLH-DSA-SHAKE-128f,
- SLH-DSA-SHAKE-192s,
- SLH-DSA-SHAKE-192f,
- SLH-DSA-SHAKE-256s,
- SLH-DSA-SHAKE-256f,
- HashSLH-DSA-SHA2-128s-with-sha256,
- HashSLH-DSA-SHA2-128f-with-sha256,
- HashSLH-DSA-SHA2-192s-with-sha512,
- HashSLH-DSA-SHA2-192f-with-sha512,
- HashSLH-DSA-SHA2-256s-with-sha512,
- HashSLH-DSA-SHA2-256f-with-sha512,
- HashSLH-DSA-SHAKE-128s-with-shake128,
- HashSLH-DSA-SHAKE-128f-with-shake128,
- HashSLH-DSA-SHAKE-192s-with-shake256,
- HashSLH-DSA-SHAKE-192f-with-shake256,
- HashSLH-DSA-SHAKE-256s-with-shake256, and
- HashSLH-DSA-SHAKE-256f-with-shake256.

This file was manually created, as there exists no offical document that is easily parsable.
The SLH-DSA standard is specified in [FIPS 205](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.205.pdf).
The OIDs are defined in [Computer Security Objects Register (CSOR)]
(https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration),
which publishes the following SLH-DSA OIDs:

nistAlgorithms OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) }

sigAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 3 }

id-slh-dsa-sha2-128s OBJECT IDENTIFIER ::= { sigAlgs 20 }

id-slh-dsa-sha2-128f OBJECT IDENTIFIER ::= { sigAlgs 21 }

id-slh-dsa-sha2-192s OBJECT IDENTIFIER ::= { sigAlgs 22 }

id-slh-dsa-sha2-192f OBJECT IDENTIFIER ::= { sigAlgs 23 }

id-slh-dsa-sha2-256s OBJECT IDENTIFIER ::= { sigAlgs 24 }

id-slh-dsa-sha2-256f OBJECT IDENTIFIER ::= { sigAlgs 25 }

id-slh-dsa-shake-128s OBJECT IDENTIFIER ::= { sigAlgs 26 }

id-slh-dsa-shake-128f OBJECT IDENTIFIER ::= { sigAlgs 27 }

id-slh-dsa-shake-192s OBJECT IDENTIFIER ::= { sigAlgs 28 }

id-slh-dsa-shake-192f OBJECT IDENTIFIER ::= { sigAlgs 29 }

id-slh-dsa-shake-256s OBJECT IDENTIFIER ::= { sigAlgs 30 }

id-slh-dsa-shake-256f OBJECT IDENTIFIER ::= { sigAlgs 31 }

id-hash-slh-dsa-sha2-128s-with-sha256 OBJECT IDENTIFIER ::= { sigAlgs 35 }

id-hash-slh-dsa-sha2-128f-with-sha256 OBJECT IDENTIFIER ::= { sigAlgs 36 }

id-hash-slh-dsa-sha2-192s-with-sha512 OBJECT IDENTIFIER ::= { sigAlgs 37 }

id-hash-slh-dsa-sha2-192f-with-sha512 OBJECT IDENTIFIER ::= { sigAlgs 38 }

id-hash-slh-dsa-sha2-256s-with-sha512 OBJECT IDENTIFIER ::= { sigAlgs 39 }

id-hash-slh-dsa-sha2-256f-with-sha512 OBJECT IDENTIFIER ::= { sigAlgs 40 }

id-hash-slh-dsa-shake-128s-with-shake128 OBJECT IDENTIFIER ::= { sigAlgs 41 }

id-hash-slh-dsa-shake-128f-with-shake128 OBJECT IDENTIFIER ::= { sigAlgs 42 }

id-hash-slh-dsa-shake-192s-with-shake256 OBJECT IDENTIFIER ::= { sigAlgs 43 }

id-hash-slh-dsa-shake-192f-with-shake256 OBJECT IDENTIFIER ::= { sigAlgs 44 }

id-hash-slh-dsa-shake-256s-with-shake256 OBJECT IDENTIFIER ::= { sigAlgs 45 }

id-hash-slh-dsa-shake-256f-with-shake256 OBJECT IDENTIFIER ::= { sigAlgs 46 }
5 changes: 4 additions & 1 deletion const-oid/oiddbgen/src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,9 @@ const MDS: &[(&str, &str)] = &[
// Created from:
// https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration
("fips202", include_str!("../fips202.md")),
("fips203", include_str!("../fips203.md")),
("fips204", include_str!("../fips204.md")),
("fips205", include_str!("../fips205.md")),
("rfc8894", include_str!("../rfc8894.md")),
// Created from: https://trustedcomputinggroup.org
("tcgtpm", include_str!("../tcg-tpm.md")),
Expand All @@ -35,7 +38,7 @@ const MDS: &[(&str, &str)] = &[
("btok", include_str!("../stb/btok.asn")),
("brng", include_str!("../stb/brng.asn")),
("bash", include_str!("../stb/bash.asn")),
("bake", include_str!("../stb/bake.asn"))
("bake", include_str!("../stb/bake.asn")),
];

// Bases defined in other places.
Expand Down
168 changes: 168 additions & 0 deletions const-oid/src/db/gen.rs
Original file line number Diff line number Diff line change
Expand Up @@ -325,6 +325,90 @@ pub mod fips202 {
pub const ID_SHA_3_384: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.2.9");
}
pub mod fips203 {
pub const NIST_ALGORITHMS: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4");
pub const KEMS: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.4");
pub const ID_ALG_ML_KEM_512: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.4.1");
pub const ID_ALG_ML_KEM_768: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.4.2");
pub const ID_ALG_ML_KEM_1024: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.4.3");
}
pub mod fips204 {
pub const NIST_ALGORITHMS: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4");
pub const SIG_ALGS: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3");
pub const ID_ML_DSA_44: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.17");
pub const ID_ML_DSA_65: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.18");
pub const ID_ML_DSA_87: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.19");
pub const ID_HASH_ML_DSA_44_WITH_SHA_512: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.32");
pub const ID_HASH_ML_DSA_65_WITH_SHA_512: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.33");
pub const ID_HASH_ML_DSA_87_WITH_SHA_512: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.34");
}
pub mod fips205 {
pub const NIST_ALGORITHMS: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4");
pub const SIG_ALGS: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3");
pub const ID_SLH_DSA_SHA_2_128_S: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.20");
pub const ID_SLH_DSA_SHA_2_128_F: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.21");
pub const ID_SLH_DSA_SHA_2_192_S: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.22");
pub const ID_SLH_DSA_SHA_2_192_F: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.23");
pub const ID_SLH_DSA_SHA_2_256_S: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.24");
pub const ID_SLH_DSA_SHA_2_256_F: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.25");
pub const ID_SLH_DSA_SHAKE_128_S: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.26");
pub const ID_SLH_DSA_SHAKE_128_F: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.27");
pub const ID_SLH_DSA_SHAKE_192_S: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.28");
pub const ID_SLH_DSA_SHAKE_192_F: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.29");
pub const ID_SLH_DSA_SHAKE_256_S: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.30");
pub const ID_SLH_DSA_SHAKE_256_F: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.31");
pub const ID_HASH_SLH_DSA_SHA_2_128_S_WITH_SHA_256: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.35");
pub const ID_HASH_SLH_DSA_SHA_2_128_F_WITH_SHA_256: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.36");
pub const ID_HASH_SLH_DSA_SHA_2_192_S_WITH_SHA_512: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.37");
pub const ID_HASH_SLH_DSA_SHA_2_192_F_WITH_SHA_512: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.38");
pub const ID_HASH_SLH_DSA_SHA_2_256_S_WITH_SHA_512: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.39");
pub const ID_HASH_SLH_DSA_SHA_2_256_F_WITH_SHA_512: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.40");
pub const ID_HASH_SLH_DSA_SHAKE_128_S_WITH_SHAKE_128: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.41");
pub const ID_HASH_SLH_DSA_SHAKE_128_F_WITH_SHAKE_128: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.42");
pub const ID_HASH_SLH_DSA_SHAKE_192_S_WITH_SHAKE_256: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.43");
pub const ID_HASH_SLH_DSA_SHAKE_192_F_WITH_SHAKE_256: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.44");
pub const ID_HASH_SLH_DSA_SHAKE_256_S_WITH_SHAKE_256: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.45");
pub const ID_HASH_SLH_DSA_SHAKE_256_F_WITH_SHAKE_256: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.46");
}
pub mod rfc1274 {
pub const TEXT_ENCODED_OR_ADDRESS: crate::ObjectIdentifier =
crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.2");
Expand Down Expand Up @@ -2972,6 +3056,90 @@ pub const DB: super::Database<'static> = super::Database(&[
(&fips202::ID_SHA_3_224, "id-sha3-224"),
(&fips202::ID_SHA_3_256, "id-sha3-256"),
(&fips202::ID_SHA_3_384, "id-sha3-384"),
(&fips203::NIST_ALGORITHMS, "nistAlgorithms"),
(&fips203::KEMS, "kems"),
(&fips203::ID_ALG_ML_KEM_512, "id-alg-ml-kem-512"),
(&fips203::ID_ALG_ML_KEM_768, "id-alg-ml-kem-768"),
(&fips203::ID_ALG_ML_KEM_1024, "id-alg-ml-kem-1024"),
(&fips204::NIST_ALGORITHMS, "nistAlgorithms"),
(&fips204::SIG_ALGS, "sigAlgs"),
(&fips204::ID_ML_DSA_44, "id-ml-dsa-44"),
(&fips204::ID_ML_DSA_65, "id-ml-dsa-65"),
(&fips204::ID_ML_DSA_87, "id-ml-dsa-87"),
(
&fips204::ID_HASH_ML_DSA_44_WITH_SHA_512,
"id-hash-ml-dsa-44-with-sha512",
),
(
&fips204::ID_HASH_ML_DSA_65_WITH_SHA_512,
"id-hash-ml-dsa-65-with-sha512",
),
(
&fips204::ID_HASH_ML_DSA_87_WITH_SHA_512,
"id-hash-ml-dsa-87-with-sha512",
),
(&fips205::NIST_ALGORITHMS, "nistAlgorithms"),
(&fips205::SIG_ALGS, "sigAlgs"),
(&fips205::ID_SLH_DSA_SHA_2_128_S, "id-slh-dsa-sha2-128s"),
(&fips205::ID_SLH_DSA_SHA_2_128_F, "id-slh-dsa-sha2-128f"),
(&fips205::ID_SLH_DSA_SHA_2_192_S, "id-slh-dsa-sha2-192s"),
(&fips205::ID_SLH_DSA_SHA_2_192_F, "id-slh-dsa-sha2-192f"),
(&fips205::ID_SLH_DSA_SHA_2_256_S, "id-slh-dsa-sha2-256s"),
(&fips205::ID_SLH_DSA_SHA_2_256_F, "id-slh-dsa-sha2-256f"),
(&fips205::ID_SLH_DSA_SHAKE_128_S, "id-slh-dsa-shake-128s"),
(&fips205::ID_SLH_DSA_SHAKE_128_F, "id-slh-dsa-shake-128f"),
(&fips205::ID_SLH_DSA_SHAKE_192_S, "id-slh-dsa-shake-192s"),
(&fips205::ID_SLH_DSA_SHAKE_192_F, "id-slh-dsa-shake-192f"),
(&fips205::ID_SLH_DSA_SHAKE_256_S, "id-slh-dsa-shake-256s"),
(&fips205::ID_SLH_DSA_SHAKE_256_F, "id-slh-dsa-shake-256f"),
(
&fips205::ID_HASH_SLH_DSA_SHA_2_128_S_WITH_SHA_256,
"id-hash-slh-dsa-sha2-128s-with-sha256",
),
(
&fips205::ID_HASH_SLH_DSA_SHA_2_128_F_WITH_SHA_256,
"id-hash-slh-dsa-sha2-128f-with-sha256",
),
(
&fips205::ID_HASH_SLH_DSA_SHA_2_192_S_WITH_SHA_512,
"id-hash-slh-dsa-sha2-192s-with-sha512",
),
(
&fips205::ID_HASH_SLH_DSA_SHA_2_192_F_WITH_SHA_512,
"id-hash-slh-dsa-sha2-192f-with-sha512",
),
(
&fips205::ID_HASH_SLH_DSA_SHA_2_256_S_WITH_SHA_512,
"id-hash-slh-dsa-sha2-256s-with-sha512",
),
(
&fips205::ID_HASH_SLH_DSA_SHA_2_256_F_WITH_SHA_512,
"id-hash-slh-dsa-sha2-256f-with-sha512",
),
(
&fips205::ID_HASH_SLH_DSA_SHAKE_128_S_WITH_SHAKE_128,
"id-hash-slh-dsa-shake-128s-with-shake128",
),
(
&fips205::ID_HASH_SLH_DSA_SHAKE_128_F_WITH_SHAKE_128,
"id-hash-slh-dsa-shake-128f-with-shake128",
),
(
&fips205::ID_HASH_SLH_DSA_SHAKE_192_S_WITH_SHAKE_256,
"id-hash-slh-dsa-shake-192s-with-shake256",
),
(
&fips205::ID_HASH_SLH_DSA_SHAKE_192_F_WITH_SHAKE_256,
"id-hash-slh-dsa-shake-192f-with-shake256",
),
(
&fips205::ID_HASH_SLH_DSA_SHAKE_256_S_WITH_SHAKE_256,
"id-hash-slh-dsa-shake-256s-with-shake256",
),
(
&fips205::ID_HASH_SLH_DSA_SHAKE_256_F_WITH_SHAKE_256,
"id-hash-slh-dsa-shake-256f-with-shake256",
),
(&rfc1274::TEXT_ENCODED_OR_ADDRESS, "textEncodedORAddress"),
(&rfc1274::OTHER_MAILBOX, "otherMailbox"),
(&rfc1274::LAST_MODIFIED_TIME, "lastModifiedTime"),
Expand Down

0 comments on commit fcbea00

Please sign in to comment.