From fcbea0024b3554380d31e7e58c3c9d9365d76c12 Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Wed, 2 Oct 2024 07:04:47 -0700 Subject: [PATCH] const-oid: add OIDs for ML-DSA and SLH-DSA (#1541) --- const-oid/oiddbgen/fips203.md | 22 +++++ const-oid/oiddbgen/fips204.md | 32 +++++++ const-oid/oiddbgen/fips205.md | 85 +++++++++++++++++ const-oid/oiddbgen/src/main.rs | 5 +- const-oid/src/db/gen.rs | 168 +++++++++++++++++++++++++++++++++ 5 files changed, 311 insertions(+), 1 deletion(-) create mode 100644 const-oid/oiddbgen/fips203.md create mode 100644 const-oid/oiddbgen/fips204.md create mode 100644 const-oid/oiddbgen/fips205.md diff --git a/const-oid/oiddbgen/fips203.md b/const-oid/oiddbgen/fips203.md new file mode 100644 index 000000000..a88a30bc2 --- /dev/null +++ b/const-oid/oiddbgen/fips203.md @@ -0,0 +1,22 @@ +Object Identifiers (OID) for ML-KEM +----------------------------------- +This document lists the OIDs for +- ML-KEM-512, +- ML-KEM-768, and +- ML-KEM-1024. + +This file was manually created, as there exists no offical document that is easily parsable. +The ML-KEM standard is specified in [FIPS 203](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.pdf). +The OIDs are defined in [Computer Security Objects Register (CSOR)] +(https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration), +which publishes the following ML-KEM OIDs: + +nistAlgorithms OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) } + +kems OBJECT IDENTIFIER ::= { nistAlgorithms 4 } + +id-alg-ml-kem-512 OBJECT IDENTIFIER ::= { kems 1 } + +id-alg-ml-kem-768 OBJECT IDENTIFIER ::= { kems 2 } + +id-alg-ml-kem-1024 OBJECT IDENTIFIER ::= { kems 3 } diff --git a/const-oid/oiddbgen/fips204.md b/const-oid/oiddbgen/fips204.md new file mode 100644 index 000000000..94c1e0e6c --- /dev/null +++ b/const-oid/oiddbgen/fips204.md @@ -0,0 +1,32 @@ +Object Identifiers (OID) for ML-DSA +----------------------------------- +This document lists the OIDs for +- ML-DSA-44, +- ML-DSA-65, +- ML-DSA-87, +- HashML-DSA-44 with SHA512, +- HashML-DSA-65 with SHA512, and +- HashML-DSA-87 with SHA512. + +This file was manually created, as there exists no offical document that is easily parsable. +The ML-DSA standard is specified in [FIPS 204](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf). +The OIDs are defined in [Computer Security Objects Register (CSOR)] +(https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration), +which publishes the following ML-DSA OIDs: + +nistAlgorithms OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) } + +sigAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 3 } + +id-ml-dsa-44 OBJECT IDENTIFIER ::= { sigAlgs 17 } + +id-ml-dsa-65 OBJECT IDENTIFIER ::= { sigAlgs 18 } + +id-ml-dsa-87 OBJECT IDENTIFIER ::= { sigAlgs 19 } + +id-hash-ml-dsa-44-with-sha512 OBJECT IDENTIFIER ::= { sigAlgs 32 } + +id-hash-ml-dsa-65-with-sha512 OBJECT IDENTIFIER ::= { sigAlgs 33 } + +id-hash-ml-dsa-87-with-sha512 OBJECT IDENTIFIER ::= { sigAlgs 34 } + diff --git a/const-oid/oiddbgen/fips205.md b/const-oid/oiddbgen/fips205.md new file mode 100644 index 000000000..f79c756c8 --- /dev/null +++ b/const-oid/oiddbgen/fips205.md @@ -0,0 +1,85 @@ +Object Identifiers (OID) for SLH-DSA +------------------------------------ +This document lists the OIDs for +- SLH-DSA-SHA2-128s, +- SLH-DSA-SHA2-128f, +- SLH-DSA-SHA2-192s, +- SLH-DSA-SHA2-192f, +- SLH-DSA-SHA2-256s, +- SLH-DSA-SHA2-256f, +- SLH-DSA-SHAKE-128s, +- SLH-DSA-SHAKE-128f, +- SLH-DSA-SHAKE-192s, +- SLH-DSA-SHAKE-192f, +- SLH-DSA-SHAKE-256s, +- SLH-DSA-SHAKE-256f, +- HashSLH-DSA-SHA2-128s-with-sha256, +- HashSLH-DSA-SHA2-128f-with-sha256, +- HashSLH-DSA-SHA2-192s-with-sha512, +- HashSLH-DSA-SHA2-192f-with-sha512, +- HashSLH-DSA-SHA2-256s-with-sha512, +- HashSLH-DSA-SHA2-256f-with-sha512, +- HashSLH-DSA-SHAKE-128s-with-shake128, +- HashSLH-DSA-SHAKE-128f-with-shake128, +- HashSLH-DSA-SHAKE-192s-with-shake256, +- HashSLH-DSA-SHAKE-192f-with-shake256, +- HashSLH-DSA-SHAKE-256s-with-shake256, and +- HashSLH-DSA-SHAKE-256f-with-shake256. + +This file was manually created, as there exists no offical document that is easily parsable. +The SLH-DSA standard is specified in [FIPS 205](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.205.pdf). +The OIDs are defined in [Computer Security Objects Register (CSOR)] +(https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration), +which publishes the following SLH-DSA OIDs: + +nistAlgorithms OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) } + +sigAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 3 } + +id-slh-dsa-sha2-128s OBJECT IDENTIFIER ::= { sigAlgs 20 } + +id-slh-dsa-sha2-128f OBJECT IDENTIFIER ::= { sigAlgs 21 } + +id-slh-dsa-sha2-192s OBJECT IDENTIFIER ::= { sigAlgs 22 } + +id-slh-dsa-sha2-192f OBJECT IDENTIFIER ::= { sigAlgs 23 } + +id-slh-dsa-sha2-256s OBJECT IDENTIFIER ::= { sigAlgs 24 } + +id-slh-dsa-sha2-256f OBJECT IDENTIFIER ::= { sigAlgs 25 } + +id-slh-dsa-shake-128s OBJECT IDENTIFIER ::= { sigAlgs 26 } + +id-slh-dsa-shake-128f OBJECT IDENTIFIER ::= { sigAlgs 27 } + +id-slh-dsa-shake-192s OBJECT IDENTIFIER ::= { sigAlgs 28 } + +id-slh-dsa-shake-192f OBJECT IDENTIFIER ::= { sigAlgs 29 } + +id-slh-dsa-shake-256s OBJECT IDENTIFIER ::= { sigAlgs 30 } + +id-slh-dsa-shake-256f OBJECT IDENTIFIER ::= { sigAlgs 31 } + +id-hash-slh-dsa-sha2-128s-with-sha256 OBJECT IDENTIFIER ::= { sigAlgs 35 } + +id-hash-slh-dsa-sha2-128f-with-sha256 OBJECT IDENTIFIER ::= { sigAlgs 36 } + +id-hash-slh-dsa-sha2-192s-with-sha512 OBJECT IDENTIFIER ::= { sigAlgs 37 } + +id-hash-slh-dsa-sha2-192f-with-sha512 OBJECT IDENTIFIER ::= { sigAlgs 38 } + +id-hash-slh-dsa-sha2-256s-with-sha512 OBJECT IDENTIFIER ::= { sigAlgs 39 } + +id-hash-slh-dsa-sha2-256f-with-sha512 OBJECT IDENTIFIER ::= { sigAlgs 40 } + +id-hash-slh-dsa-shake-128s-with-shake128 OBJECT IDENTIFIER ::= { sigAlgs 41 } + +id-hash-slh-dsa-shake-128f-with-shake128 OBJECT IDENTIFIER ::= { sigAlgs 42 } + +id-hash-slh-dsa-shake-192s-with-shake256 OBJECT IDENTIFIER ::= { sigAlgs 43 } + +id-hash-slh-dsa-shake-192f-with-shake256 OBJECT IDENTIFIER ::= { sigAlgs 44 } + +id-hash-slh-dsa-shake-256s-with-shake256 OBJECT IDENTIFIER ::= { sigAlgs 45 } + +id-hash-slh-dsa-shake-256f-with-shake256 OBJECT IDENTIFIER ::= { sigAlgs 46 } diff --git a/const-oid/oiddbgen/src/main.rs b/const-oid/oiddbgen/src/main.rs index e9d8630e7..f66df6a82 100644 --- a/const-oid/oiddbgen/src/main.rs +++ b/const-oid/oiddbgen/src/main.rs @@ -25,6 +25,9 @@ const MDS: &[(&str, &str)] = &[ // Created from: // https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration ("fips202", include_str!("../fips202.md")), + ("fips203", include_str!("../fips203.md")), + ("fips204", include_str!("../fips204.md")), + ("fips205", include_str!("../fips205.md")), ("rfc8894", include_str!("../rfc8894.md")), // Created from: https://trustedcomputinggroup.org ("tcgtpm", include_str!("../tcg-tpm.md")), @@ -35,7 +38,7 @@ const MDS: &[(&str, &str)] = &[ ("btok", include_str!("../stb/btok.asn")), ("brng", include_str!("../stb/brng.asn")), ("bash", include_str!("../stb/bash.asn")), - ("bake", include_str!("../stb/bake.asn")) + ("bake", include_str!("../stb/bake.asn")), ]; // Bases defined in other places. diff --git a/const-oid/src/db/gen.rs b/const-oid/src/db/gen.rs index 7cc310868..941b5b308 100644 --- a/const-oid/src/db/gen.rs +++ b/const-oid/src/db/gen.rs @@ -325,6 +325,90 @@ pub mod fips202 { pub const ID_SHA_3_384: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.2.9"); } +pub mod fips203 { + pub const NIST_ALGORITHMS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4"); + pub const KEMS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.4"); + pub const ID_ALG_ML_KEM_512: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.4.1"); + pub const ID_ALG_ML_KEM_768: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.4.2"); + pub const ID_ALG_ML_KEM_1024: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.4.3"); +} +pub mod fips204 { + pub const NIST_ALGORITHMS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4"); + pub const SIG_ALGS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3"); + pub const ID_ML_DSA_44: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.17"); + pub const ID_ML_DSA_65: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.18"); + pub const ID_ML_DSA_87: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.19"); + pub const ID_HASH_ML_DSA_44_WITH_SHA_512: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.32"); + pub const ID_HASH_ML_DSA_65_WITH_SHA_512: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.33"); + pub const ID_HASH_ML_DSA_87_WITH_SHA_512: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.34"); +} +pub mod fips205 { + pub const NIST_ALGORITHMS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4"); + pub const SIG_ALGS: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3"); + pub const ID_SLH_DSA_SHA_2_128_S: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.20"); + pub const ID_SLH_DSA_SHA_2_128_F: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.21"); + pub const ID_SLH_DSA_SHA_2_192_S: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.22"); + pub const ID_SLH_DSA_SHA_2_192_F: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.23"); + pub const ID_SLH_DSA_SHA_2_256_S: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.24"); + pub const ID_SLH_DSA_SHA_2_256_F: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.25"); + pub const ID_SLH_DSA_SHAKE_128_S: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.26"); + pub const ID_SLH_DSA_SHAKE_128_F: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.27"); + pub const ID_SLH_DSA_SHAKE_192_S: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.28"); + pub const ID_SLH_DSA_SHAKE_192_F: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.29"); + pub const ID_SLH_DSA_SHAKE_256_S: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.30"); + pub const ID_SLH_DSA_SHAKE_256_F: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.31"); + pub const ID_HASH_SLH_DSA_SHA_2_128_S_WITH_SHA_256: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.35"); + pub const ID_HASH_SLH_DSA_SHA_2_128_F_WITH_SHA_256: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.36"); + pub const ID_HASH_SLH_DSA_SHA_2_192_S_WITH_SHA_512: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.37"); + pub const ID_HASH_SLH_DSA_SHA_2_192_F_WITH_SHA_512: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.38"); + pub const ID_HASH_SLH_DSA_SHA_2_256_S_WITH_SHA_512: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.39"); + pub const ID_HASH_SLH_DSA_SHA_2_256_F_WITH_SHA_512: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.40"); + pub const ID_HASH_SLH_DSA_SHAKE_128_S_WITH_SHAKE_128: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.41"); + pub const ID_HASH_SLH_DSA_SHAKE_128_F_WITH_SHAKE_128: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.42"); + pub const ID_HASH_SLH_DSA_SHAKE_192_S_WITH_SHAKE_256: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.43"); + pub const ID_HASH_SLH_DSA_SHAKE_192_F_WITH_SHAKE_256: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.44"); + pub const ID_HASH_SLH_DSA_SHAKE_256_S_WITH_SHAKE_256: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.45"); + pub const ID_HASH_SLH_DSA_SHAKE_256_F_WITH_SHAKE_256: crate::ObjectIdentifier = + crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.46"); +} pub mod rfc1274 { pub const TEXT_ENCODED_OR_ADDRESS: crate::ObjectIdentifier = crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.2"); @@ -2972,6 +3056,90 @@ pub const DB: super::Database<'static> = super::Database(&[ (&fips202::ID_SHA_3_224, "id-sha3-224"), (&fips202::ID_SHA_3_256, "id-sha3-256"), (&fips202::ID_SHA_3_384, "id-sha3-384"), + (&fips203::NIST_ALGORITHMS, "nistAlgorithms"), + (&fips203::KEMS, "kems"), + (&fips203::ID_ALG_ML_KEM_512, "id-alg-ml-kem-512"), + (&fips203::ID_ALG_ML_KEM_768, "id-alg-ml-kem-768"), + (&fips203::ID_ALG_ML_KEM_1024, "id-alg-ml-kem-1024"), + (&fips204::NIST_ALGORITHMS, "nistAlgorithms"), + (&fips204::SIG_ALGS, "sigAlgs"), + (&fips204::ID_ML_DSA_44, "id-ml-dsa-44"), + (&fips204::ID_ML_DSA_65, "id-ml-dsa-65"), + (&fips204::ID_ML_DSA_87, "id-ml-dsa-87"), + ( + &fips204::ID_HASH_ML_DSA_44_WITH_SHA_512, + "id-hash-ml-dsa-44-with-sha512", + ), + ( + &fips204::ID_HASH_ML_DSA_65_WITH_SHA_512, + "id-hash-ml-dsa-65-with-sha512", + ), + ( + &fips204::ID_HASH_ML_DSA_87_WITH_SHA_512, + "id-hash-ml-dsa-87-with-sha512", + ), + (&fips205::NIST_ALGORITHMS, "nistAlgorithms"), + (&fips205::SIG_ALGS, "sigAlgs"), + (&fips205::ID_SLH_DSA_SHA_2_128_S, "id-slh-dsa-sha2-128s"), + (&fips205::ID_SLH_DSA_SHA_2_128_F, "id-slh-dsa-sha2-128f"), + (&fips205::ID_SLH_DSA_SHA_2_192_S, "id-slh-dsa-sha2-192s"), + (&fips205::ID_SLH_DSA_SHA_2_192_F, "id-slh-dsa-sha2-192f"), + (&fips205::ID_SLH_DSA_SHA_2_256_S, "id-slh-dsa-sha2-256s"), + (&fips205::ID_SLH_DSA_SHA_2_256_F, "id-slh-dsa-sha2-256f"), + (&fips205::ID_SLH_DSA_SHAKE_128_S, "id-slh-dsa-shake-128s"), + (&fips205::ID_SLH_DSA_SHAKE_128_F, "id-slh-dsa-shake-128f"), + (&fips205::ID_SLH_DSA_SHAKE_192_S, "id-slh-dsa-shake-192s"), + (&fips205::ID_SLH_DSA_SHAKE_192_F, "id-slh-dsa-shake-192f"), + (&fips205::ID_SLH_DSA_SHAKE_256_S, "id-slh-dsa-shake-256s"), + (&fips205::ID_SLH_DSA_SHAKE_256_F, "id-slh-dsa-shake-256f"), + ( + &fips205::ID_HASH_SLH_DSA_SHA_2_128_S_WITH_SHA_256, + "id-hash-slh-dsa-sha2-128s-with-sha256", + ), + ( + &fips205::ID_HASH_SLH_DSA_SHA_2_128_F_WITH_SHA_256, + "id-hash-slh-dsa-sha2-128f-with-sha256", + ), + ( + &fips205::ID_HASH_SLH_DSA_SHA_2_192_S_WITH_SHA_512, + "id-hash-slh-dsa-sha2-192s-with-sha512", + ), + ( + &fips205::ID_HASH_SLH_DSA_SHA_2_192_F_WITH_SHA_512, + "id-hash-slh-dsa-sha2-192f-with-sha512", + ), + ( + &fips205::ID_HASH_SLH_DSA_SHA_2_256_S_WITH_SHA_512, + "id-hash-slh-dsa-sha2-256s-with-sha512", + ), + ( + &fips205::ID_HASH_SLH_DSA_SHA_2_256_F_WITH_SHA_512, + "id-hash-slh-dsa-sha2-256f-with-sha512", + ), + ( + &fips205::ID_HASH_SLH_DSA_SHAKE_128_S_WITH_SHAKE_128, + "id-hash-slh-dsa-shake-128s-with-shake128", + ), + ( + &fips205::ID_HASH_SLH_DSA_SHAKE_128_F_WITH_SHAKE_128, + "id-hash-slh-dsa-shake-128f-with-shake128", + ), + ( + &fips205::ID_HASH_SLH_DSA_SHAKE_192_S_WITH_SHAKE_256, + "id-hash-slh-dsa-shake-192s-with-shake256", + ), + ( + &fips205::ID_HASH_SLH_DSA_SHAKE_192_F_WITH_SHAKE_256, + "id-hash-slh-dsa-shake-192f-with-shake256", + ), + ( + &fips205::ID_HASH_SLH_DSA_SHAKE_256_S_WITH_SHAKE_256, + "id-hash-slh-dsa-shake-256s-with-shake256", + ), + ( + &fips205::ID_HASH_SLH_DSA_SHAKE_256_F_WITH_SHAKE_256, + "id-hash-slh-dsa-shake-256f-with-shake256", + ), (&rfc1274::TEXT_ENCODED_OR_ADDRESS, "textEncodedORAddress"), (&rfc1274::OTHER_MAILBOX, "otherMailbox"), (&rfc1274::LAST_MODIFIED_TIME, "lastModifiedTime"),