RustCrypto · tarcieri · Oct 2, 2024 · Oct 2, 2024
diff --git a/const-oid/oiddbgen/fips203.md b/const-oid/oiddbgen/fips203.md
@@ -0,0 +1,22 @@
+Object Identifiers (OID) for ML-KEM
+-----------------------------------
+This document lists the OIDs for
+- ML-KEM-512,
+- ML-KEM-768, and
+- ML-KEM-1024.
+
+This file was manually created, as there exists no offical document that is easily parsable.
+The ML-KEM standard is specified in [FIPS 203](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.pdf).
+The OIDs are defined in [Computer Security Objects Register (CSOR)]
+(https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration),
+which publishes the following ML-KEM OIDs:
+
+nistAlgorithms OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) }
+
+kems OBJECT IDENTIFIER ::= { nistAlgorithms 4 }
+
+id-alg-ml-kem-512 OBJECT IDENTIFIER ::= { kems 1 }
+
+id-alg-ml-kem-768 OBJECT IDENTIFIER ::= { kems 2 }
+
+id-alg-ml-kem-1024 OBJECT IDENTIFIER ::= { kems 3 }
diff --git a/const-oid/oiddbgen/fips204.md b/const-oid/oiddbgen/fips204.md
@@ -0,0 +1,32 @@
+Object Identifiers (OID) for ML-DSA
+-----------------------------------
+This document lists the OIDs for
+- ML-DSA-44,
+- ML-DSA-65,
+- ML-DSA-87,
+- HashML-DSA-44 with SHA512,
+- HashML-DSA-65 with SHA512, and
+- HashML-DSA-87 with SHA512.
+
+This file was manually created, as there exists no offical document that is easily parsable.
+The ML-DSA standard is specified in [FIPS 204](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf).
+The OIDs are defined in [Computer Security Objects Register (CSOR)]
+(https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration),
+which publishes the following ML-DSA OIDs:
+
+nistAlgorithms OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) }
+
+sigAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 3 }
+
+id-ml-dsa-44 OBJECT IDENTIFIER ::= { sigAlgs 17 }
+
+id-ml-dsa-65 OBJECT IDENTIFIER ::= { sigAlgs 18 }
+
+id-ml-dsa-87 OBJECT IDENTIFIER ::= { sigAlgs 19 }
+
+id-hash-ml-dsa-44-with-sha512 OBJECT IDENTIFIER ::= { sigAlgs 32 }
+
+id-hash-ml-dsa-65-with-sha512 OBJECT IDENTIFIER ::= { sigAlgs 33 }
+
+id-hash-ml-dsa-87-with-sha512 OBJECT IDENTIFIER ::= { sigAlgs 34 }
+
diff --git a/const-oid/oiddbgen/fips205.md b/const-oid/oiddbgen/fips205.md
@@ -0,0 +1,85 @@
+Object Identifiers (OID) for SLH-DSA
+------------------------------------
+This document lists the OIDs for
+- SLH-DSA-SHA2-128s,
+- SLH-DSA-SHA2-128f,
+- SLH-DSA-SHA2-192s,
+- SLH-DSA-SHA2-192f,
+- SLH-DSA-SHA2-256s,
+- SLH-DSA-SHA2-256f,
+- SLH-DSA-SHAKE-128s,
+- SLH-DSA-SHAKE-128f,
+- SLH-DSA-SHAKE-192s,
+- SLH-DSA-SHAKE-192f,
+- SLH-DSA-SHAKE-256s,
+- SLH-DSA-SHAKE-256f,
+- HashSLH-DSA-SHA2-128s-with-sha256,
+- HashSLH-DSA-SHA2-128f-with-sha256,
+- HashSLH-DSA-SHA2-192s-with-sha512,
+- HashSLH-DSA-SHA2-192f-with-sha512,
+- HashSLH-DSA-SHA2-256s-with-sha512,
+- HashSLH-DSA-SHA2-256f-with-sha512,
+- HashSLH-DSA-SHAKE-128s-with-shake128,
+- HashSLH-DSA-SHAKE-128f-with-shake128,
+- HashSLH-DSA-SHAKE-192s-with-shake256,
+- HashSLH-DSA-SHAKE-192f-with-shake256,
+- HashSLH-DSA-SHAKE-256s-with-shake256, and
+- HashSLH-DSA-SHAKE-256f-with-shake256.
+
+This file was manually created, as there exists no offical document that is easily parsable.
+The SLH-DSA standard is specified in [FIPS 205](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.205.pdf).
+The OIDs are defined in [Computer Security Objects Register (CSOR)]
+(https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration),
+which publishes the following SLH-DSA OIDs:
+
+nistAlgorithms OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) }
+
+sigAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 3 }
+
+id-slh-dsa-sha2-128s OBJECT IDENTIFIER ::= { sigAlgs 20 }
+
+id-slh-dsa-sha2-128f OBJECT IDENTIFIER ::= { sigAlgs 21 }
+
+id-slh-dsa-sha2-192s OBJECT IDENTIFIER ::= { sigAlgs 22 }
+
+id-slh-dsa-sha2-192f OBJECT IDENTIFIER ::= { sigAlgs 23 }
+
+id-slh-dsa-sha2-256s OBJECT IDENTIFIER ::= { sigAlgs 24 }
+
+id-slh-dsa-sha2-256f OBJECT IDENTIFIER ::= { sigAlgs 25 }
+
+id-slh-dsa-shake-128s OBJECT IDENTIFIER ::= { sigAlgs 26 }
+
+id-slh-dsa-shake-128f OBJECT IDENTIFIER ::= { sigAlgs 27 }
+
+id-slh-dsa-shake-192s OBJECT IDENTIFIER ::= { sigAlgs 28 }
+
+id-slh-dsa-shake-192f OBJECT IDENTIFIER ::= { sigAlgs 29 }
+
+id-slh-dsa-shake-256s OBJECT IDENTIFIER ::= { sigAlgs 30 }
+
+id-slh-dsa-shake-256f OBJECT IDENTIFIER ::= { sigAlgs 31 }
+
+id-hash-slh-dsa-sha2-128s-with-sha256 OBJECT IDENTIFIER ::= { sigAlgs 35 }
+
+id-hash-slh-dsa-sha2-128f-with-sha256 OBJECT IDENTIFIER ::= { sigAlgs 36 }
+
+id-hash-slh-dsa-sha2-192s-with-sha512 OBJECT IDENTIFIER ::= { sigAlgs 37 }
+
+id-hash-slh-dsa-sha2-192f-with-sha512 OBJECT IDENTIFIER ::= { sigAlgs 38 }
+
+id-hash-slh-dsa-sha2-256s-with-sha512 OBJECT IDENTIFIER ::= { sigAlgs 39 }
+
+id-hash-slh-dsa-sha2-256f-with-sha512 OBJECT IDENTIFIER ::= { sigAlgs 40 }
+
+id-hash-slh-dsa-shake-128s-with-shake128 OBJECT IDENTIFIER ::= { sigAlgs 41 }
+
+id-hash-slh-dsa-shake-128f-with-shake128 OBJECT IDENTIFIER ::= { sigAlgs 42 }
+
+id-hash-slh-dsa-shake-192s-with-shake256 OBJECT IDENTIFIER ::= { sigAlgs 43 }
+
+id-hash-slh-dsa-shake-192f-with-shake256 OBJECT IDENTIFIER ::= { sigAlgs 44 }
+
+id-hash-slh-dsa-shake-256s-with-shake256  OBJECT IDENTIFIER ::= { sigAlgs 45 }
+
+id-hash-slh-dsa-shake-256f-with-shake256 OBJECT IDENTIFIER ::= { sigAlgs 46 }
diff --git a/const-oid/oiddbgen/src/main.rs b/const-oid/oiddbgen/src/main.rs
@@ -25,6 +25,9 @@ const MDS: &[(&str, &str)] = &[
     // Created from:
     // https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration
     ("fips202", include_str!("../fips202.md")),
+    ("fips203", include_str!("../fips203.md")),
+    ("fips204", include_str!("../fips204.md")),
+    ("fips205", include_str!("../fips205.md")),
     ("rfc8894", include_str!("../rfc8894.md")),
     // Created from: https://trustedcomputinggroup.org
     ("tcgtpm", include_str!("../tcg-tpm.md")),
@@ -35,7 +38,7 @@ const MDS: &[(&str, &str)] = &[
     ("btok", include_str!("../stb/btok.asn")),
     ("brng", include_str!("../stb/brng.asn")),
     ("bash", include_str!("../stb/bash.asn")),
-    ("bake", include_str!("../stb/bake.asn"))
+    ("bake", include_str!("../stb/bake.asn")),
 ];
 
 // Bases defined in other places.

diff --git a/const-oid/src/db/gen.rs b/const-oid/src/db/gen.rs
@@ -325,6 +325,90 @@ pub mod fips202 {
     pub const ID_SHA_3_384: crate::ObjectIdentifier =
         crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.2.9");
 }
+pub mod fips203 {
+    pub const NIST_ALGORITHMS: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4");
+    pub const KEMS: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.4");
+    pub const ID_ALG_ML_KEM_512: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.4.1");
+    pub const ID_ALG_ML_KEM_768: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.4.2");
+    pub const ID_ALG_ML_KEM_1024: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.4.3");
+}
+pub mod fips204 {
+    pub const NIST_ALGORITHMS: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4");
+    pub const SIG_ALGS: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3");
+    pub const ID_ML_DSA_44: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.17");
+    pub const ID_ML_DSA_65: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.18");
+    pub const ID_ML_DSA_87: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.19");
+    pub const ID_HASH_ML_DSA_44_WITH_SHA_512: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.32");
+    pub const ID_HASH_ML_DSA_65_WITH_SHA_512: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.33");
+    pub const ID_HASH_ML_DSA_87_WITH_SHA_512: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.34");
+}
+pub mod fips205 {
+    pub const NIST_ALGORITHMS: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4");
+    pub const SIG_ALGS: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3");
+    pub const ID_SLH_DSA_SHA_2_128_S: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.20");
+    pub const ID_SLH_DSA_SHA_2_128_F: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.21");
+    pub const ID_SLH_DSA_SHA_2_192_S: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.22");
+    pub const ID_SLH_DSA_SHA_2_192_F: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.23");
+    pub const ID_SLH_DSA_SHA_2_256_S: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.24");
+    pub const ID_SLH_DSA_SHA_2_256_F: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.25");
+    pub const ID_SLH_DSA_SHAKE_128_S: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.26");
+    pub const ID_SLH_DSA_SHAKE_128_F: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.27");
+    pub const ID_SLH_DSA_SHAKE_192_S: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.28");
+    pub const ID_SLH_DSA_SHAKE_192_F: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.29");
+    pub const ID_SLH_DSA_SHAKE_256_S: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.30");
+    pub const ID_SLH_DSA_SHAKE_256_F: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.31");
+    pub const ID_HASH_SLH_DSA_SHA_2_128_S_WITH_SHA_256: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.35");
+    pub const ID_HASH_SLH_DSA_SHA_2_128_F_WITH_SHA_256: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.36");
+    pub const ID_HASH_SLH_DSA_SHA_2_192_S_WITH_SHA_512: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.37");
+    pub const ID_HASH_SLH_DSA_SHA_2_192_F_WITH_SHA_512: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.38");
+    pub const ID_HASH_SLH_DSA_SHA_2_256_S_WITH_SHA_512: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.39");
+    pub const ID_HASH_SLH_DSA_SHA_2_256_F_WITH_SHA_512: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.40");
+    pub const ID_HASH_SLH_DSA_SHAKE_128_S_WITH_SHAKE_128: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.41");
+    pub const ID_HASH_SLH_DSA_SHAKE_128_F_WITH_SHAKE_128: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.42");
+    pub const ID_HASH_SLH_DSA_SHAKE_192_S_WITH_SHAKE_256: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.43");
+    pub const ID_HASH_SLH_DSA_SHAKE_192_F_WITH_SHAKE_256: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.44");
+    pub const ID_HASH_SLH_DSA_SHAKE_256_S_WITH_SHAKE_256: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.45");
+    pub const ID_HASH_SLH_DSA_SHAKE_256_F_WITH_SHAKE_256: crate::ObjectIdentifier =
+        crate::ObjectIdentifier::new_unwrap("2.16.840.1.101.3.4.3.46");
+}
 pub mod rfc1274 {
     pub const TEXT_ENCODED_OR_ADDRESS: crate::ObjectIdentifier =
         crate::ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.2");
@@ -2972,6 +3056,90 @@ pub const DB: super::Database<'static> = super::Database(&[
     (&fips202::ID_SHA_3_224, "id-sha3-224"),
     (&fips202::ID_SHA_3_256, "id-sha3-256"),
     (&fips202::ID_SHA_3_384, "id-sha3-384"),
+    (&fips203::NIST_ALGORITHMS, "nistAlgorithms"),
+    (&fips203::KEMS, "kems"),
+    (&fips203::ID_ALG_ML_KEM_512, "id-alg-ml-kem-512"),
+    (&fips203::ID_ALG_ML_KEM_768, "id-alg-ml-kem-768"),
+    (&fips203::ID_ALG_ML_KEM_1024, "id-alg-ml-kem-1024"),
+    (&fips204::NIST_ALGORITHMS, "nistAlgorithms"),
+    (&fips204::SIG_ALGS, "sigAlgs"),
+    (&fips204::ID_ML_DSA_44, "id-ml-dsa-44"),
+    (&fips204::ID_ML_DSA_65, "id-ml-dsa-65"),
+    (&fips204::ID_ML_DSA_87, "id-ml-dsa-87"),
+    (
+        &fips204::ID_HASH_ML_DSA_44_WITH_SHA_512,
+        "id-hash-ml-dsa-44-with-sha512",
+    ),
+    (
+        &fips204::ID_HASH_ML_DSA_65_WITH_SHA_512,
+        "id-hash-ml-dsa-65-with-sha512",
+    ),
+    (
+        &fips204::ID_HASH_ML_DSA_87_WITH_SHA_512,
+        "id-hash-ml-dsa-87-with-sha512",
+    ),
+    (&fips205::NIST_ALGORITHMS, "nistAlgorithms"),
+    (&fips205::SIG_ALGS, "sigAlgs"),
+    (&fips205::ID_SLH_DSA_SHA_2_128_S, "id-slh-dsa-sha2-128s"),
+    (&fips205::ID_SLH_DSA_SHA_2_128_F, "id-slh-dsa-sha2-128f"),
+    (&fips205::ID_SLH_DSA_SHA_2_192_S, "id-slh-dsa-sha2-192s"),
+    (&fips205::ID_SLH_DSA_SHA_2_192_F, "id-slh-dsa-sha2-192f"),
+    (&fips205::ID_SLH_DSA_SHA_2_256_S, "id-slh-dsa-sha2-256s"),
+    (&fips205::ID_SLH_DSA_SHA_2_256_F, "id-slh-dsa-sha2-256f"),
+    (&fips205::ID_SLH_DSA_SHAKE_128_S, "id-slh-dsa-shake-128s"),
+    (&fips205::ID_SLH_DSA_SHAKE_128_F, "id-slh-dsa-shake-128f"),
+    (&fips205::ID_SLH_DSA_SHAKE_192_S, "id-slh-dsa-shake-192s"),
+    (&fips205::ID_SLH_DSA_SHAKE_192_F, "id-slh-dsa-shake-192f"),
+    (&fips205::ID_SLH_DSA_SHAKE_256_S, "id-slh-dsa-shake-256s"),
+    (&fips205::ID_SLH_DSA_SHAKE_256_F, "id-slh-dsa-shake-256f"),
+    (
+        &fips205::ID_HASH_SLH_DSA_SHA_2_128_S_WITH_SHA_256,
+        "id-hash-slh-dsa-sha2-128s-with-sha256",
+    ),
+    (
+        &fips205::ID_HASH_SLH_DSA_SHA_2_128_F_WITH_SHA_256,
+        "id-hash-slh-dsa-sha2-128f-with-sha256",
+    ),
+    (
+        &fips205::ID_HASH_SLH_DSA_SHA_2_192_S_WITH_SHA_512,
+        "id-hash-slh-dsa-sha2-192s-with-sha512",
+    ),
+    (
+        &fips205::ID_HASH_SLH_DSA_SHA_2_192_F_WITH_SHA_512,
+        "id-hash-slh-dsa-sha2-192f-with-sha512",
+    ),
+    (
+        &fips205::ID_HASH_SLH_DSA_SHA_2_256_S_WITH_SHA_512,
+        "id-hash-slh-dsa-sha2-256s-with-sha512",
+    ),
+    (
+        &fips205::ID_HASH_SLH_DSA_SHA_2_256_F_WITH_SHA_512,
+        "id-hash-slh-dsa-sha2-256f-with-sha512",
+    ),
+    (
+        &fips205::ID_HASH_SLH_DSA_SHAKE_128_S_WITH_SHAKE_128,
+        "id-hash-slh-dsa-shake-128s-with-shake128",
+    ),
+    (
+        &fips205::ID_HASH_SLH_DSA_SHAKE_128_F_WITH_SHAKE_128,
+        "id-hash-slh-dsa-shake-128f-with-shake128",
+    ),
+    (
+        &fips205::ID_HASH_SLH_DSA_SHAKE_192_S_WITH_SHAKE_256,
+        "id-hash-slh-dsa-shake-192s-with-shake256",
+    ),
+    (
+        &fips205::ID_HASH_SLH_DSA_SHAKE_192_F_WITH_SHAKE_256,
+        "id-hash-slh-dsa-shake-192f-with-shake256",
+    ),
+    (
+        &fips205::ID_HASH_SLH_DSA_SHAKE_256_S_WITH_SHAKE_256,
+        "id-hash-slh-dsa-shake-256s-with-shake256",
+    ),
+    (
+        &fips205::ID_HASH_SLH_DSA_SHAKE_256_F_WITH_SHAKE_256,
+        "id-hash-slh-dsa-shake-256f-with-shake256",
+    ),
     (&rfc1274::TEXT_ENCODED_OR_ADDRESS, "textEncodedORAddress"),
     (&rfc1274::OTHER_MAILBOX, "otherMailbox"),
     (&rfc1274::LAST_MODIFIED_TIME, "lastModifiedTime"),