diff --git a/.gitignore b/.gitignore index 0dd18cd..72a59ae 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ *.html *~ lib/ +.includes.mk diff --git a/Composite-MLDSA-2024.asn b/Composite-MLDSA-2024.asn index d42ac42..35d910f 100644 --- a/Composite-MLDSA-2024.asn +++ b/Composite-MLDSA-2024.asn @@ -208,16 +208,32 @@ sa-MLDSA65-RSA4096-PKCS15 SIGNATURE-ALGORITHM ::= id-MLDSA65-RSA4096-PKCS15, pk-MLDSA65-RSA4096-PKCS15 } + -- TODO: OID to be replaced by IANA -id-MLDSA65-ECDSA-P384 OBJECT IDENTIFIER ::= { +id-MLDSA65-ECDSA-P256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) entrust(114027) algorithm(80) composite(8) signature(1) 68 } +pk-MLDSA65-ECDSA-P256 PUBLIC-KEY ::= + pk-CompositeSignature{ id-MLDSA65-ECDSA-P256, + CompositeMLDSAPublicKey} + +sa-MLDSA65-ECDSA-P256 SIGNATURE-ALGORITHM ::= + sa-CompositeSignature{ + id-MLDSA65-ECDSA-P256, + pk-MLDSA65-ECDSA-P256 } + + +-- TODO: OID to be replaced by IANA +id-MLDSA65-ECDSA-P384 OBJECT IDENTIFIER ::= { + joint-iso-itu-t(2) country(16) us(840) organization(1) + entrust(114027) algorithm(80) composite(8) signature(1) 69 } + pk-MLDSA65-ECDSA-P384 PUBLIC-KEY ::= pk-CompositeSignature{ id-MLDSA65-ECDSA-P384, CompositeMLDSAPublicKey} -sa-MLDSA65-ECDSA-P256 SIGNATURE-ALGORITHM ::= +sa-MLDSA65-ECDSA-P384 SIGNATURE-ALGORITHM ::= sa-CompositeSignature{ id-MLDSA65-ECDSA-P384, pk-MLDSA65-ECDSA-P384 } @@ -226,7 +242,7 @@ sa-MLDSA65-ECDSA-P256 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-MLDSA65-ECDSA-brainpoolP256r1 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 69 } + entrust(114027) algorithm(80) composite(8) signature(1) 70 } pk-MLDSA65-ECDSA-brainpoolP256r1 PUBLIC-KEY ::= pk-CompositeSignature{ id-MLDSA65-ECDSA-brainpoolP256r1, @@ -241,7 +257,7 @@ sa-MLDSA65-ECDSA-brainpoolP256r1 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-MLDSA65-Ed25519 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 70 } + entrust(114027) algorithm(80) composite(8) signature(1) 71 } pk-MLDSA65-Ed25519 PUBLIC-KEY ::= pk-CompositeSignature{ id-MLDSA65-Ed25519, @@ -252,11 +268,10 @@ sa-MLDSA65-Ed25519 SIGNATURE-ALGORITHM ::= id-MLDSA65-Ed25519, pk-MLDSA65-Ed25519 } - -- TODO: OID to be replaced by IANA id-MLDSA87-ECDSA-P384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 71 } + entrust(114027) algorithm(80) composite(8) signature(1) 72 } pk-MLDSA87-ECDSA-P384 PUBLIC-KEY ::= pk-CompositeSignature{ id-MLDSA87-ECDSA-P384, @@ -271,7 +286,7 @@ sa-MLDSA87-ECDSA-P384 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-MLDSA87-ECDSA-brainpoolP384r1 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 72 } + entrust(114027) algorithm(80) composite(8) signature(1) 73 } pk-MLDSA87-ECDSA-brainpoolP384r1 PUBLIC-KEY ::= pk-CompositeSignature{ id-MLDSA87-ECDSA-brainpoolP384r1, @@ -286,7 +301,7 @@ sa-MLDSA87-ECDSA-brainpoolP384r1 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-MLDSA87-Ed448 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 73 } + entrust(114027) algorithm(80) composite(8) signature(1) 74 } pk-MLDSA87-Ed448 PUBLIC-KEY ::= pk-CompositeSignature{ id-MLDSA87-Ed448, @@ -303,7 +318,7 @@ sa-MLDSA87-Ed448 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-HashMLDSA44-RSA2048-PSS-SHA256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 74 } + entrust(114027) algorithm(80) composite(8) signature(1) 80 } pk-HashMLDSA44-RSA2048-PSS-SHA256 PUBLIC-KEY ::= pk-CompositeSignature{ id-HashMLDSA44-RSA2048-PSS-SHA256, @@ -317,7 +332,7 @@ sa-HashMLDSA44-RSA2048-PSS-SHA256 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-HashMLDSA44-RSA2048-PKCS15-SHA256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 75 } + entrust(114027) algorithm(80) composite(8) signature(1) 81 } pk-HashMLDSA44-RSA2048-PKCS15-SHA256 PUBLIC-KEY ::= pk-CompositeSignature{ id-HashMLDSA44-RSA2048-PKCS15-SHA256, @@ -332,7 +347,7 @@ sa-HashMLDSA44-RSA2048-PKCS15-SHA256 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-HashMLDSA44-Ed25519-SHA512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 76 } + entrust(114027) algorithm(80) composite(8) signature(1) 82 } pk-HashMLDSA44-Ed25519-SHA512 PUBLIC-KEY ::= pk-CompositeSignature{ id-HashMLDSA44-Ed25519-SHA512, @@ -347,7 +362,7 @@ sa-HashMLDSA44-Ed25519-SHA512 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-HashMLDSA44-ECDSA-P256-SHA256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 77 } + entrust(114027) algorithm(80) composite(8) signature(1) 83 } pk-HashMLDSA44-ECDSA-P256-SHA256 PUBLIC-KEY ::= pk-CompositeSignature{ id-HashMLDSA44-ECDSA-P256-SHA256, @@ -362,7 +377,7 @@ sa-HashMLDSA44-ECDSA-P256-SHA256 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-HashMLDSA65-RSA3072-PSS-SHA512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 78 } + entrust(114027) algorithm(80) composite(8) signature(1) 84 } pk-HashMLDSA65-RSA3072-PSS-SHA512 PUBLIC-KEY ::= pk-CompositeSignature{ id-HashMLDSA65-RSA3072-PSS-SHA512, @@ -377,7 +392,7 @@ sa-HashMLDSA65-RSA3072-PSS-SHA512 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-HashMLDSA65-RSA3072-PKCS15-SHA512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 79 } + entrust(114027) algorithm(80) composite(8) signature(1) 85 } pk-HashMLDSA65-RSA3072-PKCS15-SHA512 PUBLIC-KEY ::= pk-CompositeSignature{ id-HashMLDSA65-RSA3072-PKCS15-SHA512, @@ -391,7 +406,7 @@ sa-HashMLDSA65-RSA3072-PKCS15-SHA512 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-HashMLDSA65-RSA4096-PSS-SHA512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 80 } + entrust(114027) algorithm(80) composite(8) signature(1) 86 } pk-HashMLDSA65-RSA4096-PSS-SHA512 PUBLIC-KEY ::= pk-CompositeSignature{ id-HashMLDSA65-RSA4096-PSS-SHA512, @@ -406,7 +421,7 @@ sa-HashMLDSA65-RSA4096-PSS-SHA512 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-HashMLDSA65-RSA4096-PKCS15-SHA512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 81 } + entrust(114027) algorithm(80) composite(8) signature(1) 87 } pk-HashMLDSA65-RSA4096-PKCS15-SHA512 PUBLIC-KEY ::= pk-CompositeSignature{ id-HashMLDSA65-RSA4096-PKCS15-SHA512, @@ -417,16 +432,34 @@ sa-HashMLDSA65-RSA4096-PKCS15-SHA512 SIGNATURE-ALGORITHM ::= id-HashMLDSA65-RSA4096-PKCS15-SHA512, pk-HashMLDSA65-RSA4096-PKCS15-SHA512 } + +-- TODO: OID to be replaced by IANA +id-HashMLDSA65-ECDSA-P256-SHA512 OBJECT IDENTIFIER ::= { + joint-iso-itu-t(2) country(16) us(840) organization(1) + entrust(114027) algorithm(80) composite(8) signature(1) 88 } + +pk-HashMLDSA65-ECDSA-P256-SHA512 PUBLIC-KEY ::= + pk-CompositeSignature{ id-HashMLDSA65-ECDSA-P256-SHA512, + CompositeMLDSAPublicKey} + +sa-HashMLDSA65-ECDSA-P256-SHA512 SIGNATURE-ALGORITHM ::= + sa-CompositeSignature{ + id-HashMLDSA65-ECDSA-P256-SHA512, + pk-HashMLDSA65-ECDSA-P256-SHA512 } + + + + -- TODO: OID to be replaced by IANA id-HashMLDSA65-ECDSA-P384-SHA512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 82 } + entrust(114027) algorithm(80) composite(8) signature(1) 89 } pk-HashMLDSA65-ECDSA-P384-SHA512 PUBLIC-KEY ::= pk-CompositeSignature{ id-HashMLDSA65-ECDSA-P384-SHA512, CompositeMLDSAPublicKey} -sa-HashMLDSA65-ECDSA-P256-SHA512 SIGNATURE-ALGORITHM ::= +sa-HashMLDSA65-ECDSA-P384-SHA512 SIGNATURE-ALGORITHM ::= sa-CompositeSignature{ id-HashMLDSA65-ECDSA-P384-SHA512, pk-HashMLDSA65-ECDSA-P384-SHA512 } @@ -435,7 +468,7 @@ sa-HashMLDSA65-ECDSA-P256-SHA512 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-HashMLDSA65-ECDSA-brainpoolP256r1-SHA512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 83 } + entrust(114027) algorithm(80) composite(8) signature(1) 90 } pk-HashMLDSA65-ECDSA-brainpoolP256r1-SHA512 PUBLIC-KEY ::= pk-CompositeSignature{ id-HashMLDSA65-ECDSA-brainpoolP256r1-SHA512, @@ -450,7 +483,7 @@ sa-HashMLDSA65-ECDSA-brainpoolP256r1-SHA512 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-HashMLDSA65-Ed25519-SHA512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 84 } + entrust(114027) algorithm(80) composite(8) signature(1) 91 } pk-HashMLDSA65-Ed25519-SHA512 PUBLIC-KEY ::= pk-CompositeSignature{ id-HashMLDSA65-Ed25519-SHA512, @@ -465,7 +498,7 @@ sa-HashMLDSA65-Ed25519-SHA512 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-HashMLDSA87-ECDSA-P384-SHA512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 85 } + entrust(114027) algorithm(80) composite(8) signature(1) 92 } pk-HashMLDSA87-ECDSA-P384-SHA512 PUBLIC-KEY ::= pk-CompositeSignature{ id-HashMLDSA87-ECDSA-P384-SHA512, @@ -480,7 +513,7 @@ sa-HashMLDSA87-ECDSA-P384-SHA512 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-HashMLDSA87-ECDSA-brainpoolP384r1-SHA512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 86 } + entrust(114027) algorithm(80) composite(8) signature(1) 93 } pk-HashMLDSA87-ECDSA-brainpoolP384r1-SHA512 PUBLIC-KEY ::= pk-CompositeSignature{ id-HashMLDSA87-ECDSA-brainpoolP384r1-SHA512, @@ -495,7 +528,7 @@ sa-HashMLDSA87-ECDSA-brainpoolP384r1-SHA512 SIGNATURE-ALGORITHM ::= -- TODO: OID to be replaced by IANA id-HashMLDSA87-Ed448-SHA512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) - entrust(114027) algorithm(80) composite(8) signature(1) 87 } + entrust(114027) algorithm(80) composite(8) signature(1) 94 } pk-HashMLDSA87-Ed448-SHA512 PUBLIC-KEY ::= pk-CompositeSignature{ id-HashMLDSA87-Ed448-SHA512, diff --git a/draft-ietf-lamps-pq-composite-sigs.md b/draft-ietf-lamps-pq-composite-sigs.md index d326ca3..ee8626e 100644 --- a/draft-ietf-lamps-pq-composite-sigs.md +++ b/draft-ietf-lamps-pq-composite-sigs.md @@ -1057,12 +1057,13 @@ Pure Composite-ML-DSA Signature public key types: | id-MLDSA65-RSA3072-PKCS15 | <CompSig>.65 | id-ML-DSA-65 | sha256WithRSAEncryption | | id-MLDSA65-RSA4096-PSS | <CompSig>.66 | id-ML-DSA-65 | id-RSASA-PSS with id-sha384 | | id-MLDSA65-RSA4096-PKCS15 | <CompSig>.67 | id-ML-DSA-65 | sha384WithRSAEncryption | -| id-MLDSA65-ECDSA-P384 | <CompSig>.68 | id-ML-DSA-65 | ecdsa-with-SHA384 with secp384r1 | -| id-MLDSA65-ECDSA-brainpoolP256r1 | <CompSig>.69 | id-ML-DSA-65 | ecdsa-with-SHA256 with brainpoolP256r1 | -| id-MLDSA65-Ed25519 | <CompSig>.70 | id-ML-DSA-65 | id-Ed25519 | -| id-MLDSA87-ECDSA-P384 | <CompSig>.71 | id-ML-DSA-87 | ecdsa-with-SHA384 with secp384r1 | -| id-MLDSA87-ECDSA-brainpoolP384r1 | <CompSig>.72 | id-ML-DSA-87 | ecdsa-with-SHA384 with brainpoolP384r1 | -| id-MLDSA87-Ed448 | <CompSig>.73 | id-ML-DSA-87 | id-Ed448 | +| id-MLDSA65-ECDSA-P256 | <CompSig>.68 | id-ML-DSA-65 | ecdsa-with-SHA256 with secp256r1 | +| id-MLDSA65-ECDSA-P384 | <CompSig>.69 | id-ML-DSA-65 | ecdsa-with-SHA384 with secp384r1 | +| id-MLDSA65-ECDSA-brainpoolP256r1 | <CompSig>.70 | id-ML-DSA-65 | ecdsa-with-SHA256 with brainpoolP256r1 | +| id-MLDSA65-Ed25519 | <CompSig>.71 | id-ML-DSA-65 | id-Ed25519 | +| id-MLDSA87-ECDSA-P384 | <CompSig>.72 | id-ML-DSA-87 | ecdsa-with-SHA384 with secp384r1 | +| id-MLDSA87-ECDSA-brainpoolP384r1 | <CompSig>.73 | id-ML-DSA-87 | ecdsa-with-SHA384 with brainpoolP384r1 | +| id-MLDSA87-Ed448 | <CompSig>.74 | id-ML-DSA-87 | id-Ed448 | {: #tab-sig-algs title="Pure ML-DSA Composite Signature Algorithms"} See the ASN.1 module in section {{sec-asn1-module}} for the explicit definitions of the above Composite ML-DSA algorithms. @@ -1075,20 +1076,21 @@ HashComposite-ML-DSA Signature public key types: | Composite Signature Algorithm | OID | First Algorithm | Second Algorithm | Pre-Hash | | ----------- | ----------- | ----------- | ----------- | ----------- | -| id-HashMLDSA44-RSA2048-PSS-SHA256 | <CompSig>.74 | id-ML-DSA-44 | id-RSASA-PSS with id-sha256 | id-sha256 | -| id-HashMLDSA44-RSA2048-PKCS15-SHA256 | <CompSig>.75 | id-ML-DSA-44 | sha256WithRSAEncryption | id-sha256 | -| id-HashMLDSA44-Ed25519-SHA512 | <CompSig>.76 | id-ML-DSA-44 | id-Ed25519 | id-sha512 | -| id-HashMLDSA44-ECDSA-P256-SHA256 | <CompSig>.77 | id-ML-DSA-44 | ecdsa-with-SHA256 with secp256r1 | id-sha256 | -| id-HashMLDSA65-RSA3072-PSS-SHA512 | <CompSig>.78 | id-ML-DSA-65 | id-RSASA-PSS with id-sha256 | id-sha512 | -| id-HashMLDSA65-RSA3072-PKCS15-SHA512 | <CompSig>.79 | id-ML-DSA-65 | sha256WithRSAEncryption | id-sha512 | -| id-HashMLDSA65-RSA4096-PSS-SHA512 | <CompSig>.80 | id-ML-DSA-65 | id-RSASA-PSS with id-sha384 | id-sha512 | -| id-HashMLDSA65-RSA4096-PKCS15-SHA512 | <CompSig>.81 | id-ML-DSA-65 | sha384WithRSAEncryption | id-sha512 | -| id-HashMLDSA65-ECDSA-P384-SHA512 | <CompSig>.82 | id-ML-DSA-65 | ecdsa-with-SHA384 with secp384r1 | id-sha512 | -| id-HashMLDSA65-ECDSA-brainpoolP256r1-SHA512 | <CompSig>.83 | id-ML-DSA-65 | ecdsa-with-SHA256 with brainpoolP256r1 | id-sha512 | -| id-HashMLDSA65-Ed25519-SHA512 | <CompSig>.84 | id-ML-DSA-65 | id-Ed25519 | id-sha512 | -| id-HashMLDSA87-ECDSA-P384-SHA512 | <CompSig>.85 | id-ML-DSA-87 | ecdsa-with-SHA384 with secp384r1 | id-sha512| -| id-HashMLDSA87-ECDSA-brainpoolP384r1-SHA512 | <CompSig>.86 | id-ML-DSA-87 | ecdsa-with-SHA384 with brainpoolP384r1 | id-sha512 | -| id-HashMLDSA87-Ed448-SHA512 | <CompSig>.87 | id-ML-DSA-87 | id-Ed448 | id-sha512 | +| id-HashMLDSA44-RSA2048-PSS-SHA256 | <CompSig>.80 | id-ML-DSA-44 | id-RSASA-PSS with id-sha256 | id-sha256 | +| id-HashMLDSA44-RSA2048-PKCS15-SHA256 | <CompSig>.81 | id-ML-DSA-44 | sha256WithRSAEncryption | id-sha256 | +| id-HashMLDSA44-Ed25519-SHA512 | <CompSig>.82 | id-ML-DSA-44 | id-Ed25519 | id-sha512 | +| id-HashMLDSA44-ECDSA-P256-SHA256 | <CompSig>.83 | id-ML-DSA-44 | ecdsa-with-SHA256 with secp256r1 | id-sha256 | +| id-HashMLDSA65-RSA3072-PSS-SHA512 | <CompSig>.84 | id-ML-DSA-65 | id-RSASA-PSS with id-sha256 | id-sha512 | +| id-HashMLDSA65-RSA3072-PKCS15-SHA512 | <CompSig>.85 | id-ML-DSA-65 | sha256WithRSAEncryption | id-sha512 | +| id-HashMLDSA65-RSA4096-PSS-SHA512 | <CompSig>.86 | id-ML-DSA-65 | id-RSASA-PSS with id-sha384 | id-sha512 | +| id-HashMLDSA65-RSA4096-PKCS15-SHA512 | <CompSig>.87 | id-ML-DSA-65 | sha384WithRSAEncryption | id-sha512 | +| id-HashMLDSA65-ECDSA-P256-SHA512 | <CompSig>.88 | id-ML-DSA-65 | ecdsa-with-SHA256 with secp256r1 | id-sha512 | +| id-HashMLDSA65-ECDSA-P384-SHA512 | <CompSig>.89 | id-ML-DSA-65 | ecdsa-with-SHA384 with secp384r1 | id-sha512 | +| id-HashMLDSA65-ECDSA-brainpoolP256r1-SHA512 | <CompSig>.90 | id-ML-DSA-65 | ecdsa-with-SHA256 with brainpoolP256r1 | id-sha512 | +| id-HashMLDSA65-Ed25519-SHA512 | <CompSig>.91 | id-ML-DSA-65 | id-Ed25519 | id-sha512 | +| id-HashMLDSA87-ECDSA-P384-SHA512 | <CompSig>.92 | id-ML-DSA-87 | ecdsa-with-SHA384 with secp384r1 | id-sha512| +| id-HashMLDSA87-ECDSA-brainpoolP384r1-SHA512 | <CompSig>.93 | id-ML-DSA-87 | ecdsa-with-SHA384 with brainpoolP384r1 | id-sha512 | +| id-HashMLDSA87-Ed448-SHA512 | <CompSig>.94 | id-ML-DSA-87 | id-Ed448 | id-sha512 | {: #tab-hash-sig-algs title="Hash ML-DSA Composite Signature Algorithms"} @@ -1112,30 +1114,32 @@ As mentioned above, the OID input value is used as a domain separator for the Co | id-MLDSA65-RSA3072-PKCS15 |060B6086480186FA6B50080141| | id-MLDSA65-RSA4096-PSS |060B6086480186FA6B50080142| | id-MLDSA65-RSA4096-PKCS15 |060B6086480186FA6B50080143| -| id-MLDSA65-ECDSA-P384 |060B6086480186FA6B50080144| -| id-MLDSA65-ECDSA-brainpoolP256r1 |060B6086480186FA6B50080145| -| id-MLDSA65-Ed25519 |060B6086480186FA6B50080146| -| id-MLDSA87-ECDSA-P384 |060B6086480186FA6B50080147| -| id-MLDSA87-ECDSA-brainpoolP384r1 |060B6086480186FA6B50080148| -| id-MLDSA87-Ed448 |060B6086480186FA6B50080149| +| id-MLDSA65-ECDSA-P256 |060B6086480186FA6B50080144| +| id-MLDSA65-ECDSA-P384 |060B6086480186FA6B50080145| +| id-MLDSA65-ECDSA-brainpoolP256r1 |060B6086480186FA6B50080146| +| id-MLDSA65-Ed25519 |060B6086480186FA6B50080147| +| id-MLDSA87-ECDSA-P384 |060B6086480186FA6B50080148| +| id-MLDSA87-ECDSA-brainpoolP384r1 |060B6086480186FA6B50080149| +| id-MLDSA87-Ed448 |060B6086480186FA6B5008014A| {: #tab-sig-alg-oids title="Pure ML-DSA Composite Signature Domain Separators"} | Composite Signature Algorithm | Domain Separator (in Hex encoding)| | ----------- | ----------- | -| id-HashMLDSA44-RSA2048-PSS-SHA256 | 060B6086480186FA6B5008014A| -| id-HashMLDSA44-RSA2048-PKCS15-SHA256 |060B6086480186FA6B5008014B| -| id-HashMLDSA44-Ed25519-SHA512 |060B6086480186FA6B5008014C| -| id-HashMLDSA44-ECDSA-P256-SHA256 |060B6086480186FA6B5008014D| -| id-HashMLDSA65-RSA3072-PSS-SHA512 |060B6086480186FA6B5008014E| -| id-HashMLDSA65-RSA3072-PKCS15-SHA512 |060B6086480186FA6B5008014F| -| id-HashMLDSA65-RSA4096-PSS-SHA512 |060B6086480186FA6B50080150| -| id-HashMLDSA65-RSA4096-PKCS15-SHA512 |060B6086480186FA6B50080151| -| id-HashMLDSA65-ECDSA-P384-SHA512 |060B6086480186FA6B50080152| -| id-HashMLDSA65-ECDSA-brainpoolP256r1-SHA512 |060B6086480186FA6B50080153| -| id-HashMLDSA65-Ed25519-SHA512 |060B6086480186FA6B50080154| -| id-HashMLDSA87-ECDSA-P384-SHA512 |060B6086480186FA6B50080155| -| id-HashMLDSA87-ECDSA-brainpoolP384r1-SHA512 |060B6086480186FA6B50080156| -| id-HashMLDSA87-Ed448-SHA512 |060B6086480186FA6B50080157| +| id-HashMLDSA44-RSA2048-PSS-SHA256 | 060B6086480186FA6B50080150| +| id-HashMLDSA44-RSA2048-PKCS15-SHA256 |060B6086480186FA6B50080151| +| id-HashMLDSA44-Ed25519-SHA512 |060B6086480186FA6B50080152| +| id-HashMLDSA44-ECDSA-P256-SHA256 |060B6086480186FA6B50080153| +| id-HashMLDSA65-RSA3072-PSS-SHA512 |060B6086480186FA6B50080154| +| id-HashMLDSA65-RSA3072-PKCS15-SHA512 |060B6086480186FA6B50080155| +| id-HashMLDSA65-RSA4096-PSS-SHA512 |060B6086480186FA6B50080156| +| id-HashMLDSA65-RSA4096-PKCS15-SHA512 |060B6086480186FA6B50080157| +| id-HashMLDSA65-ECDSA-P256-SHA512 |060B6086480186FA6B50080158| +| id-HashMLDSA65-ECDSA-P384-SHA512 |060B6086480186FA6B50080159| +| id-HashMLDSA65-ECDSA-brainpoolP256r1-SHA512 |060B6086480186FA6B5008015A| +| id-HashMLDSA65-Ed25519-SHA512 |060B6086480186FA6B5008015B| +| id-HashMLDSA87-ECDSA-P384-SHA512 |060B6086480186FA6B5008015C| +| id-HashMLDSA87-ECDSA-brainpoolP384r1-SHA512 |060B6086480186FA6B5008015D| +| id-HashMLDSA87-Ed448-SHA512 |060B6086480186FA6B5008015E| {: #tab-hash-sig-alg-oids title="Hash ML-DSA Composite Signature Domain Separators"} ## Rationale for choices @@ -1231,20 +1235,21 @@ A compliant implementation MUST support the following algorithms for the SignerI | Composite Signature Algorithm | digestAlgorithm | | ----------- | ----------- | -| id-MLDSA44-RSA2048-PSS | SHA256 | -| id-MLDSA44-RSA2048-PKCS15 | SHA256 | -| id-MLDSA44-Ed25519 | SHA512 | -| id-MLDSA44-ECDSA-P256 | SHA256 | +| id-MLDSA44-RSA2048-PSS | SHA256 | +| id-MLDSA44-RSA2048-PKCS15 | SHA256 | +| id-MLDSA44-Ed25519 | SHA512 | +| id-MLDSA44-ECDSA-P256 | SHA256 | | id-MLDSA65-RSA3072-PSS | SHA512 | -| id-MLDSA65-RSA3072-PKCS15 | SHA512 | +| id-MLDSA65-RSA3072-PKCS15 | SHA512 | | id-MLDSA65-RSA4096-PSS | SHA512 | | id-MLDSA65-RSA4096-PKCS15 | SHA512 | +| id-MLDSA65-ECDSA-P256 | SHA512 | | id-MLDSA65-ECDSA-P384 | SHA512 | | id-MLDSA65-ECDSA-brainpoolP256r1 | SHA512 | -| id-MLDSA65-Ed25519 | SHA512 | -| id-MLDSA87-ECDSA-P384 | SHA512| -| id-MLDSA87-ECDSA-brainpoolP384r1 | SHA512 | -| id-MLDSA87-Ed448 | SHA512 | +| id-MLDSA65-Ed25519 | SHA512 | +| id-MLDSA87-ECDSA-P384 | SHA512 | +| id-MLDSA87-ECDSA-brainpoolP384r1 | SHA512 | +| id-MLDSA87-Ed448 | SHA512 | {: #tab-cms-shas title="Recommended Composite Signature Digest Algorithms"} where: @@ -1373,6 +1378,11 @@ EDNOTE to IANA: OIDs will need to be replaced in both the ASN.1 module and in {{ - Description: id-MLDSA65-RSA4096-PKCS15 - References: This Document +- id-MLDSA65-ECDSA-P256 + - Decimal: IANA Assigned + - Description: id-MLDSA65-ECDSA-P256 + - References: This Document + - id-MLDSA65-ECDSA-P384 - Decimal: IANA Assigned - Description: id-MLDSA65-ECDSA-P384 @@ -1443,6 +1453,11 @@ EDNOTE to IANA: OIDs will need to be replaced in both the ASN.1 module and in {{ - Description: id-HashMLDSA65-RSA4096-PKCS15-SHA512 - References: This Document +- id-HashMLDSA65-ECDSA-P256-SHA512 + - Decimal: IANA Assigned + - Description: id-HashMLDSA65-ECDSA-P256-SHA512 + - References: This Document + - id-HashMLDSA65-ECDSA-P384-SHA512 - Decimal: IANA Assigned - Description: id-HashMLDSA65-ECDSA-P384-SHA512