From 2635e5cf765bd8a15f542d8a873cfbc69f1d20f8 Mon Sep 17 00:00:00 2001 From: Bas Westerbaan Date: Wed, 16 Oct 2024 13:01:56 +0200 Subject: [PATCH] Add OIDs to ML-DSA --- sign/dilithium/gen.go | 19 +++++++++++++++++++ sign/dilithium/mode2/dilithium.go | 2 +- sign/dilithium/mode3/dilithium.go | 2 +- sign/dilithium/mode5/dilithium.go | 2 +- sign/dilithium/templates/pkg.templ.go | 11 ++++++++++- sign/mldsa/mldsa44/dilithium.go | 6 +++++- sign/mldsa/mldsa65/dilithium.go | 6 +++++- sign/mldsa/mldsa87/dilithium.go | 6 +++++- 8 files changed, 47 insertions(+), 7 deletions(-) diff --git a/sign/dilithium/gen.go b/sign/dilithium/gen.go index a817f4a41..4cc690825 100644 --- a/sign/dilithium/gen.go +++ b/sign/dilithium/gen.go @@ -7,6 +7,7 @@ package main import ( "bytes" + "encoding/asn1" "fmt" "go/format" "os" @@ -29,6 +30,7 @@ type Mode struct { Gamma2 int TRSize int CTildeSize int + Oid asn1.ObjectIdentifier } func (m Mode) Pkg() string { @@ -59,6 +61,20 @@ func (m Mode) NIST() bool { return strings.HasPrefix(m.Name, "ML-DSA-") } +func (m Mode) OidGo() string { + ret := "asn1.ObjectIdentifier{" + first := true + for _, b := range m.Oid { + if first { + first = false + } else { + ret += ", " + } + ret += fmt.Sprintf("%d", b) + } + return ret + "}" +} + var ( Modes = []Mode{ { @@ -112,6 +128,7 @@ var ( Gamma2: (params.Q - 1) / 88, TRSize: 64, CTildeSize: 32, + Oid: asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 17}, }, { Name: "ML-DSA-65", @@ -125,6 +142,7 @@ var ( Gamma2: (params.Q - 1) / 32, TRSize: 64, CTildeSize: 48, + Oid: asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 18}, }, { Name: "ML-DSA-87", @@ -138,6 +156,7 @@ var ( Gamma2: (params.Q - 1) / 32, TRSize: 64, CTildeSize: 64, + Oid: asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 19}, }, } TemplateWarning = "// Code generated from" diff --git a/sign/dilithium/mode2/dilithium.go b/sign/dilithium/mode2/dilithium.go index 113708a32..5e693895d 100644 --- a/sign/dilithium/mode2/dilithium.go +++ b/sign/dilithium/mode2/dilithium.go @@ -203,7 +203,7 @@ func (*scheme) PrivateKeySize() int { return PrivateKeySize } func (*scheme) SignatureSize() int { return SignatureSize } func (*scheme) SeedSize() int { return SeedSize } -// TODO TLSIdentifier() and OID() +// TODO TLSIdentifier() func (*scheme) SupportsContext() bool { return false diff --git a/sign/dilithium/mode3/dilithium.go b/sign/dilithium/mode3/dilithium.go index 2e93e9c50..5a3356125 100644 --- a/sign/dilithium/mode3/dilithium.go +++ b/sign/dilithium/mode3/dilithium.go @@ -203,7 +203,7 @@ func (*scheme) PrivateKeySize() int { return PrivateKeySize } func (*scheme) SignatureSize() int { return SignatureSize } func (*scheme) SeedSize() int { return SeedSize } -// TODO TLSIdentifier() and OID() +// TODO TLSIdentifier() func (*scheme) SupportsContext() bool { return false diff --git a/sign/dilithium/mode5/dilithium.go b/sign/dilithium/mode5/dilithium.go index ce3ec7546..3058692e2 100644 --- a/sign/dilithium/mode5/dilithium.go +++ b/sign/dilithium/mode5/dilithium.go @@ -203,7 +203,7 @@ func (*scheme) PrivateKeySize() int { return PrivateKeySize } func (*scheme) SignatureSize() int { return SignatureSize } func (*scheme) SeedSize() int { return SeedSize } -// TODO TLSIdentifier() and OID() +// TODO TLSIdentifier() func (*scheme) SupportsContext() bool { return false diff --git a/sign/dilithium/templates/pkg.templ.go b/sign/dilithium/templates/pkg.templ.go index a48578e8e..bb3b009d1 100644 --- a/sign/dilithium/templates/pkg.templ.go +++ b/sign/dilithium/templates/pkg.templ.go @@ -17,6 +17,9 @@ package {{.Pkg}} import ( "crypto" "errors" +{{- if .Oid }} + "encoding/asn1" +{{- end }} "io" {{- if .NIST }} @@ -305,7 +308,13 @@ func (*scheme) PublicKeySize() int { return PublicKeySize } func (*scheme) PrivateKeySize() int { return PrivateKeySize } func (*scheme) SignatureSize() int { return SignatureSize } func (*scheme) SeedSize() int { return SeedSize } -// TODO TLSIdentifier() and OID() +// TODO TLSIdentifier() + +{{- if .Oid }} +func (*scheme) Oid() asn1.ObjectIdentifier { + return {{ .OidGo }} +} +{{- end }} func (*scheme) SupportsContext() bool { {{- if .NIST }} diff --git a/sign/mldsa/mldsa44/dilithium.go b/sign/mldsa/mldsa44/dilithium.go index eb01c6ba9..4b640f0c1 100644 --- a/sign/mldsa/mldsa44/dilithium.go +++ b/sign/mldsa/mldsa44/dilithium.go @@ -6,6 +6,7 @@ package mldsa44 import ( "crypto" cryptoRand "crypto/rand" + "encoding/asn1" "errors" "io" @@ -260,7 +261,10 @@ func (*scheme) PrivateKeySize() int { return PrivateKeySize } func (*scheme) SignatureSize() int { return SignatureSize } func (*scheme) SeedSize() int { return SeedSize } -// TODO TLSIdentifier() and OID() +// TODO TLSIdentifier() +func (*scheme) Oid() asn1.ObjectIdentifier { + return asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 17} +} func (*scheme) SupportsContext() bool { return true diff --git a/sign/mldsa/mldsa65/dilithium.go b/sign/mldsa/mldsa65/dilithium.go index 282c3623e..23a7b9a1f 100644 --- a/sign/mldsa/mldsa65/dilithium.go +++ b/sign/mldsa/mldsa65/dilithium.go @@ -6,6 +6,7 @@ package mldsa65 import ( "crypto" cryptoRand "crypto/rand" + "encoding/asn1" "errors" "io" @@ -260,7 +261,10 @@ func (*scheme) PrivateKeySize() int { return PrivateKeySize } func (*scheme) SignatureSize() int { return SignatureSize } func (*scheme) SeedSize() int { return SeedSize } -// TODO TLSIdentifier() and OID() +// TODO TLSIdentifier() +func (*scheme) Oid() asn1.ObjectIdentifier { + return asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 18} +} func (*scheme) SupportsContext() bool { return true diff --git a/sign/mldsa/mldsa87/dilithium.go b/sign/mldsa/mldsa87/dilithium.go index 2d5c466d3..cb016e73d 100644 --- a/sign/mldsa/mldsa87/dilithium.go +++ b/sign/mldsa/mldsa87/dilithium.go @@ -6,6 +6,7 @@ package mldsa87 import ( "crypto" cryptoRand "crypto/rand" + "encoding/asn1" "errors" "io" @@ -260,7 +261,10 @@ func (*scheme) PrivateKeySize() int { return PrivateKeySize } func (*scheme) SignatureSize() int { return SignatureSize } func (*scheme) SeedSize() int { return SeedSize } -// TODO TLSIdentifier() and OID() +// TODO TLSIdentifier() +func (*scheme) Oid() asn1.ObjectIdentifier { + return asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 19} +} func (*scheme) SupportsContext() bool { return true