Add OIDs and NIDs for ML-DSA-{44,65,87} and ML-KEM-{768,1024}
Match OpenSSL's naming for them, which has more underscores. There's one
use (in Chromium of NID_MLKEM1024), so keep that constant around
briefly, but we should be remove it quickly.
I've matched OpenSSL in how they spell the OIDs in objects.txt, setting
up a !Alias for NIST's sigalg arc. OpenSSL kept the old !Alias around,
but they don't appear in source anywhere, so I'm not sure why. I cleaned
that up.
Since we don't currently plan to implement ML-KEM-512, I skipped that
one. We can always add that later.
Bug: 449751916
Change-Id: I1a5917704db3137785006bdebc34603b0d1ba04b
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/82631
Reviewed-by: Lily Chen <chlily@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: Lily Chen <chlily@google.com>
diff --git a/crypto/obj/obj_dat.h b/crypto/obj/obj_dat.h
index 344e7f2..d8b86dc 100644
--- a/crypto/obj/obj_dat.h
+++ b/crypto/obj/obj_dat.h
@@ -15,7 +15,7 @@
// This file is generated by crypto/obj/objects.go.
-#define NUM_NID 967
+#define NUM_NID 971
static const uint8_t kObjectData[] = {
/* NID_rsadsi */
@@ -7095,6 +7095,56 @@
0x04,
0x02,
0x06,
+ /* NID_ML_KEM_1024 */
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x04,
+ 0x03,
+ /* NID_ML_DSA_44 */
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x03,
+ 0x11,
+ /* NID_ML_DSA_65 */
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x03,
+ 0x12,
+ /* NID_ML_DSA_87 */
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x03,
+ 0x13,
+ /* NID_ML_KEM_768 */
+ 0x60,
+ 0x86,
+ 0x48,
+ 0x01,
+ 0x65,
+ 0x03,
+ 0x04,
+ 0x04,
+ 0x02,
};
static const ASN1_OBJECT kObjects[NUM_NID] = {
@@ -8742,7 +8792,13 @@
{"X25519Kyber768Draft00", "X25519Kyber768Draft00",
NID_X25519Kyber768Draft00, 0, NULL, 0},
{"X25519MLKEM768", "X25519MLKEM768", NID_X25519MLKEM768, 0, NULL, 0},
- {"MLKEM1024", "MLKEM1024", NID_MLKEM1024, 0, NULL, 0},
+ {"id-alg-ml-kem-1024", "ML-KEM-1024", NID_ML_KEM_1024, 9,
+ &kObjectData[6196], 0},
+ {"id-ml-dsa-44", "ML-DSA-44", NID_ML_DSA_44, 9, &kObjectData[6205], 0},
+ {"id-ml-dsa-65", "ML-DSA-65", NID_ML_DSA_65, 9, &kObjectData[6214], 0},
+ {"id-ml-dsa-87", "ML-DSA-87", NID_ML_DSA_87, 9, &kObjectData[6223], 0},
+ {"id-alg-ml-kem-768", "ML-KEM-768", NID_ML_KEM_768, 9, &kObjectData[6232],
+ 0},
};
static const uint16_t kNIDsInShortNameOrder[] = {
@@ -8865,7 +8921,6 @@
114 /* MD5-SHA1 */,
95 /* MDC2 */,
911 /* MGF1 */,
- 966 /* MLKEM1024 */,
388 /* Mail */,
57 /* Netscape */,
366 /* Nonce */,
@@ -9181,6 +9236,8 @@
323 /* id-alg-des40 */,
326 /* id-alg-dh-pop */,
325 /* id-alg-dh-sig-hmac-sha1 */,
+ 966 /* id-alg-ml-kem-1024 */,
+ 970 /* id-alg-ml-kem-768 */,
324 /* id-alg-noSignature */,
907 /* id-camellia128-wrap */,
908 /* id-camellia192-wrap */,
@@ -9234,6 +9291,9 @@
784 /* id-it-suppLangTags */,
304 /* id-it-unsupportedOIDs */,
128 /* id-kp */,
+ 967 /* id-ml-dsa-44 */,
+ 968 /* id-ml-dsa-65 */,
+ 969 /* id-ml-dsa-87 */,
280 /* id-mod-attribute-cert */,
274 /* id-mod-cmc */,
277 /* id-mod-cmp */,
@@ -9757,7 +9817,11 @@
647 /* International Organizations */,
142 /* Invalidity Date */,
504 /* MIME MHS */,
- 966 /* MLKEM1024 */,
+ 967 /* ML-DSA-44 */,
+ 968 /* ML-DSA-65 */,
+ 969 /* ML-DSA-87 */,
+ 966 /* ML-KEM-1024 */,
+ 970 /* ML-KEM-768 */,
388 /* Mail */,
383 /* Management */,
417 /* Microsoft CSP Name */,
@@ -11373,6 +11437,11 @@
962 /* 2.16.840.1.101.3.4.2.6 (OBJ_sha512_256) */,
802 /* 2.16.840.1.101.3.4.3.1 (OBJ_dsa_with_SHA224) */,
803 /* 2.16.840.1.101.3.4.3.2 (OBJ_dsa_with_SHA256) */,
+ 967 /* 2.16.840.1.101.3.4.3.17 (OBJ_ML_DSA_44) */,
+ 968 /* 2.16.840.1.101.3.4.3.18 (OBJ_ML_DSA_65) */,
+ 969 /* 2.16.840.1.101.3.4.3.19 (OBJ_ML_DSA_87) */,
+ 970 /* 2.16.840.1.101.3.4.4.2 (OBJ_ML_KEM_768) */,
+ 966 /* 2.16.840.1.101.3.4.4.3 (OBJ_ML_KEM_1024) */,
71 /* 2.16.840.1.113730.1.1 (OBJ_netscape_cert_type) */,
72 /* 2.16.840.1.113730.1.2 (OBJ_netscape_base_url) */,
73 /* 2.16.840.1.113730.1.3 (OBJ_netscape_revocation_url) */,
diff --git a/crypto/obj/obj_mac.num b/crypto/obj/obj_mac.num
index 82d0a3d..ae863e2 100644
--- a/crypto/obj/obj_mac.num
+++ b/crypto/obj/obj_mac.num
@@ -953,4 +953,8 @@
hkdf 963
X25519Kyber768Draft00 964
X25519MLKEM768 965
-MLKEM1024 966
+ML_KEM_1024 966
+ML_DSA_44 967
+ML_DSA_65 968
+ML_DSA_87 969
+ML_KEM_768 970
diff --git a/crypto/obj/objects.go b/crypto/obj/objects.go
index d705a84..dd69384 100644
--- a/crypto/obj/objects.go
+++ b/crypto/obj/objects.go
@@ -464,7 +464,11 @@
fmt.Fprintf(&b, "\n")
}
- fmt.Fprintf(&b, `
+ fmt.Fprintf(&b, `// NID_MLKEM1024 is a legacy alias for NID_ML_KEM_1024.
+// TODO(crbug.com/449751916): Migrate existing uses and remove this.
+#define NID_MLKEM1024 NID_ML_KEM_1024
+
+
#if defined(__cplusplus)
} /* extern C */
#endif
diff --git a/crypto/obj/objects.txt b/crypto/obj/objects.txt
index a38969b..4431f55 100644
--- a/crypto/obj/objects.txt
+++ b/crypto/obj/objects.txt
@@ -907,10 +907,16 @@
nist_hashalgs 4 : SHA224 : sha224
nist_hashalgs 6 : SHA512-256 : sha512-256
-# OIDs for dsa-with-sha224 and dsa-with-sha256
-!Alias dsa_with_sha2 nistAlgorithms 3
-dsa_with_sha2 1 : dsa_with_SHA224
-dsa_with_sha2 2 : dsa_with_SHA256
+!Alias sigAlgs nistAlgorithms 3
+sigAlgs 1 : dsa_with_SHA224
+sigAlgs 2 : dsa_with_SHA256
+sigAlgs 17 : id-ml-dsa-44 : ML-DSA-44
+sigAlgs 18 : id-ml-dsa-65 : ML-DSA-65
+sigAlgs 19 : id-ml-dsa-87 : ML-DSA-87
+
+!Alias nistKems nistAlgorithms 4
+nistKems 2 : id-alg-ml-kem-768 : ML-KEM-768
+nistKems 3 : id-alg-ml-kem-1024 : ML-KEM-1024
# Hold instruction CRL entry extension
!Cname hold-instruction-code
@@ -1336,9 +1342,6 @@
: X25519Kyber768Draft00
: X25519MLKEM768
-# NIDs for post quantum (pure) KEMs in TLS (no corresponding OIDs).
- : MLKEM1024
-
# See RFC 8410.
1 3 101 110 : X25519
1 3 101 111 : X448
diff --git a/include/openssl/nid.h b/include/openssl/nid.h
index 7f018ce..fce873c 100644
--- a/include/openssl/nid.h
+++ b/include/openssl/nid.h
@@ -4216,8 +4216,34 @@
#define SN_X25519MLKEM768 "X25519MLKEM768"
#define NID_X25519MLKEM768 965
-#define SN_MLKEM1024 "MLKEM1024"
-#define NID_MLKEM1024 966
+#define SN_ML_KEM_1024 "id-alg-ml-kem-1024"
+#define LN_ML_KEM_1024 "ML-KEM-1024"
+#define NID_ML_KEM_1024 966
+#define OBJ_ML_KEM_1024 2L, 16L, 840L, 1L, 101L, 3L, 4L, 4L, 3L
+
+#define SN_ML_DSA_44 "id-ml-dsa-44"
+#define LN_ML_DSA_44 "ML-DSA-44"
+#define NID_ML_DSA_44 967
+#define OBJ_ML_DSA_44 2L, 16L, 840L, 1L, 101L, 3L, 4L, 3L, 17L
+
+#define SN_ML_DSA_65 "id-ml-dsa-65"
+#define LN_ML_DSA_65 "ML-DSA-65"
+#define NID_ML_DSA_65 968
+#define OBJ_ML_DSA_65 2L, 16L, 840L, 1L, 101L, 3L, 4L, 3L, 18L
+
+#define SN_ML_DSA_87 "id-ml-dsa-87"
+#define LN_ML_DSA_87 "ML-DSA-87"
+#define NID_ML_DSA_87 969
+#define OBJ_ML_DSA_87 2L, 16L, 840L, 1L, 101L, 3L, 4L, 3L, 19L
+
+#define SN_ML_KEM_768 "id-alg-ml-kem-768"
+#define LN_ML_KEM_768 "ML-KEM-768"
+#define NID_ML_KEM_768 970
+#define OBJ_ML_KEM_768 2L, 16L, 840L, 1L, 101L, 3L, 4L, 4L, 2L
+
+// NID_MLKEM1024 is a legacy alias for NID_ML_KEM_1024.
+// TODO(crbug.com/449751916): Migrate existing uses and remove this.
+#define NID_MLKEM1024 NID_ML_KEM_1024
#if defined(__cplusplus)
diff --git a/ssl/ssl_key_share.cc b/ssl/ssl_key_share.cc
index 94d07ff..fcf7643 100644
--- a/ssl/ssl_key_share.cc
+++ b/ssl/ssl_key_share.cc
@@ -443,7 +443,7 @@
{NID_X25519Kyber768Draft00, SSL_GROUP_X25519_KYBER768_DRAFT00,
"X25519Kyber768Draft00", ""},
{NID_X25519MLKEM768, SSL_GROUP_X25519_MLKEM768, "X25519MLKEM768", ""},
- {NID_MLKEM1024, SSL_GROUP_MLKEM1024, "MLKEM1024", ""},
+ {NID_ML_KEM_1024, SSL_GROUP_MLKEM1024, "MLKEM1024", ""},
};
static_assert(std::size(kNamedGroups) == kNumNamedGroups,
