1+ -- %CopyrightBegin%
2+ --
3+ -- SPDX-License-Identifier: BSD-3-Clause
4+ --
5+ -- Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved.
6+ -- Copyright Ericsson AB 2025. All Rights Reserved.
7+ --
8+ -- Redistribution and use in source and binary forms, with or without
9+ -- modification, are permitted provided that the following conditions are met:
10+ --
11+ -- 1. Redistributions of source code must retain the above copyright notice,
12+ -- this list of conditions and the following disclaimer.
13+ --
14+ -- 2. Redistributions in binary form must reproduce the above copyright notice,
15+ -- this list of conditions and the following disclaimer in the documentation
16+ -- and/or other materials provided with the distribution.
17+ --
18+ -- 3. Neither the name of the copyright holder nor the names of its contributors
19+ -- may be used to endorse or promote products derived from this software
20+ -- without specific prior written permission.
21+ --
22+ -- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS IS”
23+ -- AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24+ -- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25+ -- ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
26+ -- LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
27+ -- CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
28+ -- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
29+ -- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
30+ -- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
31+ -- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32+ -- POSSIBILITY OF SUCH DAMAGE.
33+ --
34+ -- %CopyrightEnd%
35+
36+ SLH-DSA-Module-2024
37+ { iso(1 ) member-body(2 ) us(840 ) rsadsi(113549 ) pkcs(1 ) pkcs9(9 )
38+ id-smime(16 ) id-mod(0 ) id-mod-slh-dsa-2024(81 ) }
39+
40+ DEFINITIONS IMPLICIT TAGS ::= BEGIN
41+
42+ EXPORTS ALL;
43+
44+ IMPORTS
45+ PUBLIC-KEY, SIGNATURE-ALGORITHM, SMIME-CAPS
46+ FROM AlgorithmInformation-2009 -- in [RFC5911]
47+ { iso(1 ) identified-organization(3 ) dod(6 ) internet(1 )
48+ security(5 ) mechanisms(5 ) pkix(7 ) id-mod(0 )
49+ id-mod-algorithmInformation-02(58 ) } ;
50+
51+ --
52+ -- Object Identifiers
53+ --
54+
55+ nistAlgorithms OBJECT IDENTIFIER ::= { joint-iso-itu-t(2 )
56+ country(16 ) us(840 ) organization(1 ) gov(101 ) csor(3 ) 4 }
57+
58+ sigAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 3 }
59+
60+ id-slh-dsa-sha2-128s OBJECT IDENTIFIER ::= { sigAlgs 20 }
61+
62+ id-slh-dsa-sha2-128f OBJECT IDENTIFIER ::= { sigAlgs 21 }
63+
64+ id-slh-dsa-sha2-192s OBJECT IDENTIFIER ::= { sigAlgs 22 }
65+
66+ id-slh-dsa-sha2-192f OBJECT IDENTIFIER ::= { sigAlgs 23 }
67+
68+ id-slh-dsa-sha2-256s OBJECT IDENTIFIER ::= { sigAlgs 24 }
69+
70+ id-slh-dsa-sha2-256f OBJECT IDENTIFIER ::= { sigAlgs 25 }
71+
72+ id-slh-dsa-shake-128s OBJECT IDENTIFIER ::= { sigAlgs 26 }
73+
74+ id-slh-dsa-shake-128f OBJECT IDENTIFIER ::= { sigAlgs 27 }
75+
76+ id-slh-dsa-shake-192s OBJECT IDENTIFIER ::= { sigAlgs 28 }
77+
78+ id-slh-dsa-shake-192f OBJECT IDENTIFIER ::= { sigAlgs 29 }
79+
80+ id-slh-dsa-shake-256s OBJECT IDENTIFIER ::= { sigAlgs 30 }
81+
82+ id-slh-dsa-shake-256f OBJECT IDENTIFIER ::= { sigAlgs 31 }
83+
84+ --
85+ -- Signature Algorithm, Public Key, and Private Key
86+ --
87+
88+ sa-slh-dsa-sha2-128s SIGNATURE-ALGORITHM ::= {
89+ IDENTIFIER id-slh-dsa-sha2-128s
90+ PARAMS ARE absent
91+ PUBLIC-KEYS { pk-slh-dsa-sha2-128s }
92+ SMIME-CAPS { IDENTIFIED BY id-slh-dsa-sha2-128s } }
93+
94+ sa-slh-dsa-sha2-128f SIGNATURE-ALGORITHM ::= {
95+ IDENTIFIER id-slh-dsa-sha2-128f
96+ PARAMS ARE absent
97+ PUBLIC-KEYS { pk-slh-dsa-sha2-128f }
98+ SMIME-CAPS { IDENTIFIED BY id-slh-dsa-sha2-128f } }
99+
100+ sa-slh-dsa-sha2-192s SIGNATURE-ALGORITHM ::= {
101+ IDENTIFIER id-slh-dsa-sha2-192s
102+ PARAMS ARE absent
103+ PUBLIC-KEYS { pk-slh-dsa-sha2-192s }
104+ SMIME-CAPS { IDENTIFIED BY id-slh-dsa-sha2-192s } }
105+
106+ sa-slh-dsa-sha2-192f SIGNATURE-ALGORITHM ::= {
107+ IDENTIFIER id-slh-dsa-sha2-192f
108+ PARAMS ARE absent
109+ PUBLIC-KEYS { pk-slh-dsa-sha2-192f }
110+ SMIME-CAPS { IDENTIFIED BY id-slh-dsa-sha2-192f } }
111+
112+ sa-slh-dsa-sha2-256s SIGNATURE-ALGORITHM ::= {
113+ IDENTIFIER id-slh-dsa-sha2-256s
114+ PARAMS ARE absent
115+ PUBLIC-KEYS { pk-slh-dsa-sha2-256s }
116+ SMIME-CAPS { IDENTIFIED BY id-slh-dsa-sha2-256s } }
117+
118+ sa-slh-dsa-sha2-256f SIGNATURE-ALGORITHM ::= {
119+ IDENTIFIER id-slh-dsa-sha2-256f
120+ PARAMS ARE absent
121+ PUBLIC-KEYS { pk-slh-dsa-sha2-256f }
122+ SMIME-CAPS { IDENTIFIED BY id-slh-dsa-sha2-256f } }
123+
124+ sa-slh-dsa-shake-128s SIGNATURE-ALGORITHM ::= {
125+ IDENTIFIER id-slh-dsa-shake-128s
126+ PARAMS ARE absent
127+ PUBLIC-KEYS { pk-slh-dsa-shake-128s }
128+ SMIME-CAPS { IDENTIFIED BY id-slh-dsa-shake-128s } }
129+
130+ sa-slh-dsa-shake-128f SIGNATURE-ALGORITHM ::= {
131+ IDENTIFIER id-slh-dsa-shake-128f
132+ PARAMS ARE absent
133+ PUBLIC-KEYS { pk-slh-dsa-shake-128f }
134+ SMIME-CAPS { IDENTIFIED BY id-slh-dsa-shake-128f } }
135+
136+ sa-slh-dsa-shake-192s SIGNATURE-ALGORITHM ::= {
137+ IDENTIFIER id-slh-dsa-shake-192s
138+ PARAMS ARE absent
139+ PUBLIC-KEYS { pk-slh-dsa-shake-192s }
140+ SMIME-CAPS { IDENTIFIED BY id-slh-dsa-shake-192s } }
141+
142+ sa-slh-dsa-shake-192f SIGNATURE-ALGORITHM ::= {
143+ IDENTIFIER id-slh-dsa-shake-192f
144+ PARAMS ARE absent
145+ PUBLIC-KEYS { pk-slh-dsa-shake-192f }
146+ SMIME-CAPS { IDENTIFIED BY id-slh-dsa-shake-192f } }
147+
148+ sa-slh-dsa-shake-256s SIGNATURE-ALGORITHM ::= {
149+ IDENTIFIER id-slh-dsa-shake-256s
150+ PARAMS ARE absent
151+ PUBLIC-KEYS { pk-slh-dsa-shake-256s }
152+ SMIME-CAPS { IDENTIFIED BY id-slh-dsa-shake-256s } }
153+
154+ sa-slh-dsa-shake-256f SIGNATURE-ALGORITHM ::= {
155+ IDENTIFIER id-slh-dsa-shake-256f
156+ PARAMS ARE absent
157+ PUBLIC-KEYS { pk-slh-dsa-shake-256f }
158+ SMIME-CAPS { IDENTIFIED BY id-slh-dsa-shake-256f } }
159+
160+ pk-slh-dsa-sha2-128s PUBLIC-KEY ::= {
161+ IDENTIFIER id-slh-dsa-sha2-128s
162+ -- KEY no ASN.1 wrapping --
163+ CERT-KEY-USAGE
164+ { digitalSignature, nonRepudiation, keyCertSign, cRLSign }
165+ -- PRIVATE-KEY no ASN.1 wrapping -- }
166+
167+ pk-slh-dsa-sha2-128f PUBLIC-KEY ::= {
168+ IDENTIFIER id-slh-dsa-sha2-128f
169+ -- KEY no ASN.1 wrapping --
170+ CERT-KEY-USAGE
171+ { digitalSignature, nonRepudiation, keyCertSign, cRLSign }
172+ -- PRIVATE-KEY no ASN.1 wrapping -- }
173+
174+ pk-slh-dsa-sha2-192s PUBLIC-KEY ::= {
175+ IDENTIFIER id-slh-dsa-sha2-192s
176+ -- KEY no ASN.1 wrapping --
177+ CERT-KEY-USAGE
178+ { digitalSignature, nonRepudiation, keyCertSign, cRLSign }
179+ -- PRIVATE-KEY no ASN.1 wrapping -- }
180+
181+ pk-slh-dsa-sha2-192f PUBLIC-KEY ::= {
182+ IDENTIFIER id-slh-dsa-sha2-192f
183+ -- KEY no ASN.1 wrapping --
184+ CERT-KEY-USAGE
185+ { digitalSignature, nonRepudiation, keyCertSign, cRLSign }
186+ -- PRIVATE-KEY no ASN.1 wrapping -- }
187+
188+ pk-slh-dsa-sha2-256s PUBLIC-KEY ::= {
189+ IDENTIFIER id-slh-dsa-sha2-256s
190+ -- KEY no ASN.1 wrapping --
191+ CERT-KEY-USAGE
192+ { digitalSignature, nonRepudiation, keyCertSign, cRLSign }
193+ -- PRIVATE-KEY no ASN.1 wrapping -- }
194+
195+ pk-slh-dsa-sha2-256f PUBLIC-KEY ::= {
196+ IDENTIFIER id-slh-dsa-sha2-256f
197+ -- KEY no ASN.1 wrapping --
198+ CERT-KEY-USAGE
199+ { digitalSignature, nonRepudiation, keyCertSign, cRLSign }
200+ -- PRIVATE-KEY no ASN.1 wrapping -- }
201+
202+ pk-slh-dsa-shake-128s PUBLIC-KEY ::= {
203+ IDENTIFIER id-slh-dsa-shake-128s
204+ -- KEY no ASN.1 wrapping --
205+ CERT-KEY-USAGE
206+ { digitalSignature, nonRepudiation, keyCertSign, cRLSign }
207+ -- PRIVATE-KEY no ASN.1 wrapping -- }
208+
209+ pk-slh-dsa-shake-128f PUBLIC-KEY ::= {
210+ IDENTIFIER id-slh-dsa-shake-128f
211+ -- KEY no ASN.1 wrapping --
212+ CERT-KEY-USAGE
213+ { digitalSignature, nonRepudiation, keyCertSign, cRLSign }
214+ -- PRIVATE-KEY no ASN.1 wrapping -- }
215+
216+ pk-slh-dsa-shake-192s PUBLIC-KEY ::= {
217+ IDENTIFIER id-slh-dsa-shake-192s
218+ -- KEY no ASN.1 wrapping --
219+ CERT-KEY-USAGE
220+ { digitalSignature, nonRepudiation, keyCertSign, cRLSign }
221+ -- PRIVATE-KEY no ASN.1 wrapping -- }
222+
223+ pk-slh-dsa-shake-192f PUBLIC-KEY ::= {
224+ IDENTIFIER id-slh-dsa-shake-192f
225+ -- KEY no ASN.1 wrapping --
226+ CERT-KEY-USAGE
227+ { digitalSignature, nonRepudiation, keyCertSign, cRLSign }
228+ -- PRIVATE-KEY no ASN.1 wrapping -- }
229+
230+ pk-slh-dsa-shake-256s PUBLIC-KEY ::= {
231+ IDENTIFIER id-slh-dsa-shake-256s
232+ -- KEY no ASN.1 wrapping --
233+ CERT-KEY-USAGE
234+ { digitalSignature, nonRepudiation, keyCertSign, cRLSign }
235+ -- PRIVATE-KEY no ASN.1 wrapping -- }
236+
237+ pk-slh-dsa-shake-256f PUBLIC-KEY ::= {
238+ IDENTIFIER id-slh-dsa-shake-256f
239+ -- KEY no ASN.1 wrapping --
240+ CERT-KEY-USAGE
241+ { digitalSignature, nonRepudiation, keyCertSign, cRLSign }
242+ -- PRIVATE-KEY no ASN.1 wrapping -- }
243+
244+ SLH-DSA-PublicKey ::= OCTET STRING (SIZE (32 | 48 | 64 ))
245+
246+ SLH-DSA-PrivateKey ::= OCTET STRING (SIZE (64 | 96 | 128 ))
247+
248+ --
249+ -- Expand the signature algorithm set used by CMS [RFC5911]
250+ --
251+
252+ SignatureAlgorithmSet SIGNATURE-ALGORITHM ::=
253+ { sa-slh-dsa-sha2-128s |
254+ sa-slh-dsa-sha2-128f |
255+ sa-slh-dsa-sha2-192s |
256+ sa-slh-dsa-sha2-192f |
257+ sa-slh-dsa-sha2-256s |
258+ sa-slh-dsa-sha2-256f |
259+ sa-slh-dsa-shake-128s |
260+ sa-slh-dsa-shake-128f |
261+ sa-slh-dsa-shake-192s |
262+ sa-slh-dsa-shake-192f |
263+ sa-slh-dsa-shake-256s |
264+ sa-slh-dsa-shake-256f,
265+ .. . }
266+
267+ --
268+ -- Expand the S/MIME capabilities set used by CMS [RFC5911]
269+ --
270+
271+ SMimeCaps SMIME-CAPS ::=
272+ { sa-slh-dsa-sha2-128s.&smimeCaps |
273+ sa-slh-dsa-sha2-128f.&smimeCaps |
274+ sa-slh-dsa-sha2-192s.&smimeCaps |
275+ sa-slh-dsa-sha2-192f.&smimeCaps |
276+ sa-slh-dsa-sha2-256s.&smimeCaps |
277+ sa-slh-dsa-sha2-256f.&smimeCaps |
278+ sa-slh-dsa-shake-128s.&smimeCaps |
279+ sa-slh-dsa-shake-128f.&smimeCaps |
280+ sa-slh-dsa-shake-192s.&smimeCaps |
281+ sa-slh-dsa-shake-192f.&smimeCaps |
282+ sa-slh-dsa-shake-256s.&smimeCaps |
283+ sa-slh-dsa-shake-256f.&smimeCaps,
284+ .. . }
285+
286+ END
0 commit comments