Merge branch 'main' into seanturner-name-change

draft-ietf-lamps-kyber-certificates.md

@@ -86,11 +86,11 @@ document specifies algorithm identifiers and ASN.1 encoding
 format for ML-KEM in public key certificates. The encoding for
 public and private keys are also provided.
 
-\ [EDNOTE:
+\[EDNOTE:
 This document is not expected to be finalized before the NIST PQC
 Project has standardized PQ algorithms. This specification will use
 object identifiers for the new algorithms that are assigned by NIST,
-and will use placeholders until these are released.
+and will use placeholders until these are released.]
 
 --- middle
 
@@ -144,7 +144,7 @@ is defined as follows:
 ~~~
 
 <aside markdown="block">
-: The above syntax is from {{!RFC5912}} and is compatible with the
+  NOTE: The above syntax is from {{!RFC5912}} and is compatible with the
   2021 ASN.1 syntax {{X680}}.
 </aside>
 
@@ -160,7 +160,7 @@ The fields in AlgorithmIdentifier have the following meanings:
 ML-KEM-1024. For all of these OIDs, the parameters MUST be absent.
 
 <aside markdown="block">
-: It is possible to find systems that require the parameters to be
+  NOTE: It is possible to find systems that require the parameters to be
   present. This can be due to either a defect in the original 1997
   syntax or a programming error where developers never got input where
   this was not true. The optimal solution is to fix these systems;
@@ -213,7 +213,7 @@ certificate extension MUST only contain keyEncipherment
 
 
 <aside markdown="block">
-: As noted in Section 3, the values for these object identifers
+  NOTE: As noted in Section 3, the values for these object identifers
   will be assigned by NIST.  Once assigned, they will be added to a future
   revision of this document.
 </aside>
@@ -232,7 +232,7 @@ SubjectPublicKeyInfo type, which has the following ASN.1 syntax:
 ~~~
 
 <aside markdown="block">
-: The above syntax is from {{RFC5912}} and is compatible with the
+  NOTE: The above syntax is from {{RFC5912}} and is compatible with the
   2021 ASN.1 syntax {{X680}}.
 </aside>
 
@@ -291,7 +291,7 @@ algorithm itself.
 ~~~
 
 <aside markdown="block">
-: The above syntax is from {{RFC5958}} and is compatible with the
+  NOTE: The above syntax is from {{RFC5958}} and is compatible with the
   2021 ASN.1 syntax {{X680}}.
 </aside>
 
@@ -326,7 +326,7 @@ prior example, the textual encoding defined in {{RFC7468}} is used:
 ~~~
 
 <aside markdown="block">
-: There exist some private key import functions that have not
+  NOTE: There exist some private key import functions that have not
   implemented the new ASN.1 structure OneAsymmetricKey that is defined in
   {{RFC5958}}. This means that they will not accept a private key
   structure that contains the public key field.  This means a balancing
@@ -343,8 +343,9 @@ TODO ASN.1 Module
 
 The Security Considerations section of {{RFC5280}} applies to this specification as well.
 
-\[EDNOTE: Discuss side-channels for ML-KEM TBD1.\]
-
+<aside markdown="block">
+  To Do: Discuss side-channels for Kyber TBD1.
+</aside>
 
 # IANA Considerations
 

example/go.mod

@@ -0,0 +1,10 @@
+module github.com/lamps-wg/kyber-certificates/example
+
+go 1.20
+
+require github.com/cloudflare/circl v1.3.2
+
+require (
+	golang.org/x/crypto v0.7.0 // indirect
+	golang.org/x/sys v0.6.0 // indirect
+)

example/go.sum

@@ -0,0 +1,10 @@
+github.com/cloudflare/circl v1.3.2 h1:VWp8dY3yH69fdM7lM6A1+NhhVoDu9vqK0jOgmkQHFWk=
+github.com/cloudflare/circl v1.3.2/go.mod h1:+CauBF6R70Jqcyl8N2hC8pAXYbWkGIezuSbuGLtRhnw=
+golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa h1:zuSxTR4o9y82ebqCUJYNGJbGPo6sKVl54f/TVDObg1c=
+golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
+golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab h1:2QkjZIsXupsJbJIdSjjUOgWK3aEtzyuh2mPt3l/CkeU=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

example/main.go

@@ -0,0 +1,75 @@
+package main
+
+import (
+	"crypto/x509/pkix"
+	"encoding/asn1"
+	"encoding/pem"
+	"log"
+	"os"
+
+	"github.com/cloudflare/circl/kem/schemes"
+)
+
+type subjectPublicKeyInfo struct {
+	Algorithm pkix.AlgorithmIdentifier
+	PublicKey asn1.BitString
+}
+
+type oneAsymmetricKey struct {
+	Version    int
+	Algorithm  pkix.AlgorithmIdentifier
+	PrivateKey []byte
+	Attributes []asn1.RawValue       `asn1:"tag:0,optional"`
+	PublicKey  *subjectPublicKeyInfo `asn1:"tag:1,optional"`
+}
+
+func main() {
+	scheme := schemes.ByName("Kyber768")
+	seed := make([]byte, scheme.SeedSize())
+	pk, sk := scheme.DeriveKeyPair(seed)
+
+	ppk, _ := pk.MarshalBinary()
+	psk, _ := sk.MarshalBinary()
+
+	apk := subjectPublicKeyInfo{
+		Algorithm: pkix.AlgorithmIdentifier{
+			Algorithm: asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 44363, 45, 1234, 1}, // TODO
+		},
+		PublicKey: asn1.BitString{
+			BitLength: len(ppk) * 8,
+			Bytes:     ppk,
+		},
+	}
+
+	ask := oneAsymmetricKey{
+		Version: 0,
+		Algorithm: pkix.AlgorithmIdentifier{
+			Algorithm: asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 44363, 45, 1234, 1}, // TODO
+		},
+		PrivateKey: psk,
+	}
+
+	papk, err := asn1.Marshal(apk)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	pask, err := asn1.Marshal(ask)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	if err = pem.Encode(os.Stdout, &pem.Block{
+		Type:  "KYBER768 PRIVATE KEY",
+		Bytes: pask,
+	}); err != nil {
+		log.Fatal(err)
+	}
+
+	if err = pem.Encode(os.Stdout, &pem.Block{
+		Type:  "KYBER768 PUBLIC KEY",
+		Bytes: papk,
+	}); err != nil {
+		log.Fatal(err)
+	}
+}