Update KEM code points to IANA compliance (#561) #644
Conversation
Signed-off-by: RodriM11 <[email protected]>
RodriM11
requested review from
baentsch,
bhess,
feventura and
alexrow
as code owners
|
Failing/skipped CI tests are due to the need of installing the additional dependency needed to run |
There was a problem hiding this comment.
Thanks for this update/fix @RodriM11 ! See some comments/questions whether the formatting can be improved for readability. Also, is it correct that all SIG code points are not in need of updating? Finally, what needs to be done to allow CI to pass? Please rebase first to check whether the problem then is gone.
| 'code_point': '0xfea2'}] | ||
| - | ||
| name: 'dilithium3' | ||
| mix_with: [{'name': 'p256', 'pretty_name': 'ECDSA p256', 'oid': '1.3.9999.2.7.1', |
There was a problem hiding this comment.
why this reformatting? Makes it hard to read.
There was a problem hiding this comment.
It is part of the formatting that happens when automatizing NID assignment.
| 'security': '128', 'oid': '2.16.840.1.114027.80.8.1.3', 'code_point': '0x090a'}, | ||
| {'name': 'p256', 'pretty_name': 'ECDSA p256', 'security': '128', 'oid': '2.16.840.1.114027.80.8.1.4', | ||
| 'code_point': '0x0907'}, {'name': 'bp256', 'pretty_name': 'ECDSA brainpoolP256r1', | ||
| 'security': '256', 'oid': '2.16.840.1.114027.80.8.1.5', 'code_point': '0xfee5'}] |
There was a problem hiding this comment.
These code points are all in an OK range?
There was a problem hiding this comment.
Yes, SIG code points were already onto the "Reserved for private use" range (0xfe00 - 0xffff), except those pertaining to DSA and certain combiners, which follow https://datatracker.ietf.org/doc/draft-reddy-tls-composite-mldsa/01/.
What I didn't do though was to automatize these assignments also. I can proceed to add it in the same way as KEMs, if the development for KEMs of this PR is acceptable.
| 'security': '128', 'oid': '2.16.840.1.114027.80.8.1.8', 'code_point': '0x0908'}, | ||
| {'name': 'bp256', 'pretty_name': 'ECDSA brainpoolP256r1', 'security': '256', | ||
| 'oid': '2.16.840.1.114027.80.8.1.9', 'code_point': '0xfee9'}, {'name': 'ed25519', | ||
| 'pretty_name': 'ED25519', 'security': '128', 'oid': '2.16.840.1.114027.80.8.1.10', |
There was a problem hiding this comment.
very hard to read -- is this due to some automated reformatting?
There was a problem hiding this comment.
Same. Part of the formatting of the automatic procedures. I was unable to avoid those modifications.
|
For CI tests to run, the Python dependency I used for modifying |
PR to update KEM code points to "Reserved for private use" values in https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8, as specified in #561.
Also,
generate.pyincludes modifications to perform future additions of code points automatically, i.e., nids for pure PQC as well as any hybrid desired are automatically filled with the next available code point, when left blank.