diff --git a/additional_info_keysize.md b/additional_info_keysize.md index 80d3956..e5afcc3 100644 --- a/additional_info_keysize.md +++ b/additional_info_keysize.md @@ -3,24 +3,27 @@ Links to lengths in the project: [pk](src/dsa/common/config/pk_len.rs), [sk](src/dsa/common/config/sk_len.rs), [sig](src/dsa/common/config/sig_len.rs) +Note for new verision: Both pure and hash ML-DSA Composite Signature Algorithms share the same public key, private key and signature length. The hashing function for hash vairations are capped by bracket signs. + | DSA | Traditional Algorithm | Npk | Nsk | Nsig | | --- | -------------------- | --- | --- | ------- | | ML-DSA44 | | 1312 | 2560 | 2420 | -| ML-DSA44 | Rsa2048PssSha256 | 1596 | | 2690 | -| ML-DSA44 | Rsa2048Pkcs15Sha256 | 1596 | | 2690 | -| ML-DSA44 | Ed25519SHA512 | 1356 | 2634 | 2496 | -| ML-DSA44 | EcdsaP256SHA256 | 1389 | 2639 | | -| ML-DSA44 | EcdsaBrainpoolP256r1SHA256 | 1389 | 2639 | | +| ML-DSA44 | Rsa2048Pss(SHA256) | 1596 | | 2690 | +| ML-DSA44 | Rsa2048Pkcs15(SHA256) | 1596 | | 2690 | +| ML-DSA44 | Ed25519(SHA512) | 1356 | 2602 | 2496 | +| ML-DSA44 | EcdsaP256(SHA256) | 1389 | 2602 | | | ML-DSA65 | | 1952 | 4032 | 3309 | -| ML-DSA65 | Rsa3072PssSHA512 | 2364 | | 3707 | -| ML-DSA65 | Rsa3072Pkcs15SHA512 | 2364 | | 3707 | -| ML-DSA65 | EcdsaP256SHA512 | 2029 | 4111 | | -| ML-DSA65 | EcdsaBrainpoolP256r1SHA512 | 2029 | 4111 | | -| ML-DSA65 | Ed25519SHA512 | 1996 | 4106 | 3385 | +| ML-DSA65 | Rsa3072Pss(SHA512) | 2364 | | 3707 | +| ML-DSA65 | Rsa3072Pkcs15(SHA512) | 2364 | | 3707 | +| ML-DSA65 | Rsa4096Pss(SHA512) | 2492 | | 3835 | +| ML-DSA65 | Rsa4096Pkcs15(SHA512) | 2492 | | 3835 | +| ML-DSA65 | EcdsaP384(SHA512) | 2061 | 4090 | | +| ML-DSA65 | EcdsaBrainpoolP256r1(SHA512) | 2029 | 4074 | | +| ML-DSA65 | Ed25519(SHA512) | 1996 | 4074 | 3385 | | ML-DSA87 | | 2592 | 4896 | 4627 | -| ML-DSA87 | EcdsaP384SHA512 | 2701 | 4991 | | -| ML-DSA87 | EcdsaBrainpoolP384r1SHA512 | 2701 | 4991 | | -| ML-DSA87 | Ed448SHA512 | 2661 | 4995 | 4753 | +| ML-DSA87 | EcdsaP384(SHA512) | 2701 | 4954 | | +| ML-DSA87 | EcdsaBrainpoolP384r1(SHA512) | 2701 | 4954 | | +| ML-DSA87 | Ed448(SHA512) | 2523 | 4963 | 4753 | ## ASCII Version ``` @@ -28,21 +31,22 @@ Links to lengths in the project: [pk](src/dsa/common/config/pk_len.rs), [sk](src | DSA | Traditional Algorithm | Npk | Nsk | Nsig | +-----------+-----------------------------+------+-------+---------+ | ML-DSA44 | | 1312 | 2560 | 2420 | -| ML-DSA44 | Rsa2048PssSha256 | 1596 | | 2690 | -| ML-DSA44 | Rsa2048Pkcs15Sha256 | 1596 | | 2690 | -| ML-DSA44 | Ed25519SHA512 | 1356 | 2634 | 2496 | -| ML-DSA44 | EcdsaP256SHA256 | 1389 | 2639 | | -| ML-DSA44 | EcdsaBrainpoolP256r1SHA256 | 1389 | 2639 | | +| ML-DSA44 | Rsa2048Pss(SHA256) | 1596 | | 2690 | +| ML-DSA44 | Rsa2048Pkcs15(SHA256) | 1596 | | 2690 | +| ML-DSA44 | Ed25519(SHA512) | 1356 | 2602 | 2496 | +| ML-DSA44 | EcdsaP256(SHA256) | 1389 | 2602 | | | ML-DSA65 | | 1952 | 4032 | 3309 | -| ML-DSA65 | Rsa3072PssSHA512 | 2364 | | 3707 | -| ML-DSA65 | Rsa3072Pkcs15SHA512 | 2364 | | 3707 | -| ML-DSA65 | EcdsaP256SHA512 | 2029 | 4111 | | -| ML-DSA65 | EcdsaBrainpoolP256r1SHA512 | 2029 | 4111 | | -| ML-DSA65 | Ed25519SHA512 | 1996 | 4106 | 3385 | +| ML-DSA65 | Rsa3072Pss(SHA512) | 2364 | | 3707 | +| ML-DSA65 | Rsa3072Pkcs15(SHA512) | 2364 | | 3707 | +| ML-DSA65 | Rsa4096Pss(SHA512) | 2492 | | 3835 | +| ML-DSA65 | Rsa4096Pkcs15(SHA512) | 2492 | | 3835 | +| ML-DSA65 | EcdsaP384(SHA512) | 2061 | 4090 | | +| ML-DSA65 | EcdsaBrainpoolP256r1(SHA512)| 2029 | 4074 | | +| ML-DSA65 | Ed25519(SHA512) | 1996 | 4074 | 3385 | | ML-DSA87 | | 2592 | 4896 | 4627 | -| ML-DSA87 | EcdsaP384SHA512 | 2701 | 4991 | | -| ML-DSA87 | EcdsaBrainpoolP384r1SHA512 | 2701 | 4991 | | -| ML-DSA87 | Ed448SHA512 | 2661 | 4995 | 4753 | +| ML-DSA87 | EcdsaP384(SHA512) | 2701 | 4954 | | +| ML-DSA87 | EcdsaBrainpoolP384r1(SHA512)| 2701 | 4954 | | +| ML-DSA87 | Ed448(SHA512) | 2523 | 4963 | 4753 | +-----------+----------------------------+------+-------+----------+ ``` @@ -130,7 +134,16 @@ Overhead of a SEQUENCE SIZE (2) OF BIT STRING (one short-form, one long form) = Overhead of a SEQUENCE SIZE (2) OF BIT STRING (two long form) = 5 + 5 + 4 = 14 -### SecretKey ([DSA](src/dsa/common/config/sk_len.rs), [KEM](src/kem/common/config/sk_len.rs)) +### SecretKey for [DSA](src/dsa/common/config/sk_len.rs) +```plaintext +SEQUENCE { + pq_sk OCTET STRING, + trad_sk OCTET STRING, +} +``` +As demonstrated in the [notes on overhead computation](#notes-on-overhead-computation) section, the overhead is either 10 or 12 for secrete key depending on the length of the keys: pq_tag (1) + pq_len(3, KEM is always long-form) + trad_tag (1) + trad_length(1 or 3) + Sequence(4). + +### SecretKey for [KEM](src/kem/common/config/sk_len.rs) ```plaintext SEQUENCE { @@ -159,7 +172,7 @@ Total = 11 + For ML-KEM: ` = 13`, so the overhead = 13 + 11 = 24 -#### Overhead of an OneAsymmetricKey (OAK) without a public key for a short private key: +#### Overhead of an OneAsymmetricKey (OAK) without a public key for a short private key : - (outer sequence overhead => 1(tag) + 3(long-form length)) = 4 - (private key => 1(tag) + 1(short-form length)) = 2 @@ -167,20 +180,9 @@ For ML-KEM: ` = 13`, so the overhead = 13 + 11 = 24 Total = 9 + -#### Calculation Results for varied `` in DSA Composites: - -| Traditional Algorithm | Oid | Number of Bytes | Overhead | -| --------------------- | --- | --------------- | -------- | -| Ed25519SHA512 | 1.3.101.112 | 5 | 9 + 5 = 14 | -| Ed448SHA512 | 1.3.101.113 | 5 | 9 + 5 = 14 | -| EcdsaBrainpoolP256r1SHA512 | 1.2.840.10045.4.3.4 | 10 | 9 + 10 = 19 | -| EcdsaBrainpoolP384r1SHA512 | 1.2.840.10045.4.3.4 | 10 | 9 + 10 = 19 | -| EcdsaP256SHA512 | 1.2.840.10045.4.3.4 | 10 | 9 + 10 = 19 | -| EcdsaP384SHA512 | 1.2.840.10045.4.3.4 | 10 | 9 + 10 = 19 | - -#### DSA vs KEM Secret Key Overhead Comparison +### DSA vs KEM Secret Key Overhead Comparison -For the secret key of composite KEMs, they also store the public key of the tranditional algorithm, causing additional overheads. On the other hand, composite DSAs do not store traditional public keys so that their secret key overhead is solely due to the wrapping structures (Algorithm Identifier and SEQUENCE). +For the secret key of composite KEMs, it is necessary to follow the OneAsymmetricKey structure since they also store the public key of the tranditional algorithm. On the other hand, composite DSAs do not store traditional public keys so that their structures can be simplified to a SEQUENCE of two OCTET STRINGs. ### CipherText Length ([KEM](src/kem/common/config/ct_len.rs)) ```plaintext diff --git a/src/dsa/common/config/pk_len.rs b/src/dsa/common/config/pk_len.rs index b9a10f3..5af9f3c 100644 --- a/src/dsa/common/config/pk_len.rs +++ b/src/dsa/common/config/pk_len.rs @@ -18,9 +18,8 @@ impl PKLen for DsaType { DsaType::Rsa2048PssSha256 => Some(270), DsaType::Rsa3072Pkcs15Sha256 => Some(398), DsaType::Rsa3072PssSha256 => Some(398), - // TODO: Fill in the rest of the public key lengths - DsaType::Rsa4096Pkcs15Sha384 => None, - DsaType::Rsa4096PssSha384 => None, + DsaType::Rsa4096Pkcs15Sha384 => Some(526), + DsaType::Rsa4096PssSha384 => Some(526), DsaType::EcdsaP256SHA256 => Some(65), DsaType::EcdsaBrainpoolP256r1SHA256 => Some(65), @@ -38,11 +37,10 @@ impl PKLen for DsaType { DsaType::SlhDsaShake256s => Some(64), DsaType::SlhDsaShake256f => Some(64), - //TODO:Fill these in - DsaType::EcdsaP384SHA384 => None, - DsaType::EcdsaBrainpoolP384r1SHA384 => None, - DsaType::Ed25519 => None, - DsaType::Ed448 => None, + DsaType::EcdsaP384SHA384 => Some(97), + DsaType::EcdsaBrainpoolP384r1SHA384 => Some(97), + DsaType::Ed25519 => Some(32), + DsaType::Ed448 => Some(57), } } } @@ -59,37 +57,36 @@ impl PKLen for PrehashDsaType { PrehashDsaType::MlDsa65 => Some(1952), PrehashDsaType::MlDsa87 => Some(2592), - // pq_pk + trad_pk + overhead - PrehashDsaType::MlDsa44Rsa2048Pss => Some(1312 + 270 + 14), - PrehashDsaType::MlDsa44Rsa2048Pkcs15 => Some(1312 + 270 + 14), - PrehashDsaType::MlDsa44Ed25519 => Some(1312 + 32 + 12), - PrehashDsaType::MlDsa44EcdsaP256 => Some(1312 + 65 + 12), - PrehashDsaType::MlDsa65Rsa3072Pss => Some(1952 + 398 + 14), - PrehashDsaType::MlDsa65Rsa3072Pkcs15 => Some(1952 + 398 + 14), - PrehashDsaType::MlDsa65EcdsaP384 => None, //TODO: newly added, check manually - PrehashDsaType::MlDsa65EcdsaBrainpoolP256r1 => Some(1952 + 65 + 12), - PrehashDsaType::MlDsa65Ed25519 => Some(1952 + 32 + 12), - PrehashDsaType::MlDsa87EcdsaP384 => Some(2592 + 97 + 12), - PrehashDsaType::MlDsa87EcdsaBrainpoolP384r1 => Some(2592 + 97 + 12), - PrehashDsaType::MlDsa87Ed448 => Some(2592 + 57 + 12), - PrehashDsaType::MlDsa65Rsa4096Pss => None, //TODO: newly added, check manually - PrehashDsaType::MlDsa65Rsa4096Pkcs15 => None, //TODO: newly added, check manually + // pq_pk + trad_pk + overhead of sequence of two bit strings + PrehashDsaType::MlDsa44Rsa2048Pss => Some(1312 + 270 + 14), // 1596 + PrehashDsaType::MlDsa44Rsa2048Pkcs15 => Some(1312 + 270 + 14), // 1596 + PrehashDsaType::MlDsa44Ed25519 => Some(1312 + 32 + 12), // 1356 + PrehashDsaType::MlDsa44EcdsaP256 => Some(1312 + 65 + 12), // 1389 + PrehashDsaType::MlDsa65Rsa3072Pss => Some(1952 + 398 + 14), // 2364 + PrehashDsaType::MlDsa65Rsa3072Pkcs15 => Some(1952 + 398 + 14), // 2364 + PrehashDsaType::MlDsa65Rsa4096Pss => Some(1952 + 526 + 14), // 2492 + PrehashDsaType::MlDsa65Rsa4096Pkcs15 => Some(1952 + 526 + 14), // 2492 + PrehashDsaType::MlDsa65EcdsaP384 => Some(1952 + 97 + 12), // 2061 + PrehashDsaType::MlDsa65EcdsaBrainpoolP256r1 => Some(1952 + 65 + 12), // 2029 + PrehashDsaType::MlDsa65Ed25519 => Some(1952 + 32 + 12), // 1996 + PrehashDsaType::MlDsa87EcdsaP384 => Some(2592 + 97 + 12), // 2701 + PrehashDsaType::MlDsa87EcdsaBrainpoolP384r1 => Some(2592 + 97 + 12), // 2701 + PrehashDsaType::MlDsa87Ed448 => Some(2592 + 57 + 12), // 2523 - //TODO:Fill these in - PrehashDsaType::MlDsa44Rsa2048PssSha256 => None, - PrehashDsaType::MlDsa44Rsa2048Pkcs15Sha256 => None, - PrehashDsaType::MlDsa44Ed25519Sha512 => None, - PrehashDsaType::MlDsa44EcdsaP256Sha256 => None, - PrehashDsaType::MlDsa65Rsa3072PssSha512 => None, - PrehashDsaType::MlDsa65Rsa3072Pkcs15Sha512 => None, - PrehashDsaType::MlDsa65Rsa4096PssSha512 => None, - PrehashDsaType::MlDsa65Rsa4096Pkcs15Sha512 => None, - PrehashDsaType::MlDsa65EcdsaP384Sha512 => None, - PrehashDsaType::MlDsa65EcdsaBrainpoolP256r1Sha512 => None, - PrehashDsaType::MlDsa65Ed25519Sha512 => None, - PrehashDsaType::MlDsa87EcdsaP384Sha512 => None, - PrehashDsaType::MlDsa87EcdsaBrainpoolP384r1Sha512 => None, - PrehashDsaType::MlDsa87Ed448Sha512 => None, + PrehashDsaType::MlDsa44Rsa2048PssSha256 => Some(1312 + 270 + 14), // 1596 + PrehashDsaType::MlDsa44Rsa2048Pkcs15Sha256 => Some(1312 + 270 + 14), // 1596 + PrehashDsaType::MlDsa44Ed25519Sha512 => Some(1312 + 32 + 12), // 1356 + PrehashDsaType::MlDsa44EcdsaP256Sha256 => Some(1312 + 65 + 12), // 1389 + PrehashDsaType::MlDsa65Rsa3072PssSha512 => Some(1952 + 398 + 14), // 2364 + PrehashDsaType::MlDsa65Rsa3072Pkcs15Sha512 => Some(1952 + 398 + 14), // 2364 + PrehashDsaType::MlDsa65Rsa4096PssSha512 => Some(1952 + 526 + 14), // 2492 + PrehashDsaType::MlDsa65Rsa4096Pkcs15Sha512 => Some(1952 + 526 + 14), // 2492 + PrehashDsaType::MlDsa65EcdsaP384Sha512 => Some(1952 + 97 + 12), // 2061 + PrehashDsaType::MlDsa65EcdsaBrainpoolP256r1Sha512 => Some(1952 + 65 + 12), // 2029 + PrehashDsaType::MlDsa65Ed25519Sha512 => Some(1952 + 32 + 12), // 1996 + PrehashDsaType::MlDsa87EcdsaP384Sha512 => Some(2592 + 97 + 12), // 2701 + PrehashDsaType::MlDsa87EcdsaBrainpoolP384r1Sha512 => Some(2592 + 97 + 12), // 2701 + PrehashDsaType::MlDsa87Ed448Sha512 => Some(2592 + 57 + 12), // 2523 } } } diff --git a/src/dsa/common/config/sig_len.rs b/src/dsa/common/config/sig_len.rs index 9d3e89a..cfbaec6 100644 --- a/src/dsa/common/config/sig_len.rs +++ b/src/dsa/common/config/sig_len.rs @@ -18,9 +18,8 @@ impl SigLen for DsaType { DsaType::Rsa2048PssSha256 => Some(256), DsaType::Rsa3072Pkcs15Sha256 => Some(384), DsaType::Rsa3072PssSha256 => Some(384), - // TODO: Fill in the rest of the public key lengths - DsaType::Rsa4096Pkcs15Sha384 => None, - DsaType::Rsa4096PssSha384 => None, + DsaType::Rsa4096Pkcs15Sha384 => Some(512), + DsaType::Rsa4096PssSha384 => Some(512), // P256 and P384 variations do not have a fixed sig_len DsaType::EcdsaP256SHA256 => None, @@ -39,11 +38,12 @@ impl SigLen for DsaType { DsaType::SlhDsaShake256s => Some(29792), DsaType::SlhDsaShake256f => Some(49856), - //TODO:Fill these in + // P256 and P384 variations do not have a fixed sig_len DsaType::EcdsaP384SHA384 => None, DsaType::EcdsaBrainpoolP384r1SHA384 => None, - DsaType::Ed25519 => None, - DsaType::Ed448 => None, + + DsaType::Ed25519 => Some(64), + DsaType::Ed448 => Some(114), } } } @@ -61,36 +61,35 @@ impl SigLen for PrehashDsaType { PrehashDsaType::MlDsa87 => Some(4627), // pq_pk + trad_pk + overhead - PrehashDsaType::MlDsa44Rsa2048Pss => Some(2420 + 256 + 14), - PrehashDsaType::MlDsa44Rsa2048Pkcs15 => Some(2420 + 256 + 14), - PrehashDsaType::MlDsa44Ed25519 => Some(2420 + 64 + 12), - PrehashDsaType::MlDsa44EcdsaP256 => None, - PrehashDsaType::MlDsa65Rsa3072Pss => Some(3309 + 384 + 14), - PrehashDsaType::MlDsa65Rsa3072Pkcs15 => Some(3309 + 384 + 14), - PrehashDsaType::MlDsa65EcdsaP384 => None, //TODO: newly added, check manually - PrehashDsaType::MlDsa65EcdsaBrainpoolP256r1 => None, - PrehashDsaType::MlDsa65Ed25519 => Some(3309 + 64 + 12), - PrehashDsaType::MlDsa87EcdsaP384 => None, - PrehashDsaType::MlDsa87EcdsaBrainpoolP384r1 => None, - PrehashDsaType::MlDsa87Ed448 => Some(4627 + 114 + 12), - PrehashDsaType::MlDsa65Rsa4096Pss => None, //TODO: newly added, check manually - PrehashDsaType::MlDsa65Rsa4096Pkcs15 => None, //TODO: newly added, check manually + PrehashDsaType::MlDsa44Rsa2048Pss => Some(2420 + 256 + 14), // 2690 + PrehashDsaType::MlDsa44Rsa2048Pkcs15 => Some(2420 + 256 + 14), // 2690 + PrehashDsaType::MlDsa44Ed25519 => Some(2420 + 64 + 12), // 2496 + PrehashDsaType::MlDsa44EcdsaP256 => None, // None + PrehashDsaType::MlDsa65Rsa3072Pss => Some(3309 + 384 + 14), // 3707 + PrehashDsaType::MlDsa65Rsa3072Pkcs15 => Some(3309 + 384 + 14), // 3707 + PrehashDsaType::MlDsa65Rsa4096Pss => Some(3309 + 512 + 14), // 3835 + PrehashDsaType::MlDsa65Rsa4096Pkcs15 => Some(3309 + 512 + 14), // 3835 + PrehashDsaType::MlDsa65EcdsaP384 => None, // None + PrehashDsaType::MlDsa65EcdsaBrainpoolP256r1 => None, // None + PrehashDsaType::MlDsa65Ed25519 => Some(3309 + 64 + 12), // 3385 + PrehashDsaType::MlDsa87EcdsaP384 => None, // None + PrehashDsaType::MlDsa87EcdsaBrainpoolP384r1 => None, // None + PrehashDsaType::MlDsa87Ed448 => Some(4627 + 114 + 12), // 4753 - //TODO:Fill these in - PrehashDsaType::MlDsa44Rsa2048PssSha256 => None, - PrehashDsaType::MlDsa44Rsa2048Pkcs15Sha256 => None, - PrehashDsaType::MlDsa44Ed25519Sha512 => None, - PrehashDsaType::MlDsa44EcdsaP256Sha256 => None, - PrehashDsaType::MlDsa65Rsa3072PssSha512 => None, - PrehashDsaType::MlDsa65Rsa3072Pkcs15Sha512 => None, - PrehashDsaType::MlDsa65Rsa4096PssSha512 => None, - PrehashDsaType::MlDsa65Rsa4096Pkcs15Sha512 => None, - PrehashDsaType::MlDsa65EcdsaP384Sha512 => None, - PrehashDsaType::MlDsa65EcdsaBrainpoolP256r1Sha512 => None, - PrehashDsaType::MlDsa65Ed25519Sha512 => None, - PrehashDsaType::MlDsa87EcdsaP384Sha512 => None, - PrehashDsaType::MlDsa87EcdsaBrainpoolP384r1Sha512 => None, - PrehashDsaType::MlDsa87Ed448Sha512 => None, + PrehashDsaType::MlDsa44Rsa2048PssSha256 => Some(2420 + 256 + 14), // 2690 + PrehashDsaType::MlDsa44Rsa2048Pkcs15Sha256 => Some(2420 + 256 + 14), // 2690 + PrehashDsaType::MlDsa44Ed25519Sha512 => Some(2420 + 64 + 12), // 2496 + PrehashDsaType::MlDsa44EcdsaP256Sha256 => None, // None + PrehashDsaType::MlDsa65Rsa3072PssSha512 => Some(3309 + 384 + 14), // 3707 + PrehashDsaType::MlDsa65Rsa3072Pkcs15Sha512 => Some(3309 + 384 + 14), // 3707 + PrehashDsaType::MlDsa65Rsa4096PssSha512 => Some(3309 + 512 + 14), // 3835 + PrehashDsaType::MlDsa65Rsa4096Pkcs15Sha512 => Some(3309 + 512 + 14), // 3835 + PrehashDsaType::MlDsa65EcdsaP384Sha512 => None, // None + PrehashDsaType::MlDsa65EcdsaBrainpoolP256r1Sha512 => None, // None + PrehashDsaType::MlDsa65Ed25519Sha512 => Some(3309 + 64 + 12), // 3385 + PrehashDsaType::MlDsa87EcdsaP384Sha512 => None, // None + PrehashDsaType::MlDsa87EcdsaBrainpoolP384r1Sha512 => None, // None + PrehashDsaType::MlDsa87Ed448Sha512 => Some(4627 + 114 + 12), // 4753 } } } diff --git a/src/dsa/common/config/sk_len.rs b/src/dsa/common/config/sk_len.rs index 4f13453..420a906 100644 --- a/src/dsa/common/config/sk_len.rs +++ b/src/dsa/common/config/sk_len.rs @@ -19,7 +19,6 @@ impl SKLen for DsaType { DsaType::Rsa2048PssSha256 => None, DsaType::Rsa3072Pkcs15Sha256 => None, DsaType::Rsa3072PssSha256 => None, - // TODO: Fill in the rest of the public key lengths DsaType::Rsa4096Pkcs15Sha384 => None, DsaType::Rsa4096PssSha384 => None, @@ -39,11 +38,10 @@ impl SKLen for DsaType { DsaType::SlhDsaShake256s => Some(64 * 2), DsaType::SlhDsaShake256f => Some(64 * 2), - //TODO:Fill these in - DsaType::EcdsaP384SHA384 => None, - DsaType::EcdsaBrainpoolP384r1SHA384 => None, - DsaType::Ed25519 => None, - DsaType::Ed448 => None, + DsaType::EcdsaP384SHA384 => Some(48), + DsaType::EcdsaBrainpoolP384r1SHA384 => Some(48), + DsaType::Ed25519 => Some(32), + DsaType::Ed448 => Some(57), } } } @@ -60,37 +58,36 @@ impl SKLen for PrehashDsaType { PrehashDsaType::MlDsa65 => Some(4032), PrehashDsaType::MlDsa87 => Some(4896), - // pq_sk + trad_sk + pq_overhead + trad_overhead + sequence_overhead (to wrap 2 OAKs) - PrehashDsaType::MlDsa44Rsa2048Pss => None, - PrehashDsaType::MlDsa44Rsa2048Pkcs15 => None, - PrehashDsaType::MlDsa44Ed25519 => None, - PrehashDsaType::MlDsa44EcdsaP256 => None, - PrehashDsaType::MlDsa65Rsa3072Pss => None, - PrehashDsaType::MlDsa65Rsa3072Pkcs15 => None, - PrehashDsaType::MlDsa65EcdsaP384 => None, //TODO: newly added, check manually - PrehashDsaType::MlDsa65EcdsaBrainpoolP256r1 => None, - PrehashDsaType::MlDsa65Ed25519 => None, - PrehashDsaType::MlDsa87EcdsaP384 => None, - PrehashDsaType::MlDsa87EcdsaBrainpoolP384r1 => None, - PrehashDsaType::MlDsa87Ed448 => None, - PrehashDsaType::MlDsa65Rsa4096Pss => None, //TODO: newly added, check manually - PrehashDsaType::MlDsa65Rsa4096Pkcs15 => None, //TODO: newly added, check manually + // pq_sk + trad_sk + overhead of sequence of two octet strings + PrehashDsaType::MlDsa44Rsa2048Pss => None, // None + PrehashDsaType::MlDsa44Rsa2048Pkcs15 => None, // None + PrehashDsaType::MlDsa44Ed25519 => Some(2560 + 32 + 10), // 2602 + PrehashDsaType::MlDsa44EcdsaP256 => Some(2560 + 32 + 10), // 2602 + PrehashDsaType::MlDsa65Rsa3072Pss => None, // None + PrehashDsaType::MlDsa65Rsa3072Pkcs15 => None, // None + PrehashDsaType::MlDsa65Rsa4096Pss => None, // None + PrehashDsaType::MlDsa65Rsa4096Pkcs15 => None, // None + PrehashDsaType::MlDsa65EcdsaP384 => Some(4032 + 48 + 10), // 4090 + PrehashDsaType::MlDsa65EcdsaBrainpoolP256r1 => Some(4032 + 32 + 10), // 4074 + PrehashDsaType::MlDsa65Ed25519 => Some(4032 + 32 + 10), // 4074 + PrehashDsaType::MlDsa87EcdsaP384 => Some(4896 + 48 + 10), // 4954 + PrehashDsaType::MlDsa87EcdsaBrainpoolP384r1 => Some(4896 + 48 + 10), // 4954 + PrehashDsaType::MlDsa87Ed448 => Some(4896 + 57 + 10), // 4963 - //TODO:Fill these in - PrehashDsaType::MlDsa44Rsa2048PssSha256 => None, - PrehashDsaType::MlDsa44Rsa2048Pkcs15Sha256 => None, - PrehashDsaType::MlDsa44Ed25519Sha512 => None, - PrehashDsaType::MlDsa44EcdsaP256Sha256 => None, - PrehashDsaType::MlDsa65Rsa3072PssSha512 => None, - PrehashDsaType::MlDsa65Rsa3072Pkcs15Sha512 => None, - PrehashDsaType::MlDsa65Rsa4096PssSha512 => None, - PrehashDsaType::MlDsa65Rsa4096Pkcs15Sha512 => None, - PrehashDsaType::MlDsa65EcdsaP384Sha512 => None, - PrehashDsaType::MlDsa65EcdsaBrainpoolP256r1Sha512 => None, - PrehashDsaType::MlDsa65Ed25519Sha512 => None, - PrehashDsaType::MlDsa87EcdsaP384Sha512 => None, - PrehashDsaType::MlDsa87EcdsaBrainpoolP384r1Sha512 => None, - PrehashDsaType::MlDsa87Ed448Sha512 => None, + PrehashDsaType::MlDsa44Rsa2048PssSha256 => None, // None + PrehashDsaType::MlDsa44Rsa2048Pkcs15Sha256 => None, // None + PrehashDsaType::MlDsa44Ed25519Sha512 => Some(2560 + 32 + 10), // 2602 + PrehashDsaType::MlDsa44EcdsaP256Sha256 => Some(2560 + 32 + 10), // 2602 + PrehashDsaType::MlDsa65Rsa3072PssSha512 => None, // None + PrehashDsaType::MlDsa65Rsa3072Pkcs15Sha512 => None, // None + PrehashDsaType::MlDsa65Rsa4096PssSha512 => None, // None + PrehashDsaType::MlDsa65Rsa4096Pkcs15Sha512 => None, // None + PrehashDsaType::MlDsa65EcdsaP384Sha512 => Some(4032 + 48 + 10), // 4090 + PrehashDsaType::MlDsa65EcdsaBrainpoolP256r1Sha512 => Some(4032 + 32 + 10), // 4074 + PrehashDsaType::MlDsa65Ed25519Sha512 => Some(4032 + 32 + 10), // 4074 + PrehashDsaType::MlDsa87EcdsaP384Sha512 => Some(4896 + 48 + 10), // 4954 + PrehashDsaType::MlDsa87EcdsaBrainpoolP384r1Sha512 => Some(4896 + 48 + 10), // 4954 + PrehashDsaType::MlDsa87Ed448Sha512 => Some(4896 + 57 + 10), // 4963 } } }