| draft-ietf-lamps-cms-shakes-04.txt | draft-ietf-lamps-cms-shakes-05.txt | |||
|---|---|---|---|---|
| LAMPS WG Q. Dang | LAMPS WG Q. Dang | |||
| Internet-Draft NIST | Internet-Draft NIST | |||
| Intended status: Standards Track P. Kampanakis | Intended status: Standards Track P. Kampanakis | |||
| Expires: June 2, 2019 Cisco Systems | Expires: June 21, 2019 Cisco Systems | |||
| November 29, 2018 | December 18, 2018 | |||
| Use of the SHAKE One-way Hash Functions in the Cryptographic Message | Use of the SHAKE One-way Hash Functions in the Cryptographic Message | |||
| Syntax (CMS) | Syntax (CMS) | |||
| draft-ietf-lamps-cms-shakes-04 | draft-ietf-lamps-cms-shakes-05 | |||
| Abstract | Abstract | |||
| This document describes the conventions for using the SHAKE family of | This document describes the conventions for using the SHAKE family of | |||
| hash functions with the Cryptographic Message Syntax (CMS) as one-way | hash functions with the Cryptographic Message Syntax (CMS) as one-way | |||
| hash functions with the RSA Probabilistic signature and ECDSA | hash functions with the RSA Probabilistic signature and ECDSA | |||
| signature algorithms, as message digests and message authentication | signature algorithms, as message digests and message authentication | |||
| codes. The conventions for the associated signer public keys in CMS | codes. The conventions for the associated signer public keys in CMS | |||
| are also described. | are also described. | |||
| skipping to change at page 1, line 37 ¶ | skipping to change at page 1, line 37 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on June 2, 2019. | This Internet-Draft will expire on June 21, 2019. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2018 IETF Trust and the persons identified as the | Copyright (c) 2018 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 19 ¶ | skipping to change at page 2, line 19 ¶ | |||
| 1. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 | 2.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 3. Identifiers . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 3. Identifiers . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 4. Use in CMS . . . . . . . . . . . . . . . . . . . . . . . . . 6 | 4. Use in CMS . . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 4.1. Message Digests . . . . . . . . . . . . . . . . . . . . . 6 | 4.1. Message Digests . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 4.2. Signatures . . . . . . . . . . . . . . . . . . . . . . . 6 | 4.2. Signatures . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 4.2.1. RSASSA-PSS Signatures . . . . . . . . . . . . . . . . 6 | 4.2.1. RSASSA-PSS Signatures . . . . . . . . . . . . . . . . 6 | |||
| 4.2.2. Deterministic ECDSA Signatures . . . . . . . . . . . 7 | 4.2.2. Deterministic ECDSA Signatures . . . . . . . . . . . 7 | |||
| 4.3. Public Keys . . . . . . . . . . . . . . . . . . . . . . . 7 | 4.3. Public Keys . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 4.4. Message Authentication Codes . . . . . . . . . . . . . . 8 | 4.4. Message Authentication Codes . . . . . . . . . . . . . . 8 | |||
| 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 8 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 9 | |||
| 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9 | 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 | 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 8.1. Normative References . . . . . . . . . . . . . . . . . . 9 | 8.1. Normative References . . . . . . . . . . . . . . . . . . 10 | |||
| 8.2. Informative References . . . . . . . . . . . . . . . . . 10 | 8.2. Informative References . . . . . . . . . . . . . . . . . 11 | |||
| Appendix A. ASN.1 Module . . . . . . . . . . . . . . . . . . . . 11 | Appendix A. ASN.1 Module . . . . . . . . . . . . . . . . . . . . 12 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15 | |||
| 1. Change Log | 1. Change Log | |||
| [ EDNOTE: Remove this section before publication. ] | [ EDNOTE: Remove this section before publication. ] | |||
| o draft-ietf-lamps-cms-shake-05: | ||||
| * Added informative references. | ||||
| * Updated ASN.1 so it compiles. | ||||
| * Updated IANA considerations. | ||||
| o draft-ietf-lamps-cms-shake-04: | o draft-ietf-lamps-cms-shake-04: | |||
| * Added RFC8174 reference and text. | * Added RFC8174 reference and text. | |||
| * Explicitly explained why RSASSA-PSS-params are omitted in | * Explicitly explained why RSASSA-PSS-params are omitted in | |||
| section 4.2.1. | section 4.2.1. | |||
| * Simplified Public Keys section by removing redundand info from | * Simplified Public Keys section by removing redundand info from | |||
| RFCs. | RFCs. | |||
| skipping to change at page 8, line 39 ¶ | skipping to change at page 8, line 48 ¶ | |||
| Conforming implementations that process KMACs with the SHAKEs when | Conforming implementations that process KMACs with the SHAKEs when | |||
| processing CMS data MUST recognize these identifiers. | processing CMS data MUST recognize these identifiers. | |||
| When calculating the KMAC output, the variable N is 0xD2B282C2, S is | When calculating the KMAC output, the variable N is 0xD2B282C2, S is | |||
| an empty string, and L, the integer representing the requested output | an empty string, and L, the integer representing the requested output | |||
| length in bits, is 256 or 512 for KmacWithSHAKE128 or | length in bits, is 256 or 512 for KmacWithSHAKE128 or | |||
| KmacWithSHAKE256 respectively in this specification. | KmacWithSHAKE256 respectively in this specification. | |||
| 5. IANA Considerations | 5. IANA Considerations | |||
| [ EDNOTE: Update here only if there are OID allocations by IANA. ] | One object identifier for the ASN.1 module in Appendix A was assigned | |||
| in the SMI Security for S/MIME Module Identifiers | ||||
| (1.2.840.113549.1.9.16.0) registry: | ||||
| This document has no IANA actions. | CMSAlgsForSHAKE-2018 { { iso(1) member-body(2) us(840) | |||
| rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) | ||||
| id-mod-cms-shakes(TBD) } | ||||
| 6. Security Considerations | 6. Security Considerations | |||
| The SHAKEs are deterministic functions. Like any other deterministic | The SHAKEs are deterministic functions. Like any other deterministic | |||
| function, executing each function with the same input multiple times | function, executing each function with the same input multiple times | |||
| will produce the same output. Therefore, users should not expect | will produce the same output. Therefore, users should not expect | |||
| unrelated outputs (with the same or different output lengths) from | unrelated outputs (with the same or different output lengths) from | |||
| excuting a SHAKE function with the same input multiple times. The | excuting a SHAKE function with the same input multiple times. The | |||
| shorter one of any 2 outputs produced from a SHAKE with the same | shorter one of any 2 outputs produced from a SHAKE with the same | |||
| input is a prefix of the longer one. It is a similar situation as | input is a prefix of the longer one. It is a similar situation as | |||
| skipping to change at page 9, line 27 ¶ | skipping to change at page 9, line 41 ¶ | |||
| computing power increases, the work factor or time required to break | computing power increases, the work factor or time required to break | |||
| a particular cryptographic algorithm may decrease. Therefore, | a particular cryptographic algorithm may decrease. Therefore, | |||
| cryptographic algorithm implementations should be modular allowing | cryptographic algorithm implementations should be modular allowing | |||
| new algorithms to be readily inserted. That is, implementers should | new algorithms to be readily inserted. That is, implementers should | |||
| be prepared to regularly update the set of algorithms in their | be prepared to regularly update the set of algorithms in their | |||
| implementations. | implementations. | |||
| 7. Acknowledgements | 7. Acknowledgements | |||
| This document is based on Russ Housley's draft | This document is based on Russ Housley's draft | |||
| [I-D.housley-lamps-cms-sha3-hash] It replaces SHA3 hash functions by | [I-D.housley-lamps-cms-sha3-hash]. It replaces SHA3 hash functions | |||
| SHAKE128 and SHAKE256 as the LAMPS WG agreed. | by SHAKE128 and SHAKE256 as the LAMPS WG agreed. | |||
| 8. References | The authors would like to thank Russ Housley for his guidance and | |||
| very valuable contributions with the ASN.1 module. | ||||
| 8. References | ||||
| 8.1. Normative References | 8.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC4055] Schaad, J., Kaliski, B., and R. Housley, "Additional | [RFC4055] Schaad, J., Kaliski, B., and R. Housley, "Additional | |||
| Algorithms and Identifiers for RSA Cryptography for use in | Algorithms and Identifiers for RSA Cryptography for use in | |||
| the Internet X.509 Public Key Infrastructure Certificate | the Internet X.509 Public Key Infrastructure Certificate | |||
| skipping to change at page 10, line 43 ¶ | skipping to change at page 11, line 18 ¶ | |||
| Housley, R., "Use of the SHA3 One-way Hash Functions in | Housley, R., "Use of the SHA3 One-way Hash Functions in | |||
| the Cryptographic Message Syntax (CMS)", draft-housley- | the Cryptographic Message Syntax (CMS)", draft-housley- | |||
| lamps-cms-sha3-hash-00 (work in progress), March 2017. | lamps-cms-sha3-hash-00 (work in progress), March 2017. | |||
| [RFC3279] Bassham, L., Polk, W., and R. Housley, "Algorithms and | [RFC3279] Bassham, L., Polk, W., and R. Housley, "Algorithms and | |||
| Identifiers for the Internet X.509 Public Key | Identifiers for the Internet X.509 Public Key | |||
| Infrastructure Certificate and Certificate Revocation List | Infrastructure Certificate and Certificate Revocation List | |||
| (CRL) Profile", RFC 3279, DOI 10.17487/RFC3279, April | (CRL) Profile", RFC 3279, DOI 10.17487/RFC3279, April | |||
| 2002, <https://www.rfc-editor.org/info/rfc3279>. | 2002, <https://www.rfc-editor.org/info/rfc3279>. | |||
| [RFC5753] Turner, S. and D. Brown, "Use of Elliptic Curve | ||||
| Cryptography (ECC) Algorithms in Cryptographic Message | ||||
| Syntax (CMS)", RFC 5753, DOI 10.17487/RFC5753, January | ||||
| 2010, <https://www.rfc-editor.org/info/rfc5753>. | ||||
| [RFC5911] Hoffman, P. and J. Schaad, "New ASN.1 Modules for | ||||
| Cryptographic Message Syntax (CMS) and S/MIME", RFC 5911, | ||||
| DOI 10.17487/RFC5911, June 2010, | ||||
| <https://www.rfc-editor.org/info/rfc5911>. | ||||
| [RFC6268] Schaad, J. and S. Turner, "Additional New ASN.1 Modules | ||||
| for the Cryptographic Message Syntax (CMS) and the Public | ||||
| Key Infrastructure Using X.509 (PKIX)", RFC 6268, | ||||
| DOI 10.17487/RFC6268, July 2011, | ||||
| <https://www.rfc-editor.org/info/rfc6268>. | ||||
| [RFC6979] Pornin, T., "Deterministic Usage of the Digital Signature | [RFC6979] Pornin, T., "Deterministic Usage of the Digital Signature | |||
| Algorithm (DSA) and Elliptic Curve Digital Signature | Algorithm (DSA) and Elliptic Curve Digital Signature | |||
| Algorithm (ECDSA)", RFC 6979, DOI 10.17487/RFC6979, August | Algorithm (ECDSA)", RFC 6979, DOI 10.17487/RFC6979, August | |||
| 2013, <https://www.rfc-editor.org/info/rfc6979>. | 2013, <https://www.rfc-editor.org/info/rfc6979>. | |||
| [SEC1] Standards for Efficient Cryptography Group, "SEC 1: | [SEC1] Standards for Efficient Cryptography Group, "SEC 1: | |||
| Elliptic Curve Cryptography", May 2009, | Elliptic Curve Cryptography", May 2009, | |||
| <http://www.secg.org/sec1-v2.pdf>. | <http://www.secg.org/sec1-v2.pdf>. | |||
| [shake-nist-oids] | [shake-nist-oids] | |||
| skipping to change at page 11, line 21 ¶ | skipping to change at page 12, line 10 ¶ | |||
| [X9.62] American National Standard for Financial Services (ANSI), | [X9.62] American National Standard for Financial Services (ANSI), | |||
| "X9.62-2005 Public Key Cryptography for the Financial | "X9.62-2005 Public Key Cryptography for the Financial | |||
| Services Industry: The Elliptic Curve Digital Signature | Services Industry: The Elliptic Curve Digital Signature | |||
| Standard (ECDSA)", November 2005. | Standard (ECDSA)", November 2005. | |||
| Appendix A. ASN.1 Module | Appendix A. ASN.1 Module | |||
| This appendix includes the ASN.1 modules for SHAKEs in CMS. This | This appendix includes the ASN.1 modules for SHAKEs in CMS. This | |||
| module includes some ASN.1 from other standards for reference. | module includes some ASN.1 from other standards for reference. | |||
| CMSAlgsForSHAKE-2018 { { iso(1) member-body(2) us(840) | CMSAlgsForSHAKE-2018 { iso(1) member-body(2) us(840) | |||
| rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) | rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) | |||
| id-mod-cms-shakes(TBD) } | id-mod-cms-shakes(TBD) } | |||
| DEFINITIONS EXPLICIT TAGS ::= | DEFINITIONS EXPLICIT TAGS ::= | |||
| BEGIN | BEGIN | |||
| -- EXPORTS ALL; | -- EXPORTS ALL; | |||
| IMPORTS | IMPORTS | |||
| DIGEST-ALGORITHM, MAC-ALGORITHM, SMIME-CAPS | DIGEST-ALGORITHM, MAC-ALGORITHM, SMIME-CAPS | |||
| FROM AlgorithmInformation-2009 | FROM AlgorithmInformation-2009 | |||
| { iso(1) identified-organization(3) dod(6) internet(1) security(5) | { iso(1) identified-organization(3) dod(6) internet(1) security(5) | |||
| mechanisms(5) pkix(7) id-mod(0) | mechanisms(5) pkix(7) id-mod(0) | |||
| id-mod-algorithmInformation-02(58) } | id-mod-algorithmInformation-02(58) } | |||
| RSAPublicKey, rsaEncryption, id-ecPublicKey | RSAPublicKey, rsaEncryption, id-ecPublicKey | |||
| FROM PKIXAlgs-2009 { iso(1) identified-organization(3) dod(6) | FROM PKIXAlgs-2009 { iso(1) identified-organization(3) dod(6) | |||
| internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) | internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) | |||
| id-mod-pkix1-algorithms2008-02(56) } | id-mod-pkix1-algorithms2008-02(56) } ; | |||
| -- | -- | |||
| -- Message Digest Algorithms (mda-) | -- Message Digest Algorithms (mda-) | |||
| -- used in SignedData, SignerInfo, DigestedData, | -- used in SignedData, SignerInfo, DigestedData, | |||
| -- and the AuthenticatedData digestAlgorithm | -- and the AuthenticatedData digestAlgorithm | |||
| -- fields in CMS | -- fields in CMS | |||
| -- | -- | |||
| digestAlgorithms DIGEST-ALGORITHM ::= { | MessageDigestAlgs DIGEST-ALGORITHM ::= { | |||
| ... | ||||
| -- This expands MessageAuthAlgs from [RFC5652] | -- This expands MessageAuthAlgs from [RFC5652] | |||
| -- and MessageDigestAlgs in [RFC5753] | -- and MessageDigestAlgs in [RFC5753] | |||
| mda-shake128 | | mda-shake128 | | |||
| mda-shake256, | mda-shake256, | |||
| ... | ... | |||
| } | } | |||
| -- | -- | |||
| -- One-Way Hash Functions | -- One-Way Hash Functions | |||
| -- SHAKE128 | -- SHAKE128 | |||
| skipping to change at page 12, line 45 ¶ | skipping to change at page 13, line 33 ¶ | |||
| -- type and countersignature attribute in CMS. | -- type and countersignature attribute in CMS. | |||
| -- | -- | |||
| -- From RFC5280, for reference. | -- From RFC5280, for reference. | |||
| -- rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } | -- rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } | |||
| -- When the rsaEncryption algorithm identifier is used | -- When the rsaEncryption algorithm identifier is used | |||
| -- for a public key, the AlgorithmIdentifier parameters | -- for a public key, the AlgorithmIdentifier parameters | |||
| -- field MUST contain NULL. | -- field MUST contain NULL. | |||
| -- | -- | |||
| id-RSASSA-PSS-SHAKE128 OBJECT IDENTIFIER ::= { TBD } | id-RSASSA-PSS-SHAKE128 OBJECT IDENTIFIER ::= { TBD } | |||
| id-RSASSA-PSS-SHAKE256 OBJECT IDENTIFIER ::= { TBD } | id-RSASSA-PSS-SHAKE256 OBJECT IDENTIFIER ::= { TBD } | |||
| -- When the id-RSASSA-PSS-* algorithm identifiers are used | -- When the id-RSASSA-PSS-* algorithm identifiers are used | |||
| -- for a public key or a signature in CMS, the AlgorithmIdentifier | -- for a public key or signature in CMS, the AlgorithmIdentifier | |||
| -- parameters field MUST be absent. The message digest algorithm | -- parameters field MUST be absent. The message digest algorithm | |||
| -- used in RSASSA-PSS MUST be SHAKE128 or SHAKE256 with a 32 or | -- used in RSASSA-PSS MUST be SHAKE128 or SHAKE256 with a 32 or | |||
| -- 64 byte outout length respectively. The mask generating | -- 64 byte outout length respectively. The mask generating | |||
| -- function MUST be SHAKE128 or SHAKE256 with an output length | -- function MUST be SHAKE128 or SHAKE256 with an output length | |||
| -- of (n - 264)/8 or (n - 520)/8 bytes respectively, where n | -- of (n - 264)/8 or (n - 520)/8 bytes respectively, where n | |||
| -- is the RSA modulus in bits. The RSASSA-PSS saltLength MUST | -- is the RSA modulus in bits. The RSASSA-PSS saltLength MUST | |||
| -- be 32 or 64 bytes respectively. In both cases, the RSA | -- be 32 or 64 bytes respectively. In both cases, the RSA | |||
| -- public key, MUST be encoded using the RSAPublicKey type. | -- public key, MUST be encoded using the RSAPublicKey type. | |||
| -- From RFC4055, for reference. | -- From RFC4055, for reference. | |||
| -- RSAPublicKey ::= SEQUENCE { | -- RSAPublicKey ::= SEQUENCE { | |||
| -- modulus INTEGER, -- n | -- modulus INTEGER, -- -- n | |||
| -- publicExponent INTEGER } -- e | -- publicExponent INTEGER } -- -- e | |||
| id-ecdsa-with-shake128 ::= { joint-iso-itu-t(2) country(16) | id-ecdsa-with-shake128 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) | |||
| us(840) organization(1) gov(101) | country(16) us(840) organization(1) | |||
| csor(3) nistAlgorithm(4) | gov(101) csor(3) nistAlgorithm(4) | |||
| sigAlgs(3) TBD } | sigAlgs(3) TBD } | |||
| id-ecdsa-with-shake256 ::= { joint-iso-itu-t(2) country(16) | id-ecdsa-with-shake256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) | |||
| us(840) organization(1) gov(101) | country(16) us(840) organization(1) | |||
| csor(3) nistAlgorithm(4) | gov(101) csor(3) nistAlgorithm(4) | |||
| sigAlgs(3) TBD } | sigAlgs(3) TBD } | |||
| -- When the id-ecdsa-with-shake* algorithm identifiers are | -- When the id-ecdsa-with-shake* algorithm identifiers are | |||
| -- used in CMS, the AlgorithmIdentifier parameters field | -- used in CMS, the AlgorithmIdentifier parameters field | |||
| -- MUST be absent and the signature algorithm should | -- MUST be absent and the signature algorithm should | |||
| -- Deterministric ECDSA [RFC6979]. The message digest MUST | -- Deterministric ECDSA [RFC6979]. The message digest MUST | |||
| -- be SHAKE128 or SHAKE256 with a 32 or 64 byte outout | -- be SHAKE128 or SHAKE256 with a 32 or 64 byte outout | |||
| -- length respectively. In both cases, the ECDSA public key, | -- length respectively. In both cases, the ECDSA public key, | |||
| -- MUST be encoded using the id-ecPublicKey type. | -- MUST be encoded using the id-ecPublicKey type. | |||
| -- From RFC5480, for reference. | -- From RFC5480, for reference. | |||
| -- id-ecPublicKey OBJECT IDENTIFIER ::= { | -- id-ecPublicKey OBJECT IDENTIFIER ::= { | |||
| -- iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } | -- iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } | |||
| -- The id-ecPublicKey parameters must be absent or present | -- The id-ecPublicKey parameters must be absent or present | |||
| -- and are defined as | -- and are defined as | |||
| -- ECParameters ::= CHOICE { | -- ECParameters ::= CHOICE { | |||
| -- namedCurve OBJECT IDENTIFIER | -- namedCurve OBJECT IDENTIFIER | |||
| -- -- implicitCurve NULL | -- -- -- implicitCurve NULL | |||
| -- -- specifiedCurve SpecifiedECDomain | -- -- -- specifiedCurve SpecifiedECDomain | |||
| -- } | -- } | |||
| -- | -- | |||
| -- Message Authentication (maca-) Algorithms | -- Message Authentication (maca-) Algorithms | |||
| -- used in AuthenticatedData macAlgorithm in CMS | -- used in AuthenticatedData macAlgorithm in CMS | |||
| -- | -- | |||
| MessageAuthAlgs MAC-ALGORITHM ::= { | MessageAuthAlgs MAC-ALGORITHM ::= { | |||
| ... | -- This expands MessageAuthAlgs from [RFC5652] and [RFC6268] | |||
| -- This expands MessageAuthAlgs from [RFC5652] and [RFC6268] | maca-KMACwithSHAKE128 | | |||
| maca-KMACwithSHAKE128 | | maca-KMACwithSHAKE256, | |||
| maca-KMACwithSHAKE256 | ... | |||
| } | } | |||
| SMimeCaps SMIME-CAPS ::= { | SMimeCaps SMIME-CAPS ::= { | |||
| -- The expands SMimeCaps from [RFC5911] | ||||
| maca-KMACwithSHAKE128.&smimeCaps | | ||||
| maca-KMACwithSHAKE256.&smimeCaps, | ||||
| ... | ... | |||
| -- The expands SMimeCaps from [RFC5911] | ||||
| maca-KMACwithSHAKE128 | | ||||
| maca-KMACwithSHAKE256 | ||||
| } | } | |||
| -- | -- | |||
| -- KMAC with SHAKE128 | -- KMAC with SHAKE128 | |||
| maca-KMACwithSHAKE128 MAC-ALGORITHM ::= { | maca-KMACwithSHAKE128 MAC-ALGORITHM ::= { | |||
| IDENTIFIER id-KMACWithSHAKE128 | IDENTIFIER id-KMACWithSHAKE128 | |||
| PARAMS TYPE KMACwithSHAKE128-params ARE optional | PARAMS TYPE KMACwithSHAKE128-params ARE optional | |||
| -- If KMACwithSHAKE128-params parameters are absent | -- If KMACwithSHAKE128-params parameters are absent | |||
| -- the SHAKE128 output length used in KMAC is 256 bits | -- the SHAKE128 output length used in KMAC is 256 bits | |||
| -- and the customization string is an empty string. | -- and the customization string is an empty string. | |||
| IS-KEYED-MAC TRUE | ||||
| SMIME-CAPS {IDENTIFIED BY id-KMACWithSHAKE128} | SMIME-CAPS {IDENTIFIED BY id-KMACWithSHAKE128} | |||
| } | } | |||
| id-KMACWithSHAKE128 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) | id-KMACWithSHAKE128 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) | |||
| country(16) us(840) organization(1) | country(16) us(840) organization(1) | |||
| gov(101) csor(3) nistAlgorithm(4) | gov(101) csor(3) nistAlgorithm(4) | |||
| hashAlgs(2) 19 } | hashAlgs(2) 19 } | |||
| KMACwithSHAKE128-params ::= SEQUENCE { | KMACwithSHAKE128-params ::= SEQUENCE { | |||
| KMACOutputLength INTEGER DEFAULT 256, -- Output length in bits | kMACOutputLength INTEGER DEFAULT 256, -- Output length in bits | |||
| customizationString OCTET STRING DEFAULT ''H | customizationString OCTET STRING DEFAULT ''H | |||
| } | } | |||
| -- KMAC with SHAKE256 | -- KMAC with SHAKE256 | |||
| maca-KMACwithSHAKE256 MAC-ALGORITHM ::= { | maca-KMACwithSHAKE256 MAC-ALGORITHM ::= { | |||
| IDENTIFIER id-KMACWithSHAKE256 | IDENTIFIER id-KMACWithSHAKE256 | |||
| PARAMS TYPE KMACwithSHAKE256-params ARE optional | PARAMS TYPE KMACwithSHAKE256-params ARE optional | |||
| -- If KMACwithSHAKE256-params parameters are absent | -- If KMACwithSHAKE256-params parameters are absent | |||
| -- the SHAKE256 output length used in KMAC is 512 bits | -- the SHAKE256 output length used in KMAC is 512 bits | |||
| -- and the customization string is an empty string. | -- and the customization string is an empty string. | |||
| IS-KEYED-MAC TRUE | ||||
| SMIME-CAPS {IDENTIFIED BY id-KMACWithSHAKE256} | SMIME-CAPS {IDENTIFIED BY id-KMACWithSHAKE256} | |||
| } | } | |||
| id-KMACWithSHAKE256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) | id-KMACWithSHAKE256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) | |||
| country(16) us(840) organization(1) | country(16) us(840) organization(1) | |||
| gov(101) csor(3) nistAlgorithm(4) | gov(101) csor(3) nistAlgorithm(4) | |||
| hashAlgs(2) 20 } | hashAlgs(2) 20 } | |||
| KMACwithSHAKE256-params ::= SEQUENCE { | KMACwithSHAKE256-params ::= SEQUENCE { | |||
| KMACOutputLength INTEGER DEFAULT 512, -- Output length in bits | kMACOutputLength INTEGER DEFAULT 512, -- Output length in bits | |||
| customizationString OCTET STRING DEFAULT ''H | customizationString OCTET STRING DEFAULT ''H | |||
| } | } | |||
| END | END | |||
| Authors' Addresses | Authors' Addresses | |||
| Quynh Dang | Quynh Dang | |||
| NIST | NIST | |||
| 100 Bureau Drive | 100 Bureau Drive | |||
| Gaithersburg, MD 20899 | Gaithersburg, MD 20899 | |||
| Email: quynh.Dang@nist.gov | Email: quynh.Dang@nist.gov | |||
| Panos Kampanakis | Panos Kampanakis | |||
| Cisco Systems | Cisco Systems | |||
| End of changes. 31 change blocks. | ||||
| 42 lines changed or deleted | 74 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||