| draft-ietf-lamps-cms-shakes-09.txt | draft-ietf-lamps-cms-shakes-10.txt | |||
|---|---|---|---|---|
| LAMPS WG P. Kampanakis | LAMPS WG P. Kampanakis | |||
| Internet-Draft Cisco Systems | Internet-Draft Cisco Systems | |||
| Updates: RFC3370 (if approved) Q. Dang | Updates: RFC3370 (if approved) Q. Dang | |||
| Intended status: Standards Track NIST | Intended status: Standards Track NIST | |||
| Expires: October 13, 2019 April 11, 2019 | Expires: October 27, 2019 April 25, 2019 | |||
| Use of the SHAKE One-way Hash Functions in the Cryptographic Message | Use of the SHAKE One-way Hash Functions in the Cryptographic Message | |||
| Syntax (CMS) | Syntax (CMS) | |||
| draft-ietf-lamps-cms-shakes-09 | draft-ietf-lamps-cms-shakes-10 | |||
| Abstract | Abstract | |||
| This document describes the conventions for using the SHAKE family of | This document describes the conventions for using the SHAKE family of | |||
| hash functions with the Cryptographic Message Syntax (CMS) as one-way | hash functions with the Cryptographic Message Syntax (CMS) as one-way | |||
| hash functions with the RSA Probabilistic signature and ECDSA | hash functions with the RSA Probabilistic signature and ECDSA | |||
| signature algorithms, as message digests and message authentication | signature algorithms, as message digests and message authentication | |||
| codes. The conventions for the associated signer public keys in CMS | codes. The conventions for the associated signer public keys in CMS | |||
| are also described. | are also described. | |||
| skipping to change at page 1, line 37 ¶ | skipping to change at page 1, line 37 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on October 13, 2019. | This Internet-Draft will expire on October 27, 2019. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2019 IETF Trust and the persons identified as the | Copyright (c) 2019 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 | 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 2.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 | 2.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 3. Identifiers . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 3. Identifiers . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 4. Use in CMS . . . . . . . . . . . . . . . . . . . . . . . . . 6 | 4. Use in CMS . . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 4.1. Message Digests . . . . . . . . . . . . . . . . . . . . . 6 | 4.1. Message Digests . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 4.2. Signatures . . . . . . . . . . . . . . . . . . . . . . . 7 | 4.2. Signatures . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 4.2.1. RSASSA-PSS Signatures . . . . . . . . . . . . . . . . 7 | 4.2.1. RSASSA-PSS Signatures . . . . . . . . . . . . . . . . 7 | |||
| 4.2.2. ECDSA Signatures . . . . . . . . . . . . . . . . . . 8 | 4.2.2. ECDSA Signatures . . . . . . . . . . . . . . . . . . 8 | |||
| 4.3. Public Keys . . . . . . . . . . . . . . . . . . . . . . . 8 | 4.3. Public Keys . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 4.4. Message Authentication Codes . . . . . . . . . . . . . . 9 | 4.4. Message Authentication Codes . . . . . . . . . . . . . . 9 | |||
| 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 9 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 10 | |||
| 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10 | 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 | 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 8.1. Normative References . . . . . . . . . . . . . . . . . . 10 | 8.1. Normative References . . . . . . . . . . . . . . . . . . 11 | |||
| 8.2. Informative References . . . . . . . . . . . . . . . . . 11 | 8.2. Informative References . . . . . . . . . . . . . . . . . 12 | |||
| Appendix A. ASN.1 Module . . . . . . . . . . . . . . . . . . . . 12 | Appendix A. ASN.1 Module . . . . . . . . . . . . . . . . . . . . 13 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 1. Change Log | 1. Change Log | |||
| [ EDNOTE: Remove this section before publication. ] | [ EDNOTE: Remove this section before publication. ] | |||
| o draft-ietf-lamps-cms-shake-10: | ||||
| * Updated IANA considerations section to request for OID | ||||
| assignments. | ||||
| o draft-ietf-lamps-cms-shake-09: | o draft-ietf-lamps-cms-shake-09: | |||
| * Fixed minor text nit. | * Fixed minor text nit. | |||
| * Updates in Sec Considerations section. | * Updates in Sec Considerations section. | |||
| o draft-ietf-lamps-cms-shake-08: | o draft-ietf-lamps-cms-shake-08: | |||
| * id-shake128-len and id-shake256-len were replaced with id- | * id-shake128-len and id-shake256-len were replaced with id- | |||
| sha128 with 32 bytes output length and id-shake256 with 64 | sha128 with 32 bytes output length and id-shake256 with 64 | |||
| skipping to change at page 5, line 31 ¶ | skipping to change at page 5, line 39 ¶ | |||
| nistAlgorithm(4) 2 11 } | nistAlgorithm(4) 2 11 } | |||
| id-shake256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) | id-shake256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) | |||
| country(16) us(840) organization(1) gov(101) csor(3) | country(16) us(840) organization(1) gov(101) csor(3) | |||
| nistAlgorithm(4) 2 12 } | nistAlgorithm(4) 2 12 } | |||
| In this specification, when using the id-shake128 or id-shake256 | In this specification, when using the id-shake128 or id-shake256 | |||
| algorithm identifiers, the parameters MUST be absent. That is, the | algorithm identifiers, the parameters MUST be absent. That is, the | |||
| identifier SHALL be a SEQUENCE of one component, the OID. | identifier SHALL be a SEQUENCE of one component, the OID. | |||
| We define two new identifiers for RSASSA-PSS signatures using SHAKEs. | We define two identifiers for RSASSA-PSS signatures using SHAKEs. | |||
| id-RSASSA-PSS-SHAKE128 OBJECT IDENTIFIER ::= { TBD1 } | ||||
| id-RSASSA-PSS-SHAKE256 OBJECT IDENTIFIER ::= { TBD2 } | id-RSASSA-PSS-SHAKE128 OBJECT IDENTIFIER ::= { iso(1) | |||
| identified-organization(3) dod(6) internet(1) | ||||
| security(5) mechanisms(5) pkix(7) algorithms(6) | ||||
| TBD1 } | ||||
| [ EDNOTE: "TBD1", "TBD2" will be specified by NIST later. ] | id-RSASSA-PSS-SHAKE256 OBJECT IDENTIFIER ::= { iso(1) | |||
| identified-organization(3) dod(6) internet(1) | ||||
| security(5) mechanisms(5) pkix(7) algorithms(6) | ||||
| TBD2 } | ||||
| The same RSASSA-PSS algorithm identifiers can be used for identifying | The same RSASSA-PSS algorithm identifiers can be used for identifying | |||
| public keys and signatures. | public keys and signatures. | |||
| We define two new algorithm identifiers of ECDSA signatures using | We define two algorithm identifiers of ECDSA signatures using SHAKEs. | |||
| SHAKEs. | ||||
| id-ecdsa-with-shake128 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) | ||||
| country(16) us(840) organization(1) gov(101) csor(3) | ||||
| nistAlgorithm(4) 3 TBD3 } | ||||
| id-ecdsa-with-shake256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) | id-ecdsa-with-shake128 OBJECT IDENTIFIER ::= { iso(1) | |||
| country(16) us(840) organization(1) gov(101) csor(3) | identified-organization(3) dod(6) internet(1) | |||
| nistAlgorithm(4) 3 TBD4 } | security(5) mechanisms(5) pkix(7) algorithms(6) | |||
| TBD3 } | ||||
| [ EDNOTE: "TBD3", "TBD4" will be specified by NIST. ] | id-ecdsa-with-shake256 OBJECT IDENTIFIER ::= { iso(1) | |||
| identified-organization(3) dod(6) internet(1) | ||||
| security(5) mechanisms(5) pkix(7) algorithms(6) | ||||
| TBD4 } | ||||
| The parameters for the four RSASSA-PSS and ECDSA identifiers MUST be | The parameters for the four RSASSA-PSS and ECDSA identifiers MUST be | |||
| absent. That is, each identifier SHALL be a SEQUENCE of one | absent. That is, each identifier SHALL be a SEQUENCE of one | |||
| component, the OID. | component, the OID. | |||
| Two new object identifiers for KMACs using SHAKE128 and SHAKE256 are | Two object identifiers for KMACs using SHAKE128 and SHAKE256 are | |||
| defined below. | defined below. | |||
| id-KmacWithSHAKE128 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) | id-KmacWithSHAKE128 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) | |||
| country(16) us(840) organization(1) gov(101) csor(3) | country(16) us(840) organization(1) gov(101) csor(3) | |||
| nistAlgorithm(4) 2 19 } | nistAlgorithm(4) 2 19 } | |||
| id-KmacWithSHAKE256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) | id-KmacWithSHAKE256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) | |||
| country(16) us(840) organization(1) gov(101) csor(3) | country(16) us(840) organization(1) gov(101) csor(3) | |||
| nistAlgorithm(4) 2 20 } | nistAlgorithm(4) 2 20 } | |||
| skipping to change at page 9, line 39 ¶ | skipping to change at page 9, line 46 ¶ | |||
| Conforming implementations that process KMACs with the SHAKEs when | Conforming implementations that process KMACs with the SHAKEs when | |||
| processing CMS data MUST recognize these identifiers. | processing CMS data MUST recognize these identifiers. | |||
| When calculating the KMAC output, the variable N is 0xD2B282C2, S is | When calculating the KMAC output, the variable N is 0xD2B282C2, S is | |||
| an empty string, and L, the integer representing the requested output | an empty string, and L, the integer representing the requested output | |||
| length in bits, is 256 or 512 for KmacWithSHAKE128 or | length in bits, is 256 or 512 for KmacWithSHAKE128 or | |||
| KmacWithSHAKE256 respectively in this specification. | KmacWithSHAKE256 respectively in this specification. | |||
| 5. IANA Considerations | 5. IANA Considerations | |||
| One object identifier for the ASN.1 module in Appendix A was assigned | One object identifier for the ASN.1 module in Appendix A was | |||
| in the SMI Security for S/MIME Module Identifiers | requested for the SMI Security for S/MIME Module Identifiers | |||
| (1.2.840.113549.1.9.16.0) registry: | (1.2.840.113549.1.9.16.0) registry: | |||
| CMSAlgsForSHAKE-2019 { iso(1) member-body(2) us(840) | +---------+----------------------+--------------------+ | |||
| rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) | | Decimal | Description | References | | |||
| id-mod-cms-shakes-2019(TBD) } | +---------+----------------------+--------------------+ | |||
| | TBD | CMSAlgsForSHAKE-2019 | [EDNOTE: THIS RFC] | | ||||
| +---------+----------------------+--------------------+ | ||||
| IANA has assigned four OID identifiers in the SMI Security for PKIX | ||||
| Algorithms [SMI-PKIX] (1.3.6.1.5.5.7.6) registry | ||||
| id-RSASSA-PSS-SHAKE128 OBJECT IDENTIFIER ::= { iso(1) | ||||
| identified-organization(3) dod(6) internet(1) | ||||
| security(5) mechanisms(5) pkix(7) algorithms(6) | ||||
| TBD1 } | ||||
| id-RSASSA-PSS-SHAKE256 OBJECT IDENTIFIER ::= { iso(1) | ||||
| identified-organization(3) dod(6) internet(1) | ||||
| security(5) mechanisms(5) pkix(7) algorithms(6) | ||||
| TBD2 } | ||||
| id-ecdsa-with-shake128 OBJECT IDENTIFIER ::= { iso(1) | ||||
| identified-organization(3) dod(6) internet(1) | ||||
| security(5) mechanisms(5) pkix(7) algorithms(6) | ||||
| TBD3 } | ||||
| id-ecdsa-with-shake256 OBJECT IDENTIFIER ::= { iso(1) | ||||
| identified-organization(3) dod(6) internet(1) | ||||
| security(5) mechanisms(5) pkix(7) algorithms(6) | ||||
| TBD4 } | ||||
| 6. Security Considerations | 6. Security Considerations | |||
| This document updates [RFC3370]. The security considerations section | This document updates [RFC3370]. The security considerations section | |||
| of that document applies to this specification as well. | of that document applies to this specification as well. | |||
| NIST has defined appropriate use of the hash functions in terms of | NIST has defined appropriate use of the hash functions in terms of | |||
| the algorithm strengths and expected time frames for secure use in | the algorithm strengths and expected time frames for secure use in | |||
| Special Publications (SPs) [SP800-78-4] and [SP800-107]. These | Special Publications (SPs) [SP800-78-4] and [SP800-107]. These | |||
| documents can be used as guides to choose appropriate key sizes for | documents can be used as guides to choose appropriate key sizes for | |||
| skipping to change at page 12, line 26 ¶ | skipping to change at page 13, line 11 ¶ | |||
| [SEC1] Standards for Efficient Cryptography Group, "SEC 1: | [SEC1] Standards for Efficient Cryptography Group, "SEC 1: | |||
| Elliptic Curve Cryptography", May 2009, | Elliptic Curve Cryptography", May 2009, | |||
| <http://www.secg.org/sec1-v2.pdf>. | <http://www.secg.org/sec1-v2.pdf>. | |||
| [shake-nist-oids] | [shake-nist-oids] | |||
| National Institute of Standards and Technology, "Computer | National Institute of Standards and Technology, "Computer | |||
| Security Objects Register", October 2017, | Security Objects Register", October 2017, | |||
| <https://csrc.nist.gov/Projects/Computer-Security-Objects- | <https://csrc.nist.gov/Projects/Computer-Security-Objects- | |||
| Register/Algorithm-Registration>. | Register/Algorithm-Registration>. | |||
| [SMI-PKIX] | ||||
| IANA, "SMI Security for PKIX Algorithms", March 2019, | ||||
| <https://www.iana.org/assignments/smi-numbers/ | ||||
| smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.6>. | ||||
| [SP800-107] | [SP800-107] | |||
| National Institute of Standards and Technology (NIST), | National Institute of Standards and Technology (NIST), | |||
| "SP800-107: Recommendation for Applications Using Approved | "SP800-107: Recommendation for Applications Using Approved | |||
| Hash Algorithms", May 2014, | Hash Algorithms", May 2014, | |||
| <https://csrc.nist.gov/csrc/media/publications/sp/800-107/ | <https://csrc.nist.gov/csrc/media/publications/sp/800-107/ | |||
| rev-1/final/documents/draft_revised_sp800-107.pdf>. | rev-1/final/documents/draft_revised_sp800-107.pdf>. | |||
| [SP800-78-4] | [SP800-78-4] | |||
| National Institute of Standards and Technology (NIST), | National Institute of Standards and Technology (NIST), | |||
| "SP800-78-4: Cryptographic Algorithms and Key Sizes for | "SP800-78-4: Cryptographic Algorithms and Key Sizes for | |||
| skipping to change at page 14, line 22 ¶ | skipping to change at page 15, line 13 ¶ | |||
| -- And Signature identifiers used in SignerInfo | -- And Signature identifiers used in SignerInfo | |||
| -- signatureAlgorithm field of SignedData content | -- signatureAlgorithm field of SignedData content | |||
| -- type and countersignature attribute in CMS. | -- type and countersignature attribute in CMS. | |||
| -- | -- | |||
| -- From RFC5280, for reference. | -- From RFC5280, for reference. | |||
| -- rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } | -- rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } | |||
| -- When the rsaEncryption algorithm identifier is used | -- When the rsaEncryption algorithm identifier is used | |||
| -- for a public key, the AlgorithmIdentifier parameters | -- for a public key, the AlgorithmIdentifier parameters | |||
| -- field MUST contain NULL. | -- field MUST contain NULL. | |||
| -- | -- | |||
| id-RSASSA-PSS-SHAKE128 OBJECT IDENTIFIER ::= { TBD1 } | id-RSASSA-PSS-SHAKE128 OBJECT IDENTIFIER ::= { iso(1) | |||
| id-RSASSA-PSS-SHAKE256 OBJECT IDENTIFIER ::= { TBD2 } | identified-organization(3) dod(6) internet(1) | |||
| security(5) mechanisms(5) pkix(7) algorithms(6) | ||||
| TBD1 } | ||||
| id-RSASSA-PSS-SHAKE256 OBJECT IDENTIFIER ::= { iso(1) | ||||
| identified-organization(3) dod(6) internet(1) | ||||
| security(5) mechanisms(5) pkix(7) algorithms(6) | ||||
| TBD2 } | ||||
| -- When the id-RSASSA-PSS-* algorithm identifiers are used | -- When the id-RSASSA-PSS-* algorithm identifiers are used | |||
| -- for a public key or signature in CMS, the AlgorithmIdentifier | -- for a public key or signature in CMS, the AlgorithmIdentifier | |||
| -- parameters field MUST be absent. The message digest algorithm | -- parameters field MUST be absent. The message digest algorithm | |||
| -- used in RSASSA-PSS MUST be SHAKE128 or SHAKE256 with a 32 or | -- used in RSASSA-PSS MUST be SHAKE128 or SHAKE256 with a 32 or | |||
| -- 64 byte outout length respectively. The mask generating | -- 64 byte outout length respectively. The mask generating | |||
| -- function MUST be SHAKE128 or SHAKE256 with an output length | -- function MUST be SHAKE128 or SHAKE256 with an output length | |||
| -- of (n - 264) or (n - 520) bits respectively, where n | -- of (n - 264) or (n - 520) bits respectively, where n | |||
| -- is the RSA modulus in bits. The RSASSA-PSS saltLength MUST | -- is the RSA modulus in bits. The RSASSA-PSS saltLength MUST | |||
| -- be 32 or 64 bytes respectively. The trailerField MUST be 1, | -- be 32 or 64 bytes respectively. The trailerField MUST be 1, | |||
| -- which represents the trailer field with hexadecimal value | -- which represents the trailer field with hexadecimal value | |||
| skipping to change at page 14, line 39 ¶ | skipping to change at page 15, line 35 ¶ | |||
| -- 64 byte outout length respectively. The mask generating | -- 64 byte outout length respectively. The mask generating | |||
| -- function MUST be SHAKE128 or SHAKE256 with an output length | -- function MUST be SHAKE128 or SHAKE256 with an output length | |||
| -- of (n - 264) or (n - 520) bits respectively, where n | -- of (n - 264) or (n - 520) bits respectively, where n | |||
| -- is the RSA modulus in bits. The RSASSA-PSS saltLength MUST | -- is the RSA modulus in bits. The RSASSA-PSS saltLength MUST | |||
| -- be 32 or 64 bytes respectively. The trailerField MUST be 1, | -- be 32 or 64 bytes respectively. The trailerField MUST be 1, | |||
| -- which represents the trailer field with hexadecimal value | -- which represents the trailer field with hexadecimal value | |||
| -- 0xBC. Regardless of id-RSASSA-PSS-* or rsaEncryption being | -- 0xBC. Regardless of id-RSASSA-PSS-* or rsaEncryption being | |||
| -- used as the AlgorithmIdentifier of the OriginatorPublicKey, | -- used as the AlgorithmIdentifier of the OriginatorPublicKey, | |||
| -- the RSA public key MUST be encoded using the RSAPublicKey | -- the RSA public key MUST be encoded using the RSAPublicKey | |||
| -- type. | -- type. | |||
| -- From RFC4055, for reference. | -- From RFC4055, for reference. | |||
| -- RSAPublicKey ::= SEQUENCE { | -- RSAPublicKey ::= SEQUENCE { | |||
| -- modulus INTEGER, -- -- n | -- modulus INTEGER, -- -- n | |||
| -- publicExponent INTEGER } -- -- e | -- publicExponent INTEGER } -- -- e | |||
| id-ecdsa-with-shake128 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) | id-ecdsa-with-shake128 OBJECT IDENTIFIER ::= { iso(1) | |||
| country(16) us(840) organization(1) | identified-organization(3) dod(6) internet(1) | |||
| gov(101) csor(3) nistAlgorithm(4) | security(5) mechanisms(5) pkix(7) algorithms(6) | |||
| sigAlgs(3) TBD3 } | TBD3 } | |||
| id-ecdsa-with-shake256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) | id-ecdsa-with-shake256 OBJECT IDENTIFIER ::= { iso(1) | |||
| country(16) us(840) organization(1) | identified-organization(3) dod(6) internet(1) | |||
| gov(101) csor(3) nistAlgorithm(4) | security(5) mechanisms(5) pkix(7) algorithms(6) | |||
| sigAlgs(3) TBD4 } | TBD4 } | |||
| -- When the id-ecdsa-with-shake* algorithm identifiers are | -- When the id-ecdsa-with-shake* algorithm identifiers are | |||
| -- used in CMS, the AlgorithmIdentifier parameters field | -- used in CMS, the AlgorithmIdentifier parameters field | |||
| -- MUST be absent and the signature algorithm should be | -- MUST be absent and the signature algorithm should be | |||
| -- deterministic ECDSA [RFC6979]. The message digest MUST | -- deterministic ECDSA [RFC6979]. The message digest MUST | |||
| -- be SHAKE128 or SHAKE256 with a 32 or 64 byte outout | -- be SHAKE128 or SHAKE256 with a 32 or 64 byte outout | |||
| -- length respectively. In both cases, the ECDSA public key, | -- length respectively. In both cases, the ECDSA public key, | |||
| -- MUST be encoded using the id-ecPublicKey type. | -- MUST be encoded using the id-ecPublicKey type. | |||
| -- From RFC5480, for reference. | -- From RFC5480, for reference. | |||
| -- id-ecPublicKey OBJECT IDENTIFIER ::= { | -- id-ecPublicKey OBJECT IDENTIFIER ::= { | |||
| -- iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } | -- iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } | |||
| -- The id-ecPublicKey parameters must be absent or present | -- The id-ecPublicKey parameters must be absent or present | |||
| -- and are defined as | -- and are defined as | |||
| -- ECParameters ::= CHOICE { | -- ECParameters ::= CHOICE { | |||
| -- namedCurve OBJECT IDENTIFIER | -- namedCurve OBJECT IDENTIFIER | |||
| -- -- -- implicitCurve NULL | -- -- -- implicitCurve NULL | |||
| -- -- -- specifiedCurve SpecifiedECDomain | -- -- -- specifiedCurve SpecifiedECDomain | |||
| -- } | -- } | |||
| End of changes. 21 change blocks. | ||||
| 43 lines changed or deleted | 84 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||