| draft-ietf-lamps-cms-shakes-17.txt | draft-ietf-lamps-cms-shakes-18.txt | |||
|---|---|---|---|---|
| LAMPS WG P. Kampanakis | LAMPS WG P. Kampanakis | |||
| Internet-Draft Cisco Systems | Internet-Draft Cisco Systems | |||
| Updates: 3370 (if approved) Q. Dang | Updates: 3370 (if approved) Q. Dang | |||
| Intended status: Standards Track NIST | Intended status: Standards Track NIST | |||
| Expires: February 9, 2020 August 8, 2019 | Expires: March 19, 2020 September 16, 2019 | |||
| Use of the SHAKE One-way Hash Functions in the Cryptographic Message | Use of the SHAKE One-way Hash Functions in the Cryptographic Message | |||
| Syntax (CMS) | Syntax (CMS) | |||
| draft-ietf-lamps-cms-shakes-17 | draft-ietf-lamps-cms-shakes-18 | |||
| Abstract | Abstract | |||
| This document updates the "Cryptographic Message Syntax Algorithms" | This document updates the "Cryptographic Message Syntax Algorithms" | |||
| (RFC3370) and describes the conventions for using the SHAKE family of | (RFC3370) and describes the conventions for using the SHAKE family of | |||
| hash functions in the Cryptographic Message Syntax as one-way hash | hash functions in the Cryptographic Message Syntax as one-way hash | |||
| functions with the RSA Probabilistic signature and ECDSA signature | functions with the RSA Probabilistic signature and ECDSA signature | |||
| algorithms. The conventions for the associated signer public keys in | algorithms. The conventions for the associated signer public keys in | |||
| CMS are also described. | CMS are also described. | |||
| skipping to change at page 1, line 37 ¶ | skipping to change at page 1, line 37 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on February 9, 2020. | This Internet-Draft will expire on March 19, 2020. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2019 IETF Trust and the persons identified as the | Copyright (c) 2019 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 5 | 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 2.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 5 | 2.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 3. Identifiers . . . . . . . . . . . . . . . . . . . . . . . . . 6 | 3. Identifiers . . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 4. Use in CMS . . . . . . . . . . . . . . . . . . . . . . . . . 7 | 4. Use in CMS . . . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 4.1. Message Digests . . . . . . . . . . . . . . . . . . . . . 7 | 4.1. Message Digests . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 4.2. Signatures . . . . . . . . . . . . . . . . . . . . . . . 8 | 4.2. Signatures . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 4.2.1. RSASSA-PSS Signatures . . . . . . . . . . . . . . . . 8 | 4.2.1. RSASSA-PSS Signatures . . . . . . . . . . . . . . . . 8 | |||
| 4.2.2. ECDSA Signatures . . . . . . . . . . . . . . . . . . 9 | 4.2.2. ECDSA Signatures . . . . . . . . . . . . . . . . . . 9 | |||
| 4.3. Public Keys . . . . . . . . . . . . . . . . . . . . . . . 9 | 4.3. Public Keys . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 4.4. Message Authentication Codes . . . . . . . . . . . . . . 10 | 4.4. Message Authentication Codes . . . . . . . . . . . . . . 10 | |||
| 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 11 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 11 | |||
| 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 11 | 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 | 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 8.1. Normative References . . . . . . . . . . . . . . . . . . 12 | 8.1. Normative References . . . . . . . . . . . . . . . . . . 11 | |||
| 8.2. Informative References . . . . . . . . . . . . . . . . . 13 | 8.2. Informative References . . . . . . . . . . . . . . . . . 12 | |||
| Appendix A. ASN.1 Module . . . . . . . . . . . . . . . . . . . . 14 | Appendix A. ASN.1 Module . . . . . . . . . . . . . . . . . . . . 14 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18 | |||
| 1. Change Log | 1. Change Log | |||
| [ EDNOTE: Remove this section before publication. ] | [ EDNOTE: Remove this section before publication. ] | |||
| o draft-ietf-lamps-cms-shake-18: | ||||
| * Minor ASN.1 changes. | ||||
| o draft-ietf-lamps-cms-shake-17: | o draft-ietf-lamps-cms-shake-17: | |||
| * Minor updates for EDNOTE accuracy. | * Minor updates for EDNOTE accuracy. | |||
| o draft-ietf-lamps-cms-shake-16: | o draft-ietf-lamps-cms-shake-16: | |||
| * Minor nits. | * Minor nits. | |||
| * Using bytes instead of bits for consistency. | * Using bytes instead of bits for consistency. | |||
| skipping to change at page 6, line 28 ¶ | skipping to change at page 6, line 36 ¶ | |||
| id-shake256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) | id-shake256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) | |||
| country(16) us(840) organization(1) gov(101) csor(3) | country(16) us(840) organization(1) gov(101) csor(3) | |||
| nistAlgorithm(4) 2 12 } | nistAlgorithm(4) 2 12 } | |||
| In this specification, when using the id-shake128 or id-shake256 | In this specification, when using the id-shake128 or id-shake256 | |||
| algorithm identifiers, the parameters MUST be absent. That is, the | algorithm identifiers, the parameters MUST be absent. That is, the | |||
| identifier SHALL be a SEQUENCE of one component, the OID. | identifier SHALL be a SEQUENCE of one component, the OID. | |||
| [I-D.ietf-lamps-pkix-shake] [ EDNOTE: Update reference with the RFC | [I-D.ietf-lamps-pkix-shake] [ EDNOTE: Update reference with the RFC | |||
| when it is published. ] defines two identifiers for RSASSA-PSS | when it is published. ] defines two identifiers for RSASSA-PSS | |||
| signatures using SHAKEs which we include here for convenience. [ | signatures using SHAKEs which we include here for convenience. | |||
| EDNOTE: Update the TBD1-2 reference when the RFC (ietf-lamps-pkix- | ||||
| shake) is published. ] | ||||
| id-RSASSA-PSS-SHAKE128 OBJECT IDENTIFIER ::= { iso(1) | id-RSASSA-PSS-SHAKE128 OBJECT IDENTIFIER ::= { iso(1) | |||
| identified-organization(3) dod(6) internet(1) | identified-organization(3) dod(6) internet(1) | |||
| security(5) mechanisms(5) pkix(7) algorithms(6) | security(5) mechanisms(5) pkix(7) algorithms(6) 30 } | |||
| TBD1 } | ||||
| id-RSASSA-PSS-SHAKE256 OBJECT IDENTIFIER ::= { iso(1) | id-RSASSA-PSS-SHAKE256 OBJECT IDENTIFIER ::= { iso(1) | |||
| identified-organization(3) dod(6) internet(1) | identified-organization(3) dod(6) internet(1) | |||
| security(5) mechanisms(5) pkix(7) algorithms(6) | security(5) mechanisms(5) pkix(7) algorithms(6) 31 } | |||
| TBD2 } | ||||
| The same RSASSA-PSS algorithm identifiers can be used for identifying | The same RSASSA-PSS algorithm identifiers can be used for identifying | |||
| public keys and signatures. | public keys and signatures. | |||
| [I-D.ietf-lamps-pkix-shake] [ EDNOTE: Update reference with the RFC | [I-D.ietf-lamps-pkix-shake] [ EDNOTE: Update reference with the RFC | |||
| when it is published. ] also defines two algorithm identifiers of | when it is published. ] also defines two algorithm identifiers of | |||
| ECDSA signatures using SHAKEs which we include here for convenience. | ECDSA signatures using SHAKEs which we include here for convenience. | |||
| [ EDNOTE: Update the TBD3-4 reference when the RFC (ietf-lamps-pkix- | ||||
| shake) is published. ] | ||||
| id-ecdsa-with-shake128 OBJECT IDENTIFIER ::= { iso(1) | id-ecdsa-with-shake128 OBJECT IDENTIFIER ::= { iso(1) | |||
| identified-organization(3) dod(6) internet(1) | identified-organization(3) dod(6) internet(1) | |||
| security(5) mechanisms(5) pkix(7) algorithms(6) | security(5) mechanisms(5) pkix(7) algorithms(6) 32 } | |||
| TBD3 } | ||||
| id-ecdsa-with-shake256 OBJECT IDENTIFIER ::= { iso(1) | id-ecdsa-with-shake256 OBJECT IDENTIFIER ::= { iso(1) | |||
| identified-organization(3) dod(6) internet(1) | identified-organization(3) dod(6) internet(1) | |||
| security(5) mechanisms(5) pkix(7) algorithms(6) | security(5) mechanisms(5) pkix(7) algorithms(6) 33 } | |||
| TBD4 } | ||||
| The parameters for the four RSASSA-PSS and ECDSA identifiers MUST be | The parameters for the four RSASSA-PSS and ECDSA identifiers MUST be | |||
| absent. That is, each identifier SHALL be a SEQUENCE of one | absent. That is, each identifier SHALL be a SEQUENCE of one | |||
| component, the OID. | component, the OID. | |||
| Two object identifiers for KMACs using SHAKE128 and SHAKE256 as | Two object identifiers for KMACs using SHAKE128 and SHAKE256 as | |||
| defined in by the National Institute of Standards and Technology | defined in by the National Institute of Standards and Technology | |||
| (NIST) in [shake-nist-oids] and we include them here for convenience. | (NIST) in [shake-nist-oids] and we include them here for convenience. | |||
| id-KmacWithSHAKE128 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) | id-KmacWithSHAKE128 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) | |||
| skipping to change at page 11, line 8 ¶ | skipping to change at page 10, line 50 ¶ | |||
| 5. IANA Considerations | 5. IANA Considerations | |||
| One object identifier for the ASN.1 module in Appendix A was | One object identifier for the ASN.1 module in Appendix A was | |||
| requested for the SMI Security for S/MIME Module Identifiers | requested for the SMI Security for S/MIME Module Identifiers | |||
| (1.2.840.113549.1.9.16.0) registry: | (1.2.840.113549.1.9.16.0) registry: | |||
| +---------+----------------------+--------------------+ | +---------+----------------------+--------------------+ | |||
| | Decimal | Description | References | | | Decimal | Description | References | | |||
| +---------+----------------------+--------------------+ | +---------+----------------------+--------------------+ | |||
| | TBD | CMSAlgsForSHAKE-2019 | [EDNOTE: THIS RFC] | | | 70 | CMSAlgsForSHAKE-2019 | [EDNOTE: THIS RFC] | | |||
| +---------+----------------------+--------------------+ | +---------+----------------------+--------------------+ | |||
| 6. Security Considerations | 6. Security Considerations | |||
| This document updates [RFC3370]. The security considerations section | This document updates [RFC3370]. The security considerations section | |||
| of that document applies to this specification as well. | of that document applies to this specification as well. | |||
| NIST has defined appropriate use of the hash functions in terms of | NIST has defined appropriate use of the hash functions in terms of | |||
| the algorithm strengths and expected time frames for secure use in | the algorithm strengths and expected time frames for secure use in | |||
| Special Publications (SPs) [SP800-78-4] and [SP800-107]. These | Special Publications (SPs) [SP800-78-4] and [SP800-107]. These | |||
| skipping to change at page 14, line 41 ¶ | skipping to change at page 14, line 31 ¶ | |||
| Services Industry: The Elliptic Curve Digital Signature | Services Industry: The Elliptic Curve Digital Signature | |||
| Standard (ECDSA)", November 2005. | Standard (ECDSA)", November 2005. | |||
| Appendix A. ASN.1 Module | Appendix A. ASN.1 Module | |||
| This appendix includes the ASN.1 modules for SHAKEs in CMS. This | This appendix includes the ASN.1 modules for SHAKEs in CMS. This | |||
| module includes some ASN.1 from other standards for reference. | module includes some ASN.1 from other standards for reference. | |||
| CMSAlgsForSHAKE-2019 { iso(1) member-body(2) us(840) | CMSAlgsForSHAKE-2019 { iso(1) member-body(2) us(840) | |||
| rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) | rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) | |||
| id-mod-cms-shakes-2019(TBD) } | id-mod-cms-shakes-2019(70) } | |||
| DEFINITIONS EXPLICIT TAGS ::= | DEFINITIONS EXPLICIT TAGS ::= | |||
| BEGIN | BEGIN | |||
| -- EXPORTS ALL; | -- EXPORTS ALL; | |||
| IMPORTS | IMPORTS | |||
| DIGEST-ALGORITHM, MAC-ALGORITHM, SMIME-CAPS | DIGEST-ALGORITHM, MAC-ALGORITHM, SMIME-CAPS | |||
| FROM AlgorithmInformation-2009 | FROM AlgorithmInformation-2009 | |||
| { iso(1) identified-organization(3) dod(6) internet(1) security(5) | { iso(1) identified-organization(3) dod(6) internet(1) security(5) | |||
| mechanisms(5) pkix(7) id-mod(0) | mechanisms(5) pkix(7) id-mod(0) | |||
| id-mod-algorithmInformation-02(58) } | id-mod-algorithmInformation-02(58) } | |||
| RSAPublicKey, rsaEncryption, id-ecPublicKey | RSAPublicKey, rsaEncryption, id-ecPublicKey | |||
| FROM PKIXAlgs-2009 { iso(1) identified-organization(3) dod(6) | FROM PKIXAlgs-2009 { iso(1) identified-organization(3) dod(6) | |||
| internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) | internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) | |||
| id-mod-pkix1-algorithms2008-02(56) } ; | id-mod-pkix1-algorithms2008-02(56) } | |||
| sa-rsassapssWithSHAKE128, sa-rsassapssWithSHAKE256, | ||||
| sa-ecdsaWithSHAKE128, sa-ecdsaWithSHAKE256 | ||||
| FROM PKIXAlgsForSHAKE-2019 { | ||||
| iso(1) identified-organization(3) dod(6) | ||||
| internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) | ||||
| id-mod-pkix1-shakes-2019(94) } ; | ||||
| -- | ||||
| -- Message Digest Algorithms (mda-) | -- Message Digest Algorithms (mda-) | |||
| -- used in SignedData, SignerInfo, DigestedData, | -- used in SignedData, SignerInfo, DigestedData, | |||
| -- and the AuthenticatedData digestAlgorithm | -- and the AuthenticatedData digestAlgorithm | |||
| -- fields in CMS | -- fields in CMS | |||
| -- | -- | |||
| MessageDigestAlgs DIGEST-ALGORITHM ::= { | -- This expands MessageAuthAlgs from [RFC5652] and | |||
| -- This expands MessageAuthAlgs from [RFC5652] | -- MessageDigestAlgs in [RFC5753] | |||
| -- and MessageDigestAlgs in [RFC5753] | -- | |||
| mda-shake128 | | -- MessageDigestAlgs DIGEST-ALGORITHM ::= { | |||
| mda-shake256, | -- mda-shake128 | | |||
| ... | -- mda-shake256, | |||
| } | -- ... | |||
| -- } | ||||
| -- | -- | |||
| -- One-Way Hash Functions | -- One-Way Hash Functions | |||
| -- SHAKE128 | -- SHAKE128 | |||
| mda-shake128 DIGEST-ALGORITHM ::= { | mda-shake128 DIGEST-ALGORITHM ::= { | |||
| IDENTIFIER id-shake128 -- with output length 32 bytes. | IDENTIFIER id-shake128 -- with output length 32 bytes. | |||
| } | } | |||
| id-shake128 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) | id-shake128 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) | |||
| us(840) organization(1) gov(101) | us(840) organization(1) gov(101) | |||
| csor(3) nistAlgorithm(4) | csor(3) nistAlgorithm(4) | |||
| skipping to change at page 16, line 7 ¶ | skipping to change at page 16, line 4 ¶ | |||
| hashAlgs(2) 12 } | hashAlgs(2) 12 } | |||
| -- | -- | |||
| -- Public key algorithm identifiers located in the | -- Public key algorithm identifiers located in the | |||
| -- OriginatorPublicKey's algorithm attribute in CMS. | -- OriginatorPublicKey's algorithm attribute in CMS. | |||
| -- And Signature identifiers used in SignerInfo | -- And Signature identifiers used in SignerInfo | |||
| -- signatureAlgorithm field of SignedData content | -- signatureAlgorithm field of SignedData content | |||
| -- type and countersignature attribute in CMS. | -- type and countersignature attribute in CMS. | |||
| -- | -- | |||
| -- From RFC5280, for reference. | -- From RFC5280, for reference. | |||
| -- rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } | -- rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } | |||
| -- When the rsaEncryption algorithm identifier is used | -- When the rsaEncryption algorithm identifier is used | |||
| -- for a public key, the AlgorithmIdentifier parameters | -- for a public key, the AlgorithmIdentifier parameters | |||
| -- field MUST contain NULL. | -- field MUST contain NULL. | |||
| -- | -- | |||
| id-RSASSA-PSS-SHAKE128 OBJECT IDENTIFIER ::= { iso(1) | id-RSASSA-PSS-SHAKE128 OBJECT IDENTIFIER ::= { iso(1) | |||
| identified-organization(3) dod(6) internet(1) | identified-organization(3) dod(6) internet(1) | |||
| security(5) mechanisms(5) pkix(7) algorithms(6) | security(5) mechanisms(5) pkix(7) algorithms(6) 30 } | |||
| TBD1 } | ||||
| id-RSASSA-PSS-SHAKE256 OBJECT IDENTIFIER ::= { iso(1) | id-RSASSA-PSS-SHAKE256 OBJECT IDENTIFIER ::= { iso(1) | |||
| identified-organization(3) dod(6) internet(1) | identified-organization(3) dod(6) internet(1) | |||
| security(5) mechanisms(5) pkix(7) algorithms(6) | security(5) mechanisms(5) pkix(7) algorithms(6) 31 } | |||
| TBD2 } | ||||
| -- When the id-RSASSA-PSS-* algorithm identifiers are used | -- When the id-RSASSA-PSS-* algorithm identifiers are used | |||
| -- for a public key or signature in CMS, the AlgorithmIdentifier | -- for a public key or signature in CMS, the AlgorithmIdentifier | |||
| -- parameters field MUST be absent. The message digest algorithm | -- parameters field MUST be absent. The message digest algorithm | |||
| -- used in RSASSA-PSS MUST be SHAKE128 or SHAKE256 with a 32 or | -- used in RSASSA-PSS MUST be SHAKE128 or SHAKE256 with a 32 or | |||
| -- 64 byte outout length, respectively. The mask generation | -- 64 byte outout length, respectively. The mask generation | |||
| -- function MUST be SHAKE128 or SHAKE256 with an output length | -- function MUST be SHAKE128 or SHAKE256 with an output length | |||
| -- of (8*ceil((n-1)/8) - 264) or (8*ceil((n-1)/8) - 520) bits, | -- of (8*ceil((n-1)/8) - 264) or (8*ceil((n-1)/8) - 520) bits, | |||
| -- respectively, where n is the RSA modulus in bits. | -- respectively, where n is the RSA modulus in bits. | |||
| -- The RSASSA-PSS saltLength MUST be 32 or 64 bytes, respectively. | -- The RSASSA-PSS saltLength MUST be 32 or 64 bytes, respectively. | |||
| -- The trailerField MUST be 1, which represents the trailer | -- The trailerField MUST be 1, which represents the trailer | |||
| skipping to change at page 16, line 42 ¶ | skipping to change at page 16, line 40 ¶ | |||
| -- AlgorithmIdentifier of the OriginatorPublicKey, the RSA | -- AlgorithmIdentifier of the OriginatorPublicKey, the RSA | |||
| -- public key MUST be encoded using the RSAPublicKey type. | -- public key MUST be encoded using the RSAPublicKey type. | |||
| -- From RFC4055, for reference. | -- From RFC4055, for reference. | |||
| -- RSAPublicKey ::= SEQUENCE { | -- RSAPublicKey ::= SEQUENCE { | |||
| -- modulus INTEGER, -- -- n | -- modulus INTEGER, -- -- n | |||
| -- publicExponent INTEGER } -- -- e | -- publicExponent INTEGER } -- -- e | |||
| id-ecdsa-with-shake128 OBJECT IDENTIFIER ::= { iso(1) | id-ecdsa-with-shake128 OBJECT IDENTIFIER ::= { iso(1) | |||
| identified-organization(3) dod(6) internet(1) | identified-organization(3) dod(6) internet(1) | |||
| security(5) mechanisms(5) pkix(7) algorithms(6) | security(5) mechanisms(5) pkix(7) algorithms(6) 32 } | |||
| TBD3 } | ||||
| id-ecdsa-with-shake256 OBJECT IDENTIFIER ::= { iso(1) | id-ecdsa-with-shake256 OBJECT IDENTIFIER ::= { iso(1) | |||
| identified-organization(3) dod(6) internet(1) | identified-organization(3) dod(6) internet(1) | |||
| security(5) mechanisms(5) pkix(7) algorithms(6) | security(5) mechanisms(5) pkix(7) algorithms(6) 33 } | |||
| TBD4 } | ||||
| -- When the id-ecdsa-with-shake* algorithm identifiers are | -- When the id-ecdsa-with-shake* algorithm identifiers are | |||
| -- used in CMS, the AlgorithmIdentifier parameters field | -- used in CMS, the AlgorithmIdentifier parameters field | |||
| -- MUST be absent and the signature algorithm should be | -- MUST be absent and the signature algorithm should be | |||
| -- deterministic ECDSA [RFC6979]. The message digest MUST | -- deterministic ECDSA [RFC6979]. The message digest MUST | |||
| -- be SHAKE128 or SHAKE256 with a 32 or 64 byte outout | -- be SHAKE128 or SHAKE256 with a 32 or 64 byte outout | |||
| -- length, respectively. In both cases, the ECDSA public key, | -- length, respectively. In both cases, the ECDSA public key, | |||
| -- MUST be encoded using the id-ecPublicKey type. | -- MUST be encoded using the id-ecPublicKey type. | |||
| -- From RFC5480, for reference. | -- From RFC5480, for reference. | |||
| -- id-ecPublicKey OBJECT IDENTIFIER ::= { | -- id-ecPublicKey OBJECT IDENTIFIER ::= { | |||
| -- iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } | -- iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } | |||
| -- The id-ecPublicKey parameters must be absent or present | -- The id-ecPublicKey parameters must be absent or present | |||
| -- and are defined as | -- and are defined as | |||
| -- ECParameters ::= CHOICE { | -- ECParameters ::= CHOICE { | |||
| -- namedCurve OBJECT IDENTIFIER | -- namedCurve OBJECT IDENTIFIER | |||
| -- -- -- implicitCurve NULL | -- -- -- implicitCurve NULL | |||
| -- -- -- specifiedCurve SpecifiedECDomain | -- -- -- specifiedCurve SpecifiedECDomain | |||
| -- } | -- } | |||
| -- This expands SignatureAlgorithms from [RFC5912] | ||||
| -- | ||||
| -- SignatureAlgs SIGNATURE-ALGORITHM ::= { | ||||
| -- sa-rsassapssWithSHAKE128 | | ||||
| -- sa-rsassapssWithSHAKE256 | | ||||
| -- sa-ecdsaWithSHAKE128 | | ||||
| -- sa-ecdsaWithSHAKE256, | ||||
| -- ... | ||||
| -- } | ||||
| -- This expands MessageAuthAlgs from [RFC5652] and [RFC6268] | ||||
| -- | -- | |||
| -- Message Authentication (maca-) Algorithms | -- Message Authentication (maca-) Algorithms | |||
| -- used in AuthenticatedData macAlgorithm in CMS | -- used in AuthenticatedData macAlgorithm in CMS | |||
| -- | -- | |||
| MessageAuthAlgs MAC-ALGORITHM ::= { | MessageAuthAlgs MAC-ALGORITHM ::= { | |||
| -- This expands MessageAuthAlgs from [RFC5652] and [RFC6268] | ||||
| maca-KMACwithSHAKE128 | | maca-KMACwithSHAKE128 | | |||
| maca-KMACwithSHAKE256, | maca-KMACwithSHAKE256, | |||
| ... | ... | |||
| } | } | |||
| -- This expands SMimeCaps from [RFC5911] | ||||
| -- | ||||
| SMimeCaps SMIME-CAPS ::= { | SMimeCaps SMIME-CAPS ::= { | |||
| -- The expands SMimeCaps from [RFC5911] | -- sa-rsassapssWithSHAKE128.&smimeCaps | | |||
| -- sa-rsassapssWithSHAKE256.&smimeCaps | | ||||
| -- sa-ecdsaWithSHAKE128.&smimeCaps | | ||||
| -- sa-ecdsaWithSHAKE256.&smimeCaps, | ||||
| maca-KMACwithSHAKE128.&smimeCaps | | maca-KMACwithSHAKE128.&smimeCaps | | |||
| maca-KMACwithSHAKE256.&smimeCaps, | maca-KMACwithSHAKE256.&smimeCaps, | |||
| ... | ... | |||
| } | } | |||
| -- | -- | |||
| -- KMAC with SHAKE128 | -- KMAC with SHAKE128 | |||
| maca-KMACwithSHAKE128 MAC-ALGORITHM ::= { | maca-KMACwithSHAKE128 MAC-ALGORITHM ::= { | |||
| IDENTIFIER id-KMACWithSHAKE128 | IDENTIFIER id-KMACWithSHAKE128 | |||
| PARAMS TYPE KMACwithSHAKE128-params ARE optional | PARAMS TYPE KMACwithSHAKE128-params ARE optional | |||
| End of changes. 26 change blocks. | ||||
| 41 lines changed or deleted | 61 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||