| draft-ietf-lamps-pkix-shake-05.txt | draft-ietf-lamps-pkix-shake-06.txt | |||
|---|---|---|---|---|
| LAMPS WG P. Kampanakis | LAMPS WG P. Kampanakis | |||
| Internet-Draft Cisco Systems | Internet-Draft Cisco Systems | |||
| Intended status: Standards Track Q. Dang | Intended status: Standards Track Q. Dang | |||
| Expires: June 2, 2019 NIST | Expires: June 21, 2019 NIST | |||
| November 29, 2018 | December 18, 2018 | |||
| Internet X.509 Public Key Infrastructure: Additional Algorithm | Internet X.509 Public Key Infrastructure: Additional Algorithm | |||
| Identifiers for RSASSA-PSS and ECDSA using SHAKEs | Identifiers for RSASSA-PSS and ECDSA using SHAKEs | |||
| draft-ietf-lamps-pkix-shake-05 | draft-ietf-lamps-pkix-shake-06 | |||
| Abstract | Abstract | |||
| Digital signatures are used to sign messages, X.509 certificates and | Digital signatures are used to sign messages, X.509 certificates and | |||
| CRLs (Certificate Revocation Lists). This document describes the | CRLs (Certificate Revocation Lists). This document describes the | |||
| conventions for using the SHAKE function family in Internet X.509 | conventions for using the SHAKE function family in Internet X.509 | |||
| certificates and CRLs as one-way hash functions with the RSA | certificates and CRLs as one-way hash functions with the RSA | |||
| Probabilistic signature and ECDSA signature algorithms. The | Probabilistic signature and ECDSA signature algorithms. The | |||
| conventions for the associated subject public keys are also | conventions for the associated subject public keys are also | |||
| described. | described. | |||
| skipping to change at page 1, line 38 ¶ | skipping to change at page 1, line 38 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on June 2, 2019. | This Internet-Draft will expire on June 21, 2019. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2018 IETF Trust and the persons identified as the | Copyright (c) 2018 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 4. Identifiers . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 4. Identifiers . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 5. Use in PKIX . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 5. Use in PKIX . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 5.1. Signatures . . . . . . . . . . . . . . . . . . . . . . . 5 | 5.1. Signatures . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 5.1.1. RSASSA-PSS Signatures . . . . . . . . . . . . . . . . 6 | 5.1.1. RSASSA-PSS Signatures . . . . . . . . . . . . . . . . 6 | |||
| 5.1.2. Deterministic ECDSA Signatures . . . . . . . . . . . 6 | 5.1.2. Deterministic ECDSA Signatures . . . . . . . . . . . 7 | |||
| 5.2. Public Keys . . . . . . . . . . . . . . . . . . . . . . . 7 | 5.2. Public Keys . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 | 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 7. Security Considerations . . . . . . . . . . . . . . . . . . . 8 | 7. Security Considerations . . . . . . . . . . . . . . . . . . . 8 | |||
| 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 | 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 | 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 9.1. Normative References . . . . . . . . . . . . . . . . . . 8 | 9.1. Normative References . . . . . . . . . . . . . . . . . . 9 | |||
| 9.2. Informative References . . . . . . . . . . . . . . . . . 9 | 9.2. Informative References . . . . . . . . . . . . . . . . . 10 | |||
| Appendix A. ASN.1 module . . . . . . . . . . . . . . . . . . . . 10 | Appendix A. ASN.1 module . . . . . . . . . . . . . . . . . . . . 10 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 | |||
| 1. Change Log | 1. Change Log | |||
| [ EDNOTE: Remove this section before publication. ] | [ EDNOTE: Remove this section before publication. ] | |||
| o draft-ietf-lamps-pkix-shake-06: | ||||
| * Added informative references. | ||||
| * Updated ASN.1 so it compiles. | ||||
| * Updated IANA considerations. | ||||
| o draft-ietf-lamps-pkix-shake-05: | o draft-ietf-lamps-pkix-shake-05: | |||
| * Added RFC8174 reference and text. | * Added RFC8174 reference and text. | |||
| * Explicitly explained why RSASSA-PSS-params are omitted in | * Explicitly explained why RSASSA-PSS-params are omitted in | |||
| section 5.1.1. | section 5.1.1. | |||
| * Simplified Public Keys section by removing redundand info from | * Simplified Public Keys section by removing redundand info from | |||
| RFCs. | RFCs. | |||
| skipping to change at page 8, line 7 ¶ | skipping to change at page 8, line 10 ¶ | |||
| When the RSA private key owner wishes to limit the use of the public | When the RSA private key owner wishes to limit the use of the public | |||
| key exclusively to RSASSA-PSS, the AlgorithmIdentifiers for RSASSA- | key exclusively to RSASSA-PSS, the AlgorithmIdentifiers for RSASSA- | |||
| PSS defined in Section 4 can be used as the algorithm field in the | PSS defined in Section 4 can be used as the algorithm field in the | |||
| SubjectPublicKeyInfo sequence [RFC5280]. The identifier parameters, | SubjectPublicKeyInfo sequence [RFC5280]. The identifier parameters, | |||
| as explained in section Section 4, MUST be absent. The RSASSA-PSS | as explained in section Section 4, MUST be absent. The RSASSA-PSS | |||
| algorithm functions and output lengths are the same as defined in | algorithm functions and output lengths are the same as defined in | |||
| Section 5.1.1. | Section 5.1.1. | |||
| 6. IANA Considerations | 6. IANA Considerations | |||
| [ EDNOTE: Update here only if there are OID allocations by IANA. ] | One object identifier for the ASN.1 module in Appendix A was assigned | |||
| in the SMI Security for PKIX Module Identifiers (1.3.6.1.5.5.7.0) | ||||
| registry: | ||||
| This document has no IANA actions. | PKIXAlgsForSHAKE-2018 { iso(1) identified-organization(3) dod(6) | |||
| internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) | ||||
| id-mod-pkix1-shake-2018(TBD) } | ||||
| 7. Security Considerations | 7. Security Considerations | |||
| The SHAKEs are deterministic functions. Like any other deterministic | The SHAKEs are deterministic functions. Like any other deterministic | |||
| function, executing multiple times with the same input will produce | function, executing multiple times with the same input will produce | |||
| the same output. Therefore, users should not expect unrelated | the same output. Therefore, users should not expect unrelated | |||
| outputs (with the same or different output lengths) from running a | outputs (with the same or different output lengths) from running a | |||
| SHAKE function with the same input multiple times. The shorter of | SHAKE function with the same input multiple times. The shorter of | |||
| any two outputs produced from a SHAKE with the same input is a prefix | any two outputs produced from a SHAKE with the same input is a prefix | |||
| of the longer one. It is a similar situation as truncating a 512-bit | of the longer one. It is a similar situation as truncating a 512-bit | |||
| skipping to change at page 8, line 40 ¶ | skipping to change at page 8, line 47 ¶ | |||
| cryptographic algorithm implementations should be modular allowing | cryptographic algorithm implementations should be modular allowing | |||
| new algorithms to be readily inserted. That is, implementers should | new algorithms to be readily inserted. That is, implementers should | |||
| be prepared to regularly update the set of algorithms in their | be prepared to regularly update the set of algorithms in their | |||
| implementations. | implementations. | |||
| 8. Acknowledgements | 8. Acknowledgements | |||
| We would like to thank Sean Turner and Jim Schaad for their valuable | We would like to thank Sean Turner and Jim Schaad for their valuable | |||
| contributions to this document. | contributions to this document. | |||
| The authors would like to thank Russ Housley for his guidance and | ||||
| very valuable contributions with the ASN.1 module. | ||||
| 9. References | 9. References | |||
| 9.1. Normative References | 9.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC4055] Schaad, J., Kaliski, B., and R. Housley, "Additional | [RFC4055] Schaad, J., Kaliski, B., and R. Housley, "Additional | |||
| skipping to change at page 10, line 5 ¶ | skipping to change at page 10, line 13 ¶ | |||
| permutation-based-hash-and-extendable-output-functions>. | permutation-based-hash-and-extendable-output-functions>. | |||
| 9.2. Informative References | 9.2. Informative References | |||
| [RFC3279] Bassham, L., Polk, W., and R. Housley, "Algorithms and | [RFC3279] Bassham, L., Polk, W., and R. Housley, "Algorithms and | |||
| Identifiers for the Internet X.509 Public Key | Identifiers for the Internet X.509 Public Key | |||
| Infrastructure Certificate and Certificate Revocation List | Infrastructure Certificate and Certificate Revocation List | |||
| (CRL) Profile", RFC 3279, DOI 10.17487/RFC3279, April | (CRL) Profile", RFC 3279, DOI 10.17487/RFC3279, April | |||
| 2002, <https://www.rfc-editor.org/info/rfc3279>. | 2002, <https://www.rfc-editor.org/info/rfc3279>. | |||
| [RFC5912] Hoffman, P. and J. Schaad, "New ASN.1 Modules for the | ||||
| Public Key Infrastructure Using X.509 (PKIX)", RFC 5912, | ||||
| DOI 10.17487/RFC5912, June 2010, | ||||
| <https://www.rfc-editor.org/info/rfc5912>. | ||||
| [SEC1] Standards for Efficient Cryptography Group, "SEC 1: | [SEC1] Standards for Efficient Cryptography Group, "SEC 1: | |||
| Elliptic Curve Cryptography", May 2009, | Elliptic Curve Cryptography", May 2009, | |||
| <http://www.secg.org/sec1-v2.pdf>. | <http://www.secg.org/sec1-v2.pdf>. | |||
| [X9.62] American National Standard for Financial Services (ANSI), | [X9.62] American National Standard for Financial Services (ANSI), | |||
| "X9.62-2005 Public Key Cryptography for the Financial | "X9.62-2005 Public Key Cryptography for the Financial | |||
| Services Industry: The Elliptic Curve Digital Signature | Services Industry: The Elliptic Curve Digital Signature | |||
| Standard (ECDSA)", November 2005. | Standard (ECDSA)", November 2005. | |||
| Appendix A. ASN.1 module | Appendix A. ASN.1 module | |||
| skipping to change at page 10, line 40 ¶ | skipping to change at page 11, line 4 ¶ | |||
| -- FROM [RFC5912] | -- FROM [RFC5912] | |||
| PUBLIC-KEY, SIGNATURE-ALGORITHM, DIGEST-ALGORITHM, SMIME-CAPS | PUBLIC-KEY, SIGNATURE-ALGORITHM, DIGEST-ALGORITHM, SMIME-CAPS | |||
| FROM AlgorithmInformation-2009 | FROM AlgorithmInformation-2009 | |||
| { iso(1) identified-organization(3) dod(6) internet(1) security(5) | { iso(1) identified-organization(3) dod(6) internet(1) security(5) | |||
| mechanisms(5) pkix(7) id-mod(0) | mechanisms(5) pkix(7) id-mod(0) | |||
| id-mod-algorithmInformation-02(58) } | id-mod-algorithmInformation-02(58) } | |||
| -- FROM [RFC5912] | -- FROM [RFC5912] | |||
| RSAPublicKey, rsaEncryption, pk-rsa, pk-ec, | ||||
| RSAPublicKey, rsaEncryption, id-ecPublicKey, | CURVE, id-ecPublicKey, ECPoint, ECParameters, ECDSA-Sig-Value | |||
| ECPoint, ECDSA-Sig-Value | ||||
| FROM PKIXAlgs-2009 { iso(1) identified-organization(3) dod(6) | FROM PKIXAlgs-2009 { iso(1) identified-organization(3) dod(6) | |||
| internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) | internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) | |||
| id-mod-pkix1-algorithms2008-02(56) } | id-mod-pkix1-algorithms2008-02(56) } | |||
| ; | ||||
| -- | -- | |||
| -- Message Digest Algorithms (mda-) | -- Message Digest Algorithms (mda-) | |||
| -- | -- | |||
| HashAlgs DIGEST-ALGORITHM ::= { | DigestAlgorithms DIGEST-ALGORITHM ::= { | |||
| ... | -- This expands DigestAlgorithms from [RFC5912] | |||
| mda-shake128 | | ||||
| -- This expands MessageAuthAlgs from [RFC5912] | mda-shake256, | |||
| mda-shake128 | | ... | |||
| mda-shake256, | ||||
| ... | ||||
| } | } | |||
| -- | -- | |||
| -- One-Way Hash Functions | -- One-Way Hash Functions | |||
| -- | ||||
| -- SHAKE128 | -- SHAKE128 | |||
| mda-shake128 DIGEST-ALGORITHM ::= { | mda-shake128 DIGEST-ALGORITHM ::= { | |||
| IDENTIFIER id-shake128 -- with output length 32 bytes. | IDENTIFIER id-shake128 -- with output length 32 bytes. | |||
| } | } | |||
| id-shake128 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) | id-shake128 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) | |||
| us(840) organization(1) gov(101) | us(840) organization(1) gov(101) | |||
| csor(3) nistAlgorithm(4) | csor(3) nistAlgorithm(4) | |||
| hashAlgs(2) 11 } | hashAlgs(2) 11 } | |||
| -- SHAKE-256 | -- SHAKE-256 | |||
| skipping to change at page 11, line 35 ¶ | skipping to change at page 11, line 47 ¶ | |||
| } | } | |||
| id-shake256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) | id-shake256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) | |||
| us(840) organization(1) gov(101) | us(840) organization(1) gov(101) | |||
| csor(3) nistAlgorithm(4) | csor(3) nistAlgorithm(4) | |||
| hashAlgs(2) 12 } | hashAlgs(2) 12 } | |||
| -- | -- | |||
| -- Public Key (pk-) Algorithms | -- Public Key (pk-) Algorithms | |||
| -- | -- | |||
| PublicKeys PUBLIC-KEY ::= { | PublicKeys PUBLIC-KEY ::= { | |||
| ... | -- This expands PublicKeys from [RFC5912] | |||
| pk-rsaSSA-PSS-SHAKE128 | | pk-rsaSSA-PSS-SHAKE128 | | |||
| pk-rsaSSA-PSS-SHAKE256, | pk-rsaSSA-PSS-SHAKE256, | |||
| ... | ... | |||
| } | ||||
| -- From [RFC5912] - Here so it compiles. | ||||
| pk-rsa PUBLIC-KEY ::= { | ||||
| IDENTIFIER rsaEncryption | ||||
| KEY RSAPublicKey | ||||
| PARAMS TYPE NULL ARE absent | ||||
| -- Private key format not in this module -- | ||||
| CERT-KEY-USAGE {digitalSignature, nonRepudiation, | ||||
| keyEncipherment, dataEncipherment, keyCertSign, cRLSign} | ||||
| } | } | |||
| -- The hashAlgorithm is mda-shake128 | -- The hashAlgorithm is mda-shake128 | |||
| -- The maskGenAlgorithm is id-shake128 | -- The maskGenAlgorithm is id-shake128 | |||
| -- Mask Gen Algorithm is SHAKE128 with output length | -- Mask Gen Algorithm is SHAKE128 with output length | |||
| -- (n - 264)/8, where n is the RSA modulus in bits. | -- (n - 264)/8, where n is the RSA modulus in bits. | |||
| -- the saltLength is 32 | -- the saltLength is 32 | |||
| -- the trailerField is 1 | -- the trailerField is 1 | |||
| pk-rsaSSA-PSS-SHAKE128 PUBLIC-KEY ::= { | pk-rsaSSA-PSS-SHAKE128 PUBLIC-KEY ::= { | |||
| IDENTIFIER id-RSASSA-PSS-SHAKE128 | IDENTIFIER id-RSASSA-PSS-SHAKE128 | |||
| KEY RSAPublicKey | KEY RSAPublicKey | |||
| PARAMS TYPE NULL ARE absent | PARAMS TYPE NULL ARE absent | |||
| -- Private key format not in this module -- | -- Private key format not in this module -- | |||
| CERT-KEY-USAGE { nonRepudiation, digitalSignature, | CERT-KEY-USAGE { nonRepudiation, digitalSignature, | |||
| keyCertSign, cRLSign } | keyCertSign, cRLSign } | |||
| } | } | |||
| -- The hashAlgorithm is mda-shake256 | -- The hashAlgorithm is mda-shake256 | |||
| -- The maskGenAlgorithm is id-shake256 | -- The maskGenAlgorithm is id-shake256 | |||
| -- Mask Gen Algorithm is SHAKE256 with output length | -- Mask Gen Algorithm is SHAKE256 with output length | |||
| -- (n - 520)/8, where n is the RSA modulus in bits. | -- (n - 520)/8, where n is the RSA modulus in bits. | |||
| -- the saltLength is 64 | -- the saltLength is 64 | |||
| -- the trailerField is 1 | -- the trailerField is 1 | |||
| pk-rsaSSA-PSS-SHAKE256 PUBLIC-KEY ::= { | pk-rsaSSA-PSS-SHAKE256 PUBLIC-KEY ::= { | |||
| IDENTIFIER id-RSASSA-PSS-SHAKE256 | IDENTIFIER id-RSASSA-PSS-SHAKE256 | |||
| KEY RSAPublicKey | KEY RSAPublicKey | |||
| PARAMS TYPE NULL ARE absent | PARAMS TYPE NULL ARE absent | |||
| -- Private key format not in this module -- | ||||
| CERT-KEY-USAGE { nonRepudiation, digitalSignature, | ||||
| keyCertSign, cRLSign } | ||||
| } | ||||
| pk-ec PUBLIC-KEY ::= { | ||||
| IDENTIFIER id-ecPublicKey | ||||
| KEY ECPoint | ||||
| PARAMS TYPE ECParameters ARE required | ||||
| -- Private key format not in this module -- | -- Private key format not in this module -- | |||
| CERT-KEY-USAGE { digitalSignature, nonRepudiation, keyAgreement, | CERT-KEY-USAGE { nonRepudiation, digitalSignature, | |||
| keyCertSign, cRLSign } | keyCertSign, cRLSign } | |||
| } | } | |||
| ECParameters ::= CHOICE { | ||||
| namedCurve CURVE.&id({NamedCurve}) | ||||
| -- implicitCurve NULL | ||||
| -- implicitCurve MUST NOT be used in PKIX | ||||
| -- specifiedCurve SpecifiedCurve | ||||
| -- specifiedCurve MUST NOT be used in PKIX | ||||
| -- Details for specifiedCurve can be found in [X9.62] | ||||
| -- Any future additions to this CHOICE should be coordinated | ||||
| -- with ANSI X.9. | ||||
| } | ||||
| -- | -- | |||
| -- Signature Algorithms (sa-) | -- Signature Algorithms (sa-) | |||
| -- | -- | |||
| SignatureAlgs SIGNATURE-ALGORITHM ::= { | SignatureAlgs SIGNATURE-ALGORITHM ::= { | |||
| ... | ||||
| -- This expands SignatureAlgorithms from [RFC5912] | -- This expands SignatureAlgorithms from [RFC5912] | |||
| sa-rsassapssWithSHAKE128 | | sa-rsassapssWithSHAKE128 | | |||
| sa-rsassapssWithSHAKE256, | sa-rsassapssWithSHAKE256 | | |||
| ... | ||||
| sa-ecdsaWithSHAKE128 | | sa-ecdsaWithSHAKE128 | | |||
| sa-ecdsaWithSHAKE256, | sa-ecdsaWithSHAKE256, | |||
| ... | ... | |||
| } | } | |||
| -- | -- | |||
| -- SMIME Capabilities (sa-) | -- SMIME Capabilities (sa-) | |||
| -- | -- | |||
| SMimeCaps SMIME-CAPS ::= { | SMimeCaps SMIME-CAPS ::= { | |||
| ... | ||||
| -- The expands SMimeCaps from [RFC5912] | -- The expands SMimeCaps from [RFC5912] | |||
| sa-rsassapssWithSHAKE128.&smimeCaps | | sa-rsassapssWithSHAKE128.&smimeCaps | | |||
| sa-rsassapssWithSHAKE256.&smimeCaps, | sa-rsassapssWithSHAKE256.&smimeCaps | | |||
| sa-ecdsaWithSHAKE128.&smimeCaps | | sa-ecdsaWithSHAKE128.&smimeCaps | | |||
| sa-ecdsaWithSHAKE256.&smimeCaps, | sa-ecdsaWithSHAKE256.&smimeCaps, | |||
| ... | ... | |||
| } | } | |||
| -- RSASSA-PSS with SHAKE128 | -- RSASSA-PSS with SHAKE128 | |||
| sa-rsassapssWithSHAKE128 SIGNATURE-ALGORITHM ::= { | sa-rsassapssWithSHAKE128 SIGNATURE-ALGORITHM ::= { | |||
| IDENTIFIER id-RSASSA-PSS-SHAKE128 | IDENTIFIER id-RSASSA-PSS-SHAKE128 | |||
| PARAMS TYPE NULL ARE absent | PARAMS TYPE NULL ARE absent | |||
| -- The hashAlgorithm is mda-shake128 | -- The hashAlgorithm is mda-shake128 | |||
| -- The maskGenAlgorithm is id-shake128 | -- The maskGenAlgorithm is id-shake128 | |||
| -- Mask Gen Algorithm is SHAKE128 with output length | -- Mask Gen Algorithm is SHAKE128 with output length | |||
| -- (n - 264)/8, where n is the RSA modulus in bits. | -- (n - 264)/8, where n is the RSA modulus in bits. | |||
| -- the saltLength is 32 | -- the saltLength is 32 | |||
| -- the trailerField is 1 | -- the trailerField is 1 | |||
| HASHES mda-shake128 | HASHES { mda-shake128 } | |||
| PUBLIC-KEYS { pk-rsa | pk-rsaSSA-PSS-SHAKE128 } | PUBLIC-KEYS { pk-rsa | pk-rsaSSA-PSS-SHAKE128 } | |||
| SMIME-CAPS { IDENTIFIED BY id-RSASSA-PSS-SHAKE128 } | SMIME-CAPS { IDENTIFIED BY id-RSASSA-PSS-SHAKE128 } | |||
| } | } | |||
| id-RSASSA-PSS-SHAKE128 OBJECT IDENTIFIER ::= { TBD } | id-RSASSA-PSS-SHAKE128 OBJECT IDENTIFIER ::= { TBD } | |||
| -- RSASSA-PSS with SHAKE256 | -- RSASSA-PSS with SHAKE256 | |||
| sa-rsassapssWithSHAKE256 SIGNATURE-ALGORITHM ::= { | sa-rsassapssWithSHAKE256 SIGNATURE-ALGORITHM ::= { | |||
| IDENTIFIER id-RSASSA-PSS-SHAKE256 | IDENTIFIER id-RSASSA-PSS-SHAKE256 | |||
| PARAMS TYPE NULL ARE absent | PARAMS TYPE NULL ARE absent | |||
| -- The hashAlgorithm is mda-shake256 | -- The hashAlgorithm is mda-shake256 | |||
| -- The maskGenAlgorithm is id-shake256 | -- The maskGenAlgorithm is id-shake256 | |||
| -- Mask Gen Algorithm is SHAKE256 with output length | -- Mask Gen Algorithm is SHAKE256 with output length | |||
| -- (n - 520)/8, where n is the RSA modulus in bits. | -- (n - 520)/8, where n is the RSA modulus in bits. | |||
| -- the saltLength is 64 | -- the saltLength is 64 | |||
| -- the trailerField is 1 | -- the trailerField is 1 | |||
| HASHES mda-shake256 | HASHES { mda-shake256 } | |||
| PUBLIC-KEYS { pk-rsa | pk-rsaSSA-PSS-SHAKE256 } | PUBLIC-KEYS { pk-rsa | pk-rsaSSA-PSS-SHAKE256 } | |||
| SMIME-CAPS { IDENTIFIED BY id-RSASSA-PSS-SHAKE256 } | SMIME-CAPS { IDENTIFIED BY id-RSASSA-PSS-SHAKE256 } | |||
| } | } | |||
| id-RSASSA-PSS-SHAKE256 OBJECT IDENTIFIER ::= { TBD } | id-RSASSA-PSS-SHAKE256 OBJECT IDENTIFIER ::= { TBD } | |||
| -- Determinstic ECDSA with SHAKE128 | -- Determinstic ECDSA with SHAKE128 | |||
| sa-ecdsaWithSHAKE128 SIGNATURE-ALGORITHM ::= { | sa-ecdsaWithSHAKE128 SIGNATURE-ALGORITHM ::= { | |||
| IDENTIFIER id-ecdsa-with-shake128 | IDENTIFIER id-ecdsa-with-shake128 | |||
| VALUE ECDSA-Sig-Value | VALUE ECDSA-Sig-Value | |||
| PARAMS TYPE NULL ARE absent | PARAMS TYPE NULL ARE absent | |||
| HASHES { mda-shake128 } | HASHES { mda-shake128 } | |||
| PUBLIC-KEYS { pk-ec } | PUBLIC-KEYS { pk-ec } | |||
| SMIME-CAPS { IDENTIFIED BY id-ecdsa-with-shake128 } | SMIME-CAPS { IDENTIFIED BY id-ecdsa-with-shake128 } | |||
| } | } | |||
| id-ecdsa-with-shake128 ::= { joint-iso-itu-t(2) country(16) | id-ecdsa-with-shake128 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) | |||
| us(840) organization(1) gov(101) | country(16) us(840) organization(1) | |||
| csor(3) nistAlgorithm(4) | gov(101) csor(3) nistAlgorithm(4) | |||
| sigAlgs(3) TBD } | sigAlgs(3) TBD } | |||
| -- Determinstic ECDSA with SHAKE256 | -- Determinstic ECDSA with SHAKE256 | |||
| sa-ecdsaWithSHAKE256 SIGNATURE-ALGORITHM ::= { | sa-ecdsaWithSHAKE256 SIGNATURE-ALGORITHM ::= { | |||
| IDENTIFIER id-ecdsa-with-shake256 | IDENTIFIER id-ecdsa-with-shake256 | |||
| VALUE ECDSA-Sig-Value | VALUE ECDSA-Sig-Value | |||
| PARAMS TYPE NULL ARE absent | PARAMS TYPE NULL ARE absent | |||
| HASHES { mda-shake256 } | HASHES { mda-shake256 } | |||
| PUBLIC-KEYS { pk-ec } | PUBLIC-KEYS { pk-ec } | |||
| SMIME-CAPS { IDENTIFIED BY id-ecdsa-with-shake256 } | SMIME-CAPS { IDENTIFIED BY id-ecdsa-with-shake256 } | |||
| } | } | |||
| id-ecdsa-with-shake256 ::= { joint-iso-itu-t(2) country(16) | id-ecdsa-with-shake256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) | |||
| us(840) organization(1) gov(101) | country(16) us(840) organization(1) | |||
| csor(3) nistAlgorithm(4) | gov(101) csor(3) nistAlgorithm(4) | |||
| sigAlgs(3) TBD } | sigAlgs(3) TBD } | |||
| END | END | |||
| Authors' Addresses | Authors' Addresses | |||
| Panos Kampanakis | Panos Kampanakis | |||
| Cisco Systems | Cisco Systems | |||
| Email: pkampana@cisco.com | Email: pkampana@cisco.com | |||
| End of changes. 36 change blocks. | ||||
| 99 lines changed or deleted | 86 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||