draft-ietf-lamps-cms-shakes-04.txt   draft-ietf-lamps-cms-shakes-05.txt 
LAMPS WG Q. Dang LAMPS WG Q. Dang
Internet-Draft NIST Internet-Draft NIST
Intended status: Standards Track P. Kampanakis Intended status: Standards Track P. Kampanakis
Expires: June 2, 2019 Cisco Systems Expires: June 21, 2019 Cisco Systems
November 29, 2018 December 18, 2018
Use of the SHAKE One-way Hash Functions in the Cryptographic Message Use of the SHAKE One-way Hash Functions in the Cryptographic Message
Syntax (CMS) Syntax (CMS)
draft-ietf-lamps-cms-shakes-04 draft-ietf-lamps-cms-shakes-05
Abstract Abstract
This document describes the conventions for using the SHAKE family of This document describes the conventions for using the SHAKE family of
hash functions with the Cryptographic Message Syntax (CMS) as one-way hash functions with the Cryptographic Message Syntax (CMS) as one-way
hash functions with the RSA Probabilistic signature and ECDSA hash functions with the RSA Probabilistic signature and ECDSA
signature algorithms, as message digests and message authentication signature algorithms, as message digests and message authentication
codes. The conventions for the associated signer public keys in CMS codes. The conventions for the associated signer public keys in CMS
are also described. are also described.
skipping to change at page 1, line 37 skipping to change at page 1, line 37
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on June 2, 2019. This Internet-Draft will expire on June 21, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 19 skipping to change at page 2, line 19
1. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 2.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4
3. Identifiers . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Identifiers . . . . . . . . . . . . . . . . . . . . . . . . . 4
4. Use in CMS . . . . . . . . . . . . . . . . . . . . . . . . . 6 4. Use in CMS . . . . . . . . . . . . . . . . . . . . . . . . . 6
4.1. Message Digests . . . . . . . . . . . . . . . . . . . . . 6 4.1. Message Digests . . . . . . . . . . . . . . . . . . . . . 6
4.2. Signatures . . . . . . . . . . . . . . . . . . . . . . . 6 4.2. Signatures . . . . . . . . . . . . . . . . . . . . . . . 6
4.2.1. RSASSA-PSS Signatures . . . . . . . . . . . . . . . . 6 4.2.1. RSASSA-PSS Signatures . . . . . . . . . . . . . . . . 6
4.2.2. Deterministic ECDSA Signatures . . . . . . . . . . . 7 4.2.2. Deterministic ECDSA Signatures . . . . . . . . . . . 7
4.3. Public Keys . . . . . . . . . . . . . . . . . . . . . . . 7 4.3. Public Keys . . . . . . . . . . . . . . . . . . . . . . . 8
4.4. Message Authentication Codes . . . . . . . . . . . . . . 8 4.4. Message Authentication Codes . . . . . . . . . . . . . . 8
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
6. Security Considerations . . . . . . . . . . . . . . . . . . . 8 6. Security Considerations . . . . . . . . . . . . . . . . . . . 9
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 9
8.1. Normative References . . . . . . . . . . . . . . . . . . 9 8.1. Normative References . . . . . . . . . . . . . . . . . . 10
8.2. Informative References . . . . . . . . . . . . . . . . . 10 8.2. Informative References . . . . . . . . . . . . . . . . . 11
Appendix A. ASN.1 Module . . . . . . . . . . . . . . . . . . . . 11 Appendix A. ASN.1 Module . . . . . . . . . . . . . . . . . . . . 12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15
1. Change Log 1. Change Log
[ EDNOTE: Remove this section before publication. ] [ EDNOTE: Remove this section before publication. ]
o draft-ietf-lamps-cms-shake-05:
* Added informative references.
* Updated ASN.1 so it compiles.
* Updated IANA considerations.
o draft-ietf-lamps-cms-shake-04: o draft-ietf-lamps-cms-shake-04:
* Added RFC8174 reference and text. * Added RFC8174 reference and text.
* Explicitly explained why RSASSA-PSS-params are omitted in * Explicitly explained why RSASSA-PSS-params are omitted in
section 4.2.1. section 4.2.1.
* Simplified Public Keys section by removing redundand info from * Simplified Public Keys section by removing redundand info from
RFCs. RFCs.
skipping to change at page 8, line 39 skipping to change at page 8, line 48
Conforming implementations that process KMACs with the SHAKEs when Conforming implementations that process KMACs with the SHAKEs when
processing CMS data MUST recognize these identifiers. processing CMS data MUST recognize these identifiers.
When calculating the KMAC output, the variable N is 0xD2B282C2, S is When calculating the KMAC output, the variable N is 0xD2B282C2, S is
an empty string, and L, the integer representing the requested output an empty string, and L, the integer representing the requested output
length in bits, is 256 or 512 for KmacWithSHAKE128 or length in bits, is 256 or 512 for KmacWithSHAKE128 or
KmacWithSHAKE256 respectively in this specification. KmacWithSHAKE256 respectively in this specification.
5. IANA Considerations 5. IANA Considerations
[ EDNOTE: Update here only if there are OID allocations by IANA. ] One object identifier for the ASN.1 module in Appendix A was assigned
in the SMI Security for S/MIME Module Identifiers
(1.2.840.113549.1.9.16.0) registry:
This document has no IANA actions. CMSAlgsForSHAKE-2018 { { iso(1) member-body(2) us(840)
rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0)
id-mod-cms-shakes(TBD) }
6. Security Considerations 6. Security Considerations
The SHAKEs are deterministic functions. Like any other deterministic The SHAKEs are deterministic functions. Like any other deterministic
function, executing each function with the same input multiple times function, executing each function with the same input multiple times
will produce the same output. Therefore, users should not expect will produce the same output. Therefore, users should not expect
unrelated outputs (with the same or different output lengths) from unrelated outputs (with the same or different output lengths) from
excuting a SHAKE function with the same input multiple times. The excuting a SHAKE function with the same input multiple times. The
shorter one of any 2 outputs produced from a SHAKE with the same shorter one of any 2 outputs produced from a SHAKE with the same
input is a prefix of the longer one. It is a similar situation as input is a prefix of the longer one. It is a similar situation as
skipping to change at page 9, line 27 skipping to change at page 9, line 41
computing power increases, the work factor or time required to break computing power increases, the work factor or time required to break
a particular cryptographic algorithm may decrease. Therefore, a particular cryptographic algorithm may decrease. Therefore,
cryptographic algorithm implementations should be modular allowing cryptographic algorithm implementations should be modular allowing
new algorithms to be readily inserted. That is, implementers should new algorithms to be readily inserted. That is, implementers should
be prepared to regularly update the set of algorithms in their be prepared to regularly update the set of algorithms in their
implementations. implementations.
7. Acknowledgements 7. Acknowledgements
This document is based on Russ Housley's draft This document is based on Russ Housley's draft
[I-D.housley-lamps-cms-sha3-hash] It replaces SHA3 hash functions by [I-D.housley-lamps-cms-sha3-hash]. It replaces SHA3 hash functions
SHAKE128 and SHAKE256 as the LAMPS WG agreed. by SHAKE128 and SHAKE256 as the LAMPS WG agreed.
8. References The authors would like to thank Russ Housley for his guidance and
very valuable contributions with the ASN.1 module.
8. References
8.1. Normative References 8.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC4055] Schaad, J., Kaliski, B., and R. Housley, "Additional [RFC4055] Schaad, J., Kaliski, B., and R. Housley, "Additional
Algorithms and Identifiers for RSA Cryptography for use in Algorithms and Identifiers for RSA Cryptography for use in
the Internet X.509 Public Key Infrastructure Certificate the Internet X.509 Public Key Infrastructure Certificate
skipping to change at page 10, line 43 skipping to change at page 11, line 18
Housley, R., "Use of the SHA3 One-way Hash Functions in Housley, R., "Use of the SHA3 One-way Hash Functions in
the Cryptographic Message Syntax (CMS)", draft-housley- the Cryptographic Message Syntax (CMS)", draft-housley-
lamps-cms-sha3-hash-00 (work in progress), March 2017. lamps-cms-sha3-hash-00 (work in progress), March 2017.
[RFC3279] Bassham, L., Polk, W., and R. Housley, "Algorithms and [RFC3279] Bassham, L., Polk, W., and R. Housley, "Algorithms and
Identifiers for the Internet X.509 Public Key Identifiers for the Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List Infrastructure Certificate and Certificate Revocation List
(CRL) Profile", RFC 3279, DOI 10.17487/RFC3279, April (CRL) Profile", RFC 3279, DOI 10.17487/RFC3279, April
2002, <https://www.rfc-editor.org/info/rfc3279>. 2002, <https://www.rfc-editor.org/info/rfc3279>.
[RFC5753] Turner, S. and D. Brown, "Use of Elliptic Curve
Cryptography (ECC) Algorithms in Cryptographic Message
Syntax (CMS)", RFC 5753, DOI 10.17487/RFC5753, January
2010, <https://www.rfc-editor.org/info/rfc5753>.
[RFC5911] Hoffman, P. and J. Schaad, "New ASN.1 Modules for
Cryptographic Message Syntax (CMS) and S/MIME", RFC 5911,
DOI 10.17487/RFC5911, June 2010,
<https://www.rfc-editor.org/info/rfc5911>.
[RFC6268] Schaad, J. and S. Turner, "Additional New ASN.1 Modules
for the Cryptographic Message Syntax (CMS) and the Public
Key Infrastructure Using X.509 (PKIX)", RFC 6268,
DOI 10.17487/RFC6268, July 2011,
<https://www.rfc-editor.org/info/rfc6268>.
[RFC6979] Pornin, T., "Deterministic Usage of the Digital Signature [RFC6979] Pornin, T., "Deterministic Usage of the Digital Signature
Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature
Algorithm (ECDSA)", RFC 6979, DOI 10.17487/RFC6979, August Algorithm (ECDSA)", RFC 6979, DOI 10.17487/RFC6979, August
2013, <https://www.rfc-editor.org/info/rfc6979>. 2013, <https://www.rfc-editor.org/info/rfc6979>.
[SEC1] Standards for Efficient Cryptography Group, "SEC 1: [SEC1] Standards for Efficient Cryptography Group, "SEC 1:
Elliptic Curve Cryptography", May 2009, Elliptic Curve Cryptography", May 2009,
<http://www.secg.org/sec1-v2.pdf>. <http://www.secg.org/sec1-v2.pdf>.
[shake-nist-oids] [shake-nist-oids]
skipping to change at page 11, line 21 skipping to change at page 12, line 10
[X9.62] American National Standard for Financial Services (ANSI), [X9.62] American National Standard for Financial Services (ANSI),
"X9.62-2005 Public Key Cryptography for the Financial "X9.62-2005 Public Key Cryptography for the Financial
Services Industry: The Elliptic Curve Digital Signature Services Industry: The Elliptic Curve Digital Signature
Standard (ECDSA)", November 2005. Standard (ECDSA)", November 2005.
Appendix A. ASN.1 Module Appendix A. ASN.1 Module
This appendix includes the ASN.1 modules for SHAKEs in CMS. This This appendix includes the ASN.1 modules for SHAKEs in CMS. This
module includes some ASN.1 from other standards for reference. module includes some ASN.1 from other standards for reference.
CMSAlgsForSHAKE-2018 { { iso(1) member-body(2) us(840) CMSAlgsForSHAKE-2018 { iso(1) member-body(2) us(840)
rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0)
id-mod-cms-shakes(TBD) } id-mod-cms-shakes(TBD) }
DEFINITIONS EXPLICIT TAGS ::= DEFINITIONS EXPLICIT TAGS ::=
BEGIN BEGIN
-- EXPORTS ALL; -- EXPORTS ALL;
IMPORTS IMPORTS
DIGEST-ALGORITHM, MAC-ALGORITHM, SMIME-CAPS DIGEST-ALGORITHM, MAC-ALGORITHM, SMIME-CAPS
FROM AlgorithmInformation-2009 FROM AlgorithmInformation-2009
{ iso(1) identified-organization(3) dod(6) internet(1) security(5) { iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) id-mod(0) mechanisms(5) pkix(7) id-mod(0)
id-mod-algorithmInformation-02(58) } id-mod-algorithmInformation-02(58) }
RSAPublicKey, rsaEncryption, id-ecPublicKey RSAPublicKey, rsaEncryption, id-ecPublicKey
FROM PKIXAlgs-2009 { iso(1) identified-organization(3) dod(6) FROM PKIXAlgs-2009 { iso(1) identified-organization(3) dod(6)
internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-pkix1-algorithms2008-02(56) } id-mod-pkix1-algorithms2008-02(56) } ;
-- --
-- Message Digest Algorithms (mda-) -- Message Digest Algorithms (mda-)
-- used in SignedData, SignerInfo, DigestedData, -- used in SignedData, SignerInfo, DigestedData,
-- and the AuthenticatedData digestAlgorithm -- and the AuthenticatedData digestAlgorithm
-- fields in CMS -- fields in CMS
-- --
digestAlgorithms DIGEST-ALGORITHM ::= { MessageDigestAlgs DIGEST-ALGORITHM ::= {
...
-- This expands MessageAuthAlgs from [RFC5652] -- This expands MessageAuthAlgs from [RFC5652]
-- and MessageDigestAlgs in [RFC5753] -- and MessageDigestAlgs in [RFC5753]
mda-shake128 | mda-shake128 |
mda-shake256, mda-shake256,
... ...
} }
-- --
-- One-Way Hash Functions -- One-Way Hash Functions
-- SHAKE128 -- SHAKE128
skipping to change at page 12, line 45 skipping to change at page 13, line 33
-- type and countersignature attribute in CMS. -- type and countersignature attribute in CMS.
-- --
-- From RFC5280, for reference. -- From RFC5280, for reference.
-- rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } -- rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 }
-- When the rsaEncryption algorithm identifier is used -- When the rsaEncryption algorithm identifier is used
-- for a public key, the AlgorithmIdentifier parameters -- for a public key, the AlgorithmIdentifier parameters
-- field MUST contain NULL. -- field MUST contain NULL.
-- --
id-RSASSA-PSS-SHAKE128 OBJECT IDENTIFIER ::= { TBD } id-RSASSA-PSS-SHAKE128 OBJECT IDENTIFIER ::= { TBD }
id-RSASSA-PSS-SHAKE256 OBJECT IDENTIFIER ::= { TBD } id-RSASSA-PSS-SHAKE256 OBJECT IDENTIFIER ::= { TBD }
-- When the id-RSASSA-PSS-* algorithm identifiers are used -- When the id-RSASSA-PSS-* algorithm identifiers are used
-- for a public key or a signature in CMS, the AlgorithmIdentifier -- for a public key or signature in CMS, the AlgorithmIdentifier
-- parameters field MUST be absent. The message digest algorithm -- parameters field MUST be absent. The message digest algorithm
-- used in RSASSA-PSS MUST be SHAKE128 or SHAKE256 with a 32 or -- used in RSASSA-PSS MUST be SHAKE128 or SHAKE256 with a 32 or
-- 64 byte outout length respectively. The mask generating -- 64 byte outout length respectively. The mask generating
-- function MUST be SHAKE128 or SHAKE256 with an output length -- function MUST be SHAKE128 or SHAKE256 with an output length
-- of (n - 264)/8 or (n - 520)/8 bytes respectively, where n -- of (n - 264)/8 or (n - 520)/8 bytes respectively, where n
-- is the RSA modulus in bits. The RSASSA-PSS saltLength MUST -- is the RSA modulus in bits. The RSASSA-PSS saltLength MUST
-- be 32 or 64 bytes respectively. In both cases, the RSA -- be 32 or 64 bytes respectively. In both cases, the RSA
-- public key, MUST be encoded using the RSAPublicKey type. -- public key, MUST be encoded using the RSAPublicKey type.
-- From RFC4055, for reference. -- From RFC4055, for reference.
-- RSAPublicKey ::= SEQUENCE { -- RSAPublicKey ::= SEQUENCE {
-- modulus INTEGER, -- n -- modulus INTEGER, -- -- n
-- publicExponent INTEGER } -- e -- publicExponent INTEGER } -- -- e
id-ecdsa-with-shake128 ::= { joint-iso-itu-t(2) country(16) id-ecdsa-with-shake128 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2)
us(840) organization(1) gov(101) country(16) us(840) organization(1)
csor(3) nistAlgorithm(4) gov(101) csor(3) nistAlgorithm(4)
sigAlgs(3) TBD } sigAlgs(3) TBD }
id-ecdsa-with-shake256 ::= { joint-iso-itu-t(2) country(16) id-ecdsa-with-shake256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2)
us(840) organization(1) gov(101) country(16) us(840) organization(1)
csor(3) nistAlgorithm(4) gov(101) csor(3) nistAlgorithm(4)
sigAlgs(3) TBD } sigAlgs(3) TBD }
-- When the id-ecdsa-with-shake* algorithm identifiers are -- When the id-ecdsa-with-shake* algorithm identifiers are
-- used in CMS, the AlgorithmIdentifier parameters field -- used in CMS, the AlgorithmIdentifier parameters field
-- MUST be absent and the signature algorithm should -- MUST be absent and the signature algorithm should
-- Deterministric ECDSA [RFC6979]. The message digest MUST -- Deterministric ECDSA [RFC6979]. The message digest MUST
-- be SHAKE128 or SHAKE256 with a 32 or 64 byte outout -- be SHAKE128 or SHAKE256 with a 32 or 64 byte outout
-- length respectively. In both cases, the ECDSA public key, -- length respectively. In both cases, the ECDSA public key,
-- MUST be encoded using the id-ecPublicKey type. -- MUST be encoded using the id-ecPublicKey type.
-- From RFC5480, for reference. -- From RFC5480, for reference.
-- id-ecPublicKey OBJECT IDENTIFIER ::= { -- id-ecPublicKey OBJECT IDENTIFIER ::= {
-- iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } -- iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 }
-- The id-ecPublicKey parameters must be absent or present -- The id-ecPublicKey parameters must be absent or present
-- and are defined as -- and are defined as
-- ECParameters ::= CHOICE { -- ECParameters ::= CHOICE {
-- namedCurve OBJECT IDENTIFIER -- namedCurve OBJECT IDENTIFIER
-- -- implicitCurve NULL -- -- -- implicitCurve NULL
-- -- specifiedCurve SpecifiedECDomain -- -- -- specifiedCurve SpecifiedECDomain
-- } -- }
-- --
-- Message Authentication (maca-) Algorithms -- Message Authentication (maca-) Algorithms
-- used in AuthenticatedData macAlgorithm in CMS -- used in AuthenticatedData macAlgorithm in CMS
-- --
MessageAuthAlgs MAC-ALGORITHM ::= { MessageAuthAlgs MAC-ALGORITHM ::= {
... -- This expands MessageAuthAlgs from [RFC5652] and [RFC6268]
-- This expands MessageAuthAlgs from [RFC5652] and [RFC6268] maca-KMACwithSHAKE128 |
maca-KMACwithSHAKE128 | maca-KMACwithSHAKE256,
maca-KMACwithSHAKE256 ...
} }
SMimeCaps SMIME-CAPS ::= { SMimeCaps SMIME-CAPS ::= {
-- The expands SMimeCaps from [RFC5911]
maca-KMACwithSHAKE128.&smimeCaps |
maca-KMACwithSHAKE256.&smimeCaps,
... ...
-- The expands SMimeCaps from [RFC5911]
maca-KMACwithSHAKE128 |
maca-KMACwithSHAKE256
} }
-- --
-- KMAC with SHAKE128 -- KMAC with SHAKE128
maca-KMACwithSHAKE128 MAC-ALGORITHM ::= { maca-KMACwithSHAKE128 MAC-ALGORITHM ::= {
IDENTIFIER id-KMACWithSHAKE128 IDENTIFIER id-KMACWithSHAKE128
PARAMS TYPE KMACwithSHAKE128-params ARE optional PARAMS TYPE KMACwithSHAKE128-params ARE optional
-- If KMACwithSHAKE128-params parameters are absent -- If KMACwithSHAKE128-params parameters are absent
-- the SHAKE128 output length used in KMAC is 256 bits -- the SHAKE128 output length used in KMAC is 256 bits
-- and the customization string is an empty string. -- and the customization string is an empty string.
IS-KEYED-MAC TRUE
SMIME-CAPS {IDENTIFIED BY id-KMACWithSHAKE128} SMIME-CAPS {IDENTIFIED BY id-KMACWithSHAKE128}
} }
id-KMACWithSHAKE128 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) id-KMACWithSHAKE128 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2)
country(16) us(840) organization(1) country(16) us(840) organization(1)
gov(101) csor(3) nistAlgorithm(4) gov(101) csor(3) nistAlgorithm(4)
hashAlgs(2) 19 } hashAlgs(2) 19 }
KMACwithSHAKE128-params ::= SEQUENCE { KMACwithSHAKE128-params ::= SEQUENCE {
KMACOutputLength INTEGER DEFAULT 256, -- Output length in bits kMACOutputLength INTEGER DEFAULT 256, -- Output length in bits
customizationString OCTET STRING DEFAULT ''H customizationString OCTET STRING DEFAULT ''H
} }
-- KMAC with SHAKE256 -- KMAC with SHAKE256
maca-KMACwithSHAKE256 MAC-ALGORITHM ::= { maca-KMACwithSHAKE256 MAC-ALGORITHM ::= {
IDENTIFIER id-KMACWithSHAKE256 IDENTIFIER id-KMACWithSHAKE256
PARAMS TYPE KMACwithSHAKE256-params ARE optional PARAMS TYPE KMACwithSHAKE256-params ARE optional
-- If KMACwithSHAKE256-params parameters are absent -- If KMACwithSHAKE256-params parameters are absent
-- the SHAKE256 output length used in KMAC is 512 bits -- the SHAKE256 output length used in KMAC is 512 bits
-- and the customization string is an empty string. -- and the customization string is an empty string.
IS-KEYED-MAC TRUE
SMIME-CAPS {IDENTIFIED BY id-KMACWithSHAKE256} SMIME-CAPS {IDENTIFIED BY id-KMACWithSHAKE256}
} }
id-KMACWithSHAKE256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) id-KMACWithSHAKE256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2)
country(16) us(840) organization(1) country(16) us(840) organization(1)
gov(101) csor(3) nistAlgorithm(4) gov(101) csor(3) nistAlgorithm(4)
hashAlgs(2) 20 } hashAlgs(2) 20 }
KMACwithSHAKE256-params ::= SEQUENCE { KMACwithSHAKE256-params ::= SEQUENCE {
KMACOutputLength INTEGER DEFAULT 512, -- Output length in bits kMACOutputLength INTEGER DEFAULT 512, -- Output length in bits
customizationString OCTET STRING DEFAULT ''H customizationString OCTET STRING DEFAULT ''H
} }
END END
Authors' Addresses Authors' Addresses
Quynh Dang Quynh Dang
NIST NIST
100 Bureau Drive 100 Bureau Drive
Gaithersburg, MD 20899 Gaithersburg, MD 20899
Email: quynh.Dang@nist.gov Email: quynh.Dang@nist.gov
Panos Kampanakis Panos Kampanakis
Cisco Systems Cisco Systems
 End of changes. 31 change blocks. 
42 lines changed or deleted 74 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/