draft-ietf-lamps-cms-shakes-17.txt   draft-ietf-lamps-cms-shakes-18.txt 
LAMPS WG P. Kampanakis LAMPS WG P. Kampanakis
Internet-Draft Cisco Systems Internet-Draft Cisco Systems
Updates: 3370 (if approved) Q. Dang Updates: 3370 (if approved) Q. Dang
Intended status: Standards Track NIST Intended status: Standards Track NIST
Expires: February 9, 2020 August 8, 2019 Expires: March 19, 2020 September 16, 2019
Use of the SHAKE One-way Hash Functions in the Cryptographic Message Use of the SHAKE One-way Hash Functions in the Cryptographic Message
Syntax (CMS) Syntax (CMS)
draft-ietf-lamps-cms-shakes-17 draft-ietf-lamps-cms-shakes-18
Abstract Abstract
This document updates the "Cryptographic Message Syntax Algorithms" This document updates the "Cryptographic Message Syntax Algorithms"
(RFC3370) and describes the conventions for using the SHAKE family of (RFC3370) and describes the conventions for using the SHAKE family of
hash functions in the Cryptographic Message Syntax as one-way hash hash functions in the Cryptographic Message Syntax as one-way hash
functions with the RSA Probabilistic signature and ECDSA signature functions with the RSA Probabilistic signature and ECDSA signature
algorithms. The conventions for the associated signer public keys in algorithms. The conventions for the associated signer public keys in
CMS are also described. CMS are also described.
skipping to change at page 1, line 37 skipping to change at page 1, line 37
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on February 9, 2020. This Internet-Draft will expire on March 19, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 5 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 5 2.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 6
3. Identifiers . . . . . . . . . . . . . . . . . . . . . . . . . 6 3. Identifiers . . . . . . . . . . . . . . . . . . . . . . . . . 6
4. Use in CMS . . . . . . . . . . . . . . . . . . . . . . . . . 7 4. Use in CMS . . . . . . . . . . . . . . . . . . . . . . . . . 7
4.1. Message Digests . . . . . . . . . . . . . . . . . . . . . 7 4.1. Message Digests . . . . . . . . . . . . . . . . . . . . . 7
4.2. Signatures . . . . . . . . . . . . . . . . . . . . . . . 8 4.2. Signatures . . . . . . . . . . . . . . . . . . . . . . . 8
4.2.1. RSASSA-PSS Signatures . . . . . . . . . . . . . . . . 8 4.2.1. RSASSA-PSS Signatures . . . . . . . . . . . . . . . . 8
4.2.2. ECDSA Signatures . . . . . . . . . . . . . . . . . . 9 4.2.2. ECDSA Signatures . . . . . . . . . . . . . . . . . . 9
4.3. Public Keys . . . . . . . . . . . . . . . . . . . . . . . 9 4.3. Public Keys . . . . . . . . . . . . . . . . . . . . . . . 9
4.4. Message Authentication Codes . . . . . . . . . . . . . . 10 4.4. Message Authentication Codes . . . . . . . . . . . . . . 10
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10
6. Security Considerations . . . . . . . . . . . . . . . . . . . 11 6. Security Considerations . . . . . . . . . . . . . . . . . . . 11
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 11 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 11
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 11
8.1. Normative References . . . . . . . . . . . . . . . . . . 12 8.1. Normative References . . . . . . . . . . . . . . . . . . 11
8.2. Informative References . . . . . . . . . . . . . . . . . 13 8.2. Informative References . . . . . . . . . . . . . . . . . 12
Appendix A. ASN.1 Module . . . . . . . . . . . . . . . . . . . . 14 Appendix A. ASN.1 Module . . . . . . . . . . . . . . . . . . . . 14
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18
1. Change Log 1. Change Log
[ EDNOTE: Remove this section before publication. ] [ EDNOTE: Remove this section before publication. ]
o draft-ietf-lamps-cms-shake-18:
* Minor ASN.1 changes.
o draft-ietf-lamps-cms-shake-17: o draft-ietf-lamps-cms-shake-17:
* Minor updates for EDNOTE accuracy. * Minor updates for EDNOTE accuracy.
o draft-ietf-lamps-cms-shake-16: o draft-ietf-lamps-cms-shake-16:
* Minor nits. * Minor nits.
* Using bytes instead of bits for consistency. * Using bytes instead of bits for consistency.
skipping to change at page 6, line 28 skipping to change at page 6, line 36
id-shake256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) id-shake256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2)
country(16) us(840) organization(1) gov(101) csor(3) country(16) us(840) organization(1) gov(101) csor(3)
nistAlgorithm(4) 2 12 } nistAlgorithm(4) 2 12 }
In this specification, when using the id-shake128 or id-shake256 In this specification, when using the id-shake128 or id-shake256
algorithm identifiers, the parameters MUST be absent. That is, the algorithm identifiers, the parameters MUST be absent. That is, the
identifier SHALL be a SEQUENCE of one component, the OID. identifier SHALL be a SEQUENCE of one component, the OID.
[I-D.ietf-lamps-pkix-shake] [ EDNOTE: Update reference with the RFC [I-D.ietf-lamps-pkix-shake] [ EDNOTE: Update reference with the RFC
when it is published. ] defines two identifiers for RSASSA-PSS when it is published. ] defines two identifiers for RSASSA-PSS
signatures using SHAKEs which we include here for convenience. [ signatures using SHAKEs which we include here for convenience.
EDNOTE: Update the TBD1-2 reference when the RFC (ietf-lamps-pkix-
shake) is published. ]
id-RSASSA-PSS-SHAKE128 OBJECT IDENTIFIER ::= { iso(1) id-RSASSA-PSS-SHAKE128 OBJECT IDENTIFIER ::= { iso(1)
identified-organization(3) dod(6) internet(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) algorithms(6) security(5) mechanisms(5) pkix(7) algorithms(6) 30 }
TBD1 }
id-RSASSA-PSS-SHAKE256 OBJECT IDENTIFIER ::= { iso(1) id-RSASSA-PSS-SHAKE256 OBJECT IDENTIFIER ::= { iso(1)
identified-organization(3) dod(6) internet(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) algorithms(6) security(5) mechanisms(5) pkix(7) algorithms(6) 31 }
TBD2 }
The same RSASSA-PSS algorithm identifiers can be used for identifying The same RSASSA-PSS algorithm identifiers can be used for identifying
public keys and signatures. public keys and signatures.
[I-D.ietf-lamps-pkix-shake] [ EDNOTE: Update reference with the RFC [I-D.ietf-lamps-pkix-shake] [ EDNOTE: Update reference with the RFC
when it is published. ] also defines two algorithm identifiers of when it is published. ] also defines two algorithm identifiers of
ECDSA signatures using SHAKEs which we include here for convenience. ECDSA signatures using SHAKEs which we include here for convenience.
[ EDNOTE: Update the TBD3-4 reference when the RFC (ietf-lamps-pkix-
shake) is published. ]
id-ecdsa-with-shake128 OBJECT IDENTIFIER ::= { iso(1) id-ecdsa-with-shake128 OBJECT IDENTIFIER ::= { iso(1)
identified-organization(3) dod(6) internet(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) algorithms(6) security(5) mechanisms(5) pkix(7) algorithms(6) 32 }
TBD3 }
id-ecdsa-with-shake256 OBJECT IDENTIFIER ::= { iso(1) id-ecdsa-with-shake256 OBJECT IDENTIFIER ::= { iso(1)
identified-organization(3) dod(6) internet(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) algorithms(6) security(5) mechanisms(5) pkix(7) algorithms(6) 33 }
TBD4 }
The parameters for the four RSASSA-PSS and ECDSA identifiers MUST be The parameters for the four RSASSA-PSS and ECDSA identifiers MUST be
absent. That is, each identifier SHALL be a SEQUENCE of one absent. That is, each identifier SHALL be a SEQUENCE of one
component, the OID. component, the OID.
Two object identifiers for KMACs using SHAKE128 and SHAKE256 as Two object identifiers for KMACs using SHAKE128 and SHAKE256 as
defined in by the National Institute of Standards and Technology defined in by the National Institute of Standards and Technology
(NIST) in [shake-nist-oids] and we include them here for convenience. (NIST) in [shake-nist-oids] and we include them here for convenience.
id-KmacWithSHAKE128 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) id-KmacWithSHAKE128 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2)
skipping to change at page 11, line 8 skipping to change at page 10, line 50
5. IANA Considerations 5. IANA Considerations
One object identifier for the ASN.1 module in Appendix A was One object identifier for the ASN.1 module in Appendix A was
requested for the SMI Security for S/MIME Module Identifiers requested for the SMI Security for S/MIME Module Identifiers
(1.2.840.113549.1.9.16.0) registry: (1.2.840.113549.1.9.16.0) registry:
+---------+----------------------+--------------------+ +---------+----------------------+--------------------+
| Decimal | Description | References | | Decimal | Description | References |
+---------+----------------------+--------------------+ +---------+----------------------+--------------------+
| TBD | CMSAlgsForSHAKE-2019 | [EDNOTE: THIS RFC] | | 70 | CMSAlgsForSHAKE-2019 | [EDNOTE: THIS RFC] |
+---------+----------------------+--------------------+ +---------+----------------------+--------------------+
6. Security Considerations 6. Security Considerations
This document updates [RFC3370]. The security considerations section This document updates [RFC3370]. The security considerations section
of that document applies to this specification as well. of that document applies to this specification as well.
NIST has defined appropriate use of the hash functions in terms of NIST has defined appropriate use of the hash functions in terms of
the algorithm strengths and expected time frames for secure use in the algorithm strengths and expected time frames for secure use in
Special Publications (SPs) [SP800-78-4] and [SP800-107]. These Special Publications (SPs) [SP800-78-4] and [SP800-107]. These
skipping to change at page 14, line 41 skipping to change at page 14, line 31
Services Industry: The Elliptic Curve Digital Signature Services Industry: The Elliptic Curve Digital Signature
Standard (ECDSA)", November 2005. Standard (ECDSA)", November 2005.
Appendix A. ASN.1 Module Appendix A. ASN.1 Module
This appendix includes the ASN.1 modules for SHAKEs in CMS. This This appendix includes the ASN.1 modules for SHAKEs in CMS. This
module includes some ASN.1 from other standards for reference. module includes some ASN.1 from other standards for reference.
CMSAlgsForSHAKE-2019 { iso(1) member-body(2) us(840) CMSAlgsForSHAKE-2019 { iso(1) member-body(2) us(840)
rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0)
id-mod-cms-shakes-2019(TBD) } id-mod-cms-shakes-2019(70) }
DEFINITIONS EXPLICIT TAGS ::= DEFINITIONS EXPLICIT TAGS ::=
BEGIN BEGIN
-- EXPORTS ALL; -- EXPORTS ALL;
IMPORTS IMPORTS
DIGEST-ALGORITHM, MAC-ALGORITHM, SMIME-CAPS DIGEST-ALGORITHM, MAC-ALGORITHM, SMIME-CAPS
FROM AlgorithmInformation-2009 FROM AlgorithmInformation-2009
{ iso(1) identified-organization(3) dod(6) internet(1) security(5) { iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) id-mod(0) mechanisms(5) pkix(7) id-mod(0)
id-mod-algorithmInformation-02(58) } id-mod-algorithmInformation-02(58) }
RSAPublicKey, rsaEncryption, id-ecPublicKey RSAPublicKey, rsaEncryption, id-ecPublicKey
FROM PKIXAlgs-2009 { iso(1) identified-organization(3) dod(6) FROM PKIXAlgs-2009 { iso(1) identified-organization(3) dod(6)
internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-pkix1-algorithms2008-02(56) } ; id-mod-pkix1-algorithms2008-02(56) }
sa-rsassapssWithSHAKE128, sa-rsassapssWithSHAKE256,
sa-ecdsaWithSHAKE128, sa-ecdsaWithSHAKE256
FROM PKIXAlgsForSHAKE-2019 {
iso(1) identified-organization(3) dod(6)
internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-pkix1-shakes-2019(94) } ;
--
-- Message Digest Algorithms (mda-) -- Message Digest Algorithms (mda-)
-- used in SignedData, SignerInfo, DigestedData, -- used in SignedData, SignerInfo, DigestedData,
-- and the AuthenticatedData digestAlgorithm -- and the AuthenticatedData digestAlgorithm
-- fields in CMS -- fields in CMS
-- --
MessageDigestAlgs DIGEST-ALGORITHM ::= { -- This expands MessageAuthAlgs from [RFC5652] and
-- This expands MessageAuthAlgs from [RFC5652] -- MessageDigestAlgs in [RFC5753]
-- and MessageDigestAlgs in [RFC5753] --
mda-shake128 | -- MessageDigestAlgs DIGEST-ALGORITHM ::= {
mda-shake256, -- mda-shake128 |
... -- mda-shake256,
} -- ...
-- }
-- --
-- One-Way Hash Functions -- One-Way Hash Functions
-- SHAKE128 -- SHAKE128
mda-shake128 DIGEST-ALGORITHM ::= { mda-shake128 DIGEST-ALGORITHM ::= {
IDENTIFIER id-shake128 -- with output length 32 bytes. IDENTIFIER id-shake128 -- with output length 32 bytes.
} }
id-shake128 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) id-shake128 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16)
us(840) organization(1) gov(101) us(840) organization(1) gov(101)
csor(3) nistAlgorithm(4) csor(3) nistAlgorithm(4)
skipping to change at page 16, line 7 skipping to change at page 16, line 4
hashAlgs(2) 12 } hashAlgs(2) 12 }
-- --
-- Public key algorithm identifiers located in the -- Public key algorithm identifiers located in the
-- OriginatorPublicKey's algorithm attribute in CMS. -- OriginatorPublicKey's algorithm attribute in CMS.
-- And Signature identifiers used in SignerInfo -- And Signature identifiers used in SignerInfo
-- signatureAlgorithm field of SignedData content -- signatureAlgorithm field of SignedData content
-- type and countersignature attribute in CMS. -- type and countersignature attribute in CMS.
-- --
-- From RFC5280, for reference. -- From RFC5280, for reference.
-- rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } -- rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 }
-- When the rsaEncryption algorithm identifier is used -- When the rsaEncryption algorithm identifier is used
-- for a public key, the AlgorithmIdentifier parameters -- for a public key, the AlgorithmIdentifier parameters
-- field MUST contain NULL. -- field MUST contain NULL.
-- --
id-RSASSA-PSS-SHAKE128 OBJECT IDENTIFIER ::= { iso(1) id-RSASSA-PSS-SHAKE128 OBJECT IDENTIFIER ::= { iso(1)
identified-organization(3) dod(6) internet(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) algorithms(6) security(5) mechanisms(5) pkix(7) algorithms(6) 30 }
TBD1 }
id-RSASSA-PSS-SHAKE256 OBJECT IDENTIFIER ::= { iso(1) id-RSASSA-PSS-SHAKE256 OBJECT IDENTIFIER ::= { iso(1)
identified-organization(3) dod(6) internet(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) algorithms(6) security(5) mechanisms(5) pkix(7) algorithms(6) 31 }
TBD2 }
-- When the id-RSASSA-PSS-* algorithm identifiers are used -- When the id-RSASSA-PSS-* algorithm identifiers are used
-- for a public key or signature in CMS, the AlgorithmIdentifier -- for a public key or signature in CMS, the AlgorithmIdentifier
-- parameters field MUST be absent. The message digest algorithm -- parameters field MUST be absent. The message digest algorithm
-- used in RSASSA-PSS MUST be SHAKE128 or SHAKE256 with a 32 or -- used in RSASSA-PSS MUST be SHAKE128 or SHAKE256 with a 32 or
-- 64 byte outout length, respectively. The mask generation -- 64 byte outout length, respectively. The mask generation
-- function MUST be SHAKE128 or SHAKE256 with an output length -- function MUST be SHAKE128 or SHAKE256 with an output length
-- of (8*ceil((n-1)/8) - 264) or (8*ceil((n-1)/8) - 520) bits, -- of (8*ceil((n-1)/8) - 264) or (8*ceil((n-1)/8) - 520) bits,
-- respectively, where n is the RSA modulus in bits. -- respectively, where n is the RSA modulus in bits.
-- The RSASSA-PSS saltLength MUST be 32 or 64 bytes, respectively. -- The RSASSA-PSS saltLength MUST be 32 or 64 bytes, respectively.
-- The trailerField MUST be 1, which represents the trailer -- The trailerField MUST be 1, which represents the trailer
skipping to change at page 16, line 42 skipping to change at page 16, line 40
-- AlgorithmIdentifier of the OriginatorPublicKey, the RSA -- AlgorithmIdentifier of the OriginatorPublicKey, the RSA
-- public key MUST be encoded using the RSAPublicKey type. -- public key MUST be encoded using the RSAPublicKey type.
-- From RFC4055, for reference. -- From RFC4055, for reference.
-- RSAPublicKey ::= SEQUENCE { -- RSAPublicKey ::= SEQUENCE {
-- modulus INTEGER, -- -- n -- modulus INTEGER, -- -- n
-- publicExponent INTEGER } -- -- e -- publicExponent INTEGER } -- -- e
id-ecdsa-with-shake128 OBJECT IDENTIFIER ::= { iso(1) id-ecdsa-with-shake128 OBJECT IDENTIFIER ::= { iso(1)
identified-organization(3) dod(6) internet(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) algorithms(6) security(5) mechanisms(5) pkix(7) algorithms(6) 32 }
TBD3 }
id-ecdsa-with-shake256 OBJECT IDENTIFIER ::= { iso(1) id-ecdsa-with-shake256 OBJECT IDENTIFIER ::= { iso(1)
identified-organization(3) dod(6) internet(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) algorithms(6) security(5) mechanisms(5) pkix(7) algorithms(6) 33 }
TBD4 }
-- When the id-ecdsa-with-shake* algorithm identifiers are -- When the id-ecdsa-with-shake* algorithm identifiers are
-- used in CMS, the AlgorithmIdentifier parameters field -- used in CMS, the AlgorithmIdentifier parameters field
-- MUST be absent and the signature algorithm should be -- MUST be absent and the signature algorithm should be
-- deterministic ECDSA [RFC6979]. The message digest MUST -- deterministic ECDSA [RFC6979]. The message digest MUST
-- be SHAKE128 or SHAKE256 with a 32 or 64 byte outout -- be SHAKE128 or SHAKE256 with a 32 or 64 byte outout
-- length, respectively. In both cases, the ECDSA public key, -- length, respectively. In both cases, the ECDSA public key,
-- MUST be encoded using the id-ecPublicKey type. -- MUST be encoded using the id-ecPublicKey type.
-- From RFC5480, for reference. -- From RFC5480, for reference.
-- id-ecPublicKey OBJECT IDENTIFIER ::= { -- id-ecPublicKey OBJECT IDENTIFIER ::= {
-- iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } -- iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 }
-- The id-ecPublicKey parameters must be absent or present -- The id-ecPublicKey parameters must be absent or present
-- and are defined as -- and are defined as
-- ECParameters ::= CHOICE { -- ECParameters ::= CHOICE {
-- namedCurve OBJECT IDENTIFIER -- namedCurve OBJECT IDENTIFIER
-- -- -- implicitCurve NULL -- -- -- implicitCurve NULL
-- -- -- specifiedCurve SpecifiedECDomain -- -- -- specifiedCurve SpecifiedECDomain
-- } -- }
-- This expands SignatureAlgorithms from [RFC5912]
--
-- SignatureAlgs SIGNATURE-ALGORITHM ::= {
-- sa-rsassapssWithSHAKE128 |
-- sa-rsassapssWithSHAKE256 |
-- sa-ecdsaWithSHAKE128 |
-- sa-ecdsaWithSHAKE256,
-- ...
-- }
-- This expands MessageAuthAlgs from [RFC5652] and [RFC6268]
-- --
-- Message Authentication (maca-) Algorithms -- Message Authentication (maca-) Algorithms
-- used in AuthenticatedData macAlgorithm in CMS -- used in AuthenticatedData macAlgorithm in CMS
-- --
MessageAuthAlgs MAC-ALGORITHM ::= { MessageAuthAlgs MAC-ALGORITHM ::= {
-- This expands MessageAuthAlgs from [RFC5652] and [RFC6268]
maca-KMACwithSHAKE128 | maca-KMACwithSHAKE128 |
maca-KMACwithSHAKE256, maca-KMACwithSHAKE256,
... ...
} }
-- This expands SMimeCaps from [RFC5911]
--
SMimeCaps SMIME-CAPS ::= { SMimeCaps SMIME-CAPS ::= {
-- The expands SMimeCaps from [RFC5911] -- sa-rsassapssWithSHAKE128.&smimeCaps |
-- sa-rsassapssWithSHAKE256.&smimeCaps |
-- sa-ecdsaWithSHAKE128.&smimeCaps |
-- sa-ecdsaWithSHAKE256.&smimeCaps,
maca-KMACwithSHAKE128.&smimeCaps | maca-KMACwithSHAKE128.&smimeCaps |
maca-KMACwithSHAKE256.&smimeCaps, maca-KMACwithSHAKE256.&smimeCaps,
... ...
} }
-- --
-- KMAC with SHAKE128 -- KMAC with SHAKE128
maca-KMACwithSHAKE128 MAC-ALGORITHM ::= { maca-KMACwithSHAKE128 MAC-ALGORITHM ::= {
IDENTIFIER id-KMACWithSHAKE128 IDENTIFIER id-KMACWithSHAKE128
PARAMS TYPE KMACwithSHAKE128-params ARE optional PARAMS TYPE KMACwithSHAKE128-params ARE optional
 End of changes. 26 change blocks. 
41 lines changed or deleted 61 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/