TBD A. Vassilev, Ed. Internet-Draft NIST Intended status: Informational February 21, 2019 Expires: August 25, 2019 ACVP IANA Registry draft-vassilev-acvp-iana-00 Abstract This document defines a set of IANA registries for supported cryptographic algorithm test specifications in the Automated Cryptographic Validation Protocol (ACVP) [acvp]. This document also shows how to extend the capabilities of ACVP with testing for new cryptographic algorithms. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on August 25, 2019. Copyright Notice Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Vassilev Expires August 25, 2019 [Page 1] Internet-Draft ACVP-IANA February 2019 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. IANA namespaces . . . . . . . . . . . . . . . . . . . . . . . 2 3. Algorithm registry . . . . . . . . . . . . . . . . . . . . . 3 4. Requirements Language . . . . . . . . . . . . . . . . . . . . 4 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 4 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 6.1. ACVP URN Sub-namespace . . . . . . . . . . . . . . . . . 5 6.2. ACVP URN Parameters . . . . . . . . . . . . . . . . . . . 5 7. Security Considerations . . . . . . . . . . . . . . . . . . . 5 8. Normative References . . . . . . . . . . . . . . . . . . . . 6 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6 1. Introduction The Automated Cryptographic Validation Protocol (ACVP) [acvp] defines a mechanism to automatically validate the cryptographic algorithm implementations of software or hardware cryptographic modules. The ACVP specification defines how a cryptographic module communicates with a validation authority server, including cryptographic capabilities negotiation, session management, authentication, test vector processing and more. The ACVP specification does not define algorithm-specific JSON constructs for performing the cryptographic validation. A series of ACVP-related sub-specifications define the constructs for testing individual cryptographic algorithms, see for example [sub-symmetric]. Each such sub-specification addresses a specific algorithm or a class of cryptographic algorithms. This document defines the IANA registry for the supported algorithm test specifications that work with ACVP. The registry defined here provides the binding between the protocol and the supported algorithm test extensions. 2. IANA namespaces There are three namespaces envisioned for extensions to the ACVP: o ACVP - the approved algorithms for testing with one or more validation authorities o EXPERIMENTAL - candidate algorithms for approval. o LOCAL - locally supported algorithms, not guaranteed for interoperability. Algorithms in this namespace cannot be registered with IANA. TBD Vassilev Expires August 25, 2019 [Page 2] Internet-Draft ACVP-IANA February 2019 3. Algorithm registry Each entry in the algorithm registry must record the following fields: o Name: a URN segment that conforms to the pattern {namespace}-{algorithm}. The keywords are defined as follows: * {namespace}: one of the options from Section 2. * {algorithm}: a required US-ASCII string that conforms to the URN syntax requirements (see [RFC8141]). This string must be unique within the corresponding namespace. o Revision: the revision identifier for the test specification of a particular algorithm. A required US-ASCII string that conforms to the URN syntax requirements (see [RFC8141]). o Reference: A static link to the specification and section where the definition of the parameter can be found. Vassilev Expires August 25, 2019 [Page 3] Internet-Draft ACVP-IANA February 2019 +-------------------+----------+-----------------+ | Name | Revision | Reference | +-------------------+----------+-----------------+ | "ACVP-AES-ECB" | "1.0" | [sub-symmetric] | | "ACVP-AES-CBC" | "1.0" | [sub-symmetric] | | "ACVP-AES-OFB" | "1.0" | [sub-symmetric] | | "ACVP-AES-CFB1" | "1.0" | [sub-symmetric] | | "ACVP-AES-CFB8" | "1.0" | [sub-symmetric] | | "ACVP-AES-CFB128" | "1.0" | [sub-symmetric] | | "ACVP-AES-CTR" | "1.0" | [sub-symmetric] | | "ACVP-AES-GCM" | "1.0" | [sub-symmetric] | | "ACVP-AES-CCM" | "1.0" | [sub-symmetric] | | "ACVP-AES-XPN" | "1.0" | [sub-symmetric] | | "ACVP-AES-CMAC" | "1.0" | [sub-symmetric] | | "ACVP-AES-GMAC" | "1.0" | [sub-symmetric] | | "ACVP-AES-KW" | "1.0" | [sub-symmetric] | | "ACVP-AES-KWP" | "1.0" | [sub-symmetric] | | "ACVP-AES-XTS" | "1.0" | [sub-symmetric] | | "ACVP-TDES-ECB" | "1.0" | [sub-symmetric] | | "ACVP-TDES-CBC" | "1.0" | [sub-symmetric] | | "ACVP-TDES-OFB" | "1.0" | [sub-symmetric] | | "ACVP-TDES-CFB1" | "1.0" | [sub-symmetric] | | "ACVP-TDES-CFB8" | "1.0" | [sub-symmetric] | | "ACVP-TDES-CFB64" | "1.0" | [sub-symmetric] | | "ACVP-TDES-CTR" | "1.0" | [sub-symmetric] | | "ACVP-TDES-KW" | "1.0" | [sub-symmetric] | +-------------------+----------+-----------------+ Table 1: Algorithm registry 4. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted in RFC 2119 [RFC2119]. 5. Acknowledgements Many thanks to David Waltermire for his helpful comments to get us started on the right path. 6. IANA Considerations This memo includes several requests to IANA. Vassilev Expires August 25, 2019 [Page 4] Internet-Draft ACVP-IANA February 2019 6.1. ACVP URN Sub-namespace IANA should add an entry to the "IETF URN Sub-namespace for Registered Protocol Parameter Identifiers" registry located at https://www.iana.org/assignments/params/ as per [RFC3553]. The entry should be as follows: Registered Parameter Identifier: ACVP Specification: this document Repository: ACVP URN Parameters (see Section 6.2) 6.2. ACVP URN Parameters A new top-level registry should be created, titled "Automated Cryptographic Validation Protocol (ACVP) URN Parameters". Registration in the "ACVP URN Parameters" registry is via the Specification Required policy [RFC8126]. Registration requests must be sent to both the ACVP Working Group mailing list (acvp@ietf.org) and IANA. IANA will forward registration requests to the Designated Expert. Each entry in this subregistry must record the following fields: Name: A required US-ASCII string that conforms to the URN syntax requirements (see [RFC8141]). This string MUST be constructed according to the specification in Section 3. Note: entries from the namespace "LOCAL" SHALL be forbidden from this table. Revision: A required US-ASCII string that conforms to the URN syntax requirements (see [RFC8141]). The combination {Name}-{Revision} for each entry MUST be unique for the entire subregistry. Reference: A static link to the specification and section where the definition of the parameter can be found. This repository SHALL have as initial values the entries in Table 1. 7. Security Considerations Security considerations are addressed by the ACVP specification. Vassilev Expires August 25, 2019 [Page 5] Internet-Draft ACVP-IANA February 2019 8. Normative References [acvp] Fussell, B., Vassilev, A., and H. Booth, "Automatic Cryptographic Validation Protocol", 2018, . [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC3553] Mealling, M., Masinter, L., Hardie, T., and G. Klyne, "An IETF URN Sub-namespace for Registered Protocol Parameters", BCP 73, RFC 3553, DOI 10.17487/RFC3553, June 2003, . [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 8126, DOI 10.17487/RFC8126, June 2017, . [RFC8141] Saint-Andre, P. and J. Klensin, "Uniform Resource Names (URNs)", RFC 8141, DOI 10.17487/RFC8141, April 2017, . [sub-symmetric] Celi, C., "ACVP Symmetric Algorithm JSON Specification", 2018, . Author's Address Apostol Vassilev (editor) NIST 100 Bureau Dr. Gaithersburg, MD 20899 USA Email: apostol.vassilev@nist.gov Vassilev Expires August 25, 2019 [Page 6]