| < draft-eastlake-sha2b-04.txt | draft-eastlake-sha2b-05.txt > | |||
|---|---|---|---|---|
| Network Working Group Donald Eastlake 3rd | Network Working Group Donald Eastlake 3rd | |||
| INTERNET-DRAFT Stellar Switches | INTERNET-DRAFT Huawei | |||
| Obsoletes: 4634 Tony Hansen | Obsoletes: 4634 Tony Hansen | |||
| Updates: 3174 AT&T Labs | Updates: 3174 AT&T Labs | |||
| Intended Status: Informational | Intended Status: Informational | |||
| Expires: March 21, 2011 September 22, 2010 | Expires: June 19, 2011 December 20, 2010 | |||
| US Secure Hash Algorithms | US Secure Hash Algorithms | |||
| (SHA and SHA based HMAC and HKDF) | (SHA and SHA based HMAC and HKDF) | |||
| <draft-eastlake-sha2b-04.txt> | <draft-eastlake-sha2b-05.txt> | |||
| Abstract | Abstract | |||
| This document replaces RFC 4634, fixing errata and adding code for an | ||||
| HMAC-based extract-and-expand key derivation function. | ||||
| The United States of America has adopted a suite of secure hash | The United States of America has adopted a suite of secure hash | |||
| algorithms (SHAs), including four beyond SHA-1, as part of a Federal | algorithms (SHAs), including four beyond SHA-1, as part of a Federal | |||
| Information Processing Standard (FIPS), specifically SHA-224, | Information Processing Standard (FIPS), specifically SHA-224, | |||
| SHA-256, SHA-384, and SHA-512. This document makes open source code | SHA-256, SHA-384, and SHA-512. This document makes open source code | |||
| performing the SHA hash functions conveniently available to the | performing the SHA hash functions conveniently available to the | |||
| Internet community. The sample code supports input strings of | Internet community. The sample code supports input strings of | |||
| arbitrary bit length. Much of the text herein was adapted by the | arbitrary bit length. Much of the text herein was adapted by the | |||
| authors from FIPS 180-2. | authors from FIPS 180-2. | |||
| As with RFC 4634, code to perform SHA based HMACs is included and, | This document replaces RFC 4634, fixing errata and adding code for an | |||
| new in this version, code for HKDF (RFC 5869) is included. | HMAC-based extract-and-expand key derivation function, HKDF (RFC | |||
| 5869). As with RFC 4634, code to perform SHA based HMACs is also | ||||
| included. | ||||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted to IETF in full conformance with the | This Internet-Draft is submitted to IETF in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Distribution of this document is unlimited. Comments should be sent | Distribution of this document is unlimited. Comments should be sent | |||
| to the authors. | to the authors. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| skipping to change at page 2, line 52 ¶ | skipping to change at page 2, line 52 ¶ | |||
| 8.5 The Test Driver.......................................88 | 8.5 The Test Driver.......................................88 | |||
| 9. IANA Considerations...................................119 | 9. IANA Considerations...................................119 | |||
| 10. Security Considerations..............................119 | 10. Security Considerations..............................119 | |||
| 11. Acknowledgements.....................................119 | 11. Acknowledgements.....................................119 | |||
| 12. References...........................................120 | 12. References...........................................120 | |||
| 12.1 Normative References................................120 | 12.1 Normative References................................120 | |||
| 12.2 Informative References..............................120 | 12.2 Informative References..............................120 | |||
| Appendix: Changes from RFC 4634..........................121 | Appendix: Changes from RFC 4634..........................121 | |||
| Appendix Z: RFC Editor Note, Edit History................122 | ||||
| Appendix Z: Edit History.................................122 | ||||
| Z.1 Changes from -00 to -01..............................122 | ||||
| Z.2 Changes from -01 to -02..............................122 | ||||
| Z.3 Changes from -02 to -03..............................122 | ||||
| Z.4 Changes from -03 to -04..............................122 | ||||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | |||
| 1. Overview of Contents | 1. Overview of Contents | |||
| This document obsoletes [RFC4634]; and the changes from that RFC are | ||||
| summarized in the Appendix. | ||||
| This document includes specifications for the United States of | This document includes specifications for the United States of | |||
| America (USA) Federal Information Processing Standard (FIPS) Secure | America (USA) Federal Information Processing Standard (FIPS) Secure | |||
| Hash Algorithms (SHAs), code to implement the SHAs, code to implement | Hash Algorithms (SHAs), code to implement the SHAs, code to implement | |||
| HMACs based on the SHAs, and code to implement HKDF based on HMAC. | HMACs based on the SHAs, and code to implement HKDF based on HMAC. | |||
| Specifications for HMAC and HKDF are not included as they appear | Specifications for HMAC and HKDF are not included as they appear | |||
| elsewhere in the RFC series [RFC2104] [RFC5869]. | elsewhere in the RFC series [RFC2104] [RFC5869]. | |||
| NOTE: Much of the text below is taken from [SHS] and the assertions | NOTE: Much of the text below is taken from [SHS] and the assertions | |||
| of the security of the hash algorithms described therein are made by | of the security of the hash algorithms described therein are made by | |||
| the US Government, the author of [SHS], not by the authors of this | the US Government, the author of [SHS], not by the authors of this | |||
| skipping to change at page 3, line 50 ¶ | skipping to change at page 3, line 47 ¶ | |||
| message in transit will, with very high probability, result in a | message in transit will, with very high probability, result in a | |||
| different message digest. This will result in a verification failure | different message digest. This will result in a verification failure | |||
| when the secure hash algorithm is used with a digital signature | when the secure hash algorithm is used with a digital signature | |||
| algorithm or a keyed-hash message authentication algorithm. | algorithm or a keyed-hash message authentication algorithm. | |||
| The code provided herein supports input strings of arbitrary bit | The code provided herein supports input strings of arbitrary bit | |||
| length. SHA-1's sample code from [RFC3174] has also been updated to | length. SHA-1's sample code from [RFC3174] has also been updated to | |||
| handle input strings of arbitrary bit length. Permission is granted | handle input strings of arbitrary bit length. Permission is granted | |||
| for all uses, commercial and non-commercial, of this code. | for all uses, commercial and non-commercial, of this code. | |||
| This document obsoletes [RFC4634]; and the changes from that RFC are | ||||
| summarized in the Appendix. | ||||
| ASN.1 OIDs (Object Identifiers) for the SHA algorithms, taken from | ASN.1 OIDs (Object Identifiers) for the SHA algorithms, taken from | |||
| [RFC4055], are as follows: | [RFC4055], are as follows: | |||
| id-sha1 OBJECT IDENTIFIER ::= { iso(1) | id-sha1 OBJECT IDENTIFIER ::= { iso(1) | |||
| identified-organization(3) oiw(14) | identified-organization(3) oiw(14) | |||
| secsig(3) algorithms(2) 26 } | secsig(3) algorithms(2) 26 } | |||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | |||
| id-sha224 OBJECT IDENTIFIER ::= {{ joint-iso-itu-t(2) | id-sha224 OBJECT IDENTIFIER ::= {{ joint-iso-itu-t(2) | |||
| skipping to change at page 19, line 15 ¶ | skipping to change at page 19, line 15 ¶ | |||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | |||
| In addition, functions with the prefix USHA are provided that take a | In addition, functions with the prefix USHA are provided that take a | |||
| SHAversion value (SHA$$$) to select the SHA function suite. They add | SHAversion value (SHA$$$) to select the SHA function suite. They add | |||
| the following constants, structure and function: | the following constants, structure and function: | |||
| Constants: | Constants: | |||
| shaBadParam(4) constant returned by USHA functions when | shaBadParam(4) constant returned by USHA functions when | |||
| presented with a bad SHAversion (SHA$$$) | presented with a bad SHAversion (SHA$$$) | |||
| parameter or other illegal parameter values | parameter or other illegal parameter values | |||
| USAMaxHashSize maximumof the SHA has sizes | USAMaxHashSize maximum of the SHA hash sizes | |||
| SHA$$$ SHAversion enumeration values, used by usha, | SHA$$$ SHAversion enumeration values, used by usha, | |||
| hmac and hkdf functions to select the SHA | hmac and hkdf functions to select the SHA | |||
| function suite | function suite | |||
| Structure: | Structure: | |||
| typedef USHAContext | typedef USHAContext | |||
| an opaque structure holding the complete state | an opaque structure holding the complete state | |||
| for producing the hash | for producing the hash | |||
| Functions: | Functions: | |||
| skipping to change at page 120, line 9 ¶ | skipping to change at page 120, line 9 ¶ | |||
| 11. Acknowledgements | 11. Acknowledgements | |||
| Thanks for the corrections to [RFC4634] that were provided by Alfred | Thanks for the corrections to [RFC4634] that were provided by Alfred | |||
| Hoenes and Jan Andres and to Alfred's comments on the drafts hereof. | Hoenes and Jan Andres and to Alfred's comments on the drafts hereof. | |||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | |||
| 12. References | 12. References | |||
| RFC Editor Note: All occurances of "RFC NNNN" should be edited to | Normative and Informative References appear below. | |||
| replace "NNNN" with this documents RFC number and this note should be | ||||
| deleted. | ||||
| 12.1 Normative References | 12.1 Normative References | |||
| [RFC2104] - Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- | [RFC2104] - Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- | |||
| Hashing for Message Authentication", RFC 2104, February 1997. | Hashing for Message Authentication", RFC 2104, February 1997. | |||
| [RFC5869] - Krawczyk, H. and P. Eronen, "HMAC-based Extract-and- | [RFC5869] - Krawczyk, H. and P. Eronen, "HMAC-based Extract-and- | |||
| Expand Key Derivation Function (HKDF)", RFC 5869, May 2010. | Expand Key Derivation Function (HKDF)", RFC 5869, May 2010. | |||
| [SHS] - "Secure Hash Standard", United States of American, National | [SHS] - "Secure Hash Standard", United States of American, National | |||
| skipping to change at page 122, line 7 ¶ | skipping to change at page 122, line 7 ¶ | |||
| 3. Update boilerplate, remove special license in [RFC4634] as new | 3. Update boilerplate, remove special license in [RFC4634] as new | |||
| boilerplate mandates simplified BSD license. | boilerplate mandates simplified BSD license. | |||
| 4. Replace MIT version of getopt with new code to satisfy IETF | 4. Replace MIT version of getopt with new code to satisfy IETF | |||
| incoming and outgoing license restrictions. | incoming and outgoing license restrictions. | |||
| 5. Other assorted editorial improvements. | 5. Other assorted editorial improvements. | |||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | |||
| Appendix Z: Edit History | Appendix Z: RFC Editor Note, Edit History | |||
| RFC Editor, Please delete this Appendix Z on publication. | RFC Editor Note: All occurrences of "RFC NNNN" should be edited to | |||
| replace "NNNN" with this documents RFC number. | ||||
| RFC Editor: Please delete this Appendix Z on publication. | ||||
| Z.1 Changes from -00 to -01 | Z.1 Changes from -00 to -01 | |||
| Add hash function OIDs and informational reference to [RFC4055]. A | Add hash function OIDs and informational reference to [RFC4055]. A | |||
| few Editorial changes and typo fixes. | few Editorial changes and typo fixes. | |||
| Z.2 Changes from -01 to -02 | Z.2 Changes from -01 to -02 | |||
| In shatest.c, replace MIT getopt (xgetopt) code with new code to | In shatest.c, replace MIT getopt (xgetopt) code with new code to | |||
| avoid possible conflict between MIT license and IETF required BSD | avoid possible conflict between MIT license and IETF required BSD | |||
| skipping to change at page 123, line 5 ¶ | skipping to change at page 122, line 37 ¶ | |||
| Problem with MIT getopt is given incompletely in -01 to -02 changes. | Problem with MIT getopt is given incompletely in -01 to -02 changes. | |||
| Actual problem includes conflict with IETF incoming license | Actual problem includes conflict with IETF incoming license | |||
| restriction. Also, add this change to Appendix giving changes from | restriction. Also, add this change to Appendix giving changes from | |||
| RFC 4634. Update to incorporate RFC number for the HKDF RFC. | RFC 4634. Update to incorporate RFC number for the HKDF RFC. | |||
| Numerous editorial changes. | Numerous editorial changes. | |||
| Z.4 Changes from -03 to -04 | Z.4 Changes from -03 to -04 | |||
| Fix typos and nits. | Fix typos and nits. | |||
| Z.5 Changes from -04 to -05 | ||||
| Resolve AD Review comments: Re-order some Abstract and Introduction | ||||
| material. Make the RFC Editor notes more prominent. | ||||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | |||
| Author's Address | Author's Address | |||
| Donald E. Eastlake, 3rd | Donald E. Eastlake, 3rd | |||
| Stellar Switches | Huawei | |||
| 155 Beaver Street | 155 Beaver Street | |||
| Milford, MA 01757 USA | Milford, MA 01757 USA | |||
| Telephone: +1-508-333-2270 | Telephone: +1-508-333-2270 | |||
| EMail: d3e3e3@gmail.com | EMail: d3e3e3@gmail.com | |||
| Tony Hansen | Tony Hansen | |||
| AT&T Laboratories | AT&T Laboratories | |||
| 200 Laurel Ave. | 200 Laurel Ave. | |||
| Middletown, NJ 07748 USA | Middletown, NJ 07748 USA | |||
| End of changes. 14 change blocks. | ||||
| 24 lines changed or deleted | 24 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||