Diff: draft-ietf-curdle-cms-ecdh-new-curves-08.txt - draft-ietf-curdle-cms-ecdh-new-curves-09.txt

	< draft-ietf-curdle-cms-ecdh-new-curves-08.txt	draft-ietf-curdle-cms-ecdh-new-curves-09.txt >

	Internet-Draft R. Housley	Internet-Draft R. Housley
	Intended status: Standards Track Vigil Security	Intended status: Standards Track Vigil Security

	Expires: 2 December 2017 2 June 2017	Expires: 4 December 2017 4 June 2017

	Use of the Elliptic Curve Diffie-Hellman Key Agreement Algorithm	Use of the Elliptic Curve Diffie-Hellman Key Agreement Algorithm
	with X25519 and X448 in the Cryptographic Message Syntax (CMS)	with X25519 and X448 in the Cryptographic Message Syntax (CMS)


	<draft-ietf-curdle-cms-ecdh-new-curves-08.txt>	<draft-ietf-curdle-cms-ecdh-new-curves-09.txt>

	Abstract	Abstract

	This document describes the conventions for using Elliptic Curve	This document describes the conventions for using Elliptic Curve
	Diffie-Hellman (ECDH) key agreement algorithm using curve25519 and	Diffie-Hellman (ECDH) key agreement algorithm using curve25519 and
	curve448 in the Cryptographic Message Syntax (CMS).	curve448 in the Cryptographic Message Syntax (CMS).

	Status of This Memo	Status of This Memo

	This Internet-Draft is submitted in full conformance with the	This Internet-Draft is submitted in full conformance with the

	skipping to change at page 1, line 33 ¶	skipping to change at page 1, line 33 ¶
	Internet-Drafts are working documents of the Internet Engineering	Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute	Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-	working documents as Internet-Drafts. The list of current Internet-
	Drafts is at http://datatracker.ietf.org/drafts/current/.	Drafts is at http://datatracker.ietf.org/drafts/current/.

	Internet-Drafts are draft documents valid for a maximum of six months	Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any	and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference	time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."	material or to cite them other than as "work in progress."


	This Internet-Draft will expire on 2 December 2017.	This Internet-Draft will expire on 4 December 2017.

	Copyright Notice	Copyright Notice

	Copyright (c) 2017 IETF Trust and the persons identified as the	Copyright (c) 2017 IETF Trust and the persons identified as the
	document authors. All rights reserved.	document authors. All rights reserved.

	This document is subject to BCP 78 and the IETF Trust's Legal	This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents	Provisions Relating to IETF Documents
	(http://trustee.ietf.org/license-info) in effect on the date of	(http://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents	publication of this document. Please review these documents
	carefully, as they describe your rights and restrictions with respect	carefully, as they describe your rights and restrictions with respect
	to this document. Code Components extracted from this document must	to this document. Code Components extracted from this document must
	include Simplified BSD License text as described in Section 4.e of	include Simplified BSD License text as described in Section 4.e of
	the Trust Legal Provisions and are provided without warranty as	the Trust Legal Provisions and are provided without warranty as
	described in the Simplified BSD License.	described in the Simplified BSD License.


		Table of Contents

		1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
		1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2
		1.2. ASN.1 . . . . . . . . . . . . . . . . . . . . . . . . . . 2
		2. Key Agreement . . . . . . . . . . . . . . . . . . . . . . . . 2
		2.1. ANSI-X9.63-KDF . . . . . . . . . . . . . . . . . . . . . . 5
		2.2. HKDF . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
		3. Enveloped-data Conventions . . . . . . . . . . . . . . . . . . 6
		3.1. EnvelopedData Fields . . . . . . . . . . . . . . . . . . . 6
		3.2. KeyAgreeRecipientInfo Fields . . . . . . . . . . . . . . . 7
		4. Authenticated-data Conventions . . . . . . . . . . . . . . . . 8
		4.1. AuthenticatedData Fields . . . . . . . . . . . . . . . . . 8
		4.2. KeyAgreeRecipientInfo Fields . . . . . . . . . . . . . . . 8
		5. Authenticated-Enveloped-data Conventions . . . . . . . . . . . 8
		5.1. AuthEnvelopedData Fields . . . . . . . . . . . . . . . . . 9
		5.2. KeyAgreeRecipientInfo Fields . . . . . . . . . . . . . . . 9
		6. Certificate Conventions . . . . . . . . . . . . . . . . . . . 9
		7. Key Agreement Algorithm Identifiers . . . . . . . . . . . . . 9
		8. SMIMECapabilities Attribute Conventions . . . . . . . . . . . 10
		9. Security Considerations . . . . . . . . . . . . . . . . . . . 11
		10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12
		11. Normative References . . . . . . . . . . . . . . . . . . . . 12
		12. Informative References . . . . . . . . . . . . . . . . . . . 14
		Appendix: ASN.1 Module . . . . . . . . . . . . . . . . . . . . . . 15
		Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . 17
		Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 17

	1. Introduction	1. Introduction

	This document describes the conventions for using Elliptic Curve	This document describes the conventions for using Elliptic Curve
	Diffie-Hellman (ECDH) key agreement using curve25519 and curve448	Diffie-Hellman (ECDH) key agreement using curve25519 and curve448
	[CURVES] in the Cryptographic Message Syntax (CMS) [CMS]. Key	[CURVES] in the Cryptographic Message Syntax (CMS) [CMS]. Key
	agreement is supported in three CMS content types: the enveloped-data	agreement is supported in three CMS content types: the enveloped-data
	content type [CMS], authenticated-data content type [CMS], and the	content type [CMS], authenticated-data content type [CMS], and the
	authenticated-enveloped-data content type [AUTHENV].	authenticated-enveloped-data content type [AUTHENV].

	The conventions for using some Elliptic Curve Cryptography (ECC)	The conventions for using some Elliptic Curve Cryptography (ECC)

	skipping to change at page 4, line 45 ¶	skipping to change at page 5, line 27 ¶

	Three values are used as inputs to the HKDF:	Three values are used as inputs to the HKDF:
	1. The shared secret value generated by ECDH, K.	1. The shared secret value generated by ECDH, K.
	2. The length in octets of the keying data to be generated.	2. The length in octets of the keying data to be generated.
	3. The DER-encoded ECC-CMS-SharedInfo structure.	3. The DER-encoded ECC-CMS-SharedInfo structure.

	The ECC-CMS-SharedInfo structure optionally includes the ukm. If the	The ECC-CMS-SharedInfo structure optionally includes the ukm. If the
	ukm is present, the ukm is also used as the HKDF salt. HKDF uses an	ukm is present, the ukm is also used as the HKDF salt. HKDF uses an
	appropriate number of zero octets when no salt is provided.	appropriate number of zero octets when no salt is provided.


	The length of the generated key-encryption key is used two places,	The length of the generated key-encryption key is used in two places,
	once in bits, and once in octets. The ECC-CMS-SharedInfo structure	once in bits, and once in octets. The ECC-CMS-SharedInfo structure
	includes the length of the generated key-encryption key in bits. The	includes the length of the generated key-encryption key in bits. The
	HKDF-Expand function takes an argument for the length of the	HKDF-Expand function takes an argument for the length of the
	generated key-encryption key in octets.	generated key-encryption key in octets.

	In summary, to produce the pairwise key-encryption key, KEK:	In summary, to produce the pairwise key-encryption key, KEK:

	if ukm is provided, then salt = ukm, else salt is not provided	if ukm is provided, then salt = ukm, else salt is not provided
	PRK = HKDF-Extract(salt, K)	PRK = HKDF-Extract(salt, K)


	skipping to change at page 16, line 33 ¶	skipping to change at page 17, line 33 ¶
	IDENTIFIED BY dhSinglePass-stdDH-hkdf-sha384-scheme}	IDENTIFIED BY dhSinglePass-stdDH-hkdf-sha384-scheme}

	cap-kaa-dhSinglePass-stdDH-hkdf-sha512-scheme SMIME-CAPS ::= {	cap-kaa-dhSinglePass-stdDH-hkdf-sha512-scheme SMIME-CAPS ::= {
	TYPE KeyWrapAlgorithm	TYPE KeyWrapAlgorithm
	IDENTIFIED BY dhSinglePass-stdDH-hkdf-sha512-scheme }	IDENTIFIED BY dhSinglePass-stdDH-hkdf-sha512-scheme }

	END	END

	Acknowledgements	Acknowledgements


	Many thanks to Daniel Migault, Eric Rescorla, Jim Schaad, Stefan	Many thanks to Roni Even, Daniel Migault, Eric Rescorla, Jim Schaad,
	Santesson, and Sean Turner for their review and insightful	Stefan Santesson, and Sean Turner for their review and insightful
	suggestions.	suggestions.

	Author's Address	Author's Address

	Russ Housley	Russ Housley
	918 Spring Knoll Drive	918 Spring Knoll Drive
	Herndon, VA 20170	Herndon, VA 20170
	USA	USA
	housley@vigilsec.com	housley@vigilsec.com

End of changes. 6 change blocks.
	6 lines changed or deleted	34 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/