summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc8619.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/rfc/rfc8619.txt')
-rw-r--r--doc/rfc/rfc8619.txt339
1 files changed, 339 insertions, 0 deletions
diff --git a/doc/rfc/rfc8619.txt b/doc/rfc/rfc8619.txt
new file mode 100644
index 0000000..7ee1a9c
--- /dev/null
+++ b/doc/rfc/rfc8619.txt
@@ -0,0 +1,339 @@
+
+
+
+
+
+
+Internet Engineering Task Force (IETF) R. Housley
+Request for Comments: 8619 Vigil Security
+Category: Standards Track June 2019
+ISSN: 2070-1721
+
+
+ Algorithm Identifiers for the
+ HMAC-based Extract-and-Expand Key Derivation Function (HKDF)
+
+Abstract
+
+ RFC 5869 specifies the HMAC-based Extract-and-Expand Key Derivation
+ Function (HKDF) algorithm. This document assigns algorithm
+ identifiers to the HKDF algorithm when used with three common one-way
+ hash functions.
+
+Status of This Memo
+
+ This is an Internet Standards Track document.
+
+ This document is a product of the Internet Engineering Task Force
+ (IETF). It represents the consensus of the IETF community. It has
+ received public review and has been approved for publication by the
+ Internet Engineering Steering Group (IESG). Further information on
+ Internet Standards is available in Section 2 of RFC 7841.
+
+ Information about the current status of this document, any errata,
+ and how to provide feedback on it may be obtained at
+ https://www.rfc-editor.org/info/rfc8619.
+
+Copyright Notice
+
+ Copyright (c) 2019 IETF Trust and the persons identified as the
+ document authors. All rights reserved.
+
+ This document is subject to BCP 78 and the IETF Trust's Legal
+ Provisions Relating to IETF Documents
+ (https://trustee.ietf.org/license-info) in effect on the date of
+ publication of this document. Please review these documents
+ carefully, as they describe your rights and restrictions with respect
+ to this document. Code Components extracted from this document must
+ include Simplified BSD License text as described in Section 4.e of
+ the Trust Legal Provisions and are provided without warranty as
+ described in the Simplified BSD License.
+
+
+
+
+
+
+
+Housley Standards Track [Page 1]
+
+RFC 8619 HKDF OIDs June 2019
+
+
+Table of Contents
+
+ 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
+ 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2
+ 1.2. ASN.1 . . . . . . . . . . . . . . . . . . . . . . . . . . 2
+ 2. HKDF Algorithm Identifiers . . . . . . . . . . . . . . . . . 2
+ 3. ASN.1 Module . . . . . . . . . . . . . . . . . . . . . . . . 3
+ 4. Security Considerations . . . . . . . . . . . . . . . . . . . 4
+ 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4
+ 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 5
+ 6.1. Normative References . . . . . . . . . . . . . . . . . . 5
+ 6.2. Informative References . . . . . . . . . . . . . . . . . 6
+ Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6
+
+1. Introduction
+
+ The HKDF algorithm [RFC5869] is a key derivation function based on
+ the Hashed Message Authentication Code (HMAC). This document assigns
+ algorithm identifiers to the HKDF algorithm when used with three
+ common one-way hash functions. These algorithm identifiers are
+ needed to make use of the HKDF in some security protocols, such as
+ the Cryptographic Message Syntax (CMS) [RFC5652].
+
+1.1. Terminology
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
+ "OPTIONAL" in this document are to be interpreted as described in
+ BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
+ capitals, as shown here.
+
+1.2. ASN.1
+
+ In this specification, values are generated using ASN.1 [X.680] using
+ the Basic Encoding Rules (BER) and the Distinguished Encoding Rules
+ (DER) [X.690].
+
+2. HKDF Algorithm Identifiers
+
+ This section assigns three algorithm identifiers to HKDF [RFC5869]
+ used with three common one-way hash functions that are specified in
+ [SHS]: SHA-256, SHA-384, and SHA-512. When any of these three object
+ identifiers appear within the ASN.1 type AlgorithmIdentifier, the
+ parameters component of that type SHALL be absent.
+
+ The specification of AlgorithmIdentifier is available in [RFC5911],
+ which evolved from the original definition in X.509 [X.509-88].
+
+
+
+
+Housley Standards Track [Page 2]
+
+RFC 8619 HKDF OIDs June 2019
+
+
+ The assigned object identifiers are:
+
+ id-alg-hkdf-with-sha256 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+ us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 28 }
+
+ id-alg-hkdf-with-sha384 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+ us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 29 }
+
+ id-alg-hkdf-with-sha512 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+ us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 30 }
+
+3. ASN.1 Module
+
+ This section contains the ASN.1 module for the HKDF algorithm
+ identifiers. This module imports types from other ASN.1 modules that
+ are defined in [RFC5912].
+
+ HKDF-OID-2019
+ { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
+ smime(16) modules(0) id-mod-hkdf-oid-2019(68) }
+
+ DEFINITIONS IMPLICIT TAGS ::=
+ BEGIN
+
+ -- EXPORTS All
+
+ IMPORTS
+
+ AlgorithmIdentifier{}, KEY-DERIVATION
+ FROM AlgorithmInformation-2009 -- [RFC5912]
+ { iso(1) identified-organization(3) dod(6) internet(1)
+ security(5) mechanisms(5) pkix(7) id-mod(0)
+ id-mod-algorithmInformation-02(58) } ;
+
+ --
+ -- Object Identifiers
+ --
+
+ id-alg-hkdf-with-sha256 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+ us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 28 }
+
+ id-alg-hkdf-with-sha384 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+ us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 29 }
+
+ id-alg-hkdf-with-sha512 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+ us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 30 }
+
+
+
+
+
+Housley Standards Track [Page 3]
+
+RFC 8619 HKDF OIDs June 2019
+
+
+ --
+ -- Key Derivation Algorithm Identifiers
+ --
+
+ KeyDevAlgs KEY-DERIVATION ::= {
+ kda-hkdf-with-sha256 |
+ kda-hkdf-with-sha384 |
+ kda-hkdf-with-sha512,
+ ... }
+
+ kda-hkdf-with-sha256 KEY-DERIVATION ::= {
+ IDENTIFIER id-alg-hkdf-with-sha256
+ PARAMS ARE absent
+ SMIME-CAPS { IDENTIFIED BY id-alg-hkdf-with-sha256 } }
+
+ kda-hkdf-with-sha384 KEY-DERIVATION ::= {
+ IDENTIFIER id-alg-hkdf-with-sha384
+ PARAMS ARE absent
+ SMIME-CAPS { IDENTIFIED BY id-alg-hkdf-with-sha384 } }
+
+ kda-hkdf-with-sha512 KEY-DERIVATION ::= {
+ IDENTIFIER id-alg-hkdf-with-sha512
+ PARAMS ARE absent
+ SMIME-CAPS { IDENTIFIED BY id-alg-hkdf-with-sha512 } }
+
+ END
+
+4. Security Considerations
+
+ Despite the simplicity of HKDF, there are many security
+ considerations that have been taken into account in the design and
+ analysis of this construction. An exposition of all of these aspects
+ is well beyond the scope of this document. Please refer to [EPRINT]
+ for detailed information, including rationale for the HKDF design.
+
+5. IANA Considerations
+
+ One object identifier for the ASN.1 module in Section 3 was assigned
+ in the "SMI Security for S/MIME Module Identifiers
+ (1.2.840.113549.1.9.16.0)" registry [IANA-MOD]:
+
+ id-mod-hkdf-oid-2019 OBJECT IDENTIFIER ::= {
+ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
+ pkcs-9(9) smime(16) mod(0) 68 }
+
+
+
+
+
+
+
+Housley Standards Track [Page 4]
+
+RFC 8619 HKDF OIDs June 2019
+
+
+ Three object identifiers for the HKDF algorithm identifiers were
+ assigned in the "SMI Security for S/MIME Algorithms
+ (1.2.840.113549.1.9.16.3)" registry [IANA-ALG]:
+
+ id-alg-hkdf-with-sha256 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+ us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 28 }
+
+ id-alg-hkdf-with-sha384 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+ us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 29 }
+
+ id-alg-hkdf-with-sha512 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+ us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 30 }
+
+6. References
+
+6.1. Normative References
+
+ [SHS] National Institute of Standards and Technology (NIST),
+ "Secure Hash Standard (SHS)", FIPS PUB 180-4,
+ DOI 10.6028/NIST.FIPS.180-4, August 2015.
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119,
+ DOI 10.17487/RFC2119, March 1997,
+ <https://www.rfc-editor.org/info/rfc2119>.
+
+ [RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70,
+ RFC 5652, DOI 10.17487/RFC5652, September 2009,
+ <https://www.rfc-editor.org/info/rfc5652>.
+
+ [RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand
+ Key Derivation Function (HKDF)", RFC 5869,
+ DOI 10.17487/RFC5869, May 2010,
+ <https://www.rfc-editor.org/info/rfc5869>.
+
+ [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
+ 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
+ May 2017, <https://www.rfc-editor.org/info/rfc8174>.
+
+ [X.680] ITU-T, "Information technology -- Abstract Syntax Notation
+ One (ASN.1): Specification of basic notation",
+ ITU-T Recommendation X.680, ISO/IEC 8824-1:2015, August
+ 2015.
+
+
+
+
+
+
+
+
+Housley Standards Track [Page 5]
+
+RFC 8619 HKDF OIDs June 2019
+
+
+ [X.690] ITU-T, "Information technology -- ASN.1 encoding rules:
+ Specification of Basic Encoding Rules (BER), Canonical
+ Encoding Rules (CER) and Distinguished Encoding Rules
+ (DER)", ITU-T Recommendation X.690, ISO/IEC 8825-1:2015,
+ August 2015.
+
+6.2. Informative References
+
+ [EPRINT] Krawczyk, H., "Cryptographic Extraction and Key
+ Derivation: The HKDF Scheme", Proceedings of CRYPTO 2010,
+ August 2010, <https://eprint.iacr.org/2010/264.pdf>.
+
+ [IANA-ALG] IANA, "SMI Security for S/MIME Algorithms
+ (1.2.840.113549.1.9.16.3)",
+ <https://www.iana.org/assignments/smi-numbers/>.
+
+ [IANA-MOD] IANA, "SMI Security for S/MIME Module Identifier
+ (1.2.840.113549.1.9.16.0)",
+ <https://www.iana.org/assignments/smi-numbers/>.
+
+ [RFC5911] Hoffman, P. and J. Schaad, "New ASN.1 Modules for
+ Cryptographic Message Syntax (CMS) and S/MIME", RFC 5911,
+ DOI 10.17487/RFC5911, June 2010,
+ <https://www.rfc-editor.org/info/rfc5911>.
+
+ [RFC5912] Hoffman, P. and J. Schaad, "New ASN.1 Modules for the
+ Public Key Infrastructure Using X.509 (PKIX)", RFC 5912,
+ DOI 10.17487/RFC5912, June 2010,
+ <https://www.rfc-editor.org/info/rfc5912>.
+
+ [X.509-88] CCITT, "Recommendation X.509: The Directory -
+ Authentication Framework", 1988.
+
+Author's Address
+
+ Russell Housley
+ Vigil Security, LLC
+ 515 Dranesville Road
+ Herndon, VA 20170
+ United States of America
+
+ Email: housley@vigilsec.com
+
+
+
+
+
+
+
+
+
+Housley Standards Track [Page 6]
+