draft-ietf-curdle-cms-ecdh-new-curves-08.txt   draft-ietf-curdle-cms-ecdh-new-curves-09.txt 
Internet-Draft R. Housley Internet-Draft R. Housley
Intended status: Standards Track Vigil Security Intended status: Standards Track Vigil Security
Expires: 2 December 2017 2 June 2017 Expires: 4 December 2017 4 June 2017
Use of the Elliptic Curve Diffie-Hellman Key Agreement Algorithm Use of the Elliptic Curve Diffie-Hellman Key Agreement Algorithm
with X25519 and X448 in the Cryptographic Message Syntax (CMS) with X25519 and X448 in the Cryptographic Message Syntax (CMS)
<draft-ietf-curdle-cms-ecdh-new-curves-08.txt> <draft-ietf-curdle-cms-ecdh-new-curves-09.txt>
Abstract Abstract
This document describes the conventions for using Elliptic Curve This document describes the conventions for using Elliptic Curve
Diffie-Hellman (ECDH) key agreement algorithm using curve25519 and Diffie-Hellman (ECDH) key agreement algorithm using curve25519 and
curve448 in the Cryptographic Message Syntax (CMS). curve448 in the Cryptographic Message Syntax (CMS).
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
skipping to change at page 1, line 33 skipping to change at page 1, line 33
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 2 December 2017. This Internet-Draft will expire on 4 December 2017.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2
1.2. ASN.1 . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Key Agreement . . . . . . . . . . . . . . . . . . . . . . . . 2
2.1. ANSI-X9.63-KDF . . . . . . . . . . . . . . . . . . . . . . 5
2.2. HKDF . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
3. Enveloped-data Conventions . . . . . . . . . . . . . . . . . . 6
3.1. EnvelopedData Fields . . . . . . . . . . . . . . . . . . . 6
3.2. KeyAgreeRecipientInfo Fields . . . . . . . . . . . . . . . 7
4. Authenticated-data Conventions . . . . . . . . . . . . . . . . 8
4.1. AuthenticatedData Fields . . . . . . . . . . . . . . . . . 8
4.2. KeyAgreeRecipientInfo Fields . . . . . . . . . . . . . . . 8
5. Authenticated-Enveloped-data Conventions . . . . . . . . . . . 8
5.1. AuthEnvelopedData Fields . . . . . . . . . . . . . . . . . 9
5.2. KeyAgreeRecipientInfo Fields . . . . . . . . . . . . . . . 9
6. Certificate Conventions . . . . . . . . . . . . . . . . . . . 9
7. Key Agreement Algorithm Identifiers . . . . . . . . . . . . . 9
8. SMIMECapabilities Attribute Conventions . . . . . . . . . . . 10
9. Security Considerations . . . . . . . . . . . . . . . . . . . 11
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12
11. Normative References . . . . . . . . . . . . . . . . . . . . 12
12. Informative References . . . . . . . . . . . . . . . . . . . 14
Appendix: ASN.1 Module . . . . . . . . . . . . . . . . . . . . . . 15
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . 17
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 17
1. Introduction 1. Introduction
This document describes the conventions for using Elliptic Curve This document describes the conventions for using Elliptic Curve
Diffie-Hellman (ECDH) key agreement using curve25519 and curve448 Diffie-Hellman (ECDH) key agreement using curve25519 and curve448
[CURVES] in the Cryptographic Message Syntax (CMS) [CMS]. Key [CURVES] in the Cryptographic Message Syntax (CMS) [CMS]. Key
agreement is supported in three CMS content types: the enveloped-data agreement is supported in three CMS content types: the enveloped-data
content type [CMS], authenticated-data content type [CMS], and the content type [CMS], authenticated-data content type [CMS], and the
authenticated-enveloped-data content type [AUTHENV]. authenticated-enveloped-data content type [AUTHENV].
The conventions for using some Elliptic Curve Cryptography (ECC) The conventions for using some Elliptic Curve Cryptography (ECC)
skipping to change at page 4, line 45 skipping to change at page 5, line 27
Three values are used as inputs to the HKDF: Three values are used as inputs to the HKDF:
1. The shared secret value generated by ECDH, K. 1. The shared secret value generated by ECDH, K.
2. The length in octets of the keying data to be generated. 2. The length in octets of the keying data to be generated.
3. The DER-encoded ECC-CMS-SharedInfo structure. 3. The DER-encoded ECC-CMS-SharedInfo structure.
The ECC-CMS-SharedInfo structure optionally includes the ukm. If the The ECC-CMS-SharedInfo structure optionally includes the ukm. If the
ukm is present, the ukm is also used as the HKDF salt. HKDF uses an ukm is present, the ukm is also used as the HKDF salt. HKDF uses an
appropriate number of zero octets when no salt is provided. appropriate number of zero octets when no salt is provided.
The length of the generated key-encryption key is used two places, The length of the generated key-encryption key is used in two places,
once in bits, and once in octets. The ECC-CMS-SharedInfo structure once in bits, and once in octets. The ECC-CMS-SharedInfo structure
includes the length of the generated key-encryption key in bits. The includes the length of the generated key-encryption key in bits. The
HKDF-Expand function takes an argument for the length of the HKDF-Expand function takes an argument for the length of the
generated key-encryption key in octets. generated key-encryption key in octets.
In summary, to produce the pairwise key-encryption key, KEK: In summary, to produce the pairwise key-encryption key, KEK:
if ukm is provided, then salt = ukm, else salt is not provided if ukm is provided, then salt = ukm, else salt is not provided
PRK = HKDF-Extract(salt, K) PRK = HKDF-Extract(salt, K)
skipping to change at page 16, line 33 skipping to change at page 17, line 33
IDENTIFIED BY dhSinglePass-stdDH-hkdf-sha384-scheme} IDENTIFIED BY dhSinglePass-stdDH-hkdf-sha384-scheme}
cap-kaa-dhSinglePass-stdDH-hkdf-sha512-scheme SMIME-CAPS ::= { cap-kaa-dhSinglePass-stdDH-hkdf-sha512-scheme SMIME-CAPS ::= {
TYPE KeyWrapAlgorithm TYPE KeyWrapAlgorithm
IDENTIFIED BY dhSinglePass-stdDH-hkdf-sha512-scheme } IDENTIFIED BY dhSinglePass-stdDH-hkdf-sha512-scheme }
END END
Acknowledgements Acknowledgements
Many thanks to Daniel Migault, Eric Rescorla, Jim Schaad, Stefan Many thanks to Roni Even, Daniel Migault, Eric Rescorla, Jim Schaad,
Santesson, and Sean Turner for their review and insightful Stefan Santesson, and Sean Turner for their review and insightful
suggestions. suggestions.
Author's Address Author's Address
Russ Housley Russ Housley
918 Spring Knoll Drive 918 Spring Knoll Drive
Herndon, VA 20170 Herndon, VA 20170
USA USA
housley@vigilsec.com housley@vigilsec.com
 End of changes. 6 change blocks. 
6 lines changed or deleted 34 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/