commit 471008defde3dc8067a8aba1f3d589809362efa2
parent 41f2fc30c98ea08d29cd23e15e9cf8750b789b65
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date: Tue, 25 Jan 2022 22:29:37 +0100
SHA normative references
Diffstat:
1 file changed, 28 insertions(+), 18 deletions(-)
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
@@ -940,8 +940,8 @@ zk' := (h mod L) * zk
]]></artwork>
<t>
The PKEY cryptosystem uses a hash-based key derivation function (HKDF) as defined in
- <xref target="RFC5869" />, using HMAC-SHA512 for the extraction
- phase and HMAC-SHA256 for the expansion phase.
+ <xref target="RFC5869" />, using SHA-512 <xref target="SHS"/> for the extraction
+ phase and SHA-256 <xref target="SHS"/> for the expansion phase.
PRK_h is key material retrieved using an HKDF using the string
"key-derivation" as salt and the zone key as initial
keying material.
@@ -978,8 +978,8 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
]]></artwork>
<t>
HKDF is a hash-based key derivation function as defined in
- <xref target="RFC5869" />. Specifically, HMAC-SHA512 is used for the
- extraction phase and HMAC-SHA256 for the expansion phase.
+ <xref target="RFC5869" />. Specifically, SHA-512 <xref target="SHS"/> is used for the
+ extraction phase and SHA-256 <xref target="SHS"/> for the expansion phase.
The output keying material is 32 bytes (256 bits) for the symmetric
key and 4 bytes (32 bits) for the nonce.
The symmetric key K is a 256-bit AES <xref target="RFC3826" /> key.
@@ -1058,7 +1058,7 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
</dd>
<dt>a</dt>
<dd>
- is is an integer derived from d using the SHA512 hash function
+ is is an integer derived from d using the SHA-512 hash function
as defined in <xref target="ed25519" />.
</dd>
<dt>zk</dt>
@@ -1066,7 +1066,7 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
is the EdDSA public key corresponding to d. It is defined in
Section 3.2 of <xref target="RFC8032" /> as the curve point a*G where G is the
group generator of the elliptic curve and a is an integer
- derived from d using the SHA512 hash function.
+ derived from d using the SHA-512 hash function.
This generation including the derivation of a represents the
Public-KeyGen(d) function.
</dd>
@@ -1123,8 +1123,8 @@ zk' := h * zk
<t>
The EDKEY cryptosystem uses a
hash-based key derivation function (HKDF) as defined in
- <xref target="RFC5869" />, using HMAC-SHA512 for the extraction
- phase and HMAC-SHA256 for the expansion phase.
+ <xref target="RFC5869" />, using SHA-512 <xref target="SHS"/> for the extraction
+ phase and HMAC-SHA256 <xref target="SHS"/> for the expansion phase.
PRK_h is key material retrieved using an HKDF using the string
"key-derivation" as salt and the zone key as initial
keying material.
@@ -1157,17 +1157,17 @@ zk' := h * zk
for two different derivation paths or messages.
</t>
<artwork name="" type="" align="left" alt=""><![CDATA[
-dh := SHA512 (d)
-nonce := SHA256 (dh[32..63] | h)
-r := SHA512 (nonce | M)
+dh := SHA-512 (d)
+nonce := SHA-256 (dh[32..63] | h)
+r := SHA-512 (nonce | M)
R := r * G
-S := r + SHA512(R | zk' | M) * a' mod L
+S := r + SHA-512(R | zk' | M) * a' mod L
]]></artwork>
<t>
A signature (R,S) is valid if the following holds:
</t>
<artwork name="" type="" align="left" alt=""><![CDATA[
-S * G == R + SHA512(R, zk', M) * zk'
+S * G == R + SHA-512(R, zk', M) * zk'
]]></artwork>
<t>
The S-Encrypt() and S-Decrypt() functions use XSalsa20
@@ -1197,8 +1197,8 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
]]></artwork>
<t>
HKDF is a hash-based key derivation function as defined in
- <xref target="RFC5869" />. Specifically, HMAC-SHA512 is used for the
- extraction phase and HMAC-SHA256 for the expansion phase.
+ <xref target="RFC5869" />. Specifically, SHA-512 <xref target="SHS"/> is used for the
+ extraction phase and SHA-256 <xref target="SHS"/> for the expansion phase.
The output keying material is 32 bytes (256 bits) for the symmetric
key and 16 bytes (128 bits) for the NONCE.
The symmetric key K is a 256-bit XSalsa20
@@ -1506,7 +1506,7 @@ GET(key) -> value
Given a label, the storage key q is derived as follows:
</t>
<artwork name="" type="" align="left" alt=""><![CDATA[
-q := SHA512 (HDKD-Public(zk, label))
+q := SHA-512 (HDKD-Public(zk, label))
]]></artwork>
<dl>
<dt>label</dt>
@@ -1520,7 +1520,7 @@ q := SHA512 (HDKD-Public(zk, label))
<dd>
Is the 512-bit storage key under which the resource records block is
published.
- It is the SHA512 hash over the derived zone key.
+ It is the SHA-512 hash <xref target="SHS"/> over the derived zone key.
</dd>
</dl>
</section>
@@ -2730,7 +2730,17 @@ cae1789d
</front>
</reference>
-
+ <reference anchor="SHS" target="https://doi.org/10.6028/NIST.FIPS.180-4">
+ <front>
+ <title>Secure Hash Standard (SHS)</title>
+ <author initials="Q. H." surname="Dang" fullname="Quynh H. Dang">
+ <organization>NIST</organization>
+ </author>
+
+ <date year="2012" month="March"/>
+ </front>
+ </reference>
+
<reference anchor="MODES" target="https://doi.org/10.6028/NIST.SP.800-38A">
<front>
<title>Recommendation for Block Cipher Modes of Operation: Methods and Techniques</title>
