commit 647fde5bc6f043150fa424cf20e977644a308358
parent c19a39d00ad3df61d215792cd7b578758ced5389
Author: Mikolai Gütschow <mikolai.guetschow@tu-dresden.de>
Date: Mon, 8 Jul 2024 10:26:45 +0200
crypto primitives: add HMAC, switch from bits to octets
Diffstat:
2 files changed, 112 insertions(+), 68 deletions(-)
diff --git a/draft-guetschow-taler-protocol.md b/draft-guetschow-taler-protocol.md
@@ -66,10 +66,10 @@ Use at your own risk!
SHA-256(msg) -> hash
Input:
- msg input message of length L < 2^64 bits
+ msg input message of length L < 2^61 octets
Output:
- hash message digest of fixed length L' = 256 bits
+ hash message digest of fixed length HashLen = 32 octets
~~~
`hash` is the output of SHA-256 as per Sections 4.1, 5.1, 6.1, and 6.2 of [RFC6234].
@@ -80,10 +80,10 @@ Output:
SHA-512(msg) -> hash
Input:
- msg input message of length L < 2^128 bits
+ msg input message of length L < 2^125 octets
Output:
- hash message digest of fixed length L' = 512 bits
+ hash message digest of fixed length HashLen = 64 octets
~~~
`hash` is the output of SHA-512 as per Sections 4.2, 5.2, 6.3, and 6.4 of [RFC6234].
@@ -94,30 +94,50 @@ Output:
SHA-512(msg) -> hash
Input:
- msg input message of length L < 2^128 bits
+ msg input message of length L < 2^125 octets
Output:
- hash message digest of fixed length L' = 256 bits
+ hash message digest of fixed length HashLen = 32 octets
~~~
-The output `hash` corresponds to the first 256 bit of the output of SHA-512 defined in {{sha512}}:
+The output `hash` corresponds to the first 32 octets of the output of SHA-512 defined in {{sha512}}:
~~~
temp = SHA-512(msg)
-hash = temp[0:255]
+hash = temp[0:31]
~~~
Note that this operation differs from SHA-512/256 as defined in [SHS] in the initial hash value.
+## Message Authentication Codes
+
+### HMAC {#hmac}
+
+~~~
+HMAC-Hash(key, text) -> out
+
+Option:
+ Hash cryptographic hash function with output length HashLen
+
+Input:
+ key secret key of length at least HashLen
+ text input data of arbitary length
+
+Output:
+ out output of length HashLen
+~~~
+
+`out` is calculated as defined in [RFC2104].
+
+
## Key Derivation Functions
### HKDF {#hkdf}
The Hashed Key Derivation Function (HKDF) used in Taler is an instantiation of [RFC5869]
-with two different hash functions for the Extract and Expand step as suggested in [HKDF].
-HMAC-SHA512 (HMAC [RFC2104] instantiated with SHA-512, cf. {{sha512}}) is used for `HKDF-Extract`.
-HMAC-SHA256 (HMAC [RFC2104] instantiated with SHA-256, cf. {{sha256}}) is used for `HKDF-Expand`.
+with two different hash functions for the Extract and Expand step as suggested in [HKDF]:
+`HKDF-Extract` uses `HMAC-SHA512`, while `HKDF-Expand` uses `HMAC-SHA256` (cf. {{hmac}}).
~~~
HKDF(salt, IKM, info, L) -> OKM
@@ -138,8 +158,8 @@ Output:
The output OKM is calculated as follows:
~~~
-PRK = HKDF-Extract(salt, IKM) with Hash = SHA-512, HashLen = 64
-OKM = HKDF-Expand(PRK, info, L) with Hash = SHA-256, HashLen = 32
+PRK = HKDF-Extract(salt, IKM) with Hash = SHA-512 (HashLen = 64)
+OKM = HKDF-Expand(PRK, info, L) with Hash = SHA-256 (HashLen = 32)
~~~
### HKDF-Mod
diff --git a/draft-guetschow-taler-protocol.xml b/draft-guetschow-taler-protocol.xml
@@ -80,10 +80,10 @@ Use at your own risk!</t>
SHA-256(msg) -> hash
Input:
- msg input message of length L < 2^64 bits
+ msg input message of length L < 2^61 octets
Output:
- hash message digest of fixed length L' = 256 bits
+ hash message digest of fixed length HashLen = 32 octets
]]></artwork></figure>
<t><spanx style="verb">hash</spanx> is the output of SHA-256 as per Sections 4.1, 5.1, 6.1, and 6.2 of <xref target="RFC6234"></xref>.</t>
@@ -95,10 +95,10 @@ Output:
SHA-512(msg) -> hash
Input:
- msg input message of length L < 2^128 bits
+ msg input message of length L < 2^125 octets
Output:
- hash message digest of fixed length L' = 512 bits
+ hash message digest of fixed length HashLen = 64 octets
]]></artwork></figure>
<t><spanx style="verb">hash</spanx> is the output of SHA-512 as per Sections 4.2, 5.2, 6.3, and 6.4 of <xref target="RFC6234"></xref>.</t>
@@ -110,31 +110,52 @@ Output:
SHA-512(msg) -> hash
Input:
- msg input message of length L < 2^128 bits
+ msg input message of length L < 2^125 octets
Output:
- hash message digest of fixed length L' = 256 bits
+ hash message digest of fixed length HashLen = 32 octets
]]></artwork></figure>
-<t>The output <spanx style="verb">hash</spanx> corresponds to the first 256 bit of the output of SHA-512 defined in <xref target="sha512"/>:</t>
+<t>The output <spanx style="verb">hash</spanx> corresponds to the first 32 octets of the output of SHA-512 defined in <xref target="sha512"/>:</t>
<figure><artwork><![CDATA[
temp = SHA-512(msg)
-hash = temp[0:255]
+hash = temp[0:31]
]]></artwork></figure>
<t>Note that this operation differs from SHA-512/256 as defined in <xref target="SHS"></xref> in the initial hash value.</t>
</section>
</section>
+<section anchor="message-authentication-codes"><name>Message Authentication Codes</name>
+
+<section anchor="hmac"><name>HMAC</name>
+
+<figure><artwork><![CDATA[
+HMAC-Hash(key, text) -> out
+
+Option:
+ Hash cryptographic hash function with output length HashLen
+
+Input:
+ key secret key of length at least HashLen
+ text input data of arbitary length
+
+Output:
+ out output of length HashLen
+]]></artwork></figure>
+
+<t><spanx style="verb">out</spanx> is calculated as defined in <xref target="RFC2104"></xref>.</t>
+
+</section>
+</section>
<section anchor="key-derivation-functions"><name>Key Derivation Functions</name>
<section anchor="hkdf"><name>HKDF</name>
<t>The Hashed Key Derivation Function (HKDF) used in Taler is an instantiation of <xref target="RFC5869"></xref>
-with two different hash functions for the Extract and Expand step as suggested in <xref target="HKDF"></xref>.
-HMAC-SHA512 (HMAC <xref target="RFC2104"></xref> instantiated with SHA-512, cf. <xref target="sha512"/>) is used for <spanx style="verb">HKDF-Extract</spanx>.
-HMAC-SHA256 (HMAC <xref target="RFC2104"></xref> instantiated with SHA-256, cf. <xref target="sha256"/>) is used for <spanx style="verb">HKDF-Expand</spanx>.</t>
+with two different hash functions for the Extract and Expand step as suggested in <xref target="HKDF"></xref>:
+<spanx style="verb">HKDF-Extract</spanx> uses <spanx style="verb">HMAC-SHA512</spanx>, while <spanx style="verb">HKDF-Expand</spanx> uses <spanx style="verb">HMAC-SHA256</spanx> (cf. <xref target="hmac"/>).</t>
<figure><artwork><![CDATA[
HKDF(salt, IKM, info, L) -> OKM
@@ -155,8 +176,8 @@ Output:
<t>The output OKM is calculated as follows:</t>
<figure><artwork><![CDATA[
-PRK = HKDF-Extract(salt, IKM) with Hash = SHA-512, HashLen = 64
-OKM = HKDF-Expand(PRK, info, L) with Hash = SHA-256, HashLen = 32
+PRK = HKDF-Extract(salt, IKM) with Hash = SHA-512 (HashLen = 64)
+OKM = HKDF-Expand(PRK, info, L) with Hash = SHA-256 (HashLen = 32)
]]></artwork></figure>
</section>
@@ -313,7 +334,7 @@ while true:
-<?line 201?>
+<?line 221?>
<section anchor="change-log"><name>Change log</name>
@@ -331,47 +352,50 @@ Education and Research (BMBF) within the project Concrete Contracts.</t>
</back>
<!-- ##markdown-source:
-H4sIAAAAAAAAA81XbVMbyRH+vr+iY3+IdGGFJEAG3ZEKL8ZQgOwyuO4DR8Jo
-d7SaYzWzNTuL0PnwL8u3/LE8PbN6w/aVL1eVhHLJu7P93k/3dMdxHD30aSuK
-nHK57NOL67GkN4MPdC1yaemdNc4kJn8RpSbRYgKK1IqRi7NKujIZm2nsmDAu
-asIoEU5mxs76pPTIRJEqbJ+crUrXbbf32t1oaux9Zk1VMEUqC4kf7aLSWSkm
-62f3cgbqtB8RxeT1+KfEzgpnMiuK8cwfyESUY/9UiNkEnGUUvaQHqSvZxwOR
-lYXp09i5ouxvbmbKtTJdaelaxmabeZm2YVoLx5ueOocLpVvSg+AL9JtRJCo3
-NhbmxVBOFOJzqe5NLhS9+dc/Q4T8NzD26frDMR1bWcI5+qDVg7SlcjMyI7qW
-yVib3GQzTy2GQysfmGFO7485RhKGncp8Mja5+wUHLeq0/ccEovpr5IlJYc9x
-3O60e3v1SaUd5+aNtBOhgzI5ESrv0yTY3Vpk9m+uitMgrpXKKNIGPA5Wcz7e
-nxx1O+3t+nFnt7dXP/a6W/709Pz4BMrfnrU6bfxrv9rce7Ubb8W97W7c2QZV
-/OofW9sgvDq9WtD12t3dzcHZ1XXr5OzdVauz2463ASEAaaE6iuI4RoDgukhc
-FP10Q9eHP9JPt+HDRKVpLjn9Z/DUpFXilNFrZIdyKqwkNxYOP6okQLti1BCe
-S6fynBijsdKM6gwRKEnolCZihgBqJ5Qmaa2xZSv6UEqCmJmpLJmpJqvK+z+x
-9oFxImiO6U7QrzS8IwTSAFlQKlkQV4r2RIwAQVPlxjRk5qMlwFWCGlQTxc4z
-qp9/PAXy6aTS3k1P8BIRPYi7Oz36+LIcCzw8RdGnT5+i+rgxKbMmxX+lMRdN
-dKaLyvU9EPCB/J/iM5rAcZFJNi6XOoNxF/QDdf/e26ah4hJ7W7kFLwvzvHOu
-VGUoImYeqUeZLkT8mfaJjfMi2KzojnnvOPgcGOOFMt/cDVFSgVZ0JYOPtN3q
-bNAO//T4h1PTa3WZ46bG321rGYidTjcEAg8rgcDbHw5Ep7v7RyPB1n1bJJjy
-80h0ORJdjsTWPBLbvxEJH88GurEHXzo/bi4iFPtv/39xWkfM9TI6dcgSY1Gn
-hdEpYmd8+EbKQlrNyFK/HNNUjpSGNhT1x481TJ76IQBOTgooX41D5M3eJ/50
-0+53d3Zug00o+NWeYpCoUNupGo3Q6GlkzWQuarPG9YryG/TBW35gM5VGwYs8
-xOhB5JVEHrn4z+WMjqVVD0H2s8LnnotUju/T0VOIErcHyP8KGzWYo0lVGWwI
-d77idofX0gkNK+YN6qbu87eRb1RuamrXuHN6Q0dzawj92vvx+tF3aY/M148F
-/1c6WbDrZZVxumvn2Q5g9fTy4ChGjDgxDX7xWvmiuV0xCDzehDqYG5SMWivJ
-a7IH3iU2445Fx7Uhd0sVvhK+SQUoV1RwP/2KCvYPGjwe+KhRitxt0Nn55YYf
-hjbowtfR2/PLuozKUApM54eEgsOHvPsDn3dqCNJGx6VMrHRkoQIw8p+a30e0
-9qdGIHWES+tBpTKF0nClgQ81IXh8UDrjXKKF/yKtwQXGfDBwpYoxdDEV7lsA
-RuRR+DIyawbyPSgfQ2JFUeQqCTgpC5moEe6lxZ1t9DMrGwnQNcS16U2I6yoP
-tjU97UVNWX+CvXXZPjONkWMSh3HluYofuGPsfLfVRaXudnrt5nrreVs7/DW5
-Dai8qEU3P2s5zI2wJiJPqtxDRTDi89xMy7pxvHt/Ds2ryFtioRmQdRr6yALD
-/H6BuXAfyYlYxYKfYdWAxBUQPZfgIbqUsNUNRs97QnxpUsw9ggFrQofxrWKt
-9/mu8bQR2te8lDE5u8pq3xHYKN/gGFMTkXOvwLtGJjNMJ0iqykhXkyHOBytl
-wNobgw16Vg1fLoXBPIdLYd/TgFv/2vi0hMaArfdXw2ol/a9L6Rtq6b9QTL8P
-9Gs5HfxHuB/kHn+JVHkjJG2TdpvRdKxyyUug7C/XEGjap3p14RseORW4sEuV
-aXYafbiuQI7ynAO5xhrmx/PhDBcutkO/FBI91gXzvOli9E42aIDCCM0FYwKS
-CE9pCJ9gO6PVm+p/oOAxqhHwiOll0F9EPBTl4+IdK5q4X/PnL/vUmVceNgAd
-H+ZYZ+kKLgmUkayv6dcpmlNnz1N9meLk+DR+f3UQXo5ygasmvuIN0VreDzgp
-4a4Oy8BiTfcif0RzwJI+FfzKw2Jlecs8wsUMLIeppKw3omO/EWFZOhgcfEYB
-D3ju4LVqKJJ7v5kAGxjVsKjy20Fyr800l2kWlu6P/VCxMt1/MRJ5KV88rem5
-5tbCyaOpnwCKwth6AiiEdTSc+eIOyymdSLYlx0KtFRDNe3L0GgtdKA4ulvfI
-pbDJmBqHl4cnoS3WExQq92eMyewTV7vkB9+IUaj/BjAzhDH1EAAA
+H4sIAAAAAAAAA81Y23IbuRF9n6/o2C9koqFISqIl7ioVXSxLJYl2WXLtg1aJ
+wBlwiGg4mMJgRHEd+cv2bX8spwHwam9qc6kkLtdwBugbuk83uhXHcfTUp50o
+ssrmsk+vbseS3g0+0a3IpaEPRlud6PxVlOqkEBNQpEaMbJzV0lbJWE9jy4Rx
+GQijRFiZaTPrkypGOopUafpkTV3Zbrt90O5GU20eM6PrkilSWUo8ChtV1kgx
+WV97lDNQp/2IKCanx70lZlZanRlRjmduQSaiGru3Uswm4Kyi6DU9yaKWfbwQ
+GVnqPo2tLav+9nambCsr6kLaljbZdl6lbZjWwvK2o85xhMou6UHwDfrtKBK1
+HWsD82IoJ/L+uVaPOheK3v3ys/eQ2wNjn24/ndKpkRUOR58K9SRNpeyM9Ihu
+ZTIudK6zmaMWw6GRT8wwp3fL7CMJw85lPhnr3P6EhRZ12m4zgaj+GnmiU9hz
+Grc77d5BWKkLy7F5J81EFF6ZnAiV92ni7W4tIvsnW8epF9dKZRQVGjwWVnM8
+Pp6ddDvt3fC6t987CK+97o5bPb88PYPy9xetThv/22+2D97sxztxb7cbd3ZB
+Fb/5y84uCG/ObxZ0vXZ3f3twcXPbOrv4cNPq7LfjXUAIQFqojqI4juEgHF0k
+Nop+vKPb4x/ox3u/MVFpmksO/wVOqtM6sUoXa2THciqMJDsWFg9VEaBdM2oI
+75VVeU6M0VgVjOoMHqhIFClNxAwOLKxQBUljtKla0adKEsTMdG1ITwsyqnr8
+HWsfaCu85pgeBP2Nhg8ER2ogC0olC+JMKRwRI0DQVNkxDZn5ZAlwlSAH1UTx
+4RnVm5vnQD6d1YU7piN4DY8exd29Hn1+XY0FXl6i6MuXL1FYbkyqrEnxH2nM
+SRNdFGVt+w4I2OAfpCCWaIJzi0yybbksMth2Rd9T98+9DunESs6x97VdMLM0
+JySwpSpDEjH3SD3LdC6D7b0C/A9ppzuXw8ZFDyzggUPA7tFOMnPPDyMqKlGQ
+bqQ/Ke22Olu0x48ePzhAvVaXOe4CCu9bS3fsdbreHXhZcQe+/l13dLp7/xl/
+9HZ/sz/4NF/7o8v+6LI/dub+2P0H/nBebaAyOyCm8+Xmwk+x2/s/9dYGem6X
+PgqOS7RB5pa6SOFB7Zw4UgYyF5ws/du+TeVIFdCKRP/8OYDmpe8dYeWkhP5V
+f0TO+kPirbt2f6dz741CDVgtMxrx8umeqtEItZ9GRk/mkrYDyFd036E03vML
+W6kK1ACRe089ibyWCCfXg+vgsiNcRihiKvE6TlD8Qz04vz46QVTHEzGPJq/E
+7MwGrtgtGP5sXVThCsSlZAE+LuchLsla0XE2jELR8XUrOHE9TmsAgSYHkEom
+Rlr3uUSHYFaB6Mw5mZLNWkIqFVa4QmmGygozC6zrOIIZFH5DTDcs8rmFbZda
+iciTOnfw33B9uN/ug5MvYe2pNOrJO3ej4PJdxw5+TEcvHousDpJ+hY0azNGk
+uvLafK+l+JrBZ2UFwri4GO7C/XofOUfbqQ744RtrLRIAlDYOLG+f3e3oqsDb
+55J/KitLPmRVZ5xa4Zhsx30/euDfOHA9sF0VPTiQAJ0A58MWTccqlzQnZJGb
+dADwAzWSUQtJ47D20mwFuIGpUYncbtHF5fWW6wy36MpB7v3ldYBJ5UPIdC6E
+DoZAvFtwiKeGoEIXcYCQgRFIILfV/M4xL/+pEUgt4QZ/UqlModTf7+BDORDc
+S6kiYwej8P4kjcZtznwwcKWOAaVMheYDURR55HdGes1AbgoYquxmUZb5PAWr
+UiZqhHxZNDC62LCykSDkQ/QQzoQ4gNXb1nS0V4EybMHegO0N0zicoSJuqPj+
+kLp7e79H3Tuk/U6v3VxPmffhwL8mtwGVV0F086tqy9xfJdJI57meVqFifvh4
+Cc2rCFtioemrx7kvoPP621i9FZsR61gIYOQ1IHIFRZsi3MW2elUEs+epGl/r
+FG2g4OzTvrq6DF4r+y6ZX7Z86V7UOsCuNoVLVLbKFXdG1UTknML4LhDLDM0a
+wqoyKurJEOuDlURg7Y3BFm3kw7eTYTCP4lLYdzRAAazWusklOAZsPe+v5dL/
+Opl+Qzb9F9Lpn4P9WkwH/xLyB7kDYCJV3vBB26b9ZuRLKbor2V9OZdB0SGGS
+w1s33IeVygo+NK6ElbZlzoFYYyp108pwhmYDw7KbkYmeQ8Zsll1MIskWDZAZ
+vrygR0IQcVIa8vWtp4xWZ6p7QMFzFBDwjA5u0F943Gfl8+IbE6t4XDvPHw6p
+M888DERFfJxjuqcbHEkgjebtydsU5alz4Ki+TXF2eh5/vDnyHye5wL0T3/DA
+bAyPSxwUf4X62WjxVwsn8gdUh9SIqeBP7pdrw0P3Ce5LYNl3ZFUYEE/dgIjZ
+8Whw9BUFTsA9F0+ZQ5E8ukEN2EDrhbmdv46Sx0JPc5lm/m8Qn/s+Y2V6+Gok
+8kq+elnTc8ulhYNHU3cxl6U24WIuhbE0nLnk9rM6nUm2JadrdIJANHdP0VvM
+tz45OFk+IpbCJGNqHF8fn/m6GLpHZO5fMSnwmTjbJb+4UoxE/TsoiJVTBBIA
+AA==
-->
