1 files changed, 28 insertions, 18 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
index 708ccf3..60c6cd7 100644
--- a/draft-schanzen-gns.xml
+++ b/draft-schanzen-gns.xml
@@ -940,8 +940,8 @@ zk' := (h mod L) * zk
        ]]></artwork>
       <t>
         The PKEY cryptosystem uses a hash-based key derivation function (HKDF) as defined in
-         <xref target="RFC5869" />, using HMAC-SHA512 for the extraction
+         <xref target="RFC5869" />, using SHA-512 <xref target="SHS"/> for the extraction
-         phase and HMAC-SHA256 for the expansion phase.
+         phase and SHA-256 <xref target="SHS"/> for the expansion phase.
         PRK_h is key material retrieved using an HKDF using the string
         "key-derivation" as salt and the zone key as initial
         keying material.
@@ -978,8 +978,8 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
 ]]></artwork>
       <t>
         HKDF is a hash-based key derivation function as defined in
-         <xref target="RFC5869" />. Specifically, HMAC-SHA512 is used for the
+         <xref target="RFC5869" />. Specifically, SHA-512 <xref target="SHS"/> is used for the
-         extraction phase and HMAC-SHA256 for the expansion phase.
+         extraction phase and SHA-256 <xref target="SHS"/> for the expansion phase.
         The output keying material is 32 bytes (256 bits) for the symmetric
         key and 4 bytes (32 bits) for the nonce.
         The symmetric key K is a 256-bit AES <xref target="RFC3826" /> key.
@@ -1058,7 +1058,7 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
           </dd>
           <dt>a</dt>
           <dd>
-             is is an integer derived from d using the SHA512 hash function
+             is is an integer derived from d using the SHA-512 hash function
             as defined in <xref target="ed25519" />.
           </dd>
           <dt>zk</dt>
@@ -1066,7 +1066,7 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
             is the EdDSA public key corresponding to d. It is defined in
             Section 3.2 of <xref target="RFC8032" /> as the curve point a*G where G is the
             group generator of the elliptic curve and a is an integer
-             derived from d using the SHA512 hash function.
+             derived from d using the SHA-512 hash function.
             This generation including the derivation of a represents the
             Public-KeyGen(d) function.
           </dd>
@@ -1123,8 +1123,8 @@ zk' := h * zk
         <t>
           The EDKEY cryptosystem uses a
           hash-based key derivation function (HKDF) as defined in
-           <xref target="RFC5869" />, using HMAC-SHA512 for the extraction
+           <xref target="RFC5869" />, using SHA-512 <xref target="SHS"/> for the extraction
-           phase and HMAC-SHA256 for the expansion phase.
+           phase and HMAC-SHA256 <xref target="SHS"/> for the expansion phase.
           PRK_h is key material retrieved using an HKDF using the string
           "key-derivation" as salt and the zone key as initial
           keying material.
@@ -1157,17 +1157,17 @@ zk' := h * zk
           for two different derivation paths or messages.
         </t>
         <artwork name="" type="" align="left" alt=""><![CDATA[
-dh := SHA512 (d)
+dh := SHA-512 (d)
-nonce := SHA256 (dh[32..63] | h)
+nonce := SHA-256 (dh[32..63] | h)
-r := SHA512 (nonce | M)
+r := SHA-512 (nonce | M)
 R := r * G
-S := r + SHA512(R | zk' | M) * a' mod L
+S := r + SHA-512(R | zk' | M) * a' mod L
           ]]></artwork>
         <t>
           A signature (R,S) is valid if the following holds:
         </t>
         <artwork name="" type="" align="left" alt=""><![CDATA[
-S * G == R + SHA512(R, zk', M) * zk'
+S * G == R + SHA-512(R, zk', M) * zk'
           ]]></artwork>
         <t>
           The S-Encrypt() and S-Decrypt() functions use XSalsa20
@@ -1197,8 +1197,8 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
 ]]></artwork>
         <t>
           HKDF is a hash-based key derivation function as defined in
-           <xref target="RFC5869" />. Specifically, HMAC-SHA512 is used for the
+           <xref target="RFC5869" />. Specifically, SHA-512 <xref target="SHS"/> is used for the
-           extraction phase and HMAC-SHA256 for the expansion phase.
+           extraction phase and SHA-256 <xref target="SHS"/> for the expansion phase.
           The output keying material is 32 bytes (256 bits) for the symmetric
           key and 16 bytes (128 bits) for the NONCE.
           The symmetric key K is a 256-bit XSalsa20
@@ -1506,7 +1506,7 @@ GET(key) -> value
         Given a label, the storage key q is derived as follows:
       </t>
       <artwork name="" type="" align="left" alt=""><![CDATA[
-q := SHA512 (HDKD-Public(zk, label))
+q := SHA-512 (HDKD-Public(zk, label))
         ]]></artwork>
       <dl>
         <dt>label</dt>
@@ -1520,7 +1520,7 @@ q := SHA512 (HDKD-Public(zk, label))
         <dd>
           Is the 512-bit storage key under which the resource records block is
           published.
-           It is the SHA512 hash over the derived zone key.
+           It is the SHA-512 hash <xref target="SHS"/> over the derived zone key.
         </dd>
       </dl>
     </section>
@@ -2730,7 +2730,17 @@ cae1789d
         </front>
       </reference>
-       
+       <reference anchor="SHS" target="https://doi.org/10.6028/NIST.FIPS.180-4">
+         <front>
+           <title>Secure Hash Standard (SHS)</title>
+           <author initials="Q. H." surname="Dang" fullname="Quynh H. Dang">
+             <organization>NIST</organization>
+          </author>
+           <date year="2012" month="March"/>
+         </front>
+       </reference>
       <reference anchor="MODES" target="https://doi.org/10.6028/NIST.SP.800-38A">
         <front>
           <title>Recommendation for Block Cipher Modes of Operation: Methods and Techniques</title>

diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 708ccf3..60c6cd7 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml
@@ -940,8 +940,8 @@ zk' := (h mod L) * zk
940	]]></artwork>	940	]]></artwork>
941	<t>	941	<t>
942	The PKEY cryptosystem uses a hash-based key derivation function (HKDF) as defined in	942	The PKEY cryptosystem uses a hash-based key derivation function (HKDF) as defined in
943	<xref target="RFC5869" />, using HMAC-SHA512 for the extraction	943	<xref target="RFC5869" />, using SHA-512 <xref target="SHS"/> for the extraction
944	phase and HMAC-SHA256 for the expansion phase.	944	phase and SHA-256 <xref target="SHS"/> for the expansion phase.
945	PRK_h is key material retrieved using an HKDF using the string	945	PRK_h is key material retrieved using an HKDF using the string
946	"key-derivation" as salt and the zone key as initial	946	"key-derivation" as salt and the zone key as initial
947	keying material.	947	keying material.
@@ -978,8 +978,8 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
978	]]></artwork>	978	]]></artwork>
979	<t>	979	<t>
980	HKDF is a hash-based key derivation function as defined in	980	HKDF is a hash-based key derivation function as defined in
981	<xref target="RFC5869" />. Specifically, HMAC-SHA512 is used for the	981	<xref target="RFC5869" />. Specifically, SHA-512 <xref target="SHS"/> is used for the
982	extraction phase and HMAC-SHA256 for the expansion phase.	982	extraction phase and SHA-256 <xref target="SHS"/> for the expansion phase.
983	The output keying material is 32 bytes (256 bits) for the symmetric	983	The output keying material is 32 bytes (256 bits) for the symmetric
984	key and 4 bytes (32 bits) for the nonce.	984	key and 4 bytes (32 bits) for the nonce.
985	The symmetric key K is a 256-bit AES <xref target="RFC3826" /> key.	985	The symmetric key K is a 256-bit AES <xref target="RFC3826" /> key.
@@ -1058,7 +1058,7 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
1058	</dd>	1058	</dd>
1059	<dt>a</dt>	1059	<dt>a</dt>
1060	<dd>	1060	<dd>
1061	is is an integer derived from d using the SHA512 hash function	1061	is is an integer derived from d using the SHA-512 hash function
1062	as defined in <xref target="ed25519" />.	1062	as defined in <xref target="ed25519" />.
1063	</dd>	1063	</dd>
1064	<dt>zk</dt>	1064	<dt>zk</dt>
@@ -1066,7 +1066,7 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
1066	is the EdDSA public key corresponding to d. It is defined in	1066	is the EdDSA public key corresponding to d. It is defined in
1067	Section 3.2 of <xref target="RFC8032" /> as the curve point a*G where G is the	1067	Section 3.2 of <xref target="RFC8032" /> as the curve point a*G where G is the
1068	group generator of the elliptic curve and a is an integer	1068	group generator of the elliptic curve and a is an integer
1069	derived from d using the SHA512 hash function.	1069	derived from d using the SHA-512 hash function.
1070	This generation including the derivation of a represents the	1070	This generation including the derivation of a represents the
1071	Public-KeyGen(d) function.	1071	Public-KeyGen(d) function.
1072	</dd>	1072	</dd>
@@ -1123,8 +1123,8 @@ zk' := h * zk
1123	<t>	1123	<t>
1124	The EDKEY cryptosystem uses a	1124	The EDKEY cryptosystem uses a
1125	hash-based key derivation function (HKDF) as defined in	1125	hash-based key derivation function (HKDF) as defined in
1126	<xref target="RFC5869" />, using HMAC-SHA512 for the extraction	1126	<xref target="RFC5869" />, using SHA-512 <xref target="SHS"/> for the extraction
1127	phase and HMAC-SHA256 for the expansion phase.	1127	phase and HMAC-SHA256 <xref target="SHS"/> for the expansion phase.
1128	PRK_h is key material retrieved using an HKDF using the string	1128	PRK_h is key material retrieved using an HKDF using the string
1129	"key-derivation" as salt and the zone key as initial	1129	"key-derivation" as salt and the zone key as initial
1130	keying material.	1130	keying material.
@@ -1157,17 +1157,17 @@ zk' := h * zk
1157	for two different derivation paths or messages.	1157	for two different derivation paths or messages.
1158	</t>	1158	</t>
1159	<artwork name="" type="" align="left" alt=""><![CDATA[	1159	<artwork name="" type="" align="left" alt=""><![CDATA[
1160	dh := SHA512 (d)	1160	dh := SHA-512 (d)
1161	nonce := SHA256 (dh[32..63] \| h)	1161	nonce := SHA-256 (dh[32..63] \| h)
1162	r := SHA512 (nonce \| M)	1162	r := SHA-512 (nonce \| M)
1163	R := r * G	1163	R := r * G
1164	S := r + SHA512(R \| zk' \| M) * a' mod L	1164	S := r + SHA-512(R \| zk' \| M) * a' mod L
1165	]]></artwork>	1165	]]></artwork>
1166	<t>	1166	<t>
1167	A signature (R,S) is valid if the following holds:	1167	A signature (R,S) is valid if the following holds:
1168	</t>	1168	</t>
1169	<artwork name="" type="" align="left" alt=""><![CDATA[	1169	<artwork name="" type="" align="left" alt=""><![CDATA[
1170	S * G == R + SHA512(R, zk', M) * zk'	1170	S * G == R + SHA-512(R, zk', M) * zk'
1171	]]></artwork>	1171	]]></artwork>
1172	<t>	1172	<t>
1173	The S-Encrypt() and S-Decrypt() functions use XSalsa20	1173	The S-Encrypt() and S-Decrypt() functions use XSalsa20
@@ -1197,8 +1197,8 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
1197	]]></artwork>	1197	]]></artwork>
1198	<t>	1198	<t>
1199	HKDF is a hash-based key derivation function as defined in	1199	HKDF is a hash-based key derivation function as defined in
1200	<xref target="RFC5869" />. Specifically, HMAC-SHA512 is used for the	1200	<xref target="RFC5869" />. Specifically, SHA-512 <xref target="SHS"/> is used for the
1201	extraction phase and HMAC-SHA256 for the expansion phase.	1201	extraction phase and SHA-256 <xref target="SHS"/> for the expansion phase.
1202	The output keying material is 32 bytes (256 bits) for the symmetric	1202	The output keying material is 32 bytes (256 bits) for the symmetric
1203	key and 16 bytes (128 bits) for the NONCE.	1203	key and 16 bytes (128 bits) for the NONCE.
1204	The symmetric key K is a 256-bit XSalsa20	1204	The symmetric key K is a 256-bit XSalsa20
@@ -1506,7 +1506,7 @@ GET(key) -> value
1506	Given a label, the storage key q is derived as follows:	1506	Given a label, the storage key q is derived as follows:
1507	</t>	1507	</t>
1508	<artwork name="" type="" align="left" alt=""><![CDATA[	1508	<artwork name="" type="" align="left" alt=""><![CDATA[
1509	q := SHA512 (HDKD-Public(zk, label))	1509	q := SHA-512 (HDKD-Public(zk, label))
1510	]]></artwork>	1510	]]></artwork>
1511	<dl>	1511	<dl>
1512	<dt>label</dt>	1512	<dt>label</dt>
@@ -1520,7 +1520,7 @@ q := SHA512 (HDKD-Public(zk, label))
1520	<dd>	1520	<dd>
1521	Is the 512-bit storage key under which the resource records block is	1521	Is the 512-bit storage key under which the resource records block is
1522	published.	1522	published.
1523	It is the SHA512 hash over the derived zone key.	1523	It is the SHA-512 hash <xref target="SHS"/> over the derived zone key.
1524	</dd>	1524	</dd>
1525	</dl>	1525	</dl>
1526	</section>	1526	</section>
@@ -2730,7 +2730,17 @@ cae1789d
2730	</front>	2730	</front>
2731	</reference>	2731	</reference>
2732		2732
2733		2733	<reference anchor="SHS" target="https://doi.org/10.6028/NIST.FIPS.180-4">
		2734	<front>
		2735	<title>Secure Hash Standard (SHS)</title>
		2736	<author initials="Q. H." surname="Dang" fullname="Quynh H. Dang">
		2737	<organization>NIST</organization>
		2738	</author>
		2739
		2740	<date year="2012" month="March"/>
		2741	</front>
		2742	</reference>
		2743
2734	<reference anchor="MODES" target="https://doi.org/10.6028/NIST.SP.800-38A">	2744	<reference anchor="MODES" target="https://doi.org/10.6028/NIST.SP.800-38A">
2735	<front>	2745	<front>
2736	<title>Recommendation for Block Cipher Modes of Operation: Methods and Techniques</title>	2746	<title>Recommendation for Block Cipher Modes of Operation: Methods and Techniques</title>