diff options
Diffstat (limited to 'draft-schanzen-gns.xml')
-rw-r--r-- | draft-schanzen-gns.xml | 46 |
1 files changed, 28 insertions, 18 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 708ccf3..60c6cd7 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
@@ -940,8 +940,8 @@ zk' := (h mod L) * zk | |||
940 | ]]></artwork> | 940 | ]]></artwork> |
941 | <t> | 941 | <t> |
942 | The PKEY cryptosystem uses a hash-based key derivation function (HKDF) as defined in | 942 | The PKEY cryptosystem uses a hash-based key derivation function (HKDF) as defined in |
943 | <xref target="RFC5869" />, using HMAC-SHA512 for the extraction | 943 | <xref target="RFC5869" />, using SHA-512 <xref target="SHS"/> for the extraction |
944 | phase and HMAC-SHA256 for the expansion phase. | 944 | phase and SHA-256 <xref target="SHS"/> for the expansion phase. |
945 | PRK_h is key material retrieved using an HKDF using the string | 945 | PRK_h is key material retrieved using an HKDF using the string |
946 | "key-derivation" as salt and the zone key as initial | 946 | "key-derivation" as salt and the zone key as initial |
947 | keying material. | 947 | keying material. |
@@ -978,8 +978,8 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8) | |||
978 | ]]></artwork> | 978 | ]]></artwork> |
979 | <t> | 979 | <t> |
980 | HKDF is a hash-based key derivation function as defined in | 980 | HKDF is a hash-based key derivation function as defined in |
981 | <xref target="RFC5869" />. Specifically, HMAC-SHA512 is used for the | 981 | <xref target="RFC5869" />. Specifically, SHA-512 <xref target="SHS"/> is used for the |
982 | extraction phase and HMAC-SHA256 for the expansion phase. | 982 | extraction phase and SHA-256 <xref target="SHS"/> for the expansion phase. |
983 | The output keying material is 32 bytes (256 bits) for the symmetric | 983 | The output keying material is 32 bytes (256 bits) for the symmetric |
984 | key and 4 bytes (32 bits) for the nonce. | 984 | key and 4 bytes (32 bits) for the nonce. |
985 | The symmetric key K is a 256-bit AES <xref target="RFC3826" /> key. | 985 | The symmetric key K is a 256-bit AES <xref target="RFC3826" /> key. |
@@ -1058,7 +1058,7 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8) | |||
1058 | </dd> | 1058 | </dd> |
1059 | <dt>a</dt> | 1059 | <dt>a</dt> |
1060 | <dd> | 1060 | <dd> |
1061 | is is an integer derived from d using the SHA512 hash function | 1061 | is is an integer derived from d using the SHA-512 hash function |
1062 | as defined in <xref target="ed25519" />. | 1062 | as defined in <xref target="ed25519" />. |
1063 | </dd> | 1063 | </dd> |
1064 | <dt>zk</dt> | 1064 | <dt>zk</dt> |
@@ -1066,7 +1066,7 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8) | |||
1066 | is the EdDSA public key corresponding to d. It is defined in | 1066 | is the EdDSA public key corresponding to d. It is defined in |
1067 | Section 3.2 of <xref target="RFC8032" /> as the curve point a*G where G is the | 1067 | Section 3.2 of <xref target="RFC8032" /> as the curve point a*G where G is the |
1068 | group generator of the elliptic curve and a is an integer | 1068 | group generator of the elliptic curve and a is an integer |
1069 | derived from d using the SHA512 hash function. | 1069 | derived from d using the SHA-512 hash function. |
1070 | This generation including the derivation of a represents the | 1070 | This generation including the derivation of a represents the |
1071 | Public-KeyGen(d) function. | 1071 | Public-KeyGen(d) function. |
1072 | </dd> | 1072 | </dd> |
@@ -1123,8 +1123,8 @@ zk' := h * zk | |||
1123 | <t> | 1123 | <t> |
1124 | The EDKEY cryptosystem uses a | 1124 | The EDKEY cryptosystem uses a |
1125 | hash-based key derivation function (HKDF) as defined in | 1125 | hash-based key derivation function (HKDF) as defined in |
1126 | <xref target="RFC5869" />, using HMAC-SHA512 for the extraction | 1126 | <xref target="RFC5869" />, using SHA-512 <xref target="SHS"/> for the extraction |
1127 | phase and HMAC-SHA256 for the expansion phase. | 1127 | phase and HMAC-SHA256 <xref target="SHS"/> for the expansion phase. |
1128 | PRK_h is key material retrieved using an HKDF using the string | 1128 | PRK_h is key material retrieved using an HKDF using the string |
1129 | "key-derivation" as salt and the zone key as initial | 1129 | "key-derivation" as salt and the zone key as initial |
1130 | keying material. | 1130 | keying material. |
@@ -1157,17 +1157,17 @@ zk' := h * zk | |||
1157 | for two different derivation paths or messages. | 1157 | for two different derivation paths or messages. |
1158 | </t> | 1158 | </t> |
1159 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 1159 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
1160 | dh := SHA512 (d) | 1160 | dh := SHA-512 (d) |
1161 | nonce := SHA256 (dh[32..63] | h) | 1161 | nonce := SHA-256 (dh[32..63] | h) |
1162 | r := SHA512 (nonce | M) | 1162 | r := SHA-512 (nonce | M) |
1163 | R := r * G | 1163 | R := r * G |
1164 | S := r + SHA512(R | zk' | M) * a' mod L | 1164 | S := r + SHA-512(R | zk' | M) * a' mod L |
1165 | ]]></artwork> | 1165 | ]]></artwork> |
1166 | <t> | 1166 | <t> |
1167 | A signature (R,S) is valid if the following holds: | 1167 | A signature (R,S) is valid if the following holds: |
1168 | </t> | 1168 | </t> |
1169 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 1169 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
1170 | S * G == R + SHA512(R, zk', M) * zk' | 1170 | S * G == R + SHA-512(R, zk', M) * zk' |
1171 | ]]></artwork> | 1171 | ]]></artwork> |
1172 | <t> | 1172 | <t> |
1173 | The S-Encrypt() and S-Decrypt() functions use XSalsa20 | 1173 | The S-Encrypt() and S-Decrypt() functions use XSalsa20 |
@@ -1197,8 +1197,8 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8) | |||
1197 | ]]></artwork> | 1197 | ]]></artwork> |
1198 | <t> | 1198 | <t> |
1199 | HKDF is a hash-based key derivation function as defined in | 1199 | HKDF is a hash-based key derivation function as defined in |
1200 | <xref target="RFC5869" />. Specifically, HMAC-SHA512 is used for the | 1200 | <xref target="RFC5869" />. Specifically, SHA-512 <xref target="SHS"/> is used for the |
1201 | extraction phase and HMAC-SHA256 for the expansion phase. | 1201 | extraction phase and SHA-256 <xref target="SHS"/> for the expansion phase. |
1202 | The output keying material is 32 bytes (256 bits) for the symmetric | 1202 | The output keying material is 32 bytes (256 bits) for the symmetric |
1203 | key and 16 bytes (128 bits) for the NONCE. | 1203 | key and 16 bytes (128 bits) for the NONCE. |
1204 | The symmetric key K is a 256-bit XSalsa20 | 1204 | The symmetric key K is a 256-bit XSalsa20 |
@@ -1506,7 +1506,7 @@ GET(key) -> value | |||
1506 | Given a label, the storage key q is derived as follows: | 1506 | Given a label, the storage key q is derived as follows: |
1507 | </t> | 1507 | </t> |
1508 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 1508 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
1509 | q := SHA512 (HDKD-Public(zk, label)) | 1509 | q := SHA-512 (HDKD-Public(zk, label)) |
1510 | ]]></artwork> | 1510 | ]]></artwork> |
1511 | <dl> | 1511 | <dl> |
1512 | <dt>label</dt> | 1512 | <dt>label</dt> |
@@ -1520,7 +1520,7 @@ q := SHA512 (HDKD-Public(zk, label)) | |||
1520 | <dd> | 1520 | <dd> |
1521 | Is the 512-bit storage key under which the resource records block is | 1521 | Is the 512-bit storage key under which the resource records block is |
1522 | published. | 1522 | published. |
1523 | It is the SHA512 hash over the derived zone key. | 1523 | It is the SHA-512 hash <xref target="SHS"/> over the derived zone key. |
1524 | </dd> | 1524 | </dd> |
1525 | </dl> | 1525 | </dl> |
1526 | </section> | 1526 | </section> |
@@ -2730,7 +2730,17 @@ cae1789d | |||
2730 | </front> | 2730 | </front> |
2731 | </reference> | 2731 | </reference> |
2732 | 2732 | ||
2733 | 2733 | <reference anchor="SHS" target="https://doi.org/10.6028/NIST.FIPS.180-4"> | |
2734 | <front> | ||
2735 | <title>Secure Hash Standard (SHS)</title> | ||
2736 | <author initials="Q. H." surname="Dang" fullname="Quynh H. Dang"> | ||
2737 | <organization>NIST</organization> | ||
2738 | </author> | ||
2739 | |||
2740 | <date year="2012" month="March"/> | ||
2741 | </front> | ||
2742 | </reference> | ||
2743 | |||
2734 | <reference anchor="MODES" target="https://doi.org/10.6028/NIST.SP.800-38A"> | 2744 | <reference anchor="MODES" target="https://doi.org/10.6028/NIST.SP.800-38A"> |
2735 | <front> | 2745 | <front> |
2736 | <title>Recommendation for Block Cipher Modes of Operation: Methods and Techniques</title> | 2746 | <title>Recommendation for Block Cipher Modes of Operation: Methods and Techniques</title> |