Internet Engineering Task Force (IETF) R. Housley
Request for Comments: 8619 Vigil Security
Category: Standards Track June 2019
ISSN: 2070-1721
Internet Engineering Task Force (IETF) R. Housley
Request for Comments: 8619 Vigil Security
Category: Standards Track June 2019
ISSN: 2070-1721
Algorithm Identifiers for the HMAC-based Extract-and-Expand Key Derivation Function (HKDF)
基于HMAC的提取和扩展密钥派生函数(HKDF)的算法标识符
Abstract
摘要
RFC 5869 specifies the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) algorithm. This document assigns algorithm identifiers to the HKDF algorithm when used with three common one-way hash functions.
RFC 5869指定了基于HMAC的提取和扩展密钥派生函数(HKDF)算法。当与三个常见的单向散列函数一起使用时,本文档为HKDF算法分配算法标识符。
Status of This Memo
关于下段备忘
This is an Internet Standards Track document.
这是一份互联网标准跟踪文件。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 7841第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8619.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问https://www.rfc-editor.org/info/rfc8619.
Copyright Notice
版权公告
Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved.
版权(c)2019 IETF信托基金和被确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(https://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2
1.2. ASN.1 . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2. HKDF Algorithm Identifiers . . . . . . . . . . . . . . . . . 2
3. ASN.1 Module . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Security Considerations . . . . . . . . . . . . . . . . . . . 4
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4
6. References . . . . . . . . . . . . . . . . . . . . . . . . . 5
6.1. Normative References . . . . . . . . . . . . . . . . . . 5
6.2. Informative References . . . . . . . . . . . . . . . . . 6
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2
1.2. ASN.1 . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2. HKDF Algorithm Identifiers . . . . . . . . . . . . . . . . . 2
3. ASN.1 Module . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Security Considerations . . . . . . . . . . . . . . . . . . . 4
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4
6. References . . . . . . . . . . . . . . . . . . . . . . . . . 5
6.1. Normative References . . . . . . . . . . . . . . . . . . 5
6.2. Informative References . . . . . . . . . . . . . . . . . 6
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6
The HKDF algorithm [RFC5869] is a key derivation function based on the Hashed Message Authentication Code (HMAC). This document assigns algorithm identifiers to the HKDF algorithm when used with three common one-way hash functions. These algorithm identifiers are needed to make use of the HKDF in some security protocols, such as the Cryptographic Message Syntax (CMS) [RFC5652].
HKDF算法[RFC5869]是一个基于哈希消息身份验证码(HMAC)的密钥派生函数。当与三个常见的单向散列函数一起使用时,本文档为HKDF算法分配算法标识符。在某些安全协议中使用HKDF需要这些算法标识符,如加密消息语法(CMS)[RFC5652]。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“建议”、“不建议”、“可”和“可选”在所有大写字母出现时(如图所示)应按照BCP 14[RFC2119][RFC8174]所述进行解释。
In this specification, values are generated using ASN.1 [X.680] using the Basic Encoding Rules (BER) and the Distinguished Encoding Rules (DER) [X.690].
在本规范中,使用ASN.1[X.680],使用基本编码规则(BER)和可分辨编码规则(DER)[X.690]生成值。
This section assigns three algorithm identifiers to HKDF [RFC5869] used with three common one-way hash functions that are specified in [SHS]: SHA-256, SHA-384, and SHA-512. When any of these three object identifiers appear within the ASN.1 type AlgorithmIdentifier, the parameters component of that type SHALL be absent.
本节为HKDF[RFC5869]分配三个算法标识符,并与[SHS]中指定的三个通用单向散列函数一起使用:SHA-256、SHA-384和SHA-512。当这三个对象标识符中的任何一个出现在ASN.1类型算法标识符中时,该类型的参数组件应不存在。
The specification of AlgorithmIdentifier is available in [RFC5911], which evolved from the original definition in X.509 [X.509-88].
[RFC5911]中提供了算法标识符的规范,该规范是从X.509[X.509-88]中的原始定义演变而来的。
The assigned object identifiers are:
分配的对象标识符为:
id-alg-hkdf-with-sha256 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 28 }
id-alg-hkdf-with-sha256 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 28 }
id-alg-hkdf-with-sha384 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 29 }
id-alg-hkdf-with-sha384 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 29 }
id-alg-hkdf-with-sha512 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 30 }
id-alg-hkdf-with-sha512 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 30 }
This section contains the ASN.1 module for the HKDF algorithm identifiers. This module imports types from other ASN.1 modules that are defined in [RFC5912].
本节包含用于HKDF算法标识符的ASN.1模块。此模块从[RFC5912]中定义的其他ASN.1模块导入类型。
HKDF-OID-2019
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) modules(0) id-mod-hkdf-oid-2019(68) }
HKDF-OID-2019
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) modules(0) id-mod-hkdf-oid-2019(68) }
DEFINITIONS IMPLICIT TAGS ::=
BEGIN
DEFINITIONS IMPLICIT TAGS ::=
BEGIN
-- EXPORTS All
--全部出口
IMPORTS
进口
AlgorithmIdentifier{}, KEY-DERIVATION
FROM AlgorithmInformation-2009 -- [RFC5912]
{ iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-algorithmInformation-02(58) } ;
AlgorithmIdentifier{}, KEY-DERIVATION
FROM AlgorithmInformation-2009 -- [RFC5912]
{ iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-algorithmInformation-02(58) } ;
-- -- Object Identifiers --
----对象标识符--
id-alg-hkdf-with-sha256 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 28 }
id-alg-hkdf-with-sha256 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 28 }
id-alg-hkdf-with-sha384 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 29 }
id-alg-hkdf-with-sha384 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 29 }
id-alg-hkdf-with-sha512 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 30 }
id-alg-hkdf-with-sha512 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 30 }
-- -- Key Derivation Algorithm Identifiers --
----密钥派生算法标识符--
KeyDevAlgs KEY-DERIVATION ::= {
kda-hkdf-with-sha256 |
kda-hkdf-with-sha384 |
kda-hkdf-with-sha512,
... }
KeyDevAlgs KEY-DERIVATION ::= {
kda-hkdf-with-sha256 |
kda-hkdf-with-sha384 |
kda-hkdf-with-sha512,
... }
kda-hkdf-with-sha256 KEY-DERIVATION ::= {
IDENTIFIER id-alg-hkdf-with-sha256
PARAMS ARE absent
SMIME-CAPS { IDENTIFIED BY id-alg-hkdf-with-sha256 } }
kda-hkdf-with-sha256 KEY-DERIVATION ::= {
IDENTIFIER id-alg-hkdf-with-sha256
PARAMS ARE absent
SMIME-CAPS { IDENTIFIED BY id-alg-hkdf-with-sha256 } }
kda-hkdf-with-sha384 KEY-DERIVATION ::= {
IDENTIFIER id-alg-hkdf-with-sha384
PARAMS ARE absent
SMIME-CAPS { IDENTIFIED BY id-alg-hkdf-with-sha384 } }
kda-hkdf-with-sha384 KEY-DERIVATION ::= {
IDENTIFIER id-alg-hkdf-with-sha384
PARAMS ARE absent
SMIME-CAPS { IDENTIFIED BY id-alg-hkdf-with-sha384 } }
kda-hkdf-with-sha512 KEY-DERIVATION ::= {
IDENTIFIER id-alg-hkdf-with-sha512
PARAMS ARE absent
SMIME-CAPS { IDENTIFIED BY id-alg-hkdf-with-sha512 } }
kda-hkdf-with-sha512 KEY-DERIVATION ::= {
IDENTIFIER id-alg-hkdf-with-sha512
PARAMS ARE absent
SMIME-CAPS { IDENTIFIED BY id-alg-hkdf-with-sha512 } }
END
终止
Despite the simplicity of HKDF, there are many security considerations that have been taken into account in the design and analysis of this construction. An exposition of all of these aspects is well beyond the scope of this document. Please refer to [EPRINT] for detailed information, including rationale for the HKDF design.
尽管HKDF结构简单,但在设计和分析该结构时,考虑了许多安全因素。对所有这些方面的阐述远远超出了本文件的范围。有关详细信息,包括HKDF设计的基本原理,请参考[EPRINT]。
One object identifier for the ASN.1 module in Section 3 was assigned in the "SMI Security for S/MIME Module Identifiers (1.2.840.113549.1.9.16.0)" registry [IANA-MOD]:
第3节中ASN.1模块的一个对象标识符在“S/MIME模块标识符的SMI安全性(1.2.840.113549.1.9.16.0)”注册表[IANA-MOD]中分配:
id-mod-hkdf-oid-2019 OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-9(9) smime(16) mod(0) 68 }
id-mod-hkdf-oid-2019 OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-9(9) smime(16) mod(0) 68 }
Three object identifiers for the HKDF algorithm identifiers were assigned in the "SMI Security for S/MIME Algorithms (1.2.840.113549.1.9.16.3)" registry [IANA-ALG]:
在“S/MIME算法的SMI安全性(1.2.840.113549.1.9.16.3)”注册表[IANA-ALG]中为HKDF算法标识符分配了三个对象标识符:
id-alg-hkdf-with-sha256 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 28 }
id-alg-hkdf-with-sha256 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 28 }
id-alg-hkdf-with-sha384 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 29 }
id-alg-hkdf-with-sha384 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 29 }
id-alg-hkdf-with-sha512 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 30 }
id-alg-hkdf-with-sha512 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 30 }
[SHS] National Institute of Standards and Technology (NIST), "Secure Hash Standard (SHS)", FIPS PUB 180-4, DOI 10.6028/NIST.FIPS.180-4, August 2015.
[SHS]国家标准与技术研究所(NIST),“安全哈希标准(SHS)”,FIPS PUB 180-4,DOI 10.6028/NIST.FIPS.180-42015年8月。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,DOI 10.17487/RFC2119,1997年3月<https://www.rfc-editor.org/info/rfc2119>.
[RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70, RFC 5652, DOI 10.17487/RFC5652, September 2009, <https://www.rfc-editor.org/info/rfc5652>.
[RFC5652]Housley,R.,“加密消息语法(CMS)”,STD 70,RFC 5652,DOI 10.17487/RFC5652,2009年9月<https://www.rfc-editor.org/info/rfc5652>.
[RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand Key Derivation Function (HKDF)", RFC 5869, DOI 10.17487/RFC5869, May 2010, <https://www.rfc-editor.org/info/rfc5869>.
[RFC5869]Krawczyk,H.和P.Eronen,“基于HMAC的提取和扩展密钥派生函数(HKDF)”,RFC 5869,DOI 10.17487/RFC5869,2010年5月<https://www.rfc-editor.org/info/rfc5869>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8174]Leiba,B.,“RFC 2119关键词中大写与小写的歧义”,BCP 14,RFC 8174,DOI 10.17487/RFC8174,2017年5月<https://www.rfc-editor.org/info/rfc8174>.
[X.680] ITU-T, "Information technology -- Abstract Syntax Notation One (ASN.1): Specification of basic notation", ITU-T Recommendation X.680, ISO/IEC 8824-1:2015, August 2015.
[X.680]ITU-T,“信息技术——抽象语法符号一(ASN.1):基本符号规范”,ITU-T建议X.680,ISO/IEC 8824-1:2015,2015年8月。
[X.690] ITU-T, "Information technology -- ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)", ITU-T Recommendation X.690, ISO/IEC 8825-1:2015, August 2015.
[X.690]ITU-T,“信息技术——ASN.1编码规则:基本编码规则(BER)、规范编码规则(CER)和区分编码规则(DER)规范”,ITU-T建议X.690,ISO/IEC 8825-1:2015,2015年8月。
[EPRINT] Krawczyk, H., "Cryptographic Extraction and Key Derivation: The HKDF Scheme", Proceedings of CRYPTO 2010, August 2010, <https://eprint.iacr.org/2010/264.pdf>.
[EPRINT]Krawczyk,H.,“密码提取和密钥推导:HKDF方案”,加密学报2010年8月<https://eprint.iacr.org/2010/264.pdf>.
[IANA-ALG] IANA, "SMI Security for S/MIME Algorithms (1.2.840.113549.1.9.16.3)", <https://www.iana.org/assignments/smi-numbers/>.
[IANA-ALG]IANA,“S/MIME算法的SMI安全性(1.2.840.113549.1.9.16.3)”<https://www.iana.org/assignments/smi-numbers/>.
[IANA-MOD] IANA, "SMI Security for S/MIME Module Identifier (1.2.840.113549.1.9.16.0)", <https://www.iana.org/assignments/smi-numbers/>.
[IANA-MOD]IANA,“S/MIME模块标识符的SMI安全性(1.2.840.113549.1.9.16.0)”<https://www.iana.org/assignments/smi-numbers/>.
[RFC5911] Hoffman, P. and J. Schaad, "New ASN.1 Modules for Cryptographic Message Syntax (CMS) and S/MIME", RFC 5911, DOI 10.17487/RFC5911, June 2010, <https://www.rfc-editor.org/info/rfc5911>.
[RFC5911]Hoffman,P.和J.Schaad,“用于加密消息语法(CMS)和S/MIME的新ASN.1模块”,RFC 5911,DOI 10.17487/RFC5911,2010年6月<https://www.rfc-editor.org/info/rfc5911>.
[RFC5912] Hoffman, P. and J. Schaad, "New ASN.1 Modules for the Public Key Infrastructure Using X.509 (PKIX)", RFC 5912, DOI 10.17487/RFC5912, June 2010, <https://www.rfc-editor.org/info/rfc5912>.
[RFC5912]Hoffman,P.和J.Schaad,“使用X.509(PKIX)的公钥基础设施的新ASN.1模块”,RFC 5912,DOI 10.17487/RFC5912,2010年6月<https://www.rfc-editor.org/info/rfc5912>.
[X.509-88] CCITT, "Recommendation X.509: The Directory - Authentication Framework", 1988.
[X.509-88]CCITT,“建议X.509:目录认证框架”,1988年。
Author's Address
作者地址
Russell Housley Vigil Security, LLC 515 Dranesville Road Herndon, VA 20170 United States of America
美国弗吉尼亚州赫恩登德兰斯维尔路515号Russell Housley Vigil Security有限责任公司,邮编:20170
Email: housley@vigilsec.com
Email: housley@vigilsec.com