Re: [lamps] [CMP Updates] Hash algorithm to us for calculating certHash
Lijun Liao <lijun.liao@gmail.com> Tue, 08 June 2021 15:42 UTC
Return-Path: <lijun.liao@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD9C63A3484 for <spasm@ietfa.amsl.com>; Tue, 8 Jun 2021 08:42:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A08BORxPCtC9 for <spasm@ietfa.amsl.com>; Tue, 8 Jun 2021 08:42:19 -0700 (PDT)
Received: from mail-pf1-x42f.google.com (mail-pf1-x42f.google.com [IPv6:2607:f8b0:4864:20::42f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5A4E3A348D for <spasm@ietf.org>; Tue, 8 Jun 2021 08:42:19 -0700 (PDT)
Received: by mail-pf1-x42f.google.com with SMTP id g6so16006181pfq.1 for <spasm@ietf.org>; Tue, 08 Jun 2021 08:42:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ikh18XIvi0II55AvJaxxrDdl+Zz3T75VRVHZwPNOBXs=; b=aVWH6dUQAy2zsoStOm2G+1ctVzKoJpKUu3xQq8OWOnMHRnC6yJ7I3/crIvTxGOQhBW MmVgUcaSMM5NP/3HuQ1lLGsQ+afBuLPKBcyu1+3LP6wEQWu+0SDaM1nk9bTnlrVGBjM3 oTvd/aQdD62JHJOzhbugl1L2I9zbK1B6u+p/dQUo0H0s+Sgz+OC4W3O79oUcIusstPWz mLay+zpkAxWmqASdax/3SaT4uuuGHuchYoYPgDCRj3S/Wwq6FGNkwkZhFXECJrLzLhdp hPZNAIcbCS7WgcK4BJQVKRRZCr4B1WMIe3Iznc0OaMWjJuPz4lKXEzniih6wPaeblcHr 2rwA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ikh18XIvi0II55AvJaxxrDdl+Zz3T75VRVHZwPNOBXs=; b=TGpj97PlYXxG+SKWAiFeV1jMAHHpbx06aL8UdI3ib5IDu4UHSd+JQePZa0jaxmbgEK eZzS9KGIuUjqOX1MeKyE+KcZB+ZilB60CGhwVR4dQaWhsxubotC3p3hUUFIBGYwKMbVC wFoBHk/IIAUj4sjAi+q22aK94F7TAViRGBuu1JZQBJ/e1OBQ7QbvATBeNuyuUwAzi1Ux 5m6nVTpO4eGHNKu+sy0ircxzUpUPCnqr6joPt6TEuoyVD09Y+QjmlnhmiYVDFa+gOp6T jEPUHe+SO/T2LDk4LW8XhZjY/9rnGCEoTuCVoyvlLqdeGOXh5tH0GSPlefRENKqxsJLq rKIg==
X-Gm-Message-State: AOAM533WkC6pepr5TD+xFT0TrCS++vt4PU9DKS+2Mcl+gY31x+YETiX7 A5ujN9vgSXGPVKBQ0kSYdhnRTYPKdTUvncJqyG6uQ6BrUq1o1A==
X-Google-Smtp-Source: ABdhPJwjbO+I5iSFsTRyS7+OJYcXyo0ME5auTHFh/6NmUHqwMn8wL/CKoGzMnfOyssC8j2/K7fyUkEwzEtnLVwUwMlE=
X-Received: by 2002:a63:5052:: with SMTP id q18mr23145391pgl.349.1623166938598; Tue, 08 Jun 2021 08:42:18 -0700 (PDT)
MIME-Version: 1.0
References: <AM0PR10MB24188C86D787842B2C7D9DD6FE379@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
In-Reply-To: <AM0PR10MB24188C86D787842B2C7D9DD6FE379@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
From: Lijun Liao <lijun.liao@gmail.com>
Date: Tue, 08 Jun 2021 17:42:06 +0200
Message-ID: <CANNx7D91544=ihPo_2kkAMK4wu3K12aqFkOkQ+V_kfVFPiAC1g@mail.gmail.com>
To: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
Cc: LAMPS WG <spasm@ietf.org>, "david.von.oheimb@siemens.com" <david.von.oheimb@siemens.com>
Content-Type: multipart/alternative; boundary="000000000000c9505305c44300b6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/5w_waNOACYajpmbDZz4a8NT0Ayw>
Subject: Re: [lamps] [CMP Updates] Hash algorithm to us for calculating certHash
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Jun 2021 15:42:32 -0000
I prefer to use SHA-512 for Ed25519 and SHAKE256(x, 64) for Ed448, as in RFC8419: 2.3 <https://datatracker.ietf.org/doc/html/rfc8419#section-2.3>. Message Digest Algorithm Identifiers When the signer includes signed attributes, a message digest algorithm is used to compute the message digest on the eContent value. When signing with Ed25519, the message digest algorithm MUST be SHA-512 [FIPS180 <https://datatracker.ietf.org/doc/html/rfc8419#ref-FIPS180>]. Additional information on SHA-512 is available in [RFC6234 <https://datatracker.ietf.org/doc/html/rfc6234>]. When signing with Ed448, the message digest algorithm MUST be SHAKE256 [FIPS202 <https://datatracker.ietf.org/doc/html/rfc8419#ref-FIPS202>] with a 512-bit output value. On Tue, Jun 8, 2021 at 5:20 PM Brockhaus, Hendrik < hendrik.brockhaus@siemens.com> wrote: > In OpenSSL recently a problem has been identified on how to derive a hash > algorithm from signatureAlgorithm OID when using EdDSA, see > https://github.com/openssl/openssl/issues/15477 > > In CMP this implicitly defined hash algorithms is used to calculate the > certHash in a certConf messages. This would fail when using EdDSA. > The CertStatus structure including certHash is defined as follows: > CertStatus ::= SEQUENCE { > certHash OCTET STRING, > -- the hash of the certificate, using the same hash algorithm > -- as is used to create and verify the certificate signature > certReqId INTEGER, > -- to match this confirmation with the corresponding req/rep > statusInfo PKIStatusInfo OPTIONAL > } > > Therefore, the hash algorithms to be used for computing the certHash must > be determined in some other way. > I currently see the following options: > (1) Specify usage of SHA-1 for calculating certHash, similar to the > definition of the keyIdentifier in RFC 5280 Section 4.2.1.2. > This is the cheapest solution, but we explicitly removed SHA-1 from CMP > Algorithms, see mail thread "Re: CMP Algorithms I-D". > (2) Specify a hash algorithm on a per signature algorithm basis. > This is also quite simple to implement, but costly to maintain for > upcoming algorithms. > (3) Extend the ASN.1 syntax of CertStatus to allow to specify an optional > hashAlg OID for those cases where the hash algorithm cannot be determined > automatically. > This is probably the cleanest solution, but involves a change to the > ASN.1 syntax. > > Does anyone sees other, better solutions? > What solution is preferred by the WG? > > - Hendrik > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm > -- Lijun Liao
- [lamps] [CMP Updates] Hash algorithm to us for ca… Brockhaus, Hendrik
- Re: [lamps] [CMP Updates] Hash algorithm to us fo… Lijun Liao
- Re: [lamps] [CMP Updates] Hash algorithm to us fo… Russ Housley
- Re: [lamps] [CMP Updates] Hash algorithm to us fo… Brockhaus, Hendrik
- Re: [lamps] [CMP Updates] Hash algorithm to us fo… Brockhaus, Hendrik
- Re: [lamps] [CMP Updates] Hash algorithm to us fo… Brockhaus, Hendrik
- Re: [lamps] [CMP Updates] Hash algorithm to us fo… Brockhaus, Hendrik
- Re: [lamps] [CMP Updates] Hash algorithm to us fo… David von Oheimb
- [lamps] Fwd: [CMP Updates] Hash algorithm to us f… David von Oheimb
- Re: [lamps] Fwd: [CMP Updates] Hash algorithm to … Russ Housley
- Re: [lamps] [CMP Updates] Hash algorithm to us fo… Russ Housley
- Re: [lamps] [CMP Updates] Hash algorithm to us fo… Brockhaus, Hendrik
- Re: [lamps] [CMP Updates] Hash algorithm to us fo… Brockhaus, Hendrik
- Re: [lamps] [CMP Updates] Hash algorithm to us fo… Russ Housley
- Re: [lamps] [CMP Updates] Hash algorithm to us fo… David von Oheimb