Internet DRAFT - draft-vassilev-acvp-iana
draft-vassilev-acvp-iana
TBD A. Vassilev, Ed.
Internet-Draft NIST
Intended status: Informational February 21, 2019
Expires: August 25, 2019
ACVP IANA Registry
draft-vassilev-acvp-iana-00
Abstract
This document defines a set of IANA registries for supported
cryptographic algorithm test specifications in the Automated
Cryptographic Validation Protocol (ACVP) [acvp]. This document also
shows how to extend the capabilities of ACVP with testing for new
cryptographic algorithms.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 25, 2019.
Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Vassilev Expires August 25, 2019 [Page 1]
Internet-Draft ACVP-IANA February 2019
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. IANA namespaces . . . . . . . . . . . . . . . . . . . . . . . 2
3. Algorithm registry . . . . . . . . . . . . . . . . . . . . . 3
4. Requirements Language . . . . . . . . . . . . . . . . . . . . 4
5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 4
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4
6.1. ACVP URN Sub-namespace . . . . . . . . . . . . . . . . . 5
6.2. ACVP URN Parameters . . . . . . . . . . . . . . . . . . . 5
7. Security Considerations . . . . . . . . . . . . . . . . . . . 5
8. Normative References . . . . . . . . . . . . . . . . . . . . 6
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6
1. Introduction
The Automated Cryptographic Validation Protocol (ACVP) [acvp] defines
a mechanism to automatically validate the cryptographic algorithm
implementations of software or hardware cryptographic modules. The
ACVP specification defines how a cryptographic module communicates
with a validation authority server, including cryptographic
capabilities negotiation, session management, authentication, test
vector processing and more. The ACVP specification does not define
algorithm-specific JSON constructs for performing the cryptographic
validation. A series of ACVP-related sub-specifications define the
constructs for testing individual cryptographic algorithms, see for
example [sub-symmetric]. Each such sub-specification addresses a
specific algorithm or a class of cryptographic algorithms. This
document defines the IANA registry for the supported algorithm test
specifications that work with ACVP. The registry defined here
provides the binding between the protocol and the supported algorithm
test extensions.
2. IANA namespaces
There are three namespaces envisioned for extensions to the ACVP:
o ACVP - the approved algorithms for testing with one or more
validation authorities
o EXPERIMENTAL - candidate algorithms for approval.
o LOCAL - locally supported algorithms, not guaranteed for
interoperability. Algorithms in this namespace cannot be
registered with IANA.
TBD
Vassilev Expires August 25, 2019 [Page 2]
Internet-Draft ACVP-IANA February 2019
3. Algorithm registry
Each entry in the algorithm registry must record the following
fields:
o Name: a URN segment that conforms to the pattern
{namespace}-{algorithm}. The keywords are defined as follows:
* {namespace}: one of the options from Section 2.
* {algorithm}: a required US-ASCII string that conforms to the
URN syntax requirements (see [RFC8141]). This string must be
unique within the corresponding namespace.
o Revision: the revision identifier for the test specification of a
particular algorithm. A required US-ASCII string that conforms to
the URN syntax requirements (see [RFC8141]).
o Reference: A static link to the specification and section where
the definition of the parameter can be found.
Vassilev Expires August 25, 2019 [Page 3]
Internet-Draft ACVP-IANA February 2019
+-------------------+----------+-----------------+
| Name | Revision | Reference |
+-------------------+----------+-----------------+
| "ACVP-AES-ECB" | "1.0" | [sub-symmetric] |
| "ACVP-AES-CBC" | "1.0" | [sub-symmetric] |
| "ACVP-AES-OFB" | "1.0" | [sub-symmetric] |
| "ACVP-AES-CFB1" | "1.0" | [sub-symmetric] |
| "ACVP-AES-CFB8" | "1.0" | [sub-symmetric] |
| "ACVP-AES-CFB128" | "1.0" | [sub-symmetric] |
| "ACVP-AES-CTR" | "1.0" | [sub-symmetric] |
| "ACVP-AES-GCM" | "1.0" | [sub-symmetric] |
| "ACVP-AES-CCM" | "1.0" | [sub-symmetric] |
| "ACVP-AES-XPN" | "1.0" | [sub-symmetric] |
| "ACVP-AES-CMAC" | "1.0" | [sub-symmetric] |
| "ACVP-AES-GMAC" | "1.0" | [sub-symmetric] |
| "ACVP-AES-KW" | "1.0" | [sub-symmetric] |
| "ACVP-AES-KWP" | "1.0" | [sub-symmetric] |
| "ACVP-AES-XTS" | "1.0" | [sub-symmetric] |
| "ACVP-TDES-ECB" | "1.0" | [sub-symmetric] |
| "ACVP-TDES-CBC" | "1.0" | [sub-symmetric] |
| "ACVP-TDES-OFB" | "1.0" | [sub-symmetric] |
| "ACVP-TDES-CFB1" | "1.0" | [sub-symmetric] |
| "ACVP-TDES-CFB8" | "1.0" | [sub-symmetric] |
| "ACVP-TDES-CFB64" | "1.0" | [sub-symmetric] |
| "ACVP-TDES-CTR" | "1.0" | [sub-symmetric] |
| "ACVP-TDES-KW" | "1.0" | [sub-symmetric] |
+-------------------+----------+-----------------+
Table 1: Algorithm registry
4. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted in RFC 2119 [RFC2119].
5. Acknowledgements
Many thanks to David Waltermire for his helpful comments to get us
started on the right path.
6. IANA Considerations
This memo includes several requests to IANA.
Vassilev Expires August 25, 2019 [Page 4]
Internet-Draft ACVP-IANA February 2019
6.1. ACVP URN Sub-namespace
IANA should add an entry to the "IETF URN Sub-namespace for
Registered Protocol Parameter Identifiers" registry located at
https://www.iana.org/assignments/params/ as per [RFC3553].
The entry should be as follows:
Registered Parameter Identifier: ACVP
Specification: this document
Repository: ACVP URN Parameters (see Section 6.2)
6.2. ACVP URN Parameters
A new top-level registry should be created, titled "Automated
Cryptographic Validation Protocol (ACVP) URN Parameters".
Registration in the "ACVP URN Parameters" registry is via the
Specification Required policy [RFC8126]. Registration requests must
be sent to both the ACVP Working Group mailing list (acvp@ietf.org)
and IANA. IANA will forward registration requests to the Designated
Expert.
Each entry in this subregistry must record the following fields:
Name: A required US-ASCII string that conforms to the URN syntax
requirements (see [RFC8141]). This string MUST be constructed
according to the specification in Section 3. Note: entries from
the namespace "LOCAL" SHALL be forbidden from this table.
Revision: A required US-ASCII string that conforms to the URN
syntax requirements (see [RFC8141]). The combination
{Name}-{Revision} for each entry MUST be unique for the entire
subregistry.
Reference: A static link to the specification and section where
the definition of the parameter can be found.
This repository SHALL have as initial values the entries in Table 1.
7. Security Considerations
Security considerations are addressed by the ACVP specification.
Vassilev Expires August 25, 2019 [Page 5]
Internet-Draft ACVP-IANA February 2019
8. Normative References
[acvp] Fussell, B., Vassilev, A., and H. Booth, "Automatic
Cryptographic Validation Protocol", 2018,
<https://github.com/usnistgov/ACVP/blob/master/artifacts/
draft-fussell-acvp-spec-00.txt>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC3553] Mealling, M., Masinter, L., Hardie, T., and G. Klyne, "An
IETF URN Sub-namespace for Registered Protocol
Parameters", BCP 73, RFC 3553, DOI 10.17487/RFC3553, June
2003, <https://www.rfc-editor.org/info/rfc3553>.
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for
Writing an IANA Considerations Section in RFCs", BCP 26,
RFC 8126, DOI 10.17487/RFC8126, June 2017,
<https://www.rfc-editor.org/info/rfc8126>.
[RFC8141] Saint-Andre, P. and J. Klensin, "Uniform Resource Names
(URNs)", RFC 8141, DOI 10.17487/RFC8141, April 2017,
<https://www.rfc-editor.org/info/rfc8141>.
[sub-symmetric]
Celi, C., "ACVP Symmetric Algorithm JSON Specification",
2018,
<https://github.com/usnistgov/ACVP/blob/master/artifacts/
draft-celi-block-ciph-00.txt>.
Author's Address
Apostol Vassilev (editor)
NIST
100 Bureau Dr.
Gaithersburg, MD 20899
USA
Email: apostol.vassilev@nist.gov
Vassilev Expires August 25, 2019 [Page 6]