| rfc8998xml2.original.xml | rfc8998.xml | |||
|---|---|---|---|---|
| <?xml version="1.0" encoding="us-ascii"?> | <?xml version="1.0" encoding="UTF-8"?> | |||
| <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?> | ||||
| <!-- generated by https://github.com/cabo/kramdown-rfc2629 version 1.2.13 --> | ||||
| <!DOCTYPE rfc SYSTEM "rfc2629.dtd" [ | ||||
| <!ENTITY RFC2119 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere | ||||
| nce.RFC.2119.xml"> | ||||
| <!ENTITY RFC8174 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere | ||||
| nce.RFC.8174.xml"> | ||||
| <!ENTITY RFC8446 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere | ||||
| nce.RFC.8446.xml"> | ||||
| <!ENTITY RFC5116 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere | ||||
| nce.RFC.5116.xml"> | ||||
| ]> | ||||
| <?rfc toc="yes"?> | <!DOCTYPE rfc SYSTEM "rfc2629-xhtml.ent"> | |||
| <?rfc sortrefs="yes"?> | ||||
| <?rfc symrefs="yes"?> | ||||
| <rfc ipr="trust200902" docName="draft-yang-tls-tls13-sm-suites-06" category="inf o"> | <rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft -yang-tls-tls13-sm-suites-06" number="8998" submissionType="independent" categor y="info" obsoletes="" updates="" xml:lang="en" tocInclude="true" sortRefs="true" symRefs="true" version="3"> | |||
| <front> | <front> | |||
| <title abbrev="TLSv1.3 SM Cipher Suites">ShangMi (SM) Cipher Suites for Tran sport Layer Security (TLS) Protocol Version 1.3</title> | <title abbrev="SM Cipher Suites for TLS 1.3">ShangMi (SM) Cipher Suites for TLS 1.3</title> | |||
| <seriesInfo name="RFC" value="8998"/> | ||||
| <author initials="P." surname="Yang" fullname="Paul Yang"> | <author initials="P." surname="Yang" fullname="Paul Yang"> | |||
| <organization>Ant Group</organization> | <organization>Ant Group</organization> | |||
| <address> | <address> | |||
| <postal> | <postal> | |||
| <street>No. 77 Xueyuan Road</street> | <street>No. 77 Xueyuan Road</street> | |||
| <city>Hangzhou</city> | <city>Hangzhou</city> | |||
| <code>310000</code> | <code>310000</code> | |||
| <country>China</country> | <country>China</country> | |||
| </postal> | </postal> | |||
| <phone>+86-571-2688-8888</phone> | <phone>+86-571-2688-8888</phone> | |||
| <facsimile>+86-571-8643-2811</facsimile> | ||||
| <email>kaishen.yy@antfin.com</email> | <email>kaishen.yy@antfin.com</email> | |||
| </address> | </address> | |||
| </author> | </author> | |||
| <date year="2021" month="March" /> | ||||
| <date year="2020" month="September" day="27"/> | ||||
| <area>Security</area> | <area>Security</area> | |||
| <workgroup>TLS</workgroup> | <workgroup>TLS</workgroup> | |||
| <keyword>Internet-Draft</keyword> | ||||
| <abstract> | <keyword>cryptography</keyword> | |||
| <keyword>encryption</keyword> | ||||
| <keyword>authentication</keyword> | ||||
| <keyword>network security</keyword> | ||||
| <t>This document specifies how to use the ShangMi (SM) cryptographic | <abstract> | |||
| <t>This document specifies how to use the ShangMi (SM) cryptographic | ||||
| algorithms with Transport Layer Security (TLS) protocol version 1.3.</t> | algorithms with Transport Layer Security (TLS) protocol version 1.3.</t> | |||
| <t>The use of these algorithms with TLS 1.3 is not endorsed by the | ||||
| <t>The use of these algorithms with TLSv1.3 is not endorsed by the | IETF. The SM algorithms are becoming mandatory in China, so | |||
| IETF. The SM algorithms are becoming mandatory in China, and so | ||||
| this document provides a description of how to use the SM algorithms | this document provides a description of how to use the SM algorithms | |||
| with TLSv1.3 and specifies a profile of TLSv1.3 so that | with TLS 1.3 and specifies a profile of TLS 1.3 so that | |||
| implementers can produce interworking | implementers can produce interworking | |||
| implementations.</t> | implementations.</t> | |||
| </abstract> | </abstract> | |||
| </front> | </front> | |||
| <middle> | <middle> | |||
| <section anchor="intro" numbered="true" toc="default"> | ||||
| <section anchor="intro" title="Introduction"> | <name>Introduction</name> | |||
| <t>This document describes two new cipher suites, a signature algorithm an | ||||
| <t>This document describes two new cipher suites, a signature algorithm, and a | d a | |||
| key-exchange mechanism for the Transport Layer | key exchange mechanism for the Transport Layer | |||
| Security (TLS) protocol version 1.3 (TLSv1.3, <xref target="RFC8446"></xref>). | Security (TLS) protocol version 1.3 (TLS 1.3) (<xref target="RFC8446" format="de | |||
| fault"/>). | ||||
| These all utilize several ShangMi (SM) cryptographic algorithms | These all utilize several ShangMi (SM) cryptographic algorithms | |||
| to fulfil the authentication and confidentiality requirements of TLS 1.3. | to fulfill the authentication and confidentiality requirements of TLS 1.3. | |||
| The new cipher suites are (see also <xref target="proposed"/>):</t> | The new cipher suites are as follows (see also <xref target="proposed" for | |||
| mat="default"/>):</t> | ||||
| <figure><artwork><![CDATA[ | <sourcecode name="" type=""><![CDATA[ | |||
| CipherSuite TLS_SM4_GCM_SM3 = { 0x00, 0xC6 }; | CipherSuite TLS_SM4_GCM_SM3 = { 0x00, 0xC6 }; | |||
| CipherSuite TLS_SM4_CCM_SM3 = { 0x00, 0xC7 }; | CipherSuite TLS_SM4_CCM_SM3 = { 0x00, 0xC7 }; | |||
| ]]></artwork></figure> | ]]></sourcecode> | |||
| <t>For a more detailed | ||||
| <t>For a more detailed | introduction to SM cryptographic algorithms, please see <xref target="sm-algos" | |||
| introduction to SM cryptographic algorithms, please read <xref target="sm-algos" | format="default"/>. | |||
| />. | These cipher suites follow the TLS 1.3 requirements. Specifically, | |||
| These cipher suites follow the TLSv1.3 requirements. Specifically, | all the cipher suites use SM4 in either Galois/Counter (GCM) mode | |||
| all the cipher suites use SM4 in either GCM (Galois/Counter Mode) mode | or Counter with CBC-MAC (CCM) mode to meet the needs of TLS 1.3 to have an encry | |||
| or CCM (Counter with CBC-MAC) mode to meet the needs of TLSv1.3 to have an AEAD | ption algorithm that is Authenticated Encryption with Associated Data (AEAD) cap | |||
| (Authenticated Encryption with Associated Data) capable encryption algorithm. | able. | |||
| The key exchange mechanism utilizes ECDHE (Elliptic Curve Diffie-Hellman | The key exchange mechanism utilizes Elliptic Curve Diffie-Hellman | |||
| Ephemeral) over the SM2 elliptic curve, and the signature algorithm combines | Ephemeral (ECDHE) over the SM2 elliptic curve, and the signature algorithm combi | |||
| nes | ||||
| the SM3 hash function and the SM2 elliptic curve signature scheme.</t> | the SM3 hash function and the SM2 elliptic curve signature scheme.</t> | |||
| <t>For details about how these mechanisms negotiate shared encryption | ||||
| <t>For the details about how these mechanisms negotiate shared encryption | keys, authenticate the peer(s), and protect the record structure, please see | |||
| keys, authenticate the peer(s), and protect the record structure, please read | <xref target="definitions" format="default"/>.</t> | |||
| <xref target="definitions"/>.</t> | <t>The cipher suites, signature algorithm, and key exchange mechanism | |||
| <t>The cipher suites, signature algorithm, and key exchange mechanism | ||||
| defined in this document are not recommended by the IETF. The SM | defined in this document are not recommended by the IETF. The SM | |||
| algorithms are becoming mandatory in China, and so this document | algorithms are becoming mandatory in China, so this document | |||
| provides a description of how to use them with TLSv1.3 and specifies | provides a description of how to use them with TLS 1.3 and specifies | |||
| a profile of TLS 1.3 so that implementers can produce interworking | a profile of TLS 1.3 so that implementers can produce interworking | |||
| implementations.</t> | implementations.</t> | |||
| <section anchor="sm-algos" numbered="true" toc="default"> | ||||
| <section anchor="sm-algos" title="The SM Algorithms"> | <name>The SM Algorithms</name> | |||
| <t>Several different SM | ||||
| <t>Several different SM | ||||
| cryptographic algorithms are used to integrate with TLS 1.3, | cryptographic algorithms are used to integrate with TLS 1.3, | |||
| including SM2 for authentication, SM4 for | including SM2 for authentication, SM4 for | |||
| encryption and SM3 as the hash function.</t> | encryption, and SM3 as the hash function.</t> | |||
| <t>SM2 is a set of cryptographic algorithms based on elliptic curve cryp | ||||
| tography, including a digital | ||||
| signature, public key encryption and key exchange scheme. | ||||
| <t>SM2 is a set of elliptic curve based cryptographic algorithms including digit | In this document, only | |||
| al | ||||
| signature, public key encryption and key exchange scheme. In this document, only | ||||
| the SM2 digital signature algorithm and basic key exchange scheme are involved, which have already been added | the SM2 digital signature algorithm and basic key exchange scheme are involved, which have already been added | |||
| to ISO/IEC 14888-3:2018 <xref target="ISO-SM2"/> (as well as in <xref target="GB | to ISO/IEC 14888-3:2018 <xref target="ISO-SM2" format="default"/> (as well as to | |||
| T.32918.2-2016"/>). | <xref target="GBT.32918.2-2016" format="default"/>). | |||
| SM4 is a block cipher defined in <xref target="GBT.32907-2016"/> and now is bein | SM4 is a block cipher defined in <xref target="GBT.32907-2016" format="default"/ | |||
| g standardized | > and now is being standardized | |||
| by ISO to ISO/IEC 18033-3:2010 <xref target="ISO-SM4"/>. SM3 is a hash function | by ISO to ISO/IEC 18033-3:2010 <xref target="ISO-SM4" format="default"/>. SM3 is | |||
| which produces | a hash function that produces an output of 256 bits. SM3 has already been accep | |||
| an output of 256 bits. SM3 has already been accepted by ISO in | ted by ISO in | |||
| ISO/IEC 10118-3:2018 <xref target="ISO-SM3"/>, and also been described by <xref | ISO/IEC 10118-3:2018 <xref target="ISO-SM3" format="default"/> and has also been | |||
| target="GBT.32905-2016"/>.</t> | described by <xref target="GBT.32905-2016" format="default"/>.</t> | |||
| </section> | ||||
| </section> | <section anchor="term" numbered="true" toc="default"> | |||
| <section anchor="term" title="Terminology"> | <name>Terminology</name> | |||
| <t> | ||||
| <t>Although this document is not an IETF Standards Track publication it | The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQU | |||
| IRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL | ||||
| NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14> | ||||
| RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", | ||||
| "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to | ||||
| be interpreted as | ||||
| described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> | ||||
| when, and only when, they appear in all capitals, as shown here. | ||||
| </t> | ||||
| <t>Although this document is not an IETF Standards Track publication, it | ||||
| adopts the conventions for normative language to provide clarity of | adopts the conventions for normative language to provide clarity of | |||
| instructions to the implementer, and to indicate requirement levels | instruction to the implementer and to indicate requirement levels | |||
| for compliant TLSv1.3 implementations.</t> | for compliant TLS 1.3 implementations.</t> | |||
| </section> | ||||
| <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | </section> | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | <section anchor="proposed" numbered="true" toc="default"> | |||
| document are to be interpreted as described in BCP 14 <xref target="RFC2119"/> | <name>Algorithm Identifiers</name> | |||
| <xref target="RFC8174"/> when, and only when, they appear in all capitals, as sh | <t>The cipher suites defined here have the following identifiers:</t> | |||
| own | <sourcecode name="" type=""><![CDATA[ | |||
| here.</t> | ||||
| </section> | ||||
| </section> | ||||
| <section anchor="proposed" title="Algorithm Identifiers"> | ||||
| <t>The cipher suites defined here have the following identifiers:</t> | ||||
| <figure><artwork><![CDATA[ | ||||
| CipherSuite TLS_SM4_GCM_SM3 = { 0x00, 0xC6 }; | CipherSuite TLS_SM4_GCM_SM3 = { 0x00, 0xC6 }; | |||
| CipherSuite TLS_SM4_CCM_SM3 = { 0x00, 0xC7 }; | CipherSuite TLS_SM4_CCM_SM3 = { 0x00, 0xC7 }; | |||
| ]]></artwork></figure> | ]]></sourcecode> | |||
| <t>To accomplish a TLS 1.3 handshake, additional objects have been introdu | ||||
| <t>To accomplish a TLSv1.3 handshake, additional objects have been introduced al | ced along with | |||
| ong with | ||||
| the cipher suites as follows:</t> | the cipher suites as follows:</t> | |||
| <ul spacing="normal"> | ||||
| <t><list style="symbols"> | <li>The combination of the SM2 signature algorithm and SM3 hash function | |||
| <t>The combination of SM2 signature algorithm and SM3 hash function used in th | used in the Signature Algorithm | |||
| e Signature Algorithm | extension is defined in <xref target="RFC8446" sectionFormat="of" section="B.3.1 | |||
| extension defined in appendix-B.3.1.3 of <xref target="RFC8446"/>:</t> | .3"/>:</li> | |||
| </list></t> | </ul> | |||
| <sourcecode name="" type=""><![CDATA[ | ||||
| <figure><artwork><![CDATA[ | ||||
| SignatureScheme sm2sig_sm3 = { 0x0708 }; | SignatureScheme sm2sig_sm3 = { 0x0708 }; | |||
| ]]></artwork></figure> | ]]></sourcecode> | |||
| <ul spacing="normal"> | ||||
| <t><list style="symbols"> | <li>The SM2 elliptic curve ID used in the Supported Groups extension is | |||
| <t>The SM2 elliptic curve ID used in the Supported Groups extension defined in | defined in <xref target="RFC8446" sectionFormat="of" section="B.3.1.4"/>:</li> | |||
| appendix-B.3.1.4 of <xref target="RFC8446"/>:</t> | </ul> | |||
| </list></t> | <sourcecode name="" type=""><![CDATA[ | |||
| <figure><artwork><![CDATA[ | ||||
| NamedGroup curveSM2 = { 41 }; | NamedGroup curveSM2 = { 41 }; | |||
| ]]></artwork></figure> | ]]></sourcecode> | |||
| </section> | ||||
| </section> | <section anchor="definitions" numbered="true" toc="default"> | |||
| <section anchor="definitions" title="Algorithm Definitions"> | <name>Algorithm Definitions</name> | |||
| <section anchor="tls-versions" numbered="true" toc="default"> | ||||
| <section anchor="tls-versions" title="TLS Versions"> | <name>TLS Versions</name> | |||
| <t>The new cipher suites defined in this document are only applicable to | ||||
| <t>The new cipher suites defined in this document are only applicable to TLSv1.3 | TLS 1.3. | |||
| . | Implementations of this document <bcp14>MUST NOT</bcp14> apply these cipher suit | |||
| Implementations of this document MUST NOT apply these cipher suites to any older | es to any older | |||
| versions of TLS.</t> | versions of TLS.</t> | |||
| </section> | ||||
| </section> | <section anchor="authentication" numbered="true" toc="default"> | |||
| <section anchor="authentication" title="Authentication"> | <name>Authentication</name> | |||
| <section anchor="sm2-signature-scheme" numbered="true" toc="default"> | ||||
| <section anchor="sm2-signature-scheme" title="SM2 Signature Scheme"> | <name>SM2 Signature Scheme</name> | |||
| <t>The Chinese government requires the use of the SM2 signature algori | ||||
| <t>The Chinese government requires the use of the SM2 signature algorithm. | thm. | |||
| This section specifies the use of the SM2 signature algorithm | This section specifies the use of the SM2 signature algorithm | |||
| as the authentication method for a TLSv1.3 handshake.</t> | as the authentication method for a TLS 1.3 handshake.</t> | |||
| <t>The SM2 signature algorithm is defined in <xref target="ISO-SM2" fo | ||||
| <t>The SM2 signature is defined in <xref target="ISO-SM2"/>. The SM2 signature a | rmat="default"/>. The SM2 signature algorithm is | |||
| lgorithm is | ||||
| based on elliptic curves. The SM2 signature algorithm uses a fixed elliptic curv e | based on elliptic curves. The SM2 signature algorithm uses a fixed elliptic curv e | |||
| parameter set defined in <xref target="GBT.32918.5-2016"/>. This curve has the n | parameter set defined in <xref target="GBT.32918.5-2017" format="default"/>. Thi | |||
| ame curveSM2 | s curve is named "curveSM2" and has been assigned the value 41, as shown in <xre | |||
| and has been assigned the value 41 as shown in <xref target="proposed"/>. Unlike | f target="proposed" format="default"/>. Unlike other public key algorithms based | |||
| other elliptic curve | on elliptic curve cryptography like the Elliptic Curve Digital Signature Algori | |||
| based public key algorithms like ECDSA, SM2 MUST NOT select other elliptic curve | thm (ECDSA), SM2 <bcp14>MUST NOT</bcp14> select other elliptic curves. | |||
| s. | ||||
| But it is acceptable to write test cases that use other elliptic curve parameter | But it is acceptable to write test cases that use other elliptic curve parameter | |||
| sets for SM2, take Annex F.14 of <xref target="ISO-SM2"/> as a reference.</t> | sets for SM2; see Annex F.14 of <xref target="ISO-SM2" format="default"/> as a r | |||
| eference.</t> | ||||
| <t>Implementations of the signature scheme and key exchange mechanism defined in | <t>Implementations of the signature scheme and key exchange mechanism | |||
| this document MUST conform to | defined in this document <bcp14>MUST</bcp14> conform to | |||
| what <xref target="GBT.32918.5-2016"/> requires, that is to say, the only valid | what <xref target="GBT.32918.5-2017" format="default"/> requires; that is to say | |||
| elliptic curve | , the only valid elliptic curve | |||
| parameter set for SM2 signature algorithm (a.k.a curveSM2) is defined as follows | parameter set for the SM2 signature algorithm (a.k.a. curveSM2) is defined as fo | |||
| :</t> | llows:</t> | |||
| <dl><dt>curveSM2:</dt><dd>A prime field of 256 bits.</dd></dl> | ||||
| <figure><artwork><![CDATA[ | <t>y<sup>2</sup> = x<sup>3</sup> + ax + b</t> | |||
| curveSM2: a prime field of 256 bits | <sourcecode name="" type=""><![CDATA[ | |||
| y^2 = x^3 + ax + b | ||||
| p = FFFFFFFE FFFFFFFF FFFFFFFF FFFFFFFF | p = FFFFFFFE FFFFFFFF FFFFFFFF FFFFFFFF | |||
| FFFFFFFF 00000000 FFFFFFFF FFFFFFFF | FFFFFFFF 00000000 FFFFFFFF FFFFFFFF | |||
| a = FFFFFFFE FFFFFFFF FFFFFFFF FFFFFFFF | a = FFFFFFFE FFFFFFFF FFFFFFFF FFFFFFFF | |||
| FFFFFFFF 00000000 FFFFFFFF FFFFFFFC | FFFFFFFF 00000000 FFFFFFFF FFFFFFFC | |||
| b = 28E9FA9E 9D9F5E34 4D5A9E4B CF6509A7 | b = 28E9FA9E 9D9F5E34 4D5A9E4B CF6509A7 | |||
| F39789F5 15AB8F92 DDBCBD41 4D940E93 | F39789F5 15AB8F92 DDBCBD41 4D940E93 | |||
| n = FFFFFFFE FFFFFFFF FFFFFFFF FFFFFFFF | n = FFFFFFFE FFFFFFFF FFFFFFFF FFFFFFFF | |||
| 7203DF6B 21C6052B 53BBF409 39D54123 | 7203DF6B 21C6052B 53BBF409 39D54123 | |||
| Gx = 32C4AE2C 1F198119 5F990446 6A39C994 | Gx = 32C4AE2C 1F198119 5F990446 6A39C994 | |||
| 8FE30BBF F2660BE1 715A4589 334C74C7 | 8FE30BBF F2660BE1 715A4589 334C74C7 | |||
| Gy = BC3736A2 F4F6779C 59BDCEE3 6B692153 | Gy = BC3736A2 F4F6779C 59BDCEE3 6B692153 | |||
| D0A9877C C62A4740 02DF32E5 2139F0A0 | D0A9877C C62A4740 02DF32E5 2139F0A0 | |||
| ]]></artwork></figure> | ]]></sourcecode> | |||
| <t>The SM2 signature algorithm requests an identifier value when gener | ||||
| <t>The SM2 signature algorithm requests an identifier value when generating or v | ating or verifying | |||
| erifying | a signature. In all uses except when a client of a server needs to verify a peer | |||
| a signature. In all uses except when a client of server needs to verify a peer's | 's | |||
| SM2 certificate in the Certificate message, an implementation of this document | SM2 certificate in the Certificate message, an implementation of this document | |||
| MUST use the following ASCII string value as the SM2 identifier when doing a | <bcp14>MUST</bcp14> use the following ASCII string value as the SM2 identifier w | |||
| TLSv1.3 key exchange:</t> | hen doing a | |||
| TLS 1.3 key exchange:</t> | ||||
| <figure><artwork><![CDATA[ | <sourcecode name="" type=""><![CDATA[ | |||
| TLSv1.3+GM+Cipher+Suite | TLSv1.3+GM+Cipher+Suite | |||
| ]]></artwork></figure> | ]]></sourcecode> | |||
| <t>If either a client or a server needs to verify the peer's SM2 certi | ||||
| <t>If either a client or a server needs to verify the peer's SM2 certificate | ficate | |||
| contained in the Certificate message, then the following ASCII string value MUST | contained in the Certificate message, then the following ASCII string value <bcp | |||
| be | 14>MUST</bcp14> be | |||
| used as the SM2 identifier according to <xref target="GMT.0009-2012"/>:</t> | used as the SM2 identifier according to <xref target="GMT.0009-2012" format="def | |||
| ault"/>:</t> | ||||
| <figure><artwork><![CDATA[ | <sourcecode name="" type=""><![CDATA[ | |||
| 1234567812345678 | 1234567812345678 | |||
| ]]></artwork></figure> | ]]></sourcecode> | |||
| <t>Expressed as octets, this is:</t> | ||||
| <t>Expressed as octets, this is:</t> | <sourcecode name="" type=""><![CDATA[ | |||
| <figure><artwork><![CDATA[ | ||||
| 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, | 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, | |||
| 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38 | 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38 | |||
| ]]></artwork></figure> | ]]></sourcecode> | |||
| <t>In practice, the SM2 identifier used in a certificate signature dep | ||||
| <t>In practice, the SM2 identifier used in a certificate signature depends on th | ends on the | |||
| e | certificate authority (CA) who signs that certificate. CAs may choose values oth | |||
| CA who signs that certificate. CAs may choose values other than the ones mention | er than the ones mentioned | |||
| ed | above. Implementations of this document <bcp14>SHOULD</bcp14> confirm this infor | |||
| above. Implementations of this document SHOULD confirm this information by thems | mation by themselves.</t> | |||
| elves.</t> | </section> | |||
| </section> | ||||
| </section> | <section anchor="kx" numbered="true" toc="default"> | |||
| </section> | <name>Key Exchange</name> | |||
| <section anchor="kx" title="Key Exchange"> | <section anchor="hello-messages" numbered="true" toc="default"> | |||
| <name>Hello Messages</name> | ||||
| <section anchor="hello-messages" title="Hello Messages"> | <t>The use of the algorithms defined by this document is negotiated du | |||
| ring | ||||
| <t>The use of the algorithms defined by this document is negotiated during | ||||
| the TLS handshake with information exchanged in the Hello messages.</t> | the TLS handshake with information exchanged in the Hello messages.</t> | |||
| <section anchor="clienthello" numbered="true" toc="default"> | ||||
| <section anchor="clienthello" title="ClientHello"> | <name>ClientHello</name> | |||
| <t>To use the cipher suites defined by this document, a TLS 1.3 clie | ||||
| <t>To use the cipher suites defined by this document, a TLSv1.3 client includes | nt includes | |||
| the new cipher suites in the 'cipher_suites' | the new cipher suites in the "cipher_suites" | |||
| array of the ClientHello structure defined in Section 4.1.2 of <xref target="RFC | array of the ClientHello structure defined in <xref target="RFC8446" sectionForm | |||
| 8446"/>.</t> | at="of" section="4.1.2"/>.</t> | |||
| <t>Other requirements of this TLS 1.3 profile on the extensions of | ||||
| <t>Other requirements of this TLSv1.3 profile on the extensions of | ClientHello message are as follows:</t> | |||
| ClientHello message are:</t> | <ul spacing="normal"> | |||
| <li>For the supported_groups extension, "curveSM2" <bcp14>MUST</bc | ||||
| <t><list style="symbols"> | p14> be included.</li> | |||
| <t>For the supported_groups extension, 'curveSM2' MUST be included;</t> | <li>For the signature_algorithms extension, "sm2sig_sm3" <bcp14>MU | |||
| <t>For the signature_algorithms extension, 'sm2sig_sm3' MUST be included;</t> | ST</bcp14> be included.</li> | |||
| <t>For the signature_algorithms_cert extension (if present), 'sm2sig_sm3' MUST | <li>For the signature_algorithms_cert extension (if present), "sm2 | |||
| be included;</t> | sig_sm3" <bcp14>MUST</bcp14> be included.</li> | |||
| <t>For the key_share extension, a KeyShareEntry for the 'curveSM2' group MUST | <li>For the key_share extension, a KeyShareEntry for the "curveSM2 | |||
| be included</t> | " group <bcp14>MUST</bcp14> be included.</li> | |||
| </list></t> | </ul> | |||
| </section> | ||||
| </section> | <section anchor="serverhello" numbered="true" toc="default"> | |||
| <section anchor="serverhello" title="ServerHello"> | <name>ServerHello</name> | |||
| <t>If a TLS 1.3 server receives a ClientHello message containing the | ||||
| <t>If a TLSv1.3 server receives a ClientHello message containing the algorithms | algorithms | |||
| defined in this document, it MAY choose to use them. If | defined in this document, it <bcp14>MAY</bcp14> choose to use them. If | |||
| so, then the server MUST put one of the new cipher suites defined in this | so, then the server <bcp14>MUST</bcp14> put one of the new cipher suites defined | |||
| document into its ServerHello's 'cipher_suites' array and eventually send it | in this | |||
| document into its ServerHello's "cipher_suites" array and eventually send it | ||||
| to the client side.</t> | to the client side.</t> | |||
| <t>A TLS 1.3 server's choice of what cipher suite to use depends on | ||||
| <t>A TLSv1.3 server's choice of what cipher suite to use depends on the configur | the configuration | |||
| ation | of the server. For instance, a TLS 1.3 server may or not be configured to includ | |||
| of the server. For instance, a TLSv1.3 server may be configured to include the | e the | |||
| new cipher suites defined in this document, or it may not be. Typical TLSv1.3 | new cipher suites defined in this document. Typical TLS 1.3 | |||
| server applications also provide a mechanism that configures the cipher suite | server applications also provide a mechanism that configures the cipher suite | |||
| preference at server side. If a server is not configured to use the cipher suite | preference on the server side. If a server is not configured to use the cipher s | |||
| s | uites | |||
| defined in this document, it SHOULD choose another cipher suite in the list that | defined in this document, it <bcp14>SHOULD</bcp14> choose another cipher suite i | |||
| the TLSv1.3 client provides; otherwise the server MUST abort the handshake with | n the list that | |||
| the TLS 1.3 client provides; otherwise, the server <bcp14>MUST</bcp14> abort the | ||||
| handshake with | ||||
| an "illegal_parameter" alert.</t> | an "illegal_parameter" alert.</t> | |||
| <t>The following extension <bcp14>MUST</bcp14> conform to the new re | ||||
| <t>The following extensions MUST conform to the new requirements:</t> | quirements:</t> | |||
| <ul spacing="normal"> | ||||
| <t><list style="symbols"> | <li>For the key_share extension, a KeyShareEntry with SM2-related | |||
| <t>For the key_share extension, a KeyShareEntry with SM2 related values MUST b | values <bcp14>MUST</bcp14> be added | |||
| e added | if the server wants to conform to this profile.</li> | |||
| if the server wants to conform to this profile.</t> | </ul> | |||
| </list></t> | </section> | |||
| </section> | ||||
| </section> | <section anchor="certificaterequest" numbered="true" toc="default"> | |||
| </section> | <name>CertificateRequest</name> | |||
| <section anchor="certificaterequest" title="CertificateRequest"> | <t>If a CertificateRequest message is sent by the server to require th | |||
| e client | ||||
| <t>If a CertificateRequest message is sent by the server to require the client | ||||
| to send its certificate for authentication purposes, for conformance to this | to send its certificate for authentication purposes, for conformance to this | |||
| profile, it is REQUIRED that:</t> | profile, the following is <bcp14>REQUIRED</bcp14>:</t> | |||
| <ul spacing="normal"> | ||||
| <t><list style="symbols"> | <li>The only valid signature algorithm present in "signature_algorit | |||
| <t>The only valid signature algorithm present in 'signature_algorithms' extens | hms" extension | |||
| ion | <bcp14>MUST</bcp14> be "sm2sig_sm3". That is to say, if the server chooses to co | |||
| MUST be 'sm2sig_sm3'. That is to say, if the server chooses to conform to this p | nform to this profile, | |||
| rofile, | the signature algorithm for the client's certificate <bcp14>MUST</bcp14> use the | |||
| the signature algorithm for client's certificate MUST use the SM2/SM3 procedure | SM2/SM3 procedure specified by this document.</li> | |||
| specified by this document.</t> | </ul> | |||
| </list></t> | </section> | |||
| <section anchor="certificate" numbered="true" toc="default"> | ||||
| </section> | <name>Certificate</name> | |||
| <section anchor="certificate" title="Certificate"> | <t>When a server sends the Certificate message containing the server c | |||
| ertificate | ||||
| <t>When a server sends the Certificate message containing the server certificate | ||||
| to the client side, several new rules are added that will affect the certificate | to the client side, several new rules are added that will affect the certificate | |||
| selection:</t> | selection:</t> | |||
| <ul spacing="normal"> | ||||
| <t><list style="symbols"> | <li>The public key in the certificate <bcp14>MUST</bcp14> be a valid | |||
| <t>The public key in the certificate MUST be a valid SM2 public key.</t> | SM2 public key.</li> | |||
| <t>The signature algorithm used by the CA to sign current certificate MUST be | <li>The signature algorithm used by the CA to sign the current certi | |||
| 'sm2sig_sm3'.</t> | ficate <bcp14>MUST</bcp14> be | |||
| <t>The certificate MUST be capable of signing, e.g., the digitalSignature bit | "sm2sig_sm3".</li> | |||
| of X.509's Key Usage extension is set.</t> | <li>The certificate <bcp14>MUST</bcp14> be capable of signing; e.g., | |||
| </list></t> | the digitalSignature bit | |||
| of X.509's Key Usage extension is set.</li> | ||||
| </section> | </ul> | |||
| <section anchor="certificateverify" title="CertificateVerify"> | </section> | |||
| <section anchor="certificateverify" numbered="true" toc="default"> | ||||
| <t>In the CertificateVerify message, the signature algorithm MUST be 'sm2sig_sm3 | <name>CertificateVerify</name> | |||
| ', | <t>In the CertificateVerify message, the signature algorithm <bcp14>MU | |||
| indicating that the hash function MUST be SM3 and the signature algorithm MUST b | ST</bcp14> be "sm2sig_sm3", | |||
| e | indicating that the hash function <bcp14>MUST</bcp14> be SM3 and the signature a | |||
| lgorithm <bcp14>MUST</bcp14> be | ||||
| SM2.</t> | SM2.</t> | |||
| </section> | ||||
| </section> | </section> | |||
| </section> | <section anchor="key-scheduling" numbered="true" toc="default"> | |||
| <section anchor="key-scheduling" title="Key Scheduling"> | <name>Key Scheduling</name> | |||
| <t>As described in <xref target="sm-algos" format="default"/>, SM2 is ac | ||||
| <t>As described in <xref target="sm-algos"/>, SM2 is actually a set of cryptogra | tually a set of cryptographic | |||
| phic | algorithms, including one key exchange protocol that defines methods such as | |||
| algorithms including one key exchange protocol which defines methods such as | ||||
| key derivation function, etc. This document does not define an SM2 key exchange | key derivation function, etc. This document does not define an SM2 key exchange | |||
| protocol, and an SM2 key exchange protocol SHALL NOT be used in the key exchange | protocol, and an SM2 key exchange protocol <bcp14>SHALL NOT</bcp14> be used in t | |||
| steps defined in <xref target="kx"/>. Implementations of this document MUST alwa | he key exchange | |||
| ys conform to | steps defined in <xref target="kx" format="default"/>. Implementations of this d | |||
| what TLSv1.3 <xref target="RFC8446"/> and its successors require about the key d | ocument <bcp14>MUST</bcp14> always conform to | |||
| erivation and | what TLS 1.3 <xref target="RFC8446" format="default"/> and its successors requir | |||
| e regarding the key derivation and | ||||
| related methods.</t> | related methods.</t> | |||
| </section> | ||||
| </section> | <section anchor="cipher" numbered="true" toc="default"> | |||
| <section anchor="cipher" title="Cipher"> | <name>Cipher</name> | |||
| <t>The new cipher suites introduced in this document add two new AEAD en | ||||
| <t>The new cipher suites introduced in this document add two new AEAD encryption | cryption | |||
| algorithms, AEAD_SM4_GCM and AEAD_SM4_CCM, which stand for SM4 cipher in Galois/ Counter | algorithms, AEAD_SM4_GCM and AEAD_SM4_CCM, which stand for SM4 cipher in Galois/ Counter | |||
| mode and SM4 cipher <xref target="GBT.32907-2016"></xref> in Counter with CBC-MA | mode and SM4 cipher <xref target="GBT.32907-2016" format="default"/> in Counter | |||
| C mode, respectively. | with CBC-MAC mode, respectively. | |||
| The Hash function for both cipher suites is SM3 (<xref target="ISO-SM3"/>).</t> | The hash function for both cipher suites is SM3 (<xref target="ISO-SM3" format=" | |||
| default"/>).</t> | ||||
| <t>This section defines the AEAD_SM4_GCM and AEAD_SM4_CCM AEAD algorithms in a | <t>This section defines the AEAD_SM4_GCM and AEAD_SM4_CCM AEAD algorithm | |||
| style similar to what <xref target="RFC5116"/> used to define AEAD ciphers based | s in a | |||
| on AES cipher.</t> | style similar to what <xref target="RFC5116" format="default"/> used to define A | |||
| EAD ciphers based on the AES cipher.</t> | ||||
| <section anchor="aeadsm4gcm" title="AEAD_SM4_GCM"> | <section anchor="aeadsm4gcm" numbered="true" toc="default"> | |||
| <name>AEAD_SM4_GCM</name> | ||||
| <t>The AEAD_SM4_GCM authenticated encryption algorithm works as specified in <xr | <t>The AEAD_SM4_GCM authenticated encryption algorithm works as specif | |||
| ef target="GCM"></xref>, | ied in <xref target="GCM" format="default"/>, | |||
| using SM4 as the block cipher, by providing the key, nonce, plaintext, and | using SM4 as the block cipher, by providing the key, nonce, plaintext, and | |||
| associated data to that mode of operation. An authentication tag conforming to | associated data to that mode of operation. An authentication tag conforming to | |||
| the requirements of Section 5.2 of TLSv1.3 <xref target="RFC8446"/> MUST be cons tructed using | the requirements of TLS 1.3 as specified in <xref target="RFC8446" sectionFormat ="of" section="5.2"/> <bcp14>MUST</bcp14> be constructed using | |||
| the details in the TLS record header. The additional data input that forms the | the details in the TLS record header. The additional data input that forms the | |||
| authentication tag MUST be the TLS record header. The AEAD_SM4_GCM ciphertext is formed by | authentication tag <bcp14>MUST</bcp14> be the TLS record header. The AEAD_SM4_GC M ciphertext is formed by | |||
| appending the authentication tag provided as an output to the GCM encryption | appending the authentication tag provided as an output to the GCM encryption | |||
| operation to the ciphertext that is output by that operation. AEAD_SM4_GCM has | operation to the ciphertext that is output by that operation. AEAD_SM4_GCM has | |||
| four inputs: an SM4 key, an initialization vector (IV), a plaintext content, and optional | four inputs: an SM4 key, an initialization vector (IV), a plaintext content, and optional | |||
| additional authenticated data (AAD). AEAD_SM4_GCM generates two outputs: a ciphe rtext | additional authenticated data (AAD). AEAD_SM4_GCM generates two outputs: a ciphe rtext | |||
| and message authentication code (also called an authentication tag). To have a c ommon | and message authentication code (also called an authentication tag). To have a c ommon | |||
| set of terms for AEAD_SM4_GCM and AEAD_SM4_CCM, the AEAD_SM4_GCM IV is referred to as a | set of terms for AEAD_SM4_GCM and AEAD_SM4_CCM, the AEAD_SM4_GCM IV is referred to as a | |||
| nonce in the remainder of this document. A simple test vector of AEAD_SM4_GCM an d | nonce in the remainder of this document. A simple test vector of AEAD_SM4_GCM an d | |||
| AEAD_SM4_CCM is given in Appendix A of this document.</t> | AEAD_SM4_CCM is given in <xref target="test-vectors"/> of this document.</t> | |||
| <t>The nonce is generated by the party performing the authenticated en | ||||
| <t>The nonce is generated by the party performing the authenticated encryption o | cryption operation. | |||
| peration. | Within the scope of any authenticated encryption key, the nonce value <bcp14>MUS | |||
| Within the scope of any authenticated-encryption key, the nonce value MUST be un | T</bcp14> be unique. | |||
| ique. | That is, the set of nonce values used with any given key <bcp14>MUST NOT</bcp14> | |||
| That is, the set of nonce values used with any given key MUST NOT contain any du | contain any duplicates. | |||
| plicates. | ||||
| Using the same nonce for two different messages encrypted with the same key | Using the same nonce for two different messages encrypted with the same key | |||
| destroys the security properties of GCM mode. To generate the nonce, implementat ions of this document | destroys the security properties of GCM mode. To generate the nonce, implementat ions of this document | |||
| MUST conform to TLSv1.3 (see <xref target="RFC8446"/>, Section 5.3).</t> | <bcp14>MUST</bcp14> conform to TLS 1.3 (see <xref target="RFC8446" sectionFormat | |||
| ="comma" section="5.3"/>).</t> | ||||
| <t>The input and output lengths are as follows:</t> | <t>The input and output lengths are as follows:</t> | |||
| <ul empty="true"> | ||||
| <figure><artwork><![CDATA[ | <li>The SM4 key length is 16 octets.</li> | |||
| the SM4 key length is 16 octets, | <li>The max plaintext length is 2<sup>36</sup> - 31 octets.</li> | |||
| <li>The max AAD length is 2<sup>61</sup> - 1 octets.</li> | ||||
| the max plaintext length is 2^36 - 31 octets, | <li>The nonce length is 12 octets.</li> | |||
| <li>The authentication tag length is 16 octets.</li> | ||||
| the max AAD length is 2^61 - 1 octets, | <li>The max ciphertext length is 2<sup>36</sup> - 15 octets.</li> | |||
| </ul> | ||||
| the nonce length is 12 octets, | <t>A security analysis of GCM is available in <xref target="MV04" form | |||
| at="default"/>.</t> | ||||
| the authentication tag length is 16 octets, and | </section> | |||
| <section anchor="aeadsm4ccm" numbered="true" toc="default"> | ||||
| the max ciphertext length is 2^36 - 15 octets. | <name>AEAD_SM4_CCM</name> | |||
| ]]></artwork></figure> | <t>The AEAD_SM4_CCM authenticated encryption algorithm works as specif | |||
| ied in <xref target="CCM" format="default"/> | ||||
| <t>A security analysis of GCM is available in <xref target="MV04"></xref>.</t> | ||||
| </section> | ||||
| <section anchor="aeadsm4ccm" title="AEAD_SM4_CCM"> | ||||
| <t>The AEAD_SM4_CCM authenticated encryption algorithm works as specified in <xr | ||||
| ef target="CCM"></xref>, | ||||
| using SM4 as the block cipher. AEAD_SM4_CCM has four inputs: an SM4 key, a nonce , | using SM4 as the block cipher. AEAD_SM4_CCM has four inputs: an SM4 key, a nonce , | |||
| a plaintext, and optional additional authenticated data (AAD). AEAD_SM4_CCM | a plaintext, and optional additional authenticated data (AAD). AEAD_SM4_CCM | |||
| generates two outputs: a ciphertext and a message authentication code (also call ed | generates two outputs: a ciphertext and a message authentication code (also call ed | |||
| an authentication tag). The formatting and counter generation functions are as | an authentication tag). The formatting and counter generation functions are as | |||
| specified in Appendix A of <xref target="CCM"></xref>, and the values of the par ameters | specified in Appendix A of <xref target="CCM" format="default"/>, and the values of the parameters | |||
| identified in that appendix are as follows:</t> | identified in that appendix are as follows:</t> | |||
| <ul empty="true"> | ||||
| <figure><artwork><![CDATA[ | <li>The nonce length n is 12.</li> | |||
| the nonce length n is 12, | <li>The tag length t is 16.</li> | |||
| <li>The value of q is 3.</li> | ||||
| the tag length t is 16, and | </ul> | |||
| <t>An authentication tag is also used in AEAD_SM4_CCM. The generation | ||||
| the value of q is 3. | of the authentication | |||
| ]]></artwork></figure> | tag <bcp14>MUST</bcp14> conform to TLS 1.3 (See <xref target="RFC8446" sectionFo | |||
| rmat="comma" section="5.2"/>). | ||||
| <t>An authentication tag is also used in AEAD_SM4_CCM. The generation of the aut | ||||
| hentication | ||||
| tag MUST conform to TLSv1.3 (See <xref target="RFC8446"/>, Section 5.2). | ||||
| The AEAD_SM4_CCM ciphertext is formed by appending the authentication tag provid ed | The AEAD_SM4_CCM ciphertext is formed by appending the authentication tag provid ed | |||
| as an output to the CCM encryption operation to the ciphertext that is output | as an output to the CCM encryption operation to the ciphertext that is output | |||
| by that operation. The input and output lengths are as follows:</t> | by that operation. The input and output lengths are as follows:</t> | |||
| <ul empty="true"> | ||||
| <figure><artwork><![CDATA[ | <li> The SM4 key length is 16 octets.</li> | |||
| the SM4 key length is 16 octets, | <li> The max plaintext length is 2<sup>24</sup> - 1 octets.</li> | |||
| <li> The max AAD length is 2<sup>64</sup> - 1 octets.</li> | ||||
| the max plaintext length is 2^24 - 1 octets, | <li> The max ciphertext length is 2<sup>24</sup> + 15 octets.</li> | |||
| </ul> | ||||
| the max AAD length is 2^64 - 1 octets, and | <t>To generate the nonce, implementations of this document <bcp14>MUST | |||
| </bcp14> conform to | ||||
| the max ciphertext length is 2^24 + 15 octets. | TLS 1.3 (see <xref target="RFC8446" sectionFormat="comma" section="5.3"/>).</t> | |||
| ]]></artwork></figure> | <t>A security analysis of CCM is available in <xref target="J02" forma | |||
| t="default"/>.</t> | ||||
| <t>To generate the nonce, implementations of this document MUST conform to | </section> | |||
| TLSv1.3 (see <xref target="RFC8446"/>, Section 5.3).</t> | </section> | |||
| </section> | ||||
| <t>A security analysis of CCM is available in <xref target="J02"></xref>.</t> | <section anchor="iana-considerations" numbered="true" toc="default"> | |||
| <name>IANA Considerations</name> | ||||
| </section> | <t>IANA has assigned the values {0x00,0xC6} and {0x00,0xC7} with the names | |||
| </section> | "TLS_SM4_GCM_SM3" and "TLS_SM4_CCM_SM3" | |||
| </section> | to the "TLS Cipher Suites" registry with this document as reference:</t> | |||
| <section anchor="iana-considerations" title="IANA Considerations"> | <table align="center"> | |||
| <thead> | ||||
| <t>IANA has assigned the values {0x00, 0xC6} and {0x00, 0xC7} with the names | <tr> | |||
| TLS_SM4_GCM_SM3, TLS_SM4_CCM_SM3, | <th align="left">Value</th> | |||
| to the "TLS Cipher Suite" registry with this document as reference:</t> | <th align="left">Description</th> | |||
| <th align="left">DTLS-OK</th> | ||||
| <texttable> | <th align="left">Recommended</th> | |||
| <ttcol align='right'>Value</ttcol> | <th align="left">Reference</th> | |||
| <ttcol align='left'>Description</ttcol> | </tr> | |||
| <ttcol align='left'>DTLS-OK</ttcol> | </thead> | |||
| <ttcol align='left'>Recommended</ttcol> | <tbody> | |||
| <ttcol align='left'>Reference</ttcol> | <tr> | |||
| <c>0x00,0xC6</c> | <td align="right">0x00,0xC6</td> | |||
| <c>TLS_SM4_GCM_SM3</c> | <td align="left">TLS_SM4_GCM_SM3</td> | |||
| <c>No</c> | <td align="left">No</td> | |||
| <c>No</c> | <td align="left">No</td> | |||
| <c>this RFC</c> | <td align="left">RFC 8998</td> | |||
| <c>0x00,0xC7</c> | </tr> | |||
| <c>TLS_SM4_CCM_SM3</c> | <tr> | |||
| <c>No</c> | <td align="right">0x00,0xC7</td> | |||
| <c>No</c> | <td align="left">TLS_SM4_CCM_SM3</td> | |||
| <c>this RFC</c> | <td align="left">No</td> | |||
| </texttable> | <td align="left">No</td> | |||
| <td align="left">RFC 8998</td> | ||||
| <t>IANA has assigned the value 0x0708 with the name 'sm2sig_sm3', to the | </tr> | |||
| </tbody> | ||||
| </table> | ||||
| <t>IANA has assigned the value 0x0708 with the name "sm2sig_sm3" to the | ||||
| "TLS SignatureScheme" registry:</t> | "TLS SignatureScheme" registry:</t> | |||
| <table align="center"> | ||||
| <texttable> | <thead> | |||
| <ttcol align='right'>Value</ttcol> | <tr> | |||
| <ttcol align='left'>Description</ttcol> | <th align="right">Value</th> | |||
| <ttcol align='left'>Recommended</ttcol> | <th align="left">Description</th> | |||
| <ttcol align='left'>Reference</ttcol> | <th align="left">Recommended</th> | |||
| <c>0x0708</c> | <th align="left">Reference</th> | |||
| <c>sm2sig_sm3</c> | </tr> | |||
| <c>No</c> | </thead> | |||
| <c>this RFC</c> | <tbody> | |||
| </texttable> | <tr> | |||
| <td align="right">0x0708</td> | ||||
| <t>IANA has assigned the value 41 with the name 'curveSM2', to the | <td align="left">sm2sig_sm3</td> | |||
| <td align="left">No</td> | ||||
| <td align="left">RFC 8998</td> | ||||
| </tr> | ||||
| </tbody> | ||||
| </table> | ||||
| <t>IANA has assigned the value 41 with the name "curveSM2" to the | ||||
| "TLS Supported Groups" registry:</t> | "TLS Supported Groups" registry:</t> | |||
| <table align="center"> | ||||
| <texttable> | <thead> | |||
| <ttcol align='right'>Value</ttcol> | <tr> | |||
| <ttcol align='left'>Description</ttcol> | <th align="right">Value</th> | |||
| <ttcol align='left'>DTLS-OK</ttcol> | <th align="left">Description</th> | |||
| <ttcol align='left'>Recommended</ttcol> | <th align="left">DTLS-OK</th> | |||
| <ttcol align='left'>Reference</ttcol> | <th align="left">Recommended</th> | |||
| <c>41</c> | <th align="left">Reference</th> | |||
| <c>curveSM2</c> | </tr> | |||
| <c>No</c> | </thead> | |||
| <c>No</c> | <tbody> | |||
| <c>this RFC</c> | <tr> | |||
| </texttable> | <td align="right">41</td> | |||
| <td align="left">curveSM2</td> | ||||
| </section> | <td align="left">No</td> | |||
| <section anchor="security-considerations" title="Security Considerations"> | <td align="left">No</td> | |||
| <td align="left">RFC 8998</td> | ||||
| <t>At the time of writing, there are no known weak keys for SM | </tr> | |||
| cryptographic algorithms: SM2, SM3 and SM4, and no security issues | </tbody> | |||
| </table> | ||||
| </section> | ||||
| <section anchor="security-considerations" numbered="true" toc="default"> | ||||
| <name>Security Considerations</name> | ||||
| <t>At the time of writing, there are no known weak keys for SM | ||||
| cryptographic algorithms SM2, SM3 and SM4, and no security issues | ||||
| have been found for these algorithms.</t> | have been found for these algorithms.</t> | |||
| <t>A security analysis of GCM is available in <xref target="MV04" format=" | ||||
| <t>A security analysis of GCM is available in <xref target="MV04"></xref>.</t> | default"/>.</t> | |||
| <t>A security analysis of CCM is available in <xref target="J02" format="d | ||||
| <t>A security analysis of CCM is available in <xref target="J02"></xref>.</t> | efault"/>.</t> | |||
| </section> | ||||
| </section> | ||||
| </middle> | </middle> | |||
| <back> | <back> | |||
| <references> | ||||
| <name>References</name> | ||||
| <references> | ||||
| <name>Normative References</name> | ||||
| <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R | ||||
| FC.2119.xml"/> | ||||
| <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R | ||||
| FC.8174.xml"/> | ||||
| <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R | ||||
| FC.8446.xml"/> | ||||
| <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R | ||||
| FC.5116.xml"/> | ||||
| <references title='Normative References'> | <reference anchor="ISO-SM2" target="https://www.iso.org/standard/76382.h | |||
| tml"> | ||||
| <front> | ||||
| <title>IT Security techniques -- Digital signatures with appendix -- | ||||
| Part 3: Discrete logarithm based mechanisms</title> | ||||
| <author> | ||||
| <organization>International Organization for Standardization</orga | ||||
| nization> | ||||
| </author> | ||||
| <date year="2018" month="November"/> | ||||
| </front> | ||||
| <seriesInfo name="ISO/IEC" value="14888-3:2018"/> | ||||
| </reference> | ||||
| &RFC2119; | <reference anchor="ISO-SM3" target="https://www.iso.org/standard/67116.h | |||
| &RFC8174; | tml"> | |||
| &RFC8446; | <front> | |||
| &RFC5116; | <title>IT Security techniques -- Hash-functions -- Part 3: Dedicated | |||
| <reference anchor="ISO-SM2" target="https://www.iso.org/standard/76382.html"> | hash-functions</title> | |||
| <front> | <author> | |||
| <title>IT Security techniques -- Digital signatures with appendix -- Part 3: | <organization>International Organization for Standardization</orga | |||
| Discrete logarithm based mechanisms</title> | nization> | |||
| <author > | </author> | |||
| <organization>International Organization for Standardization</organization | <date year="2018" month="October"/> | |||
| > | </front> | |||
| </author> | <seriesInfo name="ISO/IEC" value="10118-3:2018"/> | |||
| <date year="2018" month="November"/> | </reference> | |||
| </front> | ||||
| <seriesInfo name="ISO" value="ISO/IEC 14888-3:2018"/> | ||||
| </reference> | ||||
| <reference anchor="ISO-SM3" target="https://www.iso.org/standard/67116.html"> | ||||
| <front> | ||||
| <title>IT Security techniques -- Hash-functions -- Part 3: Dedicated hash-fu | ||||
| nctions</title> | ||||
| <author > | ||||
| <organization>International Organization for Standardization</organization | ||||
| > | ||||
| </author> | ||||
| <date year="2018" month="October"/> | ||||
| </front> | ||||
| <seriesInfo name="ISO" value="ISO/IEC 10118-3:2018"/> | ||||
| </reference> | ||||
| <reference anchor="ISO-SM4" target="https://www.iso.org/standard/54531.html"> | ||||
| <front> | ||||
| <title>IT Security techniques -- Encryption algorithms -- Part 3: Block ciph | ||||
| ers</title> | ||||
| <author > | ||||
| <organization>International Organization for Standardization</organization | ||||
| > | ||||
| </author> | ||||
| <date year="2010" month="December"/> | ||||
| </front> | ||||
| <seriesInfo name="ISO" value="ISO/IEC 18033-3:2010"/> | ||||
| </reference> | ||||
| <reference anchor="GCM" target="http://csrc.nist.gov/publications/nistpubs/800-3 | ||||
| 8D/SP-800-38D.pdf"> | ||||
| <front> | ||||
| <title>NIST Special Publication 800-38D: Recommendation for Block Cipher Mod | ||||
| es of Operation: Galois/Counter Mode (GCM) and GMAC.</title> | ||||
| <author initials="." surname="Dworkin, M"> | ||||
| <organization>U.S. National Institute of Standards and Technology</organiz | ||||
| ation> | ||||
| </author> | ||||
| <date year="2007" month="November"/> | ||||
| </front> | ||||
| </reference> | ||||
| <reference anchor="CCM" target="http://csrc.nist.gov/publications/nistpubs/800-3 | ||||
| 8C/SP800-38C.pdf"> | ||||
| <front> | ||||
| <title>NIST Special Publication 800-38C: The CCM Mode for Authentication and | ||||
| Confidentiality</title> | ||||
| <author initials="." surname="Dworkin, M"> | ||||
| <organization>U.S. National Institute of Standards and Technology</organiz | ||||
| ation> | ||||
| </author> | ||||
| <date year="2004" month="May"/> | ||||
| </front> | ||||
| </reference> | ||||
| </references> | <reference anchor="ISO-SM4" target="https://www.iso.org/standard/54531.h | |||
| tml"> | ||||
| <front> | ||||
| <title>Information technology -- Security techniques -- Encryption a | ||||
| lgorithms -- Part 3: Block ciphers</title> | ||||
| <author> | ||||
| <organization>International Organization for Standardization</orga | ||||
| nization> | ||||
| </author> | ||||
| <date year="2010" month="December"/> | ||||
| </front> | ||||
| <seriesInfo name="ISO/IEC" value="18033-3:2010"/> | ||||
| </reference> | ||||
| <references title='Informative References'> | <reference anchor="GCM" target="http://csrc.nist.gov/publications/nistpu | |||
| bs/800-38D/SP-800-38D.pdf"> | ||||
| <front> | ||||
| <title>Recommendation for Block Cipher Modes of Operation: Galois/Co | ||||
| unter Mode (GCM) and GMAC</title> | ||||
| <author initials="M." surname="Dworkin"> | ||||
| <organization>National Institute of Standards and Technology</orga | ||||
| nization> | ||||
| </author> | ||||
| <date year="2007" month="November"/> | ||||
| </front> | ||||
| <seriesInfo name="Special Publication" value="800-38D"/> | ||||
| <seriesInfo name="DOI" value="10.6028/NIST.SP.800-38D"/> | ||||
| </reference> | ||||
| <reference anchor="GBT.32907-2016" target="http://www.gmbz.org.cn/upload/2018-04 | <reference anchor="CCM" target="http://csrc.nist.gov/publications/nistpu | |||
| -04/1522788048733065051.pdf"> | bs/800-38C/SP800-38C.pdf"> | |||
| <front> | <front> | |||
| <title>Information security technology --- SM4 block cipher algorithm</title | <title>Recommendation for Block Cipher Modes of Operation: the CCM M | |||
| > | ode for Authentication and Confidentiality</title> | |||
| <author > | <author initials="M." surname="Dworkin"> | |||
| <organization>Standardization Administration of China</organization> | <organization>National Institute of Standards and Technology</orga | |||
| </author> | nization> | |||
| <date year="2017" month="March" day="01"/> | </author> | |||
| </front> | <date year="2004" month="May"/> | |||
| <seriesInfo name="GB/T" value="32907-2016"/> | </front> | |||
| </reference> | <seriesInfo name="Special Publication" value="800-38C"/> | |||
| <reference anchor="GBT.32905-2016" target="http://www.gmbz.org.cn/upload/2018-07 | <seriesInfo name="DOI" value="10.6028/NIST.SP.800-38C"/> | |||
| -24/1532401392982079739.pdf"> | </reference> | |||
| <front> | </references> | |||
| <title>Information security technology --- SM3 cryptographic hash algorithm< | <references> | |||
| /title> | <name>Informative References</name> | |||
| <author > | ||||
| <organization>Standardization Administration of China</organization> | ||||
| </author> | ||||
| <date year="2017" month="March" day="01"/> | ||||
| </front> | ||||
| <seriesInfo name="GB/T" value="32905-2016"/> | ||||
| </reference> | ||||
| <reference anchor="GBT.32918.2-2016" target="http://www.gmbz.org.cn/upload/2018- | ||||
| 07-24/1532401673138056311.pdf"> | ||||
| <front> | ||||
| <title>Information security technology --- Public key cryptographic algorith | ||||
| m SM2 based on elliptic curves --- Part 2: Digital signature algorithm</title> | ||||
| <author > | ||||
| <organization>Standardization Administration of China</organization> | ||||
| </author> | ||||
| <date year="2017" month="March" day="01"/> | ||||
| </front> | ||||
| <seriesInfo name="GB/T" value="32918.2-2016"/> | ||||
| </reference> | ||||
| <reference anchor="GBT.32918.5-2016" target="http://www.gmbz.org.cn/upload/2018- | ||||
| 07-24/1532401863206085511.pdf"> | ||||
| <front> | ||||
| <title>Information security technology --- Public key cryptographic algorith | ||||
| m SM2 based on elliptic curves --- Part 5: Parameter definition</title> | ||||
| <author > | ||||
| <organization>Standardization Administration of China</organization> | ||||
| </author> | ||||
| <date year="2017" month="March" day="01"/> | ||||
| </front> | ||||
| <seriesInfo name="GB/T" value="32918.5-2016"/> | ||||
| </reference> | ||||
| <reference anchor="GMT.0009-2012" target="http://www.gmbz.org.cn/main/viewfile/2 | ||||
| 018011001400692565.html"> | ||||
| <front> | ||||
| <title>SM2 cryptography algorithm application specification</title> | ||||
| <author > | ||||
| <organization>State Cryptography Administration of China</organization> | ||||
| </author> | ||||
| <date year="2012" month="November" day="22"/> | ||||
| </front> | ||||
| <seriesInfo name="GM/T" value="0009-2016"/> | ||||
| </reference> | ||||
| <reference anchor="J02" target="http://csrc.nist.gov/groups/ST/toolkit/BCM/docum | ||||
| ents/proposedmodes/ccm/ccm-ad1.pdf"> | ||||
| <front> | ||||
| <title>On the Security of CTR + CBC-MAC</title> | ||||
| <author initials="." surname="Jonsson, J"> | ||||
| <organization></organization> | ||||
| </author> | ||||
| <date year="2002"/> | ||||
| </front> | ||||
| </reference> | ||||
| <reference anchor="MV04" target="http://eprint.iacr.org/2004/193"> | ||||
| <front> | ||||
| <title>The Security and Performance of the Galois/Counter Mode (GCM)</title> | ||||
| <author initials="McGrew, D.and J." surname="Viega"> | ||||
| <organization></organization> | ||||
| </author> | ||||
| <date year="2004" month="December"/> | ||||
| </front> | ||||
| </reference> | ||||
| </references> | <reference anchor="GBT.32907-2016" target="http://www.gmbz.org.cn/upload | |||
| /2018-04-04/1522788048733065051.pdf"> | ||||
| <front> | ||||
| <title>Information security technology -- SM4 block cipher algorithm | ||||
| </title> | ||||
| <author> | ||||
| <organization>Standardization Administration of the People's Repub | ||||
| lic of China</organization> | ||||
| </author> | ||||
| <date year="2017" month="March"/> | ||||
| </front> | ||||
| <seriesInfo name="GB/T" value="32907-2016"/> | ||||
| </reference> | ||||
| <section anchor="test-vectors" title="Test Vectors"> | <reference anchor="GBT.32905-2016" target="http://www.gmbz.org.cn/upload | |||
| /2018-07-24/1532401392982079739.pdf"> | ||||
| <front> | ||||
| <title>Information security technology --- SM3 cryptographic hash al | ||||
| gorithm</title> | ||||
| <author> | ||||
| <organization>Standardization Administration of China</organizatio | ||||
| n> | ||||
| </author> | ||||
| <date year="2017" month="March"/> | ||||
| </front> | ||||
| <seriesInfo name="GB/T" value="32905-2016"/> | ||||
| </reference> | ||||
| <t>All values are in hexadecimal and are in network byte order (big endian).</t> | <reference anchor="GBT.32918.2-2016" target="http://www.gmbz.org.cn/uplo | |||
| ad/2018-07-24/1532401673138056311.pdf"> | ||||
| <front> | ||||
| <title>Information security technology --- Public key cryptographic | ||||
| algorithm SM2 based on elliptic curves --- Part 2: Digital signature algorithm</ | ||||
| title> | ||||
| <author> | ||||
| <organization>Standardization Administration of the People's Repub | ||||
| lic of China</organization> | ||||
| </author> | ||||
| <date year="2017" month="March"/> | ||||
| </front> | ||||
| <seriesInfo name="GB/T" value="32918.2-2016"/> | ||||
| </reference> | ||||
| <reference anchor="GBT.32918.5-2017" target="http://www.gmbz.org.cn/uplo | ||||
| ad/2018-07-24/1532401863206085511.pdf"> | ||||
| <front> | ||||
| <title>Information security technology --- Public key cryptographic | ||||
| algorithm SM2 based on elliptic curves --- Part 5: Parameter definition</title> | ||||
| <author> | ||||
| <organization>Standardization Administration of the People's Repub | ||||
| lic of China</organization> | ||||
| </author> | ||||
| <date year="2017" month="December"/> | ||||
| </front> | ||||
| <seriesInfo name="GB/T" value="32918.5-2017"/> | ||||
| </reference> | ||||
| <section anchor="sm4-gcm-test-vectors" title="SM4-GCM Test Vectors"> | <reference anchor="GMT.0009-2012" target="http://www.gmbz.org.cn/main/vi | |||
| ewfile/2018011001400692565.html"> | ||||
| <front> | ||||
| <title>SM2 cryptography algorithm application specification</title> | ||||
| <author> | ||||
| <organization>State Cryptography Administration</organization> | ||||
| </author> | ||||
| <date year="2012" month="November"/> | ||||
| </front> | ||||
| <seriesInfo name="GM/T" value="0009-2012"/> | ||||
| </reference> | ||||
| <figure><artwork><![CDATA[ | <reference anchor="J02" target="https://link.springer.com/chapter/10.100 | |||
| 7%2F3-540-36492-7_7"> | ||||
| <front> | ||||
| <title>On the Security of CTR + CBC-MAC</title> | ||||
| <author initials="J." surname="Jonsson"> | ||||
| <organization/> | ||||
| </author> | ||||
| <date month="February" year="2003"/> | ||||
| </front> | ||||
| <seriesInfo name="DOI" value="10.1007/3-540-36492-7_7"/> | ||||
| </reference> | ||||
| <reference anchor="MV04" target="http://eprint.iacr.org/2004/193"> | ||||
| <front> | ||||
| <title>The Security and Performance of the Galois/Counter Mode of Op | ||||
| eration</title> | ||||
| <author initials="D." surname="McGrew"> | ||||
| <organization/> | ||||
| </author> | ||||
| <author initials="J." surname="Viega"> | ||||
| <organization/> | ||||
| </author> | ||||
| <date year="2004" month="December"/> | ||||
| </front> | ||||
| <seriesInfo name="DOI" value="10.1007/978-3-540-30556-9_27"/> | ||||
| </reference> | ||||
| </references> | ||||
| </references> | ||||
| <section anchor="test-vectors" numbered="true" toc="default"> | ||||
| <name>Test Vectors</name> | ||||
| <t>All values are in hexadecimal and are in network byte order (big endian | ||||
| ).</t> | ||||
| <section anchor="sm4-gcm-test-vectors" numbered="true" toc="default"> | ||||
| <name>SM4-GCM Test Vectors</name> | ||||
| <sourcecode name="" type=""><![CDATA[ | ||||
| Initialization Vector: 00001234567800000000ABCD | Initialization Vector: 00001234567800000000ABCD | |||
| Key: 0123456789ABCDEFFEDCBA9876543210 | Key: 0123456789ABCDEFFEDCBA9876543210 | |||
| Plaintext: AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB | Plaintext: AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB | |||
| CCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDD | CCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDD | |||
| EEEEEEEEEEEEEEEEFFFFFFFFFFFFFFFF | EEEEEEEEEEEEEEEEFFFFFFFFFFFFFFFF | |||
| EEEEEEEEEEEEEEEEAAAAAAAAAAAAAAAA | EEEEEEEEEEEEEEEEAAAAAAAAAAAAAAAA | |||
| Associated Data: FEEDFACEDEADBEEFFEEDFACEDEADBEEFABADDAD2 | Associated Data: FEEDFACEDEADBEEFFEEDFACEDEADBEEFABADDAD2 | |||
| CipherText: 17F399F08C67D5EE19D0DC9969C4BB7D | CipherText: 17F399F08C67D5EE19D0DC9969C4BB7D | |||
| 5FD46FD3756489069157B282BB200735 | 5FD46FD3756489069157B282BB200735 | |||
| D82710CA5C22F0CCFA7CBF93D496AC15 | D82710CA5C22F0CCFA7CBF93D496AC15 | |||
| A56834CBCF98C397B4024A2691233B8D | A56834CBCF98C397B4024A2691233B8D | |||
| Authentication Tag: 83DE3541E4C2B58177E065A9BF7B62EC | Authentication Tag: 83DE3541E4C2B58177E065A9BF7B62EC | |||
| ]]></artwork></figure> | ]]></sourcecode> | |||
| </section> | ||||
| </section> | <section anchor="sm4-ccm-test-vectors" numbered="true" toc="default"> | |||
| <section anchor="sm4-ccm-test-vectors" title="SM4-CCM Test Vectors"> | <name>SM4-CCM Test Vectors</name> | |||
| <sourcecode name="" type=""><![CDATA[ | ||||
| <figure><artwork><![CDATA[ | ||||
| Initialization Vector: 00001234567800000000ABCD | Initialization Vector: 00001234567800000000ABCD | |||
| Key: 0123456789ABCDEFFEDCBA9876543210 | Key: 0123456789ABCDEFFEDCBA9876543210 | |||
| Plaintext: AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB | Plaintext: AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB | |||
| CCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDD | CCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDD | |||
| EEEEEEEEEEEEEEEEFFFFFFFFFFFFFFFF | EEEEEEEEEEEEEEEEFFFFFFFFFFFFFFFF | |||
| EEEEEEEEEEEEEEEEAAAAAAAAAAAAAAAA | EEEEEEEEEEEEEEEEAAAAAAAAAAAAAAAA | |||
| Associated Data: FEEDFACEDEADBEEFFEEDFACEDEADBEEFABADDAD2 | Associated Data: FEEDFACEDEADBEEFFEEDFACEDEADBEEFABADDAD2 | |||
| CipherText: 48AF93501FA62ADBCD414CCE6034D895 | CipherText: 48AF93501FA62ADBCD414CCE6034D895 | |||
| DDA1BF8F132F042098661572E7483094 | DDA1BF8F132F042098661572E7483094 | |||
| FD12E518CE062C98ACEE28D95DF4416B | FD12E518CE062C98ACEE28D95DF4416B | |||
| ED31A2F04476C18BB40C84A74B97DC5B | ED31A2F04476C18BB40C84A74B97DC5B | |||
| Authentication Tag: 16842D4FA186F56AB33256971FA110F4 | Authentication Tag: 16842D4FA186F56AB33256971FA110F4 | |||
| ]]></artwork></figure> | ]]></sourcecode> | |||
| </section> | ||||
| </section> | </section> | |||
| </section> | <section anchor="contributors" numbered="false" toc="default"> | |||
| <section anchor="contributors" title="Contributors"> | <name>Contributors</name> | |||
| <t>Qin Long<vspace /> | ||||
| Ant Group<vspace /> | ||||
| zhuolong.lq@antfin.com</t> | ||||
| <t>Kepeng Li<vspace /> | ||||
| Ant Group<vspace /> | ||||
| kepeng.lkp@antfin.com</t> | ||||
| <t>Ke Zeng<vspace /> | <contact fullname="Qin Long"> | |||
| Ant Group<vspace /> | <organization>Ant Group</organization> | |||
| william.zk@antfin.com</t> | <address> | |||
| <postal/> | ||||
| <email>zhuolong.lq@antfin.com</email> | ||||
| </address> | ||||
| </contact> | ||||
| <t>Han Xiao<vspace /> | <contact fullname="Kepeng Li"> | |||
| Ant Group<vspace /> | <organization>Ant Group</organization> | |||
| han.xiao@antfin.com</t> | <address> | |||
| <postal/> | ||||
| <email>kepeng.lkp@antfin.com</email> | ||||
| </address> | ||||
| </contact> | ||||
| <t>Zhi Guan<vspace /> | <contact fullname="Ke Zeng"> | |||
| Peking University<vspace /> | <organization>Ant Group</organization> | |||
| guan@pku.edu.cn</t> | <address> | |||
| <postal/> | ||||
| <email>william.zk@antfin.com</email> | ||||
| </address> | ||||
| </contact> | ||||
| </section> | <contact fullname="Han Xiao"> | |||
| <organization>Ant Group</organization> | ||||
| <address> | ||||
| <postal/> | ||||
| <email>han.xiao@antfin.com</email> | ||||
| </address> | ||||
| </contact> | ||||
| <contact fullname="Zhi Guan"> | ||||
| <organization>Peking University</organization> | ||||
| <address> | ||||
| <postal/> | ||||
| <email>guan@pku.edu.cn</email> | ||||
| </address> | ||||
| </contact> | ||||
| </section> | ||||
| </back> | </back> | |||
| <!-- ##markdown-source: | ||||
| H4sIAHc5cF8AA+1c63LbyJX+30/RZf+wFZMUbrxAqWwFBEmPJpbtWLJzq4kL | ||||
| JCESEQhwAFASx6OtfYh9wn2SPed0N9AAQVmeJDVVW4uaoUmgL6e/cz/dULfb | ||||
| ZUVUxOEZv1wHyeoi4i8vL064H23XYcYvd1ER5vw6zfhVFiT5Ns0K/ibY46Nw | ||||
| scuiYs9fXr25POHvs7RIF2nMP4VZHqUJN3s2C+bzLLw949DiFn7zy4v6wGyZ | ||||
| LpJgA5Mvs+C66O6Bgm4R5/i/aXfzTTendl1jwJZBAe0swzK6htu1huw5V7dM | ||||
| t2uMar8Zy4sgWX4O4jSBW0nKWLTNzniR7fLCMgzXsFiQhcFZuQx2tyI62c3d | ||||
| GT9PijBLwqI7QbLYIijOeJRcwyiLdBkl0HKXd4N8EUVsG51xuJ7zRZDA3ZAH | ||||
| WRYAKNE1D+KY78P8hAN66yBfc1h4yDgHnM7wAXzNAc8svM7P8Pt+Q1/pEQt2 | ||||
| xTrN8D5eXfkvBzKgxfse/wtAVd4UGL4PdnH9fpoBqV5S8NdZutuWt59zxRh4 | ||||
| NouS8kEOxISw1rdpjw+H/M+7cL+DZX1Ig2XZZgFgnfHvYJqf1umuup0ugQTb | ||||
| NODSbu6SIoPm/jpKgvL2dk1ceTUadPtDs2sNRqPuCK6ywXWwyKNNFGuNRgPH | ||||
| 7loj0ywbhZsgis/4TRDl6zDp7fe/D5LiOkp6i3TDWJJmm6CIbkOE8MPMt0zT | ||||
| lV9H5tBRXx1nIL/2TZO+nl++615eWAJ5qRr/ISc9v6rEvggX6yT6cQfq0e3y | ||||
| SbSKiiDmebRKgmKXwd27qFjzYLsNk2V0j23eB6A8tmLpJMoXWViEPE5XAYy4 | ||||
| 3vB5kIdLvoGBgyTKN7kgIchWyJN1UWzzs9PTu7u7XpSnPeDtKQl5kC1PhwN7 | ||||
| ZPXWxSamPnXhISkQIg2IpAmQ+S5bwRQ/0U/S7ks5krxHPUt1GnUl7HmYRWGO | ||||
| mqDGBrTO8OP0fOpz0wEmdu0z7FIiaX8jkt+BpnSvd8kC6chbcAuXESgkALWu | ||||
| tXw6WIMhsPrfCZbxJLAM0zwAy/lGsKbJIttvibAgXqUkRrmyGSVyfBynixvQ | ||||
| XDS93wBU3+nb5r8NKKNrWk8CamTYtgAKgX3tX7SC9Pb8EmDahosIKHm/m8co | ||||
| JUjIyDC69miixv4Qgn3YgFJWZAp4pGe6AEOW8/Sav9uGGbVRPV+DN4nyUx+N | ||||
| mmzIXwI5JxxWyV9feH7vAFuAdpFnix7oc9Fbpben24qy/BTvwo38VNJ4evm+ | ||||
| K7/2tsvrFtTJ/E/u0uwmSjr8oqcz42PvssffKmacJzkgtAMDA2tRjMiJ1CuU | ||||
| oRTszr7GEWMo9Nz/ZQj74D/XIfaW7QkgxNeDJYRJoZojCX6aXEdLvBnE6H3/ | ||||
| Kdx8wE1++zVgc7pGH+ILkF/N5bweX/VsywVMQW4HNTzPVUvAIq/pNQ3O/+e/ | ||||
| /hsiJYfPNa2t1LsNKtTe1Wb+E6pvb5Gc7rYxuOxTskZInnNq9i1rOBoZzmho | ||||
| 28agb/TNI1ARJg3F5d5yEyHoQiEQmsqjlwo97Bp21zjmKV6PT68gQCgh0TDq | ||||
| /1KMbE7mL11lwXYdLUSU9cuRAsIQKdtyDNN2LXdkGUN3aLu/GlL9BlLmqGcd | ||||
| YlW6iSdgJtSW34T7BnQlagCrJQcU8QiMFsZxBF5mwWHQW7CONBL6FuvsMPL5 | ||||
| FzFgMLRNe2T0B7b5q4lqiXeNBS3i+iuyoI+BfwYJAPqkZQgBcFT62l+K/Whg | ||||
| W8bAGPX7vyr2lfhfXPUgr3Dxdz0yB6R0FPcaiBB6lx4qR691LX89BRrILZLT | ||||
| 2yi8u4YshBCCcM0wTMcwBq7VH/QfDYsAF3Agvk7Xk6CxwAF3rWNR0esLhEbh | ||||
| gLh8b9TReJdw8LRVsIizXH3gr7g/9rsQn3zdza4wUcxPL69OizSNb6LidOxf | ||||
| nEKavoOQqchPt1m6TUEkNxglnS4WG/y/GyyPiQk53u/BZ+cpON7ve3XPiSu9 | ||||
| +GS0R71X+krQ/74PM9KuZIHOWbbC9R4NzNrWG26zKCl6UbDIKNpFB35quvYx | ||||
| 4i8Wr7PwrsMnPSLi+x7/FIWrOuPAx0Isy9hzCLq7PEmL8PP59PL157fwjT2H | ||||
| 2/M4UP8zhm2COYrComDsah3lXAGsBBUUfJ3e8SKlkgLxVK/O1OwGqyJ/kXN+ | ||||
| pVKzVZWa26pS00M6QpoMZAbmyzUzroaVRRwgF1bIIYJOMzRO8z12YOfTq1lP | ||||
| cu1C7xyAS5hj0B0lK75Bg1Gk2R7AFRrQIVjzlBU1IIDK2wgj8QCMGmTK0Vbp | ||||
| TRMYfTJWo5QGLgENcExUZxxENclTGCQoWLTZxiFODJhQKQfaLncgaBHeEoHj | ||||
| qmol4lBAjZi5iZbLOGQMsiHqRZTK68vzCO8+sN9pV5PrYoVzILK4S3kS3qmo | ||||
| T5S/AKI29yqQCxh4km54j0WDVVhVDyjyRoAa4sCeIA70CPHp8L/JKskPJz0U | ||||
| EZKLmO+KKI5+CsFIQS9w/selU2cOcO16FwMLiK7gMCtY1LMCnoU/7qKMEM8l | ||||
| 14S0opQdwESS9jIPkUTg65cvylg9PJycMfaf8kLNFbkeFSFx0M8Qbn8Gg/EZ | ||||
| Q8rf8S/cuDeMDnz6A/7w22Md/LYOQ+xQTsVmwISAb1KgbBkWAUjfkkW6mAAm | ||||
| IMHHIOtwEDgIAQCJYAkrysHWwsP84UFxo47AdRrHqB7rsJRwHcOeSN/QEcbx | ||||
| vsOQldi2PghqFuYfoKEhUAEPABowqIdW9oSjH2CwRh9bqEekhNLliCa4zE0Y | ||||
| FjRbEobLXFdCeLgOboFtEEFMvQl7qSWMYGC0IgeN7IEzgRwUH02CIgCBC7bB | ||||
| HPQ6bKmGCFnBYKtFRaQY53zqT76b8pdTFWT5GGRBaHsNlqP7HcReYLfYFEDa | ||||
| oLif8BTEXlofqxGaCa3EZy0qCxK+mUdJCLpAnW2RsqgiVtn1cFhttHyBdPSE | ||||
| cGFrIVkg//N0Vwj7SLJRVRIB81VaIGY8X4OaLDWs0H6gidEwp1G3YZi9zE/E | ||||
| etBKhAvBvwyMebbEYjHIMBBUE1L25UsVhJKcEgMa9uyoNWtnFKMhgeoIAxzd | ||||
| cqLKozfKVFWndEhcOCThj9i3+6P6ROyp/mjDj7sg1nRBXHNB/Be7IOlyvWqJ | ||||
| 5HdKW4E+qnkxcAPCdC9ByMMMsQSYjtkhAm2H3h5WivRAExATtVRcRwfs2iLe | ||||
| 4fYIiS+6n7qJ75BVgftMV1QACPUgyIlpNXWAxeFIEYKeg/EA0BpKIdKjo1RX | ||||
| FC1FlspKwQOhrfKwBj01IZTaBqldXSI6kJXFe6a0dXk8DaYxgVI1WX1kgjZK | ||||
| btP4Nlx2+B0sYS3NYYwKtQdhDYGuJYg2etC2Yjt4Brlt8fDAXwKUd4ATQgpC | ||||
| /eVLs3gA7rDHyMAjsLUqk6ZnZT9Zr4GRcR0JSDv0m4eIal7mf0AbqB0QwXUS | ||||
| tcptSaIDNoE4TrPXzZ9YvJR7UBfQr12x3RHnIeni84h8mDCbDXwWi3BbCO1H | ||||
| MqKEtVXaSzLshwcZP2GsQEOoKIzGqJbfl8snVQszMBsilxdaBqq5qWkYY14M | ||||
| ScRutW6YKhk3w6LQMmm1RQjQgANagZNHBQuW6bYQOgFR0S1qEW6HoFaVW1s8 | ||||
| BjnaBStyr9JA8UUcyNwPFFLYaOpZpDSYZmWkp0KFFlsqeqzAY7APcc5wQrCV | ||||
| kEoHcLPMAQ6skPKyYKdgSc8uPl5ePeuIf/nbd/T9w/SPH88/TCf4/fI7782b | ||||
| 8otoweDHu49v5HP8VvX0311cTN9OROcL7y/PBPHP3r2/On/31nvzTLkGVnMN | ||||
| BbJWGNAtbrYtUSkqPkOfsf8eVAnYLfcIHx4YfcdNQhD5O7BfYirUdvkTcNzT | ||||
| zl6Q4RAYRUEIguqPfjQHF5veJQx3e1FmSrvMzym0BU8ABv7L8zI6raUGtRyh | ||||
| GZkp9cShhY1AloqgD/Uxqib4tQLeqxRVkQQGa7GlxIDJW0LocYPx0XIZyWp7 | ||||
| Ov8HRBW5WAspoQqOkVVxCmtCH8MOg9RABbu40t+QmxexVVlfQat8zBofRl7k | ||||
| 3CJZPyl7lbxj4X0RJpQfaTZS7e52x5CU4CphWiE9kDE9PDR4AFc58qWw/fnG | ||||
| AhI/55sS1KExqgP6GxnCHASE55M60bstJnlwgzb7c95GMWtQ7HyV4rfBJlzS | ||||
| iGJaJARJdcw6mZqYT6r4Dy2kHg62i7oUd4gj5OGRnNVjlfZ079GgkNRVlgAx | ||||
| NwBLIEWxx87r1kuUPPQBlNWiAfYymq5PDuMFCVjZeAkptUydVVIDWl/f8mLN | ||||
| 4Ov58+fE0krShECIpWIcijOuMM1IiCJpmYVDqMo0x4S8JwoMebjQy59P7s5k | ||||
| NNZI0TchOLaliOwOFbunIlF9yCivxxRlmNLjh40rHQU7fqzy/XhHWBuGFdfR | ||||
| PeY4tZ5sW5bJMZhsC3XKmrOgD4gXqraWeOA5m1INGBoSfCLijxzJCUX6dhvE | ||||
| uxBVRDkDMUtVj+jxj0kc3QAfKL9uECqWrsWnWkhLvSBdvfQ6BEIpqnkYY4LW | ||||
| NiD45zEEURHFICJQUjpxl6GBB4EuwIXlJCCQipCEtAzESwgZQCiiESACPCLw | ||||
| n3tJEt7zWc+UVqUKSTFYAxGmPGOBgtKqgYc57iMp4XHtJ0SwkgRhEiyR3eGK | ||||
| 2lhcKlVHJmCk1XmwJw8vLAhwMvqKIEkQWsXxZdC76QWlyJzo+lDzYLrVVa3P | ||||
| qGQZAQyguvFSD4IZttv/HU3x/d9t/ooH9/Axp9tbDndn4pqqL7PDL+VBqvKJ | ||||
| Ia/2tsG/flzakJjjuNZo6s48d8rdiTvrT22HO5M+/HbG3J8N+obrDatxbXc4 | ||||
| glbc7Hvj0cy1+GQy9scT0Ddn4jrGVBTzk2+ld2gZ9mQ2GHPL9AdG3xrzvj0e | ||||
| zxzD5bY76TumReO+vodxbct3vKkFycXMdEcQN/L+zHUNcKJ84Nmu77pOOe5o | ||||
| NrUNGIjPrMHAGE9NPgTKnf4IxrUdfwj/0bh7GHfs20N74Fl85swGw6Hr8747 | ||||
| nvjTqc0H44FrmX27HHdieO5oOPS5P7A8Z+gY3LAmM9ua9mEFtjszPEMPzB6x | ||||
| mqgIYALwmIMWQ0ozhjEvX4UJnYaBgAzEHdxSdL3HcoRWmKYUmYrDaEdAY8HM | ||||
| iM6gAHGEqgkSnIcZ1s5EDRDUTQyFkh6G2YucEv5FmBVity5U0Y2v3dqEeQ5J | ||||
| T4eorRmSA0/OyBiorYIqUPYu/fNzrGDhD7FMaeKp4FBBQPQvU2wWMOXydIvU | ||||
| 0F3Z5NXri1cign5FIbTGh/NrVVWtYMmowNEKjKrEvch5AxoGNq4IKht4BCT0 | ||||
| 4F9fPeE0DxlFlO1QYFifUTGlwOJ6bU/2IHIEXXH6g+FI/asBML2HVCyX86SL | ||||
| AhxJR3AtalpC4942McmwLfq06dOhzz59DuhzSJ+jzrd30fmCBbcA4qWFAK25 | ||||
| fBVrBzXxrLRpGWJknWPEgtthvgeyk9Jz6VS1bj3ueznfBHu+WKcQEQgm5NLn | ||||
| QutEeiC4txGpf7hkwRziQdCyr0WvMnemzRR0gQStdjBB1Ec3EDBQaMD+AOI8 | ||||
| VQ4WAvab+wd2GK5iFTzlF0Ks8uZ+oR6iKAdH8zQrIKoOveTLHcofk3sVVRwp | ||||
| qoo6wUrXSkEXtEgRxyU8Rwp90iZ6RnmoUvv2rKFJXUeLaaVeivKhLNYf5h+S | ||||
| mBfi7mdx9wUTB8AlLBpNVcFcj10uZYjuQDZmNbIxWNg7kojmPhgRrogtS8qC | ||||
| nDLtw5ZMn1/ihekR5cxq+yBXmePnVSNz7MDiZDDyQpkIhcryt/oQSg0+a3Kg | ||||
| D1Mlut8+0GfUHC2dxbP1aEJgYSffMDRY7c+0+aETFnCQ/ku8O8WT6uWmqbZu | ||||
| AuVgZClzl2S1pcyBaa9kSNrzLFyE0S0lJW28kDacrGpNi45ueXQwjr/w/qJM | ||||
| h7b1ALbhmuWpZvMlEUQ81VGTUmG/mk9XlbQowSIhiJ62WvBHDcGXbz5gyB5i | ||||
| vXKHe4xAAfyOCibLj1KzcjCsmCU30IJBYVURne/gFLfrFKql1i2tsHOrnThY | ||||
| w1QmQeP1iPlYBsVDI51D7qAJnldDqP0NYjGZ8adXHTroxoE1OCTWeedgqq/2 | ||||
| W9xqVbMyOat2MikX9WdVvA20BEc4DUVZfmDK2LbMqDi0lGMTspwkUd6Rdef6 | ||||
| Gltt4+Myp9yKELsgEc6qxiBpEeMoL8SxCn0jWrJebaT9Vni7u0hSoosqeLqs | ||||
| kPtBulfAHYFnURyHqyD+XGZhzwBDsBCy/lCFOZolbOSEpQLohrVmE59kLMhR | ||||
| YZiQhTG5NOnGla0QezaRLpH8LkAbDiTUqAGspRkXzkwP5T6I4Fyal8MHpS2h | ||||
| gg8gLPc/5YQwvlylpoCojlIz81o8c7hrB3Yjw6oFBGliLyApD2FJ0pkkvSMr | ||||
| DKrOTyJQVme1dLotBZEGHUXoRZsTeFExgil8ddOP9Zp6Dl/HXYjtY8h32LFN | ||||
| e1o34faijlYtuwBBOMW6Mgy3CJdUxJBlt8Ng45DLjP1JpEpKj8nEHYnqm25D | ||||
| rVEb7tDedsrTOiT5u1iemCEpFdbmLsJtw+trtdOvDyjqS/Q6hOSoVqCSin+A | ||||
| DSqBZDrqSdWjJ8c4UsMrN/EhjC5EFI1lEdqmbpmE1SRBbQe0EKNOimAiCmMC | ||||
| fh0e9lY9EfHLPdyqKDsHxwVN/9zrGy6wHgPlj4R/FYyQ0rXw8xOlb5RWNJgo | ||||
| ntQStFYY2qQcN9lpr05wPlBGUt/JUP1oV/2RoygKO2CMTAKwBr3cxRiVN+rV | ||||
| XmPXTD+JJOqQVFmUPr/crT96TrHamMeIpFbhK8+jic1g4ZJyWXsGsHdwM8jx | ||||
| 0Ao8y6Jb+RqPXD2ws1jI2m11vC4NhQ8Ug2HdAEnWp2VqWrkpfNiiIqzcskSU | ||||
| 9S2Y2oB5EW4bxW9IrB6ekL8JFxjfBfv8oI6pnKmWJRDBaMcBmgUIVZrlpcUX | ||||
| J4IUbRpe0IcpryWhBSEQJQv2+LaLtkN3uPOyXJZHGPEol37MSD/Vhs/UHiTR | ||||
| X97w/Qt1CIJOF8jyqqOIgCnrB9EYnS8Tm3plq7/Vzy78QKd7Wk6n0eG0DsCF | ||||
| phq31OO9ODD2XU2lkIY5hCtNJHJSspfamYKTHqtvvSj5RR48umqBV01HeABS | ||||
| tI9RfTdRHJAvl9Vs+cIqcF+dypGyTaPIN/2qtwe86aW8KS2VTopgdJ242gG8 | ||||
| tnN1uNF/Q9uwlZcDiv8GvX/osF0ujgE5qpaknzLpoHEXYaByYCCdHdBQCtK3 | ||||
| cYAb9vcFqSILqtN+y6AIhNcGDIjtoDupek2vx72kGbsUwUqpkChcMXGArZ5O | ||||
| qxy8LzLwNh0rHUgqz1QAObRIph/Ak3YAyxnykNw6DJaYhyDC2r43rSRKtjsR | ||||
| J6OAbQgo1rIANfcjQ9eYJ1BGBFFCcWjyp2rvV6WahxPJ0JwKc9XZGxlJ4Mia | ||||
| Npewq+farGo3RQ5Arhzu6JzS6cU9NHad7jKBSH4mzK8jpAKLvLh9DEGEfMvk | ||||
| FtgFCvny/BMeTqzkhaIiUcnB8xpbiTXTcK/LNXHhpedNThoUyWq3PI8tloFk | ||||
| 6Yuk7b+ypFIHc0FvIFBmhydtQ3Ioh4DDtFfq6CueXtjAbSZdJ54rEhtsX7GV | ||||
| B4bl/BNiT7mhTPZo+42ReikRzfDt+QTk58D9ABRob7ax3BaUaEOzA0JYzX7B | ||||
| GCuwoLTX6anX3r3D8aVfEdTkJdZlyAd5XQH2Qbzs0SKtdYNUCRX7E9glubx8 | ||||
| Afdxatyjr/Xtan1JvoqSmFolnO/oLWv0BiTMMk4TzNHa58IAi5f9YTIBAXrb | ||||
| cmdWBuv0eLkTqT9WLT/mZfyO+8piUCpAgdBVxzJVmVOtWs1WdoTJIHMHs5Tu | ||||
| c0mlPOGPG84YeIoXmpFtaDVJ6hTs1fo7zVNdR3ZTtPRJWUo6dK+Zy45mUu0T | ||||
| yXFh7kg1hV2Iw2RVrGUScmwzVGRWZAtkBxQac6B2DphqtAnuNVNQNbX+bg94 | ||||
| l9tmaw9Q/lrbgQltD5sK3mjzWwdNWuxpG73k03QKNJNyQLTZl9162kaFV/E3 | ||||
| AJu2z6OSuxiE34InohwHvTG+XPVD0+X7By7f/6dcvv91l9+rz7Umdh8z+FIc | ||||
| WdAIBSqT/m0WHdf7FItOgf+TTTo7atKpCIV7F5SlifdaROipdlG1hEWJP6th | ||||
| WrefAuEymVObRdfKXIoyWM7K3SoZmYPhKv/+yFeVrCbiiRDySro1cS6EQNcl | ||||
| WdhOIOlHfGrX5LU1Kotk5VPlTzq3BIYaWGqPqX6oqoyN2izS5XGLZIlXmeoi | ||||
| eSRo4k8Omlhb0OTXgib+9KCJtQRNv6oRtZxWw9hqQ2tNn2rwYIJX7QbvF3qr | ||||
| g4NAT/ZWRyys32ZhvzcsNLDs3Hvr4V+1wEqbYFjedthRNqTj6wcnxnL+pTqH | ||||
| K/L66sbwoXL7eA4tZ41zvJ3mOd2OKgI+w6xB/8NbzyD+W+HLyHs1Zi2Jz6uz | ||||
| WiBIPwPvPpF6w/Uzn2hvv8AvGLr77g/w7YP2Bg7+UlsTP7OftVLS2auDV1Fe | ||||
| aZ/1e+KCAcRpYzqdDGM3zy//zN+meF+cV025oJPWBDzmXB9gqA/gP3mAx7im | ||||
| Tu3WuFOv2kl1Z8SIxhngihcCawF1E+evo3t2HMFWPJHkn/UDyBIAuf5vAcAx | ||||
| m4svd08bS2+cUW6svX3p3yBiRzF4HA1cAC2/POEswBBQPApL9Tbt13Vf6L8n | ||||
| 6nEFnuvDXU7oTGXogg71i/fZ+E2Ch0bvwuAGbbY6aHn09awzcQpTVXxBtjvy | ||||
| ZZ3KkkV5DhaGVSftIQCT5bWi8b73cRP4aJD5C8wmMIDPg8UNvlkDueYnyjXz | ||||
| xrvSXhwr+yjeleLr8D5YQri0wQAQozZxOwkLDFHBbeOf78kwu305j1b4qnoU | ||||
| JCf0OpnTxTXUZjuwSF0sfpb+57xefRC98I/+4ZFGdb5JHXH0xv4Ea+lnvO0q | ||||
| m7vYbjqbTSf+GA/xDfqObZkGe698b7O/17jGjYu1zoeX37gmjet4z2njmjWu | ||||
| p/dsUs8ar/BWq51Np5OZ508nEJuNccrGb2/sTSbexJKl6qtDqMzhzHbdmTHy | ||||
| B8NJfzo13Ykx8V134PrOeDx8ZL392cQZzCb2sD9wRq4xcM3+cGyNrPEY/zaW | ||||
| 3T/eczKyhqbhe33fsmaG78+8oT+eufbEcQeebz7S0+sPRrbjj/2ZO/Jtdzh2 | ||||
| DMvxLJjbsu3xaNJ4kYBfBSu53pE9mdp9x5w6vjXuj8zhcGoM+p47ng3HA2vq | ||||
| awEUSr3//1L/f1nqnZEH8tY3zJk3sKCTP3FMx/enA8N2JiP3MdmdeOZ4NpqZ | ||||
| NoiuYxnuaDAAwbemQ2dkG9ox5oNrNjGtad8c+SB4lu+OgOCpNZq4/cnMcczB | ||||
| I9yZTmzTw+mc4cA3R2OQeojFvaEzdocTvz8+LvXmYORYE2fmmaPBrD/wxrZt | ||||
| 9QfuENZtmsbM0d9IAo9cZNF8d+BSyKv8ERzGG3zBjLPyL6TC95/WuxTfO+vF | ||||
| P2p/TxQegHxDJrjib6JGjxu634tvtgcd+F/Dgwlwjz0KNr2fbhrNv4Ps8c9R | ||||
| kDbar4Okdw+3G63/uo74a/zjrJy9D/HNcP4xieg9JHC/nK3g0e+3N7teuNz1 | ||||
| FtjqfwEl7X7x6lcAAA== | ||||
| </rfc> | </rfc> | |||
| End of changes. 79 change blocks. | ||||
| 785 lines changed or deleted | 643 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||