| rfc9563v1.txt | rfc9563.txt | |||
|---|---|---|---|---|
| skipping to change at line 14 ¶ | skipping to change at line 14 ¶ | |||
| Independent Submission C. Zhang | Independent Submission C. Zhang | |||
| Request for Comments: 9563 Y. Liu | Request for Comments: 9563 Y. Liu | |||
| Category: Informational F. Leng | Category: Informational F. Leng | |||
| ISSN: 2070-1721 Q. Zhao | ISSN: 2070-1721 Q. Zhao | |||
| Z. He | Z. He | |||
| CNNIC | CNNIC | |||
| April 2024 | April 2024 | |||
| SM2 Digital Signature Algorithm for NSSEC | SM2 Digital Signature Algorithm for DNSSEC | |||
| Abstract | Abstract | |||
| This document specifies the use of the SM2 digital signature | This document specifies the use of the SM2 digital signature | |||
| algorithm and SM3 hash algorithm for DNS Security (DNSSEC). | algorithm and SM3 hash algorithm for DNS Security (DNSSEC). | |||
| This document is an Independent Submission to the RFC series and does | This document is an Independent Submission to the RFC series and does | |||
| not have consensus of the IETF community. | not have consensus of the IETF community. | |||
| Status of This Memo | Status of This Memo | |||
| skipping to change at line 109 ¶ | skipping to change at line 109 ¶ | |||
| The generation of an SM3 hash value is described in Section 5 of | The generation of an SM3 hash value is described in Section 5 of | |||
| [GBT-32905-2016] and generates a 256-bit hash value. | [GBT-32905-2016] and generates a 256-bit hash value. | |||
| 3. SM2 Parameters | 3. SM2 Parameters | |||
| Verifying SM2 signatures requires agreement between the signer and | Verifying SM2 signatures requires agreement between the signer and | |||
| the verifier on the parameters used. The SM2 digital signature | the verifier on the parameters used. The SM2 digital signature | |||
| algorithm has been added to [ISO-IEC14888-3_2018]. The parameters of | algorithm has been added to [ISO-IEC14888-3_2018]. The parameters of | |||
| the curve used in this profile are as follows: | the curve used in this profile are as follows: | |||
| p = FFFFFFFE FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF 00000000 FFFFFFFF FFFFFFFF | p = FFFFFFFE FFFFFFFF FFFFFFFF FFFFFFFF | |||
| a = FFFFFFFE FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF 00000000 FFFFFFFF FFFFFFFC | FFFFFFFF 00000000 FFFFFFFF FFFFFFFF | |||
| b = 28E9FA9E 9D9F5E34 4D5A9E4B CF6509A7 F39789F5 15AB8F92 DDBCBD41 4D940E93 | a = FFFFFFFE FFFFFFFF FFFFFFFF FFFFFFFF | |||
| xG = 32C4AE2C 1F198119 5F990446 6A39C994 8FE30BBF F2660BE1 715A4589 334C74C7 | FFFFFFFF 00000000 FFFFFFFF FFFFFFFC | |||
| yG = BC3736A2 F4F6779C 59BDCEE3 6B692153 D0A9877C C62A4740 02DF32E5 2139F0A0 | b = 28E9FA9E 9D9F5E34 4D5A9E4B CF6509A7 | |||
| n = FFFFFFFE FFFFFFFF FFFFFFFF FFFFFFFF 7203DF6B 21C6052B 53BBF409 39D54123 | F39789F5 15AB8F92 DDBCBD41 4D940E93 | |||
| xG = 32C4AE2C 1F198119 5F990446 6A39C994 | ||||
| 8FE30BBF F2660BE1 715A4589 334C74C7 | ||||
| yG = BC3736A2 F4F6779C 59BDCEE3 6B692153 | ||||
| D0A9877C C62A4740 02DF32E5 2139F0A0 | ||||
| n = FFFFFFFE FFFFFFFF FFFFFFFF FFFFFFFF | ||||
| 7203DF6B 21C6052B 53BBF409 39D54123 | ||||
| 4. DNSKEY and RRSIG Resource Records for SM2 | 4. DNSKEY and RRSIG Resource Records for SM2 | |||
| 4.1. DNSKEY Resource Records | 4.1. DNSKEY Resource Records | |||
| SM2 public keys consist of a single value, called "P". In DNSSEC | SM2 public keys consist of a single value, called "P". In DNSSEC | |||
| keys, P is a string of 32 octets that represents the uncompressed | keys, P is a string of 32 octets that represents the uncompressed | |||
| form of a curve point, "x | y". (Conversion of a point to an octet | form of a curve point, "x | y". (Conversion of a point to an octet | |||
| string is described in Section 4.2.8 of [GBT-32918.1-2016].) | string is described in Section 4.2.8 of [GBT-32918.1-2016].) | |||
| skipping to change at line 140 ¶ | skipping to change at line 146 ¶ | |||
| for DNSSEC as the concatenation "r | s". (Conversion of the integers | for DNSSEC as the concatenation "r | s". (Conversion of the integers | |||
| to bit strings is described in Section 4.2.1 of [GBT-32918.1-2016].) | to bit strings is described in Section 4.2.1 of [GBT-32918.1-2016].) | |||
| Each integer MUST be encoded as 32 octets. | Each integer MUST be encoded as 32 octets. | |||
| Process details are described in Section 6 of [GBT-32918.2-2016]. | Process details are described in Section 6 of [GBT-32918.2-2016]. | |||
| The algorithm number associated with the DNSKEY and RRSIG resource | The algorithm number associated with the DNSKEY and RRSIG resource | |||
| records is 17, which is described in the IANA Considerations section. | records is 17, which is described in the IANA Considerations section. | |||
| Conformant implementations that create records to be put into the DNS | Conformant implementations that create records to be put into the DNS | |||
| MAY implement signing and verification for the above algorithm. | MAY implement signing and verification for the SM2 digital signature | |||
| Conformant DNSSEC verifiers MAY implement verification for the above | algorithm. Conformant DNSSEC verifiers MAY implement verification | |||
| algorithm. | for the above algorithm. | |||
| 5. Support for NSEC3 Denial of Existence | 5. Support for NSEC3 Denial of Existence | |||
| This document does not define algorithm aliases mentioned in | This document does not define algorithm aliases mentioned in | |||
| [RFC5155]. | [RFC5155]. | |||
| A DNSSEC validator that implements the signing algorithms defined in | A DNSSEC validator that implements the signing algorithms defined in | |||
| this document MUST be able to validate negative answers in the form | this document MUST be able to validate negative answers in the form | |||
| of both NSEC and NSEC3 with hash algorithm SHA-1, as defined in | of both NSEC and NSEC3 with hash algorithm SHA-1, as defined in | |||
| [RFC5155]. An authoritative server that does not implement NSEC3 MAY | [RFC5155]. An authoritative server that does not implement NSEC3 MAY | |||
| skipping to change at line 186 ¶ | skipping to change at line 192 ¶ | |||
| wu+qUuDsgoBK4w== | wu+qUuDsgoBK4w== | |||
| ) ; ZSK; alg = SM2SM3 ; key id = 65042 | ) ; ZSK; alg = SM2SM3 ; key id = 65042 | |||
| example. 3600 IN RRSIG DNSKEY 17 1 3600 ( | example. 3600 IN RRSIG DNSKEY 17 1 3600 ( | |||
| 20230901000000 20220901000000 65042 example. | 20230901000000 20220901000000 65042 example. | |||
| lF2eq49e62Nn4aT5x8ZI6PdRSTPHPDixZdyl | lF2eq49e62Nn4aT5x8ZI6PdRSTPHPDixZdyl | |||
| lM6GWu4lkRWkpTgWLE4lQK/+qHdNS4DdTd36 | lM6GWu4lkRWkpTgWLE4lQK/+qHdNS4DdTd36 | |||
| Jsuu0FSO5k48Qg== ) | Jsuu0FSO5k48Qg== ) | |||
| example. 0 IN NSEC3PARAM 1 0 10 AABBCCDD | example. 0 IN NSEC3PARAM 1 0 10 AABBCCDD | |||
| example. 0 IN RRSIG NSEC3PARAM 17 1 0 ( | example. 0 IN RRSIG NSEC3PARAM 17 1 0 ( | |||
| 20230901000000 20220901000000 65042 example. | 20230901000000 20220901000000 65042 example. | |||
| aqntwEYEJzkVb8SNuJLwdx7f+vivv5IUIeAj | aqntwEYEJzkVb8SNuJLwdx7f+vivv5IUIeAj ) | |||
| 62KP1QB93KRGR6LM7SEVPJVNG90BLUE8.example. 3600 IN NSEC3 1 1 10 | 62KP1QB93KRGR6LM7SEVPJVNG90BLUE8.example. 3600 IN NSEC3 1 1 10 | |||
| AABBCCDD ( | AABBCCDD ( | |||
| GTGVQIILTSSJ8FFO9J6DC8PRTFAEA8G2 NS SOA RRSIG DNSKEY NSEC3PARAM ) | GTGVQIILTSSJ8FFO9J6DC8PRTFAEA8G2 NS SOA RRSIG DNSKEY NSEC3PARAM ) | |||
| 62KP1QB93KRGR6LM7SEVPJVNG90BLUE8.example. 3600 IN RRSIG NSEC3 17 2 | 62KP1QB93KRGR6LM7SEVPJVNG90BLUE8.example. 3600 IN RRSIG NSEC3 17 2 | |||
| 3600 ( | 3600 ( | |||
| 20230901000000 20220901000000 65042 example. | 20230901000000 20220901000000 65042 example. | |||
| FOWLegTgFkFY9vCOo4kHwjEvZ+IL1NMl4s9V | FOWLegTgFkFY9vCOo4kHwjEvZ+IL1NMl4s9V | |||
| hVyPOwokd5uOLKeXTP19HIeEtW73WcJ9XNe/ ie/knp7Edo/hxw== ) | hVyPOwokd5uOLKeXTP19HIeEtW73WcJ9XNe/ ie/knp7Edo/hxw== ) | |||
| [Example_Program] is an example program based on dnspython and gmssl, | [Example_Program] is an example program based on dnspython and gmssl, | |||
| which supplies key generating, zone signing, zone validating, and DS | which supplies key generating, zone signing, zone validating, and DS | |||
| RR generating functions for convenience. | RR generating functions for convenience. | |||
| 7. IANA Considerations | 7. IANA Considerations | |||
| skipping to change at line 260 ¶ | skipping to change at line 264 ¶ | |||
| rollovers, taking into account record caching. See [RFC7583] for | rollovers, taking into account record caching. See [RFC7583] for | |||
| details. A suitable replacement algorithm should be both widely | details. A suitable replacement algorithm should be both widely | |||
| implemented and not known to have weaknesses. | implemented and not known to have weaknesses. | |||
| The security considerations listed in [RFC4509] apply here as well. | The security considerations listed in [RFC4509] apply here as well. | |||
| 9. References | 9. References | |||
| 9.1. Normative References | 9.1. Normative References | |||
| [GBT-32905-2016] | ||||
| Standardization Administration of China, "Information | ||||
| security technology -- SM3 Cryptographic Hash Algorithm", | ||||
| GB/T 32905-2016, March 2017, <http://www.gmbz.org.cn/ | ||||
| upload/2018-07-24/1532401392982079739.pdf>. | ||||
| [GBT-32918.1-2016] | ||||
| Standardization Administration of China, "Information | ||||
| security technology -- Public key cryptographic algorithm | ||||
| SM2 based on elliptic curves -- Part 1: General", GB/ | ||||
| T 32918.2-2016, March 2017, <http://www.gmbz.org.cn/ | ||||
| upload/2018-07-24/1532401673134070738.pdf>. | ||||
| [GBT-32918.2-2016] | ||||
| Standardization Administration of China, "Information | ||||
| security technology -- Public key cryptographic algorithm | ||||
| SM2 based on elliptic curves -- Part 2: Digital signature | ||||
| algorithm", GB/T 32918.2-2016, March 2017, | ||||
| <http://www.gmbz.org.cn/ | ||||
| upload/2018-07-24/1532401673138056311.pdf>. | ||||
| [IANA] IANA, "DNS Security Algorithm Numbers", | ||||
| <https://www.iana.org/assignments/dns-sec-alg-numbers>. | ||||
| [ISO-IEC10118-3_2018] | ||||
| ISO/IEC, "IT Security techniques -- Hash-functions -- Part | ||||
| 3: Dedicated hash-functions", ISO/IEC 10118-3:2018, | ||||
| October 2018. | ||||
| [ISO-IEC14888-3_2018] | ||||
| ISO/IEC, "IT Security techniques -- Digital signatures | ||||
| with appendix -- Part 3: Discrete logarithm based | ||||
| mechanisms", ISO/IEC 14888-3:2018, November 2018. | ||||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | ||||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | ||||
| May 2017, <https://www.rfc-editor.org/info/rfc8174>. | ||||
| [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. | [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. | |||
| Rose, "DNS Security Introduction and Requirements", | Rose, "DNS Security Introduction and Requirements", | |||
| RFC 4033, DOI 10.17487/RFC4033, March 2005, | RFC 4033, DOI 10.17487/RFC4033, March 2005, | |||
| <https://www.rfc-editor.org/info/rfc4033>. | <https://www.rfc-editor.org/info/rfc4033>. | |||
| [RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and S. | [RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and S. | |||
| Rose, "Resource Records for the DNS Security Extensions", | Rose, "Resource Records for the DNS Security Extensions", | |||
| RFC 4034, DOI 10.17487/RFC4034, March 2005, | RFC 4034, DOI 10.17487/RFC4034, March 2005, | |||
| <https://www.rfc-editor.org/info/rfc4034>. | <https://www.rfc-editor.org/info/rfc4034>. | |||
| [RFC4035] Arends, R., Austein, R., Larson, M., Massey, D., and S. | [RFC4035] Arends, R., Austein, R., Larson, M., Massey, D., and S. | |||
| Rose, "Protocol Modifications for the DNS Security | Rose, "Protocol Modifications for the DNS Security | |||
| Extensions", RFC 4035, DOI 10.17487/RFC4035, March 2005, | Extensions", RFC 4035, DOI 10.17487/RFC4035, March 2005, | |||
| <https://www.rfc-editor.org/info/rfc4035>. | <https://www.rfc-editor.org/info/rfc4035>. | |||
| [IANA] IANA, "DNS Security Algorithm Numbers", | ||||
| <https://www.iana.org/assignments/dns-sec-alg-numbers>. | ||||
| [RFC4509] Hardaker, W., "Use of SHA-256 in DNSSEC Delegation Signer | [RFC4509] Hardaker, W., "Use of SHA-256 in DNSSEC Delegation Signer | |||
| (DS) Resource Records (RRs)", RFC 4509, | (DS) Resource Records (RRs)", RFC 4509, | |||
| DOI 10.17487/RFC4509, May 2006, | DOI 10.17487/RFC4509, May 2006, | |||
| <https://www.rfc-editor.org/info/rfc4509>. | <https://www.rfc-editor.org/info/rfc4509>. | |||
| [RFC5155] Laurie, B., Sisson, G., Arends, R., and D. Blacka, "DNS | [RFC5155] Laurie, B., Sisson, G., Arends, R., and D. Blacka, "DNS | |||
| Security (DNSSEC) Hashed Authenticated Denial of | Security (DNSSEC) Hashed Authenticated Denial of | |||
| Existence", RFC 5155, DOI 10.17487/RFC5155, March 2008, | Existence", RFC 5155, DOI 10.17487/RFC5155, March 2008, | |||
| <https://www.rfc-editor.org/info/rfc5155>. | <https://www.rfc-editor.org/info/rfc5155>. | |||
| [RFC9276] Hardaker, W. and V. Dukhovni, "Guidance for NSEC3 | ||||
| Parameter Settings", BCP 236, RFC 9276, | ||||
| DOI 10.17487/RFC9276, August 2022, | ||||
| <https://www.rfc-editor.org/info/rfc9276>. | ||||
| [RFC7583] Morris, S., Ihren, J., Dickinson, J., and W. Mekking, | [RFC7583] Morris, S., Ihren, J., Dickinson, J., and W. Mekking, | |||
| "DNSSEC Key Rollover Timing Considerations", RFC 7583, | "DNSSEC Key Rollover Timing Considerations", RFC 7583, | |||
| DOI 10.17487/RFC7583, October 2015, | DOI 10.17487/RFC7583, October 2015, | |||
| <https://www.rfc-editor.org/info/rfc7583>. | <https://www.rfc-editor.org/info/rfc7583>. | |||
| [GBT-32918.1-2016] | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
| Standardization Administration of China, "Information | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
| security technology --- Public key cryptographic algorithm | May 2017, <https://www.rfc-editor.org/info/rfc8174>. | |||
| SM2 based on elliptic curves --- Part 1: General", GB/ | ||||
| T 32918.2-2016, March 2017, <http://www.gmbz.org.cn/ | ||||
| upload/2018-07-24/1532401673134070738.pdf>. | ||||
| [GBT-32918.2-2016] | ||||
| Standardization Administration of China, "Information | ||||
| security technology --- Public key cryptographic algorithm | ||||
| SM2 based on elliptic curves --- Part 2: Digital signature | ||||
| algorithm", GB/T 32918.2-2016, March 2017, | ||||
| <http://www.gmbz.org.cn/ | ||||
| upload/2018-07-24/1532401673138056311.pdf>. | ||||
| [ISO-IEC14888-3_2018] | ||||
| ISO/IEC, "IT Security techniques -- Digital signatures | ||||
| with appendix -- Part 3: Discrete logarithm based | ||||
| mechanisms", ISO/IEC 14888-3:2018, November 2018. | ||||
| [GBT-32905-2016] | ||||
| Standardization Administration of China, "Information | ||||
| security technology --- SM3 cryptographic hash algorithm", | ||||
| GB/T 32905-2016, March 2017, <http://www.gmbz.org.cn/ | ||||
| upload/2018-07-24/1532401392982079739.pdf>. | ||||
| [ISO-IEC10118-3_2018] | [RFC9276] Hardaker, W. and V. Dukhovni, "Guidance for NSEC3 | |||
| ISO/IEC, "IT Security techniques -- Hash-functions -- Part | Parameter Settings", BCP 236, RFC 9276, | |||
| 3: Dedicated hash-functions", ISO/IEC 10118-3:2018, | DOI 10.17487/RFC9276, August 2022, | |||
| October 2018. | <https://www.rfc-editor.org/info/rfc9276>. | |||
| 9.2. Informative References | 9.2. Informative References | |||
| [Example_Program] | [Example_Program] | |||
| "sign and validate dnssec signature with sm2sm3 | "sign and validate dnssec signature with sm2sm3 | |||
| algorithm", commit 6f98c17, April 2023, | algorithm", commit 6f98c17, April 2023, | |||
| <https://github.com/scooct/dnssec_sm2sm3>. | <https://github.com/scooct/dnssec_sm2sm3>. | |||
| Authors' Addresses | Authors' Addresses | |||
| End of changes. 12 change blocks. | ||||
| 55 lines changed or deleted | 59 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||