RFC Errata
RFC 7914, "The scrypt Password-Based Key Derivation Function", August 2016
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
See Also: RFC 7914 w/ inline errata
Errata ID: 5871
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Russ Housley
Date Reported: 2019-10-07
Verifier Name: Benjamin Kaduk
Date Verified: 2019-10-10
Section 7.1 says:
scrypt-0 {1 3 6 1 4 1 11591 4 10} DEFINITIONS ::= BEGIN id-scrypt OBJECT IDENTIFIER ::= {1 3 6 1 4 1 11591 4 11} scrypt-params ::= SEQUENCE { salt OCTET STRING, costParameter INTEGER (1..MAX), blockSize INTEGER (1..MAX), parallelizationParameter INTEGER (1..MAX), keyLength INTEGER (1..MAX) OPTIONAL } PBES2-KDFs ALGORITHM-IDENTIFIER ::= { {scrypt-params IDENTIFIED BY id-scrypt}, ... } END
It should say:
Module-scrypt-0 {1 3 6 1 4 1 11591 4 10} DEFINITIONS ::= BEGIN IMPORTS ALGORITHM-IDENTIFIER FROM PKCS5v2-0 -- [RFC2898] { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-5(5) modules(16) pkcs5v2-0(1) } ; id-scrypt OBJECT IDENTIFIER ::= {1 3 6 1 4 1 11591 4 11} Scrypt-params ::= SEQUENCE { salt OCTET STRING, costParameter INTEGER (1..MAX), blockSize INTEGER (1..MAX), parallelizationParameter INTEGER (1..MAX), keyLength INTEGER (1..MAX) OPTIONAL } PBES2-KDFs ALGORITHM-IDENTIFIER ::= { {Scrypt-params IDENTIFIED BY id-scrypt}, ... } END
Notes:
The ASN.1 module does not compile without some minor corrections.
First, ALGORITHM-IDENTIFIER needs to be defined. The simplest solution is to IMPORT it from RFC 2898.
Second, the module name and the scrypt-params structure name must begin with capital letters. Small changes are made to meet these ASN.1 requirements.