ITU-T X.510 (10/2023) - Information Technology – Open systems Interconnection – The Directory – Protocol specifications for secure operations
SECTION 1 – GENERAL
1 Scope
2 Normative references
     2.1 Identical Recommendations | International Standards
     2.2 Paired Recommendations | International Standards equivalent in technical content
     2.3 International Standards
     2.4 Other references
3 Definitions
     3.1 OSI reference model definitions
     3.2 Directory model definitions
     3.3 Public-key and attribute certificate definitions
     3.4 Terms defined in this Recommendation | International Standard
4 Abbreviations
5 Conventions
6 Communication model
7 Common data types and special cryptographic algorithms
     7.1 Introduction
     7.2 ASN.1 information object class specification tool
          7.2.1 General information object class concept
          7.2.2 The ALGORITHM information object class
     7.3 Parameterized data types
          7.3.1 The parameterized data type concept
          7.3.2 Parameterized data types for cryptographic algorithms representation
          7.3.3 Relationship between Information object class and parameterized data type
          7.3.4 Cryptographic algorithm pluck-in concept
     7.4 Multiple cryptographic algorithm specifications
          7.4.1 General
          7.4.2 Algorithm information object sets
          7.4.3 Object identifier allocation
          7.4.4 Multiple-cryptographic algorithm specifications without invoke
               7.4.4.1 General
               7.4.4.2 Multiple digital signature algorithms
               7.4.4.3 Multiple public-key algorithms
               7.4.4.4 Multiple hash algorithms
               7.4.4.5 Multiple key establishment algorithm
               7.4.4.6 Multiple sets for data transfer protection algorithms
          7.4.5 Multiple choice cryptographic algorithm specifications without invoke
               7.4.5.1 General
               7.4.5.2 Choice digital signature algorithm
               7.4.5.3 Choice public-key algorithm
               7.4.5.4 Choice hash algorithm
               7.4.5.5 Choice key-establishment algorithm
               7.4.5.6 Choice sets for data transfer protection algorithms
          7.4.6 Multiple-cryptographic algorithm specifications with invoke
               7.4.6.1 General
               7.4.6.2 Multiple digital signatures algorithms
               7.4.6.3 Multiple public-key algorithms
               7.4.6.4 Multiple hash algorithms
               7.4.6.5 Multiple key establishment algorithm
          7.4.7 Multiple choice cryptographic algorithm specifications with invoke
               7.4.7.1 General
               7.4.7.2 Choice digital signature algorithm
               7.4.7.3 Choice public-key algorithm
               7.4.7.4 Choice hash algorithm
               7.4.7.5 Choice key establishment algorithm
     7.5 Parameterized data types for providing multiple-cryptographic algorithm-values
          7.5.1 Multiple digital signatures attached to data
          7.5.2 Double digital signature attached to data
          7.5.3 Duplicate integrity check values attached to data
     7.6 Formal specification of encipherment
          7.6.1 Formal specification of encryption
          7.6.2 Formal specification of authenticated encryption with associated data
8 Symmetric-key algorithms
     8.1 Introduction to symmetric-key algorithms
     8.2 Advance encryption standard (AES) – symmetric-key algorithms
          8.2.1 General
          8.2.2 Advanced encryption standard – electronic codebook mode (AES-ECB)
          8.2.3 Advanced encryption standard – cipher block chaining mode (AES-CBC)
          8.2.4 Advanced encryption standard – cipher feedback mode (AES-CFB)
          8.2.5 Advanced encryption standard – output feedback mode (AES-OFB)
          8.2.6 Advanced encryption standard – counter mode (AES-CTR)
          8.2.7 Advanced encryption standard – Galois/counter mode (AES-GCM)
          8.2.8 Advanced encryption standard – Galois/counter mode – synthetic initialization vector (AES-GCM-SIV)
          8.2.9 Advanced encryption standard (AES) – counter with CBC-MAC (AES-CCM)
          8.2.10 Advanced encryption standard (AES) – Galois Message Authentication Code (AES-GMAC)
          8.2.11 Advanced encryption standard – cipher-based message authentication code (AES-CMAC)
     8.3 Camellia symmetric-key algorithms
          8.3.1 General
          8.3.2 Camellia – electronic codebook (CAM-ECB) mode
          8.3.3 Camellia – cipher block chaining (CAM-CBC) mode
          8.3.4 Camellia – cipher feedback (CAM-CFB) mode
          8.3.5 Camellia – output feedback (CAM-OFB) mode
          8.3.6 Camellia – counter (CAM-CTR) mode
          8.3.7 Camellia – Galois/counter mode (CAM-GCM)
          8.3.8 Camellia – Galois/counter mode – synthetic initialization vector (CAM-GCM-SIV)
          8.3.9 Camellia – Counter with CBC-MAC (CAM-CCM)
          8.3.10 Camellia – Galois Message Authentication Code (CAM-GMAC)
          8.3.11 Camellia – Cipher-based message authentication code (CAM-CMAC)
     8.4 SEED – symmetric-key algorithms
          8.4.1 General
          8.4.2 SEED – electronic codebook (SEED-ECB) mode
          8.4.3 SEED – cipher block chaining (SEED-CBC) mode
          8.4.4 SEED – cipher feedback (SEED-CFB) mode
          8.4.5 SEED – output feedback (SEED-OFB) mode
          8.4.6 SEED – counter (SEED-CTR) mode
          8.4.7 SEED – Galois/counter mode (SEED-GCM)
          8.4.8 SEED – Galois/counter mode – synthetic initialization vector (SEED-GCM-SIV)
          8.4.9 SEED – Counter with CBC-MAC (SEED-CCM)
          8.4.10 SEED – Galois Message Authentication Code (SEED-GMAC)
          8.4.11 SEED – Cipher-based message authentication code (SEED-CMAC)
     8.5 SM4 – symmetric-key algorithms
          8.5.1 General
          8.5.2 SM4 – electronic codebook (SM4-ECB) mode
          8.5.3 SM4 – cipher block chaining (SM4-CBC) mode
          8.5.4 SM4 – cipher feedback (SM4-CFB) mode
          8.5.5 SM4 – output feedback (SM4-OFB) mode
          8.5.6 SM4 – counter (SM4-CTR) mode
          8.5.7 SM4 – Galois/counter mode (SM4-GCM)
          8.5.8 SM4 – Galois/counter mode – synthetic initialization vector (SM4-GCM-SIV)
          8.5.9 SM4 – Counter with CBC-MAC (SM4-CCM)
          8.5.10 SM4 – Galois Message Authentication Code (SM4-GMAC)
          8.5.11 SM4 – Cipher-based message authentication code (SM4-CMAC)
9 Public-key and digital signature algorithms
10 Key establishment algorithms
     10.1 General
     10.2 Diffie-Hellman over prime field
          10.2.1 General
          10.2.2 Diffie-Hellman group 14 algorithm with HKDF-256
          10.2.3 Diffie-Hellman group 15 algorithm with HKDF-384
          10.2.4 Diffie-Hellman group 16 algorithm with HKDF-512
          10.2.5 Diffie-Hellman group 17 algorithm with HKDF-768
          10.2.6 Diffie-Hellman group 18 algorithm with HKDF-1024
     10.3 Elliptic curve Diffie-Hellman
          10.3.1 General
          10.3.2 Diffie-Hellman group 23 algorithm with HKDF-256
          10.3.3 Diffie-Hellman group 28 algorithm with HKDF-256
     10.4 Key derivation
          10.4.1 General
          10.4.2 HMAC-based Extract-and-Expand Key Derivation Function
11 General concepts for securing protocols
     11.1 Introduction
     11.2 Protected protocol plug-in concept
     11.3 Communication structure
     11.4 Another view of the relationship between the wrapper protocol and the protected protocol
     11.5 Structure of the application protocol data unit
     11.6 Exception conditions
SECTION 2 – THE WRAPPER PROTOCOL
12 Wrapper protocol general concepts
     12.1 Introduction
     12.2 UTC time specification
     12.3 Use of alternative cryptographic algorithms
     12.4 Establishment of symmetric keys
     12.5 Sequence numbers
     12.6 Use of invocation identification in the wrapper protocol
     12.7 Mapping to underlying services
     12.8 Addressing of communicating entities
     12.9 Definition of protected protocols
     12.10 Overview of wrapper protocol data units
13 Association management
     13.1 Introduction to association management
     13.2 Association handshake request
     13.3 Association handshake accept
     13.4 Association reject due to security issues
     13.5 Association reject by the protected protocol
     13.6 Handshake security abort
     13.7 Handshake abort by protected protocol
     13.8 Data transfer security abort
     13.9 Abort by protected protocol
     13.10 Release request WrPDU
     13.11 Release response WrPDU
     13.12 Release collision
14 Data transfer phase
     14.1 Symmetric keys renewal
     14.2 Data transfer by the client
          14.2.1 General
          14.2.2 Client using authenticated encryption with associated data
          14.2.3 Client not using authenticated encryption with associated data
          14.2.4 Client non-encrypted data
     14.3 Data transfer by the server
          14.3.1 General
          14.3.2 Server using authenticated encryption with associated data
          14.3.3 Server not using authenticated encryption with associated data
          14.3.4 Server non-encrypted data
15 Information flow
     15.1 Purpose and general model
     15.2 Protected protocol SAOC
     15.3 Wrapper SAOC
          15.3.1 General
          15.3.2 Handshake request subclass
          15.3.3 Handshake accept subclass
          15.3.4 Handshake security reject subclass
          15.3.5 Handshake reject by protected protocol subclass
          15.3.6 Handshake abort by protected protocol subclass
          15.3.7 Handshake security abort subclass
          15.3.8 Data transfer security abort subclass
          15.3.9 Data transfer application abort subclass
          15.3.10 Release request subclass
          15.3.11 Release response subclass
          15.3.12 Client data transfer with authenticated encryption with associated data subclass
          15.3.13 Client data transfer with integrity check value protection subclass
          15.3.14 Server data transfer with authenticated encryption with associated data subclass
          15.3.15 Client data transfer with integrity check value protection subclass
16 Wrapper error handling
     16.1 General
     16.2 Checking of a wrapper handshake request
          16.2.1 General
          16.2.2 Digital signature checking
          16.2.3 Checking of the to-be-signed part
     16.3 Checking of a wrapper handshake accept
          16.3.1 General
          16.3.2 Digital signature checking
          16.3.3 Checking of the to-be-signed part
     16.4 Checking of data transfer WrPDUs
          16.4.1 General
          16.4.2 Common checks for data transfer
               16.4.2.1 Common checks for use of authenticate encryption with associated data
               16.4.2.2 Common checks for encryption and ICV
               16.4.2.3 Common checks for AadClient and AadServer data types
          16.4.3 AadClient data value specific checking
          16.4.4 AadServer data value specific checking
     16.5 Wrapper diagnostic codes
17 End-to-end communications
SECTION 3 – PROTECTED PROTOCOLS
18 Authorization and validation list management
     18.1 General on authorization and validation management
          18.1.1 Introduction
          18.1.2 Invocation identification
          18.1.3 Exception conditions
     18.2 Defined protected protocol data unit types
     18.3 Authorization and validation management protocol initialization request
     18.4 Authorization and validation management protocol initialization accept
     18.5 Authorization and validation management protocol initialization reject
     18.6 Authorization and validation management protocol initialization abort
     18.7 Add authorization and validation list request
     18.8 Add authorization and validation list response
     18.9 Replace authorization and validation list request
     18.10 Replace authorization and validation list response
     18.11 Delete authorization and validation list request
     18.12 Delete authorization and validation list response
     18.13 Authorization and validation list abort
     18.14 Authorization and validation list error codes
19 Certification authority subscription protocol
     19.1 Certification authority subscription introduction
     19.2 Defined protected protocol data unit types
     19.3 Certification authority subscription protocol initialization request
     19.4 Certification authority subscription protocol initialization accept
     19.5 Certification authority subscription protocol initialization reject
     19.6 Certification authority subscription protocol initialization abort
     19.7 Public-key certificate subscription request
     19.8 Public-key certificate subscription response
     19.9 Public-key certificate un-subscription request
     19.10 Public-key certificate un-subscription response
     19.11 Public-key certificate replacements request
     19.12 Public-key certificate replacement response
     19.13 End-entity public-key certificate updates request
     19.14 End-entity public-key certificate updates response
     19.15 Certification authority subscription abort
     19.16 Certification authority subscription error codes
20 Trust broker protocol
     20.1 Introduction
     20.2 Defined protected protocol data unit types
     20.3 Trust broker protocol initialization request
     20.4 Trust broker protocol initialization accept
     20.5 Trust broker protocol initialization reject
     20.6 Trust broker protocol initialization abort
     20.7 Trust broker request syntax
     20.8 Trust broker response syntax
     20.9 Trust broker error information
     H.1 Migration of cryptographic algorithms
          H.1.1 General considerations
          H.1.2 The quantum computer threat to cybersecurity
     H.2 Migration tools or migration approaches
          H.2.1 Introduction
          H.2.2 General considerations on migration principles
     H.3 Migration of public-key certificates and other data types using the extension mechanism
     H.4 General migration approach for communication protocols
     H.5 Use of multiple and choice cryptographic algorithms
          H.5.1 General considerations on the principles
               H.5.1.1 Extended use of the ALGORITHM information object class
               H.5.1.2 Phase one of migration
               H.5.1.3 Phase two of migration