OASIS PKCS 11 TC

All,   Bob already pointed out some issues in the GCM/CCM section. Therefore, I did a detailed review taking into account the message functions proposal and Dave’s and my proposal to correct some GCM/CCM errors. Since both proposals affected the same sections and have been developed independently things got inconsistent, others were missing. Please find attached a version of Chris’ WD03 document with corrected and updated GCM/CCM sections.   I like to highlight some issues – for other see inline comments:   In general, I tried to fix formatting: only variable names are italic.   2995-3033: MessageEncrypt/MessageDecrypt was missing completely. I readded it and applied changes similar to the changes in Encrypt/Decrypt.   3033/3161: This requirement does not make sense. I suggest to remove it completely. Any other opinions?   3037-3114: Was a complete duplicate.   3236/3287: IMO the names “CK_GCM_AEAD_PARAMS” and “CK_CCM_AEAD_PARAMS” are very misleading. GCM and CCM are AEAD algorithms. However, the difference between CK_GCM_PARAMS and CK_GCM_AEAD_PARAMS is not that only the latter is AEAD, but it must be used with the message functions. Therefore, I strongly suggest to rename these structures to, for example, CK_GCM_MSG_PARAMS (CCM similar)!   3250: For CK_GCM_PARAMS, we changed the upper bound of ulIvLen to 2^32-1. Is there any reason not to apply the change here as well?   3115-3375: This was already a duplicate in the 2.40 standard.   I added some clarifying sentences and rephrased some others which were misleading. Even the final AEAD message function proposal contained some errors, which I tried to correct.   We must try to fix these sections. Otherwise, it will be very hard to implement/use these mechanism properly.   Regards, Daniel   Utimaco IS GmbH Germanusstr. 4, D.52080 Aachen, Germany, Tel: +49-241-1696-0, www.utimaco.com Seat: Aachen – Registergericht Aachen HRB 18922 VAT ID No.: DE 815 496 496 Managementboard: Malte Pollmann (Chairman) CEO, Dr. Frank J. Nellissen CFO This communication is confidential. We only send and receive email on the basis of the terms set out at https://www.utimaco.com/en/e-mail-disclaimer/ Attachment: pkcs11-curr-v3.0-wd03_DMI.docx Description: pkcs11-curr-v3.0-wd03_DMI.docx

On 01/12/2018 06:32 AM, Daniel Minder wrote: All,   Bob already pointed out some issues in the GCM/CCM section. Therefore, I did a detailed review taking into account the message functions proposal and Dave’s and my proposal to correct some GCM/CCM errors. Since both proposals affected the same sections and have been developed independently things got inconsistent, others were missing. Please find attached a version of Chris’ WD03 document with corrected and updated GCM/CCM sections.   I like to highlight some issues – for other see inline comments:   In general, I tried to fix formatting: only variable names are italic.   2995-3033: MessageEncrypt/MessageDecrypt was missing completely. I readded it and applied changes similar to the changes in Encrypt/Decrypt. Chris's WD03 had 3 separate sections all entitled GCM/CCM. it looks like that replacement sections was added in a different place without removing the old GCM/CCM. It also looks like it got mangled.   3033/3161: This requirement does not make sense. I suggest to remove it completely. Any other opinions?   3037-3114: Was a complete duplicate.   3236/3287: IMO the names “CK_GCM_AEAD_PARAMS” and “CK_CCM_AEAD_PARAMS” are very misleading. GCM and CCM are AEAD algorithms. However, the difference between CK_GCM_PARAMS and CK_GCM_AEAD_PARAMS is not that only the latter is AEAD, but it must be used with the message functions. Therefore, I strongly suggest to rename these structures to, for example, CK_GCM_MSG_PARAMS (CCM similar)! Unlike the message rename, I'm OK with this change.   3250: For CK_GCM_PARAMS, we changed the upper bound of ulIvLen to 2^32-1. Is there any reason not to apply the change here as well? No, it should apply.   3115-3375: This was already a duplicate in the 2.40 standard.   I added some clarifying sentences and rephrased some others which were misleading. Even the final AEAD message function proposal contained some errors, which I tried to correct.   We must try to fix these sections. Otherwise, it will be very hard to implement/use these mechanism properly.   Regards, Daniel   Utimaco IS GmbH Germanusstr. 4, D.52080 Aachen, Germany, Tel: +49-241-1696-0, www.utimaco.com Seat: Aachen – Registergericht Aachen HRB 18922 VAT ID No.: DE 815 496 496 Managementboard: Malte Pollmann (Chairman) CEO, Dr. Frank J. Nellissen CFO This communication is confidential. We only send and receive email on the basis of the terms set out at https://www.utimaco.com/en/e-mail-disclaimer/ --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php