OASIS PKCS 11 TC

Hi Jonathan,   Agreed I notice I had miss some of the name change almost as I published it. (JSH) Nits: 1.2.1 paragraph one starts with C_WrapMessageKey (the old name) 1.2.1 paragraph four’s first sentence misspells C_WrapKeyAuthenticated as C_WrapKeAuthenticated   I have updated this already. No published again as yet.   The mechs in terms of pkcs#11 will use CKM_AES_GCM CCM equivalent CCM this was a follow up from the work items for 3.2 public comments not captured elsewhere that will probably end up in 3.2 See https://wiki.oasis-open.org/pkcs11/3.2WorkItems item 1 “ Is there a way for the token to choose the IV internally when wrapping in GCM and CCM” and PKCS11 state we support CKM_AES_GCM/CCM for wrap unwrap this was a clear up of about getting an IV back internally generated random IV and in a FIPS -140-2 level3 the HSM must supply the IV.   (JSH) Section 1.2.1 states that it can be used to wrap with a public key that supports encryption and decryption? What public key algorithm supports authenticated key wrap?   Agreed: This is incorrect and needs to be removed   (JSH) Section 1.2.1 states that it can be used to wrap with any secret key? Is that true? Someone can wrap with 3DES or some other key for which there is no authenticated encryption algorithm defined?   Agreed Needs clarification again copy and paste form Wrap and unwrap in each case and I need to specialize these to show it specifically designed for Authenticated Mechs CKM_AES_GCM/CCM using an AES key. Thanks for the feed back not sure I will get this done before meeting.   Thanks Hamish       From: Jonathan Schulze-Hewett < schulze-hewett@infoseccorp.com > Date: Wednesday, 26 April 2023 at 14:23 To: Hamish Cameron < Hamish.Cameron@entrust.com >, pkcs11@lists.oasis-open.org < pkcs11@lists.oasis-open.org > Subject: [EXTERNAL] RE: [pkcs11] Groups - GCM and CCM iv/nonce token generated for wrapping v2 uploaded WARNING: This email originated outside of Entrust. DO NOT CLICK links or attachments unless you trust the sender and know the content is safe. Hi Hamish,   Is there a standard or specification that this is intended to help meet. For example, section 4.7 of RFC 7518 defines “Key Encryption with AES GCM” as a JSON Web Algorithm. If so, adding a reference to the standard would be helpful for context. As of now I don’t have a good handle on why I would implement this, which algorithms it would support, etc.   Section 1.2.1 states that it can be used to wrap with a public key that supports encryption and decryption? What public key algorithm supports authenticated key wrap?   Section 1.2.1 states that it can be used to wrap with any secret key? Is that true? Someone can wrap with 3DES or some other key for which there is no authenticated encryption algorithm defined?   Nits: 1.2.1 paragraph one starts with C_WrapMessageKey (the old name) 1.2.1 paragraph four’s first sentence misspells C_WrapKeyAuthenticated as C_WrapKeAuthenticated   Sincerely, Jonathan   From: pkcs11@lists.oasis-open.org < pkcs11@lists.oasis-open.org > On Behalf Of Hamish Cameron Sent: Tuesday, April 25, 2023 3:50 PM To: pkcs11@lists.oasis-open.org Subject: [EXT][pkcs11] Groups - GCM and CCM iv/nonce token generated for wrapping v2 uploaded   THIS MESSAGE COMES FROM AN EXTERNAL SOURCE. PLEASE VERIFY THE CONTENTS OF THIS MESSAGE BEFORE PROCEEDING. Document Name : GCM and CCM iv/nonce token generated for wrapping v2 Description Updated Proposal for allowing the token to choose/generate the IV (GCM) or nonce (CCM)internally when wrapping in GCM and CCM two proposals here: 1. New Authenticated wrapping functions 2. New wrap params structure to be able to be used with the current C_WrapKey and C_UnWrapKey. Description of how to actually use new functions and existing with GCM and CCM. Download Latest Revision Public Download Link Submitter : Hamish Cameron Group : OASIS PKCS 11 TC Folder : Working Drafts Date submitted : 2023-04-25 13:50:23   Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.

Hi Hamish,
 
When reviewing the document, I found a few more occurrences of WrapMessageKey or MessageEncrypt to be updated (maybe you already noticed yourself in your last review) and a few other peanuts. As trying to
explain the exact locations in an email is a bit difficult, I have added comments in attached PDF. Other than that â no major comment
ð .
 
Thanks,
Dieter
 


From: pkcs11@lists.oasis-open.org <pkcs11@lists.oasis-open.org>
On Behalf Of Hamish Cameron
Sent: Wednesday, April 26, 2023 5:32 PM
To: Jonathan Schulze-Hewett <schulze-hewett@infoseccorp.com>; pkcs11@lists.oasis-open.org
Subject: Re: [pkcs11] Groups - GCM and CCM iv/nonce token generated for wrapping v2 uploaded


 
Hi Jonathan,
 
Agreed I notice I had miss some of the name change almost as I published it.
(JSH) Nits:


1.2.1 paragraph one starts with C_WrapMessageKey (the old name)
1.2.1 paragraph fourâs first sentence misspells C_WrapKeyAuthenticated as C_WrapKeAuthenticated
 
I have updated this already. No published again as yet.
 
The mechs in terms of pkcs#11 will use CKM_AES_GCM CCM equivalent CCM this was a follow up from the work items for 3.2 public comments not captured elsewhere that will probably end up in 3.2 See
https://wiki.oasis-open.org/pkcs11/3.2WorkItems item 1 â Is there a way for the token to choose the IV
internally when wrapping in GCM and CCMâ and PKCS11 state we support CKM_AES_GCM/CCM for wrap unwrap this was a clear up of about getting an IV back internally generated random IV and in a FIPS -140-2 level3
the HSM must supply the IV.
 
(JSH) Section 1.2.1 states that it can be used to wrap with a public key that supports encryption and decryption? What public key algorithm supports authenticated key wrap?
 
Agreed: This is incorrect and needs to be removed

 
(JSH) Section 1.2.1 states that it can be used to wrap with any secret key? Is that true? Someone can wrap with 3DES or some other key for which there is no authenticated encryption algorithm defined?
 
Agreed Needs clarification again copy and paste form Wrap and unwrap in each case and I need to specialize these to show it specifically designed for Authenticated Mechs CKM_AES_GCM/CCM using an AES key. Thanks
for the feed back not sure I will get this done before meeting.
 
Thanks
Hamish
 
 
 

From:
Jonathan Schulze-Hewett < schulze-hewett@infoseccorp.com >
Date: Wednesday, 26 April 2023 at 14:23
To: Hamish Cameron < Hamish.Cameron@entrust.com >,
pkcs11@lists.oasis-open.org < pkcs11@lists.oasis-open.org >
Subject: [EXTERNAL] RE: [pkcs11] Groups - GCM and CCM iv/nonce token generated for wrapping v2 uploaded

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.



Hi Hamish,
 
Is there a standard or specification that this is intended to help meet. For example, section 4.7 of RFC 7518 defines âKey Encryption with AES GCMâ as a JSON Web Algorithm. If so, adding a reference to the
standard would be helpful for context. As of now I donât have a good handle on why I would implement this, which algorithms it would support, etc.
 
Section 1.2.1 states that it can be used to wrap with a public key that supports encryption and decryption? What public key algorithm supports authenticated key wrap?
 
Section 1.2.1 states that it can be used to wrap with any secret key? Is that true? Someone can wrap with 3DES or some other key for which there is no authenticated encryption algorithm defined?
 
Nits:

1.2.1 paragraph one starts with C_WrapMessageKey (the old name) 1.2.1 paragraph fourâs first sentence misspells C_WrapKeyAuthenticated as C_WrapKeAuthenticated
 
Sincerely,
Jonathan
 


From:
pkcs11@lists.oasis-open.org < pkcs11@lists.oasis-open.org >
On Behalf Of Hamish Cameron
Sent: Tuesday, April 25, 2023 3:50 PM
To: pkcs11@lists.oasis-open.org
Subject: [EXT][pkcs11] Groups - GCM and CCM iv/nonce token generated for wrapping v2 uploaded


 
THIS MESSAGE COMES FROM AN EXTERNAL SOURCE. PLEASE VERIFY THE CONTENTS OF THIS MESSAGE BEFORE PROCEEDING.






Document Name :
GCM
and CCM iv/nonce token generated for wrapping v2







Description
Updated Proposal for allowing the token to choose/generate the IV (GCM) or
nonce (CCM)internally when wrapping in GCM and CCM two proposals here:
1. New Authenticated wrapping functions
2. New wrap params structure to be able to be used with the current
C_WrapKey and C_UnWrapKey.

Description of how to actually use new functions and existing with GCM and
CCM.
Download
Latest Revision
Public
Download Link







Submitter : Hamish Cameron
Group : OASIS PKCS 11 TC
Folder : Working Drafts
Date submitted : 2023-04-25 13:50:23




 

Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent
to you in error, you must not copy, distribute or disclose of the information it contains.
Please notify Entrust immediately and delete the message from your system.





Utimaco IS GmbH
Germanusstr. 4, D.52080 Aachen, Germany, Tel: +49-241-1696-0, www.utimaco.com
Seat: Aachen â Registergericht Aachen HRB 18922
VAT ID No.: DE 815 496 496
Managementboard: Stefan Auerbach, Martin Stamm, Hacan Tiwemark

This communication is confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Please inform us immediately and destroy the email.



Attachment: pkcs11-GCM-CCMWrapIVnonceupdate_wd2_DBO.pdf Description: pkcs11-GCM-CCMWrapIVnonceupdate_wd2_DBO.pdf