Hi Hamish,
When reviewing the document, I found a few more occurrences of WrapMessageKey or MessageEncrypt to be updated (maybe you already noticed yourself in your last review) and a few other peanuts. As trying to
explain the exact locations in an email is a bit difficult, I have added comments in attached PDF. Other than that â no major comment
ð .
Thanks,
Dieter
From:
pkcs11@lists.oasis-open.org <
pkcs11@lists.oasis-open.org>
On Behalf Of Hamish Cameron
Sent: Wednesday, April 26, 2023 5:32 PM
To: Jonathan Schulze-Hewett <
schulze-hewett@infoseccorp.com>;
pkcs11@lists.oasis-open.org Subject: Re: [pkcs11] Groups - GCM and CCM iv/nonce token generated for wrapping v2 uploaded
Hi Jonathan,
Agreed I notice I had miss some of the name change almost as I published it.
(JSH) Nits:
1.2.1 paragraph one starts with C_WrapMessageKey (the old name)
1.2.1 paragraph fourâs first sentence misspells C_WrapKeyAuthenticated as C_WrapKeAuthenticated
I have updated this already. No published again as yet.
The mechs in terms of pkcs#11 will use CKM_AES_GCM CCM equivalent CCM this was a follow up from the work items for 3.2 public comments not captured elsewhere that will probably end up in 3.2 See
https://wiki.oasis-open.org/pkcs11/3.2WorkItems item 1 â Is there a way for the token to choose the IV
internally when wrapping in GCM and CCMâ and PKCS11 state we support CKM_AES_GCM/CCM for wrap unwrap this was a clear up of about getting an IV back internally generated random IV and in a FIPS -140-2 level3
the HSM must supply the IV.
(JSH) Section 1.2.1 states that it can be used to wrap with a public key that supports encryption and decryption? What public key algorithm supports authenticated key wrap?
Agreed: This is incorrect and needs to be removed
(JSH) Section 1.2.1 states that it can be used to wrap with any secret key? Is that true? Someone can wrap with 3DES or some other key for which there is no authenticated encryption algorithm defined?
Agreed Needs clarification again copy and paste form Wrap and unwrap in each case and I need to specialize these to show it specifically designed for Authenticated Mechs CKM_AES_GCM/CCM using an AES key. Thanks
for the feed back not sure I will get this done before meeting.
Thanks
Hamish
From:
Jonathan Schulze-Hewett <
schulze-hewett@infoseccorp.com >
Date: Wednesday, 26 April 2023 at 14:23
To: Hamish Cameron <
Hamish.Cameron@entrust.com >,
pkcs11@lists.oasis-open.org <
pkcs11@lists.oasis-open.org >
Subject: [EXTERNAL] RE: [pkcs11] Groups - GCM and CCM iv/nonce token generated for wrapping v2 uploaded
WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
Hi Hamish,
Is there a standard or specification that this is intended to help meet. For example, section 4.7 of RFC 7518 defines âKey Encryption with AES GCMâ as a JSON Web Algorithm. If so, adding a reference to the
standard would be helpful for context. As of now I donât have a good handle on why I would implement this, which algorithms it would support, etc.
Section 1.2.1 states that it can be used to wrap with a public key that supports encryption and decryption? What public key algorithm supports authenticated key wrap?
Section 1.2.1 states that it can be used to wrap with any secret key? Is that true? Someone can wrap with 3DES or some other key for which there is no authenticated encryption algorithm defined?
Nits:
1.2.1 paragraph one starts with C_WrapMessageKey (the old name) 1.2.1 paragraph fourâs first sentence misspells C_WrapKeyAuthenticated as C_WrapKeAuthenticated
Sincerely,
Jonathan
From:
pkcs11@lists.oasis-open.org <
pkcs11@lists.oasis-open.org >
On Behalf Of Hamish Cameron
Sent: Tuesday, April 25, 2023 3:50 PM
To:
pkcs11@lists.oasis-open.org Subject: [EXT][pkcs11] Groups - GCM and CCM iv/nonce token generated for wrapping v2 uploaded
THIS MESSAGE COMES FROM AN EXTERNAL SOURCE. PLEASE VERIFY THE CONTENTS OF THIS MESSAGE BEFORE PROCEEDING.
Document Name :
GCM
and CCM iv/nonce token generated for wrapping v2
Description
Updated Proposal for allowing the token to choose/generate the IV (GCM) or
nonce (CCM)internally when wrapping in GCM and CCM two proposals here:
1. New Authenticated wrapping functions
2. New wrap params structure to be able to be used with the current
C_WrapKey and C_UnWrapKey.
Description of how to actually use new functions and existing with GCM and
CCM.
Download
Latest Revision
Public
Download Link
Submitter : Hamish Cameron
Group : OASIS PKCS 11 TC
Folder : Working Drafts
Date submitted : 2023-04-25 13:50:23
Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent
to you in error, you must not copy, distribute or disclose of the information it contains.
Please notify Entrust immediately and delete the message from your system.
Utimaco IS GmbH
Germanusstr. 4, D.52080 Aachen, Germany, Tel: +49-241-1696-0,
www.utimaco.com Seat: Aachen â Registergericht Aachen HRB 18922
VAT ID No.: DE 815 496 496
Managementboard: Stefan Auerbach, Martin Stamm, Hacan Tiwemark
This communication is confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Please inform us immediately and destroy the email.
Attachment: pkcs11-GCM-CCMWrapIVnonceupdate_wd2_DBO.pdf Description: pkcs11-GCM-CCMWrapIVnonceupdate_wd2_DBO.pdf