Hi Dieter,
Thanks for the feed back, I will try to address your comments before the next TC if possible.
I like your proposal and will change the naming to
C_WrapKeyAuthenticated C_UnWrapKeyAuthenticated this I think has better meaning. And Wrapping and unwrapping is a bit different to SignMessage/EncryptMessage
Thanks
Hamish
From: Dieter Bong <Dieter.Bong@utimaco.com>
Sent: 10 March 2023 4:06 PM
To: Hamish Cameron <Hamish.Cameron@entrust.com>; pkcs11@lists.oasis-open.org
Subject: [EXTERNAL] RE: [pkcs11] Groups - GCM and CCM iv/nonce token generated for wrapping uploaded
WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
Hi Hamish,
Overall the proposal looks good to me, thanks for that.
I noticed a few sections which have probably been copy-pasted from the AES GCM/CCM encrypt/decrypt specification but still need small updates to make them fit for key (un-)wrapping:
- Section 1.3.3, steps for wrap and unwrap: “Set pTag …” is missing as steps between last and 2nd-to-last bullet, isn’t it?
- Section 1.3.3, steps for WrapMessageKey, 2nd-to-last bullet: Set pTag to hold the tag returned from C_WrapMessageKey (instead of C_EncryptMessageKeyNext)
- Section 1.3.3, steps for WrapMessageKey, last bullet: Call C_WrapMessageKey() for CKM_AES_GCM mechanism with parameters and key to be wrapped K, wrapping key wK.
obtaining …
- Section 1.3.3, steps for UnWrapMessageKey, last bullet: Call C_UnWrapMessageKey() for CKM_AES_GCM mechanism with parameters, wrapped key K, unwrapping key wK, template
for the new key, obtaining a key handle.
- Section 1.3.5 mentions C_DecryptMessage and C_DecryptMessageNext
- Section 1.3.6, at the end of subsection CK_GCM_WRAP_PARAMS: defines CK_GCM_MESSAGE_PARAMS_PTR and CK_GCM_MESSAGE_PARAMS -> must be CK_GCM_WRAP_PARAMS_PTR and CK_GCM_WRAP_PARAMS
- Section 1.3.6, in subsection CK_CCM_WRAP_PARAMS: ulDatLen is not needed here, is it?
As I brought up in the last TC meeting, I have a split opinion about the function names C_WrapMessageKey and C_UnwrapMessageKey:
- On the one side, this uses similar naming, structures, logic as the SignMessage/EncryptMessage functions, thus understanding their functionality is easy when already
knowing SignMessage/EncryptMessage.
- On the other side, (Un)WrapMessageKey sounds strange, maybe even misleading.
For me, the 2nd argument is more relevant than the first. I therefore propose other functions names: C_WrapKeyAuthenticated and C_UnwrapKeyAuthenticated. What do you think?
Best regards,
Dieter
Submitter's message
First attempt on action items
Thanks
Hamish
-- Hamish Cameron
|
Document Name:
GCM and CCM iv/nonce token generated for wrapping
Description
Proposal for allowing the token to choose/generate the IV (GCM) or nonce
(CCM)internally when wrapping in GCM and CCM two proposals here one to
create new wrapping functions. But also new params structure to be able to
be used with the current C_WrapKey and C_UnWrapKey. Description of how to
actually use new functions and existing with GCM and CCM.
Download
Latest Revision
Public Download Link
Submitter: Hamish Cameron
Group: OASIS PKCS 11 TC
Folder: Working Drafts
Date submitted: 2023-02-16 03:15:30
|
Utimaco IS GmbH
Germanusstr. 4, D.52080 Aachen, Germany, Tel: +49-241-1696-0,
www.utimaco.com
Seat: Aachen – Registergericht Aachen HRB 18922
VAT ID No.: DE 815 496 496
Managementboard: Stefan Auerbach, Martin Stamm, Hacan Tiwemark
This communication is confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Please inform us immediately and destroy the email.
Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the
information it contains. Please notify Entrust immediately and delete the message from your system.
|