Re: [pkcs11] Groups - GCM and CCM iv/nonce token generated for wrapping

Hi Jonathan,

Agreed I notice I had miss some of the name change almost as I published it.

(JSH) Nits:

1.2.1 paragraph one starts with C_WrapMessageKey (the old name)
1.2.1 paragraph four’s first sentence misspells C_WrapKeyAuthenticated as C_WrapKeAuthenticated

I have updated this already. No published again as yet.

The mechs in terms of pkcs#11 will use CKM_AES_GCM CCM equivalent CCM this was a follow up from the work items for 3.2 public comments not captured elsewhere that will probably end up in 3.2 See https://wiki.oasis-open.org/pkcs11/3.2WorkItems item 1 “Is there a way for the token to choose the IV internally when wrapping in GCM and CCM” and PKCS11 state we support CKM_AES_GCM/CCM for wrap unwrap this was a clear up of about getting an IV back internally generated random IV and in a FIPS -140-2 level3 the HSM must supply the IV.

(JSH) Section 1.2.1 states that it can be used to wrap with a public key that supports encryption and decryption? What public key algorithm supports authenticated key wrap?

Agreed: This is incorrect and needs to be removed

(JSH) Section 1.2.1 states that it can be used to wrap with any secret key? Is that true? Someone can wrap with 3DES or some other key for which there is no authenticated encryption algorithm defined?

Agreed Needs clarification again copy and paste form Wrap and unwrap in each case and I need to specialize these to show it specifically designed for Authenticated Mechs CKM_AES_GCM/CCM using an AES key. Thanks for the feed back not sure I will get this done before meeting.

Thanks

Hamish

From: Jonathan Schulze-Hewett <schulze-hewett@infoseccorp.com>
Date: Wednesday, 26 April 2023 at 14:23
To: Hamish Cameron <Hamish.Cameron@entrust.com>, pkcs11@lists.oasis-open.org <pkcs11@lists.oasis-open.org>
Subject: [EXTERNAL] RE: [pkcs11] Groups - GCM and CCM iv/nonce token generated for wrapping v2 uploaded

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.

Hi Hamish,

Is there a standard or specification that this is intended to help meet. For example, section 4.7 of RFC 7518 defines “Key Encryption with AES GCM” as a JSON Web Algorithm. If so, adding a reference to the standard would be helpful for context. As of now I don’t have a good handle on why I would implement this, which algorithms it would support, etc.

Section 1.2.1 states that it can be used to wrap with a public key that supports encryption and decryption? What public key algorithm supports authenticated key wrap?

Section 1.2.1 states that it can be used to wrap with any secret key? Is that true? Someone can wrap with 3DES or some other key for which there is no authenticated encryption algorithm defined?

Nits:

1.2.1 paragraph one starts with C_WrapMessageKey (the old name)
1.2.1 paragraph four’s first sentence misspells C_WrapKeyAuthenticated as C_WrapKeAuthenticated

Sincerely,

Jonathan

From: pkcs11@lists.oasis-open.org <pkcs11@lists.oasis-open.org> On Behalf Of Hamish Cameron
Sent: Tuesday, April 25, 2023 3:50 PM
To: pkcs11@lists.oasis-open.org
Subject: [EXT][pkcs11] Groups - GCM and CCM iv/nonce token generated for wrapping v2 uploaded

THIS MESSAGE COMES FROM AN EXTERNAL SOURCE. PLEASE VERIFY THE CONTENTS OF THIS MESSAGE BEFORE PROCEEDING.

Document Name: GCM and CCM iv/nonce token generated for wrapping v2

Description
Updated Proposal for allowing the token to choose/generate the IV (GCM) or
nonce (CCM)internally when wrapping in GCM and CCM two proposals here:
1. New Authenticated wrapping functions
2. New wrap params structure to be able to be used with the current
C_WrapKey and C_UnWrapKey.

Description of how to actually use new functions and existing with GCM and
CCM.
Download Latest Revision
Public Download Link

Submitter: Hamish Cameron
Group: OASIS PKCS 11 TC
Folder: Working Drafts
Date submitted: 2023-04-25 13:50:23

pkcs11 message