OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: pkcs11_kem_algs_draft4 comments

Hi Bob,

 

pkcs11_kem_algs_draft4:

1.1.4 X.509 (raw) RSA: “This mechanism can encapsulate and decapsulate keys according to RSASVE defines in NIST SP 800-56br1.” “RSASVE defines” should be “RSASVE defined

 

I’m sure we’ve discussed this, but following the above line is a paragraph about how to pad for RSA encryption. This does not apply to Encapsulate/Decapsulate but appears that it does. Maybe replace “Unfortunately” with “For all operations other than Encapsulate, X.509 does not…”?

 

As an aside, IMO we should at least put a large warning that padding it as described is a “bad idea”. There’s a reason OAEP exists and NIST is no longer allowing PKCS#1v1.5 padding much less something worse as described in the spec.

 

 

1.2.1, 1.2.2, 1.3.1, 1.3.2:

We describe how C_Encapsulate works, but not what C_Decapsulate does.

 

I’m confused by the “no public-key is provided in the mechanism parameters” shortly followed by “the private key is used with the public key provided in the API”. I suggest being really explicit here. “the mechanism parameter must set pPublicData to NULL_PTR and ulPublicDataLen to 0.” and “the private key is used with the public key specified by the object handle supplied in the hPublicKey function parameter.”

 

Then explain the same for C_Decapsulate swapping hPublicKey for hPrivateKey.

 

1.4.2 and 1.4.3:

States that Tokens may support a subset of the defined parameters sets. I would prefer it to be clear that this subset align with the ulMinKeySize and ulMaxKeySize returned by C_GetMechanismInfo. In other words, the token should not support CKP_ML_KEM_512 and CKP_ML_KEM_1024, but not CKP_ML_KEM_768. I’m sure there’s some elegant way of stating that, but I don’t have it at the moment.

 

1.4.3:

the CKA_VALUE “Meaning” talks about CRYSTALS-KYBER Round 3 but section 1.4.1 only defines CKP_ML_KEM_* parameter sets.

 

 

1.4.5:

“It has has no parameters” -> “It has no parameters”

 

Despite my grade school humor’s appreciation of the 3rd paragraph’s use of “pubic”,  “ML-KEM Pubic Key” -> “ML-KEM Public Key”

 

4th paragraph “from an encapsulated cipher and” -> “from an encapsulated cipher text and”

 

6th paragraph “, this mechanisms” -> “, this mechanism”

 

Sincerely,

Jonathan

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]