OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Inconsistencies in KMIP Test Cases v1.2: TC-141-11, TC-142-11; Test Cases v1.4: TC-Wrap-X-14.xml

Greetings

 

In regard to the KMIP Test Cases v1.2 document [11 November, 2014]:

 

1.       It appears that *all* of the preamble text for TC-141-11 was intended for TC-142-11 and vice versa. For example, TC-141-11’s preamble states that “The Encoding Option field is omitted, …”, but in fact the Encoding Option field is present:

 

<KeyWrappingSpecification>

<WrappingMethod type="Enumeration" value="Encrypt"/>

<EncryptionKeyInformation>

<UniqueIdentifier type="TextString" value="$UNIQUE_IDENTIFIER_0"/>

<CryptographicParameters>

<BlockCipherMode type="Enumeration" value="NISTKeyWrap"/>

</CryptographicParameters>

</EncryptionKeyInformation>

<EncodingOption type="Enumeration" value="NoEncoding"/> # TIME-2@Line=0141

</KeyWrappingSpecification>

 

2.       Conversely, TC-142-11’s preamble states that “The Encoding Option is set to No Encoding, …”, but in fact the Encoding Option is omitted:

 

<KeyWrappingSpecification>

<WrappingMethod type="Enumeration" value="Encrypt"/>

<EncryptionKeyInformation>

<UniqueIdentifier type="TextString" value="$UNIQUE_IDENTIFIER_0"/>

<CryptographicParameters>

<BlockCipherMode type="Enumeration" value="NISTKeyWrap"/>

</CryptographicParameters>

</EncryptionKeyInformation>

<AttributeName type="TextString" value="Cryptographic Usage Mask"/>

</KeyWrappingSpecification>

 

 

The following issue may have been detected during recent KMIP Interop testing …

 

In the case of TC-Wrap-1-14.xml, the KEK [i.e. TC-WRAP-1-14-KEK] is Register’d with a Usage Mask of ‘WrapKey’:

 

      <TemplateAttribute>

        <Attribute>

          <AttributeName type="TextString" value="x-ID"/>

          <AttributeValue>

            <NameValue type="TextString" value="TC-WRAP-1-14-KEK"/>

            <NameType type="Enumeration" value="UninterpretedTextString"/>

          </AttributeValue>

        </Attribute>

        <Attribute>

          <AttributeName type="TextString" value="Cryptographic Usage Mask"/>

          <AttributeValue type="Integer" value="WrapKey"/>

        </Attribute>

 

** However ** - The above KEK is used by the KMIP client to wrap the DEK [i.e. TC-WRAP-1-14-key2] that the client Register’s with the server. It follows that when the server attempts to /unwrap/ the given key, the server would expect the KEK’s Usage Mask to include ‘UnwrapKey’, which it does not.

 

I think this issue repeats itself in TC-Wrap-2-14.xml and TC-Wrap-3-14.xml.

 

Cheers,

… Dave

 

 

 

 

 

 


The information contained in this electronic mail transmission
may be privileged and confidential, and therefore, protected
from disclosure. If you have received this communication in
error, please notify us immediately by replying to this
message and deleting it from your computer without copying
or disclosing it.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]