[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pkcs11] Concerns with SHA512/t
This was something we wanted to retract. When we went back to the TC forum to do so, the removal wasn't acceptable. I don't remember the details, but the discussion should be in the minutes. CKM_SHA512_T_HMAC_GENERAL wasn't needed because it can be performed with CKM_SHA512_T_HMAC and a value T that matches the desired length. D. On 12/15/16 00:03, Dieter Bong wrote:
Bob, Utimaco is currently not supporting CKM_SHA512_T_HMAC_GENERAL as we haven't seen any use case. Best regards, Dieter -----Original Message----- From: pkcs11@lists.oasis-open.org [mailto:pkcs11@lists.oasis-open.org] On Behalf Of Robert Relyea Sent: Mittwoch, 14. Dezember 2016 22:33 To: pkcs11@lists.oasis-open.org Subject: Re: [pkcs11] Concerns with SHA512/t On 11/10/2016 01:08 PM, Johnson Darren wrote:Hi, I agree, that section is very odd. I raised the same questions/concerns in the SHA1/SHA2 proposal. It was an open ended question in my document that I completely forgot to raise on the last two calls. I apologize for that. My questions were along the same lines as Ferenc's below and I agree completely. If we want to support a CKM_SHA512_T_HMAC_GENERAL mechanism, then it does need two inputs. Ideally using a specific mechanism parameter as defined below by Ferenc. Thanks DarrenI think it was added in anticipation of future SHA-2 like hash proposals. I think that's unlikely at this stage, and if there were, we would probably want to add and explicit mechanism for each of those proposals. The only other use would be someone experimenting with non- standard SHA-2 hashes or some kind of parametrized SHA-512/t type hash. Is someone on the list using something like this? bob-----Original Message----- From: pkcs11@lists.oasis-open.org [mailto:pkcs11@lists.oasis-open.org] On Behalf Of Valerie Fenwick Sent: Wednesday, November 09, 2016 3:33 PM To: pkcs11@lists.oasis-open.org Subject: [pkcs11] Concerns with SHA512/t Hi FOlks - While reviewing some other content in this area, a member of my team brought up this concern. Any opinions? thank you, Valerie -------- Forwarded Message -------- Subject: Re: Fwd: [pkcs11] SHA-1 and SHA2 information in v2.40 Date: Wed, 14 Sep 2016 16:14:31 +0200 From: Ferenc R. Organization: Oracle Corporation To: Valerie Fenwick <valerie.fenwick@oracle.com> Hi, Valerie, what I noticed is the following, please forward it to whom it might concern: there is a digest mechanism, called SHA-512/t where t is a parameter, the length in bits of the produced hash. there are HMAC mechanisms, each based on a particular hash function, called General-length <hash_function>-HMAC. Now, at the description of the mechanisms involving SHA-512/224, SHA-512/256 and SHA-512/t (sections 2.22, 2.23 and 2.24) there are some obvious copy/paste/edit errors, but with the general-length SHA-512/t-HMAC (2.25.3 - even the name is wrong in the standard) there is a fundamental problem: this mechanism has two parameters, one for t and another for the desired output length (in PKCS#11 terms it means a parameter that is a pair of numbers, not just one number as for the other general mechanisms). I think it also adds to the confusion that the t parameter of the SHA-512/t digest mechanism is defined as CK_MAC_GENERAL_PARAMS, although it is not a MACing mechanism. I think the remedy can be one of two things: 1. do not allow a general-length SHA-512/t-HMAC mechanism (based on the argument that if you want a k-bit MAC, you can always just use the HMAC based on SHA-512/t where t=k) 2. define new parameter types CK_SHA_512_T_PARAMS and CK_SHA_512_T_MAC_GENERAL_PARAMS and use those for the mechanisms described in 2.25 (based on the argument that a k-bit MAC truncated from the output of the HMAC based on SHA-512/t for t>k is not the same as the HMAC based on SHA-512/t where t=k, so this allows more flexibility) I would vote for #2 above. In the meantime, I am implementing #1 as it is now closer to the current edition of the standard. Ferenc --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php ________________________________ This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited. E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender. Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.--------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php ________________________________ Utimaco IS GmbH Germanusstr. 4, D.52080 Aachen, Germany, Tel: +49-241-1696-0, www.utimaco.com Seat: Aachen – Registergericht Aachen HRB 18922 VAT ID No.: DE 815 496 496 Managementboard: Malte Pollmann (Chairman) CEO, Dr. Frank J. Nellissen CFO This communication is confidential. We only send and receive email on the basis of the terms set out at https://www.utimaco.com/en/e-mail-disclaimer/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]