Subject: Re: [pkcs11] Updated AEAD, AES_GCM, and function table proposals.
On 03/15/2017 04:43 AM, Dieter Bong wrote:
Bob, please see attached our detailed feedback to the AEAD and AES_GCM proposals. Besides some editorial changes, there are questions and suggestions w.r.t. to the latest changes. We have also included some questions w.r.t. to PKCS#11 standard V2.40, for which I did not recall the reasoning behind, and did neither find any written reasoning. These questions start with "V2.40:" in order to making clear that they apply to the current standard and not to your proposal. When integrating your proposals into the standards document 3.00, some sections should also be cleaned up, because in the current document 2.40 * Chapter 2.12.4 is basically identical to 2.12 and thus redundant * Chapter 2.12.5 is basically identical to 2.12.1 and thus redundant * It is confusing that chapter 2.12 is called "AES-GCM Authenticated Encryption", and CCM and GMAC are sub-chapters to GCM. It would be better to call chapter 2.12. "AES Authenticated Encryption" or similar, and then have sub-chapter 2.12.1, 2.12.2 and 220.127.116.11 for AES GCM, AES CCM and AES GMAC.
This section is an update to the existing 2.12, which adds the MessageEncrypt/Decrypt interface, I had not tried to 'repair' any existing issued (like the AES-GCM Authenticated Encryption title), though since you pointed it out and I'm making and update anyway, I'll include it.
From your AEAD questions:
Format (here and throughout the whole document) should follow same rules as in the standards documents:The format is editorial content which I leave to the PKCS #11 editor, who may actually tag these items so they can be changes in the future.function names: bold Function parameters: italics, not bold
Which mechanism parameter specifies that an IV shall be generated by the token? ulIvLen=0 cannot be used for that purpose because then there is no definition how long the generated IV should be.That is mechanism specific. The point of this is to point you to the mechanism spec. Just like C_Decrypt or C_Encrypt, the meaning and use of pParameters are entirely defined in the mechanism part of the spec.
Or is it assumed that C_EncryptMessage with CKM_AES_GCM always has the IV generated by the token? Then this should be clearly, and there is no “if” condition.Any change here must also be reflected in sections below.
The CKM_AES_GCM mechanism is not the only mechanism which C_EncryptMessage could be used with. This statement is again meant to point you back to the mechanism specification. I added it because I had comments asking, At this point I'm inclined to just leave it in.
Also, do to comments in the CKM_AES_GCM and CCM specifications, I will be updating those to have a parameter for IV generation today.
We also plan to comment on the function table proposal, but I will unfortunately not be able to sumit these comments in time for the conf call today. Best regards, Dieter -----Original Message----- From: firstname.lastname@example.org [mailto:email@example.com] On Behalf Of Robert Relyea Sent: Dienstag, 7. März 2017 01:15 To: firstname.lastname@example.org Subject: [pkcs11] Updated AEAD, AES_GCM, and function table proposals. I've incorporated the face 2 face feedback on these three proposals. 1. function table proposal: the lastest version already had the update. https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/60202/new_functions_proposal(1).doc 2. AEAD - added the mechanism parameter to the C_XXXXMessageNext() functions. https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/60200/AEAD_proposal.doc 3. AES_GCM - moved the tag and MAC to the mechanism parameter for Message based usages. https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/60201/aes_gcm_proposal.doc The documents have 'show changes' turned on, so you should be able to see just the differences from the last versions of the documents. Please review the AES_GCM in particular (the rest were pretty straight forward). I'd like to go to ballot at our next meeting. bob --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php ________________________________ Utimaco IS GmbH Germanusstr. 4, D.52080 Aachen, Germany, Tel: +49-241-1696-0, www.utimaco.com Seat: Aachen – Registergericht Aachen HRB 18922 VAT ID No.: DE 815 496 496 Managementboard: Malte Pollmann (Chairman) CEO, Dr. Frank J. Nellissen CFO This communication is confidential. We only send and receive email on the basis of the terms set out at https://www.utimaco.com/en/e-mail-disclaimer/