OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: WD03 rework AES GCM/CCM section


All,

 

Bob already pointed out some issues in the GCM/CCM section. Therefore, I did a detailed review taking into account the message functions proposal and Dave’s and my proposal to correct some GCM/CCM errors. Since both proposals affected the same sections and have been developed independently things got inconsistent, others were missing. Please find attached a version of Chris’ WD03 document with corrected and updated GCM/CCM sections.

 

I like to highlight some issues – for other see inline comments:

 

In general, I tried to fix formatting: only variable names are italic.

 

2995-3033: MessageEncrypt/MessageDecrypt was missing completely. I readded it and applied changes similar to the changes in Encrypt/Decrypt.

 

3033/3161: This requirement does not make sense. I suggest to remove it completely. Any other opinions?

 

3037-3114: Was a complete duplicate.

 

3236/3287: IMO the names “CK_GCM_AEAD_PARAMS” and “CK_CCM_AEAD_PARAMS” are very misleading. GCM and CCM are AEAD algorithms. However, the difference between CK_GCM_PARAMS and CK_GCM_AEAD_PARAMS is not that only the latter is AEAD, but it must be used with the message functions. Therefore, I strongly suggest to rename these structures to, for example, CK_GCM_MSG_PARAMS (CCM similar)!

 

3250: For CK_GCM_PARAMS, we changed the upper bound of ulIvLen to 2^32-1. Is there any reason not to apply the change here as well?

 

3115-3375: This was already a duplicate in the 2.40 standard.

 

I added some clarifying sentences and rephrased some others which were misleading. Even the final AEAD message function proposal contained some errors, which I tried to correct.

 

We must try to fix these sections. Otherwise, it will be very hard to implement/use these mechanism properly.

 

Regards,

Daniel

 




Utimaco IS GmbH
Germanusstr. 4, D.52080 Aachen, Germany, Tel: +49-241-1696-0, www.utimaco.com
Seat: Aachen – Registergericht Aachen HRB 18922
VAT ID No.: DE 815 496 496
Managementboard: Malte Pollmann (Chairman) CEO, Dr. Frank J. Nellissen CFO

This communication is confidential. We only send and receive email on the basis of the terms set out at https://www.utimaco.com/en/e-mail-disclaimer/

Attachment: pkcs11-curr-v3.0-wd03_DMI.docx
Description: pkcs11-curr-v3.0-wd03_DMI.docx



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]