Review Current Mechs GCM/CCM

[Daniel Minder <Daniel.Minder@utimaco.com>]

All,

 

I've just reviewed Curr WD08 section 2.11. In fact, some of my comments of an earlier review have neither been resolved nor they have made it to WD08. Also, some possible errors still exist there.

 

AES-GCM explanations, paragraph "In Encrypt and Decrypt...". Last sentence is: "The application should provide at least 16 bytes of space for the tag." Why is it necessary to provide more space than pTag specifies?

Same appears in AES-CCM.

 

AES-CCM. At several places I wanted to remove "pNonce may be NULL if ulNonceLen is 0." but it reappeared in WD08. However, according to the parameter structs, ulNonceLen must not be 0. Therefore, this sentence does not make sense. Should be removed.

 

AES-CCM Encrypt: last bullet point. remove "final" from "obtaining the final ciphertext output" or put it in () since with a C_EncryptUpdate you don't get the final ciphertext.

 

AES-CCM MessageEncrypt 2nd bullet point. Should be reworked. Similar to GCM this could be:

"Set the nonce length ulNonceLen.

Set pNonce to hold the nonce data returned from C_EncryptMessage() and C_EncryptMessageBegin(). If ulNonceFixedBits is not zero, then the most significant bits of pNonce contain the fixed nonce. If nonceGenerator is set to CKG_NO_GENERATE, pNonce is an input parameter with the full nonce."

The latter can be removed from the 5th bullet point, which should also be moved after the 2nd.

 

Section 2.13.5 on parameter structs: I had added "when used for Encrypt or Decrypt" or "when used for for MessageEncrypt or MessageDecrytp" to make it clear which struct is used for which function.

Moreover, I think that the name CK_GCM_PARAMS vs CK_GCM_AEAD_PARAMS is bad. Both is AEAD, but the latter is for message based functions.

 

With CK_GCM_PARAMS the IV can be up to 2^32-1 bytes, with CK_GCM_AEAD_PARAMS it's only 256 bytes. Why is this different?

 

In CK_GCM_AEAD_PARAMS and CK_CCM_AEAD_PARAMS, the AEAD is missing in the type.

 

CK_CCM_PARAMS explanation of ulAADLen refers to pAuthData instead of pAAD

 

CK_CCM_AEAD_PARAMS should say "where L is the size in bytes of the data length’s length (2 <= L <= 8)" to be consistent with CK_CCM_PARAMS.

 

CK_CCM_AEAD_PARAMS explanation of ulNonceLen, "where 7 <= ulNonceLen <= 13" should be added to make it consistent to CK_CCM_PARAMS.

 

I hope we can resolve this on Friday.

 

Best,

Daniel

 

---

Utimaco IS GmbH
Germanusstr. 4, D.52080 Aachen, Germany, Tel: +49-241-1696-0, www.utimaco.com
Seat: Aachen – Registergericht Aachen HRB 18922
VAT ID No.: DE 815 496 496
Managementboard: Stefan Auerbach (Chairman) CEO, Malte Pollmann CSO, Dr. Frank J. Nellissen CFO

This communication is confidential. We only send and receive email on the basis of the terms set out at https://www.utimaco.com/en/e-mail-disclaimer/