Re: [lamps] Proposal for PBMAC1 in PKCS#12
Russ Housley <housley@vigilsec.com> Wed, 22 June 2022 15:41 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21B7BC159490 for <spasm@ietfa.amsl.com>; Wed, 22 Jun 2022 08:41:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rp_Y6U6HrQk2 for <spasm@ietfa.amsl.com>; Wed, 22 Jun 2022 08:41:22 -0700 (PDT)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E2F4C14F739 for <spasm@ietf.org>; Wed, 22 Jun 2022 08:41:22 -0700 (PDT)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id 0CB4D9817B; Wed, 22 Jun 2022 11:41:20 -0400 (EDT)
Received: from [10.0.1.2] (pfs.iad.rg.net [198.180.150.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id F30AD9810E; Wed, 22 Jun 2022 11:41:19 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <ec537743-cf16-42e0-a266-856c03f002fa@redhat.com>
Date: Wed, 22 Jun 2022 11:41:19 -0400
Cc: LAMPS <spasm@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <6D67B402-3E26-43EB-8EBD-7155E429CA01@vigilsec.com>
References: <c282cba9-f6ae-4412-8e93-0810cffb16f2@redhat.com> <99D0A4AF-89CF-467A-A934-9144636B6A17@vigilsec.com> <ec537743-cf16-42e0-a266-856c03f002fa@redhat.com>
To: Hubert Kario <hkario@redhat.com>
X-Mailer: Apple Mail (2.3445.104.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/HPGv1T9EFEkeI8dfKAPpZmTUiI4>
Subject: Re: [lamps] Proposal for PBMAC1 in PKCS#12
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jun 2022 15:41:26 -0000
Thanks. I'll take a careful look at page 24 of RFC 7292. At this point, I am not suggesting any document changes. Rather, I am saying that the existing structure has the necessary algorithm agility. The problem comes from the text you reference from RFC 2315, where the context is always a message digest. Russ > On Jun 22, 2022, at 11:14 AM, Hubert Kario <hkario@redhat.com> wrote: > > On Wednesday, 22 June 2022 16:58:18 CEST, Russ Housley wrote: >> Hubert: >> >> Please point to the text in RFC 7292 that is causing your concern. >> >> The PFX structure is: >> >> PFX ::= SEQUENCE { >> version INTEGER {v3(3)}(v3,...), >> authSafe ContentInfo, >> macData MacData OPTIONAL >> } >> >> MacData ::= SEQUENCE { >> mac DigestInfo, >> macSalt OCTET STRING, >> iterations INTEGER DEFAULT 1 >> -- Note: The default is for historical reasons and its >> -- use is deprecated. >> } >> >> -- IMPORT FROM RFC 2315 >> >> DigestInfo ::= SEQUENCE { >> digestAlgorithm DigestAlgorithmIdentifier, >> digest Digest } >> >> Digest ::= OCTET STRING >> >> It seems to me that DigestInfo would be better named macInfo. > > Sorry, I don't follow... You're suggesting I should rename the fields in > ASN.1 definitions or you're stating that the existing standard is confusing? > >> It carries the MAC algorithm identifier (and optional parameters) as the MAC itself. > > Correct, the problem is that the DigestAlgorithmIdentifier is specified in > RFC 2315 as: > > The DigestAlgorithmIdentifier type identifies a message-digest > algorithm. Examples include MD2 and MD5. A message-digest algorithm > maps an octet string (the message) to another octet string (the > message digest). > > I would not classify PBMAC1 as a "message-digest algorithm". > > Moreover, the RFC 7292 is quite explicit that the PBMAC1 can't be placed > in the PFX structure (see page 24): > > This document recommends that future definitions of > the PFX structure replace the existing MacData object, optionally > present in password integrity mode, with a new object definition that > holds a MAC based on PKCS#5 [13] [22] PBMAC1 message authentication > scheme. This change would simplify the requirements for key > derivation functions used across all parts of the PFX structure. > >>> On Jun 22, 2022, at 6:35 AM, Hubert Kario <hkario@redhat.com> wrote: >>> Hello everybody, >>> The work on the new NIST FIPS 140-3 implementations made us aware that the >>> current PKCS #12 specification uses a legacy PBKDF for the calculation >>> of the whole-file MAC value: PBKDF1. The PKCS #12 standard also doesn't ... >> > > -- > Regards, > Hubert Kario > Principal Quality Engineer, RHEL Crypto team > Web: www.cz.redhat.com > Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm
- [lamps] Proposal for PBMAC1 in PKCS#12 Hubert Kario
- Re: [lamps] Proposal for PBMAC1 in PKCS#12 Russ Housley
- Re: [lamps] Proposal for PBMAC1 in PKCS#12 Hubert Kario
- Re: [lamps] Proposal for PBMAC1 in PKCS#12 Russ Housley
- Re: [lamps] Proposal for PBMAC1 in PKCS#12 Jonathan Hammell
- Re: [lamps] Proposal for PBMAC1 in PKCS#12 Hubert Kario
- Re: [lamps] Proposal for PBMAC1 in PKCS#12 Jonathan Hammell
- Re: [lamps] Proposal for PBMAC1 in PKCS#12 Hubert Kario
- Re: [lamps] [EXTERNAL] Proposal for PBMAC1 in PKC… Mike Ounsworth
- Re: [lamps] [EXTERNAL] Proposal for PBMAC1 in PKC… Hubert Kario