Re: [lamps] Proposal for PBMAC1 in PKCS#12

Hubert Kario <hkario@redhat.com> Tue, 28 June 2022 18:48 UTC

Return-Path: <hkario@redhat.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12F28C15CF4C for <spasm@ietfa.amsl.com>; Tue, 28 Jun 2022 11:48:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.85
X-Spam-Level:
X-Spam-Status: No, score=-2.85 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.745, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qXWF0MHpC9F0 for <spasm@ietfa.amsl.com>; Tue, 28 Jun 2022 11:48:18 -0700 (PDT)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA7C3C15AD4E for <spasm@ietf.org>; Tue, 28 Jun 2022 11:48:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1656442096; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=IcRevAtSdbElxy+WiZNRwJ/HJr0F5i06rP5nRQfo6j4=; b=I21oji4rMqGPKWOD8Gi8aTAaeFkxT7nfTjHEKzGdvGjSVWlWE4OjcjhV5H1dBTFR+Jp9o/ cRTiKuJZ0OFbONXKTpechDBkIfsCpYX/EYOpCF/fey7M4AQ06RBbR+u728PQ5ZYy63yCy5 ol4BywRWk2qQO+72niXPeIbBS1Oj1+g=
Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-572-teTaQ133MN-Mil6tj2vJeg-1; Tue, 28 Jun 2022 14:48:13 -0400
X-MC-Unique: teTaQ133MN-Mil6tj2vJeg-1
Received: by mail-ej1-f71.google.com with SMTP id gr1-20020a170906e2c100b006fefea3ec0aso4004478ejb.14 for <spasm@ietf.org>; Tue, 28 Jun 2022 11:48:13 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:mime-version:message-id :in-reply-to:references:organization:user-agent :content-transfer-encoding; bh=ATErkNyUERByIUz24Rgq2TLMa2HgmR1H/iCkzIcB7tc=; b=sT9gq+plPlH8woRzs+tHkBuJXhboYDSaN/Oc24UlZduC102SR74nIkppMB42BEsBrC t3uinmy3USfe3ZWrOMHtNP+sFmAsp32c7vUGKTD0lzCZemJ9GDyFyMbIiJs6+KQceryD vVK9ckKNssmVDsjRcC8tEtHiggZ+9u5kLa99a1HmRJ4OkqvDr3N2YEINre4LQSkxtzdl SmWszV/wMU1GN3+2TImQ2lRu9BAkwbDSmHhpZL28j2a6j7E65CXh/NU9aoQ87K6cbFnH CT+UzVsM+hIrVs8YCR8gerZ2sNgKtI2HFBcC/SUxcEFlCZ1HolJHWUx2HqiZsnNQu0sY 8Ovw==
X-Gm-Message-State: AJIora9vNz0CjtiMYOJqGLP0XVX4aMDudAXkSKk+uLRpDx2rx5XuwfeO PI54A+dFAIxLMIUD986CmtZk2cqjUQy5LekbfCSWHj3M0RBvb+HotAPTRFssgYnGd9HtHEBb8GS SpbS9eA==
X-Received: by 2002:a17:906:5189:b0:722:dc81:222a with SMTP id y9-20020a170906518900b00722dc81222amr19396175ejk.502.1656442092221; Tue, 28 Jun 2022 11:48:12 -0700 (PDT)
X-Google-Smtp-Source: AGRyM1vHupMDh3HH/knduvlZzwHjNXdiRnqPG1E8B7mKLkh3hId4LDRCGX1Nvho5XWJvggbZ5ZLufg==
X-Received: by 2002:a17:906:5189:b0:722:dc81:222a with SMTP id y9-20020a170906518900b00722dc81222amr19396156ejk.502.1656442091986; Tue, 28 Jun 2022 11:48:11 -0700 (PDT)
Received: from localhost (ip-94-112-13-200.bb.vodafone.cz. [94.112.13.200]) by smtp.gmail.com with ESMTPSA id b9-20020aa7dc09000000b00437938c731fsm4120058edu.97.2022.06.28.11.48.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Jun 2022 11:48:11 -0700 (PDT)
From: Hubert Kario <hkario@redhat.com>
To: Jonathan Hammell <jfhamme.cccs@gmail.com>
Cc: Russ Housley <housley@vigilsec.com>, LAMPS <spasm@ietf.org>
Date: Tue, 28 Jun 2022 20:48:09 +0200
MIME-Version: 1.0
Message-ID: <be5d9d2b-2c3f-4a25-9b16-8212043f5373@redhat.com>
In-Reply-To: <CALhKWgiA5Cq9i--QAVqVgDPSRaFX=cgQeBkw_xXd3=4AwG2e0A@mail.gmail.com>
References: <c282cba9-f6ae-4412-8e93-0810cffb16f2@redhat.com> <99D0A4AF-89CF-467A-A934-9144636B6A17@vigilsec.com> <ec537743-cf16-42e0-a266-856c03f002fa@redhat.com> <6D67B402-3E26-43EB-8EBD-7155E429CA01@vigilsec.com> <CALhKWgiA5Cq9i--QAVqVgDPSRaFX=cgQeBkw_xXd3=4AwG2e0A@mail.gmail.com>
Organization: Red Hat
User-Agent: Trojita/0.7-git; Qt/5.15.2; xcb; Linux; Fedora release 34 (Thirty Four)
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=hkario@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/lifHIJSTDTUt2ifOaHsuuWAO-8w>
Subject: Re: [lamps] Proposal for PBMAC1 in PKCS#12
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jun 2022 18:48:19 -0000

On Tuesday, 28 June 2022 19:33:48 CEST, Jonathan Hammell wrote:
> Hi Hubert,
>
> Note that there was a lengthy thread last year debating updating PKCS
> #12 or the use of alternative structures for private key protection:
> https://mailarchive.ietf.org/arch/msg/spasm/v-xapjceJ4i6uvCgUAe_nOhYbm8/
>
> Looking at your I-D draft-kario-pkcs12-pbmac1, it seems to be a simple
> proposal.  However, I'm not sure what you are referring to in the
> rationale when you state that you considered "extending the PKCS #5 by
> a new field allowing integrity protection".  What structure were you
> considering in PKCS #5?  For example, in PBES2-params you could use
> authenticated encryption like AES-GCM for the encryptionScheme to get
> integrity protection.  That said, the solution proposed in the I-D has
> the benefit of protecting the entire AuthenticatedSafe, including any
> certificates.

Ah, sorry, I was thinking about PKCS#8, I keep mixing them up.

More specifically, I was thinking of something like

     EncryptedPrivateKeyInfo ::= SEQUENCE {
       encryptionAlgorithm  EncryptionAlgorithmIdentifier,
       encryptedData        EncryptedData,
       hmacAlgorithm        HmacAlgorithmIdentifier,
       hmacData             HmacData}

(i.e. add hmacAlgorithm and hmacData fields) with HmacAlgorithmIdentifier
allowing PBMAC1 only, with HmacData defined like

HmacData ::= OCTET STRING



While PBES2 does allow for AES-GCM, to our knowledge, NIST does not allow
use of AES-GCM for protection of key data, at least not in the way it's
defined for use inside PBES2.
Secondly, no popular open source cryptographic library implements AES-GCM
support inside PKCS#12. So such files would be completely unreadable
by all but the newest implementations.

> Best regards,
> Jonathan
>
> On Wed, Jun 22, 2022 at 11:41 AM Russ Housley <housley@vigilsec.com> wrote:
>> Thanks.  I'll take a careful look at page 24 of RFC 7292.
>> 
>> At this point, I am not suggesting any document changes.  
>> Rather, I am saying that the existing structure has the 
>> necessary algorithm agility.  The problem comes from the text 
>> you reference from RFC 2315, where the context is always a 
>> message digest.
>> 
>> Russ
>> 
>>  ...
>
>
>

-- 
Regards,
Hubert Kario
Principal Quality Engineer, RHEL Crypto team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic