60   Nonce not required in cleartoken1

Created: 17 Sep 2024

Status: Approval (Editoral)

Part: Part 4 (2018, Edition 1.1)

Links:

Page: 31

Clause: 8.7

Paragraph: 3

Issue

Based on Tissue 53 the GCMParameters are no longer required in cleartoken1 since the nonce for GCM and GMAC will now be carried in the clearTransfer and encrTransfer messages.

Proposal

I recommend changing "PARMS GCMParameters" to "PARMS NULL" in section 8.7.

Further, when GMAC is being used for ICV, it would be good to add to section 8.8:

"id-aes128-GMAC OBJECT IDENTIFIER ::= { aes 9 }" and
"id-aes256-GMAC OBJECT IDENTIFIER ::= { aes 49 }"

and add entries for aes128-GMAC and aes256-GMAC, again, with "PARMS NULL".

Discussion Created Status
In the GCMParameters data type, the component aes-nonce has been commented out.

NOTE:

In13.3.1.1, i) the encr-mode component, 1) The aea alternative, it is stated:

The encr-mode.aea.encr.algo comment (component) shall not include the aes-nonce of the GCMParameter data type.
Stephen Dutnall from IEC added that on my request, but wrote comment instead of component
It should not have been listed as an issue except for the editorial.
14 Nov 24 Approval (Editoral)
There is a further proposal in discussion, essentially combining the first two.
Proposal to uilize the updated ASN.1 syntax as outlined in the X.509 corrigendum:
ALGORITHM ::= CLASS {
&Type OPTIONAL,
&DynParms OPTIONAL,
&id OBJECT IDENTIFIER UNIQUE }
WITH SYNTAX {
[PARMS &Type]
[DYN-PARMS &DynParms ]
IDENTIFIED BY &id }

and use PARAMS only in ClearToken1 during the handshake to convey information like the nonce length in case of GMAC or the IV length in case of GCM.
PARAMS should be set to NULL in ClearToken2.
DYN-PARAMS should not be used in either ClearToken and set to NULL. The IV Value in ClearToken2 and the nonce in the Authenticator shall be used to convey the necessary information.

That way we can switch to the new ASN.1 structure but have minimal changes regarding the utilized fields for IV and nonce.
It has to be obeyed that the OID need to be changed, too.
02 Oct 24 Discussion (red)
This is considered as more general comment to the parameters in the different Cleartokens. Currently the algorithm parameter allow to specify PARAMS, intended to carry the IV and further algorithm specific information. As noted, the PARAMS do not need to carry the IV during the handshake phase as they are not needed for the algorithm negotiation. In the ClearTransfer and EncrTransfer, the IV and also the nonce are carried as part of the ClearToken2 or the Authenticator respectively.

Currently two proposals could address the comment and are discussed
- setting PARAMS to NULL and using the IV and nonce components in ClearToken2
- Updating the ASN.1 syntax to consider PARAMS (as static algorithm parameters like output length) and DYN-PARAMS (to carry dynamic parameter like an IV) based on corrigendum D431 in X.509 (https://www.itu.int/rec/T-REC-X.509-202110-I!Cor1/en)

Note, the OIDs have already been proposed in TISSUE #52 (https://iec62351.tissue-db.com/tissues/52). Depending on the chosen proposal, they may change to reflect the correct ASN.1 structure.
27 Sep 24 Accepted

 

Privacy | Contact | Disclaimer

Tissue DB v. 24.12.6.1