Paul Hoffman / IMC <phoffman(_at_)imc(_dot_)org> writes:
Here's the second pass on CMS section 12. I think I included all
of the comments other than Jim's about padding, which I didn't
see where it would go.
Paul, the parameters sections are still wrong. As I noted
in my previous message, all the digests and rsaEncryption
take a NULL parameter. The parameter is NOT optional. For
instance, RFC2313 says:
{ iso(1) member-body(2) US(840) rsadsi(113549)
digestAlgorithm(2) 2 } md4 OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) US(840) rsadsi(113549)
digestAlgorithm(2) 4 } md5 OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) US(840) rsadsi(113549)
digestAlgorithm(2) 5 }
For these object identifiers, the parameters field of the
digestAlgorithm value should be NULL.
Implementations which omit the parameters field are broken.
12.3 Key Encryption Algorithms
CMS implementations must include Static Diffie-Hellman with tripleDES. CMS
implementations may include RSA. CMS implementations may include
Static Diffie-Hellman with RC2.
What about DH with DES?
12.3.1 Static Diffie-Hellman with tripleDES
Static Diffie-Hellman key encryption is defined in RFC TBD (Diffie-Hellman
Key Agreement Method, currently draft-ietf-smime-x942). The algorithm
identifier for static Diffie-Hellman with tripleDES is
id-smime-cms-dh-with-tripleDES ::= { TBD }
The AlgorithmIdentifier parameter field is optional. If present, the
parameter field must contain an ASN.1 NULL. Implementations should
generate Static Diffie-Hellman AlgorithmIdentifiers with the parameter
field containing a NULL value. Implementations should accept Static
Diffie-HellmanAlgorithmIdentifiers with NULL parameters as well as absent
parameters.
We're defining our own OID here, but I don't like this 'NULL or
omit' stuff. We should settle on one and stick to it.
12.3.3 Static Diffie-Hellman with RC2
Diffie-Hellman key encryption is defined in RFC TBD (Diffie-Hellman Key
Agreement Method, currently draft-ietf-smime-x942). The algorithm
identifier for static Diffie-Hellman with RC2 is
id-smime-cms-dh-with-rC2 ::= { TBD }
For the effective-key-bits (key size) greater than 32 and less than
256, the algorithm parameters are encoded as:
id-smime-cms-dh-with-rC2 parameter ::= SEQUENCE {
rc2ParameterVersion INTEGER,
iv OCTET STRING (8)}
For the effective-key-bits of 40, 64, and 128, the rc2ParameterVersion
values are 160, 120, 58 respectively. It is very important to note that
these values are not simply the RC2 keylength. Also note that the value 160
must be encoded as two octets (00 A0), because encoding as one octet (A0)
is a negative number in ASN.1.
What's the input key length?
12.4 Triple-DES Key Wrap
{{{Jim Schaad wanted this to be more general, and will come up with the
wording to make it so.}}}
Note that DES in DES isn't specified but when it is, it should be
ECB.
ContentEncryptionAlgorithmIdentifier protocol field. Triple-DES may be an
exception here; the same identifier is used for both 2-key and 3-key Triple
DES.
No it isn't. DES-EDE3 means 3 key 3DES.
12.5.1 Triple-DES CBC
The Triple-DES algorithm is described in [3DES]. The algorithm identifier
for Triple-DES is:
DES-EDE3-CBC OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840)
rsadsi(113549) encryptionAlgorithm(3) 7}
The AlgorithmIdentifier parameter field is required and has the structure:
CBCParameter :: IV
IV ::= OCTET STRING -- 8 octets.
Surely there is a SECSIC OID?
-Ekr