View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
000863110000-007: ProfilesSpecpublic2023-01-17 16:582023-03-23 14:30
ReporterJim Luth Assigned ToKarl Deiretsbacher  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Summary0008631: Unclear and/or misleading wording in the ECC Amendment - wrong AES128 encrytion key length
Description

I refer to this document:

https://reference.opcfoundation.org/src/v104/Core/docs/Amendment4/readme.htm

In "Table 11 - Security" at ECC-nistP256_Limits
I read this:

DerivedSignatureKeyLength = 256
EncryptionKeyLength=256
InitializationVectorLength=128

I think the EncryptionKeyLength is obviously wrong,
because "Table 206a - SecurityPolicy - ECC-nistP256" specifies:

SymmetricEncryptionAlgorithm_AES128-CBC
SymmetricSignatureAlgorithm_HMAC-SHA2-256

... and as we know, AES128 has a key length of 128 bits and not 256 bits.

Likewise for ECC-brainpoolP256r1_Limits the value of
"EncryptionKeyLength=256" is wrong and should be
"EncryptionKeyLength=128" instead, because
"Table 206c - SecurityPolicy - ECC-brainpoolP256r1" specifies
the symmetric cipher algorithm as "SymmetricEncryptionAlgorithm_AES128-CBC".

suggested spec-change:

change the EncryptionKeyLength to 128 bits
for ECC-nistP256 and ECC-brainpoolP256r1
in the ECC Amendment or maybe in an Errata,
Note: This also affects the ProfileReporting Tool.

TagsNo tags attached.
Commit Version
Fix Due Date

Relationships

related to 0008164 closedRandy Armstrong 10000-006: Mappings Unclear and/or misleading wording in the ECC Amendment - wrong AES128 encrytion key length 

Activities

Randy Armstrong

2023-01-17 16:58

administrator   ~0018524

CounterLength is not defined and no longer required. Remove.

p256 EncryptionKeyLength should be 128.

Randy Armstrong

2023-01-17 16:58

administrator   ~0018525

Removed CounterLength from 6.8.2.

Jim Luth

2023-01-17 16:59

administrator   ~0018526

Limits need to be updated.

Karl Deiretsbacher

2023-03-20 15:09

developer   ~0018912

Updated limits:
NistP256 limits: https://profiles.opcfoundation.org/conformanceunit/4757
BrainpoolP256 limits: https://profiles.opcfoundation.org/conformanceunit/4758

Also for v1.04 which would likely need an Errata or an updated Amendment

Karl Deiretsbacher

2023-03-22 07:25

developer   ~0018954

The issue was fixed in the profile database for v1.04 and v1.05.

Changed the EncryptionKeyLength from 256 to 128 bits for ECC-nistP256 and ECC-brainpoolP256r1change.

Jim Luth

2023-03-23 14:30

administrator   ~0019001

Agreed to changes in Dallas Meeting.

Issue History

Date Modified Username Field Change
2023-01-17 16:58 Jim Luth New Issue
2023-01-17 16:58 Jim Luth Status new => assigned
2023-01-17 16:58 Jim Luth Assigned To => Randy Armstrong
2023-01-17 16:58 Jim Luth Issue generated from: 0008164
2023-01-17 16:58 Jim Luth Note Added: 0018524
2023-01-17 16:58 Jim Luth Note Added: 0018525
2023-01-17 16:58 Jim Luth Relationship added related to 0008164
2023-01-17 16:58 Jim Luth Project 10000-006: Mappings => 10000-007: Profiles
2023-01-17 16:59 Jim Luth Note Added: 0018526
2023-01-17 16:59 Jim Luth Assigned To Randy Armstrong => Karl Deiretsbacher
2023-03-20 15:09 Karl Deiretsbacher Note Added: 0018912
2023-03-20 15:09 Karl Deiretsbacher File Added: image.png
2023-03-20 15:09 Karl Deiretsbacher File Deleted: image.png
2023-03-22 07:25 Karl Deiretsbacher Status assigned => resolved
2023-03-22 07:25 Karl Deiretsbacher Resolution open => fixed
2023-03-22 07:25 Karl Deiretsbacher Note Added: 0018954
2023-03-23 14:30 Jim Luth Note Added: 0019001
2023-03-23 14:30 Jim Luth Status resolved => closed