0009013: Unclear and/or misleading wording in the ECC Amendment - Need to describe the EccEncryptedSecret Signature for AEAD Ciphers

ID	Project	Category	View Status	Date Submitted	Last Update

0009013	10000-002: Security	Spec	public	2023-06-19 15:46	2023-06-19 18:57

Reporter	Jim Luth	Assigned To	Paul Hunkar
Priority	normal	Severity	major	Reproducibility	always
Status	closed	Resolution	reopened
Fixed in Version	1.05.03 RC1

Summary	0009013: Unclear and/or misleading wording in the ECC Amendment - Need to describe the EccEncryptedSecret Signature for AEAD Ciphers
Description	I refer to this document: https://reference.opcfoundation.org/src/v104/Core/docs/Amendment4/readme.htm I think we should state that in the case of ChaCha20-Poly1305, there is a second signature, which is missing in the "Table 182 - EncryptedSecret Layout" This second signature could be omitted, making this a ChaCha20 cipher. Or it could just sign the actual Secret, as it is done in the .NET Standard Stack. Or it could be meant signing all of the EncryptedSecret's data from TypeId to Nonce as Additional Data. Or it could be meant to replace the Asymmetric signature altogether, which would probably make sense performance wise, but is likely not what the .NET Standard stack does (but would at also be in line with the RsaEncryptedSecret). Suggested fix: Change the spec?
Tags	No tags attached.

Commit Version
Fix Due Date

Randy Armstrong 2023-06-19 15:46 administrator ~0019525	Part 4 Table 190 – EccEncryptedSecret Layout Need text to explain that when using authenticated symmetric encryption (ChaCha20-Poly1305) includes a symmetric signature which is incorporated after the bytes of the secret+padding. (i.e. their should be another row after the padding for authenticated encryption signature). The text needs to state that only the secret+padding is included in the signature calculation (i.e. no additional data).

Randy Armstrong 2023-06-19 15:46 administrator ~0019526	Added text to table: When using AuthenticatedEncryption the Signature has 2 parts: the Signature produced when the secret is encrypted using the SymmetricEncryptionAlgorithm and the Signature calculated using the Certificate and the AsymmetricSignatureAlgorithm. Both Signatures are calculated from the start of the packet. The AsymmetricSignatureAlgorithm Signature includes the SymmetricEncryptionAlgorithm Signature. When using UnauthenticatedEncryption the Signature is only calculated using the Certificate and the AsymmetricSignatureAlgorithm.

Jim Luth 2023-06-19 15:47 administrator ~0019527	Add definitions to Part 2.

Paul Hunkar 2023-06-19 16:18 developer ~0019530	Added definition to part 2

Paul Hunkar 2023-06-19 16:21 developer ~0019531	AuthenticatedEncryption & UnauthenticatedEncryption term are what was added

Paul Hunkar 2023-06-19 16:21 developer ~0019532	resolved

Jim Luth 2023-06-19 18:57 administrator ~0019538	Agreed to changes edited in Vitrual F2F.

Date Modified	Username	Field	Change
2023-06-19 15:46	Jim Luth	New Issue
2023-06-19 15:46	Jim Luth	Status	new => assigned
2023-06-19 15:46	Jim Luth	Assigned To	=> Paul Hunkar
2023-06-19 15:46	Jim Luth	Issue generated from: 0008170
2023-06-19 15:46	Jim Luth	Note Added: 0019525
2023-06-19 15:46	Jim Luth	Note Added: 0019526
2023-06-19 15:46	Jim Luth	Relationship added	related to 0008170
2023-06-19 15:46	Jim Luth	Project	10000-004: Services => 10000-002: Security
2023-06-19 15:47	Jim Luth	Note Added: 0019527
2023-06-19 16:18	Paul Hunkar	Status	assigned => resolved
2023-06-19 16:18	Paul Hunkar	Resolution	open => fixed
2023-06-19 16:18	Paul Hunkar	Fixed in Version	=> 1.05.03 RC1
2023-06-19 16:18	Paul Hunkar	Note Added: 0019530
2023-06-19 16:21	Paul Hunkar	Status	resolved => feedback
2023-06-19 16:21	Paul Hunkar	Resolution	fixed => reopened
2023-06-19 16:21	Paul Hunkar	Note Added: 0019531
2023-06-19 16:21	Paul Hunkar	Status	feedback => resolved
2023-06-19 16:21	Paul Hunkar	Note Added: 0019532
2023-06-19 18:57	Jim Luth	Status	resolved => closed
2023-06-19 18:57	Jim Luth	Note Added: 0019538

View Issue Details

Relationships

Activities

Issue History