View Issue Details

IDProjectCategoryView StatusLast Update
000901310000-002: SecuritySpecpublic2023-06-19 18:57
ReporterJim Luth Assigned ToPaul Hunkar  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionreopened 
Fixed in Version1.05.03 RC1 
Summary0009013: Unclear and/or misleading wording in the ECC Amendment - Need to describe the EccEncryptedSecret Signature for AEAD Ciphers
Description

I refer to this document:

https://reference.opcfoundation.org/src/v104/Core/docs/Amendment4/readme.htm

I think we should state that in the case of ChaCha20-Poly1305, there
is a second signature, which is missing in the "Table 182 - EncryptedSecret Layout"

This second signature could be omitted, making this a ChaCha20 cipher.
Or it could just sign the actual Secret, as it is done in the .NET Standard Stack.
Or it could be meant signing all of the EncryptedSecret's data from TypeId to Nonce
as Additional Data.
Or it could be meant to replace the Asymmetric signature altogether,
which would probably make sense performance wise, but is likely not what the
.NET Standard stack does (but would at also be in line with the RsaEncryptedSecret).

Suggested fix: Change the spec?

TagsNo tags attached.
Commit Version
Fix Due Date

Relationships

related to 0008170 closedRandy Armstrong 10000-004: Services Unclear and/or misleading wording in the ECC Amendment - Need to describe the EccEncryptedSecret Signature for AEAD Ciphers 

Activities

Randy Armstrong

2023-06-19 15:46

administrator   ~0019525

Part 4 Table 190 – EccEncryptedSecret Layout

Need text to explain that when using authenticated symmetric encryption (ChaCha20-Poly1305) includes a symmetric signature which is incorporated after the bytes of the secret+padding. (i.e. their should be another row after the padding for authenticated encryption signature).

The text needs to state that only the secret+padding is included in the signature calculation (i.e. no additional data).

Randy Armstrong

2023-06-19 15:46

administrator   ~0019526

Added text to table:

When using AuthenticatedEncryption the Signature has 2 parts: the Signature produced when the secret is encrypted using the SymmetricEncryptionAlgorithm and the Signature calculated using the Certificate and the AsymmetricSignatureAlgorithm. Both Signatures are calculated from the start of the packet. The AsymmetricSignatureAlgorithm Signature includes the SymmetricEncryptionAlgorithm Signature.
When using UnauthenticatedEncryption the Signature is only calculated using the Certificate and the AsymmetricSignatureAlgorithm.

Jim Luth

2023-06-19 15:47

administrator   ~0019527

Add definitions to Part 2.

Paul Hunkar

2023-06-19 16:18

developer   ~0019530

Added definition to part 2

Paul Hunkar

2023-06-19 16:21

developer   ~0019531

AuthenticatedEncryption & UnauthenticatedEncryption term are what was added

Paul Hunkar

2023-06-19 16:21

developer   ~0019532

resolved

Jim Luth

2023-06-19 18:57

administrator   ~0019538

Agreed to changes edited in Vitrual F2F.

Issue History

Date Modified Username Field Change
2023-06-19 15:46 Jim Luth New Issue
2023-06-19 15:46 Jim Luth Status new => assigned
2023-06-19 15:46 Jim Luth Assigned To => Paul Hunkar
2023-06-19 15:46 Jim Luth Issue generated from: 0008170
2023-06-19 15:46 Jim Luth Note Added: 0019525
2023-06-19 15:46 Jim Luth Note Added: 0019526
2023-06-19 15:46 Jim Luth Relationship added related to 0008170
2023-06-19 15:46 Jim Luth Project 10000-004: Services => 10000-002: Security
2023-06-19 15:47 Jim Luth Note Added: 0019527
2023-06-19 16:18 Paul Hunkar Status assigned => resolved
2023-06-19 16:18 Paul Hunkar Resolution open => fixed
2023-06-19 16:18 Paul Hunkar Fixed in Version => 1.05.03 RC1
2023-06-19 16:18 Paul Hunkar Note Added: 0019530
2023-06-19 16:21 Paul Hunkar Status resolved => feedback
2023-06-19 16:21 Paul Hunkar Resolution fixed => reopened
2023-06-19 16:21 Paul Hunkar Note Added: 0019531
2023-06-19 16:21 Paul Hunkar Status feedback => resolved
2023-06-19 16:21 Paul Hunkar Note Added: 0019532
2023-06-19 18:57 Jim Luth Status resolved => closed
2023-06-19 18:57 Jim Luth Note Added: 0019538