From 4d70cfbb6ca99bd6c775b0c4d5928ae7ef95aadb Mon Sep 17 00:00:00 2001 From: Sean Turner Date: Wed, 24 Jul 2024 09:52:14 -0700 Subject: [PATCH 1/2] Add No Signature Example for KEM certificate Adding an example to 5272 Appendix B that shows the No Signature mechanism for KEM key. --- draft-mandel-lamps-rfc5272bis.md | 174 +++++++++++++++++++++++++++++-- 1 file changed, 168 insertions(+), 6 deletions(-) diff --git a/draft-mandel-lamps-rfc5272bis.md b/draft-mandel-lamps-rfc5272bis.md index eb803ff..54ea1ed 100644 --- a/draft-mandel-lamps-rfc5272bis.md +++ b/draft-mandel-lamps-rfc5272bis.md @@ -65,6 +65,7 @@ informative: SMALL-GROUP: RFC2785 X942: RFC2631 RFC2797: + CMS-RI: I-D.ietf-lamps-cms-kemri erratum2063: target: https://www.rfc-editor.org/errata/eid2063 title: RFC 5272 erratum 2063 @@ -2249,10 +2250,10 @@ round-trip, since there are four distinct steps: presented public encryption key. 3. Client decrypts the POP challenge using the private key that - corresponds to the presented public key and sends the plaintext - back to the server. + corresponds to the presented public key and sends the hash of + the plaintext back to the server. -4. Server validates the decrypted POP challenge and continues +5. Server validates the decrypted POP challenge and continues processing the certification request. CMC defines two different controls. The first deals with the @@ -4294,11 +4295,11 @@ Response from RA to client: Signed by CA ~~~ -## Direct POP for an RSA Certificate {#DirectPOPforRSACertificate} +## Direct POP for an RSA or KEM Certificate {#DirectPOPforRSACertificate} This section looks at the messages that would flow in the event that -an enrollment is done for an encryption only certificate using an -direct POP method. For simplicity, it is assumed that the +an enrollment is done for an encryption only certificate using a +direct POP method; the example below shows. For simplicity, it is assumed that the certification requester already has a signing-only certificate. The fact that a second round-trip is required is implicit rather than @@ -4376,7 +4377,11 @@ Response #1 from server to client: Other certificates (optional) SignedData.SignerInfos Signed by CA +~~~ + +Message #2 from client to server: +~~~ ContentInfo.contentType = id-signedData ContentInfo.content SignedData.encapContentInfo @@ -4430,6 +4435,157 @@ Response #2 from server to client: Signed by CA ~~~ +## Direct POP with No Signature Mechanism {#DirectPOPwithNoSignature} + +This section looks at the messages that would flow in the event that +an enrollment is done for an encryption only cerrtificate using a +direct POP method. Instead of assuming that the certification +requester already has a signing-only certificate as in +{{DirectPOPforRSACertificate}}, here the No Signature mechanism from +{{NoSig-Sig}}, the public key is for a KEM, and the EnvelopedData uses +the KEMRecipientInfo from {{CMS-RI}}. + +The fact that a second round-trip is required is implicit rather than +explicit. The server determines this based on the fact that no other +POP exists for the certification request. + +Message #1 from client to server: + +~~~ + ContentInfo.contentType = id-signedData + ContentInfo.content + SignedData.encapContentInfo + eContentType = id-ct-PKIData + eContent + controlSequence + {102, id-cmc-transactionId, 10132985123483401} + {103, id-cmc-senderNonce, 10001} + {104, id-cmc-dataReturn, } + reqSequence + certRequest + certReqId = 201 + certTemplate + subject = < My DN > + publicKey = My Public Key + extensions + {id-ce-keyUsage, keyEncipherment} + popo + keyEncipherment + subsequentMessage = challengeResp + SignedData.SignerInfos + SignerInfo + sid = < subjectKeyIdentifier > + signatureAlgorithm = id-alg-noSignature +~~~ + +Response #1 from server to client: + +~~~ + + ContentInfo.contentType = id-signedData + ContentInfo.content + SignedData.encapContentInfo + eContentType = id-ct-PKIResponse + eContent + controlSequence + {101, id-cmc-statusInfoV2, {failed, 201, popRequired}} + {102, id-cmc-transactionId, 10132985123483401} + {103, id-cmc-senderNonce, 10005} + {104, id-cmc-recipientNonce, 10001} + {105, id-cmc-encryptedPOP, { + request { + certRequest + certReqId = 201 + certTemplate + subject = < My DN > + publicKey = My Public Key + extensions + {id-ce-keyUsage, keyEncipherment} + popo + keyEncipherment + subsequentMessage = challengeResp + } + cms + contentType = id-envelopedData + content < uses ori.KEMRecipientInfo > + recipientInfos.ori.riid.issuerSerialNumber = < NULL, 201> + encryptedContentInfo + eContentType = id-data + eContent = + thePOPAlgID = KmacWithSHAKE128 + witnessAlgID = SHAKE128 + witness }} + {106, id-cmc-dataReturn, } + Certificates + Other certificates (optional) + SignedData.SignerInfos + Signed by CA + +~~~ + +Message #2 from client to server: + +~~~ + + ContentInfo.contentType = id-signedData + ContentInfo.content + SignedData.encapContentInfo + eContentType = id-ct-PKIData + eContent + controlSequence + {102, id-cmc-transactionId, 10132985123483401} + {103, id-cmc-senderNonce, 100101} + {104, id-cmc-dataReturn, } + {105, id-cmc-recipientNonce, 10005} + {107, id-cmc-decryptedPOP, { + bodyPartID 201, + thePOPAlgID KmacWithSHAKE128, + thePOP }} + reqSequence + certRequest + certReqId = 201 + certTemplate + subject = < My DN > + publicKey = My Public Key + extensions + {id-ce-keyUsage, keyEncipherment} + popo + keyEncipherment + subsequentMessage = challengeResp + SignedData.SignerInfos + SignerInfo + sid = < subjectKeyIdentifier > + signatureAlgorithm = id-alg-noSignature + +~~~ + +Response #2 from server to client: + +~~~ + + ContentInfo.contentType = id-signedData + ContentInfo.content + SignedData.encapContentInfo + eContentType = id-ct-PKIResponse + eContent + controlSequence + {101, id-cmc-transactionId, 10132985123483401} + {102, id-cmc-statusInfoV2, {success, 201}} + {103, id-cmc-senderNonce, 10019} + {104, id-cmc-recipientNonce, 100101} + {105, id-cmc-dataReturn, } + certificates + Newly issued certificate + Other certificates + SignedData.SignerInfos + Signed by CA + +~~~ + # Production of Diffie-Hellman Public Key Certification Requests {#enroll-dh} Part of a certification request is a signature over the request; @@ -4463,6 +4619,12 @@ is on a certification request and the Certification Authority policy requires proof-of-possession of the private key, the POP mechanism defined in {{EncryptedandDecryptedPOPControls}} MUST be used. +When the client generates the SignedData.SignerInfos.SignerInfo.sid +field it has two choices issuerAndSerialNumber or subjectKeyIdentifier. +The client does not yet have a certificate and there cannot fill in +the issuerAndSerialNumber and therefore MUST use the subjectKeyIdentifier +choice. + # Acknowledgments {:numbered="false"} From a3a75ad0ba1f5e25888b4600baa5256637476b44 Mon Sep 17 00:00:00 2001 From: Joe Mandel Date: Fri, 26 Jul 2024 13:29:04 -0700 Subject: [PATCH 2/2] Update draft-mandel-lamps-rfc5272bis.md --- draft-mandel-lamps-rfc5272bis.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/draft-mandel-lamps-rfc5272bis.md b/draft-mandel-lamps-rfc5272bis.md index 54ea1ed..48733ea 100644 --- a/draft-mandel-lamps-rfc5272bis.md +++ b/draft-mandel-lamps-rfc5272bis.md @@ -4455,7 +4455,7 @@ Message #1 from client to server: ContentInfo.contentType = id-signedData ContentInfo.content SignedData.encapContentInfo - eContentType = id-ct-PKIData + eContentType = id-cct-PKIData eContent controlSequence {102, id-cmc-transactionId, 10132985123483401} @@ -4486,7 +4486,7 @@ Response #1 from server to client: ContentInfo.contentType = id-signedData ContentInfo.content SignedData.encapContentInfo - eContentType = id-ct-PKIResponse + eContentType = id-cct-PKIResponse eContent controlSequence {101, id-cmc-statusInfoV2, {failed, 201, popRequired}} @@ -4532,7 +4532,7 @@ Message #2 from client to server: ContentInfo.contentType = id-signedData ContentInfo.content SignedData.encapContentInfo - eContentType = id-ct-PKIData + eContentType = id-cct-PKIData eContent controlSequence {102, id-cmc-transactionId, 10132985123483401} @@ -4569,7 +4569,7 @@ Response #2 from server to client: ContentInfo.contentType = id-signedData ContentInfo.content SignedData.encapContentInfo - eContentType = id-ct-PKIResponse + eContentType = id-cct-PKIResponse eContent controlSequence {101, id-cmc-transactionId, 10132985123483401}