OASIS PKCS 11 TC

 View Only

  • 1.  PKCS#11 v3.2 Action Item 7 (OAEP CKZ_DATA_SPECIFIED)

    Posted 12-09-2024 08:50

    Forwarding Jonathan's email for recording in the PKCS11 TC discussions.

     

    Best regards,

    Dieter

     



  • 2.  RE: PKCS#11 v3.2 Action Item 7 (OAEP CKZ_DATA_SPECIFIED)

    Posted 12-09-2024 12:37
    Hi Dieter 

    I do not see a forwarded message nor attachment to your message

    Was there a link? 

    Valerie

    On Dec 9, 2024, at 5:50 AM, Dieter Bong via OASIS <Mail@mail.groups.oasis-open.org> wrote:





    Original Message


  • 3.  RE: PKCS#11 v3.2 Action Item 7 (OAEP CKZ_DATA_SPECIFIED)

    Posted 12-09-2024 14:46

    THALES GROUP LIMITED DISTRIBUTION to email recipients

     

    Hi,

    we have CKM_AES_CTS defined in our spec as far back as version 2.4.  Does anyone have any first or second hand experience with this?

     

    Our specification references [NIST AES CTS], which links SP800-38A(http://csrc.nist.gov/publications/nistpubs/800-38a/addendum-to-nist_sp800-38A.pdf).  But I think the correct reference is SP800-38a-aad (https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38a-add.pdf). SP 800-38A doesn't cover ciphertext stealing. 

     

    In SP800-38a-aad, three modes of ciphertext stealing are defined; CS1, CS2 and CS3.  All three are can be CAVP tested.  But the description of CKM_AES_CTS doesn't mention any variations so that would imply that it would only map to one of them.  Does anyone recall which one?

     

    Thanks

    Darren




    Original Message


  • 4.  RE: PKCS#11 v3.2 Action Item 7 (OAEP CKZ_DATA_SPECIFIED)

    Posted 12-09-2024 14:47

    THALES GROUP LIMITED DISTRIBUTION to email recipients

     

    Resending with the correct subject line

     

    ---

     

    Hi,

    we have CKM_AES_CTS defined in our spec as far back as version 2.4.  Does anyone have any first or second hand experience with this?

     

    Our specification references [NIST AES CTS], which links SP800-38A(http://csrc.nist.gov/publications/nistpubs/800-38a/addendum-to-nist_sp800-38A.pdf).  But I think the correct reference is SP800-38a-aad (https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38a-add.pdf). SP 800-38A doesn't cover ciphertext stealing. 

     

    In SP800-38a-aad, three modes of ciphertext stealing are defined; CS1, CS2 and CS3.  All three are can be CAVP tested.  But the description of CKM_AES_CTS doesn't mention any variations so that would imply that it would only map to one of them.  Does anyone recall which one?

     

    Thanks

    Darren

     




    Original Message


  • 5.  RE: PKCS#11 v3.2 Action Item 7 (OAEP CKZ_DATA_SPECIFIED)

    Posted 12-10-2024 06:09

    I have a feeling it was Solaris that requested CKM_AES_CTS be added to PKCS#11 2.40, if so it would have been for use by Kerberos.  So according to SP800-38a-aad that suggests it would be CS3.

     

    Oracle Solaris 11.4 has CKM_AES_CTS implemented in pkcs11_softtoken and our kernel aes module.  A quick glance at the shared code for those our cts_encrypt_final() function and it looks like it would be CS3.

     

    We also have patches to MIT Kerberos to use our "ucrypto" API (which is what our PKCS#11 API sits on top of), you can see those here where CTS is used:

     

    https://github.com/oracle/solaris-userland/blob/master/components/krb5/Solaris/ucrypto/enc_provider/aes.c#L103

     

    I've checked over our current and past FIPS 140-2 validations it doesn't look like we have a CAVP cert for it, and we haven't included it in our plans for 140-3 either.

     

    Darren




    Original Message


  • 6.  RE: PKCS#11 v3.2 Action Item 7 (OAEP CKZ_DATA_SPECIFIED)

    Posted 12-10-2024 02:56

    Hi Valerie,

    oh, it looks like the forwarded mail has been cut off. I'm copying its content below.

    Thanks, 

    Dieter

    From: Jonathan Schulze-Hewett <schulze-hewett@infoseccorp.com>
    Sent: Wednesday, December 4, 2024 10:34 PM
    To: Valerie Fenwick <vfenwick@apple.com>; Dieter Bong <Dieter.Bong@utimaco.com>; Robert Relyea <rrelyea@redhat.com>
    Cc: Michael Markowitz <markowitz@infoseccorp.com>
    Subject: PKCS#11 v3.2 Action Item 7 (OAEP CKZ_DATA_SPECIFIED)

    Valerie, Dieter, and Bob,

    I have reviewed WD06 and it properly incorporates the changes from the proposal of August 14, 2024 which was approved on August 28, 2024.

    Sincerely,

    Jonathan



    ------------------------------
    Best regards,
    Dieter
    ------------------------------

    Original Message


Related Content