OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: issues with GCM, CCM, GMAC specifications

Hi,

AES GCM, CCM and GMAC are (redundantly) handled in Sections 2.12/13 and 2.15 of PKCS #11 Cryptographic Token Interface Current Mechanisms Specification

Eventhough for GCM and CCM there is (virtually) no size limit on the additional authentication data this data is referred to as a single chunk in the the CK_GCM/CCM_PARMS.

Would it not be better to have the additional authentication data followed by the plain/cipher text to be encrypted/decrypted pointed to by the pData/pPart arguments of C_Encrypt/C_EncryptUpdate and C_Decrpyt/C_DecryptUpdate to allow for chunk wise processing of both data to be encrypted and data to be decrypted?

2.13.2 refers to HMAC instead of GMAC
Mit freundlichen Grüßen/Best Regards/Cordialement

Reinhard Bündgen

Dr. Reinhard Bündgen
RAS & Crypto Architect for Linux on System z
SW Linux on System z Program Management 		  Mail:buendgen@de.ibm.com
Phone: ++49-(0)7031-16-1130
Fax: ++49-(0)7031-16-3456 		  IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Martina Koederitz
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]