OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [pkcs11-comment] Re: Request for vendor defined mechanism allocation

On 05/21/2019 04:15 PM, Chakrabarti, Somesh wrote:

Thank you for the response.

Â

The new mechanism we want to expose is for AES GCM â it will prepend the internally generated IV to the ciphertext and enforce that pIV in the CK_GCM_PARAMS struct is set to NULL so that user expectations are clearly set. I have not yet searched the PKCS11 3.0 specification for something equivalent.

Somesh


The New Message interface adds generated IV's. The existing mechanism would require the token to keep some non-standard magic state that transcends the session state because each AES_GCM message is closed off by the C_Finalize() operation. The new message based operation allows mechanism specific parameters on each message, so a new IV can be returned on each individual message.

Â

From: "Fenwick, Valerie" <valerie.fenwick@intel.com>
Date: Tuesday, May 21, 2019 at 10:40 AM
To: "Chakrabarti, Somesh" <someshc@amazon.com>, "pkcs11-comment@lists.oasis-open.org" <pkcs11-comment@lists.oasis-open.org>
Subject: RE: Request for vendor defined mechanism allocation

Â

Hi Somesh â

Â

We donât reserve ranges of vendor defined mechanisms, other than what range they can be in. That is, 2 separate vendors may use the same IDs, which require the applications to understand what libraries they are calling into and the expected behavior.

Â

What are the mechanisms for? We have many new mechanisms coming out in PKCS#11 v3.0 and you may find your needs are already met by the standard.

Â

Thank you,

Â

Valerie

Â

From: pkcs11-comment@lists.oasis-open.org <pkcs11-comment@lists.oasis-open.org> On Behalf Of Chakrabarti, Somesh
Sent: Monday, May 20, 2019 4:23 PM
To: pkcs11-comment@lists.oasis-open.org
Subject: [pkcs11-comment] Request for vendor defined mechanism allocation

Â

Dear PKCS11 committee and members,

Â

We want to reserve a block of vendor defined mechanism codes for AWS CloudHSM. Can you please let us know what is required to do this?

Â

Thank you,

Somesh Chakrabarti

Sr Security Engineer, AWS CloudHSM


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]