Subject: Re: [pkcs11] Review before next meeting
On 06/02/16 14:42, Graham Steel wrote:
Options include: make the IVs for this wrap mechanism token-generated (probably a good idea anyway for NIST compliance), add a mode with automatic deterministic nonce calculation like SIV (designed for key-wrap), use an AEAD mode so that attributes are treated as public data.
A token generated IV makes sense, since as you point out due to the NIST requirements for FIPS 140-2 that might be a requirement for many vendors anyway (if PKCS#11 is the FIPS 140 crypto boundary rather than some higher level part of the product).
-- Darren J Moffat