OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [pkcs11] Nonce in CCM mechanism parameter

Darren had the following thoughts on this:
Same as any other mechanism that has requirements on its params, it should return CK_ARGUMENTS_BAD if ulNonceLen is 0 or pNonce is NULL.

does that help?


On 9/5/2016 6:25 AM, Dieter Bong wrote:

PKCS#11 spec V2.40 sections 2.12.1 and 2.12.5 state that „/pNonce /may be NULL
/if ulNonceLen /is 0.“ Yet both NIST SP800-38C and RFC36110 require a Nonce.
Thus how should C_Encrypt / C_Decrypt for CCM encryption react in case that the
nonce is omitted (ulNonceLen = 0) ? Shouldn’t it return an error? And
consequently NOT allow pNonce and ulNonceLen being NULL / 0 ?

Any opinion?




Utimaco IS GmbH
Germanusstr. 4, D.52080 Aachen, Germany, Tel: +49-241-1696-0, www.utimaco.com
Seat: Aachen – Registergericht Aachen HRB 18922
VAT ID No.: DE 815 496 496
Managementboard: Malte Pollmann (Chairman) CEO, Dr. Frank J. Nellissen CFO

This communication is confidential. We only send and receive email on the basis
of the terms set out at https://www.utimaco.com/en/e-mail-disclaimer/

Valerie Fenwick, http://bubbva.blogspot.com/ @bubbva
Solaris Cryptographic & Key Management Technologies, Manager
Oracle Corporation: 4180 Network Circle, Santa Clara, CA, 95054.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]