OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [pkcs11] Nonce in CCM mechanism parameter


Hi Valerie and Darren,

Thanks for your feedback. I guess that would require updating the following sections of the "Current Mechanisms" spec:
* Chapter 2.12.1, sections "Encrypt" and "Decrypt": Remove " pNonce may be NULL if ulNonceLen is 0. " in the 2nd bullet.
* Chapter 2.12.3, section " •CK_CCM_PARAMS; CK_CCM_PARAMS_PTR ": specify that ulNonceLen must be > 0, e.g. "length of pNonce (0 < ulNonceLen <= 15-L) in bytes."
* Chapter 2.12.5, sections "Encrypt" and "Decrypt": Remove " pNonce may be NULL if ulNonceLen is 0. " in the 2nd bullet.

I hope I didn't miss any instance that needs adaptation.

Best regards,
Dieter

-----Original Message-----
From: pkcs11@lists.oasis-open.org [mailto:pkcs11@lists.oasis-open.org] On Behalf Of Valerie Fenwick
Sent: Mittwoch, 9. November 2016 21:30
To: pkcs11@lists.oasis-open.org
Subject: Re: [pkcs11] Nonce in CCM mechanism parameter

Darren had the following thoughts on this:
Same as any other mechanism that has requirements on its params, it should return CK_ARGUMENTS_BAD if ulNonceLen is 0 or pNonce is NULL.

does that help?

Valerie

On 9/5/2016 6:25 AM, Dieter Bong wrote:
> All,
>
>
>
> PKCS#11 spec V2.40 sections 2.12.1 and 2.12.5 state that „/pNonce /may
> be NULL /if ulNonceLen /is 0.“ Yet both NIST SP800-38C and RFC36110 require a Nonce.
> Thus how should C_Encrypt / C_Decrypt for CCM encryption react in case
> that the nonce is omitted (ulNonceLen = 0) ? Shouldn’t it return an
> error? And consequently NOT allow pNonce and ulNonceLen being NULL / 0 ?
>
>
>
> Any opinion?
>
>
>
> Thanks,
>
> Dieter
>
>
> ----------------------------------------------------------------------
> ----------
>
> Utimaco IS GmbH
> Germanusstr. 4, D.52080 Aachen, Germany, Tel: +49-241-1696-0,
> www.utimaco.com
> Seat: Aachen – Registergericht Aachen HRB 18922 VAT ID No.: DE 815 496
> 496
> Managementboard: Malte Pollmann (Chairman) CEO, Dr. Frank J. Nellissen
> CFO
>
> This communication is confidential. We only send and receive email on
> the basis of the terms set out at
> https://www.utimaco.com/en/e-mail-disclaimer/

--
Valerie Fenwick, http://bubbva.blogspot.com/ @bubbva Solaris Cryptographic & Key Management Technologies, Manager Oracle Corporation: 4180 Network Circle, Santa Clara, CA, 95054.

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php



________________________________

Utimaco IS GmbH
Germanusstr. 4, D.52080 Aachen, Germany, Tel: +49-241-1696-0, www.utimaco.com
Seat: Aachen – Registergericht Aachen HRB 18922
VAT ID No.: DE 815 496 496
Managementboard: Malte Pollmann (Chairman) CEO, Dr. Frank J. Nellissen CFO

This communication is confidential. We only send and receive email on the basis of the terms set out at https://www.utimaco.com/en/e-mail-disclaimer/


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]