OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [pkcs11] FIPS and GCM


Daniel,

 

Thank you for the pointer to the 3.0 spec. It’s pretty clear to me how to do it using that version.

 

Sincerely,

Jonathan

 

 

From: Daniel Minder <Daniel.Minder@utimaco.com>
Sent: Thursday, November 21, 2019 4:20 AM
To: Jonathan Schulze-Hewett <schulze-hewett@infoseccorp.com>; pkcs11@lists.oasis-open.org
Subject: RE: [pkcs11] FIPS and GCM

 

Jonathan,

 

actually a good question that is addressed in the PKCS #11 3.0 standard by the introduction of the message based functions (C_MessageEncryptInit, C_EncryptMessage, ) and of a new parameter structure for GCM (CK_GCM_MESSAGE_PARAMS). Together, they allow to specify that an IV of a certain length shall be generated by the token and allow to return this IV.

Returning the IV in non-message-based functions (C_EncryptInit, C_Encrypt, ) are vendor defined extensions and not covered by the standard.

 

Regards,

Daniel

 

 

From: pkcs11@lists.oasis-open.org <pkcs11@lists.oasis-open.org> On Behalf Of Jonathan Schulze-Hewett
Sent: Mittwoch, 20. November 2019 22:02
To: pkcs11@lists.oasis-open.org
Subject: [pkcs11] FIPS and GCM (WARNING!!! S/MIME with incorrect signature)

 

All,

 

Likely a stupid question, but as FIPS validation appears to prohibit the use of External IVs for GCM what is the expected behavior of C_EncryptInit with GCM as a mechanism? Is it expected that the IV field of the input parameters will be changed by the C_EncryptInit call so that the module generated IV can be communicated? Is there or should there be a value in the parameters that indicates what form of IV generation is needed?

 

Thanks,

Jonathan

 

Jonathan Schulze-Hewett

Director of Development

Information Security Corp.

schulze-hewett@infoseccorp.com

708-445-1704

 

 



Utimaco IS GmbH
Germanusstr. 4, D.52080 Aachen, Germany, Tel: +49-241-1696-0, www.utimaco.com
Seat: Aachen – Registergericht Aachen HRB 18922
VAT ID No.: DE 815 496 496
Managementboard: Stefan Auerbach (Chairman) CEO, Malte Pollmann CSO, Dr. Frank J. Nellissen CFO

This communication is confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Please inform us immediately and destroy the email.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]