OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [pkcs11] stackoverflow question: CKA_VALUE_LEN attribute and Unwrap key

On 11/9/20 2:39 AM, Daniel Minder wrote:

All,

 

maybe you’ve seen this already, if not have a look: https://crypto.stackexchange.com/questions/86011/pkcs11-cka-value-len-attribute-and-unwrap-key

 

The inquirer seems to be right. If an AES key is wrapped with a mechanisms employing zero-padding (which is not only AES-ECB or CBC but also CKM_RSA_X_509 or BLOWFISH-CBC) the unwrapped key might contain zeros.


If it's indeterminate, then you need CKA_VALUE_LEN.

AES_ECB and AES_CBC block size are multiples of the key size, so if the key is unpadded, you know the length by the cipher text length (there is no padding). You don't remove the 'zeros'.

CKM_RSA_X_509 requires some sort of padding for RSA to work, so the CKA_VALUE_LEN would be required.

The question is how an implementation should proceed now: try to figure out if the AES key has 128, 192 or 256 bits by removing as many zeros as possible (from the end where padding took place during wrap) and rounding up to 128, 192, 256 bits again? Or requiring CKA_VALUE_LEN?

If the wrap type is unpadded, then the key is unpadded. This issue is mostly for key sizes that aren't integral mulitples of the block size.

This is mostly a theoretical discussion. You should be using padded wrapping mechanisms for keys in protocols or you make your protocol moot.

(NOTE: PKCS 7 padding is deterministic).

 

Requiring CKA_VALUE_LEN would violate footnote 6 in table 70. Maybe this footnote is just wrong here? There is no footnote with the meaning “must only be given if padding does not encode original length information�…

 

Regards,

Daniel

 



Utimaco IS GmbH
Germanusstr. 4, D.52080 Aachen, Germany, Tel: +49-241-1696-0, www.utimaco.com
Seat: Aachen – Registergericht Aachen HRB 18922
VAT ID No.: DE 815 496 496
Managementboard: Stefan Auerbach (Chairman) CEO, Malte Pollmann CSO, Martin Stamm CFO

This communication is confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Please inform us immediately and destroy the email.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]