Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6604496

Support for CKM_AES_CTR (counter mode)

XMLWordPrintable

    • b134
    • generic
    • generic
    • Verified

      The SunPKCS11 provider does not support CKM_AES_CTR. This should be fixed.

      That may require JCE API changes (a new Spec class) since counter mode is currently not fully supported by the JCE APIs. The SunJCE provider uses IvParameterSpec to pass the initial counter value and assumes a counter size equal to the block size, but PKCS #11 v2.20 Amendment 3 allows arbitrary, user specified counter sizes and RFC 3686 (AES for IPsec) uses a 32-bit bit counter. PKCS#11 also specifies that an error is produced if the counter overflows.

            valeriep Valerie Peng
            andreas Andreas Sterbenz
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: