-
Sub-task
-
Resolution: Delivered
-
P4
-
24
-
generic
-
generic
The SunPKCS11 provider has been enhanced to support the following AES CTS transformations for the `Cipher` service type:
- AES/CTS/NoPadding
- AES_128/CTS/NoPadding
- AES_192/CTS/NoPadding
- AES_256/CTS/NoPadding
The [Addendum to NIST Special Publication 800-38A](https://doi.org/10.6028/NIST.SP.800-38A-Add) defines three variants of Ciphertext Stealing for CBC mode: CBC-CS1, CBC-CS2, and CBC-CS3. To ensure interoperability with SunJCE and Kerberos, which use the CS3 variant, the SunPKCS11 provider needs to know the variant implemented by the underlying PKCS #11 library and convert the data if it is not in the CS3 variant. A new SunPKCS11 provider configuration attribute named `cipherTextStealingVariant` is introduced and must be set with any of the following values: `CS1`, `CS2`, or `CS3`, to indicate the CTS variant of the underlying PKCS #11 library. An exception exists for NSS as it is known to be `CS1`. Otherwise, the PKCS #11 `CKM_AES_CTS` mechanism is disabled.
For further information, see [SunPKCS11 Configuration](https://docs-uat.us.oracle.com/en/java/javase/24/security/pkcs11-reference-guide1.html#GUID-C4ABFACB-B2C9-4E71-A313-79F881488BB9) and [SunPKCS11 Provider Supported Algorithms](https://docs-uat.us.oracle.com/en/java/javase/24/security/pkcs11-reference-guide1.html#GUID-D3EF9023-7DDC-435D-9186-D2FD05674777).
- AES/CTS/NoPadding
- AES_128/CTS/NoPadding
- AES_192/CTS/NoPadding
- AES_256/CTS/NoPadding
The [Addendum to NIST Special Publication 800-38A](https://doi.org/10.6028/NIST.SP.800-38A-Add) defines three variants of Ciphertext Stealing for CBC mode: CBC-CS1, CBC-CS2, and CBC-CS3. To ensure interoperability with SunJCE and Kerberos, which use the CS3 variant, the SunPKCS11 provider needs to know the variant implemented by the underlying PKCS #11 library and convert the data if it is not in the CS3 variant. A new SunPKCS11 provider configuration attribute named `cipherTextStealingVariant` is introduced and must be set with any of the following values: `CS1`, `CS2`, or `CS3`, to indicate the CTS variant of the underlying PKCS #11 library. An exception exists for NSS as it is known to be `CS1`. Otherwise, the PKCS #11 `CKM_AES_CTS` mechanism is disabled.
For further information, see [SunPKCS11 Configuration](https://docs-uat.us.oracle.com/en/java/javase/24/security/pkcs11-reference-guide1.html#GUID-C4ABFACB-B2C9-4E71-A313-79F881488BB9) and [SunPKCS11 Provider Supported Algorithms](https://docs-uat.us.oracle.com/en/java/javase/24/security/pkcs11-reference-guide1.html#GUID-D3EF9023-7DDC-435D-9186-D2FD05674777).