-
Sub-task
-
Resolution: Delivered
-
P4
-
24
-
generic
-
generic
The SunPKCS11 provider has been enhanced to support the following AES CTS transformations for the `Cipher` service type:
- AES/CTS/NoPadding
- AES_128/CTS/NoPadding
- AES_192/CTS/NoPadding
- AES_256/CTS/NoPadding
The [Addendum to NIST Special Publication 800-38A](https://doi.org/10.6028/NIST.SP.800-38A-Add) defines three variants of Ciphertext Stealing for CBC mode: CBC-CS1, CBC-CS2, and CBC-CS3. To ensure interoperability with SunJCE and Kerberos which use the CS3 variant, the SunPKCS11 provider needs to know the variant implemented by the underlying PKCS #11 library and convert the data if it is not in the CS3 variant. A new SunPKCS11 provider configuration attribute named `cipherTextStealingVariant` is introduced and must be set with any of the following values: `CS1`, `CS2` or `CS3` to indicate the CTS variant of the underlying PKCS #11 library, except for NSS as it is known to be `CS1`. Otherwise, the PKCS #11 `CKM_AES_CTS` mechanism is disabled.
- AES/CTS/NoPadding
- AES_128/CTS/NoPadding
- AES_192/CTS/NoPadding
- AES_256/CTS/NoPadding
The [Addendum to NIST Special Publication 800-38A](https://doi.org/10.6028/NIST.SP.800-38A-Add) defines three variants of Ciphertext Stealing for CBC mode: CBC-CS1, CBC-CS2, and CBC-CS3. To ensure interoperability with SunJCE and Kerberos which use the CS3 variant, the SunPKCS11 provider needs to know the variant implemented by the underlying PKCS #11 library and convert the data if it is not in the CS3 variant. A new SunPKCS11 provider configuration attribute named `cipherTextStealingVariant` is introduced and must be set with any of the following values: `CS1`, `CS2` or `CS3` to indicate the CTS variant of the underlying PKCS #11 library, except for NSS as it is known to be `CS1`. Otherwise, the PKCS #11 `CKM_AES_CTS` mechanism is disabled.