[bugs] [illumos gate - Support #1228] (New) Need AES_[CG]CM support in pkcs11
illumos bugs
bugs at lists.illumos.org
Mon Jul 18 19:22:55 PDT 2011
Issue #1228 has been reported by Jason King.
----------------------------------------
Support #1228: Need AES_[CG]CM support in pkcs11
https://www.illumos.org/issues/1228
Author: Jason King
Status: New
Priority: Normal
Assignee: Jason King
Category: lib - userland libraries
Target version:
Tags: needs-triage
Currently the AES_[CG]CM modes are only supported within the kernel. Userland utilities (such as IKE, SSH, SSL/TLS) might also want support for this.
The one wrinkle is that the current standard version of pkcs11 (2.20 amendment 3) doesn't define this. The draft of 2.30 however does (but does not specify a value for CKM_AES_[CG]CM, but does define a draft structure for CKM[CG]CM_PARAMS. The draft has been unchanged since 2009, so it is unclear when (if ever) it will become the next version.
A solution would be to use a vendor defined value (such as CKM_ILLUMOS_AES_[CG]CM and CKM_ILLUMOS-AES[CG]CM_PARAMS) and whenever 2.30 is ratified, the Illumos implementation can be mapped to the standard one (either through #defines or support within libpkcs11).
Another solution would be to create a small private header file that is not packaged to define these values and remove it when 2.30 is ratified (though this would obviously prevent anything outside of illumos-gate from being able to utilize this while 2.30 remains in a draft state).
--
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://www.illumos.org/my/account
More information about the bugs
mailing list