AES in CFB128 mode?

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

AES in CFB128 mode?

beaufour@gmail.com
Is it possible to use AES in CFB128 mode using NSS? If yes, how? :)

(if no, why not? :) )

_______________________________________________
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: AES in CFB128 mode?

Wan-Teh Chang
[hidden email] wrote:
> Is it possible to use AES in CFB128 mode using NSS? If yes, how? :)
>
> (if no, why not? :) )

No, CFB128 mode is not implemented.  You can only use
AES in ECB or CBC mode.

Nobody asked for CFB mode support before.  Why would you
like to use the CFB mode?

To use AES with say CBC mode, I believe you need to
start with PK11_CreateContextBySymKey, using the CKM_AES_CBC
or CKM_AES_CBC_PAD mechanism type. Follow that by PK11_CipherOp
calls, and end with a PK11_DestroyContext call. You can click
the link below for some sample code.

http://lxr.mozilla.org/security/ident?i=PK11_CreateContextBySymKey

Wan-Teh

_______________________________________________
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: AES in CFB128 mode?

beaufour@gmail.com
In reply to this post by beaufour@gmail.com

Wan-Teh Chang wrote:

> [hidden email] wrote:
> > Is it possible to use AES in CFB128 mode using NSS? If yes, how? :)
> >
> > (if no, why not? :) )
>
> No, CFB128 mode is not implemented.  You can only use
> AES in ECB or CBC mode.
>
> Nobody asked for CFB mode support before.  Why would you
> like to use the CFB mode?

Because that's what the current (non-NSS) code does. I'd rather just
port, not change, the code.

... Allan

_______________________________________________
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: AES in CFB128 mode?

Wan-Teh Chang
[hidden email] wrote:
> Wan-Teh Chang wrote:
>> Why would you like to use the CFB mode?
>
> Because that's what the current (non-NSS) code does. I'd rather just
> port, not change, the code.

Is the CFB mode used in your implementation of some standard?
Just curious.

The crypto support in NSS has been primarily driven by the needs
of the higher-level NSS libraries in -- libnss3.so (certs, etc.),
libssl3.so, and libsmime3.so.  Since SSL/TLS and S/MIME don't
need the CFB mode for block ciphers, we didn't implement it.
This is also why we haven't implement RSA PSS and RSA OAEP.

But people have started to use NSS only for crypto, so we
may need to start to invest more in this area.  I'd still like
to know what (protocol, standard, or proprietary system) you're
using the CFB mode for.

Wan-Teh

_______________________________________________
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: AES in CFB128 mode?

beaufour@gmail.com
In reply to this post by beaufour@gmail.com

Wan-Teh Chang wrote:
> [hidden email] wrote:
> > Wan-Teh Chang wrote:
> >> Why would you like to use the CFB mode?
> >
> > Because that's what the current (non-NSS) code does. I'd rather just
> > port, not change, the code.
>
> Is the CFB mode used in your implementation of some standard?
> Just curious.

No, it is not a standard.

_______________________________________________
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: AES in CFB128 mode?

beaufour@gmail.com

[hidden email] wrote:

> Wan-Teh Chang wrote:
> > [hidden email] wrote:
> > > Wan-Teh Chang wrote:
> > >> Why would you like to use the CFB mode?
> > >
> > > Because that's what the current (non-NSS) code does. I'd rather just
> > > port, not change, the code.
> >
> > Is the CFB mode used in your implementation of some standard?
> > Just curious.
>
> No, it is not a standard.

But it is used by SNMP
http://www.rfc-archive.org/getrfc.php?rfc=3826

_______________________________________________
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: AES in CFB128 mode?

Nelson Bolyard
[hidden email] wrote:

>>>>> Why would you like to use the CFB mode?
>>>> Because that's what the current (non-NSS) code does. I'd rather just
>>>> port, not change, the code.
>>> Is the CFB mode used in your implementation of some standard?
>>> Just curious.
>> No, it is not a standard.
> But it is used by SNMP
> http://www.rfc-archive.org/getrfc.php?rfc=3826

Well, that's close enough to "standard" for our purposes.
NSS doesn't implement SNMP, but if an SNMP implementation wants to use
NSS's softoken, perhaps NSS's softoken ought to implement it.
It would mean implementing a new set of PKCS#11 "mechanisms", IINM.

--
Nelson B
_______________________________________________
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: AES in CFB128 mode?

Robert Relyea
In reply to this post by beaufour@gmail.com
[hidden email] wrote:

> [hidden email] wrote:
>  
>> Wan-Teh Chang wrote:
>>    
>>> [hidden email] wrote:
>>>      
>>>> Wan-Teh Chang wrote:
>>>>        
>>>>> Why would you like to use the CFB mode?
>>>>>          
>>>> Because that's what the current (non-NSS) code does. I'd rather just
>>>> port, not change, the code.
>>>>        
>>> Is the CFB mode used in your implementation of some standard?
>>> Just curious.
>>>      
>> No, it is not a standard.
>>    
>
> But it is used by SNMP
> http://www.rfc-archive.org/getrfc.php?rfc=3826
>  
The only hard issue I see is getting a PKCS #11 mechanism for CFB mode.
Once that exists it should be realitively easy to add such a mechanism.
The primary changes would be in softoken, pk11wrap, and possibly adding
an OID in util/secoid.[ch].

I would be willing to review a patch for the NSS trunk  (NSS 3.12). If
one was submitted.

bob
> _______________________________________________
> dev-tech-crypto mailing list
> [hidden email]
> https://lists.mozilla.org/listinfo/dev-tech-crypto
>  


_______________________________________________
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto

smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: AES in CFB128 mode?

Wan-Teh Chang
In reply to this post by beaufour@gmail.com
Allan (beaufour), you should be able to build the CFB128 mode
yourself using the ECB mode as a primitive.  It seems
straightforward to me (because 128 is the block size, you
don't need to shift).  This way you don't need to wait for
the support of AES in CFB128 mode in NSS.

The NIST AES validation list is a good way to find out which
crypto modules support AES in CFB128 mode:
http://csrc.nist.gov/cryptval/aes/aesval.html

Wan-Teh

_______________________________________________
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: AES in CFB128 mode?

beaufour@gmail.com
In reply to this post by Robert Relyea
On 9/26/06, Bob Relyea <[hidden email]> wrote:
> The only hard issue I see is getting a PKCS #11 mechanism for CFB mode.
> Once that exists it should be realitively easy to add such a mechanism.
> The primary changes would be in softoken, pk11wrap, and possibly adding
> an OID in util/secoid.[ch].
>
> I would be willing to review a patch for the NSS trunk  (NSS 3.12). If
> one was submitted.

I've not ventured into NSS before, but I'll look at it.

--
... Allan
_______________________________________________
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: AES in CFB128 mode?

beaufour@gmail.com
In reply to this post by beaufour@gmail.com

Wan-Teh Chang wrote:
> Allan (beaufour), you should be able to build the CFB128 mode
> yourself using the ECB mode as a primitive.  It seems
> straightforward to me (because 128 is the block size, you
> don't need to shift).  This way you don't need to wait for
> the support of AES in CFB128 mode in NSS.

It has been running fine for me for a while btw.

I'll try looking into getting properly into NSS, but it's not on the
top of my list.
https://bugzilla.mozilla.org/show_bug.cgi?id=358219

_______________________________________________
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: AES in CFB128 mode?

Wan-Teh Chang
[hidden email] wrote:
> Wan-Teh Chang wrote:
>> Allan (beaufour), you should be able to build the CFB128 mode
>> yourself using the ECB mode as a primitive.  It seems
>> straightforward to me (because 128 is the block size, you
>> don't need to shift).  This way you don't need to wait for
>> the support of AES in CFB128 mode in NSS.
>
> It has been running fine for me for a while btw.

Allan, did you mean you built the CFB128 mode yourself
using the ECB mode as a primitive, as I suggested?

Wan-Teh

_______________________________________________
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto