2008/9/6 Graham Leggett <[EMAIL PROTECTED]>: > Hi all, > > Using PK11_GetPadMechanism(), and passing it a cipher mechanism, it as I > understand returns a variation of the mechanism capable of supporting > padding. > > Is this understanding correct? > > I have noticed that when CKM_AES_ECB is passed to PK11_GetPadMechanism, I > get the same mechanism in return. > > Does this mean that CKM_AES_ECB does not support padding? > > Or does this mean that CKM_AES_ECB already supports padding and there is no > need to switch it on?
For questions like this, you can sometimes find the answers in the PKCS #11 standard. Searching for the string "CKM_AES_ECB" in PKCS #11 v2.20, I found Section 12.12.4 AES-ECB on page 270, and its Table 86 shows that for C_Encrypt, the input must be a multiple of block size. Contrast this with Table 88 in Section 12.12.6 AES-CBC with PKCS padding. I concluded that CKM_AES_ECB does not do padding. The caller is responsible for padding the input, if necessary, to multiples of block size. I found the best answer to your question in the block comment before PK11_GetPadMechanism: http://mxr.mozilla.org/security/source/security/nss/lib/pk11wrap/pk11mech.c#1666 1666 /* Determine appropriate blocking mechanism, used when wrapping private keys 1667 * which require PKCS padding. If the mechanism does not map to a padding 1668 * mechanism, we simply return the mechanism. 1669 */ 1670 CK_MECHANISM_TYPE 1671 PK11_GetPadMechanism(CK_MECHANISM_TYPE type) { So if the return value of PK11_GetPadMechanism equals the input, it means the input doesn't support padding. If the return value is different from the input, the return value is a variation of the input capable of supporting padding. A design question: why do you want to use the ECB mode? In most applications, the ECB mode is less secure than the CBC mode. Wan-Teh _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
