Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

AES in CFB128 mode?

23 views
Skip to first unread message

beau...@gmail.com

unread,
Sep 21, 2006, 8:34:28 AM9/21/06
to
Is it possible to use AES in CFB128 mode using NSS? If yes, how? :)

(if no, why not? :) )

Wan-Teh Chang

unread,
Sep 21, 2006, 9:45:06 AM9/21/06
to dev-tec...@lists.mozilla.org
beau...@gmail.com wrote:
> Is it possible to use AES in CFB128 mode using NSS? If yes, how? :)
>
> (if no, why not? :) )

No, CFB128 mode is not implemented. You can only use
AES in ECB or CBC mode.

Nobody asked for CFB mode support before. Why would you
like to use the CFB mode?

To use AES with say CBC mode, I believe you need to
start with PK11_CreateContextBySymKey, using the CKM_AES_CBC
or CKM_AES_CBC_PAD mechanism type. Follow that by PK11_CipherOp
calls, and end with a PK11_DestroyContext call. You can click
the link below for some sample code.

http://lxr.mozilla.org/security/ident?i=PK11_CreateContextBySymKey

Wan-Teh

beau...@gmail.com

unread,
Sep 22, 2006, 5:21:46 AM9/22/06
to

Wan-Teh Chang wrote:
> beau...@gmail.com wrote:
> > Is it possible to use AES in CFB128 mode using NSS? If yes, how? :)
> >
> > (if no, why not? :) )
>
> No, CFB128 mode is not implemented. You can only use
> AES in ECB or CBC mode.
>
> Nobody asked for CFB mode support before. Why would you
> like to use the CFB mode?

Because that's what the current (non-NSS) code does. I'd rather just
port, not change, the code.

... Allan

Wan-Teh Chang

unread,
Sep 22, 2006, 10:22:54 AM9/22/06
to dev-tec...@lists.mozilla.org
beau...@gmail.com wrote:

> Wan-Teh Chang wrote:
>> Why would you like to use the CFB mode?
>
> Because that's what the current (non-NSS) code does. I'd rather just
> port, not change, the code.

Is the CFB mode used in your implementation of some standard?
Just curious.

The crypto support in NSS has been primarily driven by the needs
of the higher-level NSS libraries in -- libnss3.so (certs, etc.),
libssl3.so, and libsmime3.so. Since SSL/TLS and S/MIME don't
need the CFB mode for block ciphers, we didn't implement it.
This is also why we haven't implement RSA PSS and RSA OAEP.

But people have started to use NSS only for crypto, so we
may need to start to invest more in this area. I'd still like
to know what (protocol, standard, or proprietary system) you're
using the CFB mode for.

Wan-Teh

beau...@gmail.com

unread,
Sep 25, 2006, 5:16:54 AM9/25/06
to

Wan-Teh Chang wrote:
> beau...@gmail.com wrote:
> > Wan-Teh Chang wrote:
> >> Why would you like to use the CFB mode?
> >
> > Because that's what the current (non-NSS) code does. I'd rather just
> > port, not change, the code.
>
> Is the CFB mode used in your implementation of some standard?
> Just curious.

No, it is not a standard.

beau...@gmail.com

unread,
Sep 25, 2006, 6:35:01 AM9/25/06
to

But it is used by SNMP
http://www.rfc-archive.org/getrfc.php?rfc=3826

Nelson B

unread,
Sep 25, 2006, 7:42:44 PM9/25/06
to
beau...@gmail.com wrote:

>>>>> Why would you like to use the CFB mode?
>>>> Because that's what the current (non-NSS) code does. I'd rather just
>>>> port, not change, the code.
>>> Is the CFB mode used in your implementation of some standard?
>>> Just curious.
>> No, it is not a standard.
> But it is used by SNMP
> http://www.rfc-archive.org/getrfc.php?rfc=3826

Well, that's close enough to "standard" for our purposes.
NSS doesn't implement SNMP, but if an SNMP implementation wants to use
NSS's softoken, perhaps NSS's softoken ought to implement it.
It would mean implementing a new set of PKCS#11 "mechanisms", IINM.

--
Nelson B

Wan-Teh Chang

unread,
Sep 26, 2006, 3:55:35 PM9/26/06
to dev-tec...@lists.mozilla.org
Allan (beaufour), you should be able to build the CFB128 mode
yourself using the ECB mode as a primitive. It seems
straightforward to me (because 128 is the block size, you
don't need to shift). This way you don't need to wait for
the support of AES in CFB128 mode in NSS.

The NIST AES validation list is a good way to find out which
crypto modules support AES in CFB128 mode:
http://csrc.nist.gov/cryptval/aes/aesval.html

Wan-Teh

Allan Beaufour

unread,
Sep 27, 2006, 3:01:45 AM9/27/06
to Bob Relyea, dev-tec...@lists.mozilla.org
On 9/26/06, Bob Relyea <rre...@redhat.com> wrote:
> The only hard issue I see is getting a PKCS #11 mechanism for CFB mode.
> Once that exists it should be realitively easy to add such a mechanism.
> The primary changes would be in softoken, pk11wrap, and possibly adding
> an OID in util/secoid.[ch].
>
> I would be willing to review a patch for the NSS trunk (NSS 3.12). If
> one was submitted.

I've not ventured into NSS before, but I'll look at it.

--
... Allan

beau...@gmail.com

unread,
Oct 26, 2006, 1:41:25 PM10/26/06
to

Wan-Teh Chang wrote:
> Allan (beaufour), you should be able to build the CFB128 mode
> yourself using the ECB mode as a primitive. It seems
> straightforward to me (because 128 is the block size, you
> don't need to shift). This way you don't need to wait for
> the support of AES in CFB128 mode in NSS.

It has been running fine for me for a while btw.

I'll try looking into getting properly into NSS, but it's not on the
top of my list.
https://bugzilla.mozilla.org/show_bug.cgi?id=358219

Wan-Teh Chang

unread,
Oct 26, 2006, 4:12:26 PM10/26/06
to dev-tec...@lists.mozilla.org
beau...@gmail.com wrote:
> Wan-Teh Chang wrote:
>> Allan (beaufour), you should be able to build the CFB128 mode
>> yourself using the ECB mode as a primitive. It seems
>> straightforward to me (because 128 is the block size, you
>> don't need to shift). This way you don't need to wait for
>> the support of AES in CFB128 mode in NSS.
>
> It has been running fine for me for a while btw.

Allan, did you mean you built the CFB128 mode yourself
using the ECB mode as a primitive, as I suggested?

Wan-Teh

0 new messages