RFE: Implement proposed AES key wrapping mechanism



17 years ago
16 years ago


(Reporter: thayes0993, Assigned: nelson)



Firefox Tracking Flags

(Not tracked)




17 years ago

Comment 1

17 years ago
NIST is developing a key wrapping method that uses AES to "wrap" other secret 
data.  The wrapped data can be other AES keys or any other secret value, such 
as a random number seed, triple-DES key, private key or password.

A proposed definition of the AES key wrap algorithm is found at:

In addition, an edited version of this document has been submitted as an 
Internet draft to IETF:

The IETF draft gives proposed OIDs for this algorithm (one for each key size):

       aes  OBJECT IDENTIFIER  ::=  { joint-iso-itu-t(2) country(16) 
          us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 1 } 
       id-aes128-wrap  OBJECT IDENTIFIER  ::=  { aes 5 } 
       id-aes192-wrap  OBJECT IDENTIFIER  ::=  { aes 25 } 
       id-aes256-wrap  OBJECT IDENTIFIER  ::=  { aes 45 } 

Comment 2

17 years ago
Assigned the bug to Nelson.
Assignee: wtc → nelsonb
Priority: -- → P2
Target Milestone: --- → 3.7
The Internet Draft above has now become an RFC.

See ftp://ftp.rfc-editor.org/in-notes/rfc3394.txt

Comment 4

16 years ago
Moved to target milestone 3.8 because the original
NSS 3.7 release has been renamed 3.8.
Target Milestone: 3.7 → 3.8

The AES Key wrap algorithm was checked into freebl.  It was tested against
the test vectors in the RFC, and passes.  These test cases have not yet been
added to blapitest.

Two new AES Key wrap mechanisms were added to softoken, using CKM_NETSCAPE
mechanism numbers until a real proposal for those mechanisms is written for
and accepted by the PKCS 11 working group.  The code to implement these
mechanisms (on top of freebl) is insufficiently tested.

3 new OIDs and their mappings to the new mechanisms were added to the table
of known secoids.  

No additional work has been done to get any higher layer code (such as 
libSMIME) to use these new mechanisms.  At the moment, I'm not ever sure 
what interface one uses to perform a key wrap based on an OID.  

This work is now pre-empted by another urgent project.  I expect NSS 3.8
will ship with this implementation in essentially this state.
Terry, what is the proposed use for this algorithm?  
Is this to be used in SMIME (CMS)?  or XML encryption? or ??

The mechanism is now implemented in softoken.  
The secoid table now maps the OIDs to the PKCS 11 mechanisms.  

In the absense of a clear definition of where this is going to be used, 
I'm not sure what else to do with this.  

So, I'm taking the unusual step of marking this RFE fixed, so that the
implementation of these 2 new mechanisms will show up as having been done
in NSS 3.8 in bugzilla.  Perhaps another RFE should be filed requesting 
additional enhancement to NSS to use these mechanisms, once that work is
well defined.
Last Resolved: 16 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.