Closed Bug 467372 Opened 16 years ago Closed 6 months ago

Implement SOBER-128 Encryption Algorithm

Categories

(NSS :: Libraries, enhancement, P5)

Product:
NSS
Component:
Libraries
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: KaiE, Unassigned)

Details

There is a desire to have the SOBER-128 Encryption Algorithm available in NSS.

Requested in https://bugzilla.redhat.com/show_bug.cgi?id=462014

See http://en.wikipedia.org/wiki/SOBER-128 for information about SOBER-128
As a general rule, we only accept implementations of ciphers in NSS when
all the following are true:
- Those ciphers have been publicly published, 
- The PKCS#11 API specification standard has been updated, or a draft 
modification for it has been accepted by the PKCS#11 "cryptoki" working group, 
that defines all the "mechanisms" (and object types, if applicable) needed to implement it,
- (if applicable) Algorithm Identifier OID(s) have been published for it
- It's use in some standard protocol implemented in NSS (such as new TLS 
cipher suites or CMS OIDs) has been specified in an RFC.  
- Any patent concerns have been resolved.

Are those conditions now met for this new cipher?

To be accepted, contributed implementations of ciphers must include:
- the cipher algorithm in Freebl
- the implementation of the PKCS#11 mechanisms and object types defined 
for it,
- Modifications to the pk11wrap layer required to understand and work with the new mechanisms,
- Modifications to lib/util to understand any new Algorithm IDentifier OIDs
- Modifications to lib/ssl and/or lib/smime to implement the new SSL cipher
suites and/or use of the new algorithm in CMS
- Modifications to test programs for freebl (blapitest), SSL and/or CMS 
have been made,
- Modifications to NSS's QA Acceptance test scripts to run the new tests 
(both blapitest and SSL and/or CMS tests).
- All patches must be in the form of a CVS unified diff (or set of CVS 
unified diffs) that apply cleanly to the NSS trunk with the patch command.

When the above conditions are met and a CVS patch that meets those 
requirements is ready, please let us know.
Here's the spec.

http://www.qualcomm.com.au/PublicationsDocs/SOBER-128-v2.pdf

I'd like to make this one a sample of how to implement a separately loaded crypto module rather than adding this to base softoken. This is particularly true since there is no need to use SSL with this cipher.

In any case I don't think this would make a NSS 3.12 softoken.

Also, SOBER-128 MAC has been broken and should not be part of this implementation.

bob
Severity: normal → S3
Severity: S3 → N/A
Status: NEW → RESOLVED
Closed: 6 months ago
Priority: -- → P5
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.