United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6604496 Support for CKM_AES_CTR (counter mode)
JDK-6604496 : Support for CKM_AES_CTR (counter mode)

Details
Type:
Enhancement
Submit Date:
2007-09-13
Status:
Closed
Updated Date:
2012-10-22
Project Name:
JDK
Resolved Date:
2011-04-23
Component:
security-libs
OS:
generic
Sub-Component:
javax.crypto:pkcs11
CPU:
generic
Priority:
P3
Resolution:
Fixed
Affected Versions:
7
Fixed Versions:

Related Reports
Relates:

Sub Tasks

Description
The SunPKCS11 provider does not support CKM_AES_CTR. This should be fixed.

That may require JCE API changes (a new Spec class) since counter mode is currently not fully supported by the JCE APIs. The SunJCE provider uses IvParameterSpec to pass the initial counter value and assumes a counter size equal to the block size, but PKCS #11 v2.20 Amendment 3 allows arbitrary, user specified counter sizes and RFC 3686 (AES for IPsec) uses a 32-bit bit counter. PKCS#11 also specifies that an error is produced if the counter overflows.

                                    

Comments
EVALUATION

Add CKM_AES_CTR mechanism support with IvParameterSpec first which should meet current need. We'll add the additional parameter class to fully support the non-128-bit-counter when it's really needed.
                                     
2009-03-26
EVALUATION

Release note wording suggestion:

SunPKCS11 provider now supports AES encryption with Counter mode (CTR), i.e. Cipher.getInstance("AES/CTR/NoPadding") calls, when the underlying PKCS11 library supports CKM_AES_CTR mechanism.
                                     
2011-05-23



Hardware and Software, Engineered to Work Together