The SunPKCS11 provider has been enhanced to support the
following AES CTS transformations for the Cipher
service type:
- AES/CTS/NoPadding
- AES_128/CTS/NoPadding
- AES_192/CTS/NoPadding
- AES_256/CTS/NoPadding
The Addendum to NIST
Special Publication 800-38A defines three variants of
Ciphertext Stealing for CBC mode: CBC-CS1, CBC-CS2, and CBC-CS3. To
ensure interoperability with SunJCE and Kerberos which use the CS3
variant, the SunPKCS11 provider needs to know the variant
implemented by the underlying PKCS #11 library and convert the data
if it is not in the CS3 variant. A new SunPKCS11 provider
configuration attribute named
cipherTextStealingVariant
is introduced and must be
set with any of the following values: CS1
,
CS2
or CS3
to indicate the CTS variant of
the underlying PKCS #11 library, except for NSS as it is known to
be CS1
. Otherwise, the PKCS #11
CKM_AES_CTS
mechanism is disabled.