Re: [pkcs11] Validation constants in KMIP

[Tim Hudson <tjh@cryptsoft.com>]

KMIP details below.

Validation Information

The Validation Information base object is a structure that contains details of a formal validation. Specific fields MAY pertain only to certain types of validations.

Object	Encoding	REQUIRED
Validation Information	Structure	Â
Validation Authority Type	Enumeration	Yes
Validation Authority Country	Text String	No
Validation Authority URI	Text String	No
Validation Version Major	Integer	Yes
Validation Version Minor	Integer	No
Validation Type	Enumeration	Yes
Validation Level	Integer	Yes
Validation Certificate Identifier	Text String	No
Validation Certificate URI	Text String	No
Validation Vendor URI	Text String	No
Validation Profile	Text String, MAY be repeated	No

The Validation Authority along with the Validation Version Major, Validation Type and Validation Level SHALL be provided to uniquely identify a validation for a given validation authority. If the Validation Certificate URI is not provided the server SHOULD include a Validation Vendor URI from which information related to the validation is available.

The Validation Authority Country is the two letter ISO country code.

Â

Validation Authority Type Enumeration

Validation Authority Type
Name	Value
Unspecified	00000001
NIST CMVP	00000002
Common Criteria	00000003
Extensions	8XXXXXXX

Â

Validation Type Enumeration

Validation Type
Name	Value
Unspecified	00000001
Hardware	00000002
Software	00000003
Firmware	00000004
Hybrid	00000005
Extensions	8XXXXXXX

Â

Â

KMIP constant equivalents (using the naming from the specification) - these aren't in the specification but should save you some typing.

#define KMIP_VALIDATION_TYPE_UNSPECIFIED Â Â Â Â Â Â Â Â Â Â Â Â0x00000001
#define KMIP_VALIDATION_TYPE_HARDWARE Â Â Â Â Â Â Â Â Â Â Â Â Â 0x00000002
#define KMIP_VALIDATION_TYPE_SOFTWARE Â Â Â Â Â Â Â Â Â Â Â Â Â 0x00000003
#define KMIP_VALIDATION_TYPE_FIRMWARE Â Â Â Â Â Â Â Â Â Â Â Â Â 0x00000004
#define KMIP_VALIDATION_TYPE_HYBRID Â Â Â Â Â Â Â Â Â Â Â Â Â Â 0x00000005

#define KMIP_VALIDATION_AUTHORITY_TYPE_UNSPECIFIED Â Â Â Â Â Â Â0x00000001
#define KMIP_VALIDATION_AUTHORITY_TYPE_NIST_CMVP Â Â Â Â Â Â Â Â0x00000002
#define KMIP_VALIDATION_AUTHORITY_TYPE_COMMON_CRITERIA Â Â Â Â Â0x00000003

An example from the test cases:

   <ValidationInformation>
    <ValidationAuthorityType type="Enumeration" value="NISTCMVP"/>
    <ValidationAuthorityCountry type="TextString" value="US"/>
    <ValidationAuthorityURI type="TextString" value="http://csrc.nist.gov/groups/STM/cmvp/"/>
    <ValidationVersionMajor type="Integer" value="2"/>
    <ValidationType type="Enumeration" value="Software"/>
    <ValidationLevel type="Integer" value="1"/>
    <ValidationCertificateIdentifier type="TextString" value="1747"/>
    <ValidationCertificateURI type="TextString" value="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2012.htm#1747"/>
   </ValidationInformation>

Tim.

On Wed, Apr 20, 2022 at 7:40 AM Robert Relyea <rrelyea@redhat.com> wrote:

I've finally got a space to update the FIPS indicators document, and I
need the list of defined validation constants in KMIP so PKCS #11 and
KMIP can stay in sync:

Contants for Valdiation Type.

Validation Authority Type.

Thanks,

Bob


---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php