[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pkcs11] Validation constants in KMIP
KMIP details below.
Thanks Type. Validation type is different than I thought. I thought it would indication FIPS-140 versus some other NIST validation. So what would be the values for FIPS-140-2 level 1, and FIPS-140-3 level2 ?
bob
Validation Information
The Validation Information base object is a structure that contains details of a formal validation. Specific fields MAY pertain only to certain types of validations.
Object
Encoding
REQUIRED
Validation Information
Structure
Â
Validation Authority Type
Enumeration
Yes
Validation Authority Country
Text String
No
Validation Authority URI
Text String
No
Validation Version Major
Integer
Yes
Validation Version Minor
Integer
No
Validation Type
Enumeration
Yes
Validation Level
Integer
Yes
Validation Certificate Identifier
Text String
No
Validation Certificate URI
Text String
No
Validation Vendor URI
Text String
No
Validation Profile
Text String, MAY be repeated
No
The Validation Authority along with the Validation Version Major, Validation Type and Validation Level SHALL be provided to uniquely identify a validation for a given validation authority. If the Validation Certificate URI is not provided the server SHOULD include a Validation Vendor URI from which information related to the validation is available.
The Validation Authority Country is the two letter ISO country code.
Â
Validation Authority Type Enumeration
Validation Authority Type
Name
Value
Unspecified
00000001
NIST CMVP
00000002
Common Criteria
00000003
Extensions
8XXXXXXX
Â
Validation Type Enumeration
Validation Type
Name
Value
Unspecified
00000001
Hardware
00000002
Software
00000003
Firmware
00000004
Hybrid
00000005
Extensions
8XXXXXXX
Â
Â
KMIP constant equivalents (using the naming from the specification) - these aren't in the specification but should save you some typing.
#define KMIP_VALIDATION_TYPE_UNSPECIFIED Â Â Â Â Â Â Â Â Â Â Â Â0x00000001
#define KMIP_VALIDATION_TYPE_HARDWARE Â Â Â Â Â Â Â Â Â Â Â Â Â 0x00000002
#define KMIP_VALIDATION_TYPE_SOFTWARE Â Â Â Â Â Â Â Â Â Â Â Â Â 0x00000003
#define KMIP_VALIDATION_TYPE_FIRMWARE Â Â Â Â Â Â Â Â Â Â Â Â Â 0x00000004
#define KMIP_VALIDATION_TYPE_HYBRID Â Â Â Â Â Â Â Â Â Â Â Â Â Â 0x00000005
#define KMIP_VALIDATION_AUTHORITY_TYPE_UNSPECIFIED Â Â Â Â Â Â Â0x00000001
#define KMIP_VALIDATION_AUTHORITY_TYPE_NIST_CMVP Â Â Â Â Â Â Â Â0x00000002
#define KMIP_VALIDATION_AUTHORITY_TYPE_COMMON_CRITERIA Â Â Â Â Â0x00000003
An example from the test cases:
   <ValidationInformation>
    <ValidationAuthorityType type="Enumeration" value="NISTCMVP"/>
    <ValidationAuthorityCountry type="TextString" value="US"/>
    <ValidationAuthorityURI type="TextString" value="http://csrc.nist.gov/groups/STM/cmvp/"/>
    <ValidationVersionMajor type="Integer" value="2"/>
    <ValidationType type="Enumeration" value="Software"/>
    <ValidationLevel type="Integer" value="1"/>
    <ValidationCertificateIdentifier type="TextString" value="1747"/>
    <ValidationCertificateURI type="TextString" value="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2012.htm#1747"/>
   </ValidationInformation>
Tim.
On Wed, Apr 20, 2022 at 7:40 AM Robert Relyea <rrelyea@redhat.com> wrote:
I've finally got a space to update the FIPS indicators document, and I
need the list of defined validation constants in KMIP so PKCS #11 and
KMIP can stay in sync:
Contants for Valdiation Type.
Validation Authority Type.
Thanks,
Bob
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]