OK so here is the list of issues I am facing right now. BTW does TC already maintain official errata for
PKCS#11 v2.40 as mentioned in chapter 1 of [pkcs11-base-v2.40-os]? I cannot find it.
MAJOR ISSUE #1
These key types are mentioned in [pkcs11-curr-v2.40-os] but there are no values defined for them:
- CKK_SEED
- CKK_GOSTR3410
- CKK_GOSTR3411
- CKK_GOST28147
MAJOR ISSUE #2
These mechanisms are mentioned in [pkcs11-curr-v2.40-os] but there are no values defined for them:
- CKM_DES3_CMAC_GENERAL
- CKM_DES3_CMAC
- CKM_SEED_KEY_GEN
- CKM_SEED_ECB
- CKM_SEED_CBC
- CKM_SEED_MAC
- CKM_SEED_MAC_GENERAL
- CKM_SEED_CBC_PAD
- CKM_SEED_ECB_ENCRYPT_DATA
- CKM_SEED_CBC_ENCRYPT_DATA
- CKM_AES_GMAC
MAJOR ISSUE #3
These key derivation functions are mentioned in [pkcs11-curr-v2.40-os] but there are no values defined for them:
- CKD_SHA224_KDF
- CKD_SHA256_KDF
- CKD_SHA384_KDF
- CKD_SHA512_KDF
- CKD_CPDIVERSIFY_KDF
MAJOR ISSUE #4
There seems to be an incomplete definition of CK_SEED_CBC_ENCRYPT_DATA_PARAMS and CK_CBC_ENCRYPT_DATA_PARAMS structures present in chapter 2.40.1 of [pkcs11-curr-v2.40-os].
MINOR ISSUE #1
Constant CKR_COPY_PROHIBITED is defined in appendix B of [pkcs11-base-v2.40-os] but it is not mentioned in the text. Is this a leftover after v2.30 that was superseded by CKR_ACTION_PROHIBITED in v2.40?
MINOR ISSUE #2
These structures were present in v2.20 headers but are missing in the text of v2.40 documents:
- CK_ECDH2_DERIVE_PARAMS - it was present in the text of v2.11 chapter 12.4.4.
- CK_TLS_PRF_PARAMS - it was present in v2.20 chapter 12.32.2.
- CK_CAMELLIA_CTR_PARAMS - it was present in v2.20a3 chapter 3.4.3.
What is the current status of these structures? Are they deprecated now? I believe they should be present in v2.40 headers to keep the backwards compatibility.
MINOR ISSUE #3
Definition of CK_DSA_PARAMETER_GEN_PARAM structure is present in the text but CK_DSA_PARAMETER_GEN_PARAM_PTR is missing. Is this intended?
MINOR ISSUE #4
Mechanism CKM_X9_42_DH_PKCS_PARAMETER_GEN defined in [pkcs11-curr-v2.40-os] uses the same value (0x00002002) as CKM_X9_42_DH_PARAMETER_GEN in older versions. Was the renaming intentional? I believe both definitions should be present in v2.40 headers to keep the backwards compatibility.
MINOR ISSUE #5
Constant CK_OTP_FORMAT defined in [pkcs11-curr-v2.40-os] uses the same value (0x00000007) as CK_OTP_OUTPUT_FORMAT in older versions. Was the renaming intentional? I believe both definitions should be present in v2.40 headers to keep the backwards compatibility.
Thanks for any feedback