OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [pkcs11-comment] PKCS#11 v2.40 Errata 01 comments


Jaroslav -

Thank you  so much for taking the time to do a detailed review
of the documents!

We will get back to you on your specific comments.

Valerie

On 02/17/16 01:27 PM, Jaroslav Imrich wrote:
Hello all,

I can confirm that issues I have reported for v2.40-os [0] were all resolved in this
errata and I am very happy for that. I really appreciate the effort which PKCS11 TC
members have put into this tedious and time consuming task. However some new issues were
introduced along the way but I believe this is a work in progress and most of them still
can be fixed. I have numbered my comments and issues so they can be tracked and
referenced easily:

COMMENT #1:
There are many changes introduced in headers (for examples please see issues #5 #6 #7
and others bellow) which are not mentioned/explained in the text of
"pkcs11-*-v2.40-errata01-csprd01.doc" documents. At first I thought these documents will
provide complete list of changes with rationale and explain why these changes were
necessary but then I found out that these documents are currently incomplete and not
very specific in many cases. Seeing that errata docs will not tell me much about the
changes I have ended up diffing with previous headers and previous specs. I believe that
errata docs should be updated to explain/justify *all* changes made since v2.40-os.

COMMENT #2:
There are many new elements introduced in headers (for examples please see issues #9 #10
#11 and others bellow) which were not present in previous versions of specification nor
the headers. On PKCS11 TC wiki [1] there is information that these elements were merged
from v2.30 headers. However I am not aware of v2.30 headers being published in the past
and they are also not present on ftp.rsasecurity.com <http://ftp.rsasecurity.com> [2].
Do they exist? Where are they published? This must be quite confusing for any v2.40 user
unaware of v2.30 headers existence and IMO it should be at least mentioned in errata
documents (see COMMENT #1) where these new elements came from.

COMMENT #3:
Values of some constants were changed without any explanation (for example please see
issues #5 #6 #7 and others bellow). I personally consider this to be an API breaking
change and I believe this should never happen or happen only as a very *very* last
resort with a strong justification in errata docs (see COMMENT #1). I believe we all
want PKCS#11 to define a stable API that won't break things.

COMMENT #4:
I can see there are some very old errors fixed in v2.40e1 headers. For example
CK_SKIPJACK_PRIVATE_WRAP_PTR which IMO was typo in v2.20 headers was renamed to
CK_SKIPJACK_PRIVATE_WRAP_PARAMS_PTR in v2.40e1 headers. While fixing old errors is a
good thing it can prevent some code from building. I believe such changes should be
mentioned in errata docs (see COMMENT #1).

MAJOR ISSUE #1
In v2.40e1 headers CK_GCM_PARAMS structure has new member "ulIvBits". This member is not
present in v2.40e1 text. Both text and headers are normative so which one is correct?

MAJOR ISSUE #2
Definitions of CKM_KEA_DERIVE is completely new in v2.40e1 headers. I believe that
CKM_KEA_DERIVE is a typo which is present in PKCS#11 specs for a long time now and
represents CKM_KEA_KEY_DERIVE mechanism. IMHO introducing new constant for this
historical mechanism in v2.40e1 might not a best idea. Again this change is not listed
in errata docs (see COMMENT #1).

MAJOR ISSUE #3
Definitions of CKK_SHA512_224_HMAC, CKK_SHA512_256_HMAC and CKK_SHA512_T_HMAC are
missing in v2.40e1 headers. They were present in v2.40 text.

MAJOR ISSUE #4
Definitions of CKM_DSA_FIPS_G_GEN is missing in v2.40e1 headers. It was present in v2.40
text.

MAJOR ISSUE #5
CKM_DSA_SHA* definitions were changed between v2.40 and v2.40e1 without any explanation.
In v2.40 text these were defined as:
#define CKM_DSA_SHA224 0x00000014
#define CKM_DSA_SHA256 0x00000015
#define CKM_DSA_SHA384 0x00000016
#define CKM_DSA_SHA512 0x00000017
In v2.40e1 headers they are defined as:
#define CKM_DSA_SHA224 0x00000013UL
#define CKM_DSA_SHA256 0x00000014UL
#define CKM_DSA_SHA384 0x00000015UL
#define CKM_DSA_SHA512 0x00000016UL

MAJOR ISSUE #6
CKM_AES_* definitions were changed between v2.40 and v2.40e1 without any explanation.
In v2.40 text these were defined as:
#define CKM_AES_CTS 0x0000108B
#define CKM_AES_CMAC_GENERAL 0x00001089
In v2.40e1 headers they are defined as:
#define CKM_AES_CTS 0x00001089UL
#define CKM_AES_CMAC_GENERAL 0x0000108BUL

MAJOR ISSUE #7
Some of the CKR_* definitions were changed between v2.40 and v2.40e1 without any
explanation.
In v2.40 text these were defined as:
#define CKR_EXCEEDED_MAX_ITERATIONS 0x000001C0
#define CKR_FIPS_SELF_TEST_FAILED 0x000001C1
#define CKR_LIBRARY_LOAD_FAILED 0x000001C2
#define CKR_PIN_TOO_WEAK 0x000001C3
#define CKR_PUBLIC_KEY_INVALID 0x000001C4
In v2.40e1 headers they are defined as:
#define CKR_EXCEEDED_MAX_ITERATIONS 0x000001B5UL
#define CKR_FIPS_SELF_TEST_FAILED 0x000001B6UL
#define CKR_LIBRARY_LOAD_FAILED 0x000001B7UL
#define CKR_PIN_TOO_WEAK 0x000001B8UL
#define CKR_PUBLIC_KEY_INVALID 0x000001B9UL

MAJOR ISSUE #8
CK_TLS_MAC_PARAMS structure in v2.40e1 headers contains member named "prfHashMechanism"
which is inconsistently named "prfMechanism" in the docs.

MINOR ISSUE #9
Definitions of CK_ECDH2_DERIVE_PARAMS, CK_TLS_PRF_PARAMS and CK_CAMELLIA_CTR_PARAMS were
merged from v2.20.
They were not present in v2.40 and currently are not described in the docs.

MINOR ISSUE #10
Definitions of CKK_MD5_HMAC, CKK_RIPEMD128_HMAC and CKK_RIPEMD160_HMAC were merged from
draft of v2.30.
They were not present in v2.40 and currently are not described in the docs.

MINOR ISSUE #11
Definitions of CKK_SHA_1_HMAC, CKK_SHA256_HMAC, CKK_SHA384_HMAC, CKK_SHA512_HMAC,
CKK_SHA224_HMAC were merged from draft of v2.30.
Their values were not present in v2.40. This should be at least mentioned in errata docs.

MINOR ISSUE #12
Definitions of CKM_ECDSA_SHA224, CKM_ECDSA_SHA256, CKM_ECDSA_SHA384 and CKM_ECDSA_SHA512
are completely new in v2.40e1 headers.
They were not present in any older version and currently are not described in the docs.
This may be a leftover from v2.30 headers (see COMMENT #2).

MINOR ISSUE #13
Definitions of CKA_DERIVE_TEMPLATE is completely new in v2.40e1 headers.
It was not present in any older version and currently is not described in the docs.
This may be a leftover from v2.30 headers (see COMMENT #2).

MINOR ISSUE #14
Definitions of CK_AES_GCM_PARAMS and CK_AES_CCM_PARAMS structures are completely new in
v2.40e1 headers and they are already marked as deprecated.
This may be a leftover from v2.30 headers (see COMMENT #2). It is strange to see a new
structure being introduced and deprecated in the same time.

MINOR ISSUE #15
Definitions of CKD_SHA224_KDF, CKD_SHA256_KDF, CKD_SHA384_KDF, CKD_SHA512_KDF and
CKD_CPDIVERSIFY_KDF are completely new in v2.40e1 headers.
This may be a leftover from v2.30 headers (see COMMENT #2).

MINOR ISSUE #16:
Chapter 2.2 of pkcs11-curr-v2.40-errata01-csprd01.doc states that "Implementers of the
TLS V1.2 mechanisms as specified in [PKCS #11-Curr] should consult the PKCS 11 TC wiki
at https://wiki.oasis-open.org/pkcs11/ for the latest informative guidance prior to
implementing these mechanisms.". IMO it is not good idea to reference external
dynamically changing sources in the text of standards but despite of that I tried to
search for "TLS" term on referenced wiki. With no results [3]. Is this intentional or I
am doing something wrong?

MINOR ISSUE #17
Definition of CKM_TLS12_KDF is present in headers however it is not described in the docs.
This may be related to TLS V1.2 mechanisms which should be described on external wiki
(see ISSUE #16).

[0] https://lists.oasis-open.org/archives/pkcs11-comment/201505/msg00001.html
[1] https://wiki.oasis-open.org/pkcs11/Definitions
[2] ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-30/
[3]
https://wiki.oasis-open.org/pkcs11/FrontPage?action=fullsearch&context=180&value=TLS&titlesearch=Titles

Kind Regards

Jaroslav Imrich
http://www.jimrich.sk
jaroslav.imrich@gmail.com <mailto:jaroslav.imrich@gmail.com>


Valerie
--
Valerie Fenwick, http://bubbva.blogspot.com/ @bubbva
Solaris Cryptographic & Key Management Technologies, Manager
Oracle Corporation: 4180 Network Circle, Santa Clara, CA, 95054.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]