Re: [pkcs11] Re: Proposal: New CKA_DESTROYABLE attribute

[Tim Hudson <tjh@cryptsoft.com>]

On 13/06/2013 4:31 AM, Michael StJohns wrote:
> Yup.  None of the changes made in 2.30 are in the header files.  

Incorrect.

The difference from the v2.20 to v2.30 header file involved merging in
all the changes from amendments and the updates folks provided to Simon
and/or Bob for changes.

Now that doesn't mean there are things which were added in the document
which haven't been put into the header files - but this is the updated
header file that was made available so if someone is working off
something other than this then they created their own version and should
perform a unified diff against what Bob uploaded and note the
differences which are missing.

Diff with blank or non-useful comment lines removed ...

diff -bu v220/pkcs11t.h v230 | grep '^+'
+++ v230/pkcs11t.h      2012-12-06 11:31:21.282909862 +1000
+/* pkcs11t.h include file for PKCS #11 V 2.30 - draft 1 */
+#define CRYPTOKI_VERSION_MINOR 30
+#define CRYPTOKI_VERSION_AMENDMENT 0
+#define CKF_ERROR_STATE              0x01000000
+/* Context specific */
+/* CK_HW_FEATURE_TYPE is a
+#define CKK_MD5_HMAC        0x00000027
+#define CKK_SHA_1_HMAC      0x00000028
+#define CKK_RIPEMD128_HMAC  0x00000029
+#define CKK_RIPEMD160_HMAC  0x0000002A
+#define CKK_SHA256_HMAC     0x0000002B
+#define CKK_SHA384_HMAC     0x0000002C
+#define CKK_SHA512_HMAC     0x0000002D
+#define CKK_SHA224_HMAC     0x0000002E
+#define CKK_SEED            0x0000002F
+#define CKK_GOSTR3410       0x00000030
+#define CKK_GOSTR3411       0x00000031
+#define CKK_GOST28147       0x00000032
+/* The following OTP-related defines relate to the CKA_OTP_FORMAT
attribute */
+/* The following OTP-related defines relate to the
CKA_OTP_..._REQUIREMENT attributes */
+#define CKA_SUB_PRIME_BITS     CKA_SUBPRIME_BITS
+#define CKA_DERIVE_TEMPLATE      (CKF_ARRAY_ATTRIBUTE|0x00000213)
+#define CKA_GOSTR3410_PARAMS           0x00000250
+#define CKA_GOSTR3411_PARAMS           0x00000251
+#define CKA_GOST28147_PARAMS           0x00000252
+#define CKM_DSA_SHA224                 0x00000013
+#define CKM_DSA_SHA256                 0x00000014
+#define CKM_DSA_SHA384                 0x00000015
+#define CKM_DSA_SHA512                 0x00000016
+#define CKM_DES3_CMAC_GENERAL          0x00000137
+#define CKM_DES3_CMAC                  0x00000138
+/* Note that CAST128 and CAST5 are the same algorithm */
+#define CKM_SEED_KEY_GEN               0x00000650
+#define CKM_SEED_ECB                   0x00000651
+#define CKM_SEED_CBC                   0x00000652
+#define CKM_SEED_MAC                   0x00000653
+#define CKM_SEED_MAC_GENERAL           0x00000654
+#define CKM_SEED_CBC_PAD               0x00000655
+#define CKM_SEED_ECB_ENCRYPT_DATA      0x00000656
+#define CKM_SEED_CBC_ENCRYPT_DATA      0x00000657
+#define CKM_ECDSA_SHA224               0x00001043
+#define CKM_ECDSA_SHA256               0x00001044
+#define CKM_ECDSA_SHA384               0x00001045
+#define CKM_ECDSA_SHA512               0x00001046
+#define CKM_AES_CTS                    0x00001089
+#define CKM_AES_CMAC                   0x0000108A
+#define CKM_AES_CMAC_GENERAL           0x0000108B
+#define CKM_AES_GCM                    0x00001087
+#define CKM_AES_CCM                    0x00001088
+#define CKM_AES_KEY_WRAP               0x00001090
+#define CKM_AES_KEY_WRAP_PAD           0x00001091
+#define CKM_BLOWFISH_CBC_PAD           0x00001094
+#define CKM_TWOFISH_CBC_PAD            0x00001095
+#define CKM_GOSTR3410_KEY_PAIR_GEN     0x00001200
+#define CKM_GOSTR3410                  0x00001201
+#define CKM_GOSTR3410_WITH_GOSTR3411   0x00001202
+#define CKM_GOSTR3410_KEY_WRAP         0x00001203
+#define CKM_GOSTR3410_DERIVE           0x00001204
+#define CKM_GOSTR3411                  0x00001210
+#define CKM_GOSTR3411_HMAC             0x00001211
+#define CKM_GOST28147_KEY_GEN          0x00001220
+#define CKM_GOST28147_ECB              0x00001221
+#define CKM_GOST28147                  0x00001222
+#define CKM_GOST28147_MAC              0x00001223
+#define CKM_GOST28147_KEY_WRAP         0x00001224
+#define CKM_AES_OFB                    0x00002104
+#define CKM_AES_CFB64                  0x00002105
+#define CKM_AES_CFB8                   0x00002106
+#define CKM_AES_CFB128                 0x00002107
+#define CKM_RSA_PKCS_TPM_1_1           0x00004001
+#define CKM_RSA_PKCS_OAEP_TPM_1_1      0x00004002
+/* Specify whether or not a mechanism can be used for a particular task */
+/* Describe a token's EC capabilities not available in mechanism
+#define CKR_EXCEEDED_MAX_ITERATIONS           0x000001B5
+#define CKR_FIPS_SELF_TEST_FAILED             0x000001B6
+#define CKR_LIBRARY_LOAD_FAILED               0x000001B7
+#define CKR_PIN_TOO_WEAK                      0x000001B8
+#define CKR_PUBLIC_KEY_INVALID                0x000001B9
+/* The following X9.42 DH key derivation functions are defined */
+#define CKD_SHA1_KDF_ASN1        0x00000003
+#define CKD_SHA1_KDF_CONCATENATE 0x00000004
+#define CKD_SHA224_KDF           0x00000005
+#define CKD_SHA256_KDF           0x00000006
+#define CKD_SHA384_KDF           0x00000007
+#define CKD_SHA512_KDF           0x00000008
+#define CKD_CPDIVERSIFY_KDF      0x00000009
+typedef struct CK_AES_GCM_PARAMS {
+  CK_BYTE_PTR pIv;
+  CK_ULONG ulIvLen;
+  CK_ULONG ulIvBits;
+  CK_BYTE_PTR pAAD;
+  CK_ULONG ulAADLen;
+  CK_ULONG ulTagBits;
+} CK_AES_GCM_PARAMS;
+
+typedef CK_AES_GCM_PARAMS CK_PTR CK_AES_GCM_PARAMS_PTR;
+
+typedef struct CK_AES_CCM_PARAMS {
+       CK_ULONG ulDataLen; /*plaintext or ciphertext*/
+       CK_BYTE_PTR pNonce;
+       CK_ULONG ulNonceLen;
+       CK_BYTE_PTR pAAD;
+       CK_ULONG ulAADLen;
+       CK_ULONG ulMACLen;
+} CK_AES_CCM_PARAMS;
+
+typedef CK_AES_CCM_PARAMS CK_PTR CK_AES_CCM_PARAMS_PTR;
+

Tim.