Re: [pkcs11] Broken definitions in PKCS#11 wd03 draft

[Oscar So <oscar.so@oracle.com>]

Thanks Stef.

As I pointed out in last email about CK_PKCS5_PBKD2_PARAMS2:

CK_PKCS5_PBKD2_PARAMS2 is defined to deprecate CK_PKCS5_PBKD2_PARAMS
But, there are a few problems found:

1a)
v2.40 is suppose to be backward compatible, so the provider has to be 
able to distinguish between CK_PKCS5_PBKD2_PARAMS2 (new) and 
CK_PKCS5_PBKD2_PARAMS (old), since sizeof(CK_PKCS5_PBKD2_PARAMS2) == 
sizeof(CK_PKCS5_PBKD2_PARAMS), it is hard to figure out which is which.
Therefore, a new mechanism should be defined for PKCS #11 v3.0.
So that the old mechanism maps onto CK_PKCS5_PBKD2_PARAMS (old), and
the new mechanism maps onto CK_PKCS5_PBKD2_PARAMS2 (new)

1b)
I could not find CK_PKCS5_PBKD2_PARAMS2 (new) in the spec.
Chris Z ? Did you put that in ?
(Because of 1a, it's fine that we don't have it)
But, I have CK_PKCS5_PBKD2_PARAMS2 in pkcs11t.h.
I can remove it too.




Comments ?

Best,
Oscar



On 09/17/14 03:19 AM, Stef Walter wrote:
> Went over the wd03 spec again, while working on headers. Noticed about
> 25 problems.
>
> Of particular importance I'd like to call out:
>
>   * Missing definition and deprecation of CK_PKCS5_PBKD2_PARAMS
>     in favor of CK_PKCS5_PBKD2_PARAMS2.
>
>   * CK_SEED_CBC_ENCRYPT_DATA_PARAMS is a zero length structure.
>
>   * CK_PARAM_TYPE should be changed to CK_OTP_PARAM_TYPE
>     throughout.
>
> All the rest of the changes are listed here, including the #define's
> that need to be added to the appendices.
>
> https://wiki.oasis-open.org/pkcs11/Definitions
>
> Stef
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php