OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [pkcs11] Broken definitions in PKCS#11 wd03 draft


Again, thank you Stef.

Quickly did a build on our code, and also reviewed your header files, and one major issue, and one nit issue:


1)
Major issue is that the following PARAMS is missing:

1322
1323 /*
1324  * CK_ECDH2_DERIVE_PARAMS provides the parameters to the
1325 * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. */
1326 typedef struct CK_ECDH2_DERIVE_PARAMS {
1327   CK_EC_KDF_TYPE kdf;
1328   CK_ULONG ulSharedDataLen;
1329   CK_BYTE_PTR pSharedData;
1330   CK_ULONG ulPublicDataLen;
1331   CK_BYTE_PTR pPublicData;
1332   CK_ULONG ulPrivateDataLen;
1333   CK_OBJECT_HANDLE hPrivateData;
1334   CK_ULONG ulPublicDataLen2;
1335   CK_BYTE_PTR pPublicData2;
1336 } CK_ECDH2_DERIVE_PARAMS;
1337
1338 typedef CK_ECDH2_DERIVE_PARAMS CK_PTR CK_ECDH2_DERIVE_PARAMS_PTR;
1339

I got a build error. If the removal of this define is intended, we really need this back into the header file for our existing code.



2)
Nit issue for:
/* new for v2.40 */
#define CKM_TLS10_MAC_SERVER                0x000003D6UL
#define CKM_TLS10_MAC_CLIENT                0x000003D7UL

Are CKM_TLS10_MAC_SERVER and CKM_TLS10_MAC_CLIENT new for v2.40 ? or earlier version ?


Best,
Oscar









On 09/17/14 09:21 AM, Stef Walter wrote:
On 17.09.2014 18:07, Oscar So wrote:
Thanks Stef.

As I pointed out in last email about CK_PKCS5_PBKD2_PARAMS2:

CK_PKCS5_PBKD2_PARAMS2 is defined to deprecate CK_PKCS5_PBKD2_PARAMS
But, there are a few problems found:

<snip>

1b)
I could not find CK_PKCS5_PBKD2_PARAMS2 (new) in the spec.
Chris Z ? Did you put that in ?
(Because of 1a, it's fine that we don't have it)
But, I have CK_PKCS5_PBKD2_PARAMS2 in pkcs11t.h.
I can remove it too.

It is indeed not in the spec. I left it in my WD03 pkcs11t.h as I
imagined this issue would be discussed immediately and people could use
the definition as a reference.

But if CK_PKCS5_PBKD2_PARAMS2 will be handled in an amendment to the
spec, then we should indeed leave it out of the pkcs11t.h header until
such an amendment is ready.

In general the headers should match the currently released version of
the spec as close as possible. Obviously there are some constants [1] in
headers that are not yet in the spec, but that's an exception due to our
process.

Cheers,

Stef

[1] https://wiki.oasis-open.org/pkcs11/Definitions




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]