[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pkcs11] Broken definitions in PKCS#11 wd03 draft
Thanks Stef. I just edited this Wiki page: https://wiki.oasis-open.org/pkcs11/Definitions Added: * Missing CK_ECDH2_DERIVE_PARAMS and CK_ECDH2_DERIVE_PARAMS_PTR * Missing CK_CAMELLIA_CTR_PARAMS and CK_CAMELLIA_CTR_PARAMS_PTR * Missing CK_TLS_PRF_PARAMS and CK_TLS_PRF_PARAMS_PTRI need to put the above back into pkcs11t.h in order to build our existing code.
Best, Oscar On 09/17/14 12:51 PM, Stef Walter wrote:
On 17.09.2014 19:44, Oscar So wrote:Again, thank you Stef. Quickly did a build on our code, and also reviewed your header files, and one major issue, and one nit issue: 1) Major issue is that the following PARAMS is missing: 1322 1323 /* 1324 * CK_ECDH2_DERIVE_PARAMS provides the parameters to the 1325 * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. */ 1326 typedef struct CK_ECDH2_DERIVE_PARAMS { 1327 CK_EC_KDF_TYPE kdf; 1328 CK_ULONG ulSharedDataLen; 1329 CK_BYTE_PTR pSharedData; 1330 CK_ULONG ulPublicDataLen; 1331 CK_BYTE_PTR pPublicData; 1332 CK_ULONG ulPrivateDataLen; 1333 CK_OBJECT_HANDLE hPrivateData; 1334 CK_ULONG ulPublicDataLen2; 1335 CK_BYTE_PTR pPublicData2; 1336 } CK_ECDH2_DERIVE_PARAMS; 1337 1338 typedef CK_ECDH2_DERIVE_PARAMS CK_PTR CK_ECDH2_DERIVE_PARAMS_PTR; 1339 I got a build error. If the removal of this define is intended, we really need this back into the header file for our existing code.This definition is not present in the Committee Specification we just voted on here: https://www.oasis-open.org/apps/org/workgroup/pkcs11/ballot.php?id=2668 That is, this: http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/pkcs11-curr-v2.40.html Out of interest, do you know which PKCS#11 version CK_ECDH2_DERIVE_PARAMS was this introduced in? It's missing from our current documents. Maybe we could you add this to the wiki as a problem that will need a specification amendment? Here would be the place: https://wiki.oasis-open.org/pkcs11/Definitions This and the other amendments needed would be important material to bring up for the next meeting. By the way I'm tracking all these changes in git now, so it'll be trivial to restore definitions once they arrive in an amendment. As I noted when posting the updated WD03 header, the following definitions were removed as they are not found in the specification: * CKA_DERIVE_TEMPLATE * CKM_CMS_SIG_PARAMS * CKM_ECDSA_SHA224 * CKM_ECDSA_SHA256 * CKM_ECDSA_SHA384 * CKM_ECDSA_SHA512 * CKK_MD5_HMAC * CKK_RIPEMD128_HMAC * CKK_RIPEMD160_HMAC * CK_CAMELLIA_CTR_PARAMS * CK_ECDH2_DERIVE_PARAMS * CK_TLS_PRF_PARAMS More details here: https://www.oasis-open.org/apps/org/workgroup/pkcs11/email/archives/201409/msg00031.html The goal I understood during our TC's earlier discussion of the header process was to have the headers reflect the specification, and that they would be produced once the specification was final. I'm not convinced this is the best approach, given the somewhat broken nature of our released specification. But nevertheless it's the way we've chosen to work.2) Nit issue for: /* new for v2.40 */ #define CKM_TLS10_MAC_SERVER 0x000003D6UL #define CKM_TLS10_MAC_CLIENT 0x000003D7UL Are CKM_TLS10_MAC_SERVER and CKM_TLS10_MAC_CLIENT new for v2.40 ? or earlier version ?Neither of these defines are present anywhere at: ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/ Therefore to me it seems that v2.40 is the first official version where they are present. But if you find in another official specification version or amendment, I would be very happy to update/remove the comment. Cheers, Stef --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]