OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Both are defined: CKM_TLS12_MAC and CKM_TLS_MAC


I find one interesting thing, we have the followings defined:

#define CKM_TLS12_MAC                       0x000003D8UL
#define CKM_TLS_MAC                         0x000003E4UL

And, in the spec, we also refer to CKM_TLS_MAC in:

2.29.3 TLS MAC

The TLS MAC mechanism is used to generate integrity tags for the TLS "finished" message. It replaces the use of the CKM_TLS_PRF function for TLS1.0 and 1.1 and that mechanism is deprecated.

CKM_TLS_MAC takes a parameter of CK_TLS_MAC_PARAMS.

And, we refer to CKM_TLS12_MAC in:

2.29.4 Master key derivation

Master key derivation :::::::::::::::::::::::::
The mechanism also contributes the CKA_ALLOWED_MECHANISMS attribute consisting only of CKM_TLS12_KEY_AND_MAC_DERIVE, CKM_TLS12_KEY_SAFE_DERIVE, CKM_TLS12_KDF and CKM_TLS12_MAC.

I think a long time back that Wan-Teh proposed CKM_TLS12_MAC, and then, we rename it to CKM_TLS_MAC, correct ?

So, we do NOT need CKM_TLS12_MAC.
Please confirm..


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]