[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pkcs11] Both are defined: CKM_TLS12_MAC and CKM_TLS_MAC
Resending for today's discussion... On 10/21/14 06:22 PM, Oscar So wrote:
Hi, I find one interesting thing, we have the followings defined: #define CKM_TLS12_MAC 0x000003D8UL #define CKM_TLS_MAC 0x000003E4UL And, in the spec: http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cs01/pkcs11-curr-v2.40-cs01.html#_Toc399399040 We refer to CKM_TLS_MAC in: 2.29.3 TLS MAC The TLS MAC mechanism is used to generate integrity tags for the TLS "finished" message. It replaces the use of the CKM_TLS_PRF function for TLS1.0 and 1.1 and that mechanism is deprecated. CKM_TLS_MAC takes a parameter of CK_TLS_MAC_PARAMS. And, we ALSO refer to CKM_TLS12_MAC in: 2.29.4 Master key derivation Master key derivation ::::::::::::::::::::::::: ::::::::::::::::::::::::::::::::::::::::::::::: The mechanism also contributes the CKA_ALLOWED_MECHANISMS attribute consisting only of CKM_TLS12_KEY_AND_MAC_DERIVE, CKM_TLS12_KEY_SAFE_DERIVE, CKM_TLS12_KDF and CKM_TLS12_MAC. I think a long time back that Wan-Teh proposed CKM_TLS12_MAC, and then, we rename it to CKM_TLS_MAC, correct ? So, we do NOT need CKM_TLS12_MAC. Please confirm.. Thanks, Oscar --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]