Issue #14:
Definitions of CKK_MD5_HMAC, CKK_RIPEMD128_HMAC and
CKK_RIPEMD160_HMAC were merged from draft of v2.30.
They were not present in v2.40 and currently are not described
in the docs.
CKM_MD5_HMAC, CKM_RIPEMD128_HMAC, and CKM_RIPMEMD160_HMAC were all
moved to historical mechanisms in 2.40. The are currently defined
in the headers, but not in the document.
Option 1: Remove them from the headers and mark them reserved in
our database.
Option 2: Update the Historical documents to include them in the
Historical mechanism doc
Option 3: Option 2 and add the key generation mechanisms for them
in both the Historical documents and the headers.
Recommendation: Option 1.
Issue #15
Definitions of CKK_SHA_1_HMAC, CKK_SHA256_HMAC,
CKK_SHA384_HMAC, CKK_SHA512_HMAC, CKK_SHA224_HMAC were merged
from draft of v2.30.
Their values were not present in v2.40. This should be at
least mentioned in errata docs.
These were updated by Darren Johnson's SHA2 update proposal,
balloc 10/26.
Recommendation: Close issue as fixed.
Issue #16
Definitions of CKM_ECDSA_SHA224, CKM_ECDSA_SHA256,
CKM_ECDSA_SHA384 and CKM_ECDSA_SHA512 are completely new in
v2.40e1 headers.
They were not present in any older version and currently
are not described in the docs.
This may be a leftover from v2.30 headers (see #2).
This is still an issue.
Option 1: remove CKM_ECDSA_SHA224, CKM_ECDSA_SHA256,
CKM_ECDSA_SHA384 and CKM_ECDSA_SHA512 from the header.
Option 2: Add definitions in the document for these mechanism.
Option 3: Option 2 plus add definitions for the SHA3 equivalents.
Recommendation: Option 3
Issue #18
Definitions of CK_AES_GCM_PARAMS and CK_AES_CCM_PARAMS
structures are completely new in v2.40e1 headers and they are
already marked as deprecated.
This may be a leftover from v2.30 headers (see #2). It is
strange to see a new structure being introduced and deprecated
in the same time.
These AES specific params were replaced by generic params for any
GCM or CCM mechanism. Only the structs were renamed. The old names
were part of v2.30, and maintaining them was part of a recognition
to the legitimacy of 2.30. The issue was only that it was weird
that they were added then deprecated, but that was our intention
from the beginning.
Recommendation: Close issue as not an issue.
Issue #19
Definitions of CKD_SHA224_KDF, CKD_SHA256_KDF, CKD_SHA384_KDF,
CKD_SHA512_KDF and CKD_CPDIVERSIFY_KDF are completely new in
v2.40e1 headers.
This may be a leftover from v2.30 headers (see #2).
CKD_SHA224_KDF, CKD_SHA256_KDF, CKD_SHA384_KDF, CKD_SHA513_KDF are
listed in table 34 in seciont 2.3.8 of the spec, but no text
describes how they are use.
CKD_CPDIVERSIFY_KDF is described in GOSTR3410_DERIVE_PARAMS.
Recommendation: Add CKD_CPDIVERSIFY_KDF to the GOST R
34.10-2001 (section 2.45) Definitions, add CKD_SHAx_KDF to
section 2.3.2 definitions. Add more general descriptions for
CKD_SHAx_KDF to secion 2.3.8 rather than just CKD_SHA1_KDF