Subject: PKCS11 base spec 3.0 WD 05 comments.
1. It looks like my feedback from 1/24 didn't quite get incorporated:
My comments are basically deficiencies with the original proposal (which becomes more clear with the proposals being added to the spec.Here's another attempt to describe the issue:
The "New function proposal" got incorporated as a full cut and past into the document. I basically has 3 separate pieces:
1) The new structures (CK_INTERFACES and CK_FUNCTION_LISTS). Those have been incorporated in the correct point in the document, no changes there.
2) The descripton of the C_GetFunctionLists function. This runs
from "C_GetFunctionLists(" to the end of the spec (ending at "...
is only an example."), Excluding the <NOTE:....>. Moving
this to just behind the C_GetFunctionList and formatting properly
should be sufficient. There are bugs in this text which I will
point out in additional bullets.
3) <NOTE:...> is a note that section 2.5.2 of the pkcs11
User Guide (pkc11-ug) needs to be updated to point to the change
in semanatics id the CKF_FORK_SAFE_INTERFACE is defined. For this
spec it can be removed.
Also the proposal implies:
Âa. a new function table type: CK_FUNCTION_LIST_3_0 (there's a
bug in the proposal and it calls it CK_FUNCTION_LIST_2_42, but
that was a typo). That list should have all the functions in
CK_FUNCTION_LIST, plus all the new functions we added in 3.0. The
new functions should be at the end of the list. Those function are
b. C_GetFunctionLists need to be added to the list of function in table 30.
2. CK_FUNCTION_LIST should not have the new v3.0 functions in it. The new functions should be added to a new CK_FUNCTION_LIST_3_0, and they should be added at the end.
This is a C struct, so order matters from a compatibility point of view.
3. The original "New function proposal" is had some errors which were incorporated in this spec:
a. CK_FUNCTION_LIST_2_42 should be CK_FUNCTION_LIST_3_0.
b. C_LoginUser() should be added to the list of function between
C_GetFunctionLists and C_MessageEncryptInit().
4. Typo:CKO_PRIFILE should be CKO_PROFILE in section 4.13.2
5. The heading for C_MessageEncryptFile has Message and Encrypt transposed.
6. C_MessageSign* and C_MessageVerify* are missing from the body of the spec.
7. Source Spec AEAD message was an older draft and missing an
update the the C_*Next functions, namely adding a parameter
pointers to the Next functions. The draft with these changes can
be found here:Â
The changes are marked in the document with change bars, so it
should be relatively simple to pick up.