OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: Alignment between header files and PKCS#11 3.00 mechanism spec.


Dieter, all,

 

Since CKF_HKDF_SALT_NULL, CKF_HKDF_SALT_DATA and CKF_HKDF_SALT_KEY are mutually exclusive I suggest to use 0, 1, 2 for the values. With 1,2,4 people think of a bit field.

 

CKM_ECDSA_KEY_PAIR_GEN still appears in 2.3.9 and B.4.

 

Best,

Daniel

 

From: pkcs11@lists.oasis-open.org <pkcs11@lists.oasis-open.org> On Behalf Of Dieter Bong
Sent: Montag, 29. April 2019 14:29
To: Robert Relyea <rrelyea@redhat.com>
Cc: pkcs11@lists.oasis-open.org
Subject: [pkcs11] Alignment between header files and PKCS#11 3.00 mechanism spec.
Importance: High

 

Hi Bob,

 

working through the PKCS#11 3.00 mechanism spec WD10 and comparing with the header files, I noticed the following:

  • CKM_ECDSA_KEY_PAIR_GEN is deprecated since PKCS#11 2.11, and I have removed it from the mechanism spec 3.00 as agreed. I suggest to remove it from the header files as well.
  • In the mechanism spec, we have the note: CKF_EC_NAMEDCURVE is deprecated with PKCS#11 3.00. It is replaced by CKF_EC_OID. In the header file, you have mapped CKF_EC_NAMEDCURVE to CKF_EC_OID. I suggest to add a comment deprecated since PKCS#11 3.00 to CKF_EC_NAMEDCURVE in the header file.
  • I noticed that the following flags are missing in the header file: CKF_HKDF_SALT_NULL, CKF_HKDF_SALT_DATA and CKF_HKDF_SALT_KEY. I have taken the freedom to assign them the values 1,2 and 4 (in the order in which they appear in the spec). In case they should get different values, I will update the spec.
  • I have removed all occurrences of CKK_ECDSA / CKA_ECDSA_PARAMS and added a notice that they are deprecated and replaced by CKK_EC / CKA_EC_PARAMS. Also remove CKK_ECDSA and CKA_ECDSA_PARAMS from header files?
  • CK_AES_GCM_PARAMS and CK_AES_CCM_PARAMS do not anymore appear in the PKCS#11 spec. since version 2.30 (actually I havent found any official version using these definitions, the official structures have always ben CK_GCM_PARAMS and CK_CCM_PARAMS). I therefore suggest to remove CK_AES_GCM_PARAMS and CK_AES_CCM_PARAMS from the header files now.
  • CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS and CKA_ALWAYS_AUTHENTICATE do not anymore appear in the PKCS#11 spec. since version 2.30. The must have been deprecated long ago. I therefore suggest to remove them from the header files now. CKA_SECONDARY_AUTH and CKA_AUTH_PIN_FLAGS are already marked as deprecated in the header file, CKA_ALWAYS_AUTHENTICATE is not but I havent found any occurrence.
  • I have removed all #defines wrt. CAST5 from the mechanism spec, as these have been superseded by CAST128 and marked deprecated since version 2.11. I have also removed CAST5 from the Historical mechanisms document. I suggest to also remove all CAST5 definitions from the header file; some of them were already marked as deprecated in the header file, some (CKM_CAST5_KEY_GEN, CKM_CAST_ECB) werent.

 

Best regards,

Dieter

 



Utimaco IS GmbH
Germanusstr. 4, D.52080 Aachen, Germany, Tel: +49-241-1696-0, www.utimaco.com
Seat: Aachen – Registergericht Aachen HRB 18922
VAT ID No.: DE 815 496 496
Managementboard: Stefan Auerbach (Chairman) CEO, Malte Pollmann CSO, Dr. Frank J. Nellissen CFO

This communication is confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Please inform us immediately and destroy the email.




Utimaco IS GmbH
Germanusstr. 4, D.52080 Aachen, Germany, Tel: +49-241-1696-0, www.utimaco.com
Seat: Aachen – Registergericht Aachen HRB 18922
VAT ID No.: DE 815 496 496
Managementboard: Stefan Auerbach (Chairman) CEO, Malte Pollmann CSO, Dr. Frank J. Nellissen CFO

This communication is confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Please inform us immediately and destroy the email.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]