Tony,
I am done with all the comments finally.
"TODOs" - we need to address the item.
1)ÂOSCARSO: TODO
Item #7
Missing the followings in header files:
Definitions of CKK_SHA512_224_HMAC, CKK_SHA512_256_HMAC and CKK_SHA512_T_HMAC are missing in v2.40e1 headers. They were present in v2.40 text.
2)ÂOSCARSO: TODO
Item #8
Definitions of CKM_DSA_FIPS_G_GEN is missing in v2.40e1 headers. It was present in v2.40 text.
3)ÂOSCARSO: TODO
Item #12
5003 ï CK_TLS_MAC_PARAMS; CK_TLS_MAC_PARAMS_PTRÂ
5004 CK_TLS_MAC_PARAMS is a structure that provides the parameters to the CKM_TLS_MACÂ
5005 mechanism. It is defined as follows:Â
5006 typedef struct CK_TLS_MAC_PARAMS {Â
5007 CK_MECHANISM_TYPE prfMechanism; //should be prfMechanism
5008 CK_ULONG ulMacLength;Â
5009 CK_ULONG ulServerOrClient;Â
5010 } CK_TLS_MAC_PARAMS;
4)ÂOSCARSO: TODO
Item #14
Definitions of CKK_MD5_HMAC, CKK_RIPEMD128_HMAC and CKK_RIPEMD160_HMAC were merged from draft of v2.30.ÂThey were not present in v2.40 and currently are not described in the docs.
5)ÂOSCARSO: TODO
Item #17
Definitions of CKA_DERIVE_TEMPLATE is completely new in v2.40e1 headers.
It was not present in any older version and currently is not described in the docs.
This may be a leftover from v2.30 headers (see #2).
6)ÂOSCARSO: TODO
Item #18
Definitions of CK_AES_GCM_PARAMS and CK_AES_CCM_PARAMS structures are completely new in v2.40e1 headers and they are already marked as deprecated.
This may be a leftover from v2.30 headers (see #2). It is strange to see a new structure being introduced and deprecated in the same time.
I need help with the followings:
7) OSCARSO:ÂNOT SURE what to do with this ?!
Item #20
Chapter 2.2 of pkcs11-curr-v2.40-errata01-csprd01.doc states that "Implementers of the TLS V1.2 mechanisms as specified in [PKCS #11-Curr] should consult the PKCS 11 TC wiki at https://wiki.oasis-open.org/pkcs11/ for the latest informative guidance
prior to implementing these mechanisms.". IMO it is not good idea to reference external dynamically changing sources in the text of standards but despite of that I tried to search for "TLS" term on referenced wiki. With no results [3]. Is this intentional
or I am doing something wrong?
8) OSCARSO: I cannot find B.4, B.5
Error in GOST mechanism values
Values for the GOST constants are correct. However, the values for the GOST PARAMS should be in Appendix B.5 rather than B.4 and have been moved to that appendix.
Best,
Oscar
Hi Oscar,
Sorry for the delay on this - been a little swamped.
Attached are the two final comment resolution logs for PKCS#11 V2.40 & v2.40 Errata 01.
The task was to have a look at the proposed resolutions and make sure we've sorted each of them in v3.0.
Thanks again,