PKCS11 3.0/3.00 Work Items

Proposers should plan to review the relevant sections of the updated documents related to their proposed changes, to make sure all updates are made correctly. If proposer is no longer active in TC, the chairs and secretary will ask someone else to cover the review. The reviewer should verify the content, including any amendments made by voice vote, were included correctly in both the specification document and header files (if applicable). Change first cell to GREEN after ALL work is completed (approved by TC, added to specification and header file, changes reviewed).

Proposer(s)

Issue Summary

Description

Link(s) to Proposal

Date(s) Approved

Links to Ballots and/or Minutes where approved

Added to Which Document by Editor(s)

Content reviewed by whom during committee review/Date

Header File Reviewed By

Valerie

Example

Example for how to use table

No links

26 May 2017

Imaginary ballot

Base Spec/Chris Z

Valerie/30 May 2017

Valerie

Mark Powers

AES XTS Mode

Correct/update XTS mode proposal originally included in 2.40 draft. Additional changes were approved, based on comments by Dieter on the ballot.

https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/58596/AES-XTS.pdf

7 Sept 2017 with amendments

See ballot comments: https://www.oasis-open.org/apps/org/workgroup/pkcs11/ballot.php?id=2969
Minutes with motion to remove wrapping flags(Motion to clear the wrap & unwrap flags from the AES-XTS proposal if it passes)

Current Mech. Draft 02


Bob Relyea

AEAD

Updates to support AEAD: 1) function table extension 2) Define new AED functions 3) AES_GCM/CCM update.

https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/57976/AEAD_proposal.doc https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/60202/new_functions_proposal(1).doc https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/60201/aes_gcm_proposal.doc (I think this link should be https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/60497/aes_gcm_proposal.doc )

12 April 2017

https://wiki.oasis-open.org/pkcs11/Meetingminutes/Minutes12042017 (Motion to accept Bob's proposals)

Base WD 02 / Current Mech WD 02

Bob Relyea

SHA3/SHAKE

Update the spec with SHA-3 and SHAKE support

https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/58556/SHA_3_draft_4.doc

8 August 2016

https://www.oasis-open.org/apps/org/workgroup/pkcs11/ballot.php?id=2955

Base WD 02 / Current Mech WD 03

Darren Johnson

C_EncryptCancel

Introduce an API that can be used to cancel a single or all operations that have been initialized in a given session.

https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/60638/C_EncryptCancel_draft3%20w%20editorial%20updates.docx

12 April 2017 with amendments

https://wiki.oasis-open.org/pkcs11/Meetingminutes/Minutes12042017

Base WD 05

Was present in 04 as well

Darren Johnson

SHA1 and SHA2 updates

Update/correct SHA1 and SHA2 sections

https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/59423/sha1_and_sha2_updates_draft2.doc

4 November 2016

https://www.oasis-open.org/apps/org/workgroup/pkcs11/ballot.php?id=3008

Current Mech WD 03

Tim Hudson

C_LoginUser

Add a user based login function

https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/60506/pkcs11-base-v2.40-loginuser-v1-changes.pdf

31 May 2017

https://www.oasis-open.org/apps/org/workgroup/pkcs11/ballot.php?id=3074

Base WD 02

Dieter Bong

AES Key Wrap

Clarify padding in CKM_AES_KEY_WRAP_PAD, add CKM_AES_KEY_WRAP_KWP

https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/61151/AES%20KEY%20WRAP%20proposal_Approved.zip

26 April 2017

https://wiki.oasis-open.org/pkcs11/Meetingminutes/Minutes26042017

Current Mech WD 03

Dieter Bong, 9 January 2018: OK

Dieter Bong

ECDH Key Derivation

KDF acc. SP800-56A rev.2. For the final version, I suggest to replace CKD_..._KDF_SP800 by CKD_..._KDF_SP800_56A, to avoid confusion with constants CKM_SP800_108_... in Darren’s Flexible KDF proposal.

https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/61152/PKCS11_KDF_Proposal_Approved.zip

7 September 2016

https://www.oasis-open.org/apps/org/workgroup/pkcs11/ballot.php?id=2970

Current Mech WD 03

Dieter Bong, 9 January 2018: OK, but added definitions for SHA2 KDFs in table 34

David Gascon / Daniel Minder

GCM/CCM/GMAC corrections

Deletion of duplicate content; correction of errors, partly editorial, and inconsistencies with standards

https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/60870/PKCS11_curr_GMAC_corrections_rev3.docx

3 October 2017

https://www.oasis-open.org/apps/org/workgroup/pkcs11/ballot.php?id=3123

Curr Mech WD03

Daniel Minder June 13: not ok. Correction proposal sent to mailing list on Jan 12

Bob Relyea

Provisioning

Create a way to determine what Profile a card uses. Add a profile to indicate a applications can read certs from a card without logging in.

https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/60802/profile_objects.doc https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/60813/publicly_readable_profile.doc

11 October 2017

https://www.oasis-open.org/apps/org/workgroup/pkcs11/ballot.php?id=3127 (with corrections see ballot comments corrections approved in the meeting of November 8)

Base WD 02

Bob Relyea

Provisioning

Add a profile to indicate a applications can read certs from a card without logging in.

https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/60813/publicly_readable_profile.doc

11 October 2017

https://www.oasis-open.org/apps/org/workgroup/pkcs11/ballot.php?id=3127 (with corrections see ballot comments corrections approved in the meeting of November 8)

Profile WD01 (TODO)

Darren Johnson

SP-800-108

improvements to the PKCS#11 standard for complying with SP-800-108 with flexible KDF

https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/61911/FlexibleSymmetricKDF_draft5.docx

4 October 2017

https://www.oasis-open.org/apps/org/workgroup/pkcs11/ballot.php?id=3125 (with corrections - see ballot comments)

Curr Mech WD06

cwz: Added to WD06

Bob Relyea

Definitions for CKD_SHA224_KDF, CKD_SHA256_KDF, CKD_SHA384_KDF, CKD_SHA512_KDF and CKD_CPDIVERSIFY_KDF

These identifiers appeared in the 2.40e1 header files, but were not defined in the specification. They seemed to have come in with the 2.30 work that was not fully complete. This proposal seeks to add the correct definitions to the standard. This addresses a public comment against PKCS11 2.40 errata 1

https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/60820 https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/60819/GOST_update.doc/SHA_ECC_KDF.doc

4 October 2017

https://www.oasis-open.org/apps/org/workgroup/pkcs11/ballot.php?id=3124 (with corrections - see ballot comments)

Curr Mech WD03

Darren Johnson

EC Key generation With Extra Bits

Defines an EC key pair generation mechanism that corresponds to the method defined in FIPS 186-4 Appendix B.4.1, which uses “extra bits”.

https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/61910/EC_KeyGen_w_Extra_Bits_draft2.docx

27 November 2017

https://www.oasis-open.org/apps/org/workgroup/pkcs11/ballot.php?id=3160

Curr Mech WD03

Tim Hudson

CKA_DERIVE_TEMPLATE

Addition of CKA_DERIVE_TEMPLATE

https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/60505/pkcs11-base-v2.40-derive-template-v1-changes.pdf

31 May 2017

https://www.oasis-open.org/apps/org/workgroup/pkcs11/ballot.php?id=3075

Base Spec WD02

Tim Hudson

Array Attribute

https://www.oasis-open.org/apps/org/workgroup/pkcs11/document.php?document_id=61978

27 November 2017

https://www.oasis-open.org/apps/org/workgroup/pkcs11/ballot.php?id=3150

Base Spec WD02 / Base Spec WD04

Tony Cox

v2.40 Errata - Item 13 - ck-ecdh2-derive-params

https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/61980/latest/ck-ecdh2-derive-params_tc.docx

27 November 2017

https://www.oasis-open.org/apps/org/workgroup/pkcs11/ballot.php?id=3145

Curr Mech WD03 / Base Spec WD04

Tony Cox

v2.40 Errata - Item 13 - ck-tls-prf-params

https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/61981/latest/ck-tls-prf-params_tc.docx

27 November 2017

https://www.oasis-open.org/apps/org/workgroup/pkcs11/ballot.php?id=3146

Curr Mech WD03

Tony Cox

v2.40 Errata - Item 13 - ck-camellia-ctr-params

https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/61982/latest/ck-camellia-ctr-params_tc.docx

27 November 2017

https://www.oasis-open.org/apps/org/workgroup/pkcs11/ballot.php?id=3147

Curr Mech WD06

Tony Cox

v2.40 Errata - Item 21 - ckm-tls12-kdf

https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/61979/latest/ckm-tls12-kdf_tc.docx

27 November 2017

https://www.oasis-open.org/apps/org/workgroup/pkcs11/ballot.php?id=3148

Curr Mech WD06

CKM_TLS12_KDF is undefined but used

Bob Relyea / Dieter Bong

v2.40 Errata - Item 16 - Add definitions for ECDSA SHA2 and SHA3 mechanisms

https://www.oasis-open.org/apps/org/workgroup/pkcs11/document.php?document_id=62006

27 November 2017

https://www.oasis-open.org/apps/org/workgroup/pkcs11/ballot.php?id=3152

Curr Mech WD03

Darren Johnson / Dieter Bong

Additional ECC Curves

Support for Edwards/Montgomery Curves

https://www.oasis-open.org/apps/org/workgroup/pkcs11/document.php?document_id=62198 https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/62058/eddsa_notes_Additional_EC_Key_Types_draft2.docx

27 November 2017 and 17 January 2018

https://www.oasis-open.org/apps/org/workgroup/pkcs11/ballot.php?id=3151 https://www.oasis-open.org/apps/org/workgroup/pkcs11/ballot.php?id=3160

Curr Mech WD05

Stefan Marsiske

Extended Chacha20/Salsa20

Extend original ChaCha20/Poly1305 proposal with other ChaCha20/Salsa20 variants, add AEAD mode

https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/62730/CC20_P1305_extended_Proposal.doc

16 April 2018

https://www.oasis-open.org/apps/org/workgroup/pkcs11/ballot.php?id=3196

Curr Mech WD05

Stefan Marsiske

X3DH and Double Ratchet

Add mechanisms for the X3DH and Double Ratchet mechanisms of the Signal protocol

https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/62731/x3dh_draft_v0.3.doc

16 April 2018

https://www.oasis-open.org/apps/org/workgroup/pkcs11/ballot.php?id=3197

Curr Mech WD05

Stefan Marsiske

XEDDSA

Add mechanisms for XEDDSA based signatures as used in the Signal protocol

https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/62739/xeddsa.docx

16 April 2018

https://www.oasis-open.org/apps/org/workgroup/pkcs11/ballot.php?id=3198

Curr Mech WD05

Stefan Marsiske

Blake2b

Add mechanisms for Blake2b hashes

https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/62750/BLAKE2_draft.doc

16 April 2018

https://www.oasis-open.org/apps/org/workgroup/pkcs11/ballot.php?id=3199

Curr Mech WD05

PKCS11 3.0/3.00 Deferred Work Items

Items the team felt were interesting, but nobody was able to champion the idea or the champion ran out of time to put a proposal together for 3.0.

Proposer(s)

Issue Summary

Description

Link(s) to Proposal

Bob Relyea

IPsec Derive improvements

Tim Hudson

KMIP Mappings

3.0WorkItems (last edited 2018-07-22 23:28:59 by chris)