PKCS#11 2.40 Definition Conflicts, Errors and Notes

These are issues that will likely need to be addressed in an PKCS#11 v2.40 amendment.

Items that are shown as strike through have been addressed. Items which could be handled in an errata document (if the TC decides to publish one) are noted as errata or they may simply be folded into the next minor version of the specification.

csprd03a Problems

pkcs11-base-v2.40-csprd03a.doc

pkcs11-curr-v2.40-csprd03a.doc

typedef struct CK_SEED_CBC_ENCRYPT_DATA_PARAMS {    
  CK_BYTE      iv[16];
  CK_BYTE_PTR  pData;
  CK_ULONG     length; 
}  CK_SEED_CBC_ENCRYPT_DATA_PARAMS;
typedef CK_SEED_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_SEED_CBC_ENCRYPT_DATA_PARAMS_PTR;

typedef struct CK_PKCS5_PBKD2_PARAMS2 {
        CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource;
        CK_VOID_PTR pSaltSourceData;
        CK_ULONG ulSaltSourceDataLen;
        CK_ULONG iterations;
        CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf;
        CK_VOID_PTR pPrfData;
        CK_ULONG ulPrfDataLen;
        CK_UTF8CHAR_PTR pPassword;
        CK_ULONG ulPasswordLen; /* CHANGE */
} CK_PKCS5_PBKD2_PARAMS2;

pkcs11-hist-v2.40-csprd02a.doc

Possibly missing definitions

#define CKA_DERIVE_TEMPLATE      (CKF_ARRAY_ATTRIBUTE|0x00000213)

#define CKM_ECDSA_SHA224               0x00001043

#define CKM_ECDSA_SHA256               0x00001044

#define CKM_ECDSA_SHA384               0x00001045

#define CKM_ECDSA_SHA512               0x00001046

#define CKK_MD5_HMAC        0x00000027

#define CKK_RIPEMD128_HMAC  0x00000029

#define CKK_RIPEMD160_HMAC  0x0000002A

typedef struct CK_CAMELLIA_CTR_PARAMS {
    CK_ULONG ulCounterBits;
    CK_BYTE cb[16];
} CK_CAMELLIA_CTR_PARAMS;
typedef CK_CAMELLIA_CTR_PARAMS CK_PTR CK_CAMELLIA_CTR_PARAMS_PTR;

typedef struct CK_ECDH2_DERIVE_PARAMS {
  CK_EC_KDF_TYPE kdf;
  CK_ULONG ulSharedDataLen;
  CK_BYTE_PTR pSharedData;
  CK_ULONG ulPublicDataLen;
  CK_BYTE_PTR pPublicData;
  CK_ULONG ulPrivateDataLen;
  CK_OBJECT_HANDLE hPrivateData;
  CK_ULONG ulPublicDataLen2;
  CK_BYTE_PTR pPublicData2;
} CK_ECDH2_DERIVE_PARAMS;
typedef CK_ECDH2_DERIVE_PARAMS CK_PTR CK_ECDH2_DERIVE_PARAMS_PTR;

typedef struct CK_TLS_PRF_PARAMS {
  CK_BYTE_PTR  pSeed;
  CK_ULONG     ulSeedLen;
  CK_BYTE_PTR  pLabel;
  CK_ULONG     ulLabelLen;
  CK_BYTE_PTR  pOutput;
  CK_ULONG_PTR pulOutputLen;
} CK_TLS_PRF_PARAMS;
typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR;

Definitions that need adding to appendixes

(errata) Note: definition values where they clash with a previously allocated value in v2.30 or earlier have been updated.

#define CKM_AES_CMAC_GENERAL 0x0000108B  /* WAS: 0x00001089 */
#define CKM_AES_CTS          0x00001089  /* WAS: 0x0000108B */
#define CKK_GOST28147 0x00000032    /* WAS: 0x00000062 */
#define CKK_GOSTR3410 0x00000030    /* WAS: 0x00000060 */
#define CKK_GOSTR3411 0x00000031    /* WAS: 0x00000061 */
#define CKC_VENDOR_DEFINED 0x80000000
#define CKK_SEED 0x0000002F         /* WAS: 0x00000050 */
#define CKK_SHA_1_HMAC 0x00000028   /* WAS: 0x00000040 */
#define CKK_SHA224_HMAC 0x0000002E  /* WAS: 0x00000041 */
#define CKK_SHA256_HMAC 0x0000002B  /* WAS: 0x00000042 */
#define CKK_SHA384_HMAC 0x0000002C  /* WAS: 0x00000043 */
#define CKK_SHA512_HMAC 0x0000002D  /* WAS: 0x00000044 */
#define CKM_AES_GMAC 0x0000108E
#define CKM_DES3_CMAC 0x00000138
#define CKM_DES3_CMAC_GENERAL 0x00000137
#define CKM_KEA_DERIVE 0x00001012
#define CKM_SEED_CBC 0x00000652
#define CKM_SEED_CBC_ENCRYPT_DATA 0x00000657
#define CKM_SEED_CBC_PAD 0x00000655
#define CKM_SEED_ECB 0x00000651
#define CKM_SEED_ECB_ENCRYPT_DATA 0x00000656
#define CKM_SEED_KEY_GEN 0x00000650
#define CKM_SEED_MAC 0x00000653
#define CKM_SEED_MAC_GENERAL 0x00000654
#define CKM_TLS12_KDF 0x000003D9

/* Flags and values should be defined for completeness */
#define CKC_WTLS 0x00000002
#define CKC_X_509 0x00000000
#define CKC_X_509_ATTR_CERT 0x00000001
#define CKD_CPDIVERSIFY_KDF 0x00000009
#define CKD_NULL 0x00000001
#define CKD_SHA1_KDF 0x00000002
#define CKD_SHA1_KDF_ASN1 0x00000003
#define CKD_SHA1_KDF_CONCATENATE 0x00000004
#define CKD_SHA224_KDF 0x00000005
#define CKD_SHA256_KDF 0x00000006
#define CKD_SHA384_KDF 0x00000007
#define CKD_SHA512_KDF 0x00000008
#define CKF_CLOCK_ON_TOKEN 0x00000040
#define CKF_DECRYPT 0x00000200
#define CKF_DERIVE 0x00080000
#define CKF_DIGEST 0x00000400
#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200
#define CKF_EC_COMPRESS 0x02000000
#define CKF_EC_ECPARAMETERS 0x00400000
#define CKF_EC_F_2M 0x00200000
#define CKF_EC_F_P 0x00100000
#define CKF_EC_NAMEDCURVE 0x00800000
#define CKF_EC_UNCOMPRESS 0x01000000
#define CKF_ENCRYPT 0x00000100
#define CKF_ERROR_STATE 0x01000000
#define CKF_EXTENSION 0x80000000
#define CKF_GENERATE 0x00008000
#define CKF_GENERATE_KEY_PAIR 0x00010000
#define CKF_HW 0x00000001
#define CKF_HW_SLOT 0x00000004
#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001
#define CKF_LOGIN_REQUIRED 0x00000004
#define CKF_OS_LOCKING_OK 0x00000002
#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100
#define CKF_REMOVABLE_DEVICE 0x00000002
#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020
#define CKF_RNG 0x00000001
#define CKF_RW_SESSION 0x00000002
#define CKF_SECONDARY_AUTHENTICATION 0x00000800
#define CKF_SERIAL_SESSION 0x00000004
#define CKF_SIGN 0x00000800
#define CKF_SIGN_RECOVER 0x00001000
#define CKF_SO_PIN_COUNT_LOW 0x00100000
#define CKF_SO_PIN_FINAL_TRY 0x00200000
#define CKF_SO_PIN_LOCKED 0x00400000
#define CKF_SO_PIN_TO_BE_CHANGED 0x00800000
#define CKF_TOKEN_INITIALIZED 0x00000400
#define CKF_TOKEN_PRESENT 0x00000001
#define CKF_UNWRAP 0x00040000
#define CKF_USER_PIN_COUNT_LOW 0x00010000
#define CKF_USER_PIN_FINAL_TRY 0x00020000
#define CKF_USER_PIN_INITIALIZED 0x00000008
#define CKF_USER_PIN_LOCKED 0x00040000
#define CKF_USER_PIN_TO_BE_CHANGED 0x00080000
#define CKF_VERIFY 0x00002000
#define CKF_VERIFY_RECOVER 0x00004000
#define CKF_WRAP 0x00020000
#define CKF_WRITE_PROTECTED 0x00000002
#define CKG_MGF1_SHA1 0x00000001
#define CKG_MGF1_SHA224 0x00000005
#define CKG_MGF1_SHA256 0x00000002
#define CKG_MGF1_SHA384 0x00000003
#define CKG_MGF1_SHA512 0x00000004
#define CKP_PKCS5_PBKD2_HMAC_GOSTR3411 0x00000002
#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001
#define CKP_PKCS5_PBKD2_HMAC_SHA224 0x00000003
#define CKP_PKCS5_PBKD2_HMAC_SHA256 0x00000004
#define CKP_PKCS5_PBKD2_HMAC_SHA384 0x00000005
#define CKP_PKCS5_PBKD2_HMAC_SHA512 0x00000006
#define CKP_PKCS5_PBKD2_HMAC_SHA512_224 0x00000007
#define CKP_PKCS5_PBKD2_HMAC_SHA512_256 0x00000008
#define CKZ_DATA_SPECIFIED 0x00000001
#define CKZ_SALT_SPECIFIED 0x00000001

Additional items raised on comments list

Two items noted that are in the above list - but related to specification errors which are not in the header files. We could elect to include a compatible macro for each of these.

Definitions (last edited 2015-11-08 22:57:31 by tim.hudson)