OASIS PKCS 11 TC

 View Only

  • 1.  KEM algs draft 6 uploaded

    Posted 06-07-2024 18:10
    Submitter's message
    This draft was put together in the meeting on Wednesday. The key new features:

    1. Fix table description from Diffie Helman to ML-KEM.
    2. remove check marks for wrap and unwrap.
    3. Changed the wording of the key attributes. without a kdf, the mechanism generates CKK_GENERIC_SECRET keys of length defined by the ML-KEM parameter set.

    I did not change the wording for the keygen standard for ECC. The various keygen standards are mutually compatible, so the standard used would be up to the token an it's validation status.
    -- Mr. Robert Relyea
    Document Name: KEM algs draft 6
    No description provided.
    Download Latest Revision
    Public Download Link
    Submitter: Mr. Robert Relyea
    Group: OASIS PKCS 11 TC
    Folder: Working Drafts
    Date submitted: 2024-06-07 22:10:21


    ---------------------------------
    Robert Relyea
    Principle Software Engineer
    Red Hat
    Mountain View CA
    ---------------------------------


  • 2.  RE: KEM algs draft 6 uploaded

    Posted 07-03-2024 11:48

    Hi Bob,

     

    when checking the KEM algs proposal draft 6 for inclusion into PKCS#11 v3.2 working draft 04, I noticed the following inconsistencies within the document and with FIPS 203:

    • Section ML-KEM key pair generation: the name of the KeyGen function in FIPS 203 is ML-KEM.KeyGen(), not Kyber.CCAKEM.KeyGen() anymore. The 1st paragraph should thus state: "The ML-KEM key pair generation mechanism, denoted CKM_ML_KEM_KEY_PAIR_GEN, is a key pair generation mechanism using ML-KEM.KeyGen() as defined in [FIPS 203]."
    • Section ML-KEM Key Agreement: as support for wrap and unwrap has been removed, the part "or key wrap and unwrap using Kybe CPAPKEK-PKE" must be removed as well. The 1st paragraph should thus state: "The ML-KEM Key Agreement mechanism, denoted CKM_ML_KEM, is a mechanism for key encapsulation and decapsulation using ML-KEM.Encaps and ML_KEM.Decaps respectively. Both are defined in [FIPS 203]." 3rd and 4th paragraph should then also refer to ML-KEM.Encaps and ML-KEM.Decaps instead of ML-KEM.Enc and ML-KEM.Dec.

     

    Best regards / Viele Grüße,

    Dieter

     




    Original Message


  • 3.  RE: KEM algs draft 6 uploaded

    Posted 07-03-2024 16:15
    Move from using attributes for the info structures into nested elements to be more consistent with the rest of the encoding.

    e.g.

    +  <C_GetTokenInfo rv="OK">
    +    <Info MaxSessionCount="0" SessionCount="0" MaxRwSessionCount="0" RwSessionCount="0" MaxPinLen="255" MinPinLen="4" TotalPublicMemory="0" FreePublicMemory="0" TotalPrivateMemory="0" FreePrivateMemory="0">
    +      <label value="token1                          "/>
    +      <ManufacturerID value="OASIS PKCS#11 TC                "/>
    +      <model value="v3.1            "/>
    +      <serialNumber value="0000000000000000"/>
    +      <Flags value="RNG|LOGIN_REQUIRED|USER_PIN_INITIALIZED|RESTORE_KEY_NOT_NEEDED|TOKEN_INITIALIZED"/>
    +      <HardwareVersion major="1" minor="0"/>
    +      <FirmwareVersion major="1" minor="0"/>
    +      <utcTime value="2020102811572500"/>
    +    </Info>
    +  </C_GetTokenInfo>


    +  <C_GetTokenInfo rv="OK">
    +    <TokenInfo>
    +      <label value="TOKEN LABEL                     "/>
    +      <ManufacturerID value="Cryptsoft                       "/>
    +      <model value="MODEL           "/>
    +      <serialNumber value="SERIAL          "/>
    +      <Flags value="LOGIN_REQUIRED|USER_PIN_INITIALIZED|TOKEN_INITIALIZED"/>
    +      <MaxSessionCount value="1"/>
    +      <SessionCount value="0"/>
    +      <MaxRwSessionCount value="1"/>
    +      <RwSessionCount value="0"/>
    +      <MaxPinLen value="32"/>
    +      <MinPinLen value="4"/>
    +      <TotalPublicMemory value="UnavailableInformation"/>
    +      <FreePublicMemory value="UnavailableInformation"/>
    +      <TotalPrivateMemory value="UnavailableInformation"/>
    +      <FreePrivateMemory value="UnavailableInformation"/>
    +      <HardwareVersion major="1" minor="3"/>
    +      <FirmwareVersion major="1" minor="3"/>
    +      <utcTime value="0000000000000000"/>
    +    </TokenInfo>
    +  </C_GetTokenInfo>






    Original Message


Related Content