OASIS PKCS 11 TC

 View Only
Back to discussions
Expand all | Collapse all

New error code for parameter set not supported

  • 1.  New error code for parameter set not supported

    Posted 03-01-2025 20:44
    We have CKR_CURVE_NOT_SUPPORTED but we don't have the equivalent for not supporting a parameter set for ML-KEM, ML-DSA and SLH-DSA.

    I think we should add a CKR_PARAMETER_SET_NOT_SUPPORTED to match the usage so implementations can clearly indicate when something isn't supported. Not everyone is supporting all parameter sets in implementations and this will help make it clear when there is an issue.

    Tim.




  • 2.  RE: New error code for parameter set not supported

    Posted 03-03-2025 09:32

    THALES GROUP LIMITED DISTRIBUTION to email recipients

     

    I think that make sense. If we don't, we'll end up with some "creative" vendor reuse of existing error codes.

     

    is there anything preventing us from making this update as and editorial update ahead of next meeting?

     




    Original Message


  • 3.  RE: New error code for parameter set not supported

    Posted 03-03-2025 12:34
    I am not sure, but if Dieter could add it before the next meeting, and we could approve it as part of the Zip file for the next steps?

    Dieter / Bob, what do you think? 


    (I agree, it makes sense to add this now, if possible)

    Valerie


    On Mar 3, 2025, at 6:32 AM, Darren Johnson via OASIS <Mail@mail.groups.oasis-open.org> wrote:





    Original Message


  • 4.  RE: New error code for parameter set not supported

    Posted 03-05-2025 08:29

    I also agree this makes sense. I understand such error code also applies to XMSS and XMSSMT, where we have defined CK_XMSS_PARAMETER_SET_TYPE and CK_XMSSMT_PARAMETER_SET_TYPE. 

    This results in the following updates to the specification:

    • add new error code to section 5.1.6: "CKR_PARAMETER_SET_NOT_SUPPORTED: This parameter set is not supported by this token. Used with XMSS, XMSSMT, ML-KEM, ML-DSA and SLH-DSA mechanisms."
    • add CKR_PARAMETER_SET_NOT_SUPPORTED to the list of error codes in sections 5.7.1 C_CreateObject, 5.18.2 C_GenerateKeyPair, 5.18.4 C_UnwrapKey, 5.18.7 C_UnwrapKeyAutenticated, 5.18.8 C_EncapsulateKey and 5.18.9 C_DecapsulateKey.

    I can make these updates when working on the updates triggered by Amine.

    Yet it means that Bob will have to define a value for CKR_PARAMETER_SET_NOT_SUPPORTED in pkcs11t.h and publish a new set of header files.



    ------------------------------
    Best regards,
    Dieter
    ------------------------------

    Original Message


  • 5.  RE: New error code for parameter set not supported

    Posted 03-05-2025 19:06
    I think the error code is a good idea.
    Adding it to the header file is easy (ish).
    Adding it to the doc requires making sure we catch all the relevant mechanisms. As Darren pointed out we should include XMSS (not sure about HSS, HSS has a different parameter structure so there's one for each level and they are encoded differently, unlike XMSS and XMSS/MT, where the single parameter describes the entire structure for the key).

    I've seen a lot of support for the idea, Do we have any objections. I'd like to have everything set for a vote on the spec next meeting.

    bob


    On 3/3/25 9:33 AM, Valerie Fenwick via OASIS wrote:
    010001955d120153-7d816419-bea8-4f6e-8e7e-4fae34b4979b-000000@email.amazonses.com">
    I am not sure, but if Dieter could add it before the next meeting, and we could approve it as part of the Zip file for the next steps? Dieter /... -posted to the "OASIS PKCS 11 TC" community



    Original Message


  • 6.  RE: New error code for parameter set not supported

    Posted 03-10-2025 05:23

    As there has been no objection in the last few days, I'll incorporate CKR_PARAMETER_SET_NOT_SUPPORTED in a new working draft and post that one later today.

    @Bob , 

    if you could also incorporate that error code in the header files and publish them, I'll create a package of specification and header files in time for our next meeting.



    ------------------------------
    Best regards,
    Dieter
    ------------------------------

    Original Message


  • 7.  RE: New error code for parameter set not supported

    Posted 03-10-2025 11:53
    Yes, I'll update the headers...

    bob

    On 3/10/25 2:23 AM, Dieter Bong via OASIS wrote:
    010001957f5d7b44-e3ce6166-ddbe-4517-8baa-760a9339b658-000000@email.amazonses.com">
    As there has been no objection in the last few days, I'll incorporate CKR_PARAMETER_SET_NOT_SUPPORTED in a new working draft and post that one... -posted to the "OASIS PKCS 11 TC" community



    Original Message


  • 8.  RE: New error code for parameter set not supported

    Posted 03-10-2025 23:23
    Thanks, Bob & Dieter! (And all for reviewing)

    Could you someone please update the proposed motion text to be more complete?  Here is what I originally had:

    Motion 1b if we decide to include CKR_PARAMETER_SET_NOT_SUPPORTED 
    I move that the TC approve <Working Draft title, version number and revision number> which includes the addition of CKR_PARAMETER_SET_NOT_SUPPORTED for ML-KEM, ML-DSA and SLH-DSA.and all associated artifacts packaged together in <URL to ZIP file in project's document repository> as a Committee Specification Draft and designate  the Word version of the specification as authoritative.

    thanks

    Valerie

    On Mar 10, 2025, at 8:53 AM, Robert Relyea via OASIS <Mail@mail.groups.oasis-open.org> wrote:





    Original Message


  • 9.  RE: New error code for parameter set not supported

    Posted 03-11-2025 19:01
    URL for the header files:



    On 3/10/25 8:22 PM, Valerie Fenwick via OASIS wrote:
    010001958339f6a5-1d220dd2-d802-48ec-957f-8cce4905b836-000000@email.amazonses.com">
    Thanks, Bob & Dieter! (And all for reviewing) Could you someone please update the proposed motion text to be more complete? Here is what I... -posted to the "OASIS PKCS 11 TC" community



    Original Message


  • 10.  RE: New error code for parameter set not supported

    Posted 03-12-2025 04:28

    The latest working draft 11 includes the return code additions to message digest APIs per the email sent by Amine and the addition of CKR_PARAMETER_SET_NOT_SUPPORTED per this discussion thread by Tim. Would it therefore be more suitable to make 2 motions?

    1. I move to approve PKCS#11 v3.2 Committee Specification Working Draft 11 including the return code additions to message digest APIs per the email sent by Amine Najahi Extra return values for message-based APIs. | OASIS PKCS 11 TC , and the addition of CKR_PARAMETER_SET_NOT_SUPPORTED per the discussion thread by Tim Hudson New error code for parameter set not supported | OASIS PKCS 11 TC .
    2. I move that the TC approve PKCS#11 v3.2 Committee Specification Working Draft 11 and all associated artifacts packaged together in pkcs11-spec-v3.2-wd11.zip https://groups.oasis-open.org/higherlogic/ws/public/document?document_id=72637&wg_id=922ef643-1e10-4d65-a5ea-018dc7d3f0a4 as a Committee Specification Draft and designate the Word version of the specification as authoritative.



    ------------------------------
    Best regards,
    Dieter
    ------------------------------

    Original Message


  • 11.  RE: New error code for parameter set not supported

    Posted 03-12-2025 14:17
    Two motions make sense to me.

    Valerie

    On Mar 12, 2025, at 1:28 AM, Dieter Bong via OASIS <Mail@mail.groups.oasis-open.org> wrote:





    Original Message


Related Content