CKM_DSA constants look incorrect

[dmjones]

I'm just comparing the values in pkcs11t.h and const.go.

pkcs11t.h

#define CKM_DSA_KEY_PAIR_GEN           0x00000010UL
#define CKM_DSA                        0x00000011UL
#define CKM_DSA_SHA1                   0x00000012UL
#define CKM_DSA_SHA224                 0x00000013UL
#define CKM_DSA_SHA256                 0x00000014UL
#define CKM_DSA_SHA384                 0x00000015UL
#define CKM_DSA_SHA512                 0x00000016UL
#define CKM_DSA_SHA3_224               0x00000018UL
#define CKM_DSA_SHA3_256               0x00000019UL
#define CKM_DSA_SHA3_384               0x0000001AUL
#define CKM_DSA_SHA3_512               0x0000001BUL

const.go

	CKM_DSA_KEY_PAIR_GEN                 = 0x00000010
	CKM_DSA                              = 0x00000011
	CKM_DSA_SHA1                         = 0x00000012
	CKM_DSA_FIPS_G_GEN                   = 0x00000013 // Should be CKM_DSA_SHA224
	CKM_DSA_SHA224                       = 0x00000014
	CKM_DSA_SHA256                       = 0x00000015 // Should be 0x14
	CKM_DSA_SHA384                       = 0x00000016 // Should be 0x15
	CKM_DSA_SHA512                       = 0x00000017 // Should be 0x16
	CKM_DSA_SHA3_224                     = 0x00000018
	CKM_DSA_SHA3_256                     = 0x00000019
	CKM_DSA_SHA3_384                     = 0x0000001A
	CKM_DSA_SHA3_512                     = 0x0000001B

There seems to be a disconnect between mechanisms mentioned in the PKCS11 spec and the pkcs11t.h files that are distributed. Do we know which is correct? I can't find a pkcs11t.h file that corresponds to the changes made by #29.

The spec mentions CKM_DSA_FIPS_G_GEN, but the header files don't.

[miekg]

hmm, is #29 wrong? Noone notices anything since that went in....

[justincase]

From the pkcs11-comment mailing list[0]:

Wed, 17 Feb 2016 22:27:27 +0100
MAJOR ISSUE #1
Definitions of CKM_DSA_FIPS_G_GEN is missing in v2.40e1 headers. It was present in v2.40 text.

The "TC decision on resolution" (2016-04-26)[1][2]:

No change. May address in subsequent version. The header files contain the normative definition.

The issue was mentioned again on 2019-07-03 [3]:

CKM_DSA_FIPS_G_GEN (section 2.2), CKM_EC_KEY_PAIR_GEN_W_EXTRA_BITS (section 2.3), CKM_SALSA20_KEY_GEN (section 2.59) is missing in header.

A new identifier was assigned on 2019-10-16[4]. It appears to be omitted from v3.0 (2020-01-17)[5] but included in v3.0 WD01[6].

[0] https://lists.oasis-open.org/archives/pkcs11-comment/201602/msg00001.html
[1] https://lists.oasis-open.org/archives/pkcs11-comment/201604/msg00011.html
[2] https://www.oasis-open.org/committees/document.php?document_id=58032&wg_abbrev=pkcs11
[3] https://lists.oasis-open.org/archives/pkcs11/201907/msg00002.html
[4] oasis-tcs/pkcs11@135d965
[5] https://www.oasis-open.org/news/announcements/four-pkcs-11-specifications-from-pkcs11-tc-approved-as-committee-specifications
[6] https://github.com/oasis-tcs/pkcs11/blob/5bd69a7d03788c370f5d0309f2593093a1586d9e/working/3-00-wd-01/pkcs11t.h#L1060

Hope this helps.

[miekg]

regenning completely from source, see #147
#146 is an issue to upgrade to v3