OASIS Open

SafeNet, Inc.

No

Sorry for the long comment, but I can only make one comment per ballot.

I also support Bob's comment. It may be easier moving forward if we updated the test for all the ECDH mechanisms so that they read "if the derivation function is CKD_NULL, else...". That way we do not need to update the list of KDFs if/when additional ones are added.

The proposal states that CK_ECDH2_DERIVE_PARAMS provides the parameters to CKM_ECMQV_DERIVE. Was that intentional? CKM_ECMQV_DERIVE already has a parameter CK_ECMQV_DERIVE_PARAMS and references X9.63 as the algorithm used. I expected to see the text for CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE updated to account for CK_ECDH2_DERIVE_PARAMS. Or additional mechanisms (For example CKM_ECDH2_DERIVE and CKM_ECDH2_COFACTOR_DERIVE) created that used CK_ECDH2_DERIVE_PARAMS. And I think we need to call out a standard that defines how to use the two key pairs, either SP800-56Ar1 or some other standard that defines 2-key ECDH.