[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Updated Proposal: CKA_DESTROYABLE attribute and CKR_ACTION_PROHIBITED return code
This defines a new boolean attribute CKA_DESTROYABLE. Currently it is ambiguous whether CKA_MODIFIABLE objects are destroyable with C_DestroyObject. In addition a return code CKR_ACTION_PROHIBITED is added. This is returned by C_SetAttributeValue, C_CopyObject and C_DestroyObject when the relevant policy flag attribute (CKA_MODIFIABLE, CKA_COPYABLE, or CKA_DESTROYABLE) is set to CK_FALSE. In the process the CKR_COPY_PROHIBITED constant is deprecated, but still present in the headers and appendix. Cheers, Stef 10.1.3 Copying objects *** Modify paragraph, adding constant The Cryptoki attributes which can be modified during the course of a C_CopyObject operation are the same as the Cryptoki attributes | which are described as being modifiable, plus the four special | attributes CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE and CKA_DESTROYABLE. ... *** Modify paragraph, replacing constant If the CKA_COPYABLE attribute of the object to be copied is set to | CK_FALSE, C_CopyObject returns CKR_ACTION_PROHIBITED. Otherwise, the scenarios described in 10.1.1 - and the error codes they return - apply to copying objects with C_CopyObject, except for the possibility of a template being incomplete. 10.4 Storage Objects Table 21, Common Storage Object Attributes *** Add new row | | ---------------------------------------------------------------| | | CKA_DESTROYABLE | CK_BBOOL | CK_TRUE if the object can be | | | | | destroyed using C_DestroyObject. | | | | | Default is CK_TRUE. | | |----------------------------------------------------------------| *** Modify paragraph, removing last sentence The value of the CKA_MODIFIABLE attribute determines whether or not | an object is read-only. *** Add paragraph | The value of the CKA_DESTROYABLE attribute determines whether the | object can be destroyed using C_DestroyObject. 11.1.6 All other Cryptoki function return values *** Add paragraph | o CKR_ACTION_PROHIBITED: This value can only be returned by | C_CopyObject, C_SetAttributeValue and C_DestroyObject. It denotes | that the action may not be taken, either because of underlying | policy restrictions on the token, or because the object has the the | relevant CKA_COPYABLE, CKA_MODIFIABLE or CKA_DESTROYABLE policy | attribute set to CK_FALSE. 11.7 Object management functions o C_CopyObject *** Modify paragraph, replacing constant If a call to C_CopyObject cannot support the precise template supplied to it, it will fail and return without creating any object. If the object indicated by hObject has its CKA_COPYABLE attribute set | to CK_FALSE, C_CopyObject will return CKR_ACTION_PROHIBITED. *** Remove return value Return values: ... | CKR_COPY_PROHIBITED *** Add return value: Return values: ... | CKR_ACTION_PROHIBITED o C_DestroyObject *** Add paragraph | Certain objects may not be destroyed. Calling C_DestroyObject on such | objects will result in the CKR_ACTION_PROHIBITED error code. An | application can consult the object's CKA_DESTROYABLE attribute to | determine if an object may be destroyed or not. *** Add value Return values: ... | CKR_ACTION_PROHIBITED o C_SetAttributeValue *** Add paragraph | Certain objects may not be modified. Calling C_SetAttributeValue on | such objects will result in the CKR_ACTION_PROHIBITED error code. An | application can consult the object's CKA_MODIFIABLE attribute to | determine if an object may be modified or not. *** Add return value: Return values: ... | CKR_ACTION_PROHIBITED A. Manifest Constants *** Add constant | #define CKA_DESTROYABLE 0x00000171UL *** Add constant | #define CKR_ACTION_PROHIBITED 0x0000001AUL *** Replace constant | #define CKR_COPY_PROHIBITED CKR_ACTION_PROHIBITED
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]