Re: [pkcs11] Define constants for (CK_ULONG)-1

[Michael StJohns <msj@nthpermutation.com>]

On 5/10/2013 8:31 AM, Stef Walter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> As discussed earlier on the mailing list, following are the
> modifications to the specification to be made in order to define
> constants for (CK_ULONG)-1.

I went back and took a look at the source documents.  The only place 
that this is used is as a return value of attribute length in 
C_GetAttributeValue to indicate which of the attributes are invalid.  (I 
searched for '-1' and the only place I found it - other than SHA-1 and 
length-1 type constructs - was there).

So how about only CKL_INVALID_ATTRIBUTE = -1;

(It's obviously not a CKR_ and I don't think its either of CKA_ or CKM_)

Mike


> In line with Peter's suggestion, three new constants are defined:
>
>   CKA_INVALID
>   CKM_INVALID
>   CK_INVALID_LENGTH
>
> Since providing a clear diff of a docx file is challenging, I hope
> that the following format indicating which paragraphs should be
> added/replaced in which sections is sufficiently clear.
>
> Cheers,
>
> Stef
>
>
>
>
> 6.4 Object Types
>
>     ...
>
>     o CK_ATTRIBUTE_TYPE
>
>     ...
>
> *** paragraph to be added
> |  The constant CKA_INVALID is defined as an invalid attribute type. It
> |   is equal to -1 (when cast to a CK_ULONG). Use of attribute with an
> |  invalid type with any PKCS#11 function will result in a failure.
>
>
>     o CK_ATTRIBUTE; CK_ATTRIBUTE_PTR
>
>     ...
>
> *** paragraph to be added
> |  The constant CK_INVALID_LENGTH is used to denote an invalid or
> |  unavailable value in a CK_ATTRIBUTE. It is equal to -1 (when cast
> |  to a CK_ULONG). See C_GetAttributeValue for further details.
>
>
> 6.5 Data types for mechanisms
>
>     ...
>
>     o CK_MECHANISM_TYPE; CK_MECHANISM_TYPE_PTR
>
>     ...
>
> *** paragraph to be added
> |  The constant CKM_INVALID is defined as an invalid or unknown
> |  mechanism type. It is equal to -1 (when cast to a CK_ULONG).
>
>
> 7.7.2 Overview
>
>     ...
>
> *** table row to be modified
>     CKA_KEY_GEN_MECHANISM  CK_MECHANISM_TYPE  Identifier of the mechanism
>                                               used to generate the key
>                                               material.
> |                                             (default CKM_INVALID)
>
>
> 8.7 Object management functions
>
>     o C_GetAttributeValue
>
>     ...
>
> *** paragraph to be modified
>     1. If the specified attribute (i.e., the attribute specified by the
>        type field for the object cannot be revealed because the object
>        is sensitive or unextractable, then the ulValueLen field in that
> |     triple is modified to hold the value CK_INVALID_LENGTH.
>
> *** paragraph to be modified
>     2. Otherwise, if the specified value for the object is invalid (the
>        object does not possess such an attribute), then the ulValueLen
>        field in that triple is modified to hold the value
> |     CK_INVALID_LENGTH.
>
> *** paragraph to be modified
>     5. Otherwise, the ulValueLen field is modified to hold the value
> |     CK_INVALID_LENGTH.
>
> *** paragraph to be modified
>     In the special case of an attribute whose value is an array of
>     attributes, for example CKA_WRAP_TEMPLATE, where it is passed in
>     with pValue not NULL, then if the pValue of elements within the
>     array is NULL_PTR then the ulValueLen of elements within the array
>     will be set to the required length. If the pValue of elements within
>     the array is not NULL_PTR, then the ulValueLen element of attributes
>     within the array must reflect the space that the corresponding
>     pValue points to, and pValue is filled in if there is sufficient
>     room. Therefore it is important to initialize the contents of a
>     buffer before calling C_GetAttributeValue to get such an array
>     value. If any ulValueLen within the array isn't large enough, it
> |  will be set to CK_INVALID_LENGTH and the function will return
>     CKR_BUFFER_TOO_SMALL, as it does if an attribute in the pTemplate
>     argument has ulValueLen too small. Note that any attribute whose
>     value is an array of attributes is identifiable by virtue of the
>     attribute type having the CKF_ARRAY_ATTRIBUTE bit set.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.13 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlGM6KMACgkQe/sRCNknZa9AugCcDc9pU6qNTb62mDchXkPn1j2u
> az8AoN2lmSwLM9rVYTmmoklYaMFmTrEo
> =/G38
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php