[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Proposal: Remove restrictions on R/O sessions with CKU_SO
As discussed earlier, this change removes the restrictions on having R/O sessions open while CKU_SO is logged in. While R/O sessions can now coexist with CKU_SO, those sessions behave as CKS_RO_PUBLIC_SESSION. An R/O session cannot be used to C_Login with CKU_SO. CKR_SESSION_READ_ONLY_EXISTS and CKR_SESSION_READ_WRITE_SO_EXISTS are deprecated. Cheers, Stef 6.7.1 Read-only session states *** Append to paragraph A read-only session can be in one of two states, as illustrated in the following figure. When the session is initially opened, it is in either the "R/O Public Session" state (if the application has no previously open sessions that are logged in) or the "R/O User Functions" state (if the application already has an open session that is logged in). Note that read-only SO specific sessions do not | exist. Read-only sessions that are open while the SO is logged in | behave identically to the "R/O Public Session" state. 6.7.4 Session events *** Modify paragraph, removing last two sentences This implies that a given application may not simultaneously have SO | sessions and user sessions open with a token. 6.7.7 Example of use of sessions *** Remove paragraph, and renumber following as necessary - 4. A1 attempts to log the SO into session 7. The attempt fails, - because if session 7 becomes an SO session, then session 4 does, - as well, and R/0 SO sessions do not exist, A1 receives an error - code indicating that the existence of an R/0 session has blocked - this attempt to log in (CKR_SESSION_READ_ONLY_EXISTS). *** Add paragraph | 4. A1 attempts to log the SO into session 4. The attempt fails, | because read-only sessions cannot be used to log in the SO. *** Remove paragraph, and renumber following as necessary - 12. B2 attempts to open a R/0 session. The attempt fails, since B - already has an SO session open, and R/0 sessions do not exist. - B1 receives an error message indicating that the existence of - of an SO session has blocked this attempt to open a R/0 session - (CKR_SESSION_READ_WRITE_SO_EXISTS). *** Add paragraph to end of section | Modules implementing previous versions of PKCS#11 may return the | CKR_SESSION_READ_ONLY_EXISTS and CKR_SESSION_READ_WRITE_SO_EXISTS. | error codes. Refer to PKCS11 V 2.20 for details. 11.1.6 All other Cryptoki function return values *** Remove paragraph - CKR_SESSION_READ_ONLY_EXISTS: A read-only session already exists, and - so the SO cannot be logged in. *** Remove paragraph - CKR_SESSION_READ_WRITE_SO_EXISTS: A read/write SO session already - exists, and so a read-only session cannot be opened. 11.5 Slot and token management functions o C_Login *** Remove paragraph - If the application calling C_Login has a R/0 session open with the - token, then it will be unable to log the SO into a session (see - Section 6.7.7). An attempt to do this will result in the error code - CKR_SESSION_READ_ONLY_EXISTS. *** Add paragraph | If C_Login is called with CKU_SO on a R/O session, then this will | result in the error code CKR_SESSION_READ_ONLY. *** Add and remove values from list Return values: ... | CKR_SESSION_READ_ONLY, - CKR_SESSION_READ_ONLY_EXISTS 11.6 Session management functions o C_OpenSession *** Remove paragraph - If the application calling C_OpenSession already has a R/W SO session - open with the token, then any attempt to open a R/0 session with the - token fails with error code CKR_SESSION_READ_WRITE_SO_EXISTS (see - Section 6.7.7). *** Remove value from list Return values: ... - CKR_SESSION_READ_WRITE_EXISTS
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]