Re: [pkcs11] Re: Proposal: New CKA_DESTROYABLE attribute

[Michael StJohns <msj@nthpermutation.com>]

On 6/12/2013 2:00 PM, Stef Walter wrote:
> On 12.06.2013 19:45, Michael StJohns wrote:
> > On 6/12/2013 1:15 PM, Stef Walter wrote:
> > > > Wouldn't you return CKR_ATTRIBUTE_READ_ONLY in this case?
> > > Yes, perhaps. It is a misleading error code though. There is a semantic
> > > difference between an object that is not modifiable, and attributes that
> > > are read-only on an object.
> > Fair comment.  I think I'm agnostic on adding a new code - either way
> > works.
> >
> > > Even if we don't change this, we should document CKR_ATTRIBUTE_READ_ONLY
> > > as the error code to return in the case of CKA_MODIFIABLE = CK_FALSE.
> > > Currently it's left as an exercise to the reader.
> > If you add a new code or want to add this caveat, it probably needs to
> > go into section 7.1.2.  If you add a new code, we'll need text for 8.1.6
> > as well as an updated list of error codes for C_CopyObject.
> >
> > [And apparently we forgot to do that for CKR_COPY_PROHIBITED - let me
> > see if I can propose a paragraph for inclusion]
> I wonder if we should use the same code in both places, that is:
>
> #define CKA_NOT_PERMITTED    0x0000001A
> #define CKA_COPY_PROHIBITED   CKR_NOT_PERMITTED
>
> And deprecate CKR_COPY_PROHIBITED ... If it has already been part of a
> spec revision. It's not in the latest headers. So may just be replaceable.

Yup.  None of the changes made in 2.30 are in the header files.  The 
original intent was to pass 30 day public review and then issue them. 
Oops.    That suggests we need to do a sweep of the changes from 2.20a3 
to 2.30 and see if there are any items that need to be added into the 
header files.


> Anyway, the error code denotes that the primary action to be taken by
> the called function (C_SetAttributeValue, C_CopyObject, C_DestroyObject)
> is not permitted due to a policy flag (ie: CKA_MODIFIABLE, CKA_COPYABLE,
> and CKA_DESTROYABLE respectively).
>
>
> Its Section 8.1.6 blurb might look like:
>
> CKR_NOT_PERMITTED:  This value can only be returned by C_CopyObject,
> C_SetAttributeValue and C_DestroyObject. It denotes that the action may
> not be taken, either because of underlying policy restrictions on the
> token, or because the object has the the relevant CKA_COPYABLE,
> CKA_MODIFIABLE or CKA_DESTROYABLE policy attribute set to CK_FALSE.

I don't have any objection to this.  I'd probably call it 
CKR_ACTION_PROHIBITED though.  I'd probably add a blurb for 
CKA_COPY_PROHIBITED and say "Same error code as ....  Use that one 
instead of this one.".

> If this seems like a good approach, I'd be happy to dress this up into
> proposal form.
>
>
> Cheers,
>
> Stef