Re: [pkcs11] Proposal: Define CKA_JAVA_MIDP_SECURITY_DOMAIN constants

[Michael StJohns <msj@nthpermutation.com>]

Hi Stef -

My take is the general model is that CK_XXX is used for typedefs and 
structs, while CKx_XXX is used for value enumerations.  The fact that 
the OTP stuff did this differently is an interesting point of 
information, but not compelling - it actually has a few "type"ing 
problems - see below.

CKV_xxx might not be the correct prefix, but there are a number of these 
small enumerations that need to go somewhere and ideally not at the top 
level, but grouped and defined under an enum-like type definition.

How about CKCC_XXX for certificate categories and  CKCM_XXX for midp 
security domains?

Add CK_JAVA_MIDP_SECURITY_DOMAIN as a typedef for CK_ULONG (identified 
by CKCM_XXX), add CK_CERTIFICATE_CATEGORY as a typedef for CK_ulong 
(identified by CKCM_xxx), update the appropriate tables with that type. 
(table 24 for midp, table 23 for certificate category).



For the OTP stuff, there probably needs to be a few changes -

Move the CK_OTP_FORMAT* values under CKPF_* and type that as a 
CK_OTP_FORMAT enum
Move the CK_OTP_PARAM* values under CKPP_* and type that as a 
CK_OTP_PARAM enum
(Update table 86 to reflect those changes - specifically the data type).


I don't have strong feelings on this, but if we're going to throw away 
the enum model, we should do it with eyes wide open.

Mike




On 6/24/2013 10:45 AM, Stef Walter wrote:
> Changed to use 'CK_XXXX' instead of 'CKV_' for the constant prefix. This
> is similar to the new OTP constants and other other odds and ends
> constants we have.
>
> Cheers,
>
> Stef
>
>
> 9.4 Object types
>
> *** new item to be added
> |   o CK_JAVA_MIDP_SECURITY_DOMAIN
> |
> |   CK_JAVA_MIDP_SECURITY_DOMAIN is a value that identifies the Java
> |   MIDP security domain of a certificate. It is defined as follows:
> |
> |       typedef CK_ULONG CK_JAVA_MIDP_SECURITY_DOMAIN;
> |
> |   For this version of Cryptoki, the following security domains
> |   are defined. See the Java MIDP specification for further
> |   information.
> |
> | |-----------------------------------------------------------------|
> | | Constant                         | Value | Meaning              |
> | |-----------------------------------------------------------------|
> | | CK_SECURITY_DOMAIN_UNSPECIFIED  | 0UL   | No domain specified   |
> | | CK_SECURITY_DOMAIN_MANUFACTURER | 1UL   | Manufacturer          |
> | |                                 |       | protection domain     |
> | | CK_SECURITY_DOMAIN_OPERATOR     | 2UL   | Operator protection   |
> | |                                 |       | domain                |
> | | CK_SECURITY_DOMAIN_THIRD_PARTY  | 3UL   | Third party           |
> | |                                 |       | protection domain     |
> | |-----------------------------------------------------------------|
>
>
> 10.6.3  X.509 public key certificate objects
>
> *** table row to be updated
> |   CKA_JAVA_MIDP_SECURITY_DOMAIN  CK_JAVA_MIDP_SECURITY_DOMAIN Java
>                                                                  MIDP
> |                                                     security domain.
> |                             (default CK_SECURITY_DOMAIN_UNSPECIFIED)
>
>
> A  Manifest Constants
>
> *** Lines to be added
> | #define CK_SECURITY_DOMAIN_UNSPECIFIED              0UL
> | #define CK_SECURITY_DOMAIN_MANUFACTURER             1UL
> | #define CK_SECURITY_DOMAIN_OPERATOR                 2UL
> | #define CK_SECURITY_DOMAIN_THIRD_PARTY              3UL
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php