Cryptoki: a cryptographic Token Interface

Download 360.55 Kb. Page 40/196 Date 22.12.2023 Size 360.55 Kb. #63026

v201-95
pkcs11-base-v2.40-cos01

Navigate this page:

• CK_C_INITIALIZE_ARGS_PTR
• Figure 5, Object Attribute Hierarchy
• CK_OBJECT_CLASS
• CKA_CLASS , CKA_TOKEN , CKA_PRIVATE , CKA_MODIFIABLE , CKA_LABEL , CKA_CERTIFICATE_TYPE , CKA_SUBJECT , CKA_ID , CKA_ISSUER , CKA_SERIAL_NUMBER

Bit Flag	Mask
Meaning
CKF_LIBRARY_CANT_CREATE_OS_THREADS	0x00000001	TRUE if application threads which are executing calls to the library may not use native operating system calls to spawn new threads; FALSE if they may
CKF_OS_LOCKING_OK	0x00000002	TRUE if the library can use the native operation system threading model for locking; FALSE otherwise

CK_C_INITIALIZE_ARGS_PTR is a pointer to a CK_C_INITIALIZE_ARGS.

9. Objects

Cryptoki recognizes a number of classes of objects, as defined in the CK_OBJECT_CLASS data type. An object consists of a set of attributes, each of which has a given value. Each attribute that an object possesses has precisely one value. The following figure illustrates the high-level hierarchy of the Cryptoki objects and some of the attributes they support:

Figure 5, Object Attribute Hierarchy
Cryptoki provides functions for creating, destroying, and copying objects in general, and for obtaining and modifying the values of their attributes. Some of the cryptographic functions (e.g., C_GenerateKey) also create key objects to hold their results.
Objects are always “well-formed” in Cryptoki—that is, an object always contains all required attributes, and the attributes are always consistent with one another from the time the object is created. This contrasts with some object-based paradigms where an object has no attributes other than perhaps a class when it is created, and is uninitialized for some time. In Cryptoki, objects are always initialized.
Tables throughout most of Section Error: Reference source not found define each Cryptoki attribute in terms of the data type of the attribute value and the meaning of the attribute, which may include a default initial value. Some of the data types are defined explicitly by Cryptoki (e.g., CK_OBJECT_CLASS). Attribute values may also take the following types:
Byte array an arbitrary string (array) of CK_BYTEs
Big integer a string of CK_BYTEs representing an unsigned integer of arbitrary size, most-significant byte first (e.g., the integer 32768 is represented as the 2-byte string 0x80 0x00)
Local string an unpadded string of CK_CHARs (see Table 3) with no null-termination
A token can hold several identical objects, i.e., it is permissible for two or more objects to have exactly the same values for all their attributes.
With the exception of RSA private key objects (see Section ), each type of object in the Cryptoki specification possesses a completely well-defined set of Cryptoki attributes. For example, an X.509 certificate object (see Section ) has precisely the following Cryptoki attributes: CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE. Some of these attributes possess default values, and need not be specified when creating an object; some of these default values may even be the empty string (“”). Nonetheless, the object possesses these attributes. A given object has a single value for each attribute it possesses, even if the attribute is a vendor-specific attribute whose meaning is outside the scope of Cryptoki.
In addition to possessing Cryptoki attributes, objects may possess additional vendor-specific attributes whose meanings and values are not specified by Cryptoki.

Download 360.55 Kb.

Share with your friends: