Internet Engineering Task Force D. Lanz
Internet-Draft L. Novikov
Intended status: Informational MITRE
Expires: January 26, 2012 July 25, 2011

Common Interface to Cryptographic Modules (CICM)
draft-lanz-cicm-03

Abstract

This memo presents a programming interface to standardize the way software programs manage cryptographic modules and use cryptographic services offered by modules. Although a number of interfaces for commercial environments have been standardized and are in use, this is the first generic cryptographic interface to be developed that supports cryptographic modules separating two security domains and is thus ideal for the high assurance environment. The interface has been designed to also allow less demanding environments to take advantage of its features.

Status of this Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on January 26, 2012.

Copyright Notice

Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.


Table of Contents

1. Introduction

This document defines the high-level entities of a programming interface for high assurance cryptographic modules called Common Interface to Cryptographic Modules (CICM) based on the logical model outlined in [CICM-LM].

1.1. Requirements Language

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].

1.2. Definition Language

CICM is defined using Interface Definition Language (IDL) [IDL], a specification language that describes a software interface in a language-neutral way. IDL compilers can generate a functionally equivalent CICM interface binding for common programming languages. The use of IDL in CICM is not intended to either prescribe or preclude a particular communications protocol such as General Inter-ORB Protocol (GIOP) [CORBA] between programs in different address spaces or on different devices.

Additionally, CICM does not use the IDL exception mechanism to report errors. See Extensions for more information.

1.3. IDL Language Mapping Conventions

Memory responsibilities and calling conventions MUST follow the appropriate IDL language mapping conventions.

1.4. Endianness

Endianness is the byte ordering used to represent data stored in a computer or transmitted between computers. A big-endian ordering of bytes is REQUIRED by CICM.

1.5. Blocking and Non-blocking Calls

All CICM methods block (wait for the operation defined by the method) to complete before returning, unless they are explicitly defined as non-blocking. For example, the CICM::Encrypt::Stream::encrypt method (defined in [CICM-CM]) blocks when sending data on a stream to be encrypted, while its sibling CICM::Encrypt::Stream::encrypt_non_blocking is identified not only in its name as non-blocking, but also clearly within the documentation for the method.

1.6. Assumptions

The following assumptions were made in the development of CICM:

1.7. Specification Organization

The CICM specification is composed of five documents.

The informative material is for informational purposes; it assists the reader in the understanding and use of the specification but does not contain provisions required for conformance.

The namespaces, interfaces, datatypes, methods, and attributes that comprise the specification are presented in a prescriptive manner. For each category, each namespace is described followed by the interfaces contained within it. The datatype, method, and attribute definitions then follow each interface definition.

2. Fundamental Definitions

2.1. Namespace CICM

Namespace CICM

module CICM

CICM is the top-level namespace for all CICM interfaces and sub-namespaces.

2.2. Fundamental Types

2.2.1. General Types

Type CICM::UInt32

typedef unsigned long UInt32;

Unsigned 32-bit integer.

Type CICM::Bool

typedef boolean Bool;

Boolean value.

Type CICM::CharString

typedef string CharString;

Sequence of characters.

Type CICM::Buffer

typedef sequence<octet> Buffer;

Byte sequence, encapsulating the sequence of bytes, the length of the sequence, and the amount of allocated space.

2.2.2. Identifiers

Type CICM::ModuleId

typedef CICM::CharString ModuleId;

Unique cryptographic module identifier.

Type CICM::TransId

typedef CICM::UInt32 TransId;

Unique transaction identifier for read/write operations.

2.2.3. Status Codes

Type CICM::Status

typedef CICM::UInt32 Status;

Status of an executed method.

See also:

2.2.4. Classifications

Type CICM::Classification

typedef CICM::UInt32 Classification;

Classification levels.

Constant CICM::C_LEVEL_UNCLASSIFIED

const CICM::Classification
C_LEVEL_UNCLASSIFIED = 0x0000602F;

Value indicating unclassified classification level.

Constant CICM::C_LEVEL_CONFIDENTIAL

const CICM::Classification
C_LEVEL_CONFIDENTIAL = 0x00006029;

Value indicating confidential classification level.

Constant CICM::C_LEVEL_SECRET

const CICM::Classification
C_LEVEL_SECRET = 0x0000602A;

Value indicating secret classification level.

Constant CICM::C_LEVEL_TOP_SECRET

const CICM::Classification
C_LEVEL_TOP_SECRET = 0x0000602C;

Value indicating top secret classification level.

2.2.5. Ports

Type CICM::RemotePort

typedef CICM::UInt32 RemotePort;

Remote module port.

Constant CICM::IMPLICIT_REMOTE_PORT

const CICM::RemotePort
IMPLICIT_REMOTE_PORT = 0xFFFFFF99;

Value that indicates that the remote port value is implicit.

Type CICM::LocalPort

typedef CICM::UInt32 LocalPort;

Local module port.

Constant CICM::IMPLICIT_LOCAL_PORT

const CICM::LocalPort
IMPLICIT_LOCAL_PORT = 0xFFFFFFBB;

Value that indicates that the local port value is implicit.

Constant CICM::FILL_INTERFACE_PORT

const CICM::LocalPort
FILL_INTERFACE_PORT = 0xFFFFFFEE;

Value that represents the port on which keys are filled or exported.

2.3. Fundamental Interfaces

2.3.1. Interface CICM::CICMRoot

Interface CICM::CICMRoot

interface CICMRoot

CICMRoot serves as the entry point to the CICM API and enables a specific cryptographic module of potentially many modules available to a host to be selected.

2.3.1.1. CICM::CICMRoot Methods

Method CICM::CICMRoot::get_module_by_id()

CICM::Status get_module_by_id(
in  CICM::ModuleId id,
out CICM::CryptoModule crypto_module_ref
);

Returns a reference to the module with the given module unique identifier.

Parameters:

Returns:

Example (C++):

CICM::Status sCode;
CICM::CryptoModule device;

// Instantiate the root object.
CICM::CICMRoot cicm = new CICM::CICMRoot();

// Retrieve a reference to the module
// corresponding to the specified module identifier.
const string MODULE_ID = "CM10293495867";

// If found, [device] refers to the specified
crypto module. sCode = cicm.get_module_by_id(MODULE_ID, &device);

2.3.2. Interface CICM::CryptoModule

Interface CICM::CryptoModule

interface CryptoModule

CICM::CryptoModule contains attributes that provide access to module-specific information and attributes that enable access to module managers, through which nearly all interface functionality is accessed.

            CryptoModule
                 |
                 |-> SymKeyManager
                 |-> AsymKeyManager
                 |-> KeyDatabase
ChannelManager <-|
                 |-> EventManager
  LoginManager <-|
   UserManager <-|
  TokenManager <-|
                 |-> PackageManager
                 |-> TestManager
                 |-> LogManager

Figure 1. Interface Relationship Diagram for CryptoModule

2.3.2.1. CICM::CryptoModule Attributes

Attribute CICM::CryptoModule::module_id

readonly attribute CICM::ModuleId module_id;

Unique identifier for this module.

Attribute CICM::CryptoModule::manufacturer

readonly attribute CICM::CharString manufacturer;

Name of cryptographic module manufacturer.

Attribute CICM::CryptoModule::model

readonly attribute CICM::CharString model;

Model of cryptographic module.

Attribute CICM::CryptoModule::serial_number

readonly attribute CICM::CharString serial_number;

Serial number of cryptographic module.

Attribute CICM::CryptoModule::module_version

readonly attribute CICM::CharString module_version;

Hardware version of cryptographic module.

Attribute CICM::CryptoModule::software_version

readonly attribute CICM::CharString software_version;

Currently executing software/firmware version number.

Attribute CICM::CryptoModule::driver_version

readonly attribute CICM::CharString driver_version;

CICM module-specific abstraction layer version number.

Attribute CICM::CryptoModule::library_version

readonly attribute CICM::CharString library_version;

CICM library version number.

Attribute CICM::CryptoModule::role

readonly attribute CICM::RoleId role;

Current security role in which module is operating.

Attribute CICM::CryptoModule::date_time

attribute CICM::CharString date_time;

Current date/time. Intended for use only with module services that require coarse-grained time (e.g., timestamp on a log), not for time-of-day encryption.

Attribute CICM::CryptoModule::sym_key_manager

readonly attribute CICM::SymKeyManager sym_key_manager;

Reference to CICM::SymKeyManager.

Attribute CICM::CryptoModule::asym_key_manager

readonly attribute CICM::AsymKeyManager asym_key_manager;

Reference to CICM::AsymKeyManager.

Attribute CICM::CryptoModule::key_database

readonly attribute CICM::KeyDatabase key_database;

Reference to CICM::KeyDatabase.

Attribute CICM::CryptoModule::channel_manager

readonly attribute CICM::ChannelManager channel_manager;

Reference to CICM::ChannelManager.

Attribute CICM::CryptoModule::event_manager

readonly attribute CICM::ModuleEventManager event_manager;

Reference to CICM::ModuleEventManager.

Attribute CICM::CryptoModule::package_manager

readonly attribute CICM::PackageManager package_manager;

Reference to CICM::PackageManager.

Attribute CICM::CryptoModule::token_manager

readonly attribute CICM::TokenManager token_manager;

Reference to CICM::TokenManager.

Attribute CICM::CryptoModule::user_manager

readonly attribute CICM::UserManager user_manager;

Reference to CICM::UserManager.

Attribute CICM::CryptoModule::login_manager

readonly attribute CICM::LoginManager login_manager;

Reference to CICM::LoginManager.

Attribute CICM::CryptoModule::test_manager

readonly attribute CICM::TestManager test_manager;

Reference to CICM::TestManager.

Attribute CICM::CryptoModule::log_manager

readonly attribute CICM::LogManager log_manager;

Reference to CICM::LogManager.

2.3.2.2. CICM::CryptoModule Methods

Method CICM::CryptoModule::configure_fill_interface()

CICM::Status configure_fill_interface(
in  CICM::Buffer interface_parameters,
in  CICM::LocalPort fill_port
);

Configure a module key fill interface.

Remarks:

Parameters:

Returns:

Method CICM::CryptoModule::reset()

CICM::Status reset();

Perform a software-initiated reset on the module.

Remarks:

Returns:

2.3.3. Interface CICM::Iterator

Interface CICM::Iterator

interface Iterator

Interface from which other iterators are inherited.

Remarks:

2.3.3.1. CICM::Iterator Types and Constants

Type CICM::Iterator::Status

typedef CICM::UInt32 Status;

Indicates whether or not there are more items over which to iterate.

Constant CICM::Iterator::C_ITERATOR_HAS_NEXT

const CICM::Iterator::Status
  C_ITERATOR_HAS_NEXT = 0x00006031;

There are more items in the list.

Constant CICM::Iterator::C_ITERATOR_NO_MORE

const CICM::Iterator::Status
  C_ITERATOR_NO_MORE = 0x00006032;

There are no more items in the list.

2.3.3.2. CICM::Iterator Methods

Method CICM::Iterator::has_next()

CICM::Status has_next(
out CICM::Iterator::Status has_next
);

Used with get_next() to determine if one or more additional elements are available to be retrieved.

Remarks:

Parameters:

Returns:

3. Module Management

Module management capabilities are defined in [CICM-MM].

4. Key Management

Key management capabilities are defined in [CICM-KM].

5. Channel Management

Channel management capabilities are defined in [CICM-CM].

6. Conformance

Many modules will not require the implementation of the full specification to support a module's capabilities. Thus, the CICM conformance model was developed to be flexible. This model does not normatively prescribe the implementation of specific functional subsets of the specification. Instead, CICM outlines a normative Implementation Conformance Statement (ICS) and associated documentation that MUST be supplied with any conformant implementation.

The ICS guides the developer of a library for a specific module to record the implementation state and presence of extensions for each section of the specification. The gradations of the implementation state are relatively coarse: "implemented," "partially implemented," or "not implemented." Extensions are identified as interface extensions or status code extensions, and are recorded as "existing" or "not-existing." An analysis of the resulting matrix enables a software developer using the API or an architect designing a system integrating with a specific cryptographic module to quickly determine if a developer's library will meet user requirements. Those specification sections marked "partially implemented" or for which extensions are indicated may require additional analysis to determine what elements have been extended or are not implemented, and the resulting repercussions on the system utilizing the library.

CICM interfaces are organized into three major sections: module management, channel management, and key management. Each section is partitioned differently into logical subsections in the ICS. The module management section is partitioned into subsections by individual module managers. The channel management section is partitioned into subsections by channel type. The key management section is partitioned into subsections by the type of key and class of operation performed on the key.

An Implementation Data Specification (IDS) based on the ICS also is required. For each implemented interface containing an opaque data parameter (module-specific or infrastructure-specific parameter not described in detail in the specification), the IDS requires a detailed specification of the data structure for each parameter.

An implementation conforms to the specification if it meets the following conditions:

6.1. Implementation Conformance Statement Contents

A library implementation conforming to the CICM specification MUST be accompanied by an ICS. The ICS is generated by the module developer or implementer of a CICM-conformant library for a specific cryptographic module configuration (including any associated hardware/firmware/software) and MUST contain the following information:

The following represents a sample CICM ICS.

Date of claim: January 1, 2011                              ExampleCorp


              CICMv1 Implementation Conformance Statement


1.  Product Claiming Conformance

   ExampleCorp ABC-XYZ, Version 1.2.3

2.  Capability Support Matrix

2.1  Module Management

   Columns
   1: Implementation State
   2: Interface Extensions                  | Impl   | Iface  | Codes
   3: Status Code Extensions                | State  | Exts   | Exts
   -----------------------------------------|--------|--------|--------
   EventManager                             |   I    |   N    |   N
   -----------------------------------------|--------|--------|--------
   TokenManager                             |   P    |   N    |   N
   -----------------------------------------|--------|--------|--------
   LoginManager                             |   I    |   N    |   N
   -----------------------------------------|--------|--------|--------
   UserManager                              |   P    |   I    |   I
   -----------------------------------------|--------|--------|--------
   TestManager                              |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   LogManager                               |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   PackageManager                           |   P    |   N    |   N

2.2  Key Management

   Columns
   1: Implementation State
   2: Interface Extensions                  | Impl   | Iface  | Codes
   3: Status Code Extensions                | State  | Exts   | Exts
   -----------------------------------------|--------|--------|--------
   AsymKeyManager                           |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   SymKeyManager                            |   P    |   N    |   N
   -----------------------------------------|--------|--------|--------
   KeyDatabase                              |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   KeyProtocol                              |   N    |   N    |   N

2.3  Channel Management

   Columns
   1: Implementation State
   2: Interface Extensions                  | Impl   | Iface  | Codes
   3: Status Code Extensions                | State  | Exts   | Exts
   -----------------------------------------|--------|--------|--------
   EventManager                             |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Groups                                   |   N    |   N    |   N

2.3.1  Encrypt

   Columns
   1: Implementation State
   2: Interface Extensions                  | Impl   | Iface  | Codes
   3: Status Code Extensions                | State  | Exts   | Exts
   -----------------------------------------|--------|--------|--------
   Encrypt::Stream                          |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Encrypt::Controller                      |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Encrypt::NegotiatedController            |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Encrypt::Conduit                         |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Encrypt::NegotiatedConduit               |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Encrypt::WithMACConduit                  |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Encrypt::WithMACNegotiatedConduit        |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Encrypt::WithSignConduit                 |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Encrypt::WithSignNegotiatedConduit       |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Encrypt::KeyWrapConduit                  |   N    |   N    |   N

2.3.2  Encrypt with Selective Bypass

   Columns
   1: Implementation State
   2: Interface Extensions                  | Impl   | Iface  | Codes
   3: Status Code Extensions                | State  | Exts   | Exts
   -----------------------------------------|--------|--------|--------
   EncryptBypass::Stream                    |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   EncryptBypass::Controller                |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   EncryptBypass::NegotiatedController      |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   EncryptBypass::Conduit                   |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   EncryptBypass::NegotiatedConduit         |   N    |   N    |   N

2.3.3  Decrypt

   Columns
   1: Implementation State
   2: Interface Extensions                  | Impl   | Iface  | Codes
   3: Status Code Extensions                | State  | Exts   | Exts
   -----------------------------------------|--------|--------|--------
   Decrypt::Stream                          |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Decrypt::Controller                      |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Decrypt::NegotiatedController            |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Decrypt::Conduit                         |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Decrypt::NegotiatedConduit               |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Decrypt::WithMACConduit                  |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Decrypt::WithMACNegotiatedConduit        |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Decrypt::WithVerifyConduit               |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Decrypt::WithVerifyNegotiatedConduit     |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Decrypt::KeyUnwrapConduit                |   N    |   N    |   N

2.3.4  Decrypt with Selective Bypass

   Columns
   1: Implementation State
   2: Interface Extensions                  | Impl   | Iface  | Codes
   3: Status Code Extensions                | State  | Exts   | Exts
   -----------------------------------------|--------|--------|--------
   DecryptBypass::Stream                    |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   DecryptBypass::Controller                |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   DecryptBypass::NegotiatedController      |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   DecryptBypass::Conduit                   |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   DecryptBypass::NegotiatedConduit         |   N    |   N    |   N

2.3.5  Duplex

   Columns
   1: Implementation State
   2: Interface Extensions                  | Impl   | Iface  | Codes
   3: Status Code Extensions                | State  | Exts   | Exts
   -----------------------------------------|--------|--------|--------
   Duplex::Stream                           |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Duplex::Controller                       |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Duplex::NegotiatedController             |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Duplex::Conduit                          |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Duplex::NegotiatedConduit                |   N    |   N    |   N

2.3.6  Full Bypass (Write)

   Columns
   1: Implementation State
   2: Interface Extensions                  | Impl   | Iface  | Codes
   3: Status Code Extensions                | State  | Exts   | Exts
   -----------------------------------------|--------|--------|--------
   BypassWrite::Stream                      |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   BypassWrite::Controller                  |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   BypassWrite::Conduit                     |   N    |   N    |   N

2.3.7  Full Bypass (Read)

   Columns
   1: Implementation State
   2: Interface Extensions                  | Impl   | Iface  | Codes
   3: Status Code Extensions                | State  | Exts   | Exts
   -----------------------------------------|--------|--------|--------
   BypassRead::Stream                       |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   BypassRead::Controller                   |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   BypassRead::Conduit                      |   N    |   N    |   N

2.3.8  Emit

   Columns
   1: Implementation State
   2: Interface Extensions                  | Impl   | Iface  | Codes
   3: Status Code Extensions                | State  | Exts   | Exts
   -----------------------------------------|--------|--------|--------
   Emit::RandomController                   |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Emit::RandomConduit                      |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Emit::PseudorandomController             |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Emit::PseudorandomConduit                |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Emit::KeyStreamGenController             |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Emit::KeyStreamGenConduit                |   N    |   N    |   N

2.3.9  Integrity

   Columns
   1: Implementation State
   2: Interface Extensions                  | Impl   | Iface  | Codes
   3: Status Code Extensions                | State  | Exts   | Exts
   -----------------------------------------|--------|--------|--------
   Answer::HashConduit                      |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Answer::MACConduit                       |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Answer::MACVerifyConduit                 |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Answer::SignConduit                      |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Answer::VerifyHashConduit                |   N    |   N    |   N

2.3.10  Single-Domain

   Columns
   1: Implementation State
   2: Interface Extensions                  | Impl   | Iface  | Codes
   3: Status Code Extensions                | State  | Exts   | Exts
   -----------------------------------------|--------|--------|--------
   Coprocessor::EncryptConduit              |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Coprocessor::EncryptWithMACConduit       |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Coprocessor::EncryptWithSignConduit      |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Coprocessor::DecryptConduit              |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Coprocessor::DecryptWithMACConduit       |   N    |   N    |   N
   -----------------------------------------|--------|--------|--------
   Coprocessor::DecryptWithVerifyConduit    |   N    |   N    |   N

3.  Extensions

3.1.  Interface Extensions

   CICM::UserManager::enable()

   CICM::UserManager::disable()

3.2  Status Code Extensions

   CICM::S_USER_ALREADY_ENABLED

   CICM::S_USER_ALREADY_DISABLED

3.3  Module / Channel Event Listener Extensions

   None

3.4  Constant Extensions

   None

4.  Supported Algorithms

   AES128-CBC

   3DES-OFB

6.2. Implementation Data Specification Contents

The IDS serves as the detailed supporting documentation for the ICS. Conformance with the CICM specification requires that:

Examples of interfaces requiring an IDS entry to be conformant include:

Note that the event listener callbacks (CICM::ModuleEventListener::event_occurred and CICM::ChannelEventListener::event_occurred) require that the event_data parameter be described for each event type implemented.

6.3. Generating Unique Identifiers

CICM does not provide a list of algorithms with their corresponding normative unique identifiers. Instead, normative guidance is provided for generating the identifiers for the different classes of algorithms defined in the specification and for key agreement protocols. These identifiers are used by software developers when specifying algorithms or protocols as parameters to CICM methods. This identifier generation guidance is intended to promote interoperability, and encourage the use of the same identifier for algorithms among vendors.

Three major components may be combined to form a unique algorithm identifier: an algorithm (ALGO), that may be precisely specified as an encryption algorithm (ENCRALGO), signature algorithm (SIGALGO), MAC algorithm (MACALGO), or hash algorithm (HASHALGO); a mode (MODE); and an encoding scheme (SCHEME), that may be precisely specified as an encryption scheme (ENCRSCHEME) or a signature scheme (SIGSCHEME). Note that some components above may not apply to certain algorithms. In addition, applicable modes and components need not always be specified. For encryption and signature algorithms, if a length is required, the length SHALL be appended to the algorithm without a dash ("-") delimiter. Otherwise, components are concatenated with a dash ("-").

Alternatively, an identifier can consist of a simple personality designation (PERSONALITY). The personality consists of a combination of parameters that comprise a logically complete crypto, and specifies a specific equipment type or configuration for which algorithm, mode, and any other parameters are implicit. The designation may contain dashes.

Certain algorithms may be appropriate for and thus listed under more than one algorithm class. Below are the classes of algorithms and format of the identifiers for each class:

Asymmetric encryption algorithm identifiers (AsymEncrAlgorithmId)

Asymmetric signature algorithm identifiers (AsymSigAlgorithmId)

Symmetric encryption algorithm identifiers (SymEncrAlgorithmId)

Symmetric MAC algorithm identifiers (SymMacAlgorithmId)

Hash algorithm identifiers (HashAlgorithmId)

Key wrap algorithm identifiers (KeyWrapAlgorithmId)

Two major components may be combined to form a key agreement protocol identifier: the key agreement protocol including its version number (KEYAGREEPROTO) and the protocol's associated algorithm suite including its version number (ALGOSUITE). The following is the format for key agreement protocol identifiers.

Key agreement protocol identifier (ProtocolId)

Note that the resulting identifiers may not be compatible with those identifiers defined for other module developers' implementations. A client program utilizing an identifier corresponding to one algorithm for a specific module may be required to modify the identifier for the same algorithm for a different type of module. Discrepancies may be discovered through a brief review of the ICS "Supported Algorithms" section.

6.4. Conformance Verification

In the future, test assertions may be made available to allow results from different organizations to be compared, and to provide proof of conformance to the specification.

7. Extensions

An extension is a mechanism to define functionality beyond what is defined in the official specification. In the interest of promoting interoperability, extensions to the specification are discouraged except where necessary. Extensions to the specification enable module developers to add functionality unanticipated by the specification developers and to support proprietary features.

7.1. Extending an Interface

Developers may augment CICM interfaces by extending CICM IDL by adding new methods/attributes to existing interfaces or by deriving off existing CICM interfaces. Extensions SHALL be documented in the ICS.

7.2. Extending Codes

CICM codes are constants that share a single 32-bit space. A number of datatypes for different purposes correspond to ranges in this space. The "CICM" codes are normatively defined in the specification; the "extended" codes are module developer-defined extensions. The codes, with their corresponding ranges and uses, are as follows:

CICM status codes

Extended status codes

CICM module event codes

Extended module event codes

CICM channel event codes

Extended channel event codes

CICM generic constants

Extended generic constants

RESERVED

Normatively-defined CICM codes SHOULD be used whenever possible. If any of the extended codes above are defined, they MUST be documented as specified below.

7.2.1. Extending Status Codes

The return value from CICM methods informs the caller of the status of the call. CICM does not use the IDL exception mechanism to report errors.

The specification normatively defines a set of error codes in the range of 0x00000000 - 0x00001000, which may not be modified or extended. A block of codes in the range of 0x00001001 - 0x00002000 are reserved for module developer-defined status codes. Any codes defined in this range MUST be documented in the ICS.

7.2.2. Extending Module/Channel Event Codes

The specification supports registering and unregistering user-defined channel event listeners for specific module and channel events. Module events in the range of 0x00003001 - 0x00004000 and channel events in the range of 0x00004001 - 0x00005000 are normatively defined and may not be modified or extended. A block of module events in the range 0x00003001 - 0x00004000 and channel events in the range of 0x00005001 - 0x00006000 are reserved for module developer-defined events. Any codes defined in this range MUST be documented in the ICS.

7.2.3. Extending Constants

A number of constants are normatively defined for specification use in the range of 0x00006001 - 0x00007000. Module developer-defined constants may be specified in the range of 0x00007001 - 0x00008000. Any constants defined in this range MUST be documented in the ICS.

8. IANA Considerations

[RFC Editor: Please remove this section prior to publication.]

This document has no IANA actions.

9. Security Considerations

This document defines basic aspects of the CICM specification and the normative rules for conformance and extensions. Other aspects of CICM contain important security considerations.

9.1. Unauthorized Usage

CICM provides several interfaces related to mitigating unauthorized usage in [CICM-MM]. Furthermore, [CICM-KM] discusses aspects of how authorization can be indirectly controlled via key white lists and black lists.

9.2. Inappropriate Usage

CICM defines several status codes related to inappropriate usage. For example, attempting to use an invalid key (S_KEY_INVALID) or specifying an inappropriate algorithm (S_ALGO_INVALID). The wide range of status codes relate to the anticipated mechanisms in which using the interface may fail. Additionally, module developers can extend the set of status codes to accommodate their own needs and prevent inappropriate usage.

10. Acknowledgments

Many individuals participated in the development and review of the CICM specification. The CICM development team consists of Ronald Albuquerque, Samuel Cardman, Greg Carrier, James Cottrell, Shirley Kawamoto, Daniel Lanz, Brent Midwood, Lev Novikov, Brian O'Hanlon, Rick Page, Adam Pennington, and Nguyen Thai. The document production team consists of Mark Dwyer, Amanda Lind, and Brian Parrish.

The CICM team wishes to thank the following individuals for participating in a review of the specification:

11. References

11.1. Normative References

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[CICM] Lanz, D. and L. Novikov, "Common Interface to Cryptographic Modules (CICM) [RFC Editor: Please update the RFC reference and date prior to publication.]", January 2011.
[CICM-MM] Lanz, D. and L. Novikov, "Common Interface to Cryptographic Modules (CICM) Module Management [RFC Editor: Please update the RFC reference and date prior to publication.]", January 2011.
[CICM-KM] Lanz, D. and L. Novikov, "Common Interface to Cryptographic Modules (CICM) Key Management [RFC Editor: Please update the RFC reference and date prior to publication.]", January 2011.
[CICM-CM] Lanz, D. and L. Novikov, "Common Interface to Cryptographic Modules (CICM) Channel Management [RFC Editor: Please update the RFC reference and date prior to publication.]", January 2011.
[IDL] International Standards Organization, "Information technology — Open Distributed Processing — Interface Definition Language", ISO/IEC 14750:1999(E), March 1999.

11.2. Informative References

[RFC3552] Rescorla, E. and B. Korver, "Guidelines for Writing RFC Text on Security Considerations", BCP 72, RFC 3552, July 2003.
[CICM-LM] Lanz, D. and L. Novikov, "Common Interface to Cryptographic Modules (CICM) Logical Model [RFC Editor: Please update the RFC reference and date prior to publication.]", January 2011.
[CORBA] Object Management Group, "Common Object Request Broker Architecture (CORBA) Specification, Version 3.1", January 2008.

Appendix A. Status Codes

Each method defined in CICM returns a status value to inform the caller as to the outcome of the call. The documentation for each individual method lists the status codes that may be returned in the event a call to the method results in failure.

The status value CICM::S_OK is returned if a method completes successfully. The output parameters of any methods that return a status other than CICM::S_OK are invalid and MUST NOT be referenced or used.

CICM methods can fail for a variety of reasons, including:

For additional information concerning extending status codes, see Extensions.

CICM status codes are defined below.

S_OK = 0x00000000

S_GENERAL_ERROR = 0x00000003

S_NON_FUNCTIONAL = 0x00000005

S_OPERATION_FAILED = 0x00000006

S_POLICY_VIOLATION = 0x00000009

S_MODULE_RESOURCES = 0x0000000A

S_HOST_RESOURCES = 0x0000000C

S_INVALID_STATE = 0x0000000F

S_ALARM_STATE = 0x00000011

S_MODULE_NOT_AVAILABLE = 0x00000012

S_TIMEOUT = 0x00000014

S_NOT_AUTHENTICATED = 0x00000017

S_NOT_AUTHORIZED = 0x00000018

S_MODULE_DOES_NOT_EXIST = 0x0000001B

S_MODULE_IN_USE = 0x0000001D

S_NOT_AVAILABLE = 0x0000001E

S_INVALID_VECTOR = 0x00000021

S_INVALID_DATA_BUFFER = 0x00000022

S_KEY_USED_INVALID = 0x00000024

S_KEY_USED_EXPIRED = 0x00000027

S_KEY_USED_CLASSIFICATION = 0x00000028

S_KEY_USED_WRAPPED = 0x0000002B

S_KEY_USED_CONTEXT = 0x0000002D

S_KEY_USED_COMPONENT_NOT_AVAIL = 0x0000002E

S_KEY_INVALID = 0x00000030

S_KEY_EXPIRED = 0x00000033

S_KEY_INCOMPATIBLE = 0x00000035

S_KEY_CLASSIFICATION = 0x00000036

S_KEY_WRAPPED = 0x00000039

S_KEY_NOT_WRAPPED = 0x0000003A

S_KEY_NOT_WRAPPABLE = 0x0000003C

S_KEY_NOT_EXPORTABLE = 0x0000003F

S_KEY_WRAPPED_EXISTS = 0x00000041

S_KEY_UNWRAPPED_EXISTS = 0x00000042

S_KEY_UPDATE_MAX = 0x00000044

S_KEY_INVALID_ID = 0x00000047

S_KEY_PHYSICAL_LOC = 0x00000048

S_KEY_ILLEGAL_CONVERSION = 0x0000004B

S_KEY_MALFORMED = 0x0000004D

S_KEY_METADATA_MALFORMED = 0x0000004E

S_KEY_NO_NEXT = 0x00000050

S_KEY_WRONG_TYPE = 0x00000053

S_KEY_FILL_DEVICE_NOT_CONNECTED = 0x00000055

S_KEY_FILL_NOT_INITIATED = 0x00000056

S_KEY_TRUST_ANCHOR = 0x00000059

S_LOCAL_PORT_INVALID = 0x0000005A

S_LOCAL_PORT_INCOMPATIBLE = 0x0000005C

S_LOCAL_PORT_IN_USE = 0x0000005F

S_REMOTE_PORT_INVALID = 0x00000060

S_REMOTE_PORT_IN_USE = 0x00000063

S_ALGO_INVALID = 0x00000065

S_ALGO_INCOMPATIBLE = 0x00000066

S_TOKEN_NOT_PRESENT = 0x00000069

S_TOKEN_ADMIN_NOT_PRESENT = 0x0000006A

S_TOKEN_ACCESS = 0x0000006C

S_TOKEN_RESOURCES = 0x0000006F

S_TOKEN_ASSOC_EXISTS = 0x00000071

S_TOKEN_ASSOC_AT_MODULE = 0x00000072

S_TOKEN_ASSOC_AT_TOKEN = 0x00000074

S_TOKEN_ASSOC_NOT_EXIST = 0x00000077

S_TOKEN_ASSOC_GENERAL = 0x00000078

S_TOKEN_DISASSOC_GENERAL = 0x0000007B

S_TOKEN_REC_NOT_FOUND = 0x0000007D

S_TOKEN_TIMEOUT = 0x0000007E

S_TOKEN_LAST_ASSOCIATED = 0x00000081

S_PACKAGE_NOT_ACTIVATABLE = 0x00000082

S_PACKAGE_ACTIVATED = 0x00000084

S_PACKAGE_NOT_ACTIVE = 0x00000087

S_PACKAGE_INVALID = 0x00000088

S_PACKAGE_TYPE_INVALID = 0x0000008B

S_PACKAGE_KEY_NOT_AVAILABLE = 0x0000008D

S_PACKAGE_KEY_NOT_SPECIFIED = 0x0000008E

S_LOG_ENTRY_INVALID = 0x00000090

S_EVENT_REGISTERED = 0x00000093

S_EVENT_NOT_REGISTERED = 0x00000095

S_EVENT_NOT_SUPPORTED = 0x00000096

S_TRUSTED_DISPLAY = 0x00000099

S_NEGOTIATION_ABORTED = 0x0000009A

S_NEGOTIATION_FAILURE = 0x0000009C

S_NEGOTIATION_IN_PROGRESS = 0x0000009F

S_NEGOTIATION_NOT_IN_PROGRESS = 0x000000A0

S_NEGOTIATION_TIMEOUT = 0x000000A3

S_CERT_LOCAL_INVALID = 0x000000A5

S_CERT_LOCAL_EXPIRED = 0x000000A6

S_CERT_REMOTE_INVALID = 0x000000A9

S_CERT_REMOTE_EXPIRED = 0x000000AA

S_CERT_REMOTE_PATH = 0x000000AC

S_PROTO_INVALID = 0x000000AF

S_PROTO_INCOMPATIBLE = 0x000000B1

S_PROTO_UNDETERMINED = 0x000000B2

S_CHANNEL_ERROR = 0x000000B4

S_CHANNEL_PEER_RESET = 0x000000B7

S_CHANNEL_MAX = 0x000000B8

S_CHANNEL_NOT_FOUND = 0x000000BB

S_CHANNEL_IO_ERROR = 0x000000BD

S_CHANNEL_DATA_INVALID = 0x000000BE

S_CHANNEL_DATA_INVALID_LEN = 0x000000C0

S_CHANNEL_BUFFER_LEN = 0x000000C3

S_CHANNEL_IN_GROUP = 0x000000C5

S_CHANNEL_CLASSIFICATION = 0x000000C6

S_BYPASS_DATARATE_EXCEEDED = 0x000000C9

S_BYPASS_DATALIMIT_EXCEEDED = 0x000000CA

S_INTEGRITY = 0x000000CC

S_AUTHENTICATION_FAILED = 0x000000CF

S_USER_AUTHENTICATED = 0x000000D1

S_USERNAME_INVALID = 0x000000D2

S_USER_EXISTS = 0x000000D4

S_USER_INVALID = 0x000000D7

S_ROLE_INVALID = 0x000000D8

S_ROLE_ASSOCIATED = 0x000000DB

S_ROLE_NOT_ASSOCIATED = 0x000000DD

S_ROLE_MAX = 0x000000DE

S_PASSWORD_INVALID = 0x000000E1

S_PASSWORD_INVALID_CHAR = 0x000000E2

S_PASSWORD_INVALID_LEN = 0x000000E4

S_SALT_INVALID = 0x000000E7

S_ITERATION_COUNT_INVALID = 0x000000E8

S_INSUFFICIENT_ENTROPY = 0x000000EB

Appendix B. IDL Definitions

module CICM {
  typedef unsigned long UInt32;
  typedef string CharString;
  typedef sequence<octet> Buffer;

  typedef CICM::UInt32 LocalPort;
  typedef CICM::UInt32 RemotePort;

  const CICM::LocalPort FILL_INTERFACE_PORT = 0xFFFFFFEE;
  const CICM::LocalPort IMPLICIT_LOCAL_PORT = 0xFFFFFFBB;
  const CICM::RemotePort IMPLICIT_REMOTE_PORT = 0xFFFFFF99;

  typedef CICM::UInt32 Classification;
  const CICM::Classification C_LEVEL_CONFIDENTIAL = 0x00006029;
  const CICM::Classification C_LEVEL_SECRET = 0x0000602A;
  const CICM::Classification C_LEVEL_TOP_SECRET = 0x0000602C;
  const CICM::Classification C_LEVEL_UNCLASSIFIED = 0x0000602F;

  typedef CICM::UInt32 Status;
  const CICM::Status S_OK = 0x00000000;
  const CICM::Status S_GENERAL_ERROR = 0x00000003;
  const CICM::Status S_NON_FUNCTIONAL = 0x00000005;
  const CICM::Status S_OPERATION_FAILED = 0x00000006;
  const CICM::Status S_POLICY_VIOLATION = 0x00000009;
  const CICM::Status S_MODULE_RESOURCES = 0x0000000A;
  const CICM::Status S_HOST_RESOURCES = 0x0000000C;
  const CICM::Status S_INVALID_STATE = 0x0000000F;
  const CICM::Status S_ALARM_STATE = 0x00000011;
  const CICM::Status S_MODULE_NOT_AVAILABLE = 0x00000012;
  const CICM::Status S_TIMEOUT = 0x00000014;
  const CICM::Status S_NOT_AUTHENTICATED = 0x00000017;
  const CICM::Status S_NOT_AUTHORIZED = 0x00000018;
  const CICM::Status S_MODULE_DOES_NOT_EXIST = 0x0000001B;
  const CICM::Status S_MODULE_IN_USE = 0x0000001D;
  const CICM::Status S_NOT_AVAILABLE = 0x0000001E;
  const CICM::Status S_INVALID_VECTOR = 0x00000021;
  const CICM::Status S_INVALID_DATA_BUFFER = 0x00000022;
  const CICM::Status S_KEY_USED_INVALID = 0x00000024;
  const CICM::Status S_KEY_USED_EXPIRED = 0x00000027;
  const CICM::Status S_KEY_USED_CLASSIFICATION = 0x00000028;
  const CICM::Status S_KEY_USED_WRAPPED = 0x0000002B;
  const CICM::Status S_KEY_USED_CONTEXT = 0x0000002D;
  const CICM::Status S_KEY_USED_COMPONENT_NOT_AVAIL = 0x0000002E;
  const CICM::Status S_KEY_INVALID = 0x00000030;
  const CICM::Status S_KEY_EXPIRED = 0x00000033;
  const CICM::Status S_KEY_INCOMPATIBLE = 0x00000035;
  const CICM::Status S_KEY_CLASSIFICATION = 0x00000036;
  const CICM::Status S_KEY_WRAPPED = 0x00000039;
  const CICM::Status S_KEY_NOT_WRAPPED = 0x0000003A;
  const CICM::Status S_KEY_NOT_WRAPPABLE = 0x0000003C;
  const CICM::Status S_KEY_NOT_EXPORTABLE = 0x0000003F;
  const CICM::Status S_KEY_WRAPPED_EXISTS = 0x00000041;
  const CICM::Status S_KEY_UNWRAPPED_EXISTS = 0x00000042;
  const CICM::Status S_KEY_UPDATE_MAX = 0x00000044;
  const CICM::Status S_KEY_INVALID_ID = 0x00000047;
  const CICM::Status S_KEY_PHYSICAL_LOC = 0x00000048;
  const CICM::Status S_KEY_ILLEGAL_CONVERSION = 0x0000004B;
  const CICM::Status S_KEY_MALFORMED = 0x0000004D;
  const CICM::Status S_KEY_METADATA_MALFORMED = 0x0000004E;
  const CICM::Status S_KEY_NO_NEXT = 0x00000050;
  const CICM::Status S_KEY_WRONG_TYPE = 0x00000053;
  const CICM::Status S_KEY_FILL_DEVICE_NOT_CONNECTED = 0x00000055;
  const CICM::Status S_KEY_FILL_NOT_INITIATED = 0x00000056;
  const CICM::Status S_KEY_TRUST_ANCHOR = 0x00000059;
  const CICM::Status S_LOCAL_PORT_INVALID = 0x0000005A;
  const CICM::Status S_LOCAL_PORT_INCOMPATIBLE = 0x0000005C;
  const CICM::Status S_LOCAL_PORT_IN_USE = 0x0000005F;
  const CICM::Status S_REMOTE_PORT_INVALID = 0x00000060;
  const CICM::Status S_REMOTE_PORT_IN_USE = 0x00000063;
  const CICM::Status S_ALGO_INVALID = 0x00000065;
  const CICM::Status S_ALGO_INCOMPATIBLE = 0x00000066;
  const CICM::Status S_TOKEN_NOT_PRESENT = 0x00000069;
  const CICM::Status S_TOKEN_ADMIN_NOT_PRESENT = 0x0000006A;
  const CICM::Status S_TOKEN_ACCESS = 0x0000006C;
  const CICM::Status S_TOKEN_RESOURCES = 0x0000006F;
  const CICM::Status S_TOKEN_ASSOC_EXISTS = 0x00000071;
  const CICM::Status S_TOKEN_ASSOC_AT_MODULE = 0x00000072;
  const CICM::Status S_TOKEN_ASSOC_AT_TOKEN = 0x00000074;
  const CICM::Status S_TOKEN_ASSOC_NOT_EXIST = 0x00000077;
  const CICM::Status S_TOKEN_ASSOC_GENERAL = 0x00000078;
  const CICM::Status S_TOKEN_DISASSOC_GENERAL = 0x0000007B;
  const CICM::Status S_TOKEN_REC_NOT_FOUND = 0x0000007D;
  const CICM::Status S_TOKEN_TIMEOUT = 0x0000007E;
  const CICM::Status S_TOKEN_LAST_ASSOCIATED = 0x00000081;
  const CICM::Status S_PACKAGE_NOT_ACTIVATABLE = 0x00000082;
  const CICM::Status S_PACKAGE_ACTIVATED = 0x00000084;
  const CICM::Status S_PACKAGE_NOT_ACTIVE = 0x00000087;
  const CICM::Status S_PACKAGE_INVALID = 0x00000088;
  const CICM::Status S_PACKAGE_TYPE_INVALID = 0x0000008B;
  const CICM::Status S_PACKAGE_KEY_NOT_AVAILABLE = 0x0000008D;
  const CICM::Status S_PACKAGE_KEY_NOT_SPECIFIED = 0x0000008E;
  const CICM::Status S_LOG_ENTRY_INVALID = 0x00000090;
  const CICM::Status S_EVENT_REGISTERED = 0x00000093;
  const CICM::Status S_EVENT_NOT_REGISTERED = 0x00000095;
  const CICM::Status S_EVENT_NOT_SUPPORTED = 0x00000096;
  const CICM::Status S_TRUSTED_DISPLAY = 0x00000099;
  const CICM::Status S_NEGOTIATION_ABORTED = 0x0000009A;
  const CICM::Status S_NEGOTIATION_FAILURE = 0x0000009C;
  const CICM::Status S_NEGOTIATION_IN_PROGRESS = 0x0000009F;
  const CICM::Status S_NEGOTIATION_NOT_IN_PROGRESS = 0x000000A0;
  const CICM::Status S_NEGOTIATION_TIMEOUT = 0x000000A3;
  const CICM::Status S_CERT_LOCAL_INVALID = 0x000000A5;
  const CICM::Status S_CERT_LOCAL_EXPIRED = 0x000000A6;
  const CICM::Status S_CERT_REMOTE_INVALID = 0x000000A9;
  const CICM::Status S_CERT_REMOTE_EXPIRED = 0x000000AA;
  const CICM::Status S_CERT_REMOTE_PATH = 0x000000AC;
  const CICM::Status S_PROTO_INVALID = 0x000000AF;
  const CICM::Status S_PROTO_INCOMPATIBLE = 0x000000B1;
  const CICM::Status S_PROTO_UNDETERMINED = 0x000000B2;
  const CICM::Status S_CHANNEL_ERROR = 0x000000B4;
  const CICM::Status S_CHANNEL_PEER_RESET = 0x000000B7;
  const CICM::Status S_CHANNEL_MAX = 0x000000B8;
  const CICM::Status S_CHANNEL_NOT_FOUND = 0x000000BB;
  const CICM::Status S_CHANNEL_IO_ERROR = 0x000000BD;
  const CICM::Status S_CHANNEL_DATA_INVALID = 0x000000BE;
  const CICM::Status S_CHANNEL_DATA_INVALID_LEN = 0x000000C0;
  const CICM::Status S_CHANNEL_BUFFER_LEN = 0x000000C3;
  const CICM::Status S_CHANNEL_IN_GROUP = 0x000000C5;
  const CICM::Status S_CHANNEL_CLASSIFICATION = 0x000000C6;
  const CICM::Status S_BYPASS_DATARATE_EXCEEDED = 0x000000C9;
  const CICM::Status S_BYPASS_DATALIMIT_EXCEEDED = 0x000000CA;
  const CICM::Status S_INTEGRITY = 0x000000CC;
  const CICM::Status S_AUTHENTICATION_FAILED = 0x000000CF;
  const CICM::Status S_USER_AUTHENTICATED = 0x000000D1;
  const CICM::Status S_USERNAME_INVALID = 0x000000D2;
  const CICM::Status S_USER_EXISTS = 0x000000D4;
  const CICM::Status S_USER_INVALID = 0x000000D7;
  const CICM::Status S_ROLE_INVALID = 0x000000D8;
  const CICM::Status S_ROLE_ASSOCIATED = 0x000000DB;
  const CICM::Status S_ROLE_NOT_ASSOCIATED = 0x000000DD;
  const CICM::Status S_ROLE_MAX = 0x000000DE;
  const CICM::Status S_PASSWORD_INVALID = 0x000000E1;
  const CICM::Status S_PASSWORD_INVALID_CHAR = 0x000000E2;
  const CICM::Status S_PASSWORD_INVALID_LEN = 0x000000E4;
  const CICM::Status S_SALT_INVALID = 0x000000E7;
  const CICM::Status S_ITERATION_COUNT_INVALID = 0x000000E8;
  const CICM::Status S_INSUFFICIENT_ENTROPY = 0x000000EB;

  interface Iterator {
    typedef CICM::UInt32 Status;
    const CICM::Iterator::Status C_ITERATOR_HAS_NEXT = 0x00006031;
    const CICM::Iterator::Status C_ITERATOR_NO_MORE = 0x00006032;

    CICM::Status has_next(
      out CICM::Iterator::Status has_next );
  };

  typedef CICM::CharString ModuleId;

  interface CryptoModule {
    readonly attribute CICM::ModuleId module_id;
    readonly attribute CICM::CharString manufacturer;
    readonly attribute CICM::CharString model;
    readonly attribute CICM::CharString serial_number;
    readonly attribute CICM::CharString module_version;
    readonly attribute CICM::CharString software_version;
    readonly attribute CICM::CharString driver_version;
    readonly attribute CICM::CharString library_version;
    readonly attribute CICM::RoleId role;
    attribute CICM::CharString date_time;
    readonly attribute CICM::SymKeyManager sym_key_manager;
    readonly attribute CICM::AsymKeyManager asym_key_manager;
    readonly attribute CICM::KeyDatabase key_database;
    readonly attribute CICM::ChannelManager channel_manager;
    readonly attribute CICM::ModuleEventManager event_manager;
    readonly attribute CICM::PackageManager package_manager;
    readonly attribute CICM::TokenManager token_manager;
    readonly attribute CICM::UserManager user_manager;
    readonly attribute CICM::LoginManager login_manager;
    readonly attribute CICM::TestManager test_manager;
    readonly attribute CICM::LogManager log_manager;

    CICM::Status configure_fill_interface(
      in  CICM::Buffer interface_parameters,
      in  CICM::LocalPort fill_port );

    CICM::Status reset();
  };

  interface CICMRoot {
    CICM::Status get_module_by_id(
      in  CICM::ModuleId id,
      out CICM::CryptoModule crypto_module_ref );
  };
};

Authors' Addresses

Daniel J. Lanz The MITRE Corporation EMail: dlanz@mitre.org
Lev Novikov The MITRE Corporation EMail: lnovikov@mitre.org