| Internet Engineering Task Force | D. Lanz |
| Internet-Draft | L. Novikov |
| Intended status: Informational | MITRE |
| Expires: January 26, 2012 | July 25, 2011 |
Common Interface to Cryptographic Modules (CICM) Channel Management
draft-lanz-cicm-cm-01
[RFC Editor: Please update the RFC references prior to publication.]
This memo defines a programming interface for the management of cryptographic channels as outlined in draft-lanz-cicm-lm-00 and required by draft-lanz-cicm-02 including creating and negotiating channels for encryption, decryption, bypass, data integrity, or to generate random data.
Comments are solicited and should be addressed to the mailing list at cicm@ietf.org.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 26, 2012.
Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
This document defines the key management functions for the Common Interface to Cryptographic Modules (CICM) as defined in [CICM]. The underlying logical model and terminology is defined in [CICM-LM].
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
This document uses the Interface Definition Language (IDL) [IDL] to specify language-neutral interfaces and is not intended to prescribe or preclude a particular communications protocol such as General Inter-ORB Protocol (GIOP) [CORBA] between programs in different address spaces or on different devices. In other words, any specific protocol is strictly OPTIONAL. See Definition Language in [CICM] for more information.
This document contains definitions for several opaque data parameters whose format is not defined by CICM. Instead, implementers are required to create an Implementation Conformance Statement which MUST reference a standard format or define a module developer-specific format implemented by the module for these datatypes. See Conformance and Extensions in [CICM] for more details.
This document depends on type definitions and interfaces that are defined in other CICM documents.
The CICM namespace is defined in [CICM].
The following type definitions are defined in [CICM]:
The interface CICM::Iterator is defined in [CICM]; CICM::Key, CICM::AsymKey and CICM::SymKey are defined in [CICM-KM].
Due to the large number of potential configurations, the definitions of the channel types and their operations are divided into ten namespaces which group together similar or related types of channels.
The namespaces are: [CICM-LM] for a high level description of the channel types or below for the channel definitions.
See
Type CICM::HashAlgorithmId
typedef CICM::CharString HashAlgorithmId;
Unique hash algorithm identifier.
Type CICM::AsymEncrAlgorithmId
typedef CICM::CharString AsymEncrAlgorithmId;
Unique asymmetric encryption algorithm identifier.
Constant CICM::IMPLICIT_ASYM_ENCR_ALGO
const CICM::AsymEncrAlgorithmId IMPLICIT_ASYM_ENCR_ALGO = "IMPLICIT";
Value that indicates that the encryption algorithm is implicit in the key being provided to the module.
Type CICM::AsymSigAlgorithmId
typedef CICM::CharString AsymSigAlgorithmId;
Unique asymmetric signature algorithm identifier.
Constant CICM::IMPLICIT_ASYM_SIG_ALGO
const CICM::AsymSigAlgorithmId IMPLICIT_ASYM_SIG_ALGO = "IMPLICIT";
Value that indicates that the signature algorithm is implicit in the key being provided to the module.
Type CICM::KeyWrapAlgorithmId
typedef CICM::CharString KeyWrapAlgorithmId;
Unique key wrap algorithm identifier, incorporating both the algorithm and the mode.
Constant CICM::IMPLICIT_KEY_WRAP_ALGO
const CICM::KeyWrapAlgorithmId IMPLICIT_KEY_WRAP_ALGO = "IMPLICIT";
Value that indicates that the key wrap algorithm is implicit in the key being provided to the module.
Type CICM::SymEncrAlgorithmId
typedef CICM::CharString SymEncrAlgorithmId;
Unique symmetric encryption algorithm identifier, incorporating both the algorithm and the mode.
Constant CICM::IMPLICIT_SYM_ENCR_ALGO
const CICM::SymEncrAlgorithmId IMPLICIT_SYM_ENCR_ALGO = "IMPLICIT";
Value that indicates that the encryption algorithm is implicit in the key being provided to the module.
Type CICM::SymMacAlgorithmId
typedef CICM::CharString SymMacAlgorithmId;
Unique symmetric MAC algorithm identifier.
Constant CICM::IMPLICIT_SYM_MAC_ALGO
const CICM::SymMacAlgorithmId IMPLICIT_SYM_MAC_ALGO = "IMPLICIT";
Value that indicates that the MAC algorithm is implicit in the key being provided to the module.
Type CICM::ProtocolId
typedef CICM::CharString ProtocolId;
Unique key agreement protocol identifier.
Constant CICM::IMPLICIT_PROTOCOL_ID
const CICM::ProtocolId IMPLICIT_PROTOCOL_ID = "IMPLICIT";
Value that indicates that the key agreement protocol is implicit in the message being provided to the module.
Type CICM::Vector
typedef CICM::Buffer Vector;
State vector, used to represent initialization vectors, synchronization vectors, counter values, and time-of-day values.
Type CICM::HashBuffer
typedef CICM::Buffer HashBuffer;
Cryptographic hash.
Type CICM::MACBuffer
typedef CICM::Buffer MACBuffer;
Message authentication code (MAC).
Type CICM::SigBuffer
typedef CICM::Buffer SigBuffer;
Cryptographic signature.
Interface CICM::ChannelManager
interface ChannelManager :
CICM::Answer::ChannelManager,
CICM::BypassRead::ChannelManager,
CICM::BypassWrite::ChannelManager,
CICM::Coprocessor::ChannelManager,
CICM::Decrypt::ChannelManager,
CICM::DecryptBypass::ChannelManager,
CICM::Duplex::ChannelManager,
CICM::Emit::ChannelManager,
CICM::Encrypt::ChannelManager,
CICM::EncryptBypass::ChannelManager {
CICM::ChannelManager supports the creation and negotiation of cryptographic channels. It is accessed from CICM::CryptoModule via the CICM::CryptoModule::channel_manager attribute. CICM::ChannelManager enables a variety of different channel types to be constructed.
Note:
CICM::ChannelManager inherits from: CICM::Answer::ChannelManager, CICM::BypassRead::ChannelManager, CICM::BypassWrite::ChannelManager, CICM::Coprocessor::ChannelManager, CICM::Decrypt::ChannelManager, CICM::DecryptBypass::ChannelManager, CICM::Duplex::ChannelManager, CICM::Emit::ChannelManager, CICM::Encrypt::ChannelManager and CICM::EncryptBypass::ChannelManager.
Method CICM::ChannelManager::create_controller_group()
CICM::Status create_controller_group( out CICM::ControllerGroup controller_group_ref );
Creates a CICM::ControllerGroup to group controllers and conduits together.
Parameters:
Returns:
Interface CICM::Channel
interface Channel {
Defines the logical path through the module. Interface from which all conduit, streams and controllers inherit. Channels are created via the CICM::ChannelManager interface.
AttributeCICM::Channel::event_manager
readonly attribute CICM::ChannelEventManager event_manager;
Provides access to the event manager.
Interface CICM::Conduit
interface Conduit :
CICM::Controller,
CICM::Stream {
Interface from which all other conduits are inherited. A conduit is a combination of a stream and controller.
CICM::Conduit inherits from: CICM::Controller and CICM::Stream.
Interface CICM::Controller
interface Controller : CICM::Channel {
Interface from which all other controllers are inherited. Controls general characteristics of a cryptographic transformation, but does not provide data to be transformed.
Remarks:
CICM::Controller inherits from: CICM::Channel.
Method CICM::Controller::destroy()
CICM::Status destroy();
Destroys the controller.
Returns:
Interface CICM::Stream
interface Stream : CICM::Channel {};
Interface from which all streams inherit. Streams manage the flow of data on a channel, but not its attributes.
CICM::Stream inherits from: CICM::Channel.
Interface CICM::AbstractMACConduit
interface AbstractMACConduit : CICM::Conduit {
Interface from which other MAC conduits are inherited.
CICM::AbstractMACConduit inherits from: CICM::Conduit.
AttributeCICM::AbstractMACConduit::mac_key
readonly attribute CICM::SymKey mac_key;
The key used for computing the MAC.
AttributeCICM::AbstractMACConduit::mac_algorithm
readonly attribute CICM::SymMacAlgorithmId mac_algorithm;
The algorithm used to MAC the data.
Method CICM::AbstractMACConduit::end_get_mac()
CICM::Status end_get_mac( out CICM::MACBuffer mac );
Direct the module to compute and output the MAC value, and reset the channel to accept additional data.
Parameters:
Returns:
Interface CICM::AbstractSignConduit
interface AbstractSignConduit : CICM::Conduit {
Interface from which other sign conduits are inherited.
CICM::AbstractSignConduit inherits from: CICM::Conduit.
AttributeCICM::AbstractSignConduit::sign_key
readonly attribute CICM::AsymKey sign_key;
Key used for signing the data.
AttributeCICM::AbstractSignConduit::sign_algorithm
readonly attribute CICM::AsymSigAlgorithmId sign_algorithm;
Algorithm used to sign the data.
Method CICM::AbstractSignConduit::end_get_signature()
CICM::Status end_get_signature( out CICM::SigBuffer signature );
Direct the module to compute and output the signature, and reset the conduit to accept additional data.
Parameters:
Returns:
Interface CICM::AbstractVerifyConduit
interface AbstractVerifyConduit : CICM::Conduit {
Interface from which other verification conduits are inherited.
CICM::AbstractVerifyConduit inherits from: CICM::Conduit.
Type CICM::AbstractVerifyConduit::VerifyStatus
typedef CICM::UInt32 VerifyStatus;
Verification status (data verifies/does not verify).
Constant CICM::AbstractVerifyConduit::C_DATA_VERIFIED
const CICM::AbstractVerifyConduit::VerifyStatus C_DATA_VERIFIED = 0x00006025;
Data verifies.
Constant CICM::AbstractVerifyConduit::C_DATA_NOT_VERIFIED
const CICM::AbstractVerifyConduit::VerifyStatus C_DATA_NOT_VERIFIED = 0x00006026;
Data does not verify.
Interface CICM::AbstractMACVerifyConduit
interface AbstractMACVerifyConduit : CICM::AbstractVerifyConduit {
Interface from which other MAC verify conduits are inherited.
CICM::AbstractMACVerifyConduit inherits from: CICM::AbstractVerifyConduit.
AttributeCICM::AbstractMACVerifyConduit::verify_key
readonly attribute CICM::SymKey verify_key;
Key used to verify the MAC.
AttributeCICM::AbstractMACVerifyConduit::verify_algorithm
readonly attribute CICM::SymMacAlgorithmId verify_algorithm;
Algorithm used to verify the data.
Method CICM::AbstractMACVerifyConduit::end_get_verified()
CICM::Status end_get_verified( in CICM::MACBuffer mac, out CICM::AbstractVerifyConduit::VerifyStatus status );
Direct the module to compute and output the MAC verification status, and reset the channel to accept additional data for verification.
Parameters:
Returns:
Interface CICM::AbstractSigVerifyConduit
interface AbstractSigVerifyConduit : CICM::AbstractVerifyConduit {
Interface from which other signature verification conduits are inherited.
CICM::AbstractSigVerifyConduit inherits from: CICM::AbstractVerifyConduit.
AttributeCICM::AbstractSigVerifyConduit::verify_key
readonly attribute CICM::AsymKey verify_key;
Key used to verify the signature.
AttributeCICM::AbstractSigVerifyConduit::verify_algorithm
readonly attribute CICM::AsymSigAlgorithmId verify_algorithm;
Algorithm used to verify the data.
Method CICM::AbstractSigVerifyConduit::end_get_verified()
CICM::Status end_get_verified( in CICM::SigBuffer signature, out CICM::AbstractVerifyConduit::VerifyStatus status );
Direct the module to compute and output the verification status, and reset the channel to accept additional data for verification.
Parameters:
Returns:
Interface CICM::WriteStream
interface WriteStream : CICM::Stream {
Interface from which other streams that write data to the module inherit.
CICM::WriteStream inherits from: CICM::Stream.
Type CICM::WriteStream::WriteStatus
typedef CICM::UInt32 WriteStatus;
Status of an non-blocking write.
Constant CICM::WriteStream::C_WRITE_NOT_READY
const CICM::WriteStream::WriteStatus C_WRITE_NOT_READY = 0x00006067;
Module is not ready to receive data for writing.
Constant CICM::WriteStream::C_WRITE_READY
const CICM::WriteStream::WriteStatus C_WRITE_READY = 0x00006068;
Module is ready to receive data for writing.
Interface CICM::ReadStream
interface ReadStream : CICM::Stream {
Interface from which all other streams that read data from the module inherit.
CICM::ReadStream inherits from: CICM::Stream.
Type CICM::ReadStream::ReadStatus
typedef CICM::UInt32 ReadStatus;
Status of a non-blocking read.
Constant CICM::ReadStream::C_READ_NOT_READY
const CICM::ReadStream::ReadStatus C_READ_NOT_READY = 0x0000605E;
Module does not have data ready for reading.
Constant CICM::ReadStream::C_READ_READY
const CICM::ReadStream::ReadStatus C_READ_READY = 0x00006061;
Module has data ready for reading.
Interface CICM::MultiDomainController
interface MultiDomainController : CICM::Controller {
Interface from which any other multi-domain-related controller or conduit inherits.
Remarks:
CICM::MultiDomainController inherits from: CICM::Controller.
AttributeCICM::MultiDomainController::local_port
readonly attribute CICM::LocalPort local_port;
Local port associated with this controller.
AttributeCICM::MultiDomainController::remote_port
readonly attribute CICM::RemotePort remote_port;
Remote port associated with this controller.
Interface CICM::SymKeyController
interface SymKeyController : CICM::Controller {
Interface from which all controllers using a symmetric key inherit.
CICM::SymKeyController inherits from: CICM::Controller.
Attribute CICM::SymKeyController::key
readonly attribute CICM::SymKey key;
The key associated with this controller.
Method CICM::SymKeyController::update_key()
CICM::Status update_key();
Cryptographically update the key associated with this controller using the key's native algorithm.
Remarks:
Returns:
See also:
Method CICM::SymKeyController::update_key_with_algo()
CICM::Status update_key_with_algo( in CICM::SymEncrAlgorithmId algorithm );
Cryptographically update the key associated with this controller using the specified algorithm.
Remarks:
Parameters:
Returns:
See also:
Method CICM::SymKeyController::rollover_key()
CICM::Status rollover_key();
Specify that the next pre-placed key be used with this controller.
Remarks:
Returns:
See also:
Method CICM::SymKeyController::rollover_key_with_key()
CICM::Status rollover_key_with_key( in CICM::SymKey next_key );
Specify the next pre-placed key to be used with this controller.
Remarks:
Parameters:
Returns:
See also:
Interface CICM::AsymKeyController
interface AsymKeyController : CICM::Controller {
Interface from which all controllers using an asymmetric key inherit.
CICM::AsymKeyController inherits from: CICM::Controller.
AttributeCICM::AsymKeyController::key
readonly attribute CICM::AsymKey key;
Provides read-only access to the key associated with a controller.
Interface CICM::NegotiatedController
interface NegotiatedController :
CICM::MultiDomainController,
CICM::AsymKeyController,
CICM::Negotiator {
Interface from which all other negotiated controllers inherit. A controller that uses a negotiated key.
CICM::NegotiatedController inherits from: CICM::MultiDomainController, CICM::AsymKeyController and CICM::Negotiator.
AttributeCICM::NegotiatedController::negotiated_grade
readonly attribute CICM::Classification negotiated_grade;
Returns the grade (classification level) of the channel.
Method CICM::NegotiatedController::renegotiate()
CICM::Status renegotiate();
Renegotiates the traffic encryption key with the associated peer.
Remarks:
Returns:
Method CICM::NegotiatedController::initiate_grade_change()
CICM::Status initiate_grade_change( in CICM::Classification new_grade );
Requests a change of grade (classification level) for the current traffic.
Parameters:
Returns:
Method CICM::NegotiatedController::acknowledge_grade_change()
CICM::Status acknowledge_grade_change();
Positively acknowledges the requested change of grade.
Returns:
Interface CICM::SetVectorController
interface SetVectorController : CICM::Controller {
Provides access to the state vector associated with a controller.
CICM::SetVectorController inherits from: CICM::Controller.
AttributeCICM::SetVectorController::vec
readonly attribute CICM::Vector vec;
State vector associated with this controller.
Method CICM::SetVectorController::set_vector()
CICM::Status set_vector( in CICM::Vector vec );
Set channel state vector.
Remarks:
Parameters:
Returns:
Method CICM::SetVectorController::set_vector_no_check()
CICM::Status set_vector_no_check( in CICM::Vector vec );
Set channel state vector without a policy check.
Remarks:
Parameters:
Returns:
Method CICM::SetVectorController::reset_vector()
CICM::Status reset_vector();
Reset channel state vector to system-dependent value.
Remarks:
Returns:
Interface CICM::GenVectorController
interface GenVectorController : CICM::SetVectorController {
Enables an state vector to be generated.
CICM::GenVectorController inherits from: CICM::SetVectorController.
Method CICM::GenVectorController::generate_vector()
CICM::Status generate_vector();
Generate a vector for this controller utilizing new random state.
Remarks:
Returns:
Method CICM::GenVectorController::generate_vector_existing_state()
CICM::Status generate_vector_existing_state();
Generate a vector for this controller utilizing the latest unused state.
Remarks:
Returns:
Interface CICM::ResyncController
interface ResyncController : CICM::Controller {
Provides methods to resynchronize a controller or conduit.
CICM::ResyncController inherits from: CICM::Controller.
Method CICM::ResyncController::resync()
CICM::Status resync();
Resynchronize the channel.
Remarks:
Returns:
See also:
Method CICM::ResyncController::resync_with_sync_vector()
CICM::Status resync_with_sync_vector( in CICM::Vector vec );
Resynchronize the channel, using the specified synchronization vector (required by certain operating modes to initiate a resync).
Remarks:
Parameters:
Returns:
See also:
When creating an encryption or decryption channel using an asymmetric keyset, a negotiation process must be initiated between the two communicating entities, resulting in an ephemeral symmetric key held by each entity. The following details the steps in the negotiation process:
A successful negotation results in a negotiated controller.
Interface CICM::Negotiator
interface Negotiator {
CICM::Negotiator is an abstraction inherited by controllers and CICM::KeyProtocolSender to assist in the management of the negotiation process.
Method CICM::Negotiator::get_remote_info()
CICM::Status get_remote_info( out CICM::PeerInfo peer_info );
Retrieve remote peer identification information. The peer information must be displayed to the local user to enable determination to be made as to whether negotiation should continue or be aborted. If the decision is made to abort negotiation, the CICM::Negotiator::abort_negotiation method MUST be called to destroy any protocol session state.
Parameters:
Returns:
Method CICM::Negotiator::abort_negotiation()
CICM::Status abort_negotiation();
Abort negotiation or renegotiation. This method must be called in the event the identification information for the remote host does not correspond to the expected host.
Returns:
Interface CICM::PeerInfo
interface PeerInfo {
Information about a peer entity participating in a key negotiation.
Attribute CICM::PeerInfo::peer_name
readonly attribute CICM::CharString peer_name;
Name/organization of remote entity participating in key agreement prototcol.
AttributeCICM::PeerInfo::classification
readonly attribute CICM::Classification classification;
Highest security classification level at which the remote entity participating in the key agreement protocol is capable of communicating.
Attribute CICM::PeerInfo::compartment
readonly attribute CICM::CharString compartment;
Compartment of remote entity participating in key agreement protocol.
Attribute CICM::PeerInfo::message
readonly attribute CICM::CharString message;
Message to be displayed regarding the remote entities' participation in key agreement protocol.
Namespace CICM::Encrypt
module Encrypt {
The CICM::Encrypt namespace contains interfaces that support encryption operations between two independent security domains.
Interface CICM::Encrypt::ChannelManager
interface ChannelManager {
CICM::Encrypt::ChannelManager is an abstraction inherited by CICM::ChannelManager that supports the creation of encryption negotiators, conduits, controllers, and streams. See CICM::ChannelManager for additional information.
Method CICM::Encrypt::ChannelManager::negotiate_encrypt_conduit()
CICM::Status negotiate_encrypt_conduit( in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey key_ref, out CICM::Encrypt::Negotiator negotiator_ref );
Initiate a negotiation to establish a shared key with a peer. The channel that results will encrypt a stream of data.
Parameters:
Returns:
Method CICM::Encrypt::ChannelManager::negotiate_encrypt_with_mac_conduit()
CICM::Status negotiate_encrypt_with_mac_conduit( in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::SymKey mac_key_ref, in CICM::AsymKey nego_key_ref, in CICM::SymMacAlgorithmId mac_algorithm, out CICM::Encrypt::WithMACNegotiator negotiator_ref );
Initiate a negotiation to establish a shared key with a peer. The channel that results will MAC and encrypt a stream of data.
Remarks:
Parameters:
Returns:
Method CICM::Encrypt::ChannelManager::negotiate_encrypt_with_sign_conduit()
CICM::Status negotiate_encrypt_with_sign_conduit( in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey sign_key_ref, in CICM::AsymKey nego_key_ref, in CICM::AsymSigAlgorithmId sign_algorithm, out CICM::Encrypt::WithSignNegotiator negotiator_ref );
Initiate a negotiation to establish a shared key with a peer. The channel that results will sign and encrypt a stream of data.
Remarks:
Parameters:
Returns:
Method CICM::Encrypt::ChannelManager::negotiate_encrypt_controller()
CICM::Status negotiate_encrypt_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey key_ref, out CICM::Encrypt::ControllerNegotiator negotiator_ref );
Initiate a negotiation to establish a shared key with a peer, resulting in a controller to manage an encryption channel.
Parameters:
Returns:
Method CICM::Encrypt::ChannelManager::create_encrypt_conduit()
CICM::Status create_encrypt_conduit( in CICM::RemotePort remote_port, in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::Encrypt::Conduit conduit_ref );
Create conduit to encrypt a stream of data.
Parameters:
Returns:
Method CICM::Encrypt::ChannelManager::create_encrypt_with_mac_conduit()
CICM::Status create_encrypt_with_mac_conduit( in CICM::RemotePort remote_port, in CICM::SymKey mac_key_ref, in CICM::SymKey encrypt_key_ref, in CICM::SymMacAlgorithmId mac_algorithm, in CICM::SymEncrAlgorithmId encr_algorithm, out CICM::Encrypt::WithMACConduit conduit_ref );
Create conduit to MAC and encrypt a stream of data.
Parameters:
Returns:
Method CICM::Encrypt::ChannelManager::create_encrypt_with_sign_conduit()
CICM::Status create_encrypt_with_sign_conduit( in CICM::RemotePort remote_port, in CICM::AsymKey sign_key_ref, in CICM::SymKey encrypt_key_ref, in CICM::AsymSigAlgorithmId sign_algorithm, in CICM::SymEncrAlgorithmId encr_algorithm, out CICM::Encrypt::WithSignConduit conduit_ref );
Create conduit to sign and encrypt a stream of data.
Parameters:
Returns:
Method CICM::Encrypt::ChannelManager::create_key_wrap_conduit()
CICM::Status create_key_wrap_conduit( in CICM::RemotePort remote_port, in CICM::SymKey kek_ref, in CICM::KeyWrapAlgorithmId algorithm, out CICM::Encrypt::KeyWrapConduit conduit_ref );
Create conduit to wrap a key.
Remarks:
Parameters:
Returns:
Method CICM::Encrypt::ChannelManager::create_encrypt_controller()
CICM::Status create_encrypt_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::Encrypt::Controller controller_ref );
Create controller to configure and control an encryption channel.
Remarks:
Parameters:
Returns:
Method CICM::Encrypt::ChannelManager::get_encrypt_stream()
CICM::Status get_encrypt_stream( in CICM::LocalPort local_port, out CICM::Encrypt::Stream stream_ref );
Create stream associated with previously created controller to accept data for transformation.
Parameters:
Returns:
Interface CICM::Encrypt::Stream
interface Stream : CICM::WriteStream {
CICM::Encrypt::Stream supports encryption operations between two independent security domains. The resulting stream is capable of accepting data for transformation, but not managing the channel. It is created by calling CICM::ChannelManager::get_encrypt_stream.
CICM::Encrypt::Stream inherits from: CICM::WriteStream.
Method CICM::Encrypt::Stream::encrypt()
CICM::Status encrypt( in CICM::Buffer buffer );
Sends data to the module to be encrypted. The method blocks until data is sent.
Parameters:
Returns:
Method CICM::Encrypt::Stream::encrypt_non_blocking()
CICM::Status encrypt_non_blocking( in CICM::Buffer buffer, in CICM::TransId transaction_id );
Registers a buffer of data to be sent to the module for encryption and then immediately returns control to the caller. The length of the data is encapsulated in the buffer parameter. The caller may use the CICM::Encrypt::Stream::encrypt_poll method to proactively poll the channel to determine the status of the operation. The caller is responsible for maintaining any necessary metadata associated with the transaction_id parameter. Memory responsibilities and calling conventions MUST follow the appropriate IDL language mapping conventions.
Parameters:
Returns:
Method CICM::Encrypt::Stream::encrypt_poll()
CICM::Status encrypt_poll( in CICM::TransId transaction_id, out CICM::WriteStream::WriteStatus status );
Returns the status of the non-blocking encryption operation specified by the transaction_id parameter. Memory responsibilities and calling conventions shall follow the appropriate IDL language mapping conventions.
Parameters:
Returns:
Interface CICM::Encrypt::KeyWrapStream
interface KeyWrapStream : CICM::Stream {
CICM::Encrypt::KeyWrapStream is an abstraction that allows key material to be presented to a stream for wrapping prior to passing into a different security domain.
CICM::Encrypt::KeyWrapStream inherits from: CICM::Stream.
Method CICM::Encrypt::KeyWrapStream::wrap_key()
CICM::Status wrap_key( in CICM::Key key_ref );
Write the key to be wrapped to the channel stream.
Remarks:
Parameters:
Returns:
Interface CICM::Encrypt::Controller
interface Controller :
CICM::MultiDomainController,
CICM::SymKeyController,
CICM::GenVectorController,
CICM::ResyncController {
CICM::Encrypt::Controller supports encryption operations between two independent security domains. The resulting controller is capable of managing the channel, but not accepting data for transformation. It is created by calling CICM::ChannelManager::create_encrypt_controller.
CICM::Encrypt::Controller inherits from: CICM::MultiDomainController, CICM::SymKeyController, CICM::GenVectorController and CICM::ResyncController.
Interface CICM::Encrypt::NegotiatedController
interface NegotiatedController :
CICM::NegotiatedController,
CICM::GenVectorController,
CICM::ResyncController {
CICM::Encrypt::NegotiatedController is the negotiated version of CICM::Encrypt::Controller. It is the result of a successful negotiation by CICM::Encrypt::ControllerNegotiator.
CICM::Encrypt::NegotiatedController inherits from: CICM::NegotiatedController, CICM::GenVectorController and CICM::ResyncController.
Interface CICM::Encrypt::Conduit
interface Conduit :
CICM::Conduit,
CICM::Encrypt::Controller,
CICM::Encrypt::Stream {
CICM::Encrypt::Conduit supports encryption operations between two independent security domains. The resulting conduit is capable of both managing the channel and accepting data for transformation. It is created by calling CICM::ChannelManager::create_encrypt_conduit.
CICM::Encrypt::Conduit inherits from: CICM::Conduit, CICM::Encrypt::Controller and CICM::Encrypt::Stream.
Interface CICM::Encrypt::NegotiatedConduit
interface NegotiatedConduit :
CICM::Conduit,
CICM::Encrypt::NegotiatedController,
CICM::Encrypt::Stream {
CICM::Encrypt::NegotiatedConduit is the negotiated version of CICM::Encrypt::Conduit. It is the result of a successful negotiation by CICM::Encrypt::Negotiator.
CICM::Encrypt::NegotiatedConduit inherits from: CICM::Conduit, CICM::Encrypt::NegotiatedController and CICM::Encrypt::Stream.
Interface CICM::Encrypt::WithMACConduit
interface WithMACConduit :
CICM::AbstractMACConduit,
CICM::Encrypt::Conduit {
CICM::Encrypt::WithMACConduit supports encryption operations between two independent security domains with the receipt of a MAC value in the initiating domain. The resulting conduit is capable of both managing the channel and accepting data for transformation. It is created by calling CICM::ChannelManager::create_encrypt_with_mac_conduit.
CICM::Encrypt::WithMACConduit inherits from: CICM::AbstractMACConduit and CICM::Encrypt::Conduit.
Interface CICM::Encrypt::WithMACNegotiatedConduit
interface WithMACNegotiatedConduit :
CICM::AbstractMACConduit,
CICM::Encrypt::NegotiatedConduit {
CICM::Encrypt::WithMACNegotiatedConduit is the negotiated version of CICM::Encrypt::WithMACConduit. It is the result of a successful negotiation by CICM::Encrypt::WithMACNegotiator.
CICM::Encrypt::WithMACNegotiatedConduit inherits from: CICM::AbstractMACConduit and CICM::Encrypt::NegotiatedConduit.
Interface CICM::Encrypt::WithSignConduit
interface WithSignConduit :
CICM::AbstractSignConduit,
CICM::Encrypt::Conduit {
CICM::Encrypt::WithSignConduit supports encryption operations between two independent security domains with the receipt of a signature value in the initiating domain. The resulting conduit is capable of both managing the channel and accepting data for transformation. It is created by calling CICM::ChannelManager::create_encrypt_with_sign_conduit.
CICM::Encrypt::WithSignConduit inherits from: CICM::AbstractSignConduit and CICM::Encrypt::Conduit.
Interface CICM::Encrypt::WithSignNegotiatedConduit
interface WithSignNegotiatedConduit :
CICM::AbstractSignConduit,
CICM::Encrypt::NegotiatedConduit {
CICM::Encrypt::WithSignNegotiatedConduit is the negotiated version of CICM::Encrypt::WithSignConduit. It is the result of a successful negotiation by CICM::Encrypt::WithSignNegotiator.
CICM::Encrypt::WithSignNegotiatedConduit inherits from: CICM::AbstractSignConduit and CICM::Encrypt::NegotiatedConduit.
Interface CICM::Encrypt::KeyWrapConduit
interface KeyWrapConduit :
CICM::Encrypt::Controller,
CICM::Encrypt::KeyWrapStream {
CICM::Encrypt::KeyWrapConduit supports key wrapping operations between two independent security domains. The resulting conduit is capable of both managing the channel and accepting keys for transformation. It is created by calling CICM::ChannelManager::create_key_wrap_conduit.
CICM::Encrypt::KeyWrapConduit inherits from: CICM::Encrypt::Controller and CICM::Encrypt::KeyWrapStream.
Interface CICM::Encrypt::ControllerNegotiator
interface ControllerNegotiator : CICM::Negotiator {
CICM::Encrypt::ControllerNegotiator initiates a negotiation to establish a shared key with a remote entity that is used to support encryption operations between two independent security domains. The result of a successful negotiation is a CICM::Encrypt::NegotiatedController which is capable of managing the channel, but not accepting data for transformation. CICM::Encrypt::ControllerNegotiator is created by calling CICM::ChannelManager::negotiate_encrypt_controller.
CICM::Encrypt::ControllerNegotiator inherits from: CICM::Negotiator.
Method CICM::Encrypt::ControllerNegotiator::complete()
CICM::Status complete( out CICM::Encrypt::NegotiatedController controller_ref );
Complete negotiation and retrieve a negotiated negotiated encrypt controller.
Parameters:
Returns:
Interface CICM::Encrypt::Negotiator
interface Negotiator : CICM::Negotiator {
CICM::Encrypt::Negotiator initiates a negotiation to establish a shared key with a remote entity that is used to support encryption operations between two independent security domains. The result of a successful negotiation is a CICM::Encrypt::NegotiatedConduit which is capable of both managing the channel and accepting data for transformation. CICM::Negotiator is created by calling CICM::Encrypt::ChannelManager::negotiate_encrypt_conduit.
CICM::Encrypt::Negotiator inherits from: CICM::Negotiator.
Method CICM::Encrypt::Negotiator::complete()
CICM::Status complete( out CICM::Encrypt::NegotiatedConduit conduit_ref );
Complete negotiation and retrieve a negotiated encrypt conduit.
Parameters:
Returns:
Interface CICM::Encrypt::WithMACNegotiator
interface WithMACNegotiator : CICM::Negotiator {
CICM::Encrypt::WithMACNegotiator initiates a negotiation to establish a shared key with a remote entity that is used to support encryption operations between two independent security domains. Additionally, a message authentication code (MAC) is received in the initiating domain. The result of a successful negotiation is a CICM::Encrypt::WithMACNegotiatedConduit which is capable of both managing the channel and accepting data for transformation. CICM::Encrypt::WithMACNegotiator is created by calling CICM::ChannelManager::negotiate_encrypt_with_mac_conduit.
CICM::Encrypt::WithMACNegotiator inherits from: CICM::Negotiator.
Method CICM::Encrypt::WithMACNegotiator::complete()
CICM::Status complete( out CICM::Encrypt::WithMACNegotiatedConduit conduit_ref );
Complete negotiation and retrieve a negotiated MAC encrypt conduit.
Parameters:
Returns:
Interface CICM::Encrypt::WithSignNegotiator
interface WithSignNegotiator : CICM::Negotiator {
CICM::Encrypt::WithSignNegotiator initiates a negotiation to establish a shared key with a remote entity that is used to support encryption operations between two independent security domains. Additionally, a signature value is received in the initiating domain. The result of a successful negotiation is a CICM::Encrypt::WithSignNegotiatedConduit which is capable of both managing the channel and accepting data for transformation. CICM::Encrypt::WithSignNegotiator is created by calling CICM::ChannelManager::negotiate_encrypt_with_sign_conduit.
CICM::Encrypt::WithSignNegotiator inherits from: CICM::Negotiator.
Method CICM::Encrypt::WithSignNegotiator::complete()
CICM::Status complete( out CICM::Encrypt::WithSignNegotiatedConduit conduit_ref );
Complete negotiation and retrieve a negotiated sign encrypt conduit.
Parameters:
Returns:
Namespace CICM::Decrypt
module Decrypt {
The CICM::Decrypt namespace contains interfaces that support decryption operations between two independent security domains.
Interface CICM::Decrypt::ChannelManager
interface ChannelManager {
CICM::Decrypt::ChannelManager is an abstraction inherited by CICM::ChannelManager that supports the creation of decryption negotiators, conduits, controllers, and streams. See CICM::ChannelManager for additional information.
Method CICM::Decrypt::ChannelManager::negotiate_decrypt_conduit()
CICM::Status negotiate_decrypt_conduit( in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey key_ref, out CICM::Decrypt::Negotiator negotiator_ref );
Creates a negotiator that, upon successful negotiation, results in a CICM::Decrypt::NegotiatedConduit.
Parameters:
Returns:
Method CICM::Decrypt::ChannelManager::negotiate_decrypt_with_mac_conduit()
CICM::Status negotiate_decrypt_with_mac_conduit( in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::SymKey verify_key_ref, in CICM::AsymKey nego_key_ref, in CICM::SymMacAlgorithmId verify_algorithm, out CICM::Decrypt::WithMACNegotiator negotiator_ref );
Creates a negotiator that, upon successful negotiation, results in a CICM::Decrypt::MACNegotiatedConduit.
Remarks:
Parameters:
Returns:
Method CICM::Decrypt::ChannelManager::negotiate_decrypt_with_verify_conduit()
CICM::Status negotiate_decrypt_with_verify_conduit( in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey verify_key_ref, in CICM::AsymKey nego_key_ref, in CICM::AsymSigAlgorithmId verify_algorithm, out CICM::Decrypt::WithVerifyNegotiator negotiator_ref );
Initiate a negotiation to establish a shared key with a peer. The channel that results will decrypt and verify a stream of data.
Remarks:
Parameters:
Returns:
Method CICM::Decrypt::ChannelManager::negotiate_decrypt_controller()
CICM::Status negotiate_decrypt_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey key_ref, out CICM::Decrypt::ControllerNegotiator negotiator_ref );
Initiate a negotiation to establish a shared key with a peer, resulting in a controller to manage a decryption channel.
Parameters:
Returns:
Method CICM::Decrypt::ChannelManager::create_decrypt_conduit()
CICM::Status create_decrypt_conduit( in CICM::RemotePort remote_port, in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::Decrypt::Conduit conduit_ref );
Create channel to decrypt a stream of data.
Parameters:
Returns:
Method CICM::Decrypt::ChannelManager::create_decrypt_with_mac_conduit()
CICM::Status create_decrypt_with_mac_conduit( in CICM::RemotePort remote_port, in CICM::SymKey verify_key_ref, in CICM::SymKey decrypt_key_ref, in CICM::SymMacAlgorithmId verify_algorithm, in CICM::SymEncrAlgorithmId decrypt_algorithm, out CICM::Decrypt::WithMACConduit conduit_ref );
Create channel to MAC verify and decrypt a stream of data.
Parameters:
Returns:
Method CICM::Decrypt::ChannelManager::create_decrypt_with_verify_conduit()
CICM::Status create_decrypt_with_verify_conduit( in CICM::RemotePort remote_port, in CICM::AsymKey verify_key_ref, in CICM::SymKey decrypt_key_ref, in CICM::AsymSigAlgorithmId verify_algorithm, in CICM::SymEncrAlgorithmId decrypt_algorithm, out CICM::Decrypt::WithVerifyConduit conduit_ref );
Create channel to verify and decrypt a stream of data.
Parameters:
Returns:
Method CICM::Decrypt::ChannelManager::create_key_unwrap_conduit()
CICM::Status create_key_unwrap_conduit( in CICM::RemotePort remote_port, in CICM::SymKey kek_ref, in CICM::KeyWrapAlgorithmId algorithm, out CICM::Decrypt::KeyUnwrapConduit conduit_ref );
Create channel to unwrap a key. This type of channel may be used to bulk unwrap key material originating at a key infrastructure component or from a peer cryptographic module. Note that, to unwrap individual keys already in the module, use CICM::Symkey::unwrap or CICM::Asymkey::unwrap.
Parameters:
Returns:
Method CICM::Decrypt::ChannelManager::create_decrypt_controller()
CICM::Status create_decrypt_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::Decrypt::Controller controller_ref );
Create controller to configure and control an decryption channel.
Remarks:
Parameters:
Returns:
Method CICM::Decrypt::ChannelManager::get_decrypt_stream()
CICM::Status get_decrypt_stream( in CICM::LocalPort local_port, out CICM::Decrypt::Stream stream_ref );
Create stream associated with previously created controller to receive transformed data.
Parameters:
Returns:
Interface CICM::Decrypt::Stream
interface Stream : CICM::ReadStream {
CICM::Decrypt::Stream supports decryption operations between two independent security domains. The resulting stream is capable of accepting transformed data, but not managing the channel. It is created by calling CICM::ChannelManager::get_decrypt_stream.
CICM::Decrypt::Stream inherits from: CICM::ReadStream.
Method CICM::Decrypt::Stream::decrypt()
CICM::Status decrypt( out CICM::Buffer buffer );
Read plaintext data off of decrypt channel stream. The method blocks until data becomes available.
Parameters:
Returns:
Method CICM::Decrypt::Stream::decrypt_non_blocking()
CICM::Status decrypt_non_blocking( out CICM::Buffer buffer, in CICM::TransId transaction_id );
Registers a buffer into which plaintext resulting from the decryption operation will be copied, and then immediately returns control to the caller. The size of the allocated buffer and length of the resulting plaintext is encapsulated in the buffer parameter. The caller may use the CICM::Decrypt::Stream::decrypt_poll method to proactively poll the channel to determine the status of the operation. The caller is responsible for maintaining any necessary metadata associated with the transaction_id parameter. Memory responsibilities and calling conventions shall follow the appropriate IDL language mapping conventions.
Parameters:
Returns:
Method CICM::Decrypt::Stream::decrypt_poll()
CICM::Status decrypt_poll( in CICM::TransId transaction_id, out CICM::ReadStream::ReadStatus status );
Returns the status of the non-blocking decryption operation specified by the transaction_id parameter. Upon completion of the operation, the caller must use the metadata associated with the transaction_id parameter to determine which buffer has been populated. Memory responsibilities and calling conventions shall follow the appropriate IDL language mapping conventions.
Parameters:
Returns:
Interface CICM::Decrypt::KeyUnwrapStream
interface KeyUnwrapStream : CICM::Stream {
CICM::Decrypt::KeyUnwrapStream is an abstraction that allows unwrapped key material received from another domain to be retrieved.
CICM::Decrypt::KeyUnwrapStream inherits from: CICM::Stream.
Method CICM::Decrypt::KeyUnwrapStream::unwrap_sym_key()
CICM::Status unwrap_sym_key( out CICM::SymKey key_ref );
Read one unwrapped symmetric key off of channel stream and return a reference to the key. The method blocks until a key becomes available.
Parameters:
Returns:
Method CICM::Decrypt::KeyUnwrapStream::unwrap_asym_key()
CICM::Status unwrap_asym_key( out CICM::AsymKey key_ref );
Read one unwrapped asymmetric key off of channel stream and return a reference to the key. The method blocks until a key becomes available.
Parameters:
Returns:
Interface CICM::Decrypt::Controller
interface Controller :
CICM::MultiDomainController,
CICM::SymKeyController,
CICM::SetVectorController,
CICM::ResyncController {
CICM::Decrypt::Controller supports decryption operations between two independent security domains. The resulting controller is capable of managing the channel, but not accepting transformed data. It is created by calling CICM::ChannelManager::create_decrypt_controller.
CICM::Decrypt::Controller inherits from: CICM::MultiDomainController, CICM::SymKeyController, CICM::SetVectorController and CICM::ResyncController.
Interface CICM::Decrypt::NegotiatedController
interface NegotiatedController :
CICM::NegotiatedController,
CICM::SetVectorController,
CICM::ResyncController {
CICM::Decrypt::NegotiatedController is the negotiated version of CICM::Decrypt::Controller. It is the result of a successful negotiation by CICM::Decrypt::ControllerNegotiator.
CICM::Decrypt::NegotiatedController inherits from: CICM::NegotiatedController, CICM::SetVectorController and CICM::ResyncController.
Interface CICM::Decrypt::Conduit
interface Conduit :
CICM::Conduit,
CICM::Decrypt::Controller,
CICM::Decrypt::Stream {
CICM::Decrypt::Conduit supports decryption operations between two independent security domains. The resulting conduit is capable of both managing the channel and accepting transformed data. It is created by calling CICM::ChannelManager::create_decrypt_conduit.
CICM::Decrypt::Conduit inherits from: CICM::Conduit, CICM::Decrypt::Controller and CICM::Decrypt::Stream.
Interface CICM::Decrypt::NegotiatedConduit
interface NegotiatedConduit :
CICM::Conduit,
CICM::Decrypt::NegotiatedController,
CICM::Decrypt::Stream {
CICM::Decrypt::NegotiatedConduit is the negotiated version of CICM::Decrypt::Conduit. It is the result of a successful negotiation by CICM::Decrypt::Negotiator.
CICM::Decrypt::NegotiatedConduit inherits from: CICM::Conduit, CICM::Decrypt::NegotiatedController and CICM::Decrypt::Stream.
Interface CICM::Decrypt::WithMACConduit
interface WithMACConduit :
CICM::AbstractMACVerifyConduit,
CICM::Decrypt::Conduit {
CICM::Decrypt::WithMACConduit supports decryption operations between two independent security domains with the receipt of an indication as to whether MAC verification succeeded or failed in the initiating domain. The resulting conduit is capable of both managing the channel and accepting data for transformation. It is created by calling CICM::ChannelManager::create_decrypt_with_mac_conduit.
CICM::Decrypt::WithMACConduit inherits from: CICM::AbstractMACVerifyConduit and CICM::Decrypt::Conduit.
Interface CICM::Decrypt::WithMACNegotiatedConduit
interface WithMACNegotiatedConduit :
CICM::AbstractMACVerifyConduit,
CICM::Decrypt::NegotiatedConduit {
CICM::Decrypt::WithMACNegotiatedConduit is the negotiated version of CICM::Decrypt::WithMACConduit. It is the result of a successful negotiation by CICM::Decrypt::WithMACNegotiator.
CICM::Decrypt::WithMACNegotiatedConduit inherits from: CICM::AbstractMACVerifyConduit and CICM::Decrypt::NegotiatedConduit.
Interface CICM::Decrypt::WithVerifyConduit
interface WithVerifyConduit :
CICM::AbstractSigVerifyConduit,
CICM::Decrypt::Conduit {
CICM::Decrypt::WithVerifyConduit supports decryption operations between two independent security domains with the receipt of an indication as to whether signature verification succeeded or failed in the initiating domain. The resulting conduit is capable of both managing the channel and accepting transformed data. It is created by calling CICM::ChannelManager::create_decrypt_with_verify_conduit.
CICM::Decrypt::WithVerifyConduit inherits from: CICM::AbstractSigVerifyConduit and CICM::Decrypt::Conduit.
Interface CICM::Decrypt::WithVerifyNegotiatedConduit
interface WithVerifyNegotiatedConduit :
CICM::AbstractSigVerifyConduit,
CICM::Decrypt::NegotiatedConduit {
CICM::Decrypt::WithVerifyNegotiatedConduit is the negotiated version of CICM::Decrypt::WithVerifyConduit. It is the result of a successful negotiation by CICM::Decrypt::WithVerifyNegotiator.
CICM::Decrypt::WithVerifyNegotiatedConduit inherits from: CICM::AbstractSigVerifyConduit and CICM::Decrypt::NegotiatedConduit.
Interface CICM::Decrypt::KeyUnwrapConduit
interface KeyUnwrapConduit :
CICM::Decrypt::Controller,
CICM::Decrypt::KeyUnwrapStream {
CICM::Decrypt::KeyUnwrapConduit supports key unwrapping operations between two independent security domains. The resulting conduit is capable of both managing the channel and accepting transformed keys. It is created by calling CICM::ChannelManager::create_key_unwrap_conduit.
CICM::Decrypt::KeyUnwrapConduit inherits from: CICM::Decrypt::Controller and CICM::Decrypt::KeyUnwrapStream.
Interface CICM::Decrypt::Negotiator
interface Negotiator : CICM::Negotiator {
CICM::Decrypt::Negotiator initiates a negotiation to establish a shared key with a remote entity that is used to support encryption operations between two independent security domains. The result of a successful negotiation is a CICM::Decrypt::NegotiatedConduit which is capable of both managing the channel and accepting data for transformation. CICM::Decrypt::Negotiator is created by calling CICM::ChannelManager::negotiate_decrypt_conduit.
CICM::Decrypt::Negotiator inherits from: CICM::Negotiator.
Method CICM::Decrypt::Negotiator::complete()
CICM::Status complete( out CICM::Decrypt::NegotiatedConduit conduit_ref );
Complete negotiation and retrieve a negotiated decrypt conduit.
Parameters:
Returns:
Interface CICM::Decrypt::ControllerNegotiator
interface ControllerNegotiator : CICM::Negotiator {
CICM::Decrypt::ControllerNegotiator initiates a negotiation to establish a shared key with a remote entity that is used to support decryption operations between two independent security domains. The result of a successful negotiation is a CICM::Decrypt::NegotiatedController which is capable of managing the channel, but not accepting data for transformation. CICM::Decrypt::ControllerNegotiator is created by calling CICM::ChannelManager::negotiate_decrypt_controller.
CICM::Decrypt::ControllerNegotiator inherits from: CICM::Negotiator.
Method CICM::Decrypt::ControllerNegotiator::complete()
CICM::Status complete( out CICM::Decrypt::NegotiatedController controller_ref );
Complete negotiation and retrieve a negotiated control-only decrypt channel.
Parameters:
Returns:
Interface CICM::Decrypt::WithMACNegotiator
interface WithMACNegotiator : CICM::Negotiator {
CICM::Decrypt::WithMACNegotiator initiates a negotiation to establish a shared key with a remote entity that is used to support decryption operations between two independent security domains. Additionally, a message authentication code is received in the initiating domain. The result of a successful negotiation is a CICM::Decrypt::WithMACNegotiatedConduit which is capable of both managing the channel and accepting data for transformation. CICM::Decrypt::WithMACNegotiator is created by calling CICM::ChannelManager::negotiate_decrypt_with_mac_conduit.
CICM::Decrypt::WithMACNegotiator inherits from: CICM::Negotiator.
Method CICM::Decrypt::WithMACNegotiator::complete()
CICM::Status complete( out CICM::Decrypt::WithMACNegotiatedConduit conduit_ref );
Complete negotiation and retrieve a negotiated MAC verify decrypt conduit.
Parameters:
Returns:
Interface CICM::Decrypt::WithVerifyNegotiator
interface WithVerifyNegotiator : CICM::Negotiator {
CICM::Decrypt::WithVerifyNegotiator initiates a negotiation to establish a shared key with a remote entity that is used to support decryption operations between two independent security domains. Additionally, an indication as to whether verification succeeded or failed is received in the initiating domain. The result of a successful negotiation is a CICM::Decrypt::WithVerifyNegotiatedConduit which is capable of both managing the channel and accepting data for transformation. CICM::Decrypt::WithVerifyNegotiator is created by calling CICM::ChannelManager::negotiate_decrypt_with_verify_conduit.
CICM::Decrypt::WithVerifyNegotiator inherits from: CICM::Negotiator.
Method CICM::Decrypt::WithVerifyNegotiator::complete()
CICM::Status complete( out CICM::Decrypt::WithVerifyNegotiatedConduit conduit_ref );
Complete negotiation and retrieve a negotiated verify and decrypt conduit.
Parameters:
Returns:
Namespace CICM::Duplex
module Duplex {
The CICM::Duplex namespace contains interfaces that support encryption/decryption operations between two independent security domains.
Interface CICM::Duplex::ChannelManager
interface ChannelManager {
CICM::Duplex::ChannelManager is an abstraction inherited by CICM::ChannelManager that supports the creation of encryption/decryption negotiators, conduits, controllers, and streams. See CICM::ChannelManager for additional information.
Method CICM::Duplex::ChannelManager::negotiate_duplex_conduit()
CICM::Status negotiate_duplex_conduit( in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey key_ref, out CICM::Duplex::Negotiator negotiator_ref );
Initiate a negotiation to establish a shared key with a peer, resulting in a conduit that results will encrypt/decrypt data.
Parameters:
Returns:
Method CICM::Duplex::ChannelManager::negotiate_duplex_controller()
CICM::Status negotiate_duplex_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey key_ref, out CICM::Duplex::ControllerNegotiator negotiator_ref );
Initiate a negotiation to establish a shared key with a peer, resulting in a controller to manage a duplex channel.
Parameters:
Returns:
Method CICM::Duplex::ChannelManager::create_duplex_conduit()
CICM::Status create_duplex_conduit( in CICM::RemotePort remote_port, in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::Duplex::Conduit conduit_ref );
Create duplex channel to encrypt/decrypt a stream of data.
Parameters:
Returns:
Method CICM::Duplex::ChannelManager::create_duplex_controller()
CICM::Status create_duplex_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::Duplex::Controller controller_ref );
Create controller to configure and control a duplex channel.
Remarks:
Parameters:
Returns:
Method CICM::Duplex::ChannelManager::get_duplex_stream()
CICM::Status get_duplex_stream( in CICM::LocalPort local_port, out CICM::Duplex::Stream stream_ref );
Create stream associated with previously created controller to accept data for transformation.
Parameters:
Returns:
Interface CICM::Duplex::Stream
interface Stream :
CICM::Encrypt::Stream,
CICM::Decrypt::Stream {
CICM::Duplex::Stream supports encryption/decryption operations between two independent security domains. The resulting stream is capable of accepting data for transformation and receiving transformed data, but not managing the channel. It is created by calling CICM::ChannelManager::get_duplex_stream.
CICM::Duplex::Stream inherits from: CICM::Encrypt::Stream and CICM::Decrypt::Stream.
Interface CICM::Duplex::Controller
interface Controller :
CICM::Encrypt::Controller,
CICM::Decrypt::Controller {
CICM::Duplex::Controller supports encryption/decryption operations between two independent security domains. The resulting controller is capable of managing the channel, but not accepting data for transformation and receiving transformed data. It is created by calling CICM::ChannelManager::create_duplex_controller.
CICM::Duplex::Controller inherits from: CICM::Encrypt::Controller and CICM::Decrypt::Controller.
Interface CICM::Duplex::NegotiatedController
interface NegotiatedController :
CICM::Encrypt::NegotiatedController,
CICM::Decrypt::NegotiatedController {
CICM::Duplex::NegotiatedController is the negotiated version of CICM::Duplex::Controller. It is the result of a successful negotiation by CICM::Duplex::ControllerNegotiator.
CICM::Duplex::NegotiatedController inherits from: CICM::Encrypt::NegotiatedController and CICM::Decrypt::NegotiatedController.
Interface CICM::Duplex::Conduit
interface Conduit :
CICM::Conduit,
CICM::Duplex::Controller,
CICM::Duplex::Stream {
CICM::Duplex::Conduit supports encryption/decryption operations between two independent security domains. The resulting conduit is capable of both managing the channel and accepting data for transformation and receiving transformed data. It is created by calling CICM::ChannelManager::create_duplex_conduit.
CICM::Duplex::Conduit inherits from: CICM::Conduit, CICM::Duplex::Controller and CICM::Duplex::Stream.
Interface CICM::Duplex::NegotiatedConduit
interface NegotiatedConduit :
CICM::Duplex::NegotiatedController,
CICM::Duplex::Stream {
CICM::Duplex::NegotiatedConduit is the negotiated version of CICM::Duplex::Conduit. It is the result of a successful negotiation by CICM::Duplex::Negotiator.
CICM::Duplex::NegotiatedConduit inherits from: CICM::Duplex::NegotiatedController and CICM::Duplex::Stream.
Interface CICM::Duplex::ControllerNegotiator
interface ControllerNegotiator : CICM::Negotiator {
CICM::Duplex::ControllerNegotiator initiates a negotiation to establish a shared key with a remote entity that is used to support encryption/decryption operations between two independent security domains. The result of a successful negotiation is a CICM::Duplex::NegotiatedController which is capable of managing the channel, but not accepting data for transformation. CICM::Duplex::ControllerNegotiator is created by calling CICM::ChannelManager::negotiate_duplex_controller.
CICM::Duplex::ControllerNegotiator inherits from: CICM::Negotiator.
Method CICM::Duplex::ControllerNegotiator::complete()
CICM::Status complete( out CICM::Duplex::NegotiatedController controller_ref );
Complete negotiation and retrieve a negotiated control-only duplex conduit.
Parameters:
Returns:
Interface CICM::Duplex::Negotiator
interface Negotiator : CICM::Negotiator {
CICM::Duplex::Negotiator initiates a negotiation to establish a shared key with a remote entity that is used to support encryption/decryption operations between two independent security domains. The result of a successful negotiation is a CICM::Duplex::NegotiatedConduit which is capable of both managing the channel and accepting data for transformation. CICM::Duplex::Negotiator is created by calling CICM::ChannelManager::negotiate_duplex_conduit.
CICM::Duplex::Negotiator inherits from: CICM::Negotiator.
Method CICM::Duplex::Negotiator::complete()
CICM::Status complete( out CICM::Duplex::NegotiatedConduit conduit_ref );
Complete negotiation and retrieve a negotiated duplex channel.
Parameters:
Returns:
Namespace CICM::BypassWrite
module BypassWrite {
The CICM::BypassWrite namespace contains channels that support full bypass write operations between two independent security domains.
Interface CICM::BypassWrite::ChannelManager
interface ChannelManager {
CICM::BypassWrite::ChannelManager is an abstraction inherited by CICM::ChannelManager that supports the creation of full bypass conduits, controllers, and streams for writing. See CICM::ChannelManager for additional information.
Method CICM::BypassWrite::ChannelManager::create_bypass_write_conduit()
CICM::Status create_bypass_write_conduit( in CICM::RemotePort remote_port, out CICM::BypassWrite::Conduit conduit_ref );
Creates a conduit to write bypass data.
Parameters:
Returns:
Method CICM::BypassWrite::ChannelManager::create_bypass_write_controller()
CICM::Status create_bypass_write_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, out CICM::BypassWrite::Controller controller_ref );
Returns the controller of a channel that writes bypass data.
Remarks:
See also:
Parameters:
Returns:
Method CICM::BypassWrite::ChannelManager::get_bypass_write_stream()
CICM::Status get_bypass_write_stream( in CICM::LocalPort local_port, out CICM::BypassWrite::Stream stream_ref );
Returns the stream corresponding to a pre-existing controller on the given local port.
See also:
Parameters:
Returns:
Interface CICM::BypassWrite::Stream
interface Stream : CICM::WriteStream {
CICM::BypassWrite::Stream supports full bypass between two independent security domains. The resulting stream is capable of accepting data for bypass, but not managing the channel. It is created by calling CICM::ChannelManager::get_bypass_write_stream.
CICM::BypassWrite::Stream inherits from: CICM::WriteStream.
Method CICM::BypassWrite::Stream::write_bypass()
CICM::Status write_bypass( in CICM::Buffer buffer );
Write bypass data to a channel stream. The method blocks until the data has been sent.
Parameters:
Returns:
Method CICM::BypassWrite::Stream::write_bypass_non_blocking()
CICM::Status write_bypass_non_blocking( in CICM::Buffer buffer, in CICM::TransId transaction_id );
Registers a buffer of data to be sent to the module for bypass and then immediately returns control to the caller. The length of the data is encapsulated in the buffer parameter. The caller may use the CICM::BypassWrite::Stream::write_bypass_poll method to proactively poll the channel to determine the status of the operation. The caller is responsible for maintaining any necessary metadata associated with the transaction_id parameter. Memory responsibilities and calling conventions shall follow the appropriate IDL language mapping conventions.
Parameters:
Returns:
Method CICM::BypassWrite::Stream::write_bypass_poll()
CICM::Status write_bypass_poll( in CICM::TransId transaction_id, out CICM::WriteStream::WriteStatus status );
Returns the status of the non-blocking bypass operation specified by the transaction_id parameter. Memory responsibilities and calling conventions shall follow the appropriate IDL language mapping conventions.
Parameters:
Returns:
Interface CICM::BypassWrite::Controller
interface Controller : CICM::MultiDomainController {};
CICM::BypassWrite::Controller supports full bypass between two independent security domains. The resulting controller is capable of managing the channel, but not accepting data for bypass. It is created by calling CICM::ChannelManager::create_bypass_write_controller.
CICM::BypassWrite::Controller inherits from: CICM::MultiDomainController.
Interface CICM::BypassWrite::Conduit
interface Conduit :
CICM::Conduit,
CICM::BypassWrite::Controller,
CICM::BypassWrite::Stream {
CICM::BypassWrite::Conduit supports full bypass between two security domains. The resulting conduit is capable of both managing the channel and accepting data for bypass. It is created by calling CICM::ChannelManager::create_bypass_write_conduit.
CICM::BypassWrite::Conduit inherits from: CICM::Conduit, CICM::BypassWrite::Controller and CICM::BypassWrite::Stream.
Namespace CICM::BypassRead
module BypassRead {
The CICM::BypassRead namespace contains channels that support full bypass read operations between two independent security domains.
Interface CICM::BypassRead::ChannelManager
interface ChannelManager {
CICM::BypassRead::ChannelManager is an abstraction inherited by CICM::ChannelManager that supports the creation of full bypass conduits, controllers, and streams for reading. See CICM::ChannelManager for additional information.
Method CICM::BypassRead::ChannelManager::create_bypass_read_conduit()
CICM::Status create_bypass_read_conduit( in CICM::RemotePort remote_port, out CICM::BypassRead::Conduit conduit_ref );
Creates a conduit to read bypass data.
Parameters:
Returns:
Method CICM::BypassRead::ChannelManager::create_bypass_read_controller()
CICM::Status create_bypass_read_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, out CICM::BypassRead::Controller controller_ref );
Returns the controller of a channel that reads bypass data.
Remarks:
See also:
Parameters:
Returns:
Method CICM::BypassRead::ChannelManager::get_bypass_read_stream()
CICM::Status get_bypass_read_stream( in CICM::LocalPort local_port, out CICM::BypassRead::Stream stream_ref );
Returns the stream corresponding to a pre-existing controller on the given local port.
See also:
Parameters:
Returns:
Interface CICM::BypassRead::Stream
interface Stream : CICM::ReadStream {
CICM::BypassRead::Stream supports full bypass between two independent security domains. The resulting stream is capable of accepting bypassed data, but not managing the channel. It is created by calling CICM::ChannelManager::get_bypass_read_stream.
CICM::BypassRead::Stream inherits from: CICM::ReadStream.
Method CICM::BypassRead::Stream::read_bypass()
CICM::Status read_bypass( out CICM::Buffer buffer );
Read bypass data off of channel stream. The method blocks until data becomes available.
Parameters:
Returns:
Method CICM::BypassRead::Stream::read_bypass_non_blocking()
CICM::Status read_bypass_non_blocking( out CICM::Buffer buffer, in CICM::TransId transaction_id );
Registers a buffer into which bypass data will be copied, and then immediately returns control to the caller. The size of the allocated buffer and length of the resulting bypassed data is encapsulated in the buffer parameter. The caller may use the CICM::BypassRead::Stream::read_bypass_poll method to proactively poll the channel to determine the status of the operation. The caller is responsible for maintaining any necessary metadata associated with the transaction_id parameter. Memory responsibilities and calling conventions shall follow the appropriate IDL language mapping conventions.
Parameters:
Returns:
Method CICM::BypassRead::Stream::read_bypass_poll()
CICM::Status read_bypass_poll( in CICM::TransId transaction_id, out CICM::ReadStream::ReadStatus status );
Returns the status of the non-blocking bypass operation specified by the transaction_id parameter. Upon completion of the operation, the caller must use the metadata associated with the transaction_id parameter to determine which buffer has been populated. Memory responsibilities and calling conventions shall follow the appropriate IDL language mapping conventions.
Parameters:
Returns:
Interface CICM::BypassRead::Controller
interface Controller : CICM::MultiDomainController {};
CICM::BypassRead::Controller supports full bypass between two independent security domains. The resulting controller is capable of managing the channel, but not accepting bypassed data. It is created by calling CICM::ChannelManager::create_bypass_read_controller.
CICM::BypassRead::Controller inherits from: CICM::MultiDomainController.
Interface CICM::BypassRead::Conduit
interface Conduit :
CICM::Conduit,
CICM::BypassRead::Controller,
CICM::BypassRead::Stream {
CICM::BypassRead::Conduit supports full bypass between two independent security domains. The resulting conduit is capable of both managing the channel and accepting bypassed data. It is created by calling CICM::ChannelManager::create_bypass_read_conduit.
CICM::BypassRead::Conduit inherits from: CICM::Conduit, CICM::BypassRead::Controller and CICM::BypassRead::Stream.
Namespace CICM::EncryptBypass
module EncryptBypass {
The CICM::EncryptBypass namespace contains interfaces that support encryption with selective bypass operations between two indepenent security domains.
Interface CICM::EncryptBypass::ChannelManager
interface ChannelManager {
CICM::EncryptBypass::ChannelManager is an abstraction inherited by CICM::ChannelManager that supports the creation of encryption with selective bypass negotiators, conduits, controllers, and streams. See CICM::ChannelManager for additional information.
Remarks:
Method CICM::EncryptBypass::ChannelManager::negotiate_encrypt_bypass_conduit()
CICM::Status negotiate_encrypt_bypass_conduit( in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey key_ref, out CICM::EncryptBypass::Negotiator negotiator_ref );
Initiate a negotiation to establish a shared key with a peer. The channel that results will selectively encrypt or bypass a stream of data.
Parameters:
Returns:
Method CICM::EncryptBypass::ChannelManager::negotiate_encrypt_bypass_controller()
CICM::Status negotiate_encrypt_bypass_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey key_ref, out CICM::EncryptBypass::ControllerNegotiator negotiator_ref );
Initiate a negotiation to establish a shared key with a peer, resulting in a controller to manage an encrypt with bypass channel.
Parameters:
Returns:
Method CICM::EncryptBypass::ChannelManager::create_encrypt_bypass_conduit()
CICM::Status create_encrypt_bypass_conduit( in CICM::RemotePort remote_port, in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::EncryptBypass::Conduit conduit_ref );
Create conduit to selectively encrypt or bypass a stream of data.
Parameters:
Returns:
Method CICM::EncryptBypass::ChannelManager::create_encrypt_bypass_controller()
CICM::Status create_encrypt_bypass_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::EncryptBypass::Controller controller_ref );
Create controller to configure and control an encrypt with bypass channel.
Remarks:
Parameters:
Returns:
Method CICM::EncryptBypass::ChannelManager::get_encrypt_bypass_stream()
CICM::Status get_encrypt_bypass_stream( in CICM::LocalPort local_port, out CICM::EncryptBypass::Stream stream_ref );
Create stream associated with previously created controller to accept data for transformation.
Parameters:
Returns:
Interface CICM::EncryptBypass::Stream
interface Stream :
CICM::Encrypt::Stream,
CICM::BypassWrite::Stream {
CICM::EncryptBypass::Stream supports encryption and selective bypass operations between two independent security domains. The resulting stream is capable of accepting data for transformation, but not managing the channel. It is created by calling CICM::ChannelManager::get_encrypt_bypass_stream.
CICM::EncryptBypass::Stream inherits from: CICM::Encrypt::Stream and CICM::BypassWrite::Stream.
Interface CICM::EncryptBypass::NegotiatedController
interface NegotiatedController : CICM::Encrypt::NegotiatedController {};
CICM::EncryptBypass::NegotiatedController is the negotiated version of CICM::EncryptBypass::Controller. It is the result of a successful negotiation by CICM::EncryptBypass::ControllerNegotiator.
CICM::EncryptBypass::NegotiatedController inherits from: CICM::Encrypt::NegotiatedController.
Interface CICM::EncryptBypass::Controller
interface Controller : CICM::Encrypt::Controller {};
CICM::EncryptBypass::Controller supports encryption and selective bypass operations between two independent security domains. The resulting controller is capable of managing the channel, but not accepting data for transformation/bypass. It is created by calling CICM::ChannelManager::create_encrypt_bypass_controller.
CICM::EncryptBypass::Controller inherits from: CICM::Encrypt::Controller.
Interface CICM::EncryptBypass::Conduit
interface Conduit :
CICM::Encrypt::Conduit,
CICM::EncryptBypass::Stream {
CICM::EncryptBypass::Conduit supports encryption and selective bypass operations between two independent security domains. The resulting conduit is capable of both managing the channel and accepting data for transformation/bypass. It is created by calling CICM::ChannelManager::create_encrypt_bypass_conduit.
CICM::EncryptBypass::Conduit inherits from: CICM::Encrypt::Conduit and CICM::EncryptBypass::Stream.
Interface CICM::EncryptBypass::NegotiatedConduit
interface NegotiatedConduit :
CICM::Encrypt::NegotiatedController,
CICM::EncryptBypass::Stream {
CICM::EncryptBypass::NegotiatedConduit is the negotiated version of CICM::EncryptBypass::Conduit. It is the result of a successful negotiation by CICM::EncryptBypass::Negotiator.
CICM::EncryptBypass::NegotiatedConduit inherits from: CICM::Encrypt::NegotiatedController and CICM::EncryptBypass::Stream.
Interface CICM::EncryptBypass::ControllerNegotiator
interface ControllerNegotiator : CICM::Negotiator {
CICM::EncryptBypass::ControllerNegotiator initiates a negotiation to establish a shared key with a remote entity that is used to support encryption and selective bypass operations between two independent security domains. The result of a successful negotiation is a CICM::EncryptBypass::NegotiatedController which is capable of managing the channel, but not accepting data for transformation/bypass. CICM::EncryptBypass::ControllerNegotiator is created by calling CICM::ChannelManager::negotiate_encrypt_bypass_controller.
CICM::EncryptBypass::ControllerNegotiator inherits from: CICM::Negotiator.
Method CICM::EncryptBypass::ControllerNegotiator::complete()
CICM::Status complete( out CICM::EncryptBypass::NegotiatedController controller_ref );
Complete negotiation and retrieve a negotiated encrypt bypass control-only channel.
Parameters:
Returns:
Interface CICM::EncryptBypass::Negotiator
interface Negotiator : CICM::Negotiator {
CICM::EncryptBypass::Negotiator initiates a negotiation to establish a shared key with a remote entity that is used to support encryption and bypass operations between two independent security domains. Additionally, selective bypass is supported on the same conduit. The result of a successful negotiation is a CICM::EncryptBypass::NegotiatedConduit which is capable of both managing the channel and accepting data for transformation/bypass. CICM::EncryptBypass::Negotiator is created by calling CICM::ChannelManager::negotiate_encrypt_bypass_conduit.
CICM::EncryptBypass::Negotiator inherits from: CICM::Negotiator.
Method CICM::EncryptBypass::Negotiator::complete()
CICM::Status complete( out CICM::EncryptBypass::NegotiatedConduit conduit_ref );
Complete negotiation and retrieve a negotiated encrypt bypass conduit.
Parameters:
Returns:
Namespace CICM::DecryptBypass
module DecryptBypass {
The CICM::DecryptBypass namespace contains interfaces that support decryption with selective bypass operations between two independent security domains.
Interface CICM::DecryptBypass::ChannelManager
interface ChannelManager {
CICM::DecryptBypass::ChannelManager is an abstraction inherited by CICM::ChannelManager that supports the creation of decryption with selective bypass negotiators, conduits, controllers, and streams. See CICM::ChannelManager for additional information.
Remarks:
Method CICM::DecryptBypass::ChannelManager::negotiate_decrypt_bypass_conduit()
CICM::Status negotiate_decrypt_bypass_conduit( in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey key_ref, out CICM::DecryptBypass::Negotiator negotiator_ref );
Initiate a negotiation to establish a shared key with a peer. The channel that results will selectively decrypt or bypass a stream of data.
Parameters:
Returns:
Method CICM::DecryptBypass::ChannelManager::negotiate_decrypt_bypass_controller()
CICM::Status negotiate_decrypt_bypass_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey key_ref, out CICM::DecryptBypass::ControllerNegotiator negotiator_ref );
Initiate a negotiation to establish a shared key with a peer, resulting in a controller to manage a decrypt with bypass channel.
Parameters:
Returns:
Method CICM::DecryptBypass::ChannelManager::create_decrypt_bypass_conduit()
CICM::Status create_decrypt_bypass_conduit( in CICM::RemotePort remote_port, in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::DecryptBypass::Conduit conduit_ref );
Create conduit to selectively decrypt or bypass a stream of data.
Remarks:
Parameters:
Returns:
Method CICM::DecryptBypass::ChannelManager::create_decrypt_bypass_controller()
CICM::Status create_decrypt_bypass_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::DecryptBypass::Controller controller_ref );
Create controller to configure and control a decrypt with bypass channel.
Remarks:
Parameters:
Returns:
Method CICM::DecryptBypass::ChannelManager::get_decrypt_bypass_stream()
CICM::Status get_decrypt_bypass_stream( in CICM::LocalPort local_port, out CICM::DecryptBypass::Stream stream_ref );
Create stream associated with previously created controller to receive transformed data.
Remarks:
Parameters:
Returns:
Interface CICM::DecryptBypass::Stream
interface Stream : CICM::Decrypt::Stream {};
CICM::DecryptBypass::Stream supports decryption and selective bypass operations between two independent security domains. The resulting stream is capable of accepting transformed/bypassed data, but not managing the channel. It is created by calling CICM::ChannelManager::get_decrypt_bypass_stream.
Remarks:
CICM::DecryptBypass::Stream inherits from: CICM::Decrypt::Stream.
Interface CICM::DecryptBypass::Controller
interface Controller : CICM::Decrypt::Controller {
CICM::DecryptBypass::Controller supports decryption and selective bypass operations between two independent security domains. The resulting controller is capable of managing the channel, but not accepting transformed/bypassed data. It is created by calling CICM::ChannelManager::create_decrypt_bypass_controller.
CICM::DecryptBypass::Controller inherits from: CICM::Decrypt::Controller.
Interface CICM::DecryptBypass::NegotiatedController
interface NegotiatedController : CICM::Decrypt::NegotiatedController {
CICM::DecryptBypass::NegotiatedController is the negotiated version of CICM::DecryptBypass::Controller. It is the result of a successful negotiation by CICM::DecryptBypass::ControllerNegotiator.
CICM::DecryptBypass::NegotiatedController inherits from: CICM::Decrypt::NegotiatedController.
Interface CICM::DecryptBypass::Conduit
interface Conduit :
CICM::Decrypt::Conduit,
CICM::DecryptBypass::Controller,
CICM::DecryptBypass::Stream {
CICM::DecryptBypass::Conduit supports decryption and selective bypass operations between two independent security domains. The resulting conduit is capable of both managing the channel and accepting transformed/bypassed data. It is created by calling CICM::ChannelManager::create_decrypt_bypass_conduit.
CICM::DecryptBypass::Conduit inherits from: CICM::Decrypt::Conduit, CICM::DecryptBypass::Controller and CICM::DecryptBypass::Stream.
Interface CICM::DecryptBypass::NegotiatedConduit
interface NegotiatedConduit :
CICM::Decrypt::NegotiatedConduit,
CICM::DecryptBypass::NegotiatedController,
CICM::DecryptBypass::Stream {
CICM::DecryptBypass::NegotiatedConduit is the negotiated version of CICM::DecryptBypass::Conduit. It is the result of a successful negotiation by CICM::DecryptBypass::Negotiator.
CICM::DecryptBypass::NegotiatedConduit inherits from: CICM::Decrypt::NegotiatedConduit, CICM::DecryptBypass::NegotiatedController and CICM::DecryptBypass::Stream.
Interface CICM::DecryptBypass::ControllerNegotiator
interface ControllerNegotiator : CICM::Negotiator {
CICM::DecryptBypass::ControllerNegotiator initiates a negotiation to establish a shared key with a remote entity that is used to support encryption and selective bypass operations between two independent security domains. The result of a successful negotiation is a CICM::DecryptBypass::NegotiatedController which is capable of managing the channel, but not accepting data for transformation. CICM::DecryptBypass::ControllerNegotiator is created by calling CICM::ChannelManager::negotiate_decrypt_bypass_controller.
CICM::DecryptBypass::ControllerNegotiator inherits from: CICM::Negotiator.
Method CICM::DecryptBypass::ControllerNegotiator::complete()
CICM::Status complete( out CICM::DecryptBypass::NegotiatedController controller_ref );
Complete negotiation and retrieve a negotiated control-only decrypt bypass channel.
Parameters:
Returns:
Interface CICM::DecryptBypass::Negotiator
interface Negotiator : CICM::Negotiator {
CICM::DecryptBypass::Negotiator initiates a negotiation to establish a shared key with a remote entity that is used to support encryption operations between two independent security domains. Additionally, selective bypass is supported on the same conduit. The result of a successful negotiation is a CICM::DecryptBypass::NegotiatedConduit which is capable of both managing the channel and accepting data for transformation. CICM::DecryptBypass::Negotiator is created by calling CICM::ChannelManager::negotiate_decrypt_bypass_conduit.
CICM::DecryptBypass::Negotiator inherits from: CICM::Negotiator.
Method CICM::DecryptBypass::Negotiator::complete()
CICM::Status complete( out CICM::DecryptBypass::NegotiatedConduit conduit_ref );
Complete negotiation and retrieve a negotiated decrypt bypass conduit.
Parameters:
Returns:
Namespace CICM::Emit
module Emit {
The CICM::Emit namespace contains interfaces that generate data originating in a cryptographic module such as random, pseudorandom, and keystream data.
Interface CICM::Emit::ChannelManager
interface ChannelManager {
CICM::Emit::ChannelManager is an abstraction inherited by CICM::ChannelManager that supports the creation of conduits and controllers to generate keystream, pseudorandom, and random data. See CICM::ChannelManager for additional information.
Method CICM::Emit::ChannelManager::create_key_stream_gen_controller()
CICM::Status create_key_stream_gen_controller( in CICM::RemotePort remote_port, in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::Emit::KeyStreamGenController controller_ref );
Create controller to generate keystream.
Parameters:
Returns:
Method CICM::Emit::ChannelManager::create_pseudorandom_controller()
CICM::Status create_pseudorandom_controller( in CICM::RemotePort remote_port, in CICM::SymKey seed, out CICM::Emit::PseudoRandomController controller_ref );
Create controller to generate pseudorandom data.
Parameters:
Returns:
Method CICM::Emit::ChannelManager::create_random_controller()
CICM::Status create_random_controller( in CICM::RemotePort remote_port, out CICM::Emit::RandomController controller_ref );
Create controller to generate random data.
Parameters:
Returns:
Method CICM::Emit::ChannelManager::create_key_stream_gen_conduit()
CICM::Status create_key_stream_gen_conduit( in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::Emit::KeyStreamGenConduit conduit_ref );
Create conduit to generate keystream.
Parameters:
Returns:
Method CICM::Emit::ChannelManager::create_pseudorandom_conduit()
CICM::Status create_pseudorandom_conduit( in CICM::SymKey seed, out CICM::Emit::PseudoRandomConduit conduit_ref );
Create conduit to generate pseudorandom data.
Parameters:
Returns:
Method CICM::Emit::ChannelManager::create_random_conduit()
CICM::Status create_random_conduit( out CICM::Emit::RandomConduit conduit_ref );
Create conduit to generate random data.
Parameters:
Returns:
Interface CICM::Emit::GetStream
interface GetStream : CICM::ReadStream {
CICM::Emit::GetStream is an abstraction inherited by conduits in the CICM::Emit namespace that allows data to be read from the stream.
CICM::Emit::GetStream inherits from: CICM::ReadStream.
Method CICM::Emit::GetStream::get()
CICM::Status get( in CICM::UInt32 length, out CICM::Buffer buffer );
Reads a buffer of data from the module. The method blocks until data becomes available.
Parameters:
Returns:
Method CICM::Emit::GetStream::get_non_blocking()
CICM::Status get_non_blocking( in CICM::UInt32 length, out CICM::Buffer buffer, in CICM::TransId transaction_id );
Registers a buffer into which transformed data will be copied, and then control immediately returns to the caller. The size of the allocated buffer and length of the resulting transformed data is encapsulated in the buffer parameter. The caller may use the CICM::Emit::GetStream::get_poll method to proactively poll the channel to determine the status of the operation. The caller is responsible for maintaining any necessary metadata associated with the transaction_id parameter. Memory responsibilities and calling conventions shall follow the appropriate IDL language mapping conventions.
Parameters:
Returns:
Method CICM::Emit::GetStream::get_poll()
CICM::Status get_poll( in CICM::TransId transaction_id, out CICM::ReadStream::ReadStatus status );
Returns the status of the non-blocking get operation specified by the transaction_id parameter. Upon completion of the operation, the caller must use the metadata associated with the transaction_id parameter to determine which buffer has been populated. Memory responsibilities and calling conventions shall follow the appropriate IDL language mapping conventions.
Parameters:
Returns:
Interface CICM::Emit::Controller
interface Controller : CICM::Controller {
CICM::Emit::Controller is an abstraction from which all other controllers in the CICM::Emit namespace inherit.
CICM::Emit::Controller inherits from: CICM::Controller.
AttributeCICM::Emit::Controller::remote_port
readonly attribute CICM::RemotePort remote_port;
The remote port associated with this controller.
Interface CICM::Emit::RandomController
interface RandomController : CICM::Emit::Controller {};
CICM::Emit::RandomController supports creating a channel to read random data from a module. The resulting controller is capable of managing the channel, but not reading random data. It is created by calling CICM::ChannelManager::create_random_controller.
CICM::Emit::RandomController inherits from: CICM::Emit::Controller.
Interface CICM::Emit::RandomConduit
interface RandomConduit :
CICM::Conduit,
CICM::Emit::GetStream {
CICM::Emit::RandomConduit supports reading random data from a module. The resulting conduit is capable of both managing the channel and reading random data. It is created by calling CICM::ChannelManager::create_random_conduit.
CICM::Emit::RandomConduit inherits from: CICM::Conduit and CICM::Emit::GetStream.
Interface CICM::Emit::PseudoRandomController
interface PseudoRandomController :
CICM::SymKeyController,
CICM::Emit::Controller {
CICM::Emit::PseudoRandomController supports creating a channel to read pseudorandom data from a module. The resulting controller is capable of managing the channel, but not reading pseudorandom data. It is created by calling CICM::ChannelManager::create_pseudorandom_controller.
CICM::Emit::PseudoRandomController inherits from: CICM::SymKeyController and CICM::Emit::Controller.
Interface CICM::Emit::PseudoRandomConduit
interface PseudoRandomConduit :
CICM::Conduit,
CICM::SymKeyController,
CICM::Emit::GetStream {
CICM::Emit::PseudoRandomConduit supports reading pseudorandom data from a module. The resulting conduit is capable of both managing the channel and reading pseudorandom data. It is created by calling CICM::ChannelManager::create_pseudorandom_conduit.
CICM::Emit::PseudoRandomConduit inherits from: CICM::Conduit, CICM::SymKeyController and CICM::Emit::GetStream.
Interface CICM::Emit::KeyStreamGenController
interface KeyStreamGenController :
CICM::SymKeyController,
CICM::GenVectorController,
CICM::Emit::Controller {
CICM::Emit::KeyStreamGenController supports creating a channel to read keystream from a module. The resulting controller is capable of managing the channel, but not reading keystream. It is created by calling CICM::ChannelManager::create_key_stream_gen_controller.
CICM::Emit::KeyStreamGenController inherits from: CICM::SymKeyController, CICM::GenVectorController and CICM::Emit::Controller.
Interface CICM::Emit::KeyStreamGenConduit
interface KeyStreamGenConduit :
CICM::Conduit,
CICM::SymKeyController,
CICM::GenVectorController,
CICM::Emit::GetStream {
CICM::Emit::KeyStreamGenConduit supports reading keystream from a module. The resulting conduit is capable of both managing the channel and reading keystream. It is created by calling CICM::ChannelManager::create_key_stream_gen_conduit.
CICM::Emit::KeyStreamGenConduit inherits from: CICM::Conduit, CICM::SymKeyController, CICM::GenVectorController and CICM::Emit::GetStream.
Namespace CICM::Answer
module Answer {
The CICM::Answer namespace contains interfaces that support cryptographic operations that return an "answer" such a hash or a signature within a single security domain.
Interface CICM::Answer::ChannelManager
interface ChannelManager {
CICM::Answer::ChannelManager is an abstraction inherited by CICM::ChannelManager that supports the creation of conduits to sign, MAC, and hash data. See CICM::ChannelManager for additional information.
Method CICM::Answer::ChannelManager::create_hash_conduit()
CICM::Status create_hash_conduit( in CICM::HashAlgorithmId algorithm, out CICM::Answer::HashConduit conduit_ref );
Create conduit to calculate and generate a hash value.
Parameters:
Returns:
Method CICM::Answer::ChannelManager::create_mac_conduit()
CICM::Status create_mac_conduit( in CICM::SymKey key_ref, in CICM::SymMacAlgorithmId algorithm, out CICM::Answer::MACConduit conduit_ref );
Create conduit to calculate and generate a MAC.
Parameters:
Returns:
Method CICM::Answer::ChannelManager::create_mac_verify_conduit()
CICM::Status create_mac_verify_conduit( in CICM::SymKey key_ref, in CICM::SymMacAlgorithmId algorithm, out CICM::Answer::MACVerifyConduit conduit_ref );
Create conduit to verify a MAC.
Parameters:
Returns:
Method CICM::Answer::ChannelManager::create_sign_conduit()
CICM::Status create_sign_conduit( in CICM::AsymKey key_ref, in CICM::AsymSigAlgorithmId algorithm, out CICM::Answer::SignConduit conduit_ref );
Create conduit to calculate and generate a signature.
Parameters:
Returns:
Method CICM::Answer::ChannelManager::create_sign_hash_conduit()
CICM::Status create_sign_hash_conduit( in CICM::AsymKey key_ref, in CICM::AsymSigAlgorithmId algorithm, out CICM::Answer::SignHashConduit conduit_ref );
Create conduit to calculate and generate a signature accepting a previously generated hash value as input.
Parameters:
Returns:
Method CICM::Answer::ChannelManager::create_verify_conduit()
CICM::Status create_verify_conduit( in CICM::AsymKey key_ref, in CICM::AsymSigAlgorithmId algorithm, out CICM::Answer::VerifyConduit conduit_ref );
Create conduit to verify a signature.
Parameters:
Returns:
Method CICM::Answer::ChannelManager::create_verify_hash_conduit()
CICM::Status create_verify_hash_conduit( in CICM::AsymKey key_ref, in CICM::AsymSigAlgorithmId algorithm, out CICM::Answer::VerifyHashConduit conduit_ref );
Create conduit to verify a signature accepting a previously generated hash value as input.
Parameters:
Returns:
Interface CICM::Answer::PutStream
interface PutStream : CICM::Stream {
A stream that can write data to a module.
CICM::Answer::PutStream inherits from: CICM::Stream.
Method CICM::Answer::PutStream::put()
CICM::Status put( in CICM::Buffer buffer );
Sends data to the module for transformation.
Remarks:
Parameters:
Returns:
Interface CICM::Answer::HashConduit
interface HashConduit :
CICM::Conduit,
CICM::Answer::PutStream {
CICM::Answer::HashConduit supports hashing operations within a single security domain. It is created by calling CICM::ChannelManager::create_hash_conduit.
Remarks:
CICM::Answer::HashConduit inherits from: CICM::Conduit and CICM::Answer::PutStream.
AttributeCICM::Answer::HashConduit::algorithm
readonly attribute CICM::HashAlgorithmId algorithm;
Algorithm used to compute the hash.
Method CICM::Answer::HashConduit::end_get_hash()
CICM::Status end_get_hash( out HashBuffer hash );
Direct the module to compute and output the message digest value, and reset the conduit to accept additional data.
Parameters:
Returns:
Interface CICM::Answer::MACConduit
interface MACConduit :
CICM::AbstractMACConduit,
CICM::Answer::PutStream {
CICM::Answer::MACConduit supports message authentication code operations within a single security domain. It is created by calling CICM::ChannelManager::create_mac_conduit.
CICM::Answer::MACConduit inherits from: CICM::AbstractMACConduit and CICM::Answer::PutStream.
Interface CICM::Answer::MACVerifyConduit
interface MACVerifyConduit :
CICM::AbstractMACVerifyConduit,
CICM::Answer::PutStream {
CICM::Answer::MACVerifyConduit supports message authentication code verification operations within a single security domain. It is created by calling CICM::ChannelManager::create_mac_verify_conduit.
CICM::Answer::MACVerifyConduit inherits from: CICM::AbstractMACVerifyConduit and CICM::Answer::PutStream.
Interface CICM::Answer::SignConduit
interface SignConduit :
CICM::AbstractSignConduit,
CICM::Answer::PutStream {
CICM::Answer::SignConduit supports signature operations within a single security domain. It is created by calling CICM::ChannelManager::create_sign_conduit.
CICM::Answer::SignConduit inherits from: CICM::AbstractSignConduit and CICM::Answer::PutStream.
Interface CICM::Answer::SignHashConduit
interface SignHashConduit : CICM::Answer::SignConduit {};
CICM::Answer::SignHashConduit supports signature operations accepting a pre-generated hash value within a single security domain. It is created by calling CICM::ChannelManager::create_sign_hash_conduit.
CICM::Answer::SignHashConduit inherits from: CICM::Answer::SignConduit.
Interface CICM::Answer::VerifyConduit
interface VerifyConduit :
CICM::AbstractSigVerifyConduit,
CICM::Answer::PutStream {
CICM::Answer::VerifyConduit supports verification operations within a single security domain. It is created by calling CICM::ChannelManager::create_verify_conduit.
CICM::Answer::VerifyConduit inherits from: CICM::AbstractSigVerifyConduit and CICM::Answer::PutStream.
Interface CICM::Answer::VerifyHashConduit
interface VerifyHashConduit : CICM::Answer::VerifyConduit {};
CICM::Answer::VerifyHashConduit supports verification operations accepting a pre-generated hash value within a single security domain. It is created by calling CICM::ChannelManager::create_verify_hash_conduit.
CICM::Answer::VerifyHashConduit inherits from: CICM::Answer::VerifyConduit.
Namespace CICM::Coprocessor
module Coprocessor {
The CICM::Coprocessor namespace contains interfaces that support encryption/decryption operations within a single security domain.
Interface CICM::Coprocessor::ChannelManager
interface ChannelManager {
CICM::Coprocessor::ChannelManager is an abstraction inherited by CICM::ChannelManager that supports the creation of conduits to encrypt and decrypt data within a single security domain. See CICM::ChannelManager for additional information.
Method CICM::Coprocessor::ChannelManager::create_coprocessor_encrypt_conduit()
CICM::Status create_coprocessor_encrypt_conduit( in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::Coprocessor::EncryptConduit conduit_ref );
Create conduit to encrypt a stream of data within a single security domain.
Parameters:
Returns:
Method CICM::Coprocessor::ChannelManager::create_coprocessor_encrypt_with_mac_conduit()
CICM::Status create_coprocessor_encrypt_with_mac_conduit( in CICM::SymKey mac_key_ref, in CICM::SymKey encrypt_key_ref, in CICM::SymMacAlgorithmId mac_algorithm, in CICM::SymEncrAlgorithmId encrypt_algorithm, out CICM::Coprocessor::EncryptWithMACConduit conduit_ref );
Create conduit to MAC and encrypt a stream of data within a single security domain.
Parameters:
Returns:
Method CICM::Coprocessor::ChannelManager::create_coprocessor_encrypt_with_sign_conduit()
CICM::Status create_coprocessor_encrypt_with_sign_conduit( in CICM::AsymKey sign_key_ref, in CICM::SymKey encrypt_key_ref, in CICM::AsymSigAlgorithmId sign_algorithm, in CICM::SymEncrAlgorithmId encrypt_algorithm, out CICM::Coprocessor::EncryptWithSignConduit conduit_ref );
Create conduit to sign and encrypt a stream of data within a single security domain.
Parameters:
Returns:
Method CICM::Coprocessor::ChannelManager::create_coprocessor_decrypt_conduit()
CICM::Status create_coprocessor_decrypt_conduit( in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::Coprocessor::DecryptConduit conduit_ref );
Create conduit to decrypt a stream of data within a single security domain.
Parameters:
Returns:
Method CICM::Coprocessor::ChannelManager::create_coprocessor_decrypt_with_mac_conduit()
CICM::Status create_coprocessor_decrypt_with_mac_conduit( in CICM::SymKey mac_key_ref, in CICM::SymKey decrypt_key_ref, in CICM::SymMacAlgorithmId mac_algorithm, in CICM::SymEncrAlgorithmId encrypt_algorithm, out CICM::Coprocessor::DecryptWithMACConduit conduit_ref );
Create conduit to MAC verify and decrypt a stream of data within a single security domain.
Parameters:
Returns:
Method CICM::Coprocessor::ChannelManager::create_coprocessor_decrypt_with_verify_conduit()
CICM::Status create_coprocessor_decrypt_with_verify_conduit( in CICM::AsymKey verify_key_ref, in CICM::SymKey decrypt_key_ref, in CICM::AsymSigAlgorithmId verify_algorithm, in CICM::SymEncrAlgorithmId decrypt_algorithm, out CICM::Coprocessor::DecryptWithVerifyConduit conduit_ref );
Create conduit to verify and decrypt a stream of data within a single security domain.
Parameters:
Returns:
Interface CICM::Coprocessor::Stream
interface Stream : CICM::Stream {
CICM::Coprocessor::Stream is an abstraction inherited by all conduits in the CICM::Coprocessor namespace.
CICM::Coprocessor::Stream inherits from: CICM::Stream.
Method CICM::Coprocessor::Stream::get_final_buffer()
CICM::Status get_final_buffer( out CICM::Buffer buffer );
Returns the final block of transformed data, if available. The method blocks until data becomes available.
Remarks:
Parameters:
Returns:
Interface CICM::Coprocessor::EncryptConduit
interface EncryptConduit :
CICM::Conduit,
CICM::SymKeyController,
CICM::GenVectorController,
CICM::ResyncController,
CICM::Coprocessor::Stream {
CICM::Coprocessor::EncryptConduit supports encryption operations within a single security domain. The resulting conduit is capable of managing the channel, accepting data for transformation, and receiving the result. It is created by calling CICM::ChannelManager::create_coprocessor_encrypt_conduit.
CICM::Coprocessor::EncryptConduit inherits from: CICM::Conduit, CICM::SymKeyController, CICM::GenVectorController, CICM::ResyncController and CICM::Coprocessor::Stream.
Method CICM::Coprocessor::EncryptConduit::encrypt()
CICM::Status encrypt( in CICM::Buffer plaintext, out CICM::Buffer ciphertext );
Send plaintext to the module to be encrypted, receiving the ciphertext resulting from the transformation as the result.
Parameters:
Returns:
Interface CICM::Coprocessor::EncryptWithMACConduit
interface EncryptWithMACConduit :
CICM::AbstractMACConduit,
CICM::Coprocessor::EncryptConduit {
CICM::Coprocessor::EncryptWithMACConduit supports encryption with MAC operations within a single security domain. The resulting conduit is capable of managing the channel, accepting data for transformation, and receiving the result (both ciphertext and a MAC value). It is created by calling CICM::ChannelManager::create_coprocessor_encrypt_with_mac_conduit.
CICM::Coprocessor::EncryptWithMACConduit inherits from: CICM::AbstractMACConduit and CICM::Coprocessor::EncryptConduit.
Interface CICM::Coprocessor::EncryptWithSignConduit
interface EncryptWithSignConduit :
CICM::AbstractSignConduit,
CICM::Coprocessor::EncryptConduit {
CICM::Coprocessor::EncryptWithSignConduit supports encryption with signature operations within a single security domain. The resulting conduit is capable of managing the channel, accepting data for transformation, and receiving the result (both ciphertext and a signature). It is created by calling CICM::ChannelManager::create_coprocessor_encrypt_with_sign_conduit.
CICM::Coprocessor::EncryptWithSignConduit inherits from: CICM::AbstractSignConduit and CICM::Coprocessor::EncryptConduit.
Interface CICM::Coprocessor::DecryptConduit
interface DecryptConduit :
CICM::Conduit,
CICM::SymKeyController,
CICM::SetVectorController,
CICM::ResyncController,
CICM::Coprocessor::Stream {
CICM::Coprocessor::DecryptConduit supports decryption operations within a single security domain. The resulting conduit is capable of managing the channel, accepting data for transformation, and receiving the result. It is created by calling CICM::ChannelManager::create_coprocessor_decrypt_conduit.
CICM::Coprocessor::DecryptConduit inherits from: CICM::Conduit, CICM::SymKeyController, CICM::SetVectorController, CICM::ResyncController and CICM::Coprocessor::Stream.
Method CICM::Coprocessor::DecryptConduit::decrypt()
CICM::Status decrypt( in CICM::Buffer ciphertext, out CICM::Buffer plaintext );
Send ciphertext to the module to be decrypted, receiving the plaintext resulting from the transformation as the result.
Parameters:
Returns:
Interface CICM::Coprocessor::DecryptWithMACConduit
interface DecryptWithMACConduit :
CICM::AbstractMACVerifyConduit,
CICM::Coprocessor::DecryptConduit {
CICM::Coprocessor::DecryptWithMACConduit supports encryption with MAC verification operations within a single security domain. The resulting conduit is capable of managing the channel, accepting data for transformation, and receiving the result (both plaintext and an indication as to whether verification succeeded or failed). It is created by calling CICM::ChannelManager::create_coprocessor_decrypt_with_mac_conduit.
CICM::Coprocessor::DecryptWithMACConduit inherits from: CICM::AbstractMACVerifyConduit and CICM::Coprocessor::DecryptConduit.
Interface CICM::Coprocessor::DecryptWithVerifyConduit
interface DecryptWithVerifyConduit :
CICM::AbstractSigVerifyConduit,
CICM::Coprocessor::DecryptConduit {
CICM::Coprocessor::DecryptWithVerifyConduit supports encryption with signature verification operations within a single security domain. The resulting conduit is capable of managing the channel, accepting data for transformation, and receiving the result (both plaintext and an indication as to whether verification succeeded or failed). It is created by calling CICM::ChannelManager::create_coprocessor_decrypt_with_verify_conduit.
CICM::Coprocessor::DecryptWithVerifyConduit inherits from: CICM::AbstractSigVerifyConduit and CICM::Coprocessor::DecryptConduit.
Interface CICM::ChannelEventManager
interface ChannelEventManager {
CICM::ChannelEventManager supports registering and unregistering user-defined channel event listeners (CICM::ChannelEventListener) for specific channel events. It is accessed from any channel via its CICM::Channel::event_manager attribute.
Remarks:
Method CICM::ChannelEventManager::register()
CICM::Status register( in CICM::ChannelEventListener::ChannelEvent event, in CICM::ChannelEventListener listener );
Registers the listener for a specific channel event.
Remarks:
Parameters:
Returns:
Method CICM::ChannelEventManager::unregister()
CICM::Status unregister( in CICM::ChannelEventListener::ChannelEvent event );
Unregisters the listener associated with the specified event.
Remarks:
Parameters:
Returns:
Interface CICM::ChannelEventListener
interface ChannelEventListener {
CICM::ChannelEventListener is unlike other CICM interfaces in that the interface is implemented by the developer of the client program to service a specific channel event and is then registered via the CICM::ChannelEventManager.
Type CICM::ChannelEventListener::ChannelEvent
typedef CICM::UInt32 ChannelEvent;
Events for which a ChannelEventListener can be notified.
Constant CICM::ChannelEventListener::C_CHANNEL_DATA_AVAILABLE
const CICM::ChannelEventListener::ChannelEvent C_CHANNEL_DATA_AVAILABLE = 0x00004001;
Data from remote peer is available.
Constant CICM::ChannelEventListener::C_CHANNEL_ERROR
const CICM::ChannelEventListener::ChannelEvent C_CHANNEL_ERROR = 0x00004002;
General error has occurred on the channel.
Constant CICM::ChannelEventListener::C_CHANNEL_INSUFFICIENT_ENTROPY
const CICM::ChannelEventListener::ChannelEvent C_CHANNEL_INSUFFICIENT_ENTROPY = 0x00004004;
Insufficient entropy available on the channel.
Constant CICM::ChannelEventListener::C_CHANNEL_LOST_SYNC
const CICM::ChannelEventListener::ChannelEvent C_CHANNEL_LOST_SYNC = 0x00004007;
Cryptographic synchronization with remote peer has been lost; this may not be detectable by the cryptographic module.
Constant CICM::ChannelEventListener::C_CHANNEL_PEER_RESET
const CICM::ChannelEventListener::ChannelEvent C_CHANNEL_PEER_RESET = 0x00004008;
Remote peer is no longer available; this may not be detectable by the cryptographic module.
Method CICM::ChannelEventListener::event_occurred()
void event_occurred( in CICM::ChannelEventListener::ChannelEvent event, in CICM::Buffer event_data );
Method implemented by client program that receives a message about a channel event that occurred. An opaque data field with additional information about the event in a module-specific format may optionally be provided with the event itself.
Remarks:
Note:
Parameters:
Interface CICM::ControllerGroup
interface ControllerGroup {
Group of controllers and/or conduits.
Remarks:
Method CICM::ControllerGroup::add()
CICM::Status add( in CICM::Controller controller_ref );
Add a controller or conduit to this controller group.
Parameters:
Returns:
[RFC Editor: Please remove this section prior to publication.]
This document has no IANA actions.
This document defines several channels that provide confidentiality services such encryption and decryption as defined in the CICM::Encrypt, CICM::Decrypt, CICM::Duplex, CICM::EncryptBypass, CICM::DecryptBypass, and CICM::Coprocessor namespaces. Note, however, that the CICM::EncryptBypass and CICM::DecryptBypass namespaces are capable of sending unencrypted data (see Bypass below).
This document defines four namespaces related to sending and receiving bypass data. CICM::BypassWrite and CICM::BypassRead are for full bypass while CICM::EncryptBypass and CICM::DecryptBypass are for selective bypass.
Unintentional sending of bypass data is typically considered a comprimise in the confidentiality of a system, and therefore implementors are urged to consider their security policies carefully.
To mitigate against accidental programming errors related to bypass, this document ensures that:
This document defines several data integrity services either as stand-alone or hybrid channels. The CICM::Answer namespace contains channels for hashing, signing, and verifying signed data. Similarly, CICM::Encrypt, CICM::Decrypt, CICM::Coprocessor have channels that, in addition to encrypting or decrypting, sign or verify the transmitted data.
This document defines a CICM::Negotiator which defines the basic peer-entity authentication mechanism. Channels defined in the CICM::Encrypt, CICM::Decrypt, CICM::Duplex, CICM::EncryptBypass, and CICM::DecryptBypass namespaces define negotiated versions of most of the channels. See Channel Negotiation (Section 8) for more information.
| [RFC2119] | Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. |
| [CICM] | Lanz, D. and L. Novikov, "Common Interface to Cryptographic Modules (CICM) [RFC Editor: Please update the RFC reference and date prior to publication.]", January 2011. |
| [CICM-KM] | Lanz, D. and L. Novikov, "Common Interface to Cryptographic Modules (CICM) Key Management [RFC Editor: Please update the RFC reference and date prior to publication.]", January 2011. |
| [IDL] | International Standards Organization, "Information technology — Open Distributed Processing — Interface Definition Language", ISO/IEC 14750:1999(E), March 1999. |
| [RFC3552] | Rescorla, E. and B. Korver, "Guidelines for Writing RFC Text on Security Considerations", BCP 72, RFC 3552, July 2003. |
| [CICM-LM] | Lanz, D. and L. Novikov, "Common Interface to Cryptographic Modules (CICM) Logical Model [RFC Editor: Please update the RFC reference and date prior to publication.]", January 2011. |
| [CORBA] | Object Management Group, "Common Object Request Broker Architecture (CORBA) Specification, Version 3.1", January 2008. |
module CICM {
typedef CICM::Buffer MACBuffer;
typedef CICM::Buffer SigBuffer;
typedef CICM::Buffer HashBuffer;
typedef CICM::Buffer Vector;
typedef CICM::UInt32 TransId;
typedef CICM::CharString HashAlgorithmId;
typedef CICM::CharString AsymEncrAlgorithmId;
const CICM::AsymEncrAlgorithmId IMPLICIT_ASYM_ENCR_ALGO = "IMPLICIT";
typedef CICM::CharString AsymSigAlgorithmId;
const CICM::AsymSigAlgorithmId IMPLICIT_ASYM_SIG_ALGO = "IMPLICIT";
typedef CICM::CharString SymEncrAlgorithmId;
const CICM::SymEncrAlgorithmId IMPLICIT_SYM_ENCR_ALGO = "IMPLICIT";
typedef CICM::CharString SymMacAlgorithmId;
const CICM::SymMacAlgorithmId IMPLICIT_SYM_MAC_ALGO = "IMPLICIT";
typedef CICM::CharString KeyWrapAlgorithmId;
const CICM::KeyWrapAlgorithmId IMPLICIT_KEY_WRAP_ALGO = "IMPLICIT";
typedef CICM::CharString ProtocolId;
const CICM::ProtocolId IMPLICIT_PROTOCOL_ID = "IMPLICIT";
interface PeerInfo {
readonly attribute CICM::CharString peer_name;
readonly attribute CICM::Classification classification;
readonly attribute CICM::CharString compartment;
readonly attribute CICM::CharString message;
};
interface Negotiator {
CICM::Status get_remote_info(
out CICM::PeerInfo peer_info );
CICM::Status abort_negotiation();
};
interface ChannelEventListener {
typedef CICM::UInt32 ChannelEvent;
const CICM::ChannelEventListener::ChannelEvent
C_CHANNEL_DATA_AVAILABLE = 0x00004001;
const CICM::ChannelEventListener::ChannelEvent
C_CHANNEL_ERROR = 0x00004002;
const CICM::ChannelEventListener::ChannelEvent
C_CHANNEL_INSUFFICIENT_ENTROPY = 0x00004004;
const CICM::ChannelEventListener::ChannelEvent
C_CHANNEL_LOST_SYNC = 0x00004007;
const CICM::ChannelEventListener::ChannelEvent
C_CHANNEL_PEER_RESET = 0x00004008;
void event_occurred(
in CICM::ChannelEventListener::ChannelEvent event,
in CICM::Buffer event_data );
};
interface ChannelEventManager {
CICM::Status register(
in CICM::ChannelEventListener::ChannelEvent event,
in CICM::ChannelEventListener listener );
CICM::Status unregister(
in CICM::ChannelEventListener::ChannelEvent event );
};
interface Channel {
readonly attribute CICM::ChannelEventManager event_manager;
};
interface Stream : CICM::Channel {};
interface WriteStream : CICM::Stream {
typedef CICM::UInt32 WriteStatus;
const CICM::WriteStream::WriteStatus C_WRITE_NOT_READY = 0x00006067;
const CICM::WriteStream::WriteStatus C_WRITE_READY = 0x00006068;
};
interface ReadStream : CICM::Stream {
typedef CICM::UInt32 ReadStatus;
const CICM::ReadStream::ReadStatus C_READ_NOT_READY = 0x0000605E;
const CICM::ReadStream::ReadStatus C_READ_READY = 0x00006061;
};
interface Controller : CICM::Channel {
CICM::Status destroy();
};
interface MultiDomainController : CICM::Controller {
readonly attribute CICM::LocalPort local_port;
readonly attribute CICM::RemotePort remote_port;
};
interface SymKeyController : CICM::Controller {
readonly attribute CICM::SymKey key;
CICM::Status update_key();
CICM::Status update_key_with_algo(
in CICM::SymEncrAlgorithmId algorithm );
CICM::Status rollover_key();
CICM::Status rollover_key_with_key(
in CICM::SymKey next_key );
};
interface AsymKeyController : CICM::Controller {
readonly attribute CICM::AsymKey key;
};
interface NegotiatedController :
CICM::MultiDomainController,
CICM::AsymKeyController,
CICM::Negotiator {
readonly attribute CICM::Classification negotiated_grade;
CICM::Status renegotiate();
CICM::Status initiate_grade_change(
in CICM::Classification new_grade );
CICM::Status acknowledge_grade_change();
};
interface SetVectorController : CICM::Controller {
readonly attribute CICM::Vector vec;
CICM::Status set_vector(
in CICM::Vector vec );
CICM::Status set_vector_no_check(
in CICM::Vector vec );
CICM::Status reset_vector();
};
interface GenVectorController : CICM::SetVectorController {
CICM::Status generate_vector();
CICM::Status generate_vector_existing_state();
};
interface ResyncController : CICM::Controller {
CICM::Status resync();
CICM::Status resync_with_sync_vector(
in CICM::Vector vec );
};
interface ControllerGroup {
CICM::Status add(
in CICM::Controller controller_ref );
};
interface Conduit :
CICM::Controller,
CICM::Stream {
};
interface AbstractMACConduit : CICM::Conduit {
readonly attribute CICM::SymKey mac_key;
readonly attribute CICM::SymMacAlgorithmId mac_algorithm;
CICM::Status end_get_mac(
out CICM::MACBuffer mac );
};
interface AbstractSignConduit : CICM::Conduit {
readonly attribute CICM::AsymKey sign_key;
readonly attribute CICM::AsymSigAlgorithmId sign_algorithm;
CICM::Status end_get_signature(
out CICM::SigBuffer signature );
};
interface AbstractVerifyConduit : CICM::Conduit {
typedef CICM::UInt32 VerifyStatus;
const CICM::AbstractVerifyConduit::VerifyStatus
C_DATA_VERIFIED = 0x00006025;
const CICM::AbstractVerifyConduit::VerifyStatus
C_DATA_NOT_VERIFIED = 0x00006026;
};
interface AbstractMACVerifyConduit : CICM::AbstractVerifyConduit {
readonly attribute CICM::SymKey verify_key;
readonly attribute CICM::SymMacAlgorithmId verify_algorithm;
CICM::Status end_get_verified(
in CICM::MACBuffer mac,
out CICM::AbstractVerifyConduit::VerifyStatus status );
};
interface AbstractSigVerifyConduit : CICM::AbstractVerifyConduit {
readonly attribute CICM::AsymKey verify_key;
readonly attribute CICM::AsymSigAlgorithmId verify_algorithm;
CICM::Status end_get_verified(
in CICM::SigBuffer signature,
out CICM::AbstractVerifyConduit::VerifyStatus status );
};
module Encrypt {
interface Stream : CICM::WriteStream {
CICM::Status encrypt(
in CICM::Buffer buffer );
CICM::Status encrypt_non_blocking(
in CICM::Buffer buffer,
in CICM::TransId transaction_id );
CICM::Status encrypt_poll(
in CICM::TransId transaction_id,
out CICM::WriteStream::WriteStatus status );
};
interface KeyWrapStream : CICM::Stream {
CICM::Status wrap_key(
in CICM::Key key_ref );
};
interface Controller :
CICM::MultiDomainController,
CICM::SymKeyController,
CICM::GenVectorController,
CICM::ResyncController {};
interface NegotiatedController :
CICM::NegotiatedController,
CICM::GenVectorController,
CICM::ResyncController {};
interface Conduit :
CICM::Conduit,
CICM::Encrypt::Controller,
CICM::Encrypt::Stream {};
interface NegotiatedConduit :
CICM::Conduit,
CICM::Encrypt::NegotiatedController,
CICM::Encrypt::Stream {};
interface WithMACConduit :
CICM::AbstractMACConduit,
CICM::Encrypt::Conduit {};
interface WithMACNegotiatedConduit :
CICM::AbstractMACConduit,
CICM::Encrypt::NegotiatedConduit {};
interface WithSignConduit :
CICM::AbstractSignConduit,
CICM::Encrypt::Conduit {};
interface WithSignNegotiatedConduit :
CICM::AbstractSignConduit,
CICM::Encrypt::NegotiatedConduit {};
interface KeyWrapConduit :
CICM::Encrypt::Controller,
CICM::Encrypt::KeyWrapStream {};
interface ControllerNegotiator : CICM::Negotiator {
CICM::Status complete(
out CICM::Encrypt::NegotiatedController controller_ref );
};
interface Negotiator : CICM::Negotiator {
CICM::Status complete(
out CICM::Encrypt::NegotiatedConduit conduit_ref );
};
interface WithMACNegotiator : CICM::Negotiator {
CICM::Status complete(
out CICM::Encrypt::WithMACNegotiatedConduit conduit_ref );
};
interface WithSignNegotiator : CICM::Negotiator {
CICM::Status complete(
out CICM::Encrypt::WithSignNegotiatedConduit conduit_ref );
};
interface ChannelManager {
CICM::Status negotiate_encrypt_conduit(
in CICM::RemotePort remote_port,
in CICM::ProtocolId protocol,
in CICM::AsymKey key_ref,
out CICM::Encrypt::Negotiator negotiator_ref );
CICM::Status negotiate_encrypt_with_mac_conduit(
in CICM::RemotePort remote_port,
in CICM::ProtocolId protocol,
in CICM::SymKey mac_key_ref,
in CICM::AsymKey nego_key_ref,
in CICM::SymMacAlgorithmId mac_algorithm,
out CICM::Encrypt::WithMACNegotiator negotiator_ref );
CICM::Status negotiate_encrypt_with_sign_conduit(
in CICM::RemotePort remote_port,
in CICM::ProtocolId protocol,
in CICM::AsymKey sign_key_ref,
in CICM::AsymKey nego_key_ref,
in CICM::AsymSigAlgorithmId sign_algorithm,
out CICM::Encrypt::WithSignNegotiator negotiator_ref );
CICM::Status negotiate_encrypt_controller(
in CICM::LocalPort local_port,
in CICM::RemotePort remote_port,
in CICM::ProtocolId protocol,
in CICM::AsymKey key_ref,
out CICM::Encrypt::ControllerNegotiator negotiator_ref );
CICM::Status create_encrypt_conduit(
in CICM::RemotePort remote_port,
in CICM::SymKey key_ref,
in CICM::SymEncrAlgorithmId algorithm,
out CICM::Encrypt::Conduit conduit_ref );
CICM::Status create_encrypt_with_mac_conduit(
in CICM::RemotePort remote_port,
in CICM::SymKey mac_key_ref,
in CICM::SymKey encrypt_key_ref,
in CICM::SymMacAlgorithmId mac_algorithm,
in CICM::SymEncrAlgorithmId encr_algorithm,
out CICM::Encrypt::WithMACConduit conduit_ref );
CICM::Status create_encrypt_with_sign_conduit(
in CICM::RemotePort remote_port,
in CICM::AsymKey sign_key_ref,
in CICM::SymKey encrypt_key_ref,
in CICM::AsymSigAlgorithmId sign_algorithm,
in CICM::SymEncrAlgorithmId encr_algorithm,
out CICM::Encrypt::WithSignConduit conduit_ref );
CICM::Status create_key_wrap_conduit(
in CICM::RemotePort remote_port,
in CICM::SymKey kek_ref,
in CICM::KeyWrapAlgorithmId algorithm,
out CICM::Encrypt::KeyWrapConduit conduit_ref );
CICM::Status create_encrypt_controller(
in CICM::LocalPort local_port,
in CICM::RemotePort remote_port,
in CICM::SymKey key_ref,
in CICM::SymEncrAlgorithmId algorithm,
out CICM::Encrypt::Controller controller_ref );
CICM::Status get_encrypt_stream(
in CICM::LocalPort local_port,
out CICM::Encrypt::Stream stream_ref );
};
};
module Decrypt {
interface Stream : CICM::ReadStream {
CICM::Status decrypt(
out CICM::Buffer buffer );
CICM::Status decrypt_non_blocking(
out CICM::Buffer buffer,
in CICM::TransId transaction_id );
CICM::Status decrypt_poll(
in CICM::TransId transaction_id,
out CICM::ReadStream::ReadStatus status );
};
interface KeyUnwrapStream : CICM::Stream {
CICM::Status unwrap_sym_key(
out CICM::SymKey key_ref );
CICM::Status unwrap_asym_key(
out CICM::AsymKey key_ref );
};
interface Controller :
CICM::MultiDomainController,
CICM::SymKeyController,
CICM::SetVectorController,
CICM::ResyncController {};
interface NegotiatedController :
CICM::NegotiatedController,
CICM::SetVectorController,
CICM::ResyncController {};
interface Conduit :
CICM::Conduit,
CICM::Decrypt::Controller,
CICM::Decrypt::Stream {};
interface NegotiatedConduit :
CICM::Conduit,
CICM::Decrypt::NegotiatedController,
CICM::Decrypt::Stream {};
interface WithMACConduit :
CICM::AbstractMACVerifyConduit,
CICM::Decrypt::Conduit {};
interface WithMACNegotiatedConduit :
CICM::AbstractMACVerifyConduit,
CICM::Decrypt::NegotiatedConduit {};
interface WithVerifyConduit :
CICM::AbstractSigVerifyConduit,
CICM::Decrypt::Conduit {};
interface WithVerifyNegotiatedConduit :
CICM::AbstractSigVerifyConduit,
CICM::Decrypt::NegotiatedConduit {};
interface KeyUnwrapConduit :
CICM::Decrypt::Controller,
CICM::Decrypt::KeyUnwrapStream {};
interface Negotiator : CICM::Negotiator {
CICM::Status complete(
out CICM::Decrypt::NegotiatedConduit conduit_ref );
};
interface ControllerNegotiator : CICM::Negotiator {
CICM::Status complete(
out CICM::Decrypt::NegotiatedController controller_ref );
};
interface WithMACNegotiator : CICM::Negotiator {
CICM::Status complete(
out CICM::Decrypt::WithMACNegotiatedConduit conduit_ref );
};
interface WithVerifyNegotiator : CICM::Negotiator {
CICM::Status complete(
out CICM::Decrypt::WithVerifyNegotiatedConduit conduit_ref );
};
interface ChannelManager {
CICM::Status negotiate_decrypt_conduit(
in CICM::RemotePort remote_port,
in CICM::ProtocolId protocol,
in CICM::AsymKey key_ref,
out CICM::Decrypt::Negotiator negotiator_ref );
CICM::Status negotiate_decrypt_with_mac_conduit(
in CICM::RemotePort remote_port,
in CICM::ProtocolId protocol,
in CICM::SymKey verify_key_ref,
in CICM::AsymKey nego_key_ref,
in CICM::SymMacAlgorithmId verify_algorithm,
out CICM::Decrypt::WithMACNegotiator negotiator_ref );
CICM::Status negotiate_decrypt_with_verify_conduit(
in CICM::RemotePort remote_port,
in CICM::ProtocolId protocol,
in CICM::AsymKey verify_key_ref,
in CICM::AsymKey nego_key_ref,
in CICM::AsymSigAlgorithmId verify_algorithm,
out CICM::Decrypt::WithVerifyNegotiator negotiator_ref );
CICM::Status negotiate_decrypt_controller(
in CICM::LocalPort local_port,
in CICM::RemotePort remote_port,
in CICM::ProtocolId protocol,
in CICM::AsymKey key_ref,
out CICM::Decrypt::ControllerNegotiator negotiator_ref );
CICM::Status create_decrypt_conduit(
in CICM::RemotePort remote_port,
in CICM::SymKey key_ref,
in CICM::SymEncrAlgorithmId algorithm,
out CICM::Decrypt::Conduit conduit_ref );
CICM::Status create_decrypt_with_mac_conduit(
in CICM::RemotePort remote_port,
in CICM::SymKey verify_key_ref,
in CICM::SymKey decrypt_key_ref,
in CICM::SymMacAlgorithmId verify_algorithm,
in CICM::SymEncrAlgorithmId decrypt_algorithm,
out CICM::Decrypt::WithMACConduit conduit_ref );
CICM::Status create_decrypt_with_verify_conduit(
in CICM::RemotePort remote_port,
in CICM::AsymKey verify_key_ref,
in CICM::SymKey decrypt_key_ref,
in CICM::AsymSigAlgorithmId verify_algorithm,
in CICM::SymEncrAlgorithmId decrypt_algorithm,
out CICM::Decrypt::WithVerifyConduit conduit_ref );
CICM::Status create_key_unwrap_conduit(
in CICM::RemotePort remote_port,
in CICM::SymKey kek_ref,
in CICM::KeyWrapAlgorithmId algorithm,
out CICM::Decrypt::KeyUnwrapConduit conduit_ref );
CICM::Status create_decrypt_controller(
in CICM::LocalPort local_port,
in CICM::RemotePort remote_port,
in CICM::SymKey key_ref,
in CICM::SymEncrAlgorithmId algorithm,
out CICM::Decrypt::Controller controller_ref );
CICM::Status get_decrypt_stream(
in CICM::LocalPort local_port,
out CICM::Decrypt::Stream stream_ref );
};
};
module Duplex {
interface Stream :
CICM::Encrypt::Stream,
CICM::Decrypt::Stream {};
interface Controller :
CICM::Encrypt::Controller,
CICM::Decrypt::Controller {};
interface NegotiatedController :
CICM::Encrypt::NegotiatedController,
CICM::Decrypt::NegotiatedController {};
interface Conduit :
CICM::Conduit,
CICM::Duplex::Controller,
CICM::Duplex::Stream {};
interface NegotiatedConduit :
CICM::Duplex::NegotiatedController,
CICM::Duplex::Stream {};
interface ControllerNegotiator : CICM::Negotiator {
CICM::Status complete(
out CICM::Duplex::NegotiatedController controller_ref );
};
interface Negotiator : CICM::Negotiator {
CICM::Status complete(
out CICM::Duplex::NegotiatedConduit conduit_ref );
};
interface ChannelManager {
CICM::Status negotiate_duplex_conduit(
in CICM::RemotePort remote_port,
in CICM::ProtocolId protocol,
in CICM::AsymKey key_ref,
out CICM::Duplex::Negotiator negotiator_ref );
CICM::Status negotiate_duplex_controller(
in CICM::LocalPort local_port,
in CICM::RemotePort remote_port,
in CICM::ProtocolId protocol,
in CICM::AsymKey key_ref,
out CICM::Duplex::ControllerNegotiator negotiator_ref );
CICM::Status create_duplex_conduit(
in CICM::RemotePort remote_port,
in CICM::SymKey key_ref,
in CICM::SymEncrAlgorithmId algorithm,
out CICM::Duplex::Conduit conduit_ref );
CICM::Status create_duplex_controller(
in CICM::LocalPort local_port,
in CICM::RemotePort remote_port,
in CICM::SymKey key_ref,
in CICM::SymEncrAlgorithmId algorithm,
out CICM::Duplex::Controller controller_ref );
CICM::Status get_duplex_stream(
in CICM::LocalPort local_port,
out CICM::Duplex::Stream stream_ref );
};
};
module BypassWrite {
interface Stream : CICM::WriteStream {
CICM::Status write_bypass(
in CICM::Buffer buffer );
CICM::Status write_bypass_non_blocking(
in CICM::Buffer buffer,
in CICM::TransId transaction_id );
CICM::Status write_bypass_poll(
in CICM::TransId transaction_id,
out CICM::WriteStream::WriteStatus status );
};
interface Controller : CICM::MultiDomainController {};
interface Conduit :
CICM::Conduit,
CICM::BypassWrite::Controller,
CICM::BypassWrite::Stream {};
interface ChannelManager {
CICM::Status create_bypass_write_conduit(
in CICM::RemotePort remote_port,
out CICM::BypassWrite::Conduit conduit_ref );
CICM::Status create_bypass_write_controller(
in CICM::LocalPort local_port,
in CICM::RemotePort remote_port,
out CICM::BypassWrite::Controller controller_ref );
CICM::Status get_bypass_write_stream(
in CICM::LocalPort local_port,
out CICM::BypassWrite::Stream stream_ref );
};
};
module BypassRead {
interface Stream : CICM::ReadStream {
CICM::Status read_bypass(
out CICM::Buffer buffer );
CICM::Status read_bypass_non_blocking(
out CICM::Buffer buffer,
in CICM::TransId transaction_id );
CICM::Status read_bypass_poll(
in CICM::TransId transaction_id,
out CICM::ReadStream::ReadStatus status );
};
interface Controller : CICM::MultiDomainController {};
interface Conduit :
CICM::Conduit,
CICM::BypassRead::Controller,
CICM::BypassRead::Stream {};
interface ChannelManager {
CICM::Status create_bypass_read_conduit(
in CICM::RemotePort remote_port,
out CICM::BypassRead::Conduit conduit_ref );
CICM::Status create_bypass_read_controller(
in CICM::LocalPort local_port,
in CICM::RemotePort remote_port,
out CICM::BypassRead::Controller controller_ref );
CICM::Status get_bypass_read_stream(
in CICM::LocalPort local_port,
out CICM::BypassRead::Stream stream_ref );
};
};
module EncryptBypass {
interface Stream :
CICM::Encrypt::Stream,
CICM::BypassWrite::Stream {
};
interface NegotiatedController :
CICM::Encrypt::NegotiatedController {};
interface Controller : CICM::Encrypt::Controller {};
interface Conduit :
CICM::Encrypt::Conduit,
CICM::EncryptBypass::Stream {};
interface NegotiatedConduit :
CICM::Encrypt::NegotiatedController,
CICM::EncryptBypass::Stream {};
interface ControllerNegotiator : CICM::Negotiator {
CICM::Status complete(
out CICM::EncryptBypass::NegotiatedController controller_ref );
};
interface Negotiator : CICM::Negotiator {
CICM::Status complete(
out CICM::EncryptBypass::NegotiatedConduit conduit_ref );
};
interface ChannelManager {
CICM::Status negotiate_encrypt_bypass_conduit(
in CICM::RemotePort remote_port,
in CICM::ProtocolId protocol,
in CICM::AsymKey key_ref,
out CICM::EncryptBypass::Negotiator negotiator_ref );
CICM::Status negotiate_encrypt_bypass_controller(
in CICM::LocalPort local_port,
in CICM::RemotePort remote_port,
in CICM::ProtocolId protocol,
in CICM::AsymKey key_ref,
out CICM::EncryptBypass::ControllerNegotiator negotiator_ref );
CICM::Status create_encrypt_bypass_conduit(
in CICM::RemotePort remote_port,
in CICM::SymKey key_ref,
in CICM::SymEncrAlgorithmId algorithm,
out CICM::EncryptBypass::Conduit conduit_ref );
CICM::Status create_encrypt_bypass_controller(
in CICM::LocalPort local_port,
in CICM::RemotePort remote_port,
in CICM::SymKey key_ref,
in CICM::SymEncrAlgorithmId algorithm,
out CICM::EncryptBypass::Controller controller_ref );
CICM::Status get_encrypt_bypass_stream(
in CICM::LocalPort local_port,
out CICM::EncryptBypass::Stream stream_ref );
};
};
module DecryptBypass {
interface Stream : CICM::Decrypt::Stream {};
interface NegotiatedController :
CICM::Decrypt::NegotiatedController {};
interface Controller : CICM::Encrypt::Controller {};
interface Conduit :
CICM::Decrypt::Conduit,
CICM::DecryptBypass::Controller,
CICM::DecryptBypass::Stream {};
interface NegotiatedConduit :
CICM::Decrypt::NegotiatedConduit,
CICM::DecryptBypass::NegotiatedController,
CICM::DecryptBypass::Stream {};
interface ControllerNegotiator : CICM::Negotiator {
CICM::Status complete(
out CICM::DecryptBypass::NegotiatedController controller_ref );
};
interface Negotiator : CICM::Negotiator {
CICM::Status complete(
out CICM::DecryptBypass::NegotiatedConduit conduit_ref );
};
interface ChannelManager {
CICM::Status negotiate_decrypt_bypass_conduit(
in CICM::RemotePort remote_port,
in CICM::ProtocolId protocol,
in CICM::AsymKey key_ref,
out CICM::DecryptBypass::Negotiator negotiator_ref );
CICM::Status negotiate_decrypt_bypass_controller(
in CICM::LocalPort local_port,
in CICM::RemotePort remote_port,
in CICM::ProtocolId protocol,
in CICM::AsymKey key_ref,
out CICM::DecryptBypass::ControllerNegotiator negotiator_ref );
CICM::Status create_decrypt_bypass_conduit(
in CICM::RemotePort remote_port,
in CICM::SymKey key_ref,
in CICM::SymEncrAlgorithmId algorithm,
out CICM::DecryptBypass::Conduit conduit_ref );
CICM::Status create_decrypt_bypass_controller(
in CICM::LocalPort local_port,
in CICM::RemotePort remote_port,
in CICM::SymKey key_ref,
in CICM::SymEncrAlgorithmId algorithm,
out CICM::DecryptBypass::Controller controller_ref );
CICM::Status get_decrypt_bypass_stream(
in CICM::LocalPort local_port,
out CICM::DecryptBypass::Stream stream_ref );
};
};
module Emit {
interface GetStream : CICM::ReadStream {
CICM::Status get(
in CICM::UInt32 length,
out CICM::Buffer buffer );
CICM::Status get_non_blocking(
in CICM::UInt32 length,
out CICM::Buffer buffer,
in CICM::TransId transaction_id );
CICM::Status get_poll(
in CICM::TransId transaction_id,
out CICM::ReadStream::ReadStatus status );
};
interface Controller : CICM::Controller {
readonly attribute CICM::RemotePort remote_port;
};
interface KeyStreamGenController :
CICM::SymKeyController,
CICM::GenVectorController,
CICM::Emit::Controller {};
interface PseudoRandomController :
CICM::SymKeyController,
CICM::Emit::Controller {};
interface RandomController : CICM::Emit::Controller {};
interface KeyStreamGenConduit :
CICM::Conduit,
CICM::SymKeyController,
CICM::GenVectorController,
CICM::Emit::GetStream {};
interface PseudoRandomConduit :
CICM::Conduit,
CICM::SymKeyController,
CICM::Emit::GetStream {};
interface RandomConduit :
CICM::Conduit,
CICM::Emit::GetStream {};
interface ChannelManager {
CICM::Status create_key_stream_gen_controller(
in CICM::RemotePort remote_port,
in CICM::SymKey key_ref,
in CICM::SymEncrAlgorithmId algorithm,
out CICM::Emit::KeyStreamGenController controller_ref );
CICM::Status create_pseudorandom_controller(
in CICM::RemotePort remote_port,
in CICM::SymKey seed,
out CICM::Emit::PseudoRandomController controller_ref );
CICM::Status create_random_controller(
in CICM::RemotePort remote_port,
out CICM::Emit::RandomController controller_ref );
CICM::Status create_key_stream_gen_conduit(
in CICM::SymKey key_ref,
in CICM::SymEncrAlgorithmId algorithm,
out CICM::Emit::KeyStreamGenConduit conduit_ref );
CICM::Status create_pseudorandom_conduit(
in CICM::SymKey seed,
out CICM::Emit::PseudoRandomConduit conduit_ref );
CICM::Status create_random_conduit(
out CICM::Emit::RandomConduit conduit_ref );
};
};
module Answer {
interface PutStream : CICM::Stream {
CICM::Status put(
in CICM::Buffer buffer );
};
interface HashConduit :
CICM::Conduit,
CICM::Answer::PutStream {
readonly attribute CICM::HashAlgorithmId algorithm;
CICM::Status end_get_hash(
out HashBuffer hash );
};
interface MACConduit :
CICM::AbstractMACConduit,
CICM::Answer::PutStream {};
interface MACVerifyConduit :
CICM::AbstractMACVerifyConduit,
CICM::Answer::PutStream {};
interface SignConduit :
CICM::AbstractSignConduit,
CICM::Answer::PutStream {};
interface SignHashConduit : CICM::Answer::SignConduit {};
interface VerifyConduit :
CICM::AbstractSigVerifyConduit,
CICM::Answer::PutStream {};
interface VerifyHashConduit : CICM::Answer::VerifyConduit {};
interface ChannelManager {
CICM::Status create_hash_conduit(
in CICM::HashAlgorithmId algorithm,
out CICM::Answer::HashConduit conduit_ref );
CICM::Status create_mac_conduit(
in CICM::SymKey key_ref,
in CICM::SymMacAlgorithmId algorithm,
out CICM::Answer::MACConduit conduit_ref );
CICM::Status create_mac_verify_conduit(
in CICM::SymKey key_ref,
in CICM::SymMacAlgorithmId algorithm,
out CICM::Answer::MACVerifyConduit conduit_ref );
CICM::Status create_sign_conduit(
in CICM::AsymKey key_ref,
in CICM::AsymSigAlgorithmId algorithm,
out CICM::Answer::SignConduit conduit_ref );
CICM::Status create_sign_hash_conduit(
in CICM::AsymKey key_ref,
in CICM::AsymSigAlgorithmId algorithm,
out CICM::Answer::SignHashConduit conduit_ref );
CICM::Status create_verify_conduit(
in CICM::AsymKey key_ref,
in CICM::AsymSigAlgorithmId algorithm,
out CICM::Answer::VerifyConduit conduit_ref );
CICM::Status create_verify_hash_conduit(
in CICM::AsymKey key_ref,
in CICM::AsymSigAlgorithmId algorithm,
out CICM::Answer::VerifyHashConduit conduit_ref );
};
};
module Coprocessor {
interface Stream : CICM::Stream {
CICM::Status get_final_buffer(
out CICM::Buffer buffer );
};
interface EncryptConduit :
CICM::Conduit,
CICM::SymKeyController,
CICM::GenVectorController,
CICM::ResyncController,
CICM::Coprocessor::Stream {
CICM::Status encrypt(
in CICM::Buffer plaintext,
out CICM::Buffer ciphertext );
};
interface EncryptWithMACConduit :
CICM::AbstractMACConduit,
CICM::Coprocessor::EncryptConduit {};
interface EncryptWithSignConduit :
CICM::AbstractSignConduit,
CICM::Coprocessor::EncryptConduit {};
interface DecryptConduit :
CICM::Conduit,
CICM::SymKeyController,
CICM::SetVectorController,
CICM::ResyncController,
CICM::Coprocessor::Stream {
CICM::Status decrypt(
in CICM::Buffer ciphertext,
out CICM::Buffer plaintext );
};
interface DecryptWithMACConduit :
CICM::AbstractMACVerifyConduit,
CICM::Coprocessor::DecryptConduit {};
interface DecryptWithVerifyConduit :
CICM::AbstractSigVerifyConduit,
CICM::Coprocessor::DecryptConduit {};
interface ChannelManager {
CICM::Status create_coprocessor_encrypt_conduit(
in CICM::SymKey key_ref,
in CICM::SymEncrAlgorithmId algorithm,
out CICM::Coprocessor::EncryptConduit conduit_ref );
CICM::Status create_coprocessor_encrypt_with_mac_conduit(
in CICM::SymKey mac_key_ref,
in CICM::SymKey encrypt_key_ref,
in CICM::SymMacAlgorithmId mac_algorithm,
in CICM::SymEncrAlgorithmId encrypt_algorithm,
out CICM::Coprocessor::EncryptWithMACConduit conduit_ref );
CICM::Status create_coprocessor_encrypt_with_sign_conduit(
in CICM::AsymKey sign_key_ref,
in CICM::SymKey encrypt_key_ref,
in CICM::AsymSigAlgorithmId sign_algorithm,
in CICM::SymEncrAlgorithmId encrypt_algorithm,
out CICM::Coprocessor::EncryptWithSignConduit conduit_ref );
CICM::Status create_coprocessor_decrypt_conduit(
in CICM::SymKey key_ref,
in CICM::SymEncrAlgorithmId algorithm,
out CICM::Coprocessor::DecryptConduit conduit_ref );
CICM::Status create_coprocessor_decrypt_with_mac_conduit(
in CICM::SymKey mac_key_ref,
in CICM::SymKey decrypt_key_ref,
in CICM::SymMacAlgorithmId mac_algorithm,
in CICM::SymEncrAlgorithmId encrypt_algorithm,
out CICM::Coprocessor::DecryptWithMACConduit conduit_ref );
CICM::Status create_coprocessor_decrypt_with_verify_conduit(
in CICM::AsymKey verify_key_ref,
in CICM::SymKey decrypt_key_ref,
in CICM::AsymSigAlgorithmId verify_algorithm,
in CICM::SymEncrAlgorithmId decrypt_algorithm,
out CICM::Coprocessor::DecryptWithVerifyConduit conduit_ref );
};
};
interface ChannelManager :
CICM::Answer::ChannelManager,
CICM::BypassRead::ChannelManager,
CICM::BypassWrite::ChannelManager,
CICM::Coprocessor::ChannelManager,
CICM::Decrypt::ChannelManager,
CICM::DecryptBypass::ChannelManager,
CICM::Duplex::ChannelManager,
CICM::Emit::ChannelManager,
CICM::Encrypt::ChannelManager,
CICM::EncryptBypass::ChannelManager {
CICM::Status create_controller_group(
out CICM::ControllerGroup controller_group_ref );
};
};