Internet Engineering Task Force D. Lanz Internet-Draft L. Novikov Intended status: Informational MITRE Expires: January 26, 2012 July 25, 2011 Common Interface to Cryptographic Modules (CICM) Channel Management draft-lanz-cicm-cm-01 Abstract [RFC Editor: Please update the RFC references prior to publication.] This memo defines a programming interface for the management of cryptographic channels as outlined in draft-lanz-cicm-lm-00 and required by draft-lanz-cicm-02 including creating and negotiating channels for encryption, decryption, bypass, data integrity, or to generate random data. Comments are solicited and should be addressed to the mailing list at cicm@ietf.org. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on January 26, 2012. Copyright Notice Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents Lanz & Novikov Expires January 26, 2012 [Page 1] Internet-Draft CICM Channel Management July 2011 carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 6 1.1. Requirements Language . . . . . . . . . . . . . . . . . 6 1.2. Definition Language . . . . . . . . . . . . . . . . . . 6 1.3. Conformance and Extension Language . . . . . . . . . . . 6 2. CICM Dependencies . . . . . . . . . . . . . . . . . . . . . . 6 2.1. Namespaces . . . . . . . . . . . . . . . . . . . . . . . 6 2.2. Types . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.3. Interfaces . . . . . . . . . . . . . . . . . . . . . . . 7 3. Channel Namespaces . . . . . . . . . . . . . . . . . . . . . 7 4. Channel Abstractions . . . . . . . . . . . . . . . . . . . . 8 4.1. Algorithm Types . . . . . . . . . . . . . . . . . . . . 8 4.2. State Vector . . . . . . . . . . . . . . . . . . . . . . 9 4.3. Integrity Buffers . . . . . . . . . . . . . . . . . . . 9 4.4. Interface CICM::ChannelManager . . . . . . . . . . . . . 10 4.5. Interface CICM::Channel . . . . . . . . . . . . . . . . 11 4.6. Interface CICM::Conduit . . . . . . . . . . . . . . . . 11 4.7. Interface CICM::Controller . . . . . . . . . . . . . . . 11 4.8. Interface CICM::Stream . . . . . . . . . . . . . . . . . 12 5. Conduit Abstractions . . . . . . . . . . . . . . . . . . . . 12 5.1. Interface CICM::AbstractMACConduit . . . . . . . . . . . 13 5.2. Interface CICM::AbstractSignConduit . . . . . . . . . . 14 5.3. Interface CICM::AbstractVerifyConduit . . . . . . . . . 15 5.4. Interface CICM::AbstractMACVerifyConduit . . . . . . . . 15 5.5. Interface CICM::AbstractSigVerifyConduit . . . . . . . . 16 6. Stream Abstractions . . . . . . . . . . . . . . . . . . . . . 17 6.1. Interface CICM::WriteStream . . . . . . . . . . . . . . 17 6.2. Interface CICM::ReadStream . . . . . . . . . . . . . . . 18 7. Controller Abstractions . . . . . . . . . . . . . . . . . . . 18 7.1. Interface CICM::MultiDomainController . . . . . . . . . 18 7.2. Interface CICM::SymKeyController . . . . . . . . . . . . 19 7.3. Interface CICM::AsymKeyController . . . . . . . . . . . 22 7.4. Interface CICM::NegotiatedController . . . . . . . . . . 22 7.5. Interface CICM::SetVectorController . . . . . . . . . . 24 7.6. Interface CICM::GenVectorController . . . . . . . . . . 26 7.7. Interface CICM::ResyncController . . . . . . . . . . . . 27 8. Channel Negotiation . . . . . . . . . . . . . . . . . . . . . 28 8.1. Negotiating Channels and Controllers . . . . . . . . . . 28 8.2. Interface CICM::Negotiator . . . . . . . . . . . . . . . 29 8.3. Interface CICM::PeerInfo . . . . . . . . . . . . . . . . 31 Lanz & Novikov Expires January 26, 2012 [Page 2] Internet-Draft CICM Channel Management July 2011 9. Encryption . . . . . . . . . . . . . . . . . . . . . . . . . 31 9.1. Interface CICM::Encrypt::ChannelManager . . . . . . . . 31 9.2. Interface CICM::Encrypt::Stream . . . . . . . . . . . . 40 9.3. Interface CICM::Encrypt::KeyWrapStream . . . . . . . . . 42 9.4. Interface CICM::Encrypt::Controller . . . . . . . . . . 43 9.5. Interface CICM::Encrypt::NegotiatedController . . . . . 43 9.6. Interface CICM::Encrypt::Conduit . . . . . . . . . . . . 44 9.7. Interface CICM::Encrypt::NegotiatedConduit . . . . . . . 44 9.8. Interface CICM::Encrypt::WithMACConduit . . . . . . . . 44 9.9. Interface CICM::Encrypt::WithMACNegotiatedConduit . . . 45 9.10. Interface CICM::Encrypt::WithSignConduit . . . . . . . . 45 9.11. Interface CICM::Encrypt::WithSignNegotiatedConduit . . . 45 9.12. Interface CICM::Encrypt::KeyWrapConduit . . . . . . . . 46 9.13. Interface CICM::Encrypt::ControllerNegotiator . . . . . 46 9.14. Interface CICM::Encrypt::Negotiator . . . . . . . . . . 47 9.15. Interface CICM::Encrypt::WithMACNegotiator . . . . . . . 48 9.16. Interface CICM::Encrypt::WithSignNegotiator . . . . . . 49 10. Decryption . . . . . . . . . . . . . . . . . . . . . . . . . 50 10.1. Interface CICM::Decrypt::ChannelManager . . . . . . . . 50 10.2. Interface CICM::Decrypt::Stream . . . . . . . . . . . . 59 10.3. Interface CICM::Decrypt::KeyUnwrapStream . . . . . . . . 61 10.4. Interface CICM::Decrypt::Controller . . . . . . . . . . 63 10.5. Interface CICM::Decrypt::NegotiatedController . . . . . 63 10.6. Interface CICM::Decrypt::Conduit . . . . . . . . . . . . 63 10.7. Interface CICM::Decrypt::NegotiatedConduit . . . . . . . 64 10.8. Interface CICM::Decrypt::WithMACConduit . . . . . . . . 64 10.9. Interface CICM::Decrypt::WithMACNegotiatedConduit . . . 65 10.10. Interface CICM::Decrypt::WithVerifyConduit . . . . . . . 65 10.11. Interface CICM::Decrypt::WithVerifyNegotiatedConduit . . 65 10.12. Interface CICM::Decrypt::KeyUnwrapConduit . . . . . . . 66 10.13. Interface CICM::Decrypt::Negotiator . . . . . . . . . . 66 10.14. Interface CICM::Decrypt::ControllerNegotiator . . . . . 67 10.15. Interface CICM::Decrypt::WithMACNegotiator . . . . . . . 68 10.16. Interface CICM::Decrypt::WithVerifyNegotiator . . . . . 69 11. Duplex . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 11.1. Interface CICM::Duplex::ChannelManager . . . . . . . . . 70 11.2. Interface CICM::Duplex::Stream . . . . . . . . . . . . . 74 11.3. Interface CICM::Duplex::Controller . . . . . . . . . . . 74 11.4. Interface CICM::Duplex::NegotiatedController . . . . . . 74 11.5. Interface CICM::Duplex::Conduit . . . . . . . . . . . . 75 11.6. Interface CICM::Duplex::NegotiatedConduit . . . . . . . 75 11.7. Interface CICM::Duplex::ControllerNegotiator . . . . . . 75 11.8. Interface CICM::Duplex::Negotiator . . . . . . . . . . . 76 12. Bypass (Send) . . . . . . . . . . . . . . . . . . . . . . . . 77 12.1. Interface CICM::BypassWrite::ChannelManager . . . . . . 77 12.2. Interface CICM::BypassWrite::Stream . . . . . . . . . . 80 12.3. Interface CICM::BypassWrite::Controller . . . . . . . . 82 12.4. Interface CICM::BypassWrite::Conduit . . . . . . . . . . 82 Lanz & Novikov Expires January 26, 2012 [Page 3] Internet-Draft CICM Channel Management July 2011 13. Bypass (Read) . . . . . . . . . . . . . . . . . . . . . . . . 82 13.1. Interface CICM::BypassRead::ChannelManager . . . . . . . 83 13.2. Interface CICM::BypassRead::Stream . . . . . . . . . . . 85 13.3. Interface CICM::BypassRead::Controller . . . . . . . . . 87 13.4. Interface CICM::BypassRead::Conduit . . . . . . . . . . 87 14. Encryption with Selective Bypass . . . . . . . . . . . . . . 88 14.1. Interface CICM::EncryptBypass::ChannelManager . . . . . 88 14.2. Interface CICM::EncryptBypass::Stream . . . . . . . . . 92 14.3. Interface CICM::EncryptBypass::NegotiatedController . . 93 14.4. Interface CICM::EncryptBypass::Controller . . . . . . . 93 14.5. Interface CICM::EncryptBypass::Conduit . . . . . . . . . 93 14.6. Interface CICM::EncryptBypass::NegotiatedConduit . . . . 94 14.7. Interface CICM::EncryptBypass::ControllerNegotiator . . 94 14.8. Interface CICM::EncryptBypass::Negotiator . . . . . . . 95 15. Decryption with Selective Bypass . . . . . . . . . . . . . . 96 15.1. Interface CICM::DecryptBypass::ChannelManager . . . . . 96 15.2. Interface CICM::DecryptBypass::Stream . . . . . . . . . 100 15.3. Interface CICM::DecryptBypass::Controller . . . . . . . 101 15.4. Interface CICM::DecryptBypass::NegotiatedController . . 101 15.5. Interface CICM::DecryptBypass::Conduit . . . . . . . . . 101 15.6. Interface CICM::DecryptBypass::NegotiatedConduit . . . . 102 15.7. Interface CICM::DecryptBypass::ControllerNegotiator . . 102 15.8. Interface CICM::DecryptBypass::Negotiator . . . . . . . 103 16. Random, Pseudorandom and Keystream . . . . . . . . . . . . . 104 16.1. Interface CICM::Emit::ChannelManager . . . . . . . . . . 104 16.2. Interface CICM::Emit::GetStream . . . . . . . . . . . . 108 16.3. Interface CICM::Emit::Controller . . . . . . . . . . . . 110 16.4. Interface CICM::Emit::RandomController . . . . . . . . . 111 16.5. Interface CICM::Emit::RandomConduit . . . . . . . . . . 111 16.6. Interface CICM::Emit::PseudoRandomController . . . . . . 111 16.7. Interface CICM::Emit::PseudoRandomConduit . . . . . . . 112 16.8. Interface CICM::Emit::KeyStreamGenController . . . . . . 112 16.9. Interface CICM::Emit::KeyStreamGenConduit . . . . . . . 113 17. Data Integrity . . . . . . . . . . . . . . . . . . . . . . . 113 17.1. Interface CICM::Answer::ChannelManager . . . . . . . . . 113 17.2. Interface CICM::Answer::PutStream . . . . . . . . . . . 118 17.3. Interface CICM::Answer::HashConduit . . . . . . . . . . 118 17.4. Interface CICM::Answer::MACConduit . . . . . . . . . . . 119 17.5. Interface CICM::Answer::MACVerifyConduit . . . . . . . . 120 17.6. Interface CICM::Answer::SignConduit . . . . . . . . . . 120 17.7. Interface CICM::Answer::SignHashConduit . . . . . . . . 120 17.8. Interface CICM::Answer::VerifyConduit . . . . . . . . . 121 17.9. Interface CICM::Answer::VerifyHashConduit . . . . . . . 121 18. Single-Domain . . . . . . . . . . . . . . . . . . . . . . . . 121 18.1. Interface CICM::Coprocessor::ChannelManager . . . . . . 121 18.2. Interface CICM::Coprocessor::Stream . . . . . . . . . . 126 18.3. Interface CICM::Coprocessor::EncryptConduit . . . . . . 127 18.4. Interface CICM::Coprocessor::EncryptWithMACConduit . . . 128 Lanz & Novikov Expires January 26, 2012 [Page 4] Internet-Draft CICM Channel Management July 2011 18.5. Interface CICM::Coprocessor::EncryptWithSignConduit . . 128 18.6. Interface CICM::Coprocessor::DecryptConduit . . . . . . 129 18.7. Interface CICM::Coprocessor::DecryptWithMACConduit . . . 130 18.8. Interface CICM::Coprocessor::DecryptWithVerifyConduit . 130 19. Channel Events . . . . . . . . . . . . . . . . . . . . . . . 130 19.1. Interface CICM::ChannelEventManager . . . . . . . . . . 131 19.2. Interface CICM::ChannelEventListener . . . . . . . . . . 132 20. Channel Groups . . . . . . . . . . . . . . . . . . . . . . . 134 20.1. Interface CICM::ControllerGroup . . . . . . . . . . . . 134 21. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 135 22. Security Considerations . . . . . . . . . . . . . . . . . . . 135 22.1. Confidentiality . . . . . . . . . . . . . . . . . . . . 135 22.2. Bypass . . . . . . . . . . . . . . . . . . . . . . . . . 135 22.3. Data Integrity . . . . . . . . . . . . . . . . . . . . . 135 22.4. Peer Entity Authentication . . . . . . . . . . . . . . . 136 23. References . . . . . . . . . . . . . . . . . . . . . . . . . 136 23.1. Normative References . . . . . . . . . . . . . . . . . . 136 23.2. Informative References . . . . . . . . . . . . . . . . . 136 Appendix A. IDL Definitions . . . . . . . . . . . . . . . . . . 137 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 158 Lanz & Novikov Expires January 26, 2012 [Page 5] Internet-Draft CICM Channel Management July 2011 1. Introduction This document defines the key management functions for the Common Interface to Cryptographic Modules (CICM) as defined in [CICM]. The underlying logical model and terminology is defined in [CICM-LM]. 1.1. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 1.2. Definition Language This document uses the Interface Definition Language (IDL) [IDL] to specify language-neutral interfaces and is not intended to prescribe or preclude a particular communications protocol such as General Inter-ORB Protocol (GIOP) [CORBA] between programs in different address spaces or on different devices. In other words, any specific protocol is strictly OPTIONAL. See Definition Language in [CICM] for more information. 1.3. Conformance and Extension Language This document contains definitions for several opaque data parameters whose format is not defined by CICM. Instead, implementers are required to create an Implementation Conformance Statement which MUST reference a standard format or define a module developer-specific format implemented by the module for these datatypes. See Conformance and Extensions in [CICM] for more details. 2. CICM Dependencies This document depends on type definitions and interfaces that are defined in other CICM documents. 2.1. Namespaces The CICM namespace is defined in [CICM]. 2.2. Types The following type definitions are defined in [CICM]: CICM::UInt32 Lanz & Novikov Expires January 26, 2012 [Page 6] Internet-Draft CICM Channel Management July 2011 CICM::CharString CICM::Buffer CICM::Status (including all return values) CICM::LocalPort CICM::RemotePort CICM::Classification 2.3. Interfaces The interface CICM::Iterator is defined in [CICM]; CICM::Key, CICM:: AsymKey and CICM::SymKey are defined in [CICM-KM]. 3. Channel Namespaces Due to the large number of potential configurations, the definitions of the channel types and their operations are divided into ten namespaces which group together similar or related types of channels. The namespaces are: 1. CICM::Encrypt (Section 9) 2. CICM::Decrypt (Section 10) 3. CICM::Duplex (Section 11) 4. CICM::BypassWrite (Section 12) 5. CICM::BypassRead (Section 13) 6. CICM::EncryptBypass (Section 14) 7. CICM::DecryptBypass (Section 15) 8. CICM::Emit (Section 16) 9. CICM::Answer (Section 17) 10. CICM::Coprocessor (Section 18) See [CICM-LM] for a high level description of the channel types or below for the channel definitions. Lanz & Novikov Expires January 26, 2012 [Page 7] Internet-Draft CICM Channel Management July 2011 4. Channel Abstractions 4.1. Algorithm Types Type CICM::HashAlgorithmId typedef CICM::CharString HashAlgorithmId; Unique hash algorithm identifier. Type CICM::AsymEncrAlgorithmId typedef CICM::CharString AsymEncrAlgorithmId; Unique asymmetric encryption algorithm identifier. Constant CICM::IMPLICIT_ASYM_ENCR_ALGO const CICM::AsymEncrAlgorithmId IMPLICIT_ASYM_ENCR_ALGO = "IMPLICIT"; Value that indicates that the encryption algorithm is implicit in the key being provided to the module. Type CICM::AsymSigAlgorithmId typedef CICM::CharString AsymSigAlgorithmId; Unique asymmetric signature algorithm identifier. Constant CICM::IMPLICIT_ASYM_SIG_ALGO const CICM::AsymSigAlgorithmId IMPLICIT_ASYM_SIG_ALGO = "IMPLICIT"; Value that indicates that the signature algorithm is implicit in the key being provided to the module. Type CICM::KeyWrapAlgorithmId typedef CICM::CharString KeyWrapAlgorithmId; Unique key wrap algorithm identifier, incorporating both the algorithm and the mode. Constant CICM::IMPLICIT_KEY_WRAP_ALGO const CICM::KeyWrapAlgorithmId IMPLICIT_KEY_WRAP_ALGO = "IMPLICIT"; Value that indicates that the key wrap algorithm is implicit in the key being provided to the module. Type CICM::SymEncrAlgorithmId typedef CICM::CharString SymEncrAlgorithmId; Unique symmetric encryption algorithm identifier, incorporating both the algorithm and the mode. Lanz & Novikov Expires January 26, 2012 [Page 8] Internet-Draft CICM Channel Management July 2011 Constant CICM::IMPLICIT_SYM_ENCR_ALGO const CICM::SymEncrAlgorithmId IMPLICIT_SYM_ENCR_ALGO = "IMPLICIT"; Value that indicates that the encryption algorithm is implicit in the key being provided to the module. Type CICM::SymMacAlgorithmId typedef CICM::CharString SymMacAlgorithmId; Unique symmetric MAC algorithm identifier. Constant CICM::IMPLICIT_SYM_MAC_ALGO const CICM::SymMacAlgorithmId IMPLICIT_SYM_MAC_ALGO = "IMPLICIT"; Value that indicates that the MAC algorithm is implicit in the key being provided to the module. Type CICM::ProtocolId typedef CICM::CharString ProtocolId; Unique key agreement protocol identifier. Constant CICM::IMPLICIT_PROTOCOL_ID const CICM::ProtocolId IMPLICIT_PROTOCOL_ID = "IMPLICIT"; Value that indicates that the key agreement protocol is implicit in the message being provided to the module. 4.2. State Vector Type CICM::Vector typedef CICM::Buffer Vector; State vector, used to represent initialization vectors, synchronization vectors, counter values, and time-of-day values. 4.3. Integrity Buffers Type CICM::HashBuffer typedef CICM::Buffer HashBuffer; Cryptographic hash. Type CICM::MACBuffer typedef CICM::Buffer MACBuffer; Message authentication code (MAC). Type CICM::SigBuffer typedef CICM::Buffer SigBuffer; Cryptographic signature. Lanz & Novikov Expires January 26, 2012 [Page 9] Internet-Draft CICM Channel Management July 2011 4.4. Interface CICM::ChannelManager Interface CICM::ChannelManager interface ChannelManager : CICM::Answer::ChannelManager, CICM::BypassRead::ChannelManager, CICM::BypassWrite::ChannelManager, CICM::Coprocessor::ChannelManager, CICM::Decrypt::ChannelManager, CICM::DecryptBypass::ChannelManager, CICM::Duplex::ChannelManager, CICM::Emit::ChannelManager, CICM::Encrypt::ChannelManager, CICM::EncryptBypass::ChannelManager { CICM::ChannelManager supports the creation and negotiation of cryptographic channels. It is accessed from CICM::CryptoModule via the CICM::CryptoModule::channel_manager attribute. CICM:: ChannelManager enables a variety of different channel types to be constructed. Note: Conforming implementations need only implement one or more of the ChannelManager's dependencies thereby limiting which negotiators, controllers, streams, and channels are available. See Conformance and Extensions in [CICM] for more information. 4.4.1. CICM::ChannelManager Inheritance CICM::ChannelManager inherits from: CICM::Answer::ChannelManager, CICM::BypassRead::ChannelManager, CICM::BypassWrite::ChannelManager, CICM::Coprocessor::ChannelManager, CICM::Decrypt::ChannelManager, CICM::DecryptBypass::ChannelManager, CICM::Duplex::ChannelManager, CICM::Emit::ChannelManager, CICM::Encrypt::ChannelManager and CICM:: EncryptBypass::ChannelManager. 4.4.2. CICM::ChannelManager Methods Method CICM::ChannelManager::create_controller_group() CICM::Status create_controller_group( out CICM::ControllerGroup controller_group_ref ); Creates a CICM::ControllerGroup to group controllers and conduits together. Parameters: Lanz & Novikov Expires January 26, 2012 [Page 10] Internet-Draft CICM Channel Management July 2011 [out] controller_group_ref Reference to the created controller group. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT 4.5. Interface CICM::Channel Interface CICM::Channel interface Channel { Defines the logical path through the module. Interface from which all conduit, streams and controllers inherit. Channels are created via the CICM::ChannelManager interface. 4.5.1. CICM::Channel Attributes AttributeCICM::Channel::event_manager readonly attribute CICM::ChannelEventManager event_manager; Provides access to the event manager. 4.6. Interface CICM::Conduit Interface CICM::Conduit interface Conduit : CICM::Controller, CICM::Stream { Interface from which all other conduits are inherited. A conduit is a combination of a stream and controller. 4.6.1. CICM::Conduit Inheritance CICM::Conduit inherits from: CICM::Controller and CICM::Stream. 4.7. Interface CICM::Controller Interface CICM::Controller interface Controller : CICM::Channel { Interface from which all other controllers are inherited. Controls general characteristics of a cryptographic transformation, but does not provide data to be transformed. Remarks: Lanz & Novikov Expires January 26, 2012 [Page 11] Internet-Draft CICM Channel Management July 2011 There may be cases in which a client program wishes to delegate responsibility for sending or receiving data from the module to another process while retaining the authority to manage the channel. To support this task, both processes must share a known local port. The client-program responsible for controlling the channel creates a CICM::Controller of the appropriate type after which the corresponding CICM::Stream may be obtained by the second process. A stream is tied to the specific controller that configured the channel by a common port value. 4.7.1. CICM::Controller Inheritance CICM::Controller inherits from: CICM::Channel. 4.7.2. CICM::Controller Methods Method CICM::Controller::destroy() CICM::Status destroy(); Destroys the controller. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT 4.8. Interface CICM::Stream Interface CICM::Stream interface Stream : CICM::Channel {}; Interface from which all streams inherit. Streams manage the flow of data on a channel, but not its attributes. 4.8.1. CICM::Stream Inheritance CICM::Stream inherits from: CICM::Channel. 5. Conduit Abstractions Lanz & Novikov Expires January 26, 2012 [Page 12] Internet-Draft CICM Channel Management July 2011 5.1. Interface CICM::AbstractMACConduit Interface CICM::AbstractMACConduit interface AbstractMACConduit : CICM::Conduit { Interface from which other MAC conduits are inherited. 5.1.1. CICM::AbstractMACConduit Inheritance CICM::AbstractMACConduit inherits from: CICM::Conduit. 5.1.2. CICM::AbstractMACConduit Attributes AttributeCICM::AbstractMACConduit::mac_key readonly attribute CICM::SymKey mac_key; The key used for computing the MAC. AttributeCICM::AbstractMACConduit::mac_algorithm readonly attribute CICM::SymMacAlgorithmId mac_algorithm; The algorithm used to MAC the data. 5.1.3. CICM::AbstractMACConduit Methods Method CICM::AbstractMACConduit::end_get_mac() CICM::Status end_get_mac( out CICM::MACBuffer mac ); Direct the module to compute and output the MAC value, and reset the channel to accept additional data. Parameters: [out] mac Computed MAC value. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET Lanz & Novikov Expires January 26, 2012 [Page 13] Internet-Draft CICM Channel Management July 2011 5.2. Interface CICM::AbstractSignConduit Interface CICM::AbstractSignConduit interface AbstractSignConduit : CICM::Conduit { Interface from which other sign conduits are inherited. 5.2.1. CICM::AbstractSignConduit Inheritance CICM::AbstractSignConduit inherits from: CICM::Conduit. 5.2.2. CICM::AbstractSignConduit Attributes AttributeCICM::AbstractSignConduit::sign_key readonly attribute CICM::AsymKey sign_key; Key used for signing the data. AttributeCICM::AbstractSignConduit::sign_algorithm readonly attribute CICM::AsymSigAlgorithmId sign_algorithm; Algorithm used to sign the data. 5.2.3. CICM::AbstractSignConduit Methods Method CICM::AbstractSignConduit::end_get_signature() CICM::Status end_get_signature( out CICM::SigBuffer signature ); Direct the module to compute and output the signature, and reset the conduit to accept additional data. Parameters: [out] signature The computed signature. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET Lanz & Novikov Expires January 26, 2012 [Page 14] Internet-Draft CICM Channel Management July 2011 5.3. Interface CICM::AbstractVerifyConduit Interface CICM::AbstractVerifyConduit interface AbstractVerifyConduit : CICM::Conduit { Interface from which other verification conduits are inherited. 5.3.1. CICM::AbstractVerifyConduit Inheritance CICM::AbstractVerifyConduit inherits from: CICM::Conduit. 5.3.2. CICM::AbstractVerifyConduit Types and Constants Type CICM::AbstractVerifyConduit::VerifyStatus typedef CICM::UInt32 VerifyStatus; Verification status (data verifies/does not verify). Constant CICM::AbstractVerifyConduit::C_DATA_VERIFIED const CICM::AbstractVerifyConduit::VerifyStatus C_DATA_VERIFIED = 0x00006025; Data verifies. Constant CICM::AbstractVerifyConduit::C_DATA_NOT_VERIFIED const CICM::AbstractVerifyConduit::VerifyStatus C_DATA_NOT_VERIFIED = 0x00006026; Data does not verify. 5.4. Interface CICM::AbstractMACVerifyConduit Interface CICM::AbstractMACVerifyConduit interface AbstractMACVerifyConduit : CICM::AbstractVerifyConduit { Interface from which other MAC verify conduits are inherited. 5.4.1. CICM::AbstractMACVerifyConduit Inheritance CICM::AbstractMACVerifyConduit inherits from: CICM:: AbstractVerifyConduit. 5.4.2. CICM::AbstractMACVerifyConduit Attributes AttributeCICM::AbstractMACVerifyConduit::verify_key readonly attribute CICM::SymKey verify_key; Key used to verify the MAC. AttributeCICM::AbstractMACVerifyConduit::verify_algorithm readonly attribute CICM::SymMacAlgorithmId verify_algorithm; Algorithm used to verify the data. Lanz & Novikov Expires January 26, 2012 [Page 15] Internet-Draft CICM Channel Management July 2011 5.4.3. CICM::AbstractMACVerifyConduit Methods Method CICM::AbstractMACVerifyConduit::end_get_verified() CICM::Status end_get_verified( in CICM::MACBuffer mac, out CICM::AbstractVerifyConduit::VerifyStatus status ); Direct the module to compute and output the MAC verification status, and reset the channel to accept additional data for verification. Parameters: [in] mac Message authentication code. [out] status Status indicating whether or not the data verifies. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET, S_CHANNEL_DATA_INVALID, S_CHANNEL_DATA_INVALID_LEN 5.5. Interface CICM::AbstractSigVerifyConduit Interface CICM::AbstractSigVerifyConduit interface AbstractSigVerifyConduit : CICM::AbstractVerifyConduit { Interface from which other signature verification conduits are inherited. 5.5.1. CICM::AbstractSigVerifyConduit Inheritance CICM::AbstractSigVerifyConduit inherits from: CICM:: AbstractVerifyConduit. 5.5.2. CICM::AbstractSigVerifyConduit Attributes AttributeCICM::AbstractSigVerifyConduit::verify_key readonly attribute CICM::AsymKey verify_key; Key used to verify the signature. AttributeCICM::AbstractSigVerifyConduit::verify_algorithm readonly attribute CICM::AsymSigAlgorithmId verify_algorithm; Algorithm used to verify the data. Lanz & Novikov Expires January 26, 2012 [Page 16] Internet-Draft CICM Channel Management July 2011 5.5.3. CICM::AbstractSigVerifyConduit Methods Method CICM::AbstractSigVerifyConduit::end_get_verified() CICM::Status end_get_verified( in CICM::SigBuffer signature, out CICM::AbstractVerifyConduit::VerifyStatus status ); Direct the module to compute and output the verification status, and reset the channel to accept additional data for verification. Parameters: [in] signature Signature. [out] status Status indicating whether or not the data verifies. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET, S_CHANNEL_DATA_INVALID, S_CHANNEL_DATA_INVALID_LEN 6. Stream Abstractions 6.1. Interface CICM::WriteStream Interface CICM::WriteStream interface WriteStream : CICM::Stream { Interface from which other streams that write data to the module inherit. 6.1.1. CICM::WriteStream Inheritance CICM::WriteStream inherits from: CICM::Stream. 6.1.2. CICM::WriteStream Types and Constants Type CICM::WriteStream::WriteStatus typedef CICM::UInt32 WriteStatus; Status of an non-blocking write. Lanz & Novikov Expires January 26, 2012 [Page 17] Internet-Draft CICM Channel Management July 2011 Constant CICM::WriteStream::C_WRITE_NOT_READY const CICM::WriteStream::WriteStatus C_WRITE_NOT_READY = 0x00006067; Module is not ready to receive data for writing. Constant CICM::WriteStream::C_WRITE_READY const CICM::WriteStream::WriteStatus C_WRITE_READY = 0x00006068; Module is ready to receive data for writing. 6.2. Interface CICM::ReadStream Interface CICM::ReadStream interface ReadStream : CICM::Stream { Interface from which all other streams that read data from the module inherit. 6.2.1. CICM::ReadStream Inheritance CICM::ReadStream inherits from: CICM::Stream. 6.2.2. CICM::ReadStream Types and Constants Type CICM::ReadStream::ReadStatus typedef CICM::UInt32 ReadStatus; Status of a non-blocking read. Constant CICM::ReadStream::C_READ_NOT_READY const CICM::ReadStream::ReadStatus C_READ_NOT_READY = 0x0000605E; Module does not have data ready for reading. Constant CICM::ReadStream::C_READ_READY const CICM::ReadStream::ReadStatus C_READ_READY = 0x00006061; Module has data ready for reading. 7. Controller Abstractions 7.1. Interface CICM::MultiDomainController Interface CICM::MultiDomainController interface MultiDomainController : CICM::Controller { Interface from which any other multi-domain-related controller or conduit inherits. Remarks: Lanz & Novikov Expires January 26, 2012 [Page 18] Internet-Draft CICM Channel Management July 2011 Provides read access to the local and remote port values associated with the controller. 7.1.1. CICM::MultiDomainController Inheritance CICM::MultiDomainController inherits from: CICM::Controller. 7.1.2. CICM::MultiDomainController Attributes AttributeCICM::MultiDomainController::local_port readonly attribute CICM::LocalPort local_port; Local port associated with this controller. AttributeCICM::MultiDomainController::remote_port readonly attribute CICM::RemotePort remote_port; Remote port associated with this controller. 7.2. Interface CICM::SymKeyController Interface CICM::SymKeyController interface SymKeyController : CICM::Controller { Interface from which all controllers using a symmetric key inherit. 7.2.1. CICM::SymKeyController Inheritance CICM::SymKeyController inherits from: CICM::Controller. 7.2.2. CICM::SymKeyController Attributes Attribute CICM::SymKeyController::key readonly attribute CICM::SymKey key; The key associated with this controller. 7.2.3. CICM::SymKeyController Methods Method CICM::SymKeyController::update_key() CICM::Status update_key(); Cryptographically update the key associated with this controller using the key's native algorithm. Remarks: To update an arbitrary key, use CICM::SymKey::update. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, Lanz & Novikov Expires January 26, 2012 [Page 19] Internet-Draft CICM Channel Management July 2011 S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET See also: CICM::SymKey::update_key_with_algo for the version of this method that accepts an algorithm. Method CICM::SymKeyController::update_key_with_algo() CICM::Status update_key_with_algo( in CICM::SymEncrAlgorithmId algorithm ); Cryptographically update the key associated with this controller using the specified algorithm. Remarks: To update an arbitrary key, use CICM::SymKey::update. Parameters: [in] algorithm Cryptographic algorithm/mode to use to effect the key update. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET See also: CICM::SymKey::update_key for the version of this method that does not require an algorithm to be specified. Method CICM::SymKeyController::rollover_key() CICM::Status rollover_key(); Specify that the next pre-placed key be used with this controller. Remarks: A call to this method may be required when a key reaches the end of its specified or usable lifespan or for other reasons that require that a controller move to a new key. Lanz & Novikov Expires January 26, 2012 [Page 20] Internet-Draft CICM Channel Management July 2011 Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_NO_NEXT, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET See also: CICM::SymKey::rollover_key_with_key for the version of this method that accepts a key. Method CICM::SymKeyController::rollover_key_with_key() CICM::Status rollover_key_with_key( in CICM::SymKey next_key ); Specify the next pre-placed key to be used with this controller. Remarks: A call to this method may be required when a key reaches the end of its specified or usable lifespan or for other reasons that require that a controller move to a new key. Parameters: [in] next_key Reference to pre-placed key to use with this controller. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_CLASSIFICATION, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET See also: CICM::SymKey::rollover_key for the version of this method for which the key is implicit. Lanz & Novikov Expires January 26, 2012 [Page 21] Internet-Draft CICM Channel Management July 2011 7.3. Interface CICM::AsymKeyController Interface CICM::AsymKeyController interface AsymKeyController : CICM::Controller { Interface from which all controllers using an asymmetric key inherit. 7.3.1. CICM::AsymKeyController Inheritance CICM::AsymKeyController inherits from: CICM::Controller. 7.3.2. CICM::AsymKeyController Attributes AttributeCICM::AsymKeyController::key readonly attribute CICM::AsymKey key; Provides read-only access to the key associated with a controller. 7.4. Interface CICM::NegotiatedController Interface CICM::NegotiatedController interface NegotiatedController : CICM::MultiDomainController, CICM::AsymKeyController, CICM::Negotiator { Interface from which all other negotiated controllers inherit. A controller that uses a negotiated key. 7.4.1. CICM::NegotiatedController Inheritance CICM::NegotiatedController inherits from: CICM:: MultiDomainController, CICM::AsymKeyController and CICM::Negotiator. 7.4.2. CICM::NegotiatedController Attributes AttributeCICM::NegotiatedController::negotiated_grade readonly attribute CICM::Classification negotiated_grade; Returns the grade (classification level) of the channel. 7.4.3. CICM::NegotiatedController Methods Method CICM::NegotiatedController::renegotiate() CICM::Status renegotiate(); Renegotiates the traffic encryption key with the associated peer. Remarks: In cases where the key is no longer usable, e.g. it expired or was zeroized, the session MUST be torn down and rebuilt. Note that renegotiation MAY NOT need to be explicitly initiated in all cases Lanz & Novikov Expires January 26, 2012 [Page 22] Internet-Draft CICM Channel Management July 2011 because some modules will automatically initiate a renegotiation when sensing a certain condition (e.g., key expiration, cumulative traffic volume threshold passed, etc.). Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_NEGOTIATION_ABORTED, S_NEGOTIATION_FAILURE, S_NEGOTIATION_IN_PROGRESS, S_NEGOTIATION_TIMEOUT, S_CERT_LOCAL_INVALID, S_CERT_LOCAL_EXPIRED, S_CERT_REMOTE_INVALID, S_CERT_REMOTE_EXPIRED, S_CERT_REMOTE_PATH, S_CHANNEL_ERROR Method CICM::NegotiatedController::initiate_grade_change() CICM::Status initiate_grade_change( in CICM::Classification new_grade ); Requests a change of grade (classification level) for the current traffic. Parameters: [in] new_grade New grade for the traffic. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_NEGOTIATION_ABORTED, S_NEGOTIATION_FAILURE, S_NEGOTIATION_IN_PROGRESS, S_NEGOTIATION_TIMEOUT, S_CERT_LOCAL_INVALID, S_CERT_LOCAL_EXPIRED, S_CERT_REMOTE_INVALID, S_CERT_REMOTE_EXPIRED, S_CERT_REMOTE_PATH, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET Method CICM::NegotiatedController::acknowledge_grade_change() CICM::Status acknowledge_grade_change(); Positively acknowledges the requested change of grade. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, Lanz & Novikov Expires January 26, 2012 [Page 23] Internet-Draft CICM Channel Management July 2011 S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_NEGOTIATION_ABORTED, S_NEGOTIATION_FAILURE, S_NEGOTIATION_IN_PROGRESS, S_NEGOTIATION_TIMEOUT, S_CERT_LOCAL_INVALID, S_CERT_LOCAL_EXPIRED, S_CERT_REMOTE_INVALID, S_CERT_REMOTE_EXPIRED, S_CERT_REMOTE_PATH, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET 7.5. Interface CICM::SetVectorController Interface CICM::SetVectorController interface SetVectorController : CICM::Controller { Provides access to the state vector associated with a controller. 7.5.1. CICM::SetVectorController Inheritance CICM::SetVectorController inherits from: CICM::Controller. 7.5.2. CICM::SetVectorController Attributes AttributeCICM::SetVectorController::vec readonly attribute CICM::Vector vec; State vector associated with this controller. 7.5.3. CICM::SetVectorController Methods Method CICM::SetVectorController::set_vector() CICM::Status set_vector( in CICM::Vector vec ); Set channel state vector. Remarks: This state value may be set when a controller is initially created (initialization vector). It may also be set on a block-by-block basis for appropriate algorithms/modes or for each time epoch (e.g., for time-of-day encryption). Parameters: [in] vec State vector. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_INVALID_VECTOR, Lanz & Novikov Expires January 26, 2012 [Page 24] Internet-Draft CICM Channel Management July 2011 S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT Method CICM::SetVectorController::set_vector_no_check() CICM::Status set_vector_no_check( in CICM::Vector vec ); Set channel state vector without a policy check. Remarks: This state value may be set when a controller is initially created (initialization vector) or on a per-message basis, depending upon how the cryptographic algorithm uses the vector. The length and format of the vector are specific to the algorithm associated with the channel and system in which the channel is being used. This version of the set_vector() method may be used on the decrypt side, for example, to specify no TOD check in cases where TOD rules are not enforced for decryption. Parameters: [in] vec State vector. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_INVALID_VECTOR, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT Method CICM::SetVectorController::reset_vector() CICM::Status reset_vector(); Reset channel state vector to system-dependent value. Remarks: This can be used by the client program to manage time-of-day or counter rollover. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT Lanz & Novikov Expires January 26, 2012 [Page 25] Internet-Draft CICM Channel Management July 2011 7.6. Interface CICM::GenVectorController Interface CICM::GenVectorController interface GenVectorController : CICM::SetVectorController { Enables an state vector to be generated. 7.6.1. CICM::GenVectorController Inheritance CICM::GenVectorController inherits from: CICM::SetVectorController. 7.6.2. CICM::GenVectorController Methods Method CICM::GenVectorController::generate_vector() CICM::Status generate_vector(); Generate a vector for this controller utilizing new random state. Remarks: It may not be necessary for a client program to explicitly generate a vector. Some cryptographic modules will implicitly generate an IV, for example, as a byproduct of channel creation. In other cases, an existing vector will be associated with a controller by calling the CICM::SetVectorController::set_vector method. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_INSUFFICIENT_ENTROPY Method CICM::GenVectorController::generate_vector_existing_state() CICM::Status generate_vector_existing_state(); Generate a vector for this controller utilizing the latest unused state. Remarks: It may not be necessary for a client program to explicitly generate a vector. Some cryptographic modules will implicitly generate an IV, for example, as a byproduct of channel creation. In other cases, an existing vector will be associated with a controller by calling the CICM::SetVectorController::set_vector method. Returns: Lanz & Novikov Expires January 26, 2012 [Page 26] Internet-Draft CICM Channel Management July 2011 S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_INSUFFICIENT_ENTROPY 7.7. Interface CICM::ResyncController Interface CICM::ResyncController interface ResyncController : CICM::Controller { Provides methods to resynchronize a controller or conduit. 7.7.1. CICM::ResyncController Inheritance CICM::ResyncController inherits from: CICM::Controller. 7.7.2. CICM::ResyncController Methods Method CICM::ResyncController::resync() CICM::Status resync(); Resynchronize the channel. Remarks: A client program-initiated resync is required when the host is responsible for ensuring cryptographic synchronization is maintained because the operating mode used does not enable the module to determine that it is out of sync. The action taken by the module as the result of a call to this method will differ based upon characteristics of the cryptographic algorithm, communications path framing, and details of the protocol used to achieve cryptographic synchronization between two modules. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET See also: CICM::ResyncController::resync_with_sync_vector for the version of this method that accepts a synchronization vector. Lanz & Novikov Expires January 26, 2012 [Page 27] Internet-Draft CICM Channel Management July 2011 Method CICM::ResyncController::resync_with_sync_vector() CICM::Status resync_with_sync_vector( in CICM::Vector vec ); Resynchronize the channel, using the specified synchronization vector (required by certain operating modes to initiate a resync). Remarks: A client program-initiated resync is required when the host is responsible for ensuring cryptographic synchronization is maintained because the operating mode used does not enable the module to determine that it is out of sync. The action taken by the module as the result of a call to this method will differ based upon characteristics of the cryptographic algorithm, communications path framing, and details of the protocol used to achieve cryptographic synchronization among modules. Parameters: [in] vec Synchronization vector to use to resynchronize the channel. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_INVALID_VECTOR, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET See also: CICM::ResyncController::resync for the version of this method that does not require a synchronization vector. 8. Channel Negotiation 8.1. Negotiating Channels and Controllers When creating an encryption or decryption channel using an asymmetric keyset, a negotiation process must be initiated between the two communicating entities, resulting in an ephemeral symmetric key held by each entity. The following details the steps in the negotiation process: Lanz & Novikov Expires January 26, 2012 [Page 28] Internet-Draft CICM Channel Management July 2011 1. Retrieve a negotiator. The client program uses the CICM:: ChannelManager to create the appropriate CICM::Negotiator, thus initiating the negotiation. 2. Validate remote peer. Most systems will use a trust anchor to validate that the remote peer is legitimate and will further verify the peer appears on the appropriate access control list(s). In some cases, the above validation will be sufficient. In others, it will be necessary to display information about the remote peer to a human user to receive a positive response from the user that the displayed peer is the expected peer. This validation procedure differs depending upon the display configuration: * If the system is configured with a trusted display, information about the remote peer is displayed to the trusted display and the user is solicited for a response which is returned to the module. The trusted display interactions take place independent of the API. * If the system is not configured with a trusted display, the client program uses CICM::Negotiator::get_remote_info to retrieve information about the remote peer and then displays this information to the user (independent of CICM) to allow the user to determine if this is the expected remote peer; the client program calls CICM::Negotiator::abort_negotiation to abort the negotiation if the user rejects the remote peer. 3. Complete negotiation. The client program explicitly completes the negotiation using the negotiator's complete() method. A successful negotation results in a negotiated controller. 8.2. Interface CICM::Negotiator Interface CICM::Negotiator interface Negotiator { CICM::Negotiator is an abstraction inherited by controllers and CICM::KeyProtocolSender to assist in the management of the negotiation process. Lanz & Novikov Expires January 26, 2012 [Page 29] Internet-Draft CICM Channel Management July 2011 8.2.1. CICM::Negotiator Methods Method CICM::Negotiator::get_remote_info() CICM::Status get_remote_info( out CICM::PeerInfo peer_info ); Retrieve remote peer identification information. The peer information must be displayed to the local user to enable determination to be made as to whether negotiation should continue or be aborted. If the decision is made to abort negotiation, the CICM:: Negotiator::abort_negotiation method MUST be called to destroy any protocol session state. Parameters: [out] peer_info Identifying information about the remote peer. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_NOT_AVAILABLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_TRUSTED_DISPLAY, S_NEGOTIATION_ABORTED, S_NEGOTIATION_FAILURE, S_NEGOTIATION_NOT_IN_PROGRESS, S_NEGOTIATION_TIMEOUT, S_CERT_LOCAL_INVALID, S_CERT_LOCAL_EXPIRED, S_CERT_REMOTE_INVALID, S_CERT_REMOTE_EXPIRED, S_CERT_REMOTE_PATH, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET Method CICM::Negotiator::abort_negotiation() CICM::Status abort_negotiation(); Abort negotiation or renegotiation. This method must be called in the event the identification information for the remote host does not correspond to the expected host. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_NEGOTIATION_NOT_IN_PROGRESS, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET Lanz & Novikov Expires January 26, 2012 [Page 30] Internet-Draft CICM Channel Management July 2011 8.3. Interface CICM::PeerInfo Interface CICM::PeerInfo interface PeerInfo { Information about a peer entity participating in a key negotiation. 8.3.1. CICM::PeerInfo Attributes Attribute CICM::PeerInfo::peer_name readonly attribute CICM::CharString peer_name; Name/organization of remote entity participating in key agreement prototcol. AttributeCICM::PeerInfo::classification readonly attribute CICM::Classification classification; Highest security classification level at which the remote entity participating in the key agreement protocol is capable of communicating. Attribute CICM::PeerInfo::compartment readonly attribute CICM::CharString compartment; Compartment of remote entity participating in key agreement protocol. Attribute CICM::PeerInfo::message readonly attribute CICM::CharString message; Message to be displayed regarding the remote entities' participation in key agreement protocol. 9. Encryption Namespace CICM::Encrypt module Encrypt { The CICM::Encrypt namespace contains interfaces that support encryption operations between two independent security domains. 9.1. Interface CICM::Encrypt::ChannelManager Interface CICM::Encrypt::ChannelManager interface ChannelManager { CICM::Encrypt::ChannelManager is an abstraction inherited by CICM:: ChannelManager that supports the creation of encryption negotiators, conduits, controllers, and streams. See CICM::ChannelManager for additional information. Lanz & Novikov Expires January 26, 2012 [Page 31] Internet-Draft CICM Channel Management July 2011 9.1.1. CICM::Encrypt::ChannelManager Methods Method CICM::Encrypt::ChannelManager::negotiate_encrypt_conduit() CICM::Status negotiate_encrypt_conduit( in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey key_ref, out CICM::Encrypt::Negotiator negotiator_ref ); Initiate a negotiation to establish a shared key with a peer. The channel that results will encrypt a stream of data. Parameters: [in] remote_port Remote port. [in] protocol Protocol identifier. [in] key_ref Reference to negotiation key. [out] negotiator_ref Reference to resulting negotiator. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_USED_COMPONENT_NOT_AVAIL, S_KEY_INVALID, S_KEY_EXPIRED, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_NEGOTIATION_ABORTED, S_NEGOTIATION_FAILURE, S_NEGOTIATION_IN_PROGRESS, S_NEGOTIATION_TIMEOUT, S_CERT_LOCAL_INVALID, S_CERT_LOCAL_EXPIRED, S_CERT_REMOTE_INVALID, S_CERT_REMOTE_EXPIRED, S_CERT_REMOTE_PATH, S_PROTO_INVALID, S_PROTO_INCOMPATIBLE, S_PROTO_UNDETERMINED, S_CHANNEL_ERROR, S_CHANNEL_MAX Lanz & Novikov Expires January 26, 2012 [Page 32] Internet-Draft CICM Channel Management July 2011 Method CICM::Encrypt::ChannelManager:: negotiate_encrypt_with_mac_conduit() CICM::Status negotiate_encrypt_with_mac_conduit( in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::SymKey mac_key_ref, in CICM::AsymKey nego_key_ref, in CICM::SymMacAlgorithmId mac_algorithm, out CICM::Encrypt::WithMACNegotiator negotiator_ref ); Initiate a negotiation to establish a shared key with a peer. The channel that results will MAC and encrypt a stream of data. Remarks: Negotiation applies only to the negotiation key, not the MAC key. Parameters: [in] remote_port Remote port. [in] protocol Protocol identifier. [in] mac_key_ref Reference to MAC key. [in] nego_key_ref Reference to negotiation key. [in] mac_algorithm MAC algorithm. [out] negotiator_ref Reference to resulting negotiator. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_USED_COMPONENT_NOT_AVAIL, S_KEY_INVALID, S_KEY_EXPIRED, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_NEGOTIATION_ABORTED, S_NEGOTIATION_FAILURE, S_NEGOTIATION_IN_PROGRESS, S_NEGOTIATION_TIMEOUT, S_CERT_LOCAL_INVALID, S_CERT_LOCAL_EXPIRED, S_CERT_REMOTE_INVALID, S_CERT_REMOTE_EXPIRED, S_CERT_REMOTE_PATH, S_PROTO_INVALID, S_PROTO_INCOMPATIBLE, S_PROTO_UNDETERMINED, S_CHANNEL_ERROR, S_CHANNEL_MAX Lanz & Novikov Expires January 26, 2012 [Page 33] Internet-Draft CICM Channel Management July 2011 Method CICM::Encrypt::ChannelManager:: negotiate_encrypt_with_sign_conduit() CICM::Status negotiate_encrypt_with_sign_conduit( in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey sign_key_ref, in CICM::AsymKey nego_key_ref, in CICM::AsymSigAlgorithmId sign_algorithm, out CICM::Encrypt::WithSignNegotiator negotiator_ref ); Initiate a negotiation to establish a shared key with a peer. The channel that results will sign and encrypt a stream of data. Remarks: Negotiation applies only to the negotiation key, not the signature key. Parameters: [in] remote_port Remote port. [in] protocol Protocol identifier. [in] sign_key_ref Reference to signature key. [in] nego_key_ref Reference to negotiation key. [in] sign_algorithm Signature algorithm. [out] negotiator_ref Reference to resulting negotiator. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_USED_COMPONENT_NOT_AVAIL, S_KEY_INVALID, S_KEY_EXPIRED, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_NEGOTIATION_ABORTED, S_NEGOTIATION_FAILURE, S_NEGOTIATION_IN_PROGRESS, S_NEGOTIATION_TIMEOUT, S_CERT_LOCAL_INVALID, S_CERT_LOCAL_EXPIRED, S_CERT_REMOTE_INVALID, S_CERT_REMOTE_EXPIRED, S_CERT_REMOTE_PATH, S_PROTO_INVALID, S_PROTO_INCOMPATIBLE, S_PROTO_UNDETERMINED, S_CHANNEL_ERROR, S_CHANNEL_MAX Lanz & Novikov Expires January 26, 2012 [Page 34] Internet-Draft CICM Channel Management July 2011 Method CICM::Encrypt::ChannelManager::negotiate_encrypt_controller() CICM::Status negotiate_encrypt_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey key_ref, out CICM::Encrypt::ControllerNegotiator negotiator_ref ); Initiate a negotiation to establish a shared key with a peer, resulting in a controller to manage an encryption channel. Parameters: [in] local_port Local port. [in] remote_port Remote port. [in] protocol Protocol identifier. [in] key_ref Reference to encryption key. [out] negotiator_ref Reference to resulting negotiator. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_USED_COMPONENT_NOT_AVAIL, S_KEY_INVALID, S_KEY_EXPIRED, S_LOCAL_PORT_INVALID, S_LOCAL_PORT_INCOMPATIBLE, S_LOCAL_PORT_IN_USE, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_NEGOTIATION_ABORTED, S_NEGOTIATION_FAILURE, S_NEGOTIATION_IN_PROGRESS, S_NEGOTIATION_TIMEOUT, S_CERT_LOCAL_INVALID, S_CERT_LOCAL_EXPIRED, S_CERT_REMOTE_INVALID, S_CERT_REMOTE_EXPIRED, S_CERT_REMOTE_PATH, S_PROTO_INVALID, S_PROTO_INCOMPATIBLE, S_PROTO_UNDETERMINED, S_CHANNEL_ERROR, S_CHANNEL_MAX Lanz & Novikov Expires January 26, 2012 [Page 35] Internet-Draft CICM Channel Management July 2011 Method CICM::Encrypt::ChannelManager::create_encrypt_conduit() CICM::Status create_encrypt_conduit( in CICM::RemotePort remote_port, in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::Encrypt::Conduit conduit_ref ); Create conduit to encrypt a stream of data. Parameters: [in] remote_port Remote port. [in] key_ref Reference to encryption key. [in] algorithm Encryption algorithm/mode. [out] conduit_ref Reference to resulting conduit. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_INVALID, S_KEY_EXPIRED, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Method CICM::Encrypt::ChannelManager:: create_encrypt_with_mac_conduit() CICM::Status create_encrypt_with_mac_conduit( in CICM::RemotePort remote_port, in CICM::SymKey mac_key_ref, in CICM::SymKey encrypt_key_ref, in CICM::SymMacAlgorithmId mac_algorithm, in CICM::SymEncrAlgorithmId encr_algorithm, out CICM::Encrypt::WithMACConduit conduit_ref ); Create conduit to MAC and encrypt a stream of data. Parameters: [in] remote_port Remote port. Lanz & Novikov Expires January 26, 2012 [Page 36] Internet-Draft CICM Channel Management July 2011 [in] mac_key_ref Reference to MAC key. [in] encrypt_key_ref Reference to encryption key. [in] mac_algorithm MAC algorithm. [in] encr_algorithm Encryption algorithm/mode. [out] conduit_ref Reference to resulting conduit. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_INVALID, S_KEY_EXPIRED, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Method CICM::Encrypt::ChannelManager:: create_encrypt_with_sign_conduit() CICM::Status create_encrypt_with_sign_conduit( in CICM::RemotePort remote_port, in CICM::AsymKey sign_key_ref, in CICM::SymKey encrypt_key_ref, in CICM::AsymSigAlgorithmId sign_algorithm, in CICM::SymEncrAlgorithmId encr_algorithm, out CICM::Encrypt::WithSignConduit conduit_ref ); Create conduit to sign and encrypt a stream of data. Parameters: [in] remote_port Remote port. [in] sign_key_ref Reference to signature key. [in] encrypt_key_ref Reference to encryption key. [in] sign_algorithm Signature algorithm. [in] encr_algorithm Encryption algorithm/mode. [out] conduit_ref Reference to resulting conduit. Lanz & Novikov Expires January 26, 2012 [Page 37] Internet-Draft CICM Channel Management July 2011 Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_USED_COMPONENT_NOT_AVAIL, S_KEY_INVALID, S_KEY_EXPIRED, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Method CICM::Encrypt::ChannelManager::create_key_wrap_conduit() CICM::Status create_key_wrap_conduit( in CICM::RemotePort remote_port, in CICM::SymKey kek_ref, in CICM::KeyWrapAlgorithmId algorithm, out CICM::Encrypt::KeyWrapConduit conduit_ref ); Create conduit to wrap a key. Remarks: This type of conduit may be used to wrap key material bound for a peer cryptographic module. To wrap individual keys already in the module, use CICM::Symkey::wrap or CICM::Asymkey::wrap. Parameters: [in] remote_port Remote port. [in] kek_ref Reference to key encryption key. [in] algorithm Key wrapping algorithm/mode. [out] conduit_ref Reference to resulting conduit. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_INVALID, S_KEY_EXPIRED, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Lanz & Novikov Expires January 26, 2012 [Page 38] Internet-Draft CICM Channel Management July 2011 Method CICM::Encrypt::ChannelManager::create_encrypt_controller() CICM::Status create_encrypt_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::Encrypt::Controller controller_ref ); Create controller to configure and control an encryption channel. Remarks: In some cases, hosts may depend upon separate processes to control and use a channel. This method returns the channel controller and MUST be called before the corresponding stream is retrieved. Parameters: [in] local_port Local port. [in] remote_port Remote port. [in] key_ref Reference to encryption key. [in] algorithm Encryption algorithm/mode. [out] controller_ref Reference to resulting controller. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_LOCAL_PORT_INVALID, S_LOCAL_PORT_INCOMPATIBLE, S_LOCAL_PORT_IN_USE, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Method CICM::Encrypt::ChannelManager::get_encrypt_stream() CICM::Status get_encrypt_stream( in CICM::LocalPort local_port, out CICM::Encrypt::Stream stream_ref ); Create stream associated with previously created controller to accept data for transformation. Parameters: Lanz & Novikov Expires January 26, 2012 [Page 39] Internet-Draft CICM Channel Management July 2011 [in] local_port Local port. [out] stream_ref Reference to resulting stream. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_LOCAL_PORT_INVALID, S_LOCAL_PORT_INCOMPATIBLE, S_LOCAL_PORT_IN_USE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET, S_CHANNEL_NOT_FOUND 9.2. Interface CICM::Encrypt::Stream Interface CICM::Encrypt::Stream interface Stream : CICM::WriteStream { CICM::Encrypt::Stream supports encryption operations between two independent security domains. The resulting stream is capable of accepting data for transformation, but not managing the channel. It is created by calling CICM::ChannelManager::get_encrypt_stream. 9.2.1. CICM::Encrypt::Stream Inheritance CICM::Encrypt::Stream inherits from: CICM::WriteStream. 9.2.2. CICM::Encrypt::Stream Methods Method CICM::Encrypt::Stream::encrypt() CICM::Status encrypt( in CICM::Buffer buffer ); Sends data to the module to be encrypted. The method blocks until data is sent. Parameters: [in] buffer Plaintext to encrypt. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_KEY_WRAPPED, S_TOKEN_NOT_PRESENT, Lanz & Novikov Expires January 26, 2012 [Page 40] Internet-Draft CICM Channel Management July 2011 S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET, S_CHANNEL_IO_ERROR, S_CHANNEL_DATA_INVALID, S_CHANNEL_DATA_INVALID_LEN Method CICM::Encrypt::Stream::encrypt_non_blocking() CICM::Status encrypt_non_blocking( in CICM::Buffer buffer, in CICM::TransId transaction_id ); Registers a buffer of data to be sent to the module for encryption and then immediately returns control to the caller. The length of the data is encapsulated in the buffer parameter. The caller may use the CICM::Encrypt::Stream::encrypt_poll method to proactively poll the channel to determine the status of the operation. The caller is responsible for maintaining any necessary metadata associated with the transaction_id parameter. Memory responsibilities and calling conventions MUST follow the appropriate IDL language mapping conventions. Parameters: [in] buffer Plaintext to encrypt. [in] transaction_id Unique transaction id that will be used by the CICM::Encrypt::Stream::encrypt_poll method to determine to which buffer the poll status applies. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_KEY_WRAPPED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET, S_CHANNEL_IO_ERROR, S_CHANNEL_DATA_INVALID, S_CHANNEL_DATA_INVALID_LEN Method CICM::Encrypt::Stream::encrypt_poll() CICM::Status encrypt_poll( in CICM::TransId transaction_id, out CICM::WriteStream::WriteStatus status ); Returns the status of the non-blocking encryption operation specified by the transaction_id parameter. Memory responsibilities and calling conventions shall follow the appropriate IDL language mapping conventions. Lanz & Novikov Expires January 26, 2012 [Page 41] Internet-Draft CICM Channel Management July 2011 Parameters: [in] transaction_id Unique transaction id previously specified to the CICM::Encrypt::Stream::encrypt_non_blocking method that allows the poll operation to determine to which buffer the poll status applies. [out] status Status of the non-blocking operation corresponding to the transaction_id parameter. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_KEY_WRAPPED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET, S_CHANNEL_IO_ERROR 9.3. Interface CICM::Encrypt::KeyWrapStream Interface CICM::Encrypt::KeyWrapStream interface KeyWrapStream : CICM::Stream { CICM::Encrypt::KeyWrapStream is an abstraction that allows key material to be presented to a stream for wrapping prior to passing into a different security domain. 9.3.1. CICM::Encrypt::KeyWrapStream Inheritance CICM::Encrypt::KeyWrapStream inherits from: CICM::Stream. 9.3.2. CICM::Encrypt::KeyWrapStream Methods Method CICM::Encrypt::KeyWrapStream::wrap_key() CICM::Status wrap_key( in CICM::Key key_ref ); Write the key to be wrapped to the channel stream. Remarks: The method blocks until the key has been written. Parameters: [in] key_ref Reference to key to be wrapped. Lanz & Novikov Expires January 26, 2012 [Page 42] Internet-Draft CICM Channel Management July 2011 Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_KEY_CLASSIFICATION, S_KEY_WRAPPED, S_KEY_NOT_WRAPPABLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET, S_CHANNEL_IO_ERROR 9.4. Interface CICM::Encrypt::Controller Interface CICM::Encrypt::Controller interface Controller : CICM::MultiDomainController, CICM::SymKeyController, CICM::GenVectorController, CICM::ResyncController { CICM::Encrypt::Controller supports encryption operations between two independent security domains. The resulting controller is capable of managing the channel, but not accepting data for transformation. It is created by calling CICM::ChannelManager:: create_encrypt_controller. 9.4.1. CICM::Encrypt::Controller Inheritance CICM::Encrypt::Controller inherits from: CICM::MultiDomainController, CICM::SymKeyController, CICM::GenVectorController and CICM:: ResyncController. 9.5. Interface CICM::Encrypt::NegotiatedController Interface CICM::Encrypt::NegotiatedController interface NegotiatedController : CICM::NegotiatedController, CICM::GenVectorController, CICM::ResyncController { CICM::Encrypt::NegotiatedController is the negotiated version of CICM::Encrypt::Controller. It is the result of a successful negotiation by CICM::Encrypt::ControllerNegotiator. 9.5.1. CICM::Encrypt::NegotiatedController Inheritance CICM::Encrypt::NegotiatedController inherits from: CICM:: NegotiatedController, CICM::GenVectorController and CICM:: ResyncController. Lanz & Novikov Expires January 26, 2012 [Page 43] Internet-Draft CICM Channel Management July 2011 9.6. Interface CICM::Encrypt::Conduit Interface CICM::Encrypt::Conduit interface Conduit : CICM::Conduit, CICM::Encrypt::Controller, CICM::Encrypt::Stream { CICM::Encrypt::Conduit supports encryption operations between two independent security domains. The resulting conduit is capable of both managing the channel and accepting data for transformation. It is created by calling CICM::ChannelManager::create_encrypt_conduit. 9.6.1. CICM::Encrypt::Conduit Inheritance CICM::Encrypt::Conduit inherits from: CICM::Conduit, CICM::Encrypt:: Controller and CICM::Encrypt::Stream. 9.7. Interface CICM::Encrypt::NegotiatedConduit Interface CICM::Encrypt::NegotiatedConduit interface NegotiatedConduit : CICM::Conduit, CICM::Encrypt::NegotiatedController, CICM::Encrypt::Stream { CICM::Encrypt::NegotiatedConduit is the negotiated version of CICM:: Encrypt::Conduit. It is the result of a successful negotiation by CICM::Encrypt::Negotiator. 9.7.1. CICM::Encrypt::NegotiatedConduit Inheritance CICM::Encrypt::NegotiatedConduit inherits from: CICM::Conduit, CICM:: Encrypt::NegotiatedController and CICM::Encrypt::Stream. 9.8. Interface CICM::Encrypt::WithMACConduit Interface CICM::Encrypt::WithMACConduit interface WithMACConduit : CICM::AbstractMACConduit, CICM::Encrypt::Conduit { CICM::Encrypt::WithMACConduit supports encryption operations between two independent security domains with the receipt of a MAC value in the initiating domain. The resulting conduit is capable of both managing the channel and accepting data for transformation. It is created by calling CICM::ChannelManager:: create_encrypt_with_mac_conduit. Lanz & Novikov Expires January 26, 2012 [Page 44] Internet-Draft CICM Channel Management July 2011 9.8.1. CICM::Encrypt::WithMACConduit Inheritance CICM::Encrypt::WithMACConduit inherits from: CICM::AbstractMACConduit and CICM::Encrypt::Conduit. 9.9. Interface CICM::Encrypt::WithMACNegotiatedConduit Interface CICM::Encrypt::WithMACNegotiatedConduit interface WithMACNegotiatedConduit : CICM::AbstractMACConduit, CICM::Encrypt::NegotiatedConduit { CICM::Encrypt::WithMACNegotiatedConduit is the negotiated version of CICM::Encrypt::WithMACConduit. It is the result of a successful negotiation by CICM::Encrypt::WithMACNegotiator. 9.9.1. CICM::Encrypt::WithMACNegotiatedConduit Inheritance CICM::Encrypt::WithMACNegotiatedConduit inherits from: CICM:: AbstractMACConduit and CICM::Encrypt::NegotiatedConduit. 9.10. Interface CICM::Encrypt::WithSignConduit Interface CICM::Encrypt::WithSignConduit interface WithSignConduit : CICM::AbstractSignConduit, CICM::Encrypt::Conduit { CICM::Encrypt::WithSignConduit supports encryption operations between two independent security domains with the receipt of a signature value in the initiating domain. The resulting conduit is capable of both managing the channel and accepting data for transformation. It is created by calling CICM::ChannelManager:: create_encrypt_with_sign_conduit. 9.10.1. CICM::Encrypt::WithSignConduit Inheritance CICM::Encrypt::WithSignConduit inherits from: CICM:: AbstractSignConduit and CICM::Encrypt::Conduit. 9.11. Interface CICM::Encrypt::WithSignNegotiatedConduit Interface CICM::Encrypt::WithSignNegotiatedConduit interface WithSignNegotiatedConduit : CICM::AbstractSignConduit, CICM::Encrypt::NegotiatedConduit { CICM::Encrypt::WithSignNegotiatedConduit is the negotiated version of CICM::Encrypt::WithSignConduit. It is the result of a successful negotiation by CICM::Encrypt::WithSignNegotiator. Lanz & Novikov Expires January 26, 2012 [Page 45] Internet-Draft CICM Channel Management July 2011 9.11.1. CICM::Encrypt::WithSignNegotiatedConduit Inheritance CICM::Encrypt::WithSignNegotiatedConduit inherits from: CICM:: AbstractSignConduit and CICM::Encrypt::NegotiatedConduit. 9.12. Interface CICM::Encrypt::KeyWrapConduit Interface CICM::Encrypt::KeyWrapConduit interface KeyWrapConduit : CICM::Encrypt::Controller, CICM::Encrypt::KeyWrapStream { CICM::Encrypt::KeyWrapConduit supports key wrapping operations between two independent security domains. The resulting conduit is capable of both managing the channel and accepting keys for transformation. It is created by calling CICM::ChannelManager:: create_key_wrap_conduit. 9.12.1. CICM::Encrypt::KeyWrapConduit Inheritance CICM::Encrypt::KeyWrapConduit inherits from: CICM::Encrypt:: Controller and CICM::Encrypt::KeyWrapStream. 9.13. Interface CICM::Encrypt::ControllerNegotiator Interface CICM::Encrypt::ControllerNegotiator interface ControllerNegotiator : CICM::Negotiator { CICM::Encrypt::ControllerNegotiator initiates a negotiation to establish a shared key with a remote entity that is used to support encryption operations between two independent security domains. The result of a successful negotiation is a CICM::Encrypt:: NegotiatedController which is capable of managing the channel, but not accepting data for transformation. CICM::Encrypt:: ControllerNegotiator is created by calling CICM::ChannelManager:: negotiate_encrypt_controller. 9.13.1. CICM::Encrypt::ControllerNegotiator Inheritance CICM::Encrypt::ControllerNegotiator inherits from: CICM::Negotiator. Lanz & Novikov Expires January 26, 2012 [Page 46] Internet-Draft CICM Channel Management July 2011 9.13.2. CICM::Encrypt::ControllerNegotiator Methods Method CICM::Encrypt::ControllerNegotiator::complete() CICM::Status complete( out CICM::Encrypt::NegotiatedController controller_ref ); Complete negotiation and retrieve a negotiated negotiated encrypt controller. Parameters: [out] controller_ref Reference to resulting controller. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_NEGOTIATION_ABORTED, S_NEGOTIATION_FAILURE, S_NEGOTIATION_NOT_IN_PROGRESS, S_NEGOTIATION_TIMEOUT, S_CERT_LOCAL_INVALID, S_CERT_LOCAL_EXPIRED, S_CERT_REMOTE_INVALID, S_CERT_REMOTE_EXPIRED, S_CERT_REMOTE_PATH, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET 9.14. Interface CICM::Encrypt::Negotiator Interface CICM::Encrypt::Negotiator interface Negotiator : CICM::Negotiator { CICM::Encrypt::Negotiator initiates a negotiation to establish a shared key with a remote entity that is used to support encryption operations between two independent security domains. The result of a successful negotiation is a CICM::Encrypt::NegotiatedConduit which is capable of both managing the channel and accepting data for transformation. CICM::Negotiator is created by calling CICM:: Encrypt::ChannelManager::negotiate_encrypt_conduit. 9.14.1. CICM::Encrypt::Negotiator Inheritance CICM::Encrypt::Negotiator inherits from: CICM::Negotiator. Lanz & Novikov Expires January 26, 2012 [Page 47] Internet-Draft CICM Channel Management July 2011 9.14.2. CICM::Encrypt::Negotiator Methods Method CICM::Encrypt::Negotiator::complete() CICM::Status complete( out CICM::Encrypt::NegotiatedConduit conduit_ref ); Complete negotiation and retrieve a negotiated encrypt conduit. Parameters: [out] conduit_ref Reference to resulting conduit. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_NEGOTIATION_ABORTED, S_NEGOTIATION_FAILURE, S_NEGOTIATION_NOT_IN_PROGRESS, S_NEGOTIATION_TIMEOUT, S_CERT_LOCAL_INVALID, S_CERT_LOCAL_EXPIRED, S_CERT_REMOTE_INVALID, S_CERT_REMOTE_EXPIRED, S_CERT_REMOTE_PATH, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET 9.15. Interface CICM::Encrypt::WithMACNegotiator Interface CICM::Encrypt::WithMACNegotiator interface WithMACNegotiator : CICM::Negotiator { CICM::Encrypt::WithMACNegotiator initiates a negotiation to establish a shared key with a remote entity that is used to support encryption operations between two independent security domains. Additionally, a message authentication code (MAC) is received in the initiating domain. The result of a successful negotiation is a CICM::Encrypt:: WithMACNegotiatedConduit which is capable of both managing the channel and accepting data for transformation. CICM::Encrypt:: WithMACNegotiator is created by calling CICM::ChannelManager:: negotiate_encrypt_with_mac_conduit. 9.15.1. CICM::Encrypt::WithMACNegotiator Inheritance CICM::Encrypt::WithMACNegotiator inherits from: CICM::Negotiator. Lanz & Novikov Expires January 26, 2012 [Page 48] Internet-Draft CICM Channel Management July 2011 9.15.2. CICM::Encrypt::WithMACNegotiator Methods Method CICM::Encrypt::WithMACNegotiator::complete() CICM::Status complete( out CICM::Encrypt::WithMACNegotiatedConduit conduit_ref ); Complete negotiation and retrieve a negotiated MAC encrypt conduit. Parameters: [out] conduit_ref Reference to resulting conduit. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_NEGOTIATION_ABORTED, S_NEGOTIATION_FAILURE, S_NEGOTIATION_NOT_IN_PROGRESS, S_NEGOTIATION_TIMEOUT, S_CERT_LOCAL_INVALID, S_CERT_LOCAL_EXPIRED, S_CERT_REMOTE_INVALID, S_CERT_REMOTE_EXPIRED, S_CERT_REMOTE_PATH, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET 9.16. Interface CICM::Encrypt::WithSignNegotiator Interface CICM::Encrypt::WithSignNegotiator interface WithSignNegotiator : CICM::Negotiator { CICM::Encrypt::WithSignNegotiator initiates a negotiation to establish a shared key with a remote entity that is used to support encryption operations between two independent security domains. Additionally, a signature value is received in the initiating domain. The result of a successful negotiation is a CICM::Encrypt:: WithSignNegotiatedConduit which is capable of both managing the channel and accepting data for transformation. CICM::Encrypt:: WithSignNegotiator is created by calling CICM::ChannelManager:: negotiate_encrypt_with_sign_conduit. 9.16.1. CICM::Encrypt::WithSignNegotiator Inheritance CICM::Encrypt::WithSignNegotiator inherits from: CICM::Negotiator. Lanz & Novikov Expires January 26, 2012 [Page 49] Internet-Draft CICM Channel Management July 2011 9.16.2. CICM::Encrypt::WithSignNegotiator Methods Method CICM::Encrypt::WithSignNegotiator::complete() CICM::Status complete( out CICM::Encrypt::WithSignNegotiatedConduit conduit_ref ); Complete negotiation and retrieve a negotiated sign encrypt conduit. Parameters: [out] conduit_ref Reference to resulting conduit. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_NEGOTIATION_ABORTED, S_NEGOTIATION_FAILURE, S_NEGOTIATION_NOT_IN_PROGRESS, S_NEGOTIATION_TIMEOUT, S_CERT_LOCAL_INVALID, S_CERT_LOCAL_EXPIRED, S_CERT_REMOTE_INVALID, S_CERT_REMOTE_EXPIRED, S_CERT_REMOTE_PATH, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET 10. Decryption Namespace CICM::Decrypt module Decrypt { The CICM::Decrypt namespace contains interfaces that support decryption operations between two independent security domains. 10.1. Interface CICM::Decrypt::ChannelManager Interface CICM::Decrypt::ChannelManager interface ChannelManager { CICM::Decrypt::ChannelManager is an abstraction inherited by CICM:: ChannelManager that supports the creation of decryption negotiators, conduits, controllers, and streams. See CICM::ChannelManager for additional information. Lanz & Novikov Expires January 26, 2012 [Page 50] Internet-Draft CICM Channel Management July 2011 10.1.1. CICM::Decrypt::ChannelManager Methods Method CICM::Decrypt::ChannelManager::negotiate_decrypt_conduit() CICM::Status negotiate_decrypt_conduit( in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey key_ref, out CICM::Decrypt::Negotiator negotiator_ref ); Creates a negotiator that, upon successful negotiation, results in a CICM::Decrypt::NegotiatedConduit. Parameters: [in] remote_port Remote port. [in] protocol Protocol identifier. [in] key_ref Reference to negotiation key. [out] negotiator_ref Reference to resulting negotiator. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_USED_COMPONENT_NOT_AVAIL, S_KEY_INVALID, S_KEY_EXPIRED, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_NEGOTIATION_ABORTED, S_NEGOTIATION_FAILURE, S_NEGOTIATION_IN_PROGRESS, S_NEGOTIATION_TIMEOUT, S_CERT_LOCAL_INVALID, S_CERT_LOCAL_EXPIRED, S_CERT_REMOTE_INVALID, S_CERT_REMOTE_EXPIRED, S_CERT_REMOTE_PATH, S_PROTO_INVALID, S_PROTO_INCOMPATIBLE, S_PROTO_UNDETERMINED, S_CHANNEL_ERROR, S_CHANNEL_MAX Lanz & Novikov Expires January 26, 2012 [Page 51] Internet-Draft CICM Channel Management July 2011 Method CICM::Decrypt::ChannelManager:: negotiate_decrypt_with_mac_conduit() CICM::Status negotiate_decrypt_with_mac_conduit( in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::SymKey verify_key_ref, in CICM::AsymKey nego_key_ref, in CICM::SymMacAlgorithmId verify_algorithm, out CICM::Decrypt::WithMACNegotiator negotiator_ref ); Creates a negotiator that, upon successful negotiation, results in a CICM::Decrypt::MACNegotiatedConduit. Remarks: Negotiation applies only to the negotiation key, not the MAC key. Parameters: [in] remote_port Remote port. [in] protocol Protocol identifier. [in] verify_key_ref Reference to verification key. [in] nego_key_ref Reference to negotiation key. [in] verify_algorithm Verification algorithm. [out] negotiator_ref Reference to resulting negotiator. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_USED_COMPONENT_NOT_AVAIL, S_KEY_INVALID, S_KEY_EXPIRED, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_NEGOTIATION_ABORTED, S_NEGOTIATION_FAILURE, S_NEGOTIATION_IN_PROGRESS, S_NEGOTIATION_TIMEOUT, S_CERT_LOCAL_INVALID, S_CERT_LOCAL_EXPIRED, S_CERT_REMOTE_INVALID, S_CERT_REMOTE_EXPIRED, S_CERT_REMOTE_PATH, S_PROTO_INVALID, S_PROTO_INCOMPATIBLE, S_PROTO_UNDETERMINED, S_CHANNEL_ERROR, S_CHANNEL_MAX Lanz & Novikov Expires January 26, 2012 [Page 52] Internet-Draft CICM Channel Management July 2011 Method CICM::Decrypt::ChannelManager:: negotiate_decrypt_with_verify_conduit() CICM::Status negotiate_decrypt_with_verify_conduit( in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey verify_key_ref, in CICM::AsymKey nego_key_ref, in CICM::AsymSigAlgorithmId verify_algorithm, out CICM::Decrypt::WithVerifyNegotiator negotiator_ref ); Initiate a negotiation to establish a shared key with a peer. The channel that results will decrypt and verify a stream of data. Remarks: Negotiation applies only to the negotiation key, not the signature verification key. Parameters: [in] remote_port Remote port. [in] protocol Protocol identifier. [in] verify_key_ref Reference to verification key. [in] nego_key_ref Reference to negotiation key. [in] verify_algorithm Verification algorithm. [out] negotiator_ref Reference to resulting negotiator. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_USED_COMPONENT_NOT_AVAIL, S_KEY_INVALID, S_KEY_EXPIRED, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_NEGOTIATION_ABORTED, S_NEGOTIATION_FAILURE, S_NEGOTIATION_IN_PROGRESS, S_NEGOTIATION_TIMEOUT, S_CERT_LOCAL_INVALID, S_CERT_LOCAL_EXPIRED, S_CERT_REMOTE_INVALID, S_CERT_REMOTE_EXPIRED, S_CERT_REMOTE_PATH, S_PROTO_INVALID, S_PROTO_INCOMPATIBLE, S_PROTO_UNDETERMINED, S_CHANNEL_ERROR, S_CHANNEL_MAX Lanz & Novikov Expires January 26, 2012 [Page 53] Internet-Draft CICM Channel Management July 2011 Method CICM::Decrypt::ChannelManager::negotiate_decrypt_controller() CICM::Status negotiate_decrypt_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey key_ref, out CICM::Decrypt::ControllerNegotiator negotiator_ref ); Initiate a negotiation to establish a shared key with a peer, resulting in a controller to manage a decryption channel. Parameters: [in] local_port Local port. [in] remote_port Remote port. [in] protocol Protocol identifier. [in] key_ref Reference to negotiation key. [out] negotiator_ref Reference to resulting negotiator. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_USED_COMPONENT_NOT_AVAIL, S_KEY_INVALID, S_KEY_EXPIRED, S_LOCAL_PORT_INVALID, S_LOCAL_PORT_INCOMPATIBLE, S_LOCAL_PORT_IN_USE, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_NEGOTIATION_ABORTED, S_NEGOTIATION_FAILURE, S_NEGOTIATION_IN_PROGRESS, S_NEGOTIATION_TIMEOUT, S_CERT_LOCAL_INVALID, S_CERT_LOCAL_EXPIRED, S_CERT_REMOTE_INVALID, S_CERT_REMOTE_EXPIRED, S_CERT_REMOTE_PATH, S_PROTO_INVALID, S_PROTO_INCOMPATIBLE, S_PROTO_UNDETERMINED, S_CHANNEL_ERROR, S_CHANNEL_MAX Lanz & Novikov Expires January 26, 2012 [Page 54] Internet-Draft CICM Channel Management July 2011 Method CICM::Decrypt::ChannelManager::create_decrypt_conduit() CICM::Status create_decrypt_conduit( in CICM::RemotePort remote_port, in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::Decrypt::Conduit conduit_ref ); Create channel to decrypt a stream of data. Parameters: [in] remote_port Remote port. [in] key_ref Reference to decryption key. [in] algorithm Decryption algorithm/mode. [out] conduit_ref Reference to resulting conduit. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_INVALID, S_KEY_EXPIRED, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Method CICM::Decrypt::ChannelManager:: create_decrypt_with_mac_conduit() CICM::Status create_decrypt_with_mac_conduit( in CICM::RemotePort remote_port, in CICM::SymKey verify_key_ref, in CICM::SymKey decrypt_key_ref, in CICM::SymMacAlgorithmId verify_algorithm, in CICM::SymEncrAlgorithmId decrypt_algorithm, out CICM::Decrypt::WithMACConduit conduit_ref ); Create channel to MAC verify and decrypt a stream of data. Parameters: [in] remote_port Remote port. [in] verify_key_ref Reference to verification key. Lanz & Novikov Expires January 26, 2012 [Page 55] Internet-Draft CICM Channel Management July 2011 [in] decrypt_key_ref Reference to decryption key. [in] verify_algorithm Verification algorithm. [in] decrypt_algorithm Decryption algorithm/mode. [out] conduit_ref Reference to resulting conduit. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_INVALID, S_KEY_EXPIRED, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Method CICM::Decrypt::ChannelManager:: create_decrypt_with_verify_conduit() CICM::Status create_decrypt_with_verify_conduit( in CICM::RemotePort remote_port, in CICM::AsymKey verify_key_ref, in CICM::SymKey decrypt_key_ref, in CICM::AsymSigAlgorithmId verify_algorithm, in CICM::SymEncrAlgorithmId decrypt_algorithm, out CICM::Decrypt::WithVerifyConduit conduit_ref ); Create channel to verify and decrypt a stream of data. Parameters: [in] remote_port Remote port. [in] verify_key_ref Reference to verification key. [in] decrypt_key_ref Reference to decryption key. [in] verify_algorithm Verification algorithm. [in] decrypt_algorithm Decryption algorithm/mode. [out] conduit_ref Reference to resulting conduit. Returns: Lanz & Novikov Expires January 26, 2012 [Page 56] Internet-Draft CICM Channel Management July 2011 S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_INVALID, S_KEY_EXPIRED, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Method CICM::Decrypt::ChannelManager::create_key_unwrap_conduit() CICM::Status create_key_unwrap_conduit( in CICM::RemotePort remote_port, in CICM::SymKey kek_ref, in CICM::KeyWrapAlgorithmId algorithm, out CICM::Decrypt::KeyUnwrapConduit conduit_ref ); Create channel to unwrap a key. This type of channel may be used to bulk unwrap key material originating at a key infrastructure component or from a peer cryptographic module. Note that, to unwrap individual keys already in the module, use CICM::Symkey::unwrap or CICM::Asymkey::unwrap. Parameters: [in] remote_port Remote port. [in] kek_ref Reference to key encryption key. [in] algorithm Key unwrapping algorithm/mode. [out] conduit_ref Reference to resulting conduit. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_INVALID, S_KEY_EXPIRED, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Lanz & Novikov Expires January 26, 2012 [Page 57] Internet-Draft CICM Channel Management July 2011 Method CICM::Decrypt::ChannelManager::create_decrypt_controller() CICM::Status create_decrypt_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::Decrypt::Controller controller_ref ); Create controller to configure and control an decryption channel. Remarks: In some cases, hosts may depend upon separate processes to control and use a channel. This method returns the channel controller and must be called before the corresponding stream is retrieved. Parameters: [in] local_port Local port. [in] remote_port Remote port. [in] key_ref Reference to decryption key. [in] algorithm Decryption algorithm/mode. [out] controller_ref Reference to resulting controller. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_INVALID, S_KEY_EXPIRED, S_LOCAL_PORT_INVALID, S_LOCAL_PORT_INCOMPATIBLE, S_LOCAL_PORT_IN_USE, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Lanz & Novikov Expires January 26, 2012 [Page 58] Internet-Draft CICM Channel Management July 2011 Method CICM::Decrypt::ChannelManager::get_decrypt_stream() CICM::Status get_decrypt_stream( in CICM::LocalPort local_port, out CICM::Decrypt::Stream stream_ref ); Create stream associated with previously created controller to receive transformed data. Parameters: [in] local_port Local port. [out] stream_ref Reference to resulting stream. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_LOCAL_PORT_INVALID, S_LOCAL_PORT_INCOMPATIBLE, S_LOCAL_PORT_IN_USE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET, S_CHANNEL_NOT_FOUND 10.2. Interface CICM::Decrypt::Stream Interface CICM::Decrypt::Stream interface Stream : CICM::ReadStream { CICM::Decrypt::Stream supports decryption operations between two independent security domains. The resulting stream is capable of accepting transformed data, but not managing the channel. It is created by calling CICM::ChannelManager::get_decrypt_stream. 10.2.1. CICM::Decrypt::Stream Inheritance CICM::Decrypt::Stream inherits from: CICM::ReadStream. 10.2.2. CICM::Decrypt::Stream Methods Method CICM::Decrypt::Stream::decrypt() CICM::Status decrypt( out CICM::Buffer buffer ); Read plaintext data off of decrypt channel stream. The method blocks until data becomes available. Parameters: Lanz & Novikov Expires January 26, 2012 [Page 59] Internet-Draft CICM Channel Management July 2011 [out] buffer Plaintext resulting from decryption operation. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET, S_CHANNEL_IO_ERROR, S_CHANNEL_BUFFER_LEN, S_INTEGRITY Method CICM::Decrypt::Stream::decrypt_non_blocking() CICM::Status decrypt_non_blocking( out CICM::Buffer buffer, in CICM::TransId transaction_id ); Registers a buffer into which plaintext resulting from the decryption operation will be copied, and then immediately returns control to the caller. The size of the allocated buffer and length of the resulting plaintext is encapsulated in the buffer parameter. The caller may use the CICM::Decrypt::Stream::decrypt_poll method to proactively poll the channel to determine the status of the operation. The caller is responsible for maintaining any necessary metadata associated with the transaction_id parameter. Memory responsibilities and calling conventions shall follow the appropriate IDL language mapping conventions. Parameters: [out] buffer Plaintext resulting from decryption operation. [in] transaction_id Unique transaction id that will be used by the CICM::Decrypt::Stream::decrypt_poll method to determine to which buffer the poll status applies. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET, S_CHANNEL_IO_ERROR, S_CHANNEL_BUFFER_LEN, S_INTEGRITY Lanz & Novikov Expires January 26, 2012 [Page 60] Internet-Draft CICM Channel Management July 2011 Method CICM::Decrypt::Stream::decrypt_poll() CICM::Status decrypt_poll( in CICM::TransId transaction_id, out CICM::ReadStream::ReadStatus status ); Returns the status of the non-blocking decryption operation specified by the transaction_id parameter. Upon completion of the operation, the caller must use the metadata associated with the transaction_id parameter to determine which buffer has been populated. Memory responsibilities and calling conventions shall follow the appropriate IDL language mapping conventions. Parameters: [in] transaction_id Unique transaction id previously specified to the CICM::Decrypt::Stream::decrypt_non_blocking method that allows the poll operation to determine to which buffer the poll status applies. [out] status Status of the non-blocking operation corresponding to the transaction_id parameter. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_KEY_WRAPPED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET, S_CHANNEL_IO_ERROR 10.3. Interface CICM::Decrypt::KeyUnwrapStream Interface CICM::Decrypt::KeyUnwrapStream interface KeyUnwrapStream : CICM::Stream { CICM::Decrypt::KeyUnwrapStream is an abstraction that allows unwrapped key material received from another domain to be retrieved. 10.3.1. CICM::Decrypt::KeyUnwrapStream Inheritance CICM::Decrypt::KeyUnwrapStream inherits from: CICM::Stream. Lanz & Novikov Expires January 26, 2012 [Page 61] Internet-Draft CICM Channel Management July 2011 10.3.2. CICM::Decrypt::KeyUnwrapStream Methods Method CICM::Decrypt::KeyUnwrapStream::unwrap_sym_key() CICM::Status unwrap_sym_key( out CICM::SymKey key_ref ); Read one unwrapped symmetric key off of channel stream and return a reference to the key. The method blocks until a key becomes available. Parameters: [in] key_ref Reference to key encryption key. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET, S_CHANNEL_IO_ERROR Method CICM::Decrypt::KeyUnwrapStream::unwrap_asym_key() CICM::Status unwrap_asym_key( out CICM::AsymKey key_ref ); Read one unwrapped asymmetric key off of channel stream and return a reference to the key. The method blocks until a key becomes available. Parameters: [in] key_ref Reference to key encryption key. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET, S_CHANNEL_IO_ERROR Lanz & Novikov Expires January 26, 2012 [Page 62] Internet-Draft CICM Channel Management July 2011 10.4. Interface CICM::Decrypt::Controller Interface CICM::Decrypt::Controller interface Controller : CICM::MultiDomainController, CICM::SymKeyController, CICM::SetVectorController, CICM::ResyncController { CICM::Decrypt::Controller supports decryption operations between two independent security domains. The resulting controller is capable of managing the channel, but not accepting transformed data. It is created by calling CICM::ChannelManager::create_decrypt_controller. 10.4.1. CICM::Decrypt::Controller Inheritance CICM::Decrypt::Controller inherits from: CICM::MultiDomainController, CICM::SymKeyController, CICM::SetVectorController and CICM:: ResyncController. 10.5. Interface CICM::Decrypt::NegotiatedController Interface CICM::Decrypt::NegotiatedController interface NegotiatedController : CICM::NegotiatedController, CICM::SetVectorController, CICM::ResyncController { CICM::Decrypt::NegotiatedController is the negotiated version of CICM::Decrypt::Controller. It is the result of a successful negotiation by CICM::Decrypt::ControllerNegotiator. 10.5.1. CICM::Decrypt::NegotiatedController Inheritance CICM::Decrypt::NegotiatedController inherits from: CICM:: NegotiatedController, CICM::SetVectorController and CICM:: ResyncController. 10.6. Interface CICM::Decrypt::Conduit Interface CICM::Decrypt::Conduit interface Conduit : CICM::Conduit, CICM::Decrypt::Controller, CICM::Decrypt::Stream { CICM::Decrypt::Conduit supports decryption operations between two independent security domains. The resulting conduit is capable of both managing the channel and accepting transformed data. It is created by calling CICM::ChannelManager::create_decrypt_conduit. Lanz & Novikov Expires January 26, 2012 [Page 63] Internet-Draft CICM Channel Management July 2011 10.6.1. CICM::Decrypt::Conduit Inheritance CICM::Decrypt::Conduit inherits from: CICM::Conduit, CICM::Decrypt:: Controller and CICM::Decrypt::Stream. 10.7. Interface CICM::Decrypt::NegotiatedConduit Interface CICM::Decrypt::NegotiatedConduit interface NegotiatedConduit : CICM::Conduit, CICM::Decrypt::NegotiatedController, CICM::Decrypt::Stream { CICM::Decrypt::NegotiatedConduit is the negotiated version of CICM:: Decrypt::Conduit. It is the result of a successful negotiation by CICM::Decrypt::Negotiator. 10.7.1. CICM::Decrypt::NegotiatedConduit Inheritance CICM::Decrypt::NegotiatedConduit inherits from: CICM::Conduit, CICM:: Decrypt::NegotiatedController and CICM::Decrypt::Stream. 10.8. Interface CICM::Decrypt::WithMACConduit Interface CICM::Decrypt::WithMACConduit interface WithMACConduit : CICM::AbstractMACVerifyConduit, CICM::Decrypt::Conduit { CICM::Decrypt::WithMACConduit supports decryption operations between two independent security domains with the receipt of an indication as to whether MAC verification succeeded or failed in the initiating domain. The resulting conduit is capable of both managing the channel and accepting data for transformation. It is created by calling CICM::ChannelManager::create_decrypt_with_mac_conduit. 10.8.1. CICM::Decrypt::WithMACConduit Inheritance CICM::Decrypt::WithMACConduit inherits from: CICM:: AbstractMACVerifyConduit and CICM::Decrypt::Conduit. Lanz & Novikov Expires January 26, 2012 [Page 64] Internet-Draft CICM Channel Management July 2011 10.9. Interface CICM::Decrypt::WithMACNegotiatedConduit Interface CICM::Decrypt::WithMACNegotiatedConduit interface WithMACNegotiatedConduit : CICM::AbstractMACVerifyConduit, CICM::Decrypt::NegotiatedConduit { CICM::Decrypt::WithMACNegotiatedConduit is the negotiated version of CICM::Decrypt::WithMACConduit. It is the result of a successful negotiation by CICM::Decrypt::WithMACNegotiator. 10.9.1. CICM::Decrypt::WithMACNegotiatedConduit Inheritance CICM::Decrypt::WithMACNegotiatedConduit inherits from: CICM:: AbstractMACVerifyConduit and CICM::Decrypt::NegotiatedConduit. 10.10. Interface CICM::Decrypt::WithVerifyConduit Interface CICM::Decrypt::WithVerifyConduit interface WithVerifyConduit : CICM::AbstractSigVerifyConduit, CICM::Decrypt::Conduit { CICM::Decrypt::WithVerifyConduit supports decryption operations between two independent security domains with the receipt of an indication as to whether signature verification succeeded or failed in the initiating domain. The resulting conduit is capable of both managing the channel and accepting transformed data. It is created by calling CICM::ChannelManager::create_decrypt_with_verify_conduit. 10.10.1. CICM::Decrypt::WithVerifyConduit Inheritance CICM::Decrypt::WithVerifyConduit inherits from: CICM:: AbstractSigVerifyConduit and CICM::Decrypt::Conduit. 10.11. Interface CICM::Decrypt::WithVerifyNegotiatedConduit Interface CICM::Decrypt::WithVerifyNegotiatedConduit interface WithVerifyNegotiatedConduit : CICM::AbstractSigVerifyConduit, CICM::Decrypt::NegotiatedConduit { CICM::Decrypt::WithVerifyNegotiatedConduit is the negotiated version of CICM::Decrypt::WithVerifyConduit. It is the result of a successful negotiation by CICM::Decrypt::WithVerifyNegotiator. 10.11.1. CICM::Decrypt::WithVerifyNegotiatedConduit Inheritance CICM::Decrypt::WithVerifyNegotiatedConduit inherits from: CICM:: AbstractSigVerifyConduit and CICM::Decrypt::NegotiatedConduit. Lanz & Novikov Expires January 26, 2012 [Page 65] Internet-Draft CICM Channel Management July 2011 10.12. Interface CICM::Decrypt::KeyUnwrapConduit Interface CICM::Decrypt::KeyUnwrapConduit interface KeyUnwrapConduit : CICM::Decrypt::Controller, CICM::Decrypt::KeyUnwrapStream { CICM::Decrypt::KeyUnwrapConduit supports key unwrapping operations between two independent security domains. The resulting conduit is capable of both managing the channel and accepting transformed keys. It is created by calling CICM::ChannelManager:: create_key_unwrap_conduit. 10.12.1. CICM::Decrypt::KeyUnwrapConduit Inheritance CICM::Decrypt::KeyUnwrapConduit inherits from: CICM::Decrypt:: Controller and CICM::Decrypt::KeyUnwrapStream. 10.13. Interface CICM::Decrypt::Negotiator Interface CICM::Decrypt::Negotiator interface Negotiator : CICM::Negotiator { CICM::Decrypt::Negotiator initiates a negotiation to establish a shared key with a remote entity that is used to support encryption operations between two independent security domains. The result of a successful negotiation is a CICM::Decrypt::NegotiatedConduit which is capable of both managing the channel and accepting data for transformation. CICM::Decrypt::Negotiator is created by calling CICM::ChannelManager::negotiate_decrypt_conduit. 10.13.1. CICM::Decrypt::Negotiator Inheritance CICM::Decrypt::Negotiator inherits from: CICM::Negotiator. 10.13.2. CICM::Decrypt::Negotiator Methods Method CICM::Decrypt::Negotiator::complete() CICM::Status complete( out CICM::Decrypt::NegotiatedConduit conduit_ref ); Complete negotiation and retrieve a negotiated decrypt conduit. Parameters: [out] conduit_ref Reference to resulting conduit. Returns: Lanz & Novikov Expires January 26, 2012 [Page 66] Internet-Draft CICM Channel Management July 2011 S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_NEGOTIATION_ABORTED, S_NEGOTIATION_FAILURE, S_NEGOTIATION_NOT_IN_PROGRESS, S_NEGOTIATION_TIMEOUT, S_CERT_LOCAL_INVALID, S_CERT_LOCAL_EXPIRED, S_CERT_REMOTE_INVALID, S_CERT_REMOTE_EXPIRED, S_CERT_REMOTE_PATH, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET 10.14. Interface CICM::Decrypt::ControllerNegotiator Interface CICM::Decrypt::ControllerNegotiator interface ControllerNegotiator : CICM::Negotiator { CICM::Decrypt::ControllerNegotiator initiates a negotiation to establish a shared key with a remote entity that is used to support decryption operations between two independent security domains. The result of a successful negotiation is a CICM::Decrypt:: NegotiatedController which is capable of managing the channel, but not accepting data for transformation. CICM::Decrypt:: ControllerNegotiator is created by calling CICM::ChannelManager:: negotiate_decrypt_controller. 10.14.1. CICM::Decrypt::ControllerNegotiator Inheritance CICM::Decrypt::ControllerNegotiator inherits from: CICM::Negotiator. 10.14.2. CICM::Decrypt::ControllerNegotiator Methods Method CICM::Decrypt::ControllerNegotiator::complete() CICM::Status complete( out CICM::Decrypt::NegotiatedController controller_ref ); Complete negotiation and retrieve a negotiated control-only decrypt channel. Parameters: [out] controller_ref Reference to resulting controller. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_NEGOTIATION_ABORTED, S_NEGOTIATION_FAILURE, S_NEGOTIATION_NOT_IN_PROGRESS, Lanz & Novikov Expires January 26, 2012 [Page 67] Internet-Draft CICM Channel Management July 2011 S_NEGOTIATION_TIMEOUT, S_CERT_LOCAL_INVALID, S_CERT_LOCAL_EXPIRED, S_CERT_REMOTE_INVALID, S_CERT_REMOTE_EXPIRED, S_CERT_REMOTE_PATH, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET 10.15. Interface CICM::Decrypt::WithMACNegotiator Interface CICM::Decrypt::WithMACNegotiator interface WithMACNegotiator : CICM::Negotiator { CICM::Decrypt::WithMACNegotiator initiates a negotiation to establish a shared key with a remote entity that is used to support decryption operations between two independent security domains. Additionally, a message authentication code is received in the initiating domain. The result of a successful negotiation is a CICM::Decrypt:: WithMACNegotiatedConduit which is capable of both managing the channel and accepting data for transformation. CICM::Decrypt:: WithMACNegotiator is created by calling CICM::ChannelManager:: negotiate_decrypt_with_mac_conduit. 10.15.1. CICM::Decrypt::WithMACNegotiator Inheritance CICM::Decrypt::WithMACNegotiator inherits from: CICM::Negotiator. 10.15.2. CICM::Decrypt::WithMACNegotiator Methods Method CICM::Decrypt::WithMACNegotiator::complete() CICM::Status complete( out CICM::Decrypt::WithMACNegotiatedConduit conduit_ref ); Complete negotiation and retrieve a negotiated MAC verify decrypt conduit. Parameters: [out] conduit_ref Reference to resulting conduit. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_NEGOTIATION_ABORTED, S_NEGOTIATION_FAILURE, S_NEGOTIATION_NOT_IN_PROGRESS, S_NEGOTIATION_TIMEOUT, S_CERT_LOCAL_INVALID, S_CERT_LOCAL_EXPIRED, S_CERT_REMOTE_INVALID, S_CERT_REMOTE_EXPIRED, S_CERT_REMOTE_PATH, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET Lanz & Novikov Expires January 26, 2012 [Page 68] Internet-Draft CICM Channel Management July 2011 10.16. Interface CICM::Decrypt::WithVerifyNegotiator Interface CICM::Decrypt::WithVerifyNegotiator interface WithVerifyNegotiator : CICM::Negotiator { CICM::Decrypt::WithVerifyNegotiator initiates a negotiation to establish a shared key with a remote entity that is used to support decryption operations between two independent security domains. Additionally, an indication as to whether verification succeeded or failed is received in the initiating domain. The result of a successful negotiation is a CICM::Decrypt:: WithVerifyNegotiatedConduit which is capable of both managing the channel and accepting data for transformation. CICM::Decrypt:: WithVerifyNegotiator is created by calling CICM::ChannelManager:: negotiate_decrypt_with_verify_conduit. 10.16.1. CICM::Decrypt::WithVerifyNegotiator Inheritance CICM::Decrypt::WithVerifyNegotiator inherits from: CICM::Negotiator. 10.16.2. CICM::Decrypt::WithVerifyNegotiator Methods Method CICM::Decrypt::WithVerifyNegotiator::complete() CICM::Status complete( out CICM::Decrypt::WithVerifyNegotiatedConduit conduit_ref ); Complete negotiation and retrieve a negotiated verify and decrypt conduit. Parameters: [out] conduit_ref Reference to resulting conduit. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_NEGOTIATION_ABORTED, S_NEGOTIATION_FAILURE, S_NEGOTIATION_NOT_IN_PROGRESS, S_NEGOTIATION_TIMEOUT, S_CERT_LOCAL_INVALID, S_CERT_LOCAL_EXPIRED, S_CERT_REMOTE_INVALID, S_CERT_REMOTE_EXPIRED, S_CERT_REMOTE_PATH, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET Lanz & Novikov Expires January 26, 2012 [Page 69] Internet-Draft CICM Channel Management July 2011 11. Duplex Namespace CICM::Duplex module Duplex { The CICM::Duplex namespace contains interfaces that support encryption/decryption operations between two independent security domains. 11.1. Interface CICM::Duplex::ChannelManager Interface CICM::Duplex::ChannelManager interface ChannelManager { CICM::Duplex::ChannelManager is an abstraction inherited by CICM:: ChannelManager that supports the creation of encryption/decryption negotiators, conduits, controllers, and streams. See CICM:: ChannelManager for additional information. 11.1.1. CICM::Duplex::ChannelManager Methods Method CICM::Duplex::ChannelManager::negotiate_duplex_conduit() CICM::Status negotiate_duplex_conduit( in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey key_ref, out CICM::Duplex::Negotiator negotiator_ref ); Initiate a negotiation to establish a shared key with a peer, resulting in a conduit that results will encrypt/decrypt data. Parameters: [in] remote_port Remote port. [in] protocol Protocol identifier. [in] key_ref Reference to negotiation key. [out] negotiator_ref Reference to resulting negotiator. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_USED_COMPONENT_NOT_AVAIL, S_KEY_INVALID, S_KEY_EXPIRED, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_TOKEN_NOT_PRESENT, Lanz & Novikov Expires January 26, 2012 [Page 70] Internet-Draft CICM Channel Management July 2011 S_TOKEN_ADMIN_NOT_PRESENT, S_NEGOTIATION_ABORTED, S_NEGOTIATION_FAILURE, S_NEGOTIATION_IN_PROGRESS, S_NEGOTIATION_TIMEOUT, S_CERT_LOCAL_INVALID, S_CERT_LOCAL_EXPIRED, S_CERT_REMOTE_INVALID, S_CERT_REMOTE_EXPIRED, S_CERT_REMOTE_PATH, S_PROTO_INVALID, S_PROTO_INCOMPATIBLE, S_PROTO_UNDETERMINED, S_CHANNEL_ERROR, S_CHANNEL_MAX Method CICM::Duplex::ChannelManager::negotiate_duplex_controller() CICM::Status negotiate_duplex_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey key_ref, out CICM::Duplex::ControllerNegotiator negotiator_ref ); Initiate a negotiation to establish a shared key with a peer, resulting in a controller to manage a duplex channel. Parameters: [in] local_port Local port. [in] remote_port Remote port. [in] protocol Protocol identifier. [in] key_ref Reference to negotiation key. [out] negotiator_ref Reference to resulting negotiator. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_USED_COMPONENT_NOT_AVAIL, S_KEY_INVALID, S_KEY_EXPIRED, S_LOCAL_PORT_INVALID, S_LOCAL_PORT_INCOMPATIBLE, S_LOCAL_PORT_IN_USE, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_NEGOTIATION_ABORTED, S_NEGOTIATION_FAILURE, S_NEGOTIATION_IN_PROGRESS, S_NEGOTIATION_TIMEOUT, S_CERT_LOCAL_INVALID, S_CERT_LOCAL_EXPIRED, S_CERT_REMOTE_INVALID, S_CERT_REMOTE_EXPIRED, S_CERT_REMOTE_PATH, S_PROTO_INVALID, S_PROTO_INCOMPATIBLE, S_PROTO_UNDETERMINED, S_CHANNEL_ERROR, S_CHANNEL_MAX Lanz & Novikov Expires January 26, 2012 [Page 71] Internet-Draft CICM Channel Management July 2011 Method CICM::Duplex::ChannelManager::create_duplex_conduit() CICM::Status create_duplex_conduit( in CICM::RemotePort remote_port, in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::Duplex::Conduit conduit_ref ); Create duplex channel to encrypt/decrypt a stream of data. Parameters: [in] remote_port Remote port. [in] key_ref Reference to decryption key. [in] algorithm Encryption/decryption algorithm/mode. [out] conduit_ref Reference to resulting conduit. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_INVALID, S_KEY_EXPIRED, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Method CICM::Duplex::ChannelManager::create_duplex_controller() CICM::Status create_duplex_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::Duplex::Controller controller_ref ); Create controller to configure and control a duplex channel. Remarks: In some cases, hosts may depend upon separate processes to control and use a channel. This method returns the channel controller and must be called before the corresponding stream is retrieved. Parameters: Lanz & Novikov Expires January 26, 2012 [Page 72] Internet-Draft CICM Channel Management July 2011 [in] local_port Local port. [in] remote_port Remote port. [in] key_ref Reference to negotiation key. [in] algorithm Encryption/decryption algorithm/mode. [out] controller_ref Reference to resulting controller. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_INVALID, S_KEY_EXPIRED, S_LOCAL_PORT_INVALID, S_LOCAL_PORT_INCOMPATIBLE, S_LOCAL_PORT_IN_USE, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Method CICM::Duplex::ChannelManager::get_duplex_stream() CICM::Status get_duplex_stream( in CICM::LocalPort local_port, out CICM::Duplex::Stream stream_ref ); Create stream associated with previously created controller to accept data for transformation. Parameters: [in] local_port Local port. [out] stream_ref Reference to resulting stream. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_LOCAL_PORT_INVALID, S_LOCAL_PORT_INCOMPATIBLE, S_LOCAL_PORT_IN_USE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET, S_CHANNEL_NOT_FOUND Lanz & Novikov Expires January 26, 2012 [Page 73] Internet-Draft CICM Channel Management July 2011 11.2. Interface CICM::Duplex::Stream Interface CICM::Duplex::Stream interface Stream : CICM::Encrypt::Stream, CICM::Decrypt::Stream { CICM::Duplex::Stream supports encryption/decryption operations between two independent security domains. The resulting stream is capable of accepting data for transformation and receiving transformed data, but not managing the channel. It is created by calling CICM::ChannelManager::get_duplex_stream. 11.2.1. CICM::Duplex::Stream Inheritance CICM::Duplex::Stream inherits from: CICM::Encrypt::Stream and CICM:: Decrypt::Stream. 11.3. Interface CICM::Duplex::Controller Interface CICM::Duplex::Controller interface Controller : CICM::Encrypt::Controller, CICM::Decrypt::Controller { CICM::Duplex::Controller supports encryption/decryption operations between two independent security domains. The resulting controller is capable of managing the channel, but not accepting data for transformation and receiving transformed data. It is created by calling CICM::ChannelManager::create_duplex_controller. 11.3.1. CICM::Duplex::Controller Inheritance CICM::Duplex::Controller inherits from: CICM::Encrypt::Controller and CICM::Decrypt::Controller. 11.4. Interface CICM::Duplex::NegotiatedController Interface CICM::Duplex::NegotiatedController interface NegotiatedController : CICM::Encrypt::NegotiatedController, CICM::Decrypt::NegotiatedController { CICM::Duplex::NegotiatedController is the negotiated version of CICM::Duplex::Controller. It is the result of a successful negotiation by CICM::Duplex::ControllerNegotiator. 11.4.1. CICM::Duplex::NegotiatedController Inheritance CICM::Duplex::NegotiatedController inherits from: CICM::Encrypt:: NegotiatedController and CICM::Decrypt::NegotiatedController. Lanz & Novikov Expires January 26, 2012 [Page 74] Internet-Draft CICM Channel Management July 2011 11.5. Interface CICM::Duplex::Conduit Interface CICM::Duplex::Conduit interface Conduit : CICM::Conduit, CICM::Duplex::Controller, CICM::Duplex::Stream { CICM::Duplex::Conduit supports encryption/decryption operations between two independent security domains. The resulting conduit is capable of both managing the channel and accepting data for transformation and receiving transformed data. It is created by calling CICM::ChannelManager::create_duplex_conduit. 11.5.1. CICM::Duplex::Conduit Inheritance CICM::Duplex::Conduit inherits from: CICM::Conduit, CICM::Duplex:: Controller and CICM::Duplex::Stream. 11.6. Interface CICM::Duplex::NegotiatedConduit Interface CICM::Duplex::NegotiatedConduit interface NegotiatedConduit : CICM::Duplex::NegotiatedController, CICM::Duplex::Stream { CICM::Duplex::NegotiatedConduit is the negotiated version of CICM:: Duplex::Conduit. It is the result of a successful negotiation by CICM::Duplex::Negotiator. 11.6.1. CICM::Duplex::NegotiatedConduit Inheritance CICM::Duplex::NegotiatedConduit inherits from: CICM::Duplex:: NegotiatedController and CICM::Duplex::Stream. 11.7. Interface CICM::Duplex::ControllerNegotiator Interface CICM::Duplex::ControllerNegotiator interface ControllerNegotiator : CICM::Negotiator { CICM::Duplex::ControllerNegotiator initiates a negotiation to establish a shared key with a remote entity that is used to support encryption/decryption operations between two independent security domains. The result of a successful negotiation is a CICM::Duplex:: NegotiatedController which is capable of managing the channel, but not accepting data for transformation. CICM::Duplex:: ControllerNegotiator is created by calling CICM::ChannelManager:: negotiate_duplex_controller. Lanz & Novikov Expires January 26, 2012 [Page 75] Internet-Draft CICM Channel Management July 2011 11.7.1. CICM::Duplex::ControllerNegotiator Inheritance CICM::Duplex::ControllerNegotiator inherits from: CICM::Negotiator. 11.7.2. CICM::Duplex::ControllerNegotiator Methods Method CICM::Duplex::ControllerNegotiator::complete() CICM::Status complete( out CICM::Duplex::NegotiatedController controller_ref ); Complete negotiation and retrieve a negotiated control-only duplex conduit. Parameters: [out] controller_ref Reference to resulting controller. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_NEGOTIATION_ABORTED, S_NEGOTIATION_FAILURE, S_NEGOTIATION_NOT_IN_PROGRESS, S_NEGOTIATION_TIMEOUT, S_CERT_LOCAL_INVALID, S_CERT_LOCAL_EXPIRED, S_CERT_REMOTE_INVALID, S_CERT_REMOTE_EXPIRED, S_CERT_REMOTE_PATH, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET 11.8. Interface CICM::Duplex::Negotiator Interface CICM::Duplex::Negotiator interface Negotiator : CICM::Negotiator { CICM::Duplex::Negotiator initiates a negotiation to establish a shared key with a remote entity that is used to support encryption/ decryption operations between two independent security domains. The result of a successful negotiation is a CICM::Duplex:: NegotiatedConduit which is capable of both managing the channel and accepting data for transformation. CICM::Duplex::Negotiator is created by calling CICM::ChannelManager::negotiate_duplex_conduit. 11.8.1. CICM::Duplex::Negotiator Inheritance CICM::Duplex::Negotiator inherits from: CICM::Negotiator. Lanz & Novikov Expires January 26, 2012 [Page 76] Internet-Draft CICM Channel Management July 2011 11.8.2. CICM::Duplex::Negotiator Methods Method CICM::Duplex::Negotiator::complete() CICM::Status complete( out CICM::Duplex::NegotiatedConduit conduit_ref ); Complete negotiation and retrieve a negotiated duplex channel. Parameters: [out] conduit_ref Reference to resulting channel. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_NEGOTIATION_ABORTED, S_NEGOTIATION_FAILURE, S_NEGOTIATION_NOT_IN_PROGRESS, S_NEGOTIATION_TIMEOUT, S_CERT_LOCAL_INVALID, S_CERT_LOCAL_EXPIRED, S_CERT_REMOTE_INVALID, S_CERT_REMOTE_EXPIRED, S_CERT_REMOTE_PATH, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET 12. Bypass (Send) Namespace CICM::BypassWrite module BypassWrite { The CICM::BypassWrite namespace contains channels that support full bypass write operations between two independent security domains. 12.1. Interface CICM::BypassWrite::ChannelManager Interface CICM::BypassWrite::ChannelManager interface ChannelManager { CICM::BypassWrite::ChannelManager is an abstraction inherited by CICM::ChannelManager that supports the creation of full bypass conduits, controllers, and streams for writing. See CICM:: ChannelManager for additional information. Lanz & Novikov Expires January 26, 2012 [Page 77] Internet-Draft CICM Channel Management July 2011 12.1.1. CICM::BypassWrite::ChannelManager Methods Method CICM::BypassWrite::ChannelManager:: create_bypass_write_conduit() CICM::Status create_bypass_write_conduit( in CICM::RemotePort remote_port, out CICM::BypassWrite::Conduit conduit_ref ); Creates a conduit to write bypass data. Parameters: [in] remote_port Remote port. [out] conduit_ref Reference to resulting conduit. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Method CICM::BypassWrite::ChannelManager:: create_bypass_write_controller() CICM::Status create_bypass_write_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, out CICM::BypassWrite::Controller controller_ref ); Returns the controller of a channel that writes bypass data. Remarks: In some cases, hosts may depend upon separate processes to control and use a channel. This method returns the channel controller and must be called before the corresponding stream is retrieved. See also: CICM::BypassWrite::ChannelManager::get_bypass_write_stream for the method that returns the channel stream. Parameters: Lanz & Novikov Expires January 26, 2012 [Page 78] Internet-Draft CICM Channel Management July 2011 [in] local_port Local port. [in] remote_port Remote port. [out] controller_ref Reference to resulting controller. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_LOCAL_PORT_INVALID, S_LOCAL_PORT_INCOMPATIBLE, S_LOCAL_PORT_IN_USE, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Method CICM::BypassWrite::ChannelManager::get_bypass_write_stream() CICM::Status get_bypass_write_stream( in CICM::LocalPort local_port, out CICM::BypassWrite::Stream stream_ref ); Returns the stream corresponding to a pre-existing controller on the given local port. See also: CICM::BypassWrite::ChannelManager::create_bypass_write_controller for the method that returns the channel controller. Parameters: [in] local_port Local port. [out] stream_ref Reference to resulting stream. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_LOCAL_PORT_INVALID, S_LOCAL_PORT_INCOMPATIBLE, S_LOCAL_PORT_IN_USE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET, S_CHANNEL_NOT_FOUND Lanz & Novikov Expires January 26, 2012 [Page 79] Internet-Draft CICM Channel Management July 2011 12.2. Interface CICM::BypassWrite::Stream Interface CICM::BypassWrite::Stream interface Stream : CICM::WriteStream { CICM::BypassWrite::Stream supports full bypass between two independent security domains. The resulting stream is capable of accepting data for bypass, but not managing the channel. It is created by calling CICM::ChannelManager::get_bypass_write_stream. 12.2.1. CICM::BypassWrite::Stream Inheritance CICM::BypassWrite::Stream inherits from: CICM::WriteStream. 12.2.2. CICM::BypassWrite::Stream Methods Method CICM::BypassWrite::Stream::write_bypass() CICM::Status write_bypass( in CICM::Buffer buffer ); Write bypass data to a channel stream. The method blocks until the data has been sent. Parameters: [in] buffer Data to bypass. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET, S_CHANNEL_IO_ERROR, S_CHANNEL_DATA_INVALID, S_CHANNEL_DATA_INVALID_LEN, S_BYPASS_DATARATE_EXCEEDED, S_BYPASS_DATALIMIT_EXCEEDED Method CICM::BypassWrite::Stream::write_bypass_non_blocking() CICM::Status write_bypass_non_blocking( in CICM::Buffer buffer, in CICM::TransId transaction_id ); Registers a buffer of data to be sent to the module for bypass and then immediately returns control to the caller. The length of the data is encapsulated in the buffer parameter. The caller may use the CICM::BypassWrite::Stream::write_bypass_poll method to proactively poll the channel to determine the status of the operation. The caller is responsible for maintaining any necessary metadata Lanz & Novikov Expires January 26, 2012 [Page 80] Internet-Draft CICM Channel Management July 2011 associated with the transaction_id parameter. Memory responsibilities and calling conventions shall follow the appropriate IDL language mapping conventions. Parameters: [in] buffer Data to bypass. [in] transaction_id Unique transaction id that will be used by the CICM::BypassWrite::Stream::write_bypass_poll method to determine to which buffer the poll status applies. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET, S_CHANNEL_IO_ERROR, S_CHANNEL_DATA_INVALID, S_CHANNEL_DATA_INVALID_LEN, S_BYPASS_DATARATE_EXCEEDED, S_BYPASS_DATALIMIT_EXCEEDED Method CICM::BypassWrite::Stream::write_bypass_poll() CICM::Status write_bypass_poll( in CICM::TransId transaction_id, out CICM::WriteStream::WriteStatus status ); Returns the status of the non-blocking bypass operation specified by the transaction_id parameter. Memory responsibilities and calling conventions shall follow the appropriate IDL language mapping conventions. Parameters: [in] transaction_id Unique transaction id previously specified to the CICM::BypassWrite::Stream::write_bypass_non_blocking method that allows the poll operation to determine to which buffer the poll status applies. [out] status Status of the non-blocking operation corresponding to the transaction_id parameter. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, Lanz & Novikov Expires January 26, 2012 [Page 81] Internet-Draft CICM Channel Management July 2011 S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET, S_CHANNEL_IO_ERROR 12.3. Interface CICM::BypassWrite::Controller Interface CICM::BypassWrite::Controller interface Controller : CICM::MultiDomainController {}; CICM::BypassWrite::Controller supports full bypass between two independent security domains. The resulting controller is capable of managing the channel, but not accepting data for bypass. It is created by calling CICM::ChannelManager:: create_bypass_write_controller. 12.3.1. CICM::BypassWrite::Controller Inheritance CICM::BypassWrite::Controller inherits from: CICM:: MultiDomainController. 12.4. Interface CICM::BypassWrite::Conduit Interface CICM::BypassWrite::Conduit interface Conduit : CICM::Conduit, CICM::BypassWrite::Controller, CICM::BypassWrite::Stream { CICM::BypassWrite::Conduit supports full bypass between two security domains. The resulting conduit is capable of both managing the channel and accepting data for bypass. It is created by calling CICM::ChannelManager::create_bypass_write_conduit. 12.4.1. CICM::BypassWrite::Conduit Inheritance CICM::BypassWrite::Conduit inherits from: CICM::Conduit, CICM:: BypassWrite::Controller and CICM::BypassWrite::Stream. 13. Bypass (Read) Namespace CICM::BypassRead module BypassRead { The CICM::BypassRead namespace contains channels that support full bypass read operations between two independent security domains. Lanz & Novikov Expires January 26, 2012 [Page 82] Internet-Draft CICM Channel Management July 2011 13.1. Interface CICM::BypassRead::ChannelManager Interface CICM::BypassRead::ChannelManager interface ChannelManager { CICM::BypassRead::ChannelManager is an abstraction inherited by CICM::ChannelManager that supports the creation of full bypass conduits, controllers, and streams for reading. See CICM:: ChannelManager for additional information. 13.1.1. CICM::BypassRead::ChannelManager Methods Method CICM::BypassRead::ChannelManager::create_bypass_read_conduit() CICM::Status create_bypass_read_conduit( in CICM::RemotePort remote_port, out CICM::BypassRead::Conduit conduit_ref ); Creates a conduit to read bypass data. Parameters: [in] remote_port Remote port. [out] conduit_ref Reference to resulting conduit. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Method CICM::BypassRead::ChannelManager:: create_bypass_read_controller() CICM::Status create_bypass_read_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, out CICM::BypassRead::Controller controller_ref ); Returns the controller of a channel that reads bypass data. Remarks: In some cases, hosts may depend upon separate processes to control and use a channel. This method returns the channel controller and must be called before the corresponding stream is retrieved. Lanz & Novikov Expires January 26, 2012 [Page 83] Internet-Draft CICM Channel Management July 2011 See also: CICM::BypassRead::ChannelManager::get_bypass_read_stream for the method that returns the channel stream. Parameters: [in] local_port Local port. [in] remote_port Remote port. [out] controller_ref Reference to resulting controller. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_LOCAL_PORT_INVALID, S_LOCAL_PORT_INCOMPATIBLE, S_LOCAL_PORT_IN_USE, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Method CICM::BypassRead::ChannelManager::get_bypass_read_stream() CICM::Status get_bypass_read_stream( in CICM::LocalPort local_port, out CICM::BypassRead::Stream stream_ref ); Returns the stream corresponding to a pre-existing controller on the given local port. See also: CICM::BypassRead::ChannelManager::get_bypass_read_controller for the method that returns the channel controller. Parameters: [in] local_port Local port. [out] stream_ref Reference to resulting stream. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, Lanz & Novikov Expires January 26, 2012 [Page 84] Internet-Draft CICM Channel Management July 2011 S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_LOCAL_PORT_INVALID, S_LOCAL_PORT_INCOMPATIBLE, S_LOCAL_PORT_IN_USE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET, S_CHANNEL_NOT_FOUND 13.2. Interface CICM::BypassRead::Stream Interface CICM::BypassRead::Stream interface Stream : CICM::ReadStream { CICM::BypassRead::Stream supports full bypass between two independent security domains. The resulting stream is capable of accepting bypassed data, but not managing the channel. It is created by calling CICM::ChannelManager::get_bypass_read_stream. 13.2.1. CICM::BypassRead::Stream Inheritance CICM::BypassRead::Stream inherits from: CICM::ReadStream. 13.2.2. CICM::BypassRead::Stream Methods Method CICM::BypassRead::Stream::read_bypass() CICM::Status read_bypass( out CICM::Buffer buffer ); Read bypass data off of channel stream. The method blocks until data becomes available. Parameters: [out] buffer Bypassed data read from module. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_KEY_WRAPPED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET, S_CHANNEL_IO_ERROR, S_CHANNEL_BUFFER_LEN Lanz & Novikov Expires January 26, 2012 [Page 85] Internet-Draft CICM Channel Management July 2011 Method CICM::BypassRead::Stream::read_bypass_non_blocking() CICM::Status read_bypass_non_blocking( out CICM::Buffer buffer, in CICM::TransId transaction_id ); Registers a buffer into which bypass data will be copied, and then immediately returns control to the caller. The size of the allocated buffer and length of the resulting bypassed data is encapsulated in the buffer parameter. The caller may use the CICM::BypassRead:: Stream::read_bypass_poll method to proactively poll the channel to determine the status of the operation. The caller is responsible for maintaining any necessary metadata associated with the transaction_id parameter. Memory responsibilities and calling conventions shall follow the appropriate IDL language mapping conventions. Parameters: [out] buffer Bypassed data to read. [in] transaction_id Unique transaction id that will be used by the CICM::BypassRead::Stream::read_bypass_poll method to determine to which buffer the poll status applies. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_KEY_WRAPPED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET, S_CHANNEL_IO_ERROR, S_CHANNEL_BUFFER_LEN Method CICM::BypassRead::Stream::read_bypass_poll() CICM::Status read_bypass_poll( in CICM::TransId transaction_id, out CICM::ReadStream::ReadStatus status ); Returns the status of the non-blocking bypass operation specified by the transaction_id parameter. Upon completion of the operation, the caller must use the metadata associated with the transaction_id parameter to determine which buffer has been populated. Memory responsibilities and calling conventions shall follow the appropriate IDL language mapping conventions. Parameters: Lanz & Novikov Expires January 26, 2012 [Page 86] Internet-Draft CICM Channel Management July 2011 [in] transaction_id Unique transaction id previously specified to the CICM::BypassRead::Stream::read_bypass_non_blocking method that allows the poll operation to determine to which buffer the poll status applies. [out] status Status of the non-blocking operation corresponding to the transaction_id parameter. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET, S_CHANNEL_IO_ERROR 13.3. Interface CICM::BypassRead::Controller Interface CICM::BypassRead::Controller interface Controller : CICM::MultiDomainController {}; CICM::BypassRead::Controller supports full bypass between two independent security domains. The resulting controller is capable of managing the channel, but not accepting bypassed data. It is created by calling CICM::ChannelManager::create_bypass_read_controller. 13.3.1. CICM::BypassRead::Controller Inheritance CICM::BypassRead::Controller inherits from: CICM:: MultiDomainController. 13.4. Interface CICM::BypassRead::Conduit Interface CICM::BypassRead::Conduit interface Conduit : CICM::Conduit, CICM::BypassRead::Controller, CICM::BypassRead::Stream { CICM::BypassRead::Conduit supports full bypass between two independent security domains. The resulting conduit is capable of both managing the channel and accepting bypassed data. It is created by calling CICM::ChannelManager::create_bypass_read_conduit. 13.4.1. CICM::BypassRead::Conduit Inheritance CICM::BypassRead::Conduit inherits from: CICM::Conduit, CICM:: BypassRead::Controller and CICM::BypassRead::Stream. Lanz & Novikov Expires January 26, 2012 [Page 87] Internet-Draft CICM Channel Management July 2011 14. Encryption with Selective Bypass Namespace CICM::EncryptBypass module EncryptBypass { The CICM::EncryptBypass namespace contains interfaces that support encryption with selective bypass operations between two indepenent security domains. 14.1. Interface CICM::EncryptBypass::ChannelManager Interface CICM::EncryptBypass::ChannelManager interface ChannelManager { CICM::EncryptBypass::ChannelManager is an abstraction inherited by CICM::ChannelManager that supports the creation of encryption with selective bypass negotiators, conduits, controllers, and streams. See CICM::ChannelManager for additional information. Remarks: Note that if a system is using selective bypass channels to perform header bypass, policy may govern that a system performs the bypass function before the encryption function and performs the bypass function only once. 14.1.1. CICM::EncryptBypass::ChannelManager Methods Method CICM::EncryptBypass::ChannelManager:: negotiate_encrypt_bypass_conduit() CICM::Status negotiate_encrypt_bypass_conduit( in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey key_ref, out CICM::EncryptBypass::Negotiator negotiator_ref ); Initiate a negotiation to establish a shared key with a peer. The channel that results will selectively encrypt or bypass a stream of data. Parameters: [in] remote_port Remote port. [in] protocol Protocol identifier. [in] key_ref Reference to negotiation key. [out] negotiator_ref Reference to resulting negotiator. Lanz & Novikov Expires January 26, 2012 [Page 88] Internet-Draft CICM Channel Management July 2011 Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_USED_COMPONENT_NOT_AVAIL, S_KEY_INVALID, S_KEY_EXPIRED, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_NEGOTIATION_ABORTED, S_NEGOTIATION_FAILURE, S_NEGOTIATION_IN_PROGRESS, S_NEGOTIATION_TIMEOUT, S_CERT_LOCAL_INVALID, S_CERT_LOCAL_EXPIRED, S_CERT_REMOTE_INVALID, S_CERT_REMOTE_EXPIRED, S_CERT_REMOTE_PATH, S_PROTO_INVALID, S_PROTO_INCOMPATIBLE, S_PROTO_UNDETERMINED, S_CHANNEL_ERROR, S_CHANNEL_MAX Method CICM::EncryptBypass::ChannelManager:: negotiate_encrypt_bypass_controller() CICM::Status negotiate_encrypt_bypass_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey key_ref, out CICM::EncryptBypass::ControllerNegotiator negotiator_ref ); Initiate a negotiation to establish a shared key with a peer, resulting in a controller to manage an encrypt with bypass channel. Parameters: [in] local_port Remote port. [in] remote_port Remote port. [in] protocol Protocol identifier. [in] key_ref Reference to negotiation key. [out] negotiator_ref Reference to resulting negotiator. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_USED_COMPONENT_NOT_AVAIL, S_KEY_INVALID, S_KEY_EXPIRED, Lanz & Novikov Expires January 26, 2012 [Page 89] Internet-Draft CICM Channel Management July 2011 S_LOCAL_PORT_INVALID, S_LOCAL_PORT_INCOMPATIBLE, S_LOCAL_PORT_IN_USE, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_NEGOTIATION_ABORTED, S_NEGOTIATION_FAILURE, S_NEGOTIATION_IN_PROGRESS, S_NEGOTIATION_TIMEOUT, S_CERT_LOCAL_INVALID, S_CERT_LOCAL_EXPIRED, S_CERT_REMOTE_INVALID, S_CERT_REMOTE_EXPIRED, S_CERT_REMOTE_PATH, S_PROTO_INVALID, S_PROTO_INCOMPATIBLE, S_PROTO_UNDETERMINED, S_CHANNEL_ERROR, S_CHANNEL_MAX Method CICM::EncryptBypass::ChannelManager:: create_encrypt_bypass_conduit() CICM::Status create_encrypt_bypass_conduit( in CICM::RemotePort remote_port, in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::EncryptBypass::Conduit conduit_ref ); Create conduit to selectively encrypt or bypass a stream of data. Parameters: [in] remote_port Remote port. [in] key_ref Reference to encryption key. [in] algorithm Encryption algorithm/mode. [out] conduit_ref Reference to resulting negotiator. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Lanz & Novikov Expires January 26, 2012 [Page 90] Internet-Draft CICM Channel Management July 2011 Method CICM::EncryptBypass::ChannelManager:: create_encrypt_bypass_controller() CICM::Status create_encrypt_bypass_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::EncryptBypass::Controller controller_ref ); Create controller to configure and control an encrypt with bypass channel. Remarks: In some cases, hosts may depend upon separate processes to control and use a channel. This method returns the channel controller and must be called before the corresponding stream is retrieved. Parameters: [in] local_port Local port. [in] remote_port Remote port. [in] key_ref Reference to encryption key. [in] algorithm Encryption algorithm/mode. [out] controller_ref Reference to resulting controller. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_LOCAL_PORT_INVALID, S_LOCAL_PORT_INCOMPATIBLE, S_LOCAL_PORT_IN_USE, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Lanz & Novikov Expires January 26, 2012 [Page 91] Internet-Draft CICM Channel Management July 2011 Method CICM::EncryptBypass::ChannelManager:: get_encrypt_bypass_stream() CICM::Status get_encrypt_bypass_stream( in CICM::LocalPort local_port, out CICM::EncryptBypass::Stream stream_ref ); Create stream associated with previously created controller to accept data for transformation. Parameters: [in] local_port Local port. [out] stream_ref Reference to resulting stream. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_LOCAL_PORT_INVALID, S_LOCAL_PORT_INCOMPATIBLE, S_LOCAL_PORT_IN_USE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET, S_CHANNEL_NOT_FOUND 14.2. Interface CICM::EncryptBypass::Stream Interface CICM::EncryptBypass::Stream interface Stream : CICM::Encrypt::Stream, CICM::BypassWrite::Stream { CICM::EncryptBypass::Stream supports encryption and selective bypass operations between two independent security domains. The resulting stream is capable of accepting data for transformation, but not managing the channel. It is created by calling CICM:: ChannelManager::get_encrypt_bypass_stream. 14.2.1. CICM::EncryptBypass::Stream Inheritance CICM::EncryptBypass::Stream inherits from: CICM::Encrypt::Stream and CICM::BypassWrite::Stream. Lanz & Novikov Expires January 26, 2012 [Page 92] Internet-Draft CICM Channel Management July 2011 14.3. Interface CICM::EncryptBypass::NegotiatedController Interface CICM::EncryptBypass::NegotiatedController interface NegotiatedController : CICM::Encrypt::NegotiatedController {}; CICM::EncryptBypass::NegotiatedController is the negotiated version of CICM::EncryptBypass::Controller. It is the result of a successful negotiation by CICM::EncryptBypass::ControllerNegotiator. 14.3.1. CICM::EncryptBypass::NegotiatedController Inheritance CICM::EncryptBypass::NegotiatedController inherits from: CICM:: Encrypt::NegotiatedController. 14.4. Interface CICM::EncryptBypass::Controller Interface CICM::EncryptBypass::Controller interface Controller : CICM::Encrypt::Controller {}; CICM::EncryptBypass::Controller supports encryption and selective bypass operations between two independent security domains. The resulting controller is capable of managing the channel, but not accepting data for transformation/bypass. It is created by calling CICM::ChannelManager::create_encrypt_bypass_controller. 14.4.1. CICM::EncryptBypass::Controller Inheritance CICM::EncryptBypass::Controller inherits from: CICM::Encrypt:: Controller. 14.5. Interface CICM::EncryptBypass::Conduit Interface CICM::EncryptBypass::Conduit interface Conduit : CICM::Encrypt::Conduit, CICM::EncryptBypass::Stream { CICM::EncryptBypass::Conduit supports encryption and selective bypass operations between two independent security domains. The resulting conduit is capable of both managing the channel and accepting data for transformation/bypass. It is created by calling CICM:: ChannelManager::create_encrypt_bypass_conduit. 14.5.1. CICM::EncryptBypass::Conduit Inheritance CICM::EncryptBypass::Conduit inherits from: CICM::Encrypt::Conduit and CICM::EncryptBypass::Stream. Lanz & Novikov Expires January 26, 2012 [Page 93] Internet-Draft CICM Channel Management July 2011 14.6. Interface CICM::EncryptBypass::NegotiatedConduit Interface CICM::EncryptBypass::NegotiatedConduit interface NegotiatedConduit : CICM::Encrypt::NegotiatedController, CICM::EncryptBypass::Stream { CICM::EncryptBypass::NegotiatedConduit is the negotiated version of CICM::EncryptBypass::Conduit. It is the result of a successful negotiation by CICM::EncryptBypass::Negotiator. 14.6.1. CICM::EncryptBypass::NegotiatedConduit Inheritance CICM::EncryptBypass::NegotiatedConduit inherits from: CICM::Encrypt:: NegotiatedController and CICM::EncryptBypass::Stream. 14.7. Interface CICM::EncryptBypass::ControllerNegotiator Interface CICM::EncryptBypass::ControllerNegotiator interface ControllerNegotiator : CICM::Negotiator { CICM::EncryptBypass::ControllerNegotiator initiates a negotiation to establish a shared key with a remote entity that is used to support encryption and selective bypass operations between two independent security domains. The result of a successful negotiation is a CICM:: EncryptBypass::NegotiatedController which is capable of managing the channel, but not accepting data for transformation/bypass. CICM:: EncryptBypass::ControllerNegotiator is created by calling CICM:: ChannelManager::negotiate_encrypt_bypass_controller. 14.7.1. CICM::EncryptBypass::ControllerNegotiator Inheritance CICM::EncryptBypass::ControllerNegotiator inherits from: CICM:: Negotiator. 14.7.2. CICM::EncryptBypass::ControllerNegotiator Methods Method CICM::EncryptBypass::ControllerNegotiator::complete() CICM::Status complete( out CICM::EncryptBypass::NegotiatedController controller_ref ); Complete negotiation and retrieve a negotiated encrypt bypass control-only channel. Parameters: [out] controller_ref Reference to resulting controller. Returns: Lanz & Novikov Expires January 26, 2012 [Page 94] Internet-Draft CICM Channel Management July 2011 S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_NEGOTIATION_ABORTED, S_NEGOTIATION_FAILURE, S_NEGOTIATION_NOT_IN_PROGRESS, S_NEGOTIATION_TIMEOUT, S_CERT_LOCAL_INVALID, S_CERT_LOCAL_EXPIRED, S_CERT_REMOTE_INVALID, S_CERT_REMOTE_EXPIRED, S_CERT_REMOTE_PATH, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET 14.8. Interface CICM::EncryptBypass::Negotiator Interface CICM::EncryptBypass::Negotiator interface Negotiator : CICM::Negotiator { CICM::EncryptBypass::Negotiator initiates a negotiation to establish a shared key with a remote entity that is used to support encryption and bypass operations between two independent security domains. Additionally, selective bypass is supported on the same conduit. The result of a successful negotiation is a CICM::EncryptBypass:: NegotiatedConduit which is capable of both managing the channel and accepting data for transformation/bypass. CICM::EncryptBypass:: Negotiator is created by calling CICM::ChannelManager:: negotiate_encrypt_bypass_conduit. 14.8.1. CICM::EncryptBypass::Negotiator Inheritance CICM::EncryptBypass::Negotiator inherits from: CICM::Negotiator. 14.8.2. CICM::EncryptBypass::Negotiator Methods Method CICM::EncryptBypass::Negotiator::complete() CICM::Status complete( out CICM::EncryptBypass::NegotiatedConduit conduit_ref ); Complete negotiation and retrieve a negotiated encrypt bypass conduit. Parameters: [out] conduit_ref Reference to resulting conduit. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_NEGOTIATION_ABORTED, Lanz & Novikov Expires January 26, 2012 [Page 95] Internet-Draft CICM Channel Management July 2011 S_NEGOTIATION_FAILURE, S_NEGOTIATION_NOT_IN_PROGRESS, S_NEGOTIATION_TIMEOUT, S_CERT_LOCAL_INVALID, S_CERT_LOCAL_EXPIRED, S_CERT_REMOTE_INVALID, S_CHANNEL_PEER_RESET 15. Decryption with Selective Bypass Namespace CICM::DecryptBypass module DecryptBypass { The CICM::DecryptBypass namespace contains interfaces that support decryption with selective bypass operations between two independent security domains. 15.1. Interface CICM::DecryptBypass::ChannelManager Interface CICM::DecryptBypass::ChannelManager interface ChannelManager { CICM::DecryptBypass::ChannelManager is an abstraction inherited by CICM::ChannelManager that supports the creation of decryption with selective bypass negotiators, conduits, controllers, and streams. See CICM::ChannelManager for additional information. Remarks: CICM does not specify the structure of the data that is read from a selective bypass channel which may contain special formatting to indicate which subset of the data was bypassed. The Implementation Conformance Statement (see Conformance and Extensions in [CICM]) MUST reference a standard format or define a module developer-specific format implemented by the module for data read from selective bypass channels. 15.1.1. CICM::DecryptBypass::ChannelManager Methods Method CICM::DecryptBypass::ChannelManager:: negotiate_decrypt_bypass_conduit() CICM::Status negotiate_decrypt_bypass_conduit( in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey key_ref, out CICM::DecryptBypass::Negotiator negotiator_ref ); Initiate a negotiation to establish a shared key with a peer. The channel that results will selectively decrypt or bypass a stream of data. Parameters: Lanz & Novikov Expires January 26, 2012 [Page 96] Internet-Draft CICM Channel Management July 2011 [in] remote_port Remote port. [in] protocol Protocol identifier. [in] key_ref Reference to negotiation key. [out] negotiator_ref Reference to resulting negotiator. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_USED_COMPONENT_NOT_AVAIL, S_KEY_INVALID, S_KEY_EXPIRED, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_NEGOTIATION_ABORTED, S_NEGOTIATION_FAILURE, S_NEGOTIATION_IN_PROGRESS, S_NEGOTIATION_TIMEOUT, S_CERT_LOCAL_INVALID, S_CERT_LOCAL_EXPIRED, S_CERT_REMOTE_INVALID, S_CERT_REMOTE_EXPIRED, S_CERT_REMOTE_PATH, S_PROTO_INVALID, S_PROTO_INCOMPATIBLE, S_PROTO_UNDETERMINED, S_CHANNEL_ERROR, S_CHANNEL_MAX Method CICM::DecryptBypass::ChannelManager:: negotiate_decrypt_bypass_controller() CICM::Status negotiate_decrypt_bypass_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey key_ref, out CICM::DecryptBypass::ControllerNegotiator negotiator_ref ); Initiate a negotiation to establish a shared key with a peer, resulting in a controller to manage a decrypt with bypass channel. Parameters: [in] local_port Local port. [in] remote_port Remote port. [in] protocol Protocol identifier. [in] key_ref Reference to negotiation key. [out] negotiator_ref Reference to resulting negotiator. Lanz & Novikov Expires January 26, 2012 [Page 97] Internet-Draft CICM Channel Management July 2011 Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_USED_COMPONENT_NOT_AVAIL, S_KEY_INVALID, S_KEY_EXPIRED, S_LOCAL_PORT_INVALID, S_LOCAL_PORT_INCOMPATIBLE, S_LOCAL_PORT_IN_USE, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_NEGOTIATION_ABORTED, S_NEGOTIATION_FAILURE, S_NEGOTIATION_IN_PROGRESS, S_NEGOTIATION_TIMEOUT, S_CERT_LOCAL_INVALID, S_CERT_LOCAL_EXPIRED, S_CERT_REMOTE_INVALID, S_CERT_REMOTE_EXPIRED, S_CERT_REMOTE_PATH, S_PROTO_INVALID, S_PROTO_INCOMPATIBLE, S_PROTO_UNDETERMINED, S_CHANNEL_ERROR, S_CHANNEL_MAX Method CICM::DecryptBypass::ChannelManager:: create_decrypt_bypass_conduit() CICM::Status create_decrypt_bypass_conduit( in CICM::RemotePort remote_port, in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::DecryptBypass::Conduit conduit_ref ); Create conduit to selectively decrypt or bypass a stream of data. Remarks: Both decrypted and bypassed data are read from the same stream using the appropriate decrypt() call; the entity reading from this stream must distinguish between decrypted and bypassed data, if necessary. Parameters: [in] remote_port Remote port. [in] key_ref Reference to decryption key. [in] algorithm Decryption algorithm/mode. [out] conduit_ref Reference to resulting conduit. Returns: Lanz & Novikov Expires January 26, 2012 [Page 98] Internet-Draft CICM Channel Management July 2011 S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Method CICM::DecryptBypass::ChannelManager:: create_decrypt_bypass_controller() CICM::Status create_decrypt_bypass_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::DecryptBypass::Controller controller_ref ); Create controller to configure and control a decrypt with bypass channel. Remarks: In some cases, hosts may depend upon separate processes to control and use a channel. This method returns the channel controller and must be called before the corresponding stream is retrieved. Parameters: [in] local_port Local port. [in] remote_port Remote port. [in] key_ref Reference to decryption key. [in] algorithm Decryption algorithm/mode. [out] controller_ref Reference to resulting controller. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_LOCAL_PORT_INVALID, S_LOCAL_PORT_INCOMPATIBLE, S_LOCAL_PORT_IN_USE, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Lanz & Novikov Expires January 26, 2012 [Page 99] Internet-Draft CICM Channel Management July 2011 Method CICM::DecryptBypass::ChannelManager:: get_decrypt_bypass_stream() CICM::Status get_decrypt_bypass_stream( in CICM::LocalPort local_port, out CICM::DecryptBypass::Stream stream_ref ); Create stream associated with previously created controller to receive transformed data. Remarks: Both decrypted and bypassed data are read from the same stream using the appropriate decrypt() call; the entity reading from this stream must distinguish between decrypted and bypassed data, if necessary. Parameters: [in] local_port Local port. [out] stream_ref Reference to resulting stream. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_LOCAL_PORT_INVALID, S_LOCAL_PORT_INCOMPATIBLE, S_LOCAL_PORT_IN_USE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET, S_CHANNEL_NOT_FOUND 15.2. Interface CICM::DecryptBypass::Stream Interface CICM::DecryptBypass::Stream interface Stream : CICM::Decrypt::Stream {}; CICM::DecryptBypass::Stream supports decryption and selective bypass operations between two independent security domains. The resulting stream is capable of accepting transformed/bypassed data, but not managing the channel. It is created by calling CICM:: ChannelManager::get_decrypt_bypass_stream. Remarks: CICM does not specify the structure of the data that is read from a selective bypass channel which may contain special formatting to indicate which subset of the data was bypassed. The Lanz & Novikov Expires January 26, 2012 [Page 100] Internet-Draft CICM Channel Management July 2011 Implementation Conformance Statement (see Conformance and Extensions in [CICM]) MUST reference a standard format or define a module developer-specific format implemented by the module for data read from selective bypass channels. 15.2.1. CICM::DecryptBypass::Stream Inheritance CICM::DecryptBypass::Stream inherits from: CICM::Decrypt::Stream. 15.3. Interface CICM::DecryptBypass::Controller Interface CICM::DecryptBypass::Controller interface Controller : CICM::Decrypt::Controller { CICM::DecryptBypass::Controller supports decryption and selective bypass operations between two independent security domains. The resulting controller is capable of managing the channel, but not accepting transformed/bypassed data. It is created by calling CICM:: ChannelManager::create_decrypt_bypass_controller. 15.3.1. CICM::DecryptBypass::Controller Inheritance CICM::DecryptBypass::Controller inherits from: CICM::Decrypt:: Controller. 15.4. Interface CICM::DecryptBypass::NegotiatedController Interface CICM::DecryptBypass::NegotiatedController interface NegotiatedController : CICM::Decrypt::NegotiatedController { CICM::DecryptBypass::NegotiatedController is the negotiated version of CICM::DecryptBypass::Controller. It is the result of a successful negotiation by CICM::DecryptBypass::ControllerNegotiator. 15.4.1. CICM::DecryptBypass::NegotiatedController Inheritance CICM::DecryptBypass::NegotiatedController inherits from: CICM:: Decrypt::NegotiatedController. 15.5. Interface CICM::DecryptBypass::Conduit Interface CICM::DecryptBypass::Conduit interface Conduit : CICM::Decrypt::Conduit, CICM::DecryptBypass::Controller, CICM::DecryptBypass::Stream { CICM::DecryptBypass::Conduit supports decryption and selective bypass operations between two independent security domains. The resulting conduit is capable of both managing the channel and accepting transformed/bypassed data. It is created by calling CICM:: Lanz & Novikov Expires January 26, 2012 [Page 101] Internet-Draft CICM Channel Management July 2011 ChannelManager::create_decrypt_bypass_conduit. 15.5.1. CICM::DecryptBypass::Conduit Inheritance CICM::DecryptBypass::Conduit inherits from: CICM::Decrypt::Conduit, CICM::DecryptBypass::Controller and CICM::DecryptBypass::Stream. 15.6. Interface CICM::DecryptBypass::NegotiatedConduit Interface CICM::DecryptBypass::NegotiatedConduit interface NegotiatedConduit : CICM::Decrypt::NegotiatedConduit, CICM::DecryptBypass::NegotiatedController, CICM::DecryptBypass::Stream { CICM::DecryptBypass::NegotiatedConduit is the negotiated version of CICM::DecryptBypass::Conduit. It is the result of a successful negotiation by CICM::DecryptBypass::Negotiator. 15.6.1. CICM::DecryptBypass::NegotiatedConduit Inheritance CICM::DecryptBypass::NegotiatedConduit inherits from: CICM::Decrypt:: NegotiatedConduit, CICM::DecryptBypass::NegotiatedController and CICM::DecryptBypass::Stream. 15.7. Interface CICM::DecryptBypass::ControllerNegotiator Interface CICM::DecryptBypass::ControllerNegotiator interface ControllerNegotiator : CICM::Negotiator { CICM::DecryptBypass::ControllerNegotiator initiates a negotiation to establish a shared key with a remote entity that is used to support encryption and selective bypass operations between two independent security domains. The result of a successful negotiation is a CICM:: DecryptBypass::NegotiatedController which is capable of managing the channel, but not accepting data for transformation. CICM:: DecryptBypass::ControllerNegotiator is created by calling CICM:: ChannelManager::negotiate_decrypt_bypass_controller. 15.7.1. CICM::DecryptBypass::ControllerNegotiator Inheritance CICM::DecryptBypass::ControllerNegotiator inherits from: CICM:: Negotiator. Lanz & Novikov Expires January 26, 2012 [Page 102] Internet-Draft CICM Channel Management July 2011 15.7.2. CICM::DecryptBypass::ControllerNegotiator Methods Method CICM::DecryptBypass::ControllerNegotiator::complete() CICM::Status complete( out CICM::DecryptBypass::NegotiatedController controller_ref ); Complete negotiation and retrieve a negotiated control-only decrypt bypass channel. Parameters: [out] controller_ref Reference to resulting controller. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_NEGOTIATION_ABORTED, S_NEGOTIATION_FAILURE, S_NEGOTIATION_NOT_IN_PROGRESS, S_NEGOTIATION_TIMEOUT, S_CERT_LOCAL_INVALID, S_CERT_LOCAL_EXPIRED, S_CERT_REMOTE_INVALID, S_CERT_REMOTE_EXPIRED, S_CERT_REMOTE_PATH, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET 15.8. Interface CICM::DecryptBypass::Negotiator Interface CICM::DecryptBypass::Negotiator interface Negotiator : CICM::Negotiator { CICM::DecryptBypass::Negotiator initiates a negotiation to establish a shared key with a remote entity that is used to support encryption operations between two independent security domains. Additionally, selective bypass is supported on the same conduit. The result of a successful negotiation is a CICM::DecryptBypass::NegotiatedConduit which is capable of both managing the channel and accepting data for transformation. CICM::DecryptBypass::Negotiator is created by calling CICM::ChannelManager::negotiate_decrypt_bypass_conduit. 15.8.1. CICM::DecryptBypass::Negotiator Inheritance CICM::DecryptBypass::Negotiator inherits from: CICM::Negotiator. Lanz & Novikov Expires January 26, 2012 [Page 103] Internet-Draft CICM Channel Management July 2011 15.8.2. CICM::DecryptBypass::Negotiator Methods Method CICM::DecryptBypass::Negotiator::complete() CICM::Status complete( out CICM::DecryptBypass::NegotiatedConduit conduit_ref ); Complete negotiation and retrieve a negotiated decrypt bypass conduit. Parameters: [out] conduit_ref Reference to resulting conduit. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_NEGOTIATION_ABORTED, S_NEGOTIATION_FAILURE, S_NEGOTIATION_NOT_IN_PROGRESS, S_NEGOTIATION_TIMEOUT, S_CERT_LOCAL_INVALID, S_CERT_LOCAL_EXPIRED, S_CERT_REMOTE_INVALID, S_CERT_REMOTE_EXPIRED, S_CERT_REMOTE_PATH, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET 16. Random, Pseudorandom and Keystream Namespace CICM::Emit module Emit { The CICM::Emit namespace contains interfaces that generate data originating in a cryptographic module such as random, pseudorandom, and keystream data. 16.1. Interface CICM::Emit::ChannelManager Interface CICM::Emit::ChannelManager interface ChannelManager { CICM::Emit::ChannelManager is an abstraction inherited by CICM:: ChannelManager that supports the creation of conduits and controllers to generate keystream, pseudorandom, and random data. See CICM:: ChannelManager for additional information. Lanz & Novikov Expires January 26, 2012 [Page 104] Internet-Draft CICM Channel Management July 2011 16.1.1. CICM::Emit::ChannelManager Methods Method CICM::Emit::ChannelManager::create_key_stream_gen_controller() CICM::Status create_key_stream_gen_controller( in CICM::RemotePort remote_port, in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::Emit::KeyStreamGenController controller_ref ); Create controller to generate keystream. Parameters: [in] remote_port Remote port. [in] key_ref Reference to keystream generation key. [in] algorithm Keystream generation algorithm/mode. [out] controller_ref Reference to resulting controller. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_INVALID, S_KEY_EXPIRED, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Method CICM::Emit::ChannelManager::create_pseudorandom_controller() CICM::Status create_pseudorandom_controller( in CICM::RemotePort remote_port, in CICM::SymKey seed, out CICM::Emit::PseudoRandomController controller_ref ); Create controller to generate pseudorandom data. Parameters: [in] remote_port Remote port. [in] seed Seed material for pseudorandom generator. Lanz & Novikov Expires January 26, 2012 [Page 105] Internet-Draft CICM Channel Management July 2011 [out] controller_ref Reference to resulting controller. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_INVALID, S_KEY_EXPIRED, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX, S_INSUFFICIENT_ENTROPY Method CICM::Emit::ChannelManager::create_random_controller() CICM::Status create_random_controller( in CICM::RemotePort remote_port, out CICM::Emit::RandomController controller_ref ); Create controller to generate random data. Parameters: [in] remote_port Remote port. [out] controller_ref Reference to resulting controller. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_REMOTE_PORT_INVALID, S_REMOTE_PORT_IN_USE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX, S_INSUFFICIENT_ENTROPY Method CICM::Emit::ChannelManager::create_key_stream_gen_conduit() CICM::Status create_key_stream_gen_conduit( in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::Emit::KeyStreamGenConduit conduit_ref ); Create conduit to generate keystream. Parameters: Lanz & Novikov Expires January 26, 2012 [Page 106] Internet-Draft CICM Channel Management July 2011 [in] key_ref Reference to keystream generation key. [in] algorithm Keystream generation algorithm/mode. [out] conduit_ref Reference to resulting conduit. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_INVALID, S_KEY_EXPIRED, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Method CICM::Emit::ChannelManager::create_pseudorandom_conduit() CICM::Status create_pseudorandom_conduit( in CICM::SymKey seed, out CICM::Emit::PseudoRandomConduit conduit_ref ); Create conduit to generate pseudorandom data. Parameters: [in] seed Seed material for pseudorandom generator. [out] conduit_ref Reference to resulting conduit. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_INVALID, S_KEY_EXPIRED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX, S_INSUFFICIENT_ENTROPY Lanz & Novikov Expires January 26, 2012 [Page 107] Internet-Draft CICM Channel Management July 2011 Method CICM::Emit::ChannelManager::create_random_conduit() CICM::Status create_random_conduit( out CICM::Emit::RandomConduit conduit_ref ); Create conduit to generate random data. Parameters: [out] conduit_ref Reference to resulting conduit. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX, S_INSUFFICIENT_ENTROPY 16.2. Interface CICM::Emit::GetStream Interface CICM::Emit::GetStream interface GetStream : CICM::ReadStream { CICM::Emit::GetStream is an abstraction inherited by conduits in the CICM::Emit namespace that allows data to be read from the stream. 16.2.1. CICM::Emit::GetStream Inheritance CICM::Emit::GetStream inherits from: CICM::ReadStream. 16.2.2. CICM::Emit::GetStream Methods Method CICM::Emit::GetStream::get() CICM::Status get( in CICM::UInt32 length, out CICM::Buffer buffer ); Reads a buffer of data from the module. The method blocks until data becomes available. Parameters: [in] length Number of bytes to retrieve. [out] buffer Buffer of data read from stream. Returns: Lanz & Novikov Expires January 26, 2012 [Page 108] Internet-Draft CICM Channel Management July 2011 S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_KEY_WRAPPED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET, S_CHANNEL_IO_ERROR, S_CHANNEL_BUFFER_LEN, S_INSUFFICIENT_ENTROPY Method CICM::Emit::GetStream::get_non_blocking() CICM::Status get_non_blocking( in CICM::UInt32 length, out CICM::Buffer buffer, in CICM::TransId transaction_id ); Registers a buffer into which transformed data will be copied, and then control immediately returns to the caller. The size of the allocated buffer and length of the resulting transformed data is encapsulated in the buffer parameter. The caller may use the CICM:: Emit::GetStream::get_poll method to proactively poll the channel to determine the status of the operation. The caller is responsible for maintaining any necessary metadata associated with the transaction_id parameter. Memory responsibilities and calling conventions shall follow the appropriate IDL language mapping conventions. Parameters: [in] length Number of bytes to retrieve. [out] buffer Transformed data. [in] transaction_id Unique transaction id that will be used by the CICM::Emit::GetStream::get_poll method to determine to which buffer the poll status applies. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_KEY_WRAPPED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET, S_CHANNEL_IO_ERROR, S_CHANNEL_BUFFER_LEN, S_INSUFFICIENT_ENTROPY Lanz & Novikov Expires January 26, 2012 [Page 109] Internet-Draft CICM Channel Management July 2011 Method CICM::Emit::GetStream::get_poll() CICM::Status get_poll( in CICM::TransId transaction_id, out CICM::ReadStream::ReadStatus status ); Returns the status of the non-blocking get operation specified by the transaction_id parameter. Upon completion of the operation, the caller must use the metadata associated with the transaction_id parameter to determine which buffer has been populated. Memory responsibilities and calling conventions shall follow the appropriate IDL language mapping conventions. Parameters: [in] transaction_id Unique transaction id previously specified to the CICM::Emit::GetStream::get_non_blocking method that allows the poll operation to determine to which buffer the poll status applies. [out] status Status of the non-blocking operation corresponding to the transaction_id parameter. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_KEY_WRAPPED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_PEER_RESET, S_CHANNEL_IO_ERROR 16.3. Interface CICM::Emit::Controller Interface CICM::Emit::Controller interface Controller : CICM::Controller { CICM::Emit::Controller is an abstraction from which all other controllers in the CICM::Emit namespace inherit. 16.3.1. CICM::Emit::Controller Inheritance CICM::Emit::Controller inherits from: CICM::Controller. Lanz & Novikov Expires January 26, 2012 [Page 110] Internet-Draft CICM Channel Management July 2011 16.3.2. CICM::Emit::Controller Attributes AttributeCICM::Emit::Controller::remote_port readonly attribute CICM::RemotePort remote_port; The remote port associated with this controller. 16.4. Interface CICM::Emit::RandomController Interface CICM::Emit::RandomController interface RandomController : CICM::Emit::Controller {}; CICM::Emit::RandomController supports creating a channel to read random data from a module. The resulting controller is capable of managing the channel, but not reading random data. It is created by calling CICM::ChannelManager::create_random_controller. 16.4.1. CICM::Emit::RandomController Inheritance CICM::Emit::RandomController inherits from: CICM::Emit::Controller. 16.5. Interface CICM::Emit::RandomConduit Interface CICM::Emit::RandomConduit interface RandomConduit : CICM::Conduit, CICM::Emit::GetStream { CICM::Emit::RandomConduit supports reading random data from a module. The resulting conduit is capable of both managing the channel and reading random data. It is created by calling CICM::ChannelManager:: create_random_conduit. 16.5.1. CICM::Emit::RandomConduit Inheritance CICM::Emit::RandomConduit inherits from: CICM::Conduit and CICM:: Emit::GetStream. 16.6. Interface CICM::Emit::PseudoRandomController Interface CICM::Emit::PseudoRandomController interface PseudoRandomController : CICM::SymKeyController, CICM::Emit::Controller { CICM::Emit::PseudoRandomController supports creating a channel to read pseudorandom data from a module. The resulting controller is capable of managing the channel, but not reading pseudorandom data. It is created by calling CICM::ChannelManager:: create_pseudorandom_controller. Lanz & Novikov Expires January 26, 2012 [Page 111] Internet-Draft CICM Channel Management July 2011 16.6.1. CICM::Emit::PseudoRandomController Inheritance CICM::Emit::PseudoRandomController inherits from: CICM:: SymKeyController and CICM::Emit::Controller. 16.7. Interface CICM::Emit::PseudoRandomConduit Interface CICM::Emit::PseudoRandomConduit interface PseudoRandomConduit : CICM::Conduit, CICM::SymKeyController, CICM::Emit::GetStream { CICM::Emit::PseudoRandomConduit supports reading pseudorandom data from a module. The resulting conduit is capable of both managing the channel and reading pseudorandom data. It is created by calling CICM::ChannelManager::create_pseudorandom_conduit. 16.7.1. CICM::Emit::PseudoRandomConduit Inheritance CICM::Emit::PseudoRandomConduit inherits from: CICM::Conduit, CICM:: SymKeyController and CICM::Emit::GetStream. 16.8. Interface CICM::Emit::KeyStreamGenController Interface CICM::Emit::KeyStreamGenController interface KeyStreamGenController : CICM::SymKeyController, CICM::GenVectorController, CICM::Emit::Controller { CICM::Emit::KeyStreamGenController supports creating a channel to read keystream from a module. The resulting controller is capable of managing the channel, but not reading keystream. It is created by calling CICM::ChannelManager::create_key_stream_gen_controller. 16.8.1. CICM::Emit::KeyStreamGenController Inheritance CICM::Emit::KeyStreamGenController inherits from: CICM:: SymKeyController, CICM::GenVectorController and CICM::Emit:: Controller. Lanz & Novikov Expires January 26, 2012 [Page 112] Internet-Draft CICM Channel Management July 2011 16.9. Interface CICM::Emit::KeyStreamGenConduit Interface CICM::Emit::KeyStreamGenConduit interface KeyStreamGenConduit : CICM::Conduit, CICM::SymKeyController, CICM::GenVectorController, CICM::Emit::GetStream { CICM::Emit::KeyStreamGenConduit supports reading keystream from a module. The resulting conduit is capable of both managing the channel and reading keystream. It is created by calling CICM:: ChannelManager::create_key_stream_gen_conduit. 16.9.1. CICM::Emit::KeyStreamGenConduit Inheritance CICM::Emit::KeyStreamGenConduit inherits from: CICM::Conduit, CICM:: SymKeyController, CICM::GenVectorController and CICM::Emit:: GetStream. 17. Data Integrity Namespace CICM::Answer module Answer { The CICM::Answer namespace contains interfaces that support cryptographic operations that return an "answer" such a hash or a signature within a single security domain. 17.1. Interface CICM::Answer::ChannelManager Interface CICM::Answer::ChannelManager interface ChannelManager { CICM::Answer::ChannelManager is an abstraction inherited by CICM:: ChannelManager that supports the creation of conduits to sign, MAC, and hash data. See CICM::ChannelManager for additional information. 17.1.1. CICM::Answer::ChannelManager Methods Method CICM::Answer::ChannelManager::create_hash_conduit() CICM::Status create_hash_conduit( in CICM::HashAlgorithmId algorithm, out CICM::Answer::HashConduit conduit_ref ); Create conduit to calculate and generate a hash value. Parameters: Lanz & Novikov Expires January 26, 2012 [Page 113] Internet-Draft CICM Channel Management July 2011 [in] algorithm Hash algorithm. [out] conduit_ref Reference to resulting conduit. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Method CICM::Answer::ChannelManager::create_mac_conduit() CICM::Status create_mac_conduit( in CICM::SymKey key_ref, in CICM::SymMacAlgorithmId algorithm, out CICM::Answer::MACConduit conduit_ref ); Create conduit to calculate and generate a MAC. Parameters: [in] key_ref Reference to MAC key. [in] algorithm MAC algorithm. [out] conduit_ref Reference to resulting conduit. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_INVALID, S_KEY_EXPIRED, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Lanz & Novikov Expires January 26, 2012 [Page 114] Internet-Draft CICM Channel Management July 2011 Method CICM::Answer::ChannelManager::create_mac_verify_conduit() CICM::Status create_mac_verify_conduit( in CICM::SymKey key_ref, in CICM::SymMacAlgorithmId algorithm, out CICM::Answer::MACVerifyConduit conduit_ref ); Create conduit to verify a MAC. Parameters: [in] key_ref Reference to verification key. [in] algorithm MAC algorithm. [out] conduit_ref Reference to resulting conduit. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_INVALID, S_KEY_EXPIRED, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Method CICM::Answer::ChannelManager::create_sign_conduit() CICM::Status create_sign_conduit( in CICM::AsymKey key_ref, in CICM::AsymSigAlgorithmId algorithm, out CICM::Answer::SignConduit conduit_ref ); Create conduit to calculate and generate a signature. Parameters: [in] key_ref Reference to signature key. [in] algorithm Signature algorithm. [out] conduit_ref Reference to resulting conduit. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, Lanz & Novikov Expires January 26, 2012 [Page 115] Internet-Draft CICM Channel Management July 2011 S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_USED_COMPONENT_NOT_AVAIL, S_KEY_INVALID, S_KEY_EXPIRED, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Method CICM::Answer::ChannelManager::create_sign_hash_conduit() CICM::Status create_sign_hash_conduit( in CICM::AsymKey key_ref, in CICM::AsymSigAlgorithmId algorithm, out CICM::Answer::SignHashConduit conduit_ref ); Create conduit to calculate and generate a signature accepting a previously generated hash value as input. Parameters: [in] key_ref Reference to signature key. [in] algorithm Signature algorithm. [out] conduit_ref Reference to resulting conduit. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_USED_COMPONENT_NOT_AVAIL, S_KEY_INVALID, S_KEY_EXPIRED, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Method CICM::Answer::ChannelManager::create_verify_conduit() CICM::Status create_verify_conduit( in CICM::AsymKey key_ref, in CICM::AsymSigAlgorithmId algorithm, out CICM::Answer::VerifyConduit conduit_ref ); Create conduit to verify a signature. Parameters: [in] key_ref Reference to verification key. [in] algorithm Verification algorithm. Lanz & Novikov Expires January 26, 2012 [Page 116] Internet-Draft CICM Channel Management July 2011 [out] conduit_ref Reference to resulting conduit. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_USED_COMPONENT_NOT_AVAIL, S_KEY_INVALID, S_KEY_EXPIRED, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Method CICM::Answer::ChannelManager::create_verify_hash_conduit() CICM::Status create_verify_hash_conduit( in CICM::AsymKey key_ref, in CICM::AsymSigAlgorithmId algorithm, out CICM::Answer::VerifyHashConduit conduit_ref ); Create conduit to verify a signature accepting a previously generated hash value as input. Parameters: [in] key_ref Reference to verification key. [in] algorithm Verification algorithm. [out] conduit_ref Reference to resulting conduit. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_USED_COMPONENT_NOT_AVAIL, S_KEY_INVALID, S_KEY_EXPIRED, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Lanz & Novikov Expires January 26, 2012 [Page 117] Internet-Draft CICM Channel Management July 2011 17.2. Interface CICM::Answer::PutStream Interface CICM::Answer::PutStream interface PutStream : CICM::Stream { A stream that can write data to a module. 17.2.1. CICM::Answer::PutStream Inheritance CICM::Answer::PutStream inherits from: CICM::Stream. 17.2.2. CICM::Answer::PutStream Methods Method CICM::Answer::PutStream::put() CICM::Status put( in CICM::Buffer buffer ); Sends data to the module for transformation. Remarks: This method blocks until the data is sent to the module. Parameters: [in] buffer Buffer to write to the module. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_IO_ERROR, S_CHANNEL_DATA_INVALID, S_CHANNEL_DATA_INVALID_LEN 17.3. Interface CICM::Answer::HashConduit Interface CICM::Answer::HashConduit interface HashConduit : CICM::Conduit, CICM::Answer::PutStream { CICM::Answer::HashConduit supports hashing operations within a single security domain. It is created by calling CICM::ChannelManager:: create_hash_conduit. Remarks: Lanz & Novikov Expires January 26, 2012 [Page 118] Internet-Draft CICM Channel Management July 2011 Keyed hashes are supported by MAC channels. 17.3.1. CICM::Answer::HashConduit Inheritance CICM::Answer::HashConduit inherits from: CICM::Conduit and CICM:: Answer::PutStream. 17.3.2. CICM::Answer::HashConduit Attributes AttributeCICM::Answer::HashConduit::algorithm readonly attribute CICM::HashAlgorithmId algorithm; Algorithm used to compute the hash. 17.3.3. CICM::Answer::HashConduit Methods Method CICM::Answer::HashConduit::end_get_hash() CICM::Status end_get_hash( out HashBuffer hash ); Direct the module to compute and output the message digest value, and reset the conduit to accept additional data. Parameters: [out] hash Resulting hash. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR 17.4. Interface CICM::Answer::MACConduit Interface CICM::Answer::MACConduit interface MACConduit : CICM::AbstractMACConduit, CICM::Answer::PutStream { CICM::Answer::MACConduit supports message authentication code operations within a single security domain. It is created by calling CICM::ChannelManager::create_mac_conduit. 17.4.1. CICM::Answer::MACConduit Inheritance CICM::Answer::MACConduit inherits from: CICM::AbstractMACConduit and CICM::Answer::PutStream. Lanz & Novikov Expires January 26, 2012 [Page 119] Internet-Draft CICM Channel Management July 2011 17.5. Interface CICM::Answer::MACVerifyConduit Interface CICM::Answer::MACVerifyConduit interface MACVerifyConduit : CICM::AbstractMACVerifyConduit, CICM::Answer::PutStream { CICM::Answer::MACVerifyConduit supports message authentication code verification operations within a single security domain. It is created by calling CICM::ChannelManager::create_mac_verify_conduit. 17.5.1. CICM::Answer::MACVerifyConduit Inheritance CICM::Answer::MACVerifyConduit inherits from: CICM:: AbstractMACVerifyConduit and CICM::Answer::PutStream. 17.6. Interface CICM::Answer::SignConduit Interface CICM::Answer::SignConduit interface SignConduit : CICM::AbstractSignConduit, CICM::Answer::PutStream { CICM::Answer::SignConduit supports signature operations within a single security domain. It is created by calling CICM:: ChannelManager::create_sign_conduit. 17.6.1. CICM::Answer::SignConduit Inheritance CICM::Answer::SignConduit inherits from: CICM::AbstractSignConduit and CICM::Answer::PutStream. 17.7. Interface CICM::Answer::SignHashConduit Interface CICM::Answer::SignHashConduit interface SignHashConduit : CICM::Answer::SignConduit {}; CICM::Answer::SignHashConduit supports signature operations accepting a pre-generated hash value within a single security domain. It is created by calling CICM::ChannelManager::create_sign_hash_conduit. 17.7.1. CICM::Answer::SignHashConduit Inheritance CICM::Answer::SignHashConduit inherits from: CICM::Answer:: SignConduit. Lanz & Novikov Expires January 26, 2012 [Page 120] Internet-Draft CICM Channel Management July 2011 17.8. Interface CICM::Answer::VerifyConduit Interface CICM::Answer::VerifyConduit interface VerifyConduit : CICM::AbstractSigVerifyConduit, CICM::Answer::PutStream { CICM::Answer::VerifyConduit supports verification operations within a single security domain. It is created by calling CICM:: ChannelManager::create_verify_conduit. 17.8.1. CICM::Answer::VerifyConduit Inheritance CICM::Answer::VerifyConduit inherits from: CICM:: AbstractSigVerifyConduit and CICM::Answer::PutStream. 17.9. Interface CICM::Answer::VerifyHashConduit Interface CICM::Answer::VerifyHashConduit interface VerifyHashConduit : CICM::Answer::VerifyConduit {}; CICM::Answer::VerifyHashConduit supports verification operations accepting a pre-generated hash value within a single security domain. It is created by calling CICM::ChannelManager:: create_verify_hash_conduit. 17.9.1. CICM::Answer::VerifyHashConduit Inheritance CICM::Answer::VerifyHashConduit inherits from: CICM::Answer:: VerifyConduit. 18. Single-Domain Namespace CICM::Coprocessor module Coprocessor { The CICM::Coprocessor namespace contains interfaces that support encryption/decryption operations within a single security domain. 18.1. Interface CICM::Coprocessor::ChannelManager Interface CICM::Coprocessor::ChannelManager interface ChannelManager { CICM::Coprocessor::ChannelManager is an abstraction inherited by CICM::ChannelManager that supports the creation of conduits to encrypt and decrypt data within a single security domain. See CICM:: ChannelManager for additional information. Lanz & Novikov Expires January 26, 2012 [Page 121] Internet-Draft CICM Channel Management July 2011 18.1.1. CICM::Coprocessor::ChannelManager Methods Method CICM::Coprocessor::ChannelManager:: create_coprocessor_encrypt_conduit() CICM::Status create_coprocessor_encrypt_conduit( in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::Coprocessor::EncryptConduit conduit_ref ); Create conduit to encrypt a stream of data within a single security domain. Parameters: [in] key_ref Reference to encryption key. [in] algorithm Encryption algorithm/mode. [out] conduit_ref Reference to resulting conduit. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_INVALID, S_KEY_EXPIRED, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Method CICM::Coprocessor::ChannelManager:: create_coprocessor_encrypt_with_mac_conduit() CICM::Status create_coprocessor_encrypt_with_mac_conduit( in CICM::SymKey mac_key_ref, in CICM::SymKey encrypt_key_ref, in CICM::SymMacAlgorithmId mac_algorithm, in CICM::SymEncrAlgorithmId encrypt_algorithm, out CICM::Coprocessor::EncryptWithMACConduit conduit_ref ); Create conduit to MAC and encrypt a stream of data within a single security domain. Parameters: [in] mac_key_ref Reference to MAC key. Lanz & Novikov Expires January 26, 2012 [Page 122] Internet-Draft CICM Channel Management July 2011 [in] encrypt_key_ref Reference to encryption key. [in] mac_algorithm MAC algorithm. [in] encrypt_algorithm Encryption algorithm/mode. [out] conduit_ref Reference to resulting conduit. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_INVALID, S_KEY_EXPIRED, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Method CICM::Coprocessor::ChannelManager:: create_coprocessor_encrypt_with_sign_conduit() CICM::Status create_coprocessor_encrypt_with_sign_conduit( in CICM::AsymKey sign_key_ref, in CICM::SymKey encrypt_key_ref, in CICM::AsymSigAlgorithmId sign_algorithm, in CICM::SymEncrAlgorithmId encrypt_algorithm, out CICM::Coprocessor::EncryptWithSignConduit conduit_ref ); Create conduit to sign and encrypt a stream of data within a single security domain. Parameters: [in] sign_key_ref Reference to signature key. [in] encrypt_key_ref Reference to encryption key. [in] sign_algorithm Signature algorithm. [in] encrypt_algorithm Encryption algorithm/mode. [out] conduit_ref Reference to resulting conduit. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, Lanz & Novikov Expires January 26, 2012 [Page 123] Internet-Draft CICM Channel Management July 2011 S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_USED_COMPONENT_NOT_AVAIL, S_KEY_INVALID, S_KEY_EXPIRED, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Method CICM::Coprocessor::ChannelManager:: create_coprocessor_decrypt_conduit() CICM::Status create_coprocessor_decrypt_conduit( in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::Coprocessor::DecryptConduit conduit_ref ); Create conduit to decrypt a stream of data within a single security domain. Parameters: [in] key_ref Reference to decryption key. [in] algorithm Decryption algorithm/mode. [out] conduit_ref Reference to resulting conduit. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_INVALID, S_KEY_EXPIRED, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Method CICM::Coprocessor::ChannelManager:: create_coprocessor_decrypt_with_mac_conduit() CICM::Status create_coprocessor_decrypt_with_mac_conduit( in CICM::SymKey mac_key_ref, in CICM::SymKey decrypt_key_ref, in CICM::SymMacAlgorithmId mac_algorithm, in CICM::SymEncrAlgorithmId encrypt_algorithm, out CICM::Coprocessor::DecryptWithMACConduit conduit_ref ); Create conduit to MAC verify and decrypt a stream of data within a single security domain. Parameters: Lanz & Novikov Expires January 26, 2012 [Page 124] Internet-Draft CICM Channel Management July 2011 [in] mac_key_ref Reference to MAC key. [in] decrypt_key_ref Reference to decryption key. [in] mac_algorithm MAC algorithm. [in] encrypt_algorithm Encryption algorithm/mode. [out] conduit_ref Reference to resulting conduit. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_INVALID, S_KEY_EXPIRED, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX Method CICM::Coprocessor::ChannelManager:: create_coprocessor_decrypt_with_verify_conduit() CICM::Status create_coprocessor_decrypt_with_verify_conduit( in CICM::AsymKey verify_key_ref, in CICM::SymKey decrypt_key_ref, in CICM::AsymSigAlgorithmId verify_algorithm, in CICM::SymEncrAlgorithmId decrypt_algorithm, out CICM::Coprocessor::DecryptWithVerifyConduit conduit_ref ); Create conduit to verify and decrypt a stream of data within a single security domain. Parameters: [in] verify_key_ref Reference to verification key. [in] decrypt_key_ref Reference to decryption key. [in] verify_algorithm Verification algorithm. [in] decrypt_algorithm Decryption algorithm/mode. [out] conduit_ref Reference to resulting conduit. Returns: Lanz & Novikov Expires January 26, 2012 [Page 125] Internet-Draft CICM Channel Management July 2011 S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_USED_INVALID, S_KEY_USED_EXPIRED, S_KEY_USED_WRAPPED, S_KEY_USED_CONTEXT, S_KEY_USED_COMPONENT_NOT_AVAIL, S_KEY_INVALID, S_KEY_EXPIRED, S_ALGO_INVALID, S_ALGO_INCOMPATIBLE, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_MAX 18.2. Interface CICM::Coprocessor::Stream Interface CICM::Coprocessor::Stream interface Stream : CICM::Stream { CICM::Coprocessor::Stream is an abstraction inherited by all conduits in the CICM::Coprocessor namespace. 18.2.1. CICM::Coprocessor::Stream Inheritance CICM::Coprocessor::Stream inherits from: CICM::Stream. 18.2.2. CICM::Coprocessor::Stream Methods Method CICM::Coprocessor::Stream::get_final_buffer() CICM::Status get_final_buffer( out CICM::Buffer buffer ); Returns the final block of transformed data, if available. The method blocks until data becomes available. Remarks: In certain cases, it may be necessary to retrieve the last transformed block of data, if, for example, a partial block remains after the last full block was retrieved. This call MUST be called after all data is supplied to the module and MUST precede any end_get_* calls. Parameters: [out] buffer Buffer of data read from stream. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_KEY_INVALID, S_KEY_EXPIRED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT Lanz & Novikov Expires January 26, 2012 [Page 126] Internet-Draft CICM Channel Management July 2011 18.3. Interface CICM::Coprocessor::EncryptConduit Interface CICM::Coprocessor::EncryptConduit interface EncryptConduit : CICM::Conduit, CICM::SymKeyController, CICM::GenVectorController, CICM::ResyncController, CICM::Coprocessor::Stream { CICM::Coprocessor::EncryptConduit supports encryption operations within a single security domain. The resulting conduit is capable of managing the channel, accepting data for transformation, and receiving the result. It is created by calling CICM:: ChannelManager::create_coprocessor_encrypt_conduit. 18.3.1. CICM::Coprocessor::EncryptConduit Inheritance CICM::Coprocessor::EncryptConduit inherits from: CICM::Conduit, CICM::SymKeyController, CICM::GenVectorController, CICM:: ResyncController and CICM::Coprocessor::Stream. 18.3.2. CICM::Coprocessor::EncryptConduit Methods Method CICM::Coprocessor::EncryptConduit::encrypt() CICM::Status encrypt( in CICM::Buffer plaintext, out CICM::Buffer ciphertext ); Send plaintext to the module to be encrypted, receiving the ciphertext resulting from the transformation as the result. Parameters: [in] plaintext Plaintext to encrypt. [out] ciphertext Ciphertext resulting from encryption operation. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_IO_ERROR, S_CHANNEL_DATA_INVALID, S_CHANNEL_DATA_INVALID_LEN, S_CHANNEL_BUFFER_LEN Lanz & Novikov Expires January 26, 2012 [Page 127] Internet-Draft CICM Channel Management July 2011 18.4. Interface CICM::Coprocessor::EncryptWithMACConduit Interface CICM::Coprocessor::EncryptWithMACConduit interface EncryptWithMACConduit : CICM::AbstractMACConduit, CICM::Coprocessor::EncryptConduit { CICM::Coprocessor::EncryptWithMACConduit supports encryption with MAC operations within a single security domain. The resulting conduit is capable of managing the channel, accepting data for transformation, and receiving the result (both ciphertext and a MAC value). It is created by calling CICM::ChannelManager:: create_coprocessor_encrypt_with_mac_conduit. 18.4.1. CICM::Coprocessor::EncryptWithMACConduit Inheritance CICM::Coprocessor::EncryptWithMACConduit inherits from: CICM:: AbstractMACConduit and CICM::Coprocessor::EncryptConduit. 18.5. Interface CICM::Coprocessor::EncryptWithSignConduit Interface CICM::Coprocessor::EncryptWithSignConduit interface EncryptWithSignConduit : CICM::AbstractSignConduit, CICM::Coprocessor::EncryptConduit { CICM::Coprocessor::EncryptWithSignConduit supports encryption with signature operations within a single security domain. The resulting conduit is capable of managing the channel, accepting data for transformation, and receiving the result (both ciphertext and a signature). It is created by calling CICM::ChannelManager:: create_coprocessor_encrypt_with_sign_conduit. 18.5.1. CICM::Coprocessor::EncryptWithSignConduit Inheritance CICM::Coprocessor::EncryptWithSignConduit inherits from: CICM:: AbstractSignConduit and CICM::Coprocessor::EncryptConduit. Lanz & Novikov Expires January 26, 2012 [Page 128] Internet-Draft CICM Channel Management July 2011 18.6. Interface CICM::Coprocessor::DecryptConduit Interface CICM::Coprocessor::DecryptConduit interface DecryptConduit : CICM::Conduit, CICM::SymKeyController, CICM::SetVectorController, CICM::ResyncController, CICM::Coprocessor::Stream { CICM::Coprocessor::DecryptConduit supports decryption operations within a single security domain. The resulting conduit is capable of managing the channel, accepting data for transformation, and receiving the result. It is created by calling CICM:: ChannelManager::create_coprocessor_decrypt_conduit. 18.6.1. CICM::Coprocessor::DecryptConduit Inheritance CICM::Coprocessor::DecryptConduit inherits from: CICM::Conduit, CICM::SymKeyController, CICM::SetVectorController, CICM:: ResyncController and CICM::Coprocessor::Stream. 18.6.2. CICM::Coprocessor::DecryptConduit Methods Method CICM::Coprocessor::DecryptConduit::decrypt() CICM::Status decrypt( in CICM::Buffer ciphertext, out CICM::Buffer plaintext ); Send ciphertext to the module to be decrypted, receiving the plaintext resulting from the transformation as the result. Parameters: [in] ciphertext Ciphertext to decrypt. [out] plaintext Plaintext resulting from decryption operation. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_ERROR, S_CHANNEL_IO_ERROR, S_CHANNEL_DATA_INVALID, S_CHANNEL_DATA_INVALID_LEN, S_CHANNEL_BUFFER_LEN Lanz & Novikov Expires January 26, 2012 [Page 129] Internet-Draft CICM Channel Management July 2011 18.7. Interface CICM::Coprocessor::DecryptWithMACConduit Interface CICM::Coprocessor::DecryptWithMACConduit interface DecryptWithMACConduit : CICM::AbstractMACVerifyConduit, CICM::Coprocessor::DecryptConduit { CICM::Coprocessor::DecryptWithMACConduit supports encryption with MAC verification operations within a single security domain. The resulting conduit is capable of managing the channel, accepting data for transformation, and receiving the result (both plaintext and an indication as to whether verification succeeded or failed). It is created by calling CICM::ChannelManager:: create_coprocessor_decrypt_with_mac_conduit. 18.7.1. CICM::Coprocessor::DecryptWithMACConduit Inheritance CICM::Coprocessor::DecryptWithMACConduit inherits from: CICM:: AbstractMACVerifyConduit and CICM::Coprocessor::DecryptConduit. 18.8. Interface CICM::Coprocessor::DecryptWithVerifyConduit Interface CICM::Coprocessor::DecryptWithVerifyConduit interface DecryptWithVerifyConduit : CICM::AbstractSigVerifyConduit, CICM::Coprocessor::DecryptConduit { CICM::Coprocessor::DecryptWithVerifyConduit supports encryption with signature verification operations within a single security domain. The resulting conduit is capable of managing the channel, accepting data for transformation, and receiving the result (both plaintext and an indication as to whether verification succeeded or failed). It is created by calling CICM::ChannelManager:: create_coprocessor_decrypt_with_verify_conduit. 18.8.1. CICM::Coprocessor::DecryptWithVerifyConduit Inheritance CICM::Coprocessor::DecryptWithVerifyConduit inherits from: CICM:: AbstractSigVerifyConduit and CICM::Coprocessor::DecryptConduit. 19. Channel Events Lanz & Novikov Expires January 26, 2012 [Page 130] Internet-Draft CICM Channel Management July 2011 19.1. Interface CICM::ChannelEventManager Interface CICM::ChannelEventManager interface ChannelEventManager { CICM::ChannelEventManager supports registering and unregistering user-defined channel event listeners (CICM::ChannelEventListener) for specific channel events. It is accessed from any channel via its CICM::Channel::event_manager attribute. Remarks: In certain cases it may be necessary for a channel to asynchronously notify a client program of an event. Client programs can register to receive channel notifications using CICM::ChannelEventManager. This manager enables a client program to register a listener (callback) method designed to handle a specific condition. The event method prototype provided by the client program is defined in CICM::ChannelEventListener. CICM:: ChannelEventListener also defines the conditions that may result in a notification, including: channel failure or channel destruction. 19.1.1. CICM::ChannelEventManager Methods Method CICM::ChannelEventManager::register() CICM::Status register( in CICM::ChannelEventListener::ChannelEvent event, in CICM::ChannelEventListener listener ); Registers the listener for a specific channel event. Remarks: The provided listener applies only to the client program from which the registration is initiated. Parameters: [in] event Event for which this listener is being registered. [in] listener Listener that will receive a notification about the specified event. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, Lanz & Novikov Expires January 26, 2012 [Page 131] Internet-Draft CICM Channel Management July 2011 S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_EVENT_REGISTERED, S_EVENT_NOT_SUPPORTED Method CICM::ChannelEventManager::unregister() CICM::Status unregister( in CICM::ChannelEventListener::ChannelEvent event ); Unregisters the listener associated with the specified event. Remarks: The listener associated with the specified event is only unregistered from the client program from which this method is called. Parameters: [in] event Event that will no longer have a listener associated with it. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, S_TOKEN_ADMIN_NOT_PRESENT, S_EVENT_NOT_REGISTERED 19.2. Interface CICM::ChannelEventListener Interface CICM::ChannelEventListener interface ChannelEventListener { CICM::ChannelEventListener is unlike other CICM interfaces in that the interface is implemented by the developer of the client program to service a specific channel event and is then registered via the CICM::ChannelEventManager. 19.2.1. CICM::ChannelEventListener Types and Constants Type CICM::ChannelEventListener::ChannelEvent typedef CICM::UInt32 ChannelEvent; Events for which a ChannelEventListener can be notified. Lanz & Novikov Expires January 26, 2012 [Page 132] Internet-Draft CICM Channel Management July 2011 Constant CICM::ChannelEventListener::C_CHANNEL_DATA_AVAILABLE const CICM::ChannelEventListener::ChannelEvent C_CHANNEL_DATA_AVAILABLE = 0x00004001; Data from remote peer is available. Constant CICM::ChannelEventListener::C_CHANNEL_ERROR const CICM::ChannelEventListener::ChannelEvent C_CHANNEL_ERROR = 0x00004002; General error has occurred on the channel. Constant CICM::ChannelEventListener::C_CHANNEL_INSUFFICIENT_ENTROPY const CICM::ChannelEventListener::ChannelEvent C_CHANNEL_INSUFFICIENT_ENTROPY = 0x00004004; Insufficient entropy available on the channel. Constant CICM::ChannelEventListener::C_CHANNEL_LOST_SYNC const CICM::ChannelEventListener::ChannelEvent C_CHANNEL_LOST_SYNC = 0x00004007; Cryptographic synchronization with remote peer has been lost; this may not be detectable by the cryptographic module. Constant CICM::ChannelEventListener::C_CHANNEL_PEER_RESET const CICM::ChannelEventListener::ChannelEvent C_CHANNEL_PEER_RESET = 0x00004008; Remote peer is no longer available; this may not be detectable by the cryptographic module. 19.2.2. CICM::ChannelEventListener Methods Method CICM::ChannelEventListener::event_occurred() void event_occurred( in CICM::ChannelEventListener::ChannelEvent event, in CICM::Buffer event_data ); Method implemented by client program that receives a message about a channel event that occurred. An opaque data field with additional information about the event in a module-specific format may optionally be provided with the event itself. Remarks: The format of the event data value is not defined by CICM. The Implementation Conformance Statement (see Conformance and Extensions in [CICM]) MUST reference a standard format or define a module-specific format for this datatype. Note: Lanz & Novikov Expires January 26, 2012 [Page 133] Internet-Draft CICM Channel Management July 2011 Because this method is called by the runtime system and not a client program, it does not return a status value. Parameters: [in] event Event that occurred. [in] event_data Opaque data associated with the event. 20. Channel Groups 20.1. Interface CICM::ControllerGroup Interface CICM::ControllerGroup interface ControllerGroup { Group of controllers and/or conduits. Remarks: All of the controllers in a controller group share certain characteristics, such as a state vector. Whenever a shared characteristic is changed on a member of the group, the change is applied to all members of the group. Thus, if a client program has grouped controllers/conduits to follow advancing TOD rules, for example, when one controller/conduit performs an operation at time X as expressed in the TOD value, all other grouped controllers/conduits are prohibited from using a TOD value earlier than time X. 20.1.1. CICM::ControllerGroup Methods Method CICM::ControllerGroup::add() CICM::Status add( in CICM::Controller controller_ref ); Add a controller or conduit to this controller group. Parameters: [in] controller_ref Controller to add to the group. Returns: S_OK, S_GENERAL_ERROR, S_NON_FUNCTIONAL, S_OPERATION_FAILED, S_POLICY_VIOLATION, S_MODULE_RESOURCES, S_HOST_RESOURCES, S_INVALID_STATE, S_ALARM_STATE, S_MODULE_NOT_AVAILABLE, S_TIMEOUT, S_NOT_AUTHENTICATED, S_NOT_AUTHORIZED, S_TOKEN_NOT_PRESENT, Lanz & Novikov Expires January 26, 2012 [Page 134] Internet-Draft CICM Channel Management July 2011 S_TOKEN_ADMIN_NOT_PRESENT, S_CHANNEL_IN_GROUP, S_CHANNEL_CLASSIFICATION 21. IANA Considerations [RFC Editor: Please remove this section prior to publication.] This document has no IANA actions. 22. Security Considerations 22.1. Confidentiality This document defines several channels that provide confidentiality services such encryption and decryption as defined in the CICM:: Encrypt, CICM::Decrypt, CICM::Duplex, CICM::EncryptBypass, CICM:: DecryptBypass, and CICM::Coprocessor namespaces. Note, however, that the CICM::EncryptBypass and CICM::DecryptBypass namespaces are capable of sending unencrypted data (see Bypass below). 22.2. Bypass This document defines four namespaces related to sending and receiving bypass data. CICM::BypassWrite and CICM::BypassRead are for full bypass while CICM::EncryptBypass and CICM::DecryptBypass are for selective bypass. Unintentional sending of bypass data is typically considered a comprimise in the confidentiality of a system, and therefore implementors are urged to consider their security policies carefully. To mitigate against accidental programming errors related to bypass, this document ensures that: 1. All bypass functionality is contained four clearly labeled distinct namespaces. 2. Each method that touches bypass data contains bypass as part of its name (e.g., CICM::BypassWrite::Stream::write_bypass()). 22.3. Data Integrity This document defines several data integrity services either as stand-alone or hybrid channels. The CICM::Answer namespace contains channels for hashing, signing, and verifying signed data. Similarly, CICM::Encrypt, CICM::Decrypt, CICM::Coprocessor have channels that, Lanz & Novikov Expires January 26, 2012 [Page 135] Internet-Draft CICM Channel Management July 2011 in addition to encrypting or decrypting, sign or verify the transmitted data. 22.4. Peer Entity Authentication This document defines a CICM::Negotiator which defines the basic peer-entity authentication mechanism. Channels defined in the CICM:: Encrypt, CICM::Decrypt, CICM::Duplex, CICM::EncryptBypass, and CICM:: DecryptBypass namespaces define negotiated versions of most of the channels. See Channel Negotiation (Section 8) for more information. 23. References 23.1. Normative References [CICM] Lanz, D. and L. Novikov, "Common Interface to Cryptographic Modules (CICM) [RFC Editor: Please update the RFC reference and date prior to publication.]", January 2011. [CICM-KM] Lanz, D. and L. Novikov, "Common Interface to Cryptographic Modules (CICM) Key Management [RFC Editor: Please update the RFC reference and date prior to publication.]", January 2011. [IDL] International Standards Organization, "Information technology -- Open Distributed Processing -- Interface Definition Language", ISO/IEC 14750:1999(E), March 1999. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. 23.2. Informative References [CICM-LM] Lanz, D. and L. Novikov, "Common Interface to Cryptographic Modules (CICM) Logical Model [RFC Editor: Please update the RFC reference and date prior to publication.]", January 2011. [CORBA] Object Management Group, "Common Object Request Broker Architecture (CORBA) Specification, Version 3.1", January 2008. [RFC3552] Rescorla, E. and B. Korver, "Guidelines for Writing RFC Text on Security Considerations", BCP 72, RFC 3552, July 2003. Lanz & Novikov Expires January 26, 2012 [Page 136] Internet-Draft CICM Channel Management July 2011 Appendix A. IDL Definitions module CICM { typedef CICM::Buffer MACBuffer; typedef CICM::Buffer SigBuffer; typedef CICM::Buffer HashBuffer; typedef CICM::Buffer Vector; typedef CICM::UInt32 TransId; typedef CICM::CharString HashAlgorithmId; typedef CICM::CharString AsymEncrAlgorithmId; const CICM::AsymEncrAlgorithmId IMPLICIT_ASYM_ENCR_ALGO = "IMPLICIT"; typedef CICM::CharString AsymSigAlgorithmId; const CICM::AsymSigAlgorithmId IMPLICIT_ASYM_SIG_ALGO = "IMPLICIT"; typedef CICM::CharString SymEncrAlgorithmId; const CICM::SymEncrAlgorithmId IMPLICIT_SYM_ENCR_ALGO = "IMPLICIT"; typedef CICM::CharString SymMacAlgorithmId; const CICM::SymMacAlgorithmId IMPLICIT_SYM_MAC_ALGO = "IMPLICIT"; typedef CICM::CharString KeyWrapAlgorithmId; const CICM::KeyWrapAlgorithmId IMPLICIT_KEY_WRAP_ALGO = "IMPLICIT"; typedef CICM::CharString ProtocolId; const CICM::ProtocolId IMPLICIT_PROTOCOL_ID = "IMPLICIT"; interface PeerInfo { readonly attribute CICM::CharString peer_name; readonly attribute CICM::Classification classification; readonly attribute CICM::CharString compartment; readonly attribute CICM::CharString message; }; interface Negotiator { CICM::Status get_remote_info( out CICM::PeerInfo peer_info ); CICM::Status abort_negotiation(); }; interface ChannelEventListener { typedef CICM::UInt32 ChannelEvent; const CICM::ChannelEventListener::ChannelEvent C_CHANNEL_DATA_AVAILABLE = 0x00004001; Lanz & Novikov Expires January 26, 2012 [Page 137] Internet-Draft CICM Channel Management July 2011 const CICM::ChannelEventListener::ChannelEvent C_CHANNEL_ERROR = 0x00004002; const CICM::ChannelEventListener::ChannelEvent C_CHANNEL_INSUFFICIENT_ENTROPY = 0x00004004; const CICM::ChannelEventListener::ChannelEvent C_CHANNEL_LOST_SYNC = 0x00004007; const CICM::ChannelEventListener::ChannelEvent C_CHANNEL_PEER_RESET = 0x00004008; void event_occurred( in CICM::ChannelEventListener::ChannelEvent event, in CICM::Buffer event_data ); }; interface ChannelEventManager { CICM::Status register( in CICM::ChannelEventListener::ChannelEvent event, in CICM::ChannelEventListener listener ); CICM::Status unregister( in CICM::ChannelEventListener::ChannelEvent event ); }; interface Channel { readonly attribute CICM::ChannelEventManager event_manager; }; interface Stream : CICM::Channel {}; interface WriteStream : CICM::Stream { typedef CICM::UInt32 WriteStatus; const CICM::WriteStream::WriteStatus C_WRITE_NOT_READY = 0x00006067; const CICM::WriteStream::WriteStatus C_WRITE_READY = 0x00006068; }; interface ReadStream : CICM::Stream { typedef CICM::UInt32 ReadStatus; const CICM::ReadStream::ReadStatus C_READ_NOT_READY = 0x0000605E; const CICM::ReadStream::ReadStatus C_READ_READY = 0x00006061; }; interface Controller : CICM::Channel { CICM::Status destroy(); }; Lanz & Novikov Expires January 26, 2012 [Page 138] Internet-Draft CICM Channel Management July 2011 interface MultiDomainController : CICM::Controller { readonly attribute CICM::LocalPort local_port; readonly attribute CICM::RemotePort remote_port; }; interface SymKeyController : CICM::Controller { readonly attribute CICM::SymKey key; CICM::Status update_key(); CICM::Status update_key_with_algo( in CICM::SymEncrAlgorithmId algorithm ); CICM::Status rollover_key(); CICM::Status rollover_key_with_key( in CICM::SymKey next_key ); }; interface AsymKeyController : CICM::Controller { readonly attribute CICM::AsymKey key; }; interface NegotiatedController : CICM::MultiDomainController, CICM::AsymKeyController, CICM::Negotiator { readonly attribute CICM::Classification negotiated_grade; CICM::Status renegotiate(); CICM::Status initiate_grade_change( in CICM::Classification new_grade ); CICM::Status acknowledge_grade_change(); }; interface SetVectorController : CICM::Controller { readonly attribute CICM::Vector vec; CICM::Status set_vector( in CICM::Vector vec ); CICM::Status set_vector_no_check( in CICM::Vector vec ); CICM::Status reset_vector(); Lanz & Novikov Expires January 26, 2012 [Page 139] Internet-Draft CICM Channel Management July 2011 }; interface GenVectorController : CICM::SetVectorController { CICM::Status generate_vector(); CICM::Status generate_vector_existing_state(); }; interface ResyncController : CICM::Controller { CICM::Status resync(); CICM::Status resync_with_sync_vector( in CICM::Vector vec ); }; interface ControllerGroup { CICM::Status add( in CICM::Controller controller_ref ); }; interface Conduit : CICM::Controller, CICM::Stream { }; interface AbstractMACConduit : CICM::Conduit { readonly attribute CICM::SymKey mac_key; readonly attribute CICM::SymMacAlgorithmId mac_algorithm; CICM::Status end_get_mac( out CICM::MACBuffer mac ); }; interface AbstractSignConduit : CICM::Conduit { readonly attribute CICM::AsymKey sign_key; readonly attribute CICM::AsymSigAlgorithmId sign_algorithm; CICM::Status end_get_signature( out CICM::SigBuffer signature ); }; interface AbstractVerifyConduit : CICM::Conduit { typedef CICM::UInt32 VerifyStatus; const CICM::AbstractVerifyConduit::VerifyStatus C_DATA_VERIFIED = 0x00006025; const CICM::AbstractVerifyConduit::VerifyStatus C_DATA_NOT_VERIFIED = 0x00006026; }; Lanz & Novikov Expires January 26, 2012 [Page 140] Internet-Draft CICM Channel Management July 2011 interface AbstractMACVerifyConduit : CICM::AbstractVerifyConduit { readonly attribute CICM::SymKey verify_key; readonly attribute CICM::SymMacAlgorithmId verify_algorithm; CICM::Status end_get_verified( in CICM::MACBuffer mac, out CICM::AbstractVerifyConduit::VerifyStatus status ); }; interface AbstractSigVerifyConduit : CICM::AbstractVerifyConduit { readonly attribute CICM::AsymKey verify_key; readonly attribute CICM::AsymSigAlgorithmId verify_algorithm; CICM::Status end_get_verified( in CICM::SigBuffer signature, out CICM::AbstractVerifyConduit::VerifyStatus status ); }; module Encrypt { interface Stream : CICM::WriteStream { CICM::Status encrypt( in CICM::Buffer buffer ); CICM::Status encrypt_non_blocking( in CICM::Buffer buffer, in CICM::TransId transaction_id ); CICM::Status encrypt_poll( in CICM::TransId transaction_id, out CICM::WriteStream::WriteStatus status ); }; interface KeyWrapStream : CICM::Stream { CICM::Status wrap_key( in CICM::Key key_ref ); }; interface Controller : CICM::MultiDomainController, CICM::SymKeyController, CICM::GenVectorController, CICM::ResyncController {}; interface NegotiatedController : CICM::NegotiatedController, CICM::GenVectorController, CICM::ResyncController {}; Lanz & Novikov Expires January 26, 2012 [Page 141] Internet-Draft CICM Channel Management July 2011 interface Conduit : CICM::Conduit, CICM::Encrypt::Controller, CICM::Encrypt::Stream {}; interface NegotiatedConduit : CICM::Conduit, CICM::Encrypt::NegotiatedController, CICM::Encrypt::Stream {}; interface WithMACConduit : CICM::AbstractMACConduit, CICM::Encrypt::Conduit {}; interface WithMACNegotiatedConduit : CICM::AbstractMACConduit, CICM::Encrypt::NegotiatedConduit {}; interface WithSignConduit : CICM::AbstractSignConduit, CICM::Encrypt::Conduit {}; interface WithSignNegotiatedConduit : CICM::AbstractSignConduit, CICM::Encrypt::NegotiatedConduit {}; interface KeyWrapConduit : CICM::Encrypt::Controller, CICM::Encrypt::KeyWrapStream {}; interface ControllerNegotiator : CICM::Negotiator { CICM::Status complete( out CICM::Encrypt::NegotiatedController controller_ref ); }; interface Negotiator : CICM::Negotiator { CICM::Status complete( out CICM::Encrypt::NegotiatedConduit conduit_ref ); }; interface WithMACNegotiator : CICM::Negotiator { CICM::Status complete( out CICM::Encrypt::WithMACNegotiatedConduit conduit_ref ); }; interface WithSignNegotiator : CICM::Negotiator { CICM::Status complete( out CICM::Encrypt::WithSignNegotiatedConduit conduit_ref ); Lanz & Novikov Expires January 26, 2012 [Page 142] Internet-Draft CICM Channel Management July 2011 }; interface ChannelManager { CICM::Status negotiate_encrypt_conduit( in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey key_ref, out CICM::Encrypt::Negotiator negotiator_ref ); CICM::Status negotiate_encrypt_with_mac_conduit( in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::SymKey mac_key_ref, in CICM::AsymKey nego_key_ref, in CICM::SymMacAlgorithmId mac_algorithm, out CICM::Encrypt::WithMACNegotiator negotiator_ref ); CICM::Status negotiate_encrypt_with_sign_conduit( in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey sign_key_ref, in CICM::AsymKey nego_key_ref, in CICM::AsymSigAlgorithmId sign_algorithm, out CICM::Encrypt::WithSignNegotiator negotiator_ref ); CICM::Status negotiate_encrypt_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey key_ref, out CICM::Encrypt::ControllerNegotiator negotiator_ref ); CICM::Status create_encrypt_conduit( in CICM::RemotePort remote_port, in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::Encrypt::Conduit conduit_ref ); CICM::Status create_encrypt_with_mac_conduit( in CICM::RemotePort remote_port, in CICM::SymKey mac_key_ref, in CICM::SymKey encrypt_key_ref, in CICM::SymMacAlgorithmId mac_algorithm, in CICM::SymEncrAlgorithmId encr_algorithm, out CICM::Encrypt::WithMACConduit conduit_ref ); CICM::Status create_encrypt_with_sign_conduit( in CICM::RemotePort remote_port, Lanz & Novikov Expires January 26, 2012 [Page 143] Internet-Draft CICM Channel Management July 2011 in CICM::AsymKey sign_key_ref, in CICM::SymKey encrypt_key_ref, in CICM::AsymSigAlgorithmId sign_algorithm, in CICM::SymEncrAlgorithmId encr_algorithm, out CICM::Encrypt::WithSignConduit conduit_ref ); CICM::Status create_key_wrap_conduit( in CICM::RemotePort remote_port, in CICM::SymKey kek_ref, in CICM::KeyWrapAlgorithmId algorithm, out CICM::Encrypt::KeyWrapConduit conduit_ref ); CICM::Status create_encrypt_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::Encrypt::Controller controller_ref ); CICM::Status get_encrypt_stream( in CICM::LocalPort local_port, out CICM::Encrypt::Stream stream_ref ); }; }; module Decrypt { interface Stream : CICM::ReadStream { CICM::Status decrypt( out CICM::Buffer buffer ); CICM::Status decrypt_non_blocking( out CICM::Buffer buffer, in CICM::TransId transaction_id ); CICM::Status decrypt_poll( in CICM::TransId transaction_id, out CICM::ReadStream::ReadStatus status ); }; interface KeyUnwrapStream : CICM::Stream { CICM::Status unwrap_sym_key( out CICM::SymKey key_ref ); CICM::Status unwrap_asym_key( out CICM::AsymKey key_ref ); }; interface Controller : CICM::MultiDomainController, Lanz & Novikov Expires January 26, 2012 [Page 144] Internet-Draft CICM Channel Management July 2011 CICM::SymKeyController, CICM::SetVectorController, CICM::ResyncController {}; interface NegotiatedController : CICM::NegotiatedController, CICM::SetVectorController, CICM::ResyncController {}; interface Conduit : CICM::Conduit, CICM::Decrypt::Controller, CICM::Decrypt::Stream {}; interface NegotiatedConduit : CICM::Conduit, CICM::Decrypt::NegotiatedController, CICM::Decrypt::Stream {}; interface WithMACConduit : CICM::AbstractMACVerifyConduit, CICM::Decrypt::Conduit {}; interface WithMACNegotiatedConduit : CICM::AbstractMACVerifyConduit, CICM::Decrypt::NegotiatedConduit {}; interface WithVerifyConduit : CICM::AbstractSigVerifyConduit, CICM::Decrypt::Conduit {}; interface WithVerifyNegotiatedConduit : CICM::AbstractSigVerifyConduit, CICM::Decrypt::NegotiatedConduit {}; interface KeyUnwrapConduit : CICM::Decrypt::Controller, CICM::Decrypt::KeyUnwrapStream {}; interface Negotiator : CICM::Negotiator { CICM::Status complete( out CICM::Decrypt::NegotiatedConduit conduit_ref ); }; interface ControllerNegotiator : CICM::Negotiator { CICM::Status complete( out CICM::Decrypt::NegotiatedController controller_ref ); }; Lanz & Novikov Expires January 26, 2012 [Page 145] Internet-Draft CICM Channel Management July 2011 interface WithMACNegotiator : CICM::Negotiator { CICM::Status complete( out CICM::Decrypt::WithMACNegotiatedConduit conduit_ref ); }; interface WithVerifyNegotiator : CICM::Negotiator { CICM::Status complete( out CICM::Decrypt::WithVerifyNegotiatedConduit conduit_ref ); }; interface ChannelManager { CICM::Status negotiate_decrypt_conduit( in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey key_ref, out CICM::Decrypt::Negotiator negotiator_ref ); CICM::Status negotiate_decrypt_with_mac_conduit( in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::SymKey verify_key_ref, in CICM::AsymKey nego_key_ref, in CICM::SymMacAlgorithmId verify_algorithm, out CICM::Decrypt::WithMACNegotiator negotiator_ref ); CICM::Status negotiate_decrypt_with_verify_conduit( in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey verify_key_ref, in CICM::AsymKey nego_key_ref, in CICM::AsymSigAlgorithmId verify_algorithm, out CICM::Decrypt::WithVerifyNegotiator negotiator_ref ); CICM::Status negotiate_decrypt_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey key_ref, out CICM::Decrypt::ControllerNegotiator negotiator_ref ); CICM::Status create_decrypt_conduit( in CICM::RemotePort remote_port, in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::Decrypt::Conduit conduit_ref ); CICM::Status create_decrypt_with_mac_conduit( in CICM::RemotePort remote_port, Lanz & Novikov Expires January 26, 2012 [Page 146] Internet-Draft CICM Channel Management July 2011 in CICM::SymKey verify_key_ref, in CICM::SymKey decrypt_key_ref, in CICM::SymMacAlgorithmId verify_algorithm, in CICM::SymEncrAlgorithmId decrypt_algorithm, out CICM::Decrypt::WithMACConduit conduit_ref ); CICM::Status create_decrypt_with_verify_conduit( in CICM::RemotePort remote_port, in CICM::AsymKey verify_key_ref, in CICM::SymKey decrypt_key_ref, in CICM::AsymSigAlgorithmId verify_algorithm, in CICM::SymEncrAlgorithmId decrypt_algorithm, out CICM::Decrypt::WithVerifyConduit conduit_ref ); CICM::Status create_key_unwrap_conduit( in CICM::RemotePort remote_port, in CICM::SymKey kek_ref, in CICM::KeyWrapAlgorithmId algorithm, out CICM::Decrypt::KeyUnwrapConduit conduit_ref ); CICM::Status create_decrypt_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::Decrypt::Controller controller_ref ); CICM::Status get_decrypt_stream( in CICM::LocalPort local_port, out CICM::Decrypt::Stream stream_ref ); }; }; module Duplex { interface Stream : CICM::Encrypt::Stream, CICM::Decrypt::Stream {}; interface Controller : CICM::Encrypt::Controller, CICM::Decrypt::Controller {}; interface NegotiatedController : CICM::Encrypt::NegotiatedController, CICM::Decrypt::NegotiatedController {}; interface Conduit : CICM::Conduit, Lanz & Novikov Expires January 26, 2012 [Page 147] Internet-Draft CICM Channel Management July 2011 CICM::Duplex::Controller, CICM::Duplex::Stream {}; interface NegotiatedConduit : CICM::Duplex::NegotiatedController, CICM::Duplex::Stream {}; interface ControllerNegotiator : CICM::Negotiator { CICM::Status complete( out CICM::Duplex::NegotiatedController controller_ref ); }; interface Negotiator : CICM::Negotiator { CICM::Status complete( out CICM::Duplex::NegotiatedConduit conduit_ref ); }; interface ChannelManager { CICM::Status negotiate_duplex_conduit( in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey key_ref, out CICM::Duplex::Negotiator negotiator_ref ); CICM::Status negotiate_duplex_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey key_ref, out CICM::Duplex::ControllerNegotiator negotiator_ref ); CICM::Status create_duplex_conduit( in CICM::RemotePort remote_port, in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::Duplex::Conduit conduit_ref ); CICM::Status create_duplex_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::Duplex::Controller controller_ref ); CICM::Status get_duplex_stream( in CICM::LocalPort local_port, out CICM::Duplex::Stream stream_ref ); }; Lanz & Novikov Expires January 26, 2012 [Page 148] Internet-Draft CICM Channel Management July 2011 }; module BypassWrite { interface Stream : CICM::WriteStream { CICM::Status write_bypass( in CICM::Buffer buffer ); CICM::Status write_bypass_non_blocking( in CICM::Buffer buffer, in CICM::TransId transaction_id ); CICM::Status write_bypass_poll( in CICM::TransId transaction_id, out CICM::WriteStream::WriteStatus status ); }; interface Controller : CICM::MultiDomainController {}; interface Conduit : CICM::Conduit, CICM::BypassWrite::Controller, CICM::BypassWrite::Stream {}; interface ChannelManager { CICM::Status create_bypass_write_conduit( in CICM::RemotePort remote_port, out CICM::BypassWrite::Conduit conduit_ref ); CICM::Status create_bypass_write_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, out CICM::BypassWrite::Controller controller_ref ); CICM::Status get_bypass_write_stream( in CICM::LocalPort local_port, out CICM::BypassWrite::Stream stream_ref ); }; }; module BypassRead { interface Stream : CICM::ReadStream { CICM::Status read_bypass( out CICM::Buffer buffer ); CICM::Status read_bypass_non_blocking( out CICM::Buffer buffer, in CICM::TransId transaction_id ); Lanz & Novikov Expires January 26, 2012 [Page 149] Internet-Draft CICM Channel Management July 2011 CICM::Status read_bypass_poll( in CICM::TransId transaction_id, out CICM::ReadStream::ReadStatus status ); }; interface Controller : CICM::MultiDomainController {}; interface Conduit : CICM::Conduit, CICM::BypassRead::Controller, CICM::BypassRead::Stream {}; interface ChannelManager { CICM::Status create_bypass_read_conduit( in CICM::RemotePort remote_port, out CICM::BypassRead::Conduit conduit_ref ); CICM::Status create_bypass_read_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, out CICM::BypassRead::Controller controller_ref ); CICM::Status get_bypass_read_stream( in CICM::LocalPort local_port, out CICM::BypassRead::Stream stream_ref ); }; }; module EncryptBypass { interface Stream : CICM::Encrypt::Stream, CICM::BypassWrite::Stream { }; interface NegotiatedController : CICM::Encrypt::NegotiatedController {}; interface Controller : CICM::Encrypt::Controller {}; interface Conduit : CICM::Encrypt::Conduit, CICM::EncryptBypass::Stream {}; interface NegotiatedConduit : CICM::Encrypt::NegotiatedController, CICM::EncryptBypass::Stream {}; interface ControllerNegotiator : CICM::Negotiator { Lanz & Novikov Expires January 26, 2012 [Page 150] Internet-Draft CICM Channel Management July 2011 CICM::Status complete( out CICM::EncryptBypass::NegotiatedController controller_ref ); }; interface Negotiator : CICM::Negotiator { CICM::Status complete( out CICM::EncryptBypass::NegotiatedConduit conduit_ref ); }; interface ChannelManager { CICM::Status negotiate_encrypt_bypass_conduit( in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey key_ref, out CICM::EncryptBypass::Negotiator negotiator_ref ); CICM::Status negotiate_encrypt_bypass_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey key_ref, out CICM::EncryptBypass::ControllerNegotiator negotiator_ref ); CICM::Status create_encrypt_bypass_conduit( in CICM::RemotePort remote_port, in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::EncryptBypass::Conduit conduit_ref ); CICM::Status create_encrypt_bypass_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::EncryptBypass::Controller controller_ref ); CICM::Status get_encrypt_bypass_stream( in CICM::LocalPort local_port, out CICM::EncryptBypass::Stream stream_ref ); }; }; module DecryptBypass { interface Stream : CICM::Decrypt::Stream {}; interface NegotiatedController : CICM::Decrypt::NegotiatedController {}; Lanz & Novikov Expires January 26, 2012 [Page 151] Internet-Draft CICM Channel Management July 2011 interface Controller : CICM::Encrypt::Controller {}; interface Conduit : CICM::Decrypt::Conduit, CICM::DecryptBypass::Controller, CICM::DecryptBypass::Stream {}; interface NegotiatedConduit : CICM::Decrypt::NegotiatedConduit, CICM::DecryptBypass::NegotiatedController, CICM::DecryptBypass::Stream {}; interface ControllerNegotiator : CICM::Negotiator { CICM::Status complete( out CICM::DecryptBypass::NegotiatedController controller_ref ); }; interface Negotiator : CICM::Negotiator { CICM::Status complete( out CICM::DecryptBypass::NegotiatedConduit conduit_ref ); }; interface ChannelManager { CICM::Status negotiate_decrypt_bypass_conduit( in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey key_ref, out CICM::DecryptBypass::Negotiator negotiator_ref ); CICM::Status negotiate_decrypt_bypass_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, in CICM::ProtocolId protocol, in CICM::AsymKey key_ref, out CICM::DecryptBypass::ControllerNegotiator negotiator_ref ); CICM::Status create_decrypt_bypass_conduit( in CICM::RemotePort remote_port, in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::DecryptBypass::Conduit conduit_ref ); CICM::Status create_decrypt_bypass_controller( in CICM::LocalPort local_port, in CICM::RemotePort remote_port, in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::DecryptBypass::Controller controller_ref ); Lanz & Novikov Expires January 26, 2012 [Page 152] Internet-Draft CICM Channel Management July 2011 CICM::Status get_decrypt_bypass_stream( in CICM::LocalPort local_port, out CICM::DecryptBypass::Stream stream_ref ); }; }; module Emit { interface GetStream : CICM::ReadStream { CICM::Status get( in CICM::UInt32 length, out CICM::Buffer buffer ); CICM::Status get_non_blocking( in CICM::UInt32 length, out CICM::Buffer buffer, in CICM::TransId transaction_id ); CICM::Status get_poll( in CICM::TransId transaction_id, out CICM::ReadStream::ReadStatus status ); }; interface Controller : CICM::Controller { readonly attribute CICM::RemotePort remote_port; }; interface KeyStreamGenController : CICM::SymKeyController, CICM::GenVectorController, CICM::Emit::Controller {}; interface PseudoRandomController : CICM::SymKeyController, CICM::Emit::Controller {}; interface RandomController : CICM::Emit::Controller {}; interface KeyStreamGenConduit : CICM::Conduit, CICM::SymKeyController, CICM::GenVectorController, CICM::Emit::GetStream {}; interface PseudoRandomConduit : CICM::Conduit, CICM::SymKeyController, CICM::Emit::GetStream {}; Lanz & Novikov Expires January 26, 2012 [Page 153] Internet-Draft CICM Channel Management July 2011 interface RandomConduit : CICM::Conduit, CICM::Emit::GetStream {}; interface ChannelManager { CICM::Status create_key_stream_gen_controller( in CICM::RemotePort remote_port, in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::Emit::KeyStreamGenController controller_ref ); CICM::Status create_pseudorandom_controller( in CICM::RemotePort remote_port, in CICM::SymKey seed, out CICM::Emit::PseudoRandomController controller_ref ); CICM::Status create_random_controller( in CICM::RemotePort remote_port, out CICM::Emit::RandomController controller_ref ); CICM::Status create_key_stream_gen_conduit( in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::Emit::KeyStreamGenConduit conduit_ref ); CICM::Status create_pseudorandom_conduit( in CICM::SymKey seed, out CICM::Emit::PseudoRandomConduit conduit_ref ); CICM::Status create_random_conduit( out CICM::Emit::RandomConduit conduit_ref ); }; }; module Answer { interface PutStream : CICM::Stream { CICM::Status put( in CICM::Buffer buffer ); }; interface HashConduit : CICM::Conduit, CICM::Answer::PutStream { readonly attribute CICM::HashAlgorithmId algorithm; CICM::Status end_get_hash( out HashBuffer hash ); Lanz & Novikov Expires January 26, 2012 [Page 154] Internet-Draft CICM Channel Management July 2011 }; interface MACConduit : CICM::AbstractMACConduit, CICM::Answer::PutStream {}; interface MACVerifyConduit : CICM::AbstractMACVerifyConduit, CICM::Answer::PutStream {}; interface SignConduit : CICM::AbstractSignConduit, CICM::Answer::PutStream {}; interface SignHashConduit : CICM::Answer::SignConduit {}; interface VerifyConduit : CICM::AbstractSigVerifyConduit, CICM::Answer::PutStream {}; interface VerifyHashConduit : CICM::Answer::VerifyConduit {}; interface ChannelManager { CICM::Status create_hash_conduit( in CICM::HashAlgorithmId algorithm, out CICM::Answer::HashConduit conduit_ref ); CICM::Status create_mac_conduit( in CICM::SymKey key_ref, in CICM::SymMacAlgorithmId algorithm, out CICM::Answer::MACConduit conduit_ref ); CICM::Status create_mac_verify_conduit( in CICM::SymKey key_ref, in CICM::SymMacAlgorithmId algorithm, out CICM::Answer::MACVerifyConduit conduit_ref ); CICM::Status create_sign_conduit( in CICM::AsymKey key_ref, in CICM::AsymSigAlgorithmId algorithm, out CICM::Answer::SignConduit conduit_ref ); CICM::Status create_sign_hash_conduit( in CICM::AsymKey key_ref, in CICM::AsymSigAlgorithmId algorithm, out CICM::Answer::SignHashConduit conduit_ref ); CICM::Status create_verify_conduit( Lanz & Novikov Expires January 26, 2012 [Page 155] Internet-Draft CICM Channel Management July 2011 in CICM::AsymKey key_ref, in CICM::AsymSigAlgorithmId algorithm, out CICM::Answer::VerifyConduit conduit_ref ); CICM::Status create_verify_hash_conduit( in CICM::AsymKey key_ref, in CICM::AsymSigAlgorithmId algorithm, out CICM::Answer::VerifyHashConduit conduit_ref ); }; }; module Coprocessor { interface Stream : CICM::Stream { CICM::Status get_final_buffer( out CICM::Buffer buffer ); }; interface EncryptConduit : CICM::Conduit, CICM::SymKeyController, CICM::GenVectorController, CICM::ResyncController, CICM::Coprocessor::Stream { CICM::Status encrypt( in CICM::Buffer plaintext, out CICM::Buffer ciphertext ); }; interface EncryptWithMACConduit : CICM::AbstractMACConduit, CICM::Coprocessor::EncryptConduit {}; interface EncryptWithSignConduit : CICM::AbstractSignConduit, CICM::Coprocessor::EncryptConduit {}; interface DecryptConduit : CICM::Conduit, CICM::SymKeyController, CICM::SetVectorController, CICM::ResyncController, CICM::Coprocessor::Stream { CICM::Status decrypt( in CICM::Buffer ciphertext, out CICM::Buffer plaintext ); }; Lanz & Novikov Expires January 26, 2012 [Page 156] Internet-Draft CICM Channel Management July 2011 interface DecryptWithMACConduit : CICM::AbstractMACVerifyConduit, CICM::Coprocessor::DecryptConduit {}; interface DecryptWithVerifyConduit : CICM::AbstractSigVerifyConduit, CICM::Coprocessor::DecryptConduit {}; interface ChannelManager { CICM::Status create_coprocessor_encrypt_conduit( in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::Coprocessor::EncryptConduit conduit_ref ); CICM::Status create_coprocessor_encrypt_with_mac_conduit( in CICM::SymKey mac_key_ref, in CICM::SymKey encrypt_key_ref, in CICM::SymMacAlgorithmId mac_algorithm, in CICM::SymEncrAlgorithmId encrypt_algorithm, out CICM::Coprocessor::EncryptWithMACConduit conduit_ref ); CICM::Status create_coprocessor_encrypt_with_sign_conduit( in CICM::AsymKey sign_key_ref, in CICM::SymKey encrypt_key_ref, in CICM::AsymSigAlgorithmId sign_algorithm, in CICM::SymEncrAlgorithmId encrypt_algorithm, out CICM::Coprocessor::EncryptWithSignConduit conduit_ref ); CICM::Status create_coprocessor_decrypt_conduit( in CICM::SymKey key_ref, in CICM::SymEncrAlgorithmId algorithm, out CICM::Coprocessor::DecryptConduit conduit_ref ); CICM::Status create_coprocessor_decrypt_with_mac_conduit( in CICM::SymKey mac_key_ref, in CICM::SymKey decrypt_key_ref, in CICM::SymMacAlgorithmId mac_algorithm, in CICM::SymEncrAlgorithmId encrypt_algorithm, out CICM::Coprocessor::DecryptWithMACConduit conduit_ref ); CICM::Status create_coprocessor_decrypt_with_verify_conduit( in CICM::AsymKey verify_key_ref, in CICM::SymKey decrypt_key_ref, in CICM::AsymSigAlgorithmId verify_algorithm, in CICM::SymEncrAlgorithmId decrypt_algorithm, out CICM::Coprocessor::DecryptWithVerifyConduit conduit_ref ); }; }; Lanz & Novikov Expires January 26, 2012 [Page 157] Internet-Draft CICM Channel Management July 2011 interface ChannelManager : CICM::Answer::ChannelManager, CICM::BypassRead::ChannelManager, CICM::BypassWrite::ChannelManager, CICM::Coprocessor::ChannelManager, CICM::Decrypt::ChannelManager, CICM::DecryptBypass::ChannelManager, CICM::Duplex::ChannelManager, CICM::Emit::ChannelManager, CICM::Encrypt::ChannelManager, CICM::EncryptBypass::ChannelManager { CICM::Status create_controller_group( out CICM::ControllerGroup controller_group_ref ); }; }; Authors' Addresses Daniel J. Lanz The MITRE Corporation Email: dlanz@mitre.org Lev Novikov The MITRE Corporation Email: lnovikov@mitre.org Lanz & Novikov Expires January 26, 2012 [Page 158]