chaps.h

// Copyright 2011 The ChromiumOS Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CHAPS_CHAPS_H_
#define CHAPS_CHAPS_H_

#include "pkcs11/cryptoki.h"

// Chaps-specific return values:
#define CKR_CHAPS_SPECIFIC_FIRST (CKR_VENDOR_DEFINED + 0x47474c00)
// Error code returned in case if the operation would block waiting
// for private objects to load for the token. This value is persisted to logs
// and should not be renumbered and numeric values should never be reused.
// Please keep in sync with "ChapsSessionStatus" in
// tools/metrics/histograms/enums.xml in the Chromium repo.
#define CKR_WOULD_BLOCK_FOR_PRIVATE_OBJECTS (CKR_CHAPS_SPECIFIC_FIRST + 0)

namespace chaps {

inline constexpr char kSystemTokenPath[] = "/var/lib/chaps";

inline constexpr size_t kTokenLabelSize = 32;
inline constexpr CK_ATTRIBUTE_TYPE kKeyBlobAttribute = CKA_VENDOR_DEFINED + 1;
inline constexpr CK_ATTRIBUTE_TYPE kAuthDataAttribute = CKA_VENDOR_DEFINED + 2;
// If this attribute is set to true at creation or generation time, then the
// object will not be stored/wrapped in hardware-backed security element, and
// will remain purely in software.
inline constexpr CK_ATTRIBUTE_TYPE kForceSoftwareAttribute =
    CKA_VENDOR_DEFINED + 4;
// This attribute is set to false if the key is stored in hardware-backed
// security element, and true otherwise.
inline constexpr CK_ATTRIBUTE_TYPE kKeyInSoftware = CKA_VENDOR_DEFINED + 5;
// If this attribute is set to true at creation or generation time, then the
// object may be generated in software, but still stored/wrapped in the
// hardware-backed security element.
inline constexpr CK_ATTRIBUTE_TYPE kAllowSoftwareGenAttribute =
    CKA_VENDOR_DEFINED + 6;

}  // namespace chaps

#endif  // CHAPS_CHAPS_H_