This defines a new boolean attribute CKA_DESTROYABLE. Currently it is ambiguous whether CKA_MODIFIABLE objects are destroyable with C_DestroyObject. In addition a return code CKR_ACTION_PROHIBITED is added. This is returned by C_SetAttributeValue, C_CopyObject and C_DestroyObject when the relevant policy flag attribute (CKA_MODIFIABLE, CKA_COPYABLE, or CKA_DESTROYABLE) is set to CK_FALSE. In the process the CKR_COPY_PROHIBITED constant is deprecated, but still present in the headers and appendix. Cheers, Stef 10.1.3 Copying objects *** Modify paragraph, adding constant The Cryptoki attributes which can be modified during the course of a C_CopyObject operation are the same as the Cryptoki attributes which are described as being modifiable, plus the four special attributes CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE and CKA_DESTROYABLE. ... *** Modify paragraph, replacing constant If the CKA_COPYABLE attribute of the object to be copied is set to CK_FALSE, C_CopyObject returns CKR_ACTION_PROHIBITED. Otherwise, the scenarios described in 10.1.1 - and the error codes they return - apply to copying objects with C_CopyObject, except for the possibility of a template being incomplete. 10.4 Storage Objects Table 21, Common Storage Object Attributes *** Add new row --------------------------------------------------------------- CKA_DESTROYABLE CK_BBOOL CK_TRUE if the object can be destroyed using C_DestroyObject. Default is CK_TRUE. ---------------------------------------------------------------- *** Modify paragraph, removing last sentence The value of the CKA_MODIFIABLE attribute determines whether or not an object is read-only. *** Add paragraph The value of the CKA_DESTROYABLE attribute determines whether the object can be destroyed using C_DestroyObject. 11.1.6 All other Cryptoki function return values *** Add paragraph o CKR_ACTION_PROHIBITED: This value can only be returned by C_CopyObject, C_SetAttributeValue and C_DestroyObject. It denotes that the action may not be taken, either because of underlying policy restrictions on the token, or because the object has the the relevant CKA_COPYABLE, CKA_MODIFIABLE or CKA_DESTROYABLE policy attribute set to CK_FALSE. 11.7 Object management functions o C_CopyObject *** Modify paragraph, replacing constant If a call to C_CopyObject cannot support the precise template supplied to it, it will fail and return without creating any object. If the object indicated by hObject has its CKA_COPYABLE attribute set to CK_FALSE, C_CopyObject will return CKR_ACTION_PROHIBITED. *** Remove return value Return values: ... CKR_COPY_PROHIBITED *** Add return value: Return values: ... CKR_ACTION_PROHIBITED o C_DestroyObject *** Add paragraph Certain objects may not be destroyed. Calling C_DestroyObject on such objects will result in the CKR_ACTION_PROHIBITED error code. An application can consult the object's CKA_DESTROYABLE attribute to determine if an object may be destroyed or not. *** Add value Return values: ... CKR_ACTION_PROHIBITED o C_SetAttributeValue *** Add paragraph Certain objects may not be modified. Calling C_SetAttributeValue on such objects will result in the CKR_ACTION_PROHIBITED error code. An application can consult the object's CKA_MODIFIABLE attribute to determine if an object may be modified or not. *** Add return value: Return values: ... CKR_ACTION_PROHIBITED A. Manifest Constants *** Add constant #define CKA_DESTROYABLE 0x00000171UL *** Add constant #define CKR_ACTION_PROHIBITED 0x0000001AUL *** Replace constant #define CKR_COPY_PROHIBITED CKR_ACTION_PROHIBITED