corePKCS11 v3.5.0
PKCS #11 Cryptoki Library
core_pkcs11_config_defaults.h File Reference

List of configuration macros for the corePKCS11 library along with their default values. More...

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Macros

#define pkcs11configPKCS11_MALLOC   malloc
 Definitions mapping deprecated configuration macro names to their current equivalent configurations for backwards compatibility of API. More...
 
#define pkcs11configPKCS11_FREE   free
 Free API used by iot_pkcs11.h. More...
 
#define pkcs11configPKCS11_DEFAULT_USER_PIN   "0000"
 PKCS #11 default user PIN. More...
 
#define pkcs11configMAX_LABEL_LENGTH   32
 Maximum length (in characters) for a PKCS #11 CKA_LABEL attribute. More...
 
#define pkcs11configMAX_NUM_OBJECTS   6
 Maximum number of token objects that can be stored by the PKCS #11 module. More...
 
#define pkcs11configMAX_SESSIONS   10
 Maximum number of sessions that can be stored by the PKCS #11 module. More...
 
#define pkcs11configPAL_DESTROY_SUPPORTED   0
 Set to 1 if a PAL destroy object is implemented. More...
 
#define pkcs11configOTA_SUPPORTED   0
 Set to 1 if OTA image verification via PKCS #11 module is supported. More...
 
#define pkcs11configJITP_CODEVERIFY_ROOT_CERT_SUPPORTED   0
 Set to 1 if PAL supports storage for JITP certificate, code verify certificate, and trusted server root certificate. More...
 
#define pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS   "Device Priv TLS Key"
 The PKCS #11 label for device private key. More...
 
#define pkcs11configLABEL_DEVICE_PUBLIC_KEY_FOR_TLS   "Device Pub TLS Key"
 The PKCS #11 label for device public key. More...
 
#define pkcs11configLABEL_DEVICE_CERTIFICATE_FOR_TLS   "Device Cert"
 The PKCS #11 label for the device certificate. More...
 
#define pkcs11configLABEL_ROOT_CERTIFICATE   "Root Cert"
 The PKCS #11 label for the AWS Trusted Root Certificate. More...
 
#define pkcs11configLABEL_HMAC_KEY   "HMAC Key"
 The PKCS #11 label for the object to be used for HMAC operations. More...
 
#define pkcs11configLABEL_CMAC_KEY   "CMAC Key"
 The PKCS #11 label for the object to be used for CMAC operations. More...
 
#define pkcs11configLABEL_CODE_VERIFICATION_KEY   "Code Verify Key"
 The PKCS #11 label for the object to be used for code verification. More...
 
#define pkcs11configLABEL_JITP_CERTIFICATE   "JITP Cert"
 The PKCS #11 label for AWS IoT Just-In-Time-Provisioning. More...
 
#define pkcs11configLABEL_CLAIM_CERTIFICATE   "Claim Cert"
 The PKCS #11 label for AWS IoT Fleet Provisioning claim certificate. More...
 
#define pkcs11configLABEL_CLAIM_PRIVATE_KEY   "Claim Key"
 The PKCS #11 label for AWS IoT Fleet Provisioning claim private key. More...
 
#define LogError(message)
 Macro that is called in the corePKCS11 library for logging "Error" level messages. More...
 
#define LogWarn(message)
 Macro that is called in the corePKCS11 library for logging "Warning" level messages. More...
 
#define LogInfo(message)
 Macro that is called in the corePKCS11 library for logging "Info" level messages. More...
 
#define LogDebug(message)
 Macro that is called in the corePKCS11 library for logging "Debug" level messages. More...
 

Detailed Description

List of configuration macros for the corePKCS11 library along with their default values.

Macro Definition Documentation

◆ pkcs11configPKCS11_MALLOC

#define pkcs11configPKCS11_MALLOC   malloc

Definitions mapping deprecated configuration macro names to their current equivalent configurations for backwards compatibility of API.

Malloc API used by iot_pkcs11.h


Possible values: Any platform-specific function for allocating memory.
Default value: The standard C "malloc" function

◆ pkcs11configPKCS11_FREE

#define pkcs11configPKCS11_FREE   free

Free API used by iot_pkcs11.h.


Possible values: Any platform-specific function for freeing memory.
Default value: The standard C "free" function

◆ pkcs11configPKCS11_DEFAULT_USER_PIN

#define pkcs11configPKCS11_DEFAULT_USER_PIN   "0000"

PKCS #11 default user PIN.

The PKCS #11 standard specifies the presence of a user PIN. That feature is sensible for applications that have an interactive user interface and memory protections. However, since typical microcontroller applications lack one or both of those, the user PIN is assumed to be used herein for interoperability purposes only, and not as a security feature.

Note
Do not cast this to a pointer! The library calls sizeof to get the length of this string.

Possible values: Any four digit code
Default value: "0000"

◆ pkcs11configMAX_LABEL_LENGTH

#define pkcs11configMAX_LABEL_LENGTH   32

Maximum length (in characters) for a PKCS #11 CKA_LABEL attribute.


Possible values: Any positive integer.
Default value: 32

◆ pkcs11configMAX_NUM_OBJECTS

#define pkcs11configMAX_NUM_OBJECTS   6

Maximum number of token objects that can be stored by the PKCS #11 module.


Possible values: Any positive integer.
Default value: 6

◆ pkcs11configMAX_SESSIONS

#define pkcs11configMAX_SESSIONS   10

Maximum number of sessions that can be stored by the PKCS #11 module.

Note
The windows test port has an abnormally large value in order to have enough sessions to successfully run all the model based PKCS #11 tests.

Possible values: Any positive integer.
Default value: 10

◆ pkcs11configPAL_DESTROY_SUPPORTED

#define pkcs11configPAL_DESTROY_SUPPORTED   0

Set to 1 if a PAL destroy object is implemented.

If set to 0, no PAL destroy object is implemented, and this functionality is implemented in the common PKCS #11 layer.

Possible values: 0 or 1
Default value: 0

◆ pkcs11configOTA_SUPPORTED

#define pkcs11configOTA_SUPPORTED   0

Set to 1 if OTA image verification via PKCS #11 module is supported.

If set to 0, OTA code signing certificate is built in via aws_ota_codesigner_certificate.h.

Possible values: 0 or 1
Default value: 0

◆ pkcs11configJITP_CODEVERIFY_ROOT_CERT_SUPPORTED

#define pkcs11configJITP_CODEVERIFY_ROOT_CERT_SUPPORTED   0

Set to 1 if PAL supports storage for JITP certificate, code verify certificate, and trusted server root certificate.

If set to 0, PAL does not support storage mechanism for these, and they are accessed via headers compiled into the code.

Possible values: 0 or 1
Default value: 0

◆ pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS

#define pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS   "Device Priv TLS Key"

The PKCS #11 label for device private key.

Private key for connection to AWS IoT endpoint. The corresponding public key should be registered with the AWS IoT endpoint.

Possible values: Any String smaller then pkcs11configMAX_LABEL_LENGTH.
Default value: Device Priv TLS Key

◆ pkcs11configLABEL_DEVICE_PUBLIC_KEY_FOR_TLS

#define pkcs11configLABEL_DEVICE_PUBLIC_KEY_FOR_TLS   "Device Pub TLS Key"

The PKCS #11 label for device public key.

The public key corresponding to pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS.

Possible values: Any String smaller then pkcs11configMAX_LABEL_LENGTH.
Default value: Device Pub TLS Key

◆ pkcs11configLABEL_DEVICE_CERTIFICATE_FOR_TLS

#define pkcs11configLABEL_DEVICE_CERTIFICATE_FOR_TLS   "Device Cert"

The PKCS #11 label for the device certificate.

Device certificate corresponding to pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS.

Possible values: Any String smaller then pkcs11configMAX_LABEL_LENGTH.
Default value: Device Cert

◆ pkcs11configLABEL_ROOT_CERTIFICATE

#define pkcs11configLABEL_ROOT_CERTIFICATE   "Root Cert"

The PKCS #11 label for the AWS Trusted Root Certificate.

See also
aws_default_root_certificates.h

Possible values: Any String smaller then pkcs11configMAX_LABEL_LENGTH.
Default value: Root Cert

◆ pkcs11configLABEL_HMAC_KEY

#define pkcs11configLABEL_HMAC_KEY   "HMAC Key"

The PKCS #11 label for the object to be used for HMAC operations.


Possible values: Any String smaller then pkcs11configMAX_LABEL_LENGTH.
Default value: HMAC Key

◆ pkcs11configLABEL_CMAC_KEY

#define pkcs11configLABEL_CMAC_KEY   "CMAC Key"

The PKCS #11 label for the object to be used for CMAC operations.


Possible values: Any String smaller then pkcs11configMAX_LABEL_LENGTH.
Default value: CMAC Key

◆ pkcs11configLABEL_CODE_VERIFICATION_KEY

#define pkcs11configLABEL_CODE_VERIFICATION_KEY   "Code Verify Key"

The PKCS #11 label for the object to be used for code verification.

Used by AWS IoT Over-the-Air Update (OTA) code to verify an incoming signed image.

Possible values: Any String smaller then pkcs11configMAX_LABEL_LENGTH.
Default value: Code Verify Key

◆ pkcs11configLABEL_JITP_CERTIFICATE

#define pkcs11configLABEL_JITP_CERTIFICATE   "JITP Cert"

The PKCS #11 label for AWS IoT Just-In-Time-Provisioning.

The certificate corresponding to the issuer of the device certificate (pkcs11configLABEL_DEVICE_CERTIFICATE_FOR_TLS) when using the JITR or JITP flow.

Possible values: Any String smaller then pkcs11configMAX_LABEL_LENGTH.
Default value: Code Verify Key

◆ pkcs11configLABEL_CLAIM_CERTIFICATE

#define pkcs11configLABEL_CLAIM_CERTIFICATE   "Claim Cert"

The PKCS #11 label for AWS IoT Fleet Provisioning claim certificate.

This label is used for the provisioning claim certificate. The provisioning claim certificate is used to connect to AWS IoT Core for provisioning a client device using "Provisioning by Claim" workflow of the Fleet Provisioning Service.

Possible values: Any String smaller then pkcs11configMAX_LABEL_LENGTH.
Default value: Claim Cert

◆ pkcs11configLABEL_CLAIM_PRIVATE_KEY

#define pkcs11configLABEL_CLAIM_PRIVATE_KEY   "Claim Key"

The PKCS #11 label for AWS IoT Fleet Provisioning claim private key.

This label is used for the provisioning claim private key. The provisioning claim private key corresponds to the provisioning claim certificate and is used to to connect to AWS IoT Core for provisioning a client device using "Provisioning by Claim" workflow of the Fleet Provisioning Service.

Possible values: Any String smaller then pkcs11configMAX_LABEL_LENGTH.
Default value: Claim Key

◆ LogError

#define LogError (   message)

Macro that is called in the corePKCS11 library for logging "Error" level messages.

To enable error level logging in the corePKCS11 library, this macro should be mapped to the application-specific logging implementation that supports error logging.

Note
This logging macro is called in the corePKCS11 library with parameters wrapped in double parentheses to be ISO C89/C90 standard compliant. For a reference implementation of the logging macros in POSIX environment, refer to core_pkcs11_config.h files, and the logging-stack in demos folder of the AWS IoT Embedded C SDK repository.

Default value: Error logging is turned off, and no code is generated for calls to the macro in the corePKCS11 library on compilation.

◆ LogWarn

#define LogWarn (   message)

Macro that is called in the corePKCS11 library for logging "Warning" level messages.

To enable warning level logging in the corePKCS11 library, this macro should be mapped to the application-specific logging implementation that supports warning logging.

Note
This logging macro is called in the corePKCS11 library with parameters wrapped in double parentheses to be ISO C89/C90 standard compliant. For a reference implementation of the logging macros in POSIX environment, refer to core_pkcs11_config.h files, and the logging-stack in demos folder of the AWS IoT Embedded C SDK repository.

Default value: Warning logs are turned off, and no code is generated for calls to the macro in the corePKCS11 library on compilation.

◆ LogInfo

#define LogInfo (   message)

Macro that is called in the corePKCS11 library for logging "Info" level messages.

To enable info level logging in the corePKCS11 library, this macro should be mapped to the application-specific logging implementation that supports info logging.

Note
This logging macro is called in the corePKCS11 library with parameters wrapped in double parentheses to be ISO C89/C90 standard compliant. For a reference implementation of the logging macros in POSIX environment, refer to core_pkcs11_config.h files, and the logging-stack in demos folder of the AWS IoT Embedded C SDK repository.

Default value: Info logging is turned off, and no code is generated for calls to the macro in the corePKCS11 library on compilation.

◆ LogDebug

#define LogDebug (   message)

Macro that is called in the corePKCS11 library for logging "Debug" level messages.

To enable debug level logging from corePKCS11 library, this macro should be mapped to the application-specific logging implementation that supports debug logging.

Note
This logging macro is called in the corePKCS11 library with parameters wrapped in double parentheses to be ISO C89/C90 standard compliant. For a reference implementation of the logging macros in POSIX environment, refer to core_pkcs11_config.h files, and the logging-stack in demos folder of the AWS IoT Embedded C SDK repository.

Default value: Debug logging is turned off, and no code is generated for calls to the macro in the corePKCS11 library on compilation.