corePKCS11  v3.2.0
PKCS #11 Cryptoki Library
PKCS #11 Configuration Macros

These are the configuration macros used by the corePKCS11 Library.

pkcs11configPKCS11_MALLOC

Definitions mapping deprecated configuration macro names to their current equivalent configurations for backwards compatibility of API. Malloc API used by iot_pkcs11.h


Possible values: Any platform-specific function for allocating memory.
Default value: The standard C "malloc" function

pkcs11configPKCS11_FREE

Free API used by iot_pkcs11.h.
Possible values: Any platform-specific function for freeing memory.
Default value: The standard C "free" function

pkcs11configPKCS11_DEFAULT_USER_PIN

PKCS #11 default user PIN. The PKCS #11 standard specifies the presence of a user PIN. That feature is sensible for applications that have an interactive user interface and memory protections. However, since typical microcontroller applications lack one or both of those, the user PIN is assumed to be used herein for interoperability purposes only, and not as a security feature.

Note
Do not cast this to a pointer! The library calls sizeof to get the length of this string.

Possible values: Any four digit code
Default value: "0000"

pkcs11configMAX_LABEL_LENGTH

Maximum length (in characters) for a PKCS #11 CKA_LABEL attribute.
Possible values: Any positive integer.
Default value: 32

pkcs11configMAX_NUM_OBJECTS

Maximum number of token objects that can be stored by the PKCS #11 module.
Possible values: Any positive integer.
Default value: 6

pkcs11configMAX_SESSIONS

Maximum number of sessions that can be stored by the PKCS #11 module.

Note
The windows test port has an abnormally large value in order to have enough sessions to successfully run all the model based PKCS #11 tests.

Possible values: Any positive integer.
Default value: 10

pkcs11configPAL_DESTROY_SUPPORTED

Set to 1 if a PAL destroy object is implemented. If set to 0, no PAL destroy object is implemented, and this functionality is implemented in the common PKCS #11 layer.

Possible values: 0 or 1
Default value: 0

pkcs11configOTA_SUPPORTED

Set to 1 if OTA image verification via PKCS #11 module is supported. If set to 0, OTA code signing certificate is built in via aws_ota_codesigner_certificate.h.

Possible values: 0 or 1
Default value: 0

pkcs11configJITP_CODEVERIFY_ROOT_CERT_SUPPORTED

Set to 1 if PAL supports storage for JITP certificate, code verify certificate, and trusted server root certificate. If set to 0, PAL does not support storage mechanism for these, and they are accessed via headers compiled into the code.

Possible values: 0 or 1
Default value: 0

pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS

The PKCS #11 label for device private key. Private key for connection to AWS IoT endpoint. The corresponding public key should be registered with the AWS IoT endpoint.

Possible values: Any String smaller then pkcs11configMAX_LABEL_LENGTH.
Default value: Device Priv TLS Key

pkcs11configLABEL_DEVICE_PUBLIC_KEY_FOR_TLS

The PKCS #11 label for device public key. The public key corresponding to pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS.

Possible values: Any String smaller then pkcs11configMAX_LABEL_LENGTH.
Default value: Device Pub TLS Key

pkcs11configLABEL_DEVICE_CERTIFICATE_FOR_TLS

The PKCS #11 label for the device certificate. Device certificate corresponding to pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS.

Possible values: Any String smaller then pkcs11configMAX_LABEL_LENGTH.
Default value: Device Cert

pkcs11configLABEL_ROOT_CERTIFICATE

The PKCS #11 label for the AWS Trusted Root Certificate.

See also
aws_default_root_certificates.h

Possible values: Any String smaller then pkcs11configMAX_LABEL_LENGTH.
Default value: Root Cert

pkcs11configLABEL_HMAC_KEY

The PKCS #11 label for the object to be used for HMAC operations.
Possible values: Any String smaller then pkcs11configMAX_LABEL_LENGTH.
Default value: HMAC Key

pkcs11configLABEL_CMAC_KEY

The PKCS #11 label for the object to be used for CMAC operations.
Possible values: Any String smaller then pkcs11configMAX_LABEL_LENGTH.
Default value: CMAC Key

pkcs11configLABEL_CODE_VERIFICATION_KEY

The PKCS #11 label for the object to be used for code verification. Used by AWS IoT Over-the-Air Update (OTA) code to verify an incoming signed image.

Possible values: Any String smaller then pkcs11configMAX_LABEL_LENGTH.
Default value: Code Verify Key

pkcs11configLABEL_JITP_CERTIFICATE

The PKCS #11 label for AWS IoT Just-In-Time-Provisioning. The certificate corresponding to the issuer of the device certificate (pkcs11configLABEL_DEVICE_CERTIFICATE_FOR_TLS) when using the JITR or JITP flow.

Possible values: Any String smaller then pkcs11configMAX_LABEL_LENGTH.
Default value: Code Verify Key

LogError

Macro that is called in the corePKCS11 library for logging "Error" level messages. To enable error level logging in the corePKCS11 library, this macro should be mapped to the application-specific logging implementation that supports error logging.

Note
This logging macro is called in the corePKCS11 library with parameters wrapped in double parentheses to be ISO C89/C90 standard compliant. For a reference implementation of the logging macros in POSIX environment, refer to core_pkcs11_config.h files, and the logging-stack in demos folder of the AWS IoT Embedded C SDK repository.

Default value: Error logging is turned off, and no code is generated for calls to the macro in the corePKCS11 library on compilation.

LogWarn

Macro that is called in the corePKCS11 library for logging "Warning" level messages. To enable warning level logging in the corePKCS11 library, this macro should be mapped to the application-specific logging implementation that supports warning logging.

Note
This logging macro is called in the corePKCS11 library with parameters wrapped in double parentheses to be ISO C89/C90 standard compliant. For a reference implementation of the logging macros in POSIX environment, refer to core_pkcs11_config.h files, and the logging-stack in demos folder of the AWS IoT Embedded C SDK repository.

Default value: Warning logs are turned off, and no code is generated for calls to the macro in the corePKCS11 library on compilation.

LogInfo

Macro that is called in the corePKCS11 library for logging "Info" level messages. To enable info level logging in the corePKCS11 library, this macro should be mapped to the application-specific logging implementation that supports info logging.

Note
This logging macro is called in the corePKCS11 library with parameters wrapped in double parentheses to be ISO C89/C90 standard compliant. For a reference implementation of the logging macros in POSIX environment, refer to core_pkcs11_config.h files, and the logging-stack in demos folder of the AWS IoT Embedded C SDK repository.

Default value: Info logging is turned off, and no code is generated for calls to the macro in the corePKCS11 library on compilation.

LogDebug

Macro that is called in the corePKCS11 library for logging "Debug" level messages. To enable debug level logging from corePKCS11 library, this macro should be mapped to the application-specific logging implementation that supports debug logging.

Note
This logging macro is called in the corePKCS11 library with parameters wrapped in double parentheses to be ISO C89/C90 standard compliant. For a reference implementation of the logging macros in POSIX environment, refer to core_pkcs11_config.h files, and the logging-stack in demos folder of the AWS IoT Embedded C SDK repository.

Default value: Debug logging is turned off, and no code is generated for calls to the macro in the corePKCS11 library on compilation.