ta: pkcs11: pkcs11_attributes.c: PKCS11_CKA_CHECK_VALUE properties

Set PKCS11_CKA_CHECK_VALUE as an optional or NULL attribute of a
symmetric key object and cannot be changed once it has been set.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>

ta/pkcs11/src/pkcs11_attributes.c

@@ -400,6 +400,7 @@ static const uint32_t symm_key_boolprops[] = {
 static const uint32_t symm_key_opt_or_null[] = {
 	PKCS11_CKA_WRAP_TEMPLATE, PKCS11_CKA_UNWRAP_TEMPLATE,
 	PKCS11_CKA_DERIVE_TEMPLATE, PKCS11_CKA_VALUE,
+	PKCS11_CKA_CHECK_VALUE,
 };
 
 static const uint32_t symm_key_optional[] = {
@@ -2187,6 +2188,9 @@ static bool attr_is_modifiable_secret_key(struct pkcs11_attribute_head *attr,
 	case PKCS11_CKA_NEVER_EXTRACTABLE:
 	case PKCS11_CKA_ALWAYS_SENSITIVE:
 		return false;
+	/* CKA_CHECK_VALUE cannot be changed once it has been set. */
+	case PKCS11_CKA_CHECK_VALUE:
+		return false;
 	default:
 		return false;
 	}