PKCS11 TA: Invalid attribute CKA_CHECK_VALUE for secure key object

[maroueneboubakri]

Hello,

According to the PKCS#11 specifications, CKA_CHECK_VALUE is an attribute of certificate object (CKO_CERTIFICATE) and also secure key object (CKO_SECRET_KEY). It seems that the PKCS11 TA recognizes this only for certificate object, returing invalid attribute type when requested for a secure key object (CKR_ATTRIBUTE_TYPE_INVALID). It is intentional ? or a bug ?

I'll open a PR.

@etienne-lms FYI.

Thanks
Maro

[etienne-lms]

If you have an implementation for CKA_CHECK_VALUE, a P-R a warmly welcome. See #6431.

[github-actions]

This issue has been marked as a stale issue because it has been open (more than) 30 days with no activity. Remove the stale label or add a comment, otherwise this issue will automatically be closed in 5 days. Note, that you can always re-open a closed issue at any time.

[etienne-lms]

Imeplemented by #6494.

[github-actions]

This issue has been marked as a stale issue because it has been open (more than) 30 days with no activity. Remove the stale label or add a comment, otherwise this issue will automatically be closed in 5 days. Note, that you can always re-open a closed issue at any time.

[etienne-lms]

Work still on-going.
#6494 has been merged but led to 2 series of fixup changes:

• ta: pkcs11: fixes for key check value + default enable its support #6579 has been merged.
• ta: pkcs11: fixes for check value attribute #6550 is under review.

[github-actions]

This issue has been marked as a stale issue because it has been open (more than) 30 days with no activity. Remove the stale label or add a comment, otherwise this issue will automatically be closed in 5 days. Note, that you can always re-open a closed issue at any time.

[etienne-lms]

We can close this issue. It's been addressed by the P-Rs referred above.