PKCS11: fails with CKR_ATTRIBUTE_READ_ONLY in unwrap_key function
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Barbican |
Won't Fix
|
Undecided
|
Unassigned | ||
Bug Description
Setting the attribute CKA_EXTRACTABLE manually for key unwrapping results in
CKR_ATTRIBUTE_
is already set by PKCS#11 automatically, as specified in the PKCS11 standard.
"The CKA_EXTRACTABLE attribute is by default set to CK_TRUE." [1]
Tested with openCryptoki v3.4.1 ICA token, but should be a general issue since the Barbican PKCS#11 plugin does not follow the PKCS11 v2.40 standard.
How to reproduce:
- Start Barbican
- Store a secret
Appears after fix for wrong GCM header has been applied [2].
Otherwise we do not even get this far.
[1] http://
p. 132 - Section 5.13
[2 ]https:/
| summary: |
- PKCS11: Use correct attributes for key unwrapping + PKCS11: fails with CKR_ATTRIBUTE_READ_ONLY in unwrap_key function |
| description: | updated |
| description: | updated |
| OpenStack Infra (hudson-openstack) wrote Fix proposed to barbican (master) | #1 |
| OpenStack Infra (hudson-openstack) wrote Change abandoned on barbican (master) | #2 |
| Grzegorz Grasza (xek) wrote | #3 |
| Changed in barbican: | |
| status: | New → Won't Fix |
Fix proposed to branch: master
Review: https:/