`p11wrap` is mistakenly adding `CKA_EC_PARAMS` attribute.

Mastercard / pkcs11-tools

A set of tools to manage objects on PKCS#11 cryptographic tokens. Compatible with many PKCS#11 library, including major HSM brands, NSS and softoken.

Other

142 stars 29 forks source link

`p11wrap` is mistakenly adding `CKA_EC_PARAMS` attribute. #14

Closed keldonin closed 4 years ago

keldonin commented 4 years ago

p11wrap is mistakenly adding CKA_EC_PARAMS attribute.

When unwrapping the key, that parameter is forbidden, according to PKCS#11 v2.40 curr table 31 PKCS#11 v2.40 base table 10, item 6, _"MUST not be specified when object is unwrapped with CUnwrapKey."

This results in EC keys that cannot unwrap, when using cbcpad wrapping algorithm. The workaround is to comment out CKA_EC_PARAMS from the wrap file before unwrapping the key.