Trouble with C_UnwrapKey when Private Key has CKA_UNWRAP_TEMPLATE

[alfredgamulo]

Hi,

I have a test case at [1] that I am unable to resolve. It seems that when I try to unwrap with an RSA Private key which has the Attribute CKA_UNWRAP_TEMPLATE of which embeds CKA_EXTRACTABLE to False, I get the error code 209.

When I leave out the CKA_UNWRAP_TEMPLATE attribute, then the test proceeds fine and Unwrap succeeds.

[1] https://gist.github.com/alfredgamulo/b6f605d00f148a5d739086dd972e2ecf

[rijswijk]

You can look up the error codes in pkcs11.h; the error SoftHSM is returning is CKR_TEMPLATE_INCONSISTENT, because there is an error in the unwrapping template associated with the object. Please check the conditions under which this error is returned in SoftHSM.cpp, lines 6653 - 6693 (see https://github.com/opendnssec/SoftHSMv2/blob/develop/src/lib/SoftHSM.cpp).

On 25 Jan 2019, at 16:18, Alfred Gamulo notifications@github.com wrote:

Hi,

I have a test case at [1] that I am unable to resolve. It seems that when I try to unwrap with an RSA Private key which has the Attribute CKA_UNWRAP_TEMPLATE of which embeds CKA_EXTRACTABLE to False, I get the error code 209.

When I leave out the CKA_UNWRAP_TEMPLATE attribute, then the test proceeds fine and Unwrap succeeds.

[1] https://gist.github.com/alfredgamulo/b6f605d00f148a5d739086dd972e2ecf

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

-- Roland M. van Rijswijk-Deij -- NLnet Labs

[alfredgamulo]

Gotcha, I understand now. My pTemplate that was passed into the C_UnwrapKey function did not have the same attributes in the Unwrap Template. Thanks for the help.