PKCS11: CKA_VALUE_LEN attribute and Unwrap key

Question

In PKCS11 specification v2.40, we see some confusion with CKA_VALUE_LEN attribute and UnwrapKey behavior.

From PKCS11 spec 2.40 section 2.8.2,

2 -> MUST not be specified when object is created with C_CreateObject.

3 -> MUST be specified when object is generated with C_GenerateKey or C_GenerateKeyPair.

6 -> MUST not be specified when object is unwrapped with C_UnwrapKey.

In the AES-ECB and AES-CBC, spec tells to pass CKA_VALUE_LEN (section 2.8.4),

So what is expected from application? Do the applications need to pass CKA_VALUE_LEN during unwrap?

NOTE: Even PKCS11 spec 3.0 is also saying the same thing.

Answer 1

Yes, I think that's sufficiently unclear to ask for clarification of the authors of the document, and it probably needs fixing.

However, what I do know is that the key size is definitely clear from the wrapped key itself. So there is definitely no need to specify CKA_VALUE_LEN during the call to C_UnwrapKey. There is no need to check it either; I'd be more worried about the value of the key then the size of the key if the key can be altered somehow.

What is possibly meant is that the key size of the wrapped key is determined using CKA_VALUE_LEN during key generation. Because in that case the type by itself doesn't specify the output length, i.e. the size of the key being unwrapped.