CreateCopyDestroyObject, read only error for CKA_VALUE

[metekesler]

// Make another copy but change the value attribute along the way.
CK_OBJECT_HANDLE object3;
CK_BYTE facefeed[] = { 0xFA, 0xCE, 0xFE, 0xED};
CK_ATTRIBUTE attrs3[] = {
{CKA_VALUE, facefeed, sizeof(facefeed)},
};
EXPECT_CKR_OK(g_fns->C_CopyObject(session_, object, attrs3, 1, &object3));

Updating the CKA_VALUE attribute. It says read-only in the standard. Could the testing process here be wrong?

url

[daviddrysdale]

The section you linked to (4.3.4.2) seems to be specific to a "Monotonic Counter Object", but the test is manipulating a CKO_DATA object (section 4.5.2). Or am I getting the wrong spec section?

[metekesler]

Yes that's the wrong property section.
The right part : url

[daviddrysdale]

I can't see anything in the CKO_DATA section that indicates that CKA_VALUE should be read-only – please re-open with exact spec text if I'm missing something.

[ruchi393]

As per specification only attributes marked with "8, 10, 11 and 12"
are modifiable after an object has been created/key generated.
The only exception to these are any attributes if mentioned in
footnote of the other tables. (eg table 16 which in its footnote
specifies explicitly about the modifiable attributes). For Data Object,
attributes (Table 17) neither are the attributes marked with 8,10,11 or 12
as per Table 10, nor is it specified that these are modifiable later.
So, this suggests that attribute CKA_VALUE can't be modified and is read-only.

[daviddrysdale]

Re-opening the issue, but I'm still not convinced – I haven't yet seen a definitive spec reference.

BTW, https://thalesdocs.com/gphsm/ptk/5.9/docs/Content/PTK-C_Program/Obj_Classes/data_obj.htm includes "Each of these attributes may be modified after the object is created."

[metekesler]

This means that the CKA_VALUE value cannot be changed when the entire specification is read and the footnote is considered.