RSA PKCS key generation and invalid public exponent values

Hi,

In section 2.1.4 of PKCS #1 RSA key pair generation, there is the following sentence.

CKR_TEMPLATE_INCONSISTENT shall be returned if the implementation cannot use the supplied exponent value.

But, that is contrary to the descriptions provided for the various error codes (see further below for explanation). Shouldn’t this be changed to return CKR_ATTRIBUTE_TYPE_INVALID?

Or, if we didn’t want to orphan existing Cryptoki implementations, we could keep a reference to the older standard:

CKR_ATTRIBUTE_TYPE_INVALID shall be returned if the implementation cannot use the supplied exponent value. Versions of this standard prior to 3.0 stated that CKR_TEMPLATE_INCONSISTENT shall be returned.

Here are the descriptions for the two error codes:

CKR_TEMPLATE_INCONSISTENT: The template specified for creating an object has conflicting attributes.

CKR_ATTRIBUTE_VALUE_INVALID: An invalid value was specified for a particular attribute in a template.

And there is also section 4.1.1 that explains various error conditions and error codes when generating key:

Creating objects

Objects may be created with the Cryptoki functions C_CreateObject (see Section 5.7), C_GenerateKey, C_GenerateKeyPair, C_UnwrapKey, and C_DeriveKey (see Section 5.13). In addition, copying an existing object (with the function C_CopyObject) also creates a new object, but we consider this type of object creation separately in Section 4.1.3.

Attempting to create an object with any of these functions requires an appropriate template to be supplied.

1. If the supplied template specifies a value for an invalid attribute, then the attempt should fail with the error code CKR_ATTRIBUTE_TYPE_INVALID. An attribute is valid if it is either one of the attributes described in the Cryptoki specification or an additional vendor-specific attribute supported by the library and token.

2. If the supplied template specifies an invalid value for a valid attribute, then the attempt should fail with the error code CKR_ATTRIBUTE_VALUE_INVALID. The valid values for Cryptoki attributes are described in the Cryptoki specification.

3. …

4. …

5. If the attribute values in the supplied template, together with any default attribute values and any attribute values contributed to the object by the object-creation function itself, are inconsistent, then the attempt should fail with the error code CKR_TEMPLATE_INCONSISTENT. A set of attribute values is inconsistent if not all of its members can be satisfied simultaneously by the token, although each value individually is valid in Cryptoki. One example of an inconsistent template would be using a template which specifies two different values for the same attribute. Another example would be trying to create a secret key object with an attribute which is appropriate for various types of public keys or private keys, but not for secret keys. A final example would be a template with an attribute that violates some token specific requirement. Note that this final example of an inconsistent template is token-dependent—on a different token, such a template might not be inconsistent.

6. If the supplied template specifies the same value for a particular attribute more than once (or the template specifies the same value for a particular attribute that the object-creation function itself contributes to the object), then the behavior of Cryptoki is not completely specified. The attempt to create an object can either succeed—thereby creating the same object that would have been created if the multiply-specified attribute had only appeared once—or it can fail with error code CKR_TEMPLATE_INCONSISTENT. Library developers are encouraged to make their libraries behave as though the attribute had only appeared once in the template; application developers are strongly encouraged never to put a particular attribute into a particular template more than once.

pkcs11 message

Creating objects