Description
Three items here, but did this as a single document since the edits were all in this section:
1) Fixing the text on CKA_UNWRAP_TEMPLATE to indicate it can be set once and then is read-only.
2) Adding CKA_UUID and CKA_WRAP_WITH_UUID. The first attribute marks each key with a pseudo-random UUID that changes anytime the key changes. The second points to the first for the purpose of uniquely identifying a key that can be used to wrap this key.
3) Added CKA_DERIVE_TEMPLATE. This exactly mirrors CKA_UNWRAP_TEMPLATE in that it is applied to a key derived from the key this attribute is on. This is necessary to set things like the sensitivity or extractability of derived keys.