python-pkcs11
python-pkcs11 copied to clipboard
Published
20 hours ago •
pyauth
pyauth
lack of support for generation of `CKK_GENERIC_SECRET` key type.
The library does not support creation of keys of type CKK_GENERIC_SECRET.
- there is no default mechanism set for
KeyType.GENERIC_SECRET, it should beMechanism.GENERIC_SECRET_KEY_GEN - the library does not handle properly
CKA_VALUE_LENattribute: it is only set for AES keys. It result in aCKR_TEMPLATE_INCOMPLETEerror for other key types (exept those where a key value length is not needed, such as DES).
The first problem is illustrated by the following excerpt:
Traceback (most recent call last):
File "pkcs11/_pkcs11.pyx", line 98, in pkcs11._pkcs11.MechanismWithParam.__init__
KeyError: <KeyType.GENERIC_SECRET>
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/home/eric/stage/./test.py", line 117, in <module>
generate_p11perftest_keys(args.library, args.slotindex, args.password, not args.noop)
File "/usr/home/eric/stage/./test.py", line 27, in generate_p11perftest_keys
des1 = session.generate_key( KeyType.GENERIC_SECRET,
File "pkcs11/_pkcs11.pyx", line 382, in pkcs11._pkcs11.Session.generate_key
File "pkcs11/_pkcs11.pyx", line 100, in pkcs11._pkcs11.MechanismWithParam.__init__
pkcs11.exceptions.ArgumentsBad: No default mechanism for this key type. Please specify `mechanism`.
the second problem is illustrated by the following excerpt (once a mechanism has been set explicitely to clear the first issue):
Traceback (most recent call last):
File "/usr/home/eric/stage/./test.py", line 117, in <module>
generate_p11perftest_keys(args.library, args.slotindex, args.password, not args.noop)
File "/usr/home/eric/stage/./test.py", line 27, in generate_p11perftest_keys
des1 = session.generate_key( KeyType.GENERIC_SECRET,
File "stringsource", line 415, in View.MemoryView.memoryview.__getitem__
File "pkcs11/_errors.pyx", line 88, in pkcs11._pkcs11.assertRV
pkcs11.exceptions.TemplateIncomplete
