python-pkcs11 icon indicating copy to clipboard operation
python-pkcs11 copied to clipboard

Published 20 hours ago verified publisher icon pyauth

SHA256 wrongly computed for data of size greater than 4kB

Open StefWeg opened this issue 5 years ago • 1 comments

Reproduction conditions: python-pkcs11: version 0.6.0 operating system: Linux 4.13.0-39-generic x86_64 (Ubuntu) using pkcs11 middleware library for ePass2003: libcastle.so.1.0.0

command: "session.digest(data, mechanism=Mechanism.SHA256)" returns wrong hash if data is greater than 4kB

It is not a problem of libcastle.so.1.0.0 as calculating SHA256 using Open SSL works correctly.

StefWeg avatar Aug 11 '20 08:08 StefWeg

Does OpenSSL calculate hashes via C_Digest? Why are you digesting via the HSM and not via hashlib. The only real use for digest is to digest HSM objects (e.g. keys) without exporting them.

There isn't a 4KB limitation inside python-pkcs11, so it's almost certainly inside your PKCS#11 library. Try passing an iterable of 4kB blocks using something like https://stackoverflow.com/a/1915307/4391298

danni avatar Aug 11 '20 23:08 danni