Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lack of support for generation of CKK_GENERIC_SECRET key type. #140

Open
keldonin opened this issue Sep 7, 2022 · 0 comments
Open

lack of support for generation of CKK_GENERIC_SECRET key type. #140

keldonin opened this issue Sep 7, 2022 · 0 comments

Comments

@keldonin
Copy link
Contributor

keldonin commented Sep 7, 2022

The library does not support creation of keys of type CKK_GENERIC_SECRET.

  • there is no default mechanism set for KeyType.GENERIC_SECRET, it should be Mechanism.GENERIC_SECRET_KEY_GEN
  • the library does not handle properly CKA_VALUE_LEN attribute: it is only set for AES keys. It result in a CKR_TEMPLATE_INCOMPLETE error for other key types (exept those where a key value length is not needed, such as DES).

The first problem is illustrated by the following excerpt:

Traceback (most recent call last):
  File "pkcs11/_pkcs11.pyx", line 98, in pkcs11._pkcs11.MechanismWithParam.__init__
KeyError: <KeyType.GENERIC_SECRET>

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/home/eric/stage/./test.py", line 117, in <module>
    generate_p11perftest_keys(args.library, args.slotindex, args.password, not args.noop)
  File "/usr/home/eric/stage/./test.py", line 27, in generate_p11perftest_keys
    des1 = session.generate_key( KeyType.GENERIC_SECRET,
  File "pkcs11/_pkcs11.pyx", line 382, in pkcs11._pkcs11.Session.generate_key
  File "pkcs11/_pkcs11.pyx", line 100, in pkcs11._pkcs11.MechanismWithParam.__init__
pkcs11.exceptions.ArgumentsBad: No default mechanism for this key type. Please specify `mechanism`.

the second problem is illustrated by the following excerpt (once a mechanism has been set explicitely to clear the first issue):

Traceback (most recent call last):
  File "/usr/home/eric/stage/./test.py", line 117, in <module>
    generate_p11perftest_keys(args.library, args.slotindex, args.password, not args.noop)
  File "/usr/home/eric/stage/./test.py", line 27, in generate_p11perftest_keys
    des1 = session.generate_key( KeyType.GENERIC_SECRET,
  File "stringsource", line 415, in View.MemoryView.memoryview.__getitem__
  File "pkcs11/_errors.pyx", line 88, in pkcs11._pkcs11.assertRV
pkcs11.exceptions.TemplateIncomplete
keldonin added a commit to keldonin/python-pkcs11 that referenced this issue Sep 7, 2022
@keldonin
fix for issue pyauth#140
eb42622 
- Adding a default mechanism for `CKK_GENERIC_SECRET` key type
- Fixing condition for including `CKA_VALUE_LEN` when generating a secret key. It is now skipped only for those algorithms that do not want it.
@keldonin keldonin mentioned this issue Sep 7, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@keldonin