C
Cornelius Kölbel
Hi there,
I am trying to use a pkcs11 library (with python 2.7) and address this
library with ctypes.
Alas, I am neither the python black belt guru and C is not my preferred
language.
Till now, I do not want to use pykcs11, since I want to keep my
dependencies low.
I initialized the library, logged in to the token and got a session
(self.hSession).
Now I try to create an AES key using C_CreateKey.
--snip--
def createAES(self, ks=32):
rv=0
mechanism = CK_MECHANISM(CKM_AES_KEY_GEN, NULL, 0)
print "Mech:",mechanism.mechanism
print "Mech:",mechanism.pParameter
print "Mech:",mechanism.usParameterLen
keysize = c_ulong(ks)
klass = CKO_SECRET_KEY
keytype = CKK_AES
label = "testAES"
ck_true = c_ubyte(1)
ck_false = c_ubyte(0)
objHandle = CK_OBJECT_HANDLE()
size=7
CK_TEMPLATE = CK_ATTRIBUTE * 6
template = CK_TEMPLATE(
CK_ATTRIBUTE(CKA_KEY_TYPE, c_void_p(keytype),0),
CK_ATTRIBUTE(CKA_LABEL, cast( label, c_void_p),
len( label )),
CK_ATTRIBUTE(CKA_VALUE_LEN,
cast(byref(keysize),c_void_p), sizeof(keysize) ),
CK_ATTRIBUTE(CKA_PRIVATE,
cast(byref(ck_false),c_void_p), sizeof(ck_false)),
CK_ATTRIBUTE(CKA_TOKEN,
cast(byref(ck_true),c_void_p), sizeof(ck_true)),
CK_ATTRIBUTE(CKA_SENSITIVE,
cast(byref(ck_true),c_void_p), sizeof(ck_true))
)
template_len = c_ulong(size)
print "Template: ", template
print "Template: ", len(template)
print "Handle:", objHandle
print "Handle:", type(addressof(objHandle))
rv = self.etpkcs11.C_GenerateKey(self.hSession,
addressof(mechanism),
addressof(template),
template_len,
objHandle)
print "rv=",rv
print "handle=",objHandle
if rv:
if self.debug: print "Failed to create key: " , rv
raise Exception("createAES - Failed to C_GenerateKey (%s):
%s" % (rv, pkcs11error(rv)) )
else:
if self.debug: print "created key successfully: %s" %
str(handle)
--snap--
Unfortunately I end up with a return value of 32, which means invalid
data -- I guess my template is not that, what is should be.
Any hint on this is highly appreciated.
Kind regards
Cornelius
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlBHuOEACgkQGUgIxT8zfHHOugCfVgyab1EWNciOH/P9rBItg+1t
1fMAoKlZF461bAzaN+pYOsGiEWGnXZfh
=iHUW
-----END PGP SIGNATURE-----
I am trying to use a pkcs11 library (with python 2.7) and address this
library with ctypes.
Alas, I am neither the python black belt guru and C is not my preferred
language.
Till now, I do not want to use pykcs11, since I want to keep my
dependencies low.
I initialized the library, logged in to the token and got a session
(self.hSession).
Now I try to create an AES key using C_CreateKey.
--snip--
def createAES(self, ks=32):
rv=0
mechanism = CK_MECHANISM(CKM_AES_KEY_GEN, NULL, 0)
print "Mech:",mechanism.mechanism
print "Mech:",mechanism.pParameter
print "Mech:",mechanism.usParameterLen
keysize = c_ulong(ks)
klass = CKO_SECRET_KEY
keytype = CKK_AES
label = "testAES"
ck_true = c_ubyte(1)
ck_false = c_ubyte(0)
objHandle = CK_OBJECT_HANDLE()
size=7
CK_TEMPLATE = CK_ATTRIBUTE * 6
template = CK_TEMPLATE(
CK_ATTRIBUTE(CKA_KEY_TYPE, c_void_p(keytype),0),
CK_ATTRIBUTE(CKA_LABEL, cast( label, c_void_p),
len( label )),
CK_ATTRIBUTE(CKA_VALUE_LEN,
cast(byref(keysize),c_void_p), sizeof(keysize) ),
CK_ATTRIBUTE(CKA_PRIVATE,
cast(byref(ck_false),c_void_p), sizeof(ck_false)),
CK_ATTRIBUTE(CKA_TOKEN,
cast(byref(ck_true),c_void_p), sizeof(ck_true)),
CK_ATTRIBUTE(CKA_SENSITIVE,
cast(byref(ck_true),c_void_p), sizeof(ck_true))
)
template_len = c_ulong(size)
print "Template: ", template
print "Template: ", len(template)
print "Handle:", objHandle
print "Handle:", type(addressof(objHandle))
rv = self.etpkcs11.C_GenerateKey(self.hSession,
addressof(mechanism),
addressof(template),
template_len,
objHandle)
print "rv=",rv
print "handle=",objHandle
if rv:
if self.debug: print "Failed to create key: " , rv
raise Exception("createAES - Failed to C_GenerateKey (%s):
%s" % (rv, pkcs11error(rv)) )
else:
if self.debug: print "created key successfully: %s" %
str(handle)
--snap--
Unfortunately I end up with a return value of 32, which means invalid
data -- I guess my template is not that, what is should be.
Any hint on this is highly appreciated.
Kind regards
Cornelius
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlBHuOEACgkQGUgIxT8zfHHOugCfVgyab1EWNciOH/P9rBItg+1t
1fMAoKlZF461bAzaN+pYOsGiEWGnXZfh
=iHUW
-----END PGP SIGNATURE-----