ctypes, strange structures of PKCS11

Discussion in 'Python' started by Cornelius Kölbel, Sep 5, 2012.

  1. Hi there,

    I am trying to use a pkcs11 library (with python 2.7) and address this
    library with ctypes.
    Alas, I am neither the python black belt guru and C is not my preferred
    language.

    Till now, I do not want to use pykcs11, since I want to keep my
    dependencies low.

    I initialized the library, logged in to the token and got a session
    (self.hSession).

    Now I try to create an AES key using C_CreateKey.

    --snip--
    def createAES(self, ks=32):
    rv=0
    mechanism = CK_MECHANISM(CKM_AES_KEY_GEN, NULL, 0)
    print "Mech:",mechanism.mechanism
    print "Mech:",mechanism.pParameter
    print "Mech:",mechanism.usParameterLen

    keysize = c_ulong(ks)
    klass = CKO_SECRET_KEY
    keytype = CKK_AES
    label = "testAES"
    ck_true = c_ubyte(1)
    ck_false = c_ubyte(0)
    objHandle = CK_OBJECT_HANDLE()

    size=7

    CK_TEMPLATE = CK_ATTRIBUTE * 6

    template = CK_TEMPLATE(
    CK_ATTRIBUTE(CKA_KEY_TYPE, c_void_p(keytype),0),
    CK_ATTRIBUTE(CKA_LABEL, cast( label, c_void_p),
    len( label )),
    CK_ATTRIBUTE(CKA_VALUE_LEN,
    cast(byref(keysize),c_void_p), sizeof(keysize) ),
    CK_ATTRIBUTE(CKA_PRIVATE,
    cast(byref(ck_false),c_void_p), sizeof(ck_false)),
    CK_ATTRIBUTE(CKA_TOKEN,
    cast(byref(ck_true),c_void_p), sizeof(ck_true)),
    CK_ATTRIBUTE(CKA_SENSITIVE,
    cast(byref(ck_true),c_void_p), sizeof(ck_true))
    )

    template_len = c_ulong(size)
    print "Template: ", template
    print "Template: ", len(template)
    print "Handle:", objHandle
    print "Handle:", type(addressof(objHandle))
    rv = self.etpkcs11.C_GenerateKey(self.hSession,
    addressof(mechanism),
    addressof(template),
    template_len,
    objHandle)
    print "rv=",rv
    print "handle=",objHandle

    if rv:
    if self.debug: print "Failed to create key: " , rv
    raise Exception("createAES - Failed to C_GenerateKey (%s):
    %s" % (rv, pkcs11error(rv)) )
    else:
    if self.debug: print "created key successfully: %s" %
    str(handle)
    --snap--

    Unfortunately I end up with a return value of 32, which means invalid
    data -- I guess my template is not that, what is should be.

    Any hint on this is highly appreciated.

    Kind regards
    Cornelius



    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.11 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

    iEYEARECAAYFAlBHuOEACgkQGUgIxT8zfHHOugCfVgyab1EWNciOH/P9rBItg+1t
    1fMAoKlZF461bAzaN+pYOsGiEWGnXZfh
    =iHUW
    -----END PGP SIGNATURE-----
     
    Cornelius Kölbel, Sep 5, 2012
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Henk Punt
    Replies:
    0
    Views:
    426
    Henk Punt
    Jul 23, 2004
  2. Alfonso Morra
    Replies:
    11
    Views:
    754
    Emmanuel Delahaye
    Sep 24, 2005
  3. Replies:
    0
    Views:
    539
  4. Francesco

    PKCS11 with jre 1.30

    Francesco, Sep 10, 2008, in forum: Java
    Replies:
    2
    Views:
    460
    Francesco
    Sep 11, 2008
  5. MadDruid

    PKCS11 and DER

    MadDruid, Nov 11, 2008, in forum: C++
    Replies:
    2
    Views:
    384
    Giovanni
    Nov 12, 2008
Loading...

Share This Page