ctypes, strange structures of PKCS11

Cornelius Kölbel cornelius.koelbel at lsexperts.de
Wed Sep 5 16:41:05 EDT 2012 

Hi there,

I am trying to use a pkcs11 library (with python 2.7) and address this
library with ctypes.
Alas, I am neither the python black belt guru and C is not my preferred
language.

Till now, I do not want to use pykcs11, since I want to keep my
dependencies low.

I initialized the library, logged in to the token and got a session
(self.hSession).

Now I try to create an AES key using C_CreateKey.

--snip--
    def createAES(self, ks=32):
        rv=0
        mechanism = CK_MECHANISM(CKM_AES_KEY_GEN, NULL, 0)
        print "Mech:",mechanism.mechanism
        print "Mech:",mechanism.pParameter
        print "Mech:",mechanism.usParameterLen
       
        keysize = c_ulong(ks)
        klass = CKO_SECRET_KEY
        keytype = CKK_AES
        label = "testAES"
        ck_true = c_ubyte(1)
        ck_false = c_ubyte(0)
        objHandle = CK_OBJECT_HANDLE()
       
        size=7

        CK_TEMPLATE = CK_ATTRIBUTE * 6
       
        template =  CK_TEMPLATE(                     
                        CK_ATTRIBUTE(CKA_KEY_TYPE, c_void_p(keytype),0),
                        CK_ATTRIBUTE(CKA_LABEL, cast( label, c_void_p),
len( label )),
                        CK_ATTRIBUTE(CKA_VALUE_LEN,
cast(byref(keysize),c_void_p), sizeof(keysize) ),
                        CK_ATTRIBUTE(CKA_PRIVATE, 
cast(byref(ck_false),c_void_p), sizeof(ck_false)),
                        CK_ATTRIBUTE(CKA_TOKEN, 
cast(byref(ck_true),c_void_p), sizeof(ck_true)),
                        CK_ATTRIBUTE(CKA_SENSITIVE,
cast(byref(ck_true),c_void_p), sizeof(ck_true))
                        )

        template_len = c_ulong(size)
        print "Template: ", template
        print "Template: ", len(template)
        print "Handle:", objHandle
        print "Handle:", type(addressof(objHandle))
        rv = self.etpkcs11.C_GenerateKey(self.hSession,
                                         addressof(mechanism),
                                         addressof(template),
                                         template_len,
                                         objHandle)
        print "rv=",rv      
        print "handle=",objHandle
       
        if rv:
            if self.debug: print "Failed to create key: " , rv
            raise Exception("createAES - Failed to C_GenerateKey (%s):
%s" % (rv, pkcs11error(rv)) )
        else:
            if self.debug: print "created key successfully: %s" %
str(handle)
--snap--

Unfortunately I end up with a return value of 32, which means invalid
data -- I guess my template is not that, what is should be.

Any hint on this is highly appreciated.

Kind regards
Cornelius


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/python-list/attachments/20120905/c40545d8/attachment.sig>

More information about the Python-list mailing list