Path: csiph.com!usenet.pasdenom.info!aioe.org!news.stack.nl!newsfeed.xs4all.nl!newsfeed5.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <cornelius.koelbel@lsexperts.de>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.001
X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'else:': 0.03; '%s"': 0.07; 'null,': 0.07; 'python': 0.09; 'label,': 0.09; 'subject:ctypes': 0.09; 'def': 0.10; 'template': 0.11; 'library': 0.15; '"created': 0.16; '(%s):': 0.16; 'ctypes.': 0.16; 'filename:fname piece:signature': 0.16; 'from:charset:iso-8859-15': 0.16; 'guru': 0.16; 'hint': 0.16; 'low.': 0.16; 'library,': 0.17; 'mechanism': 0.17; 'preferred': 0.20; 'skip:" 30': 0.20; 'trying': 0.21; 'raise': 0.24; 'header:User-Agent:1': 0.26; 'charset:iso-8859-15': 0.26; 'skip:" 20': 0.26; 'appreciated.': 0.26; 'guess': 0.27; 'language.': 0.27; 'label': 0.27; 'initialized': 0.29; 'print': 0.32; 'to:addr:python-list': 0.33; '(with': 0.33; 'that,': 0.34; 'be.': 0.36; 'should': 0.36; 'data': 0.37; 'received:10': 0.38; 'there,': 0.38; 'to:addr:python.org': 0.39; 'skip:" 10': 0.40; 'header:Received:5': 0.40; 'end': 0.40; 'address': 0.60; 'skip:u 10': 0.60; 'subject:, ': 0.61; 'kind': 0.61; 'belt': 0.91
Date: Wed, 05 Sep 2012 22:41:05 +0200
From: =?ISO-8859-15?Q?Cornelius_K=F6lbel?= <cornelius.koelbel@lsexperts.de>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120827 Thunderbird/15.0
MIME-Version: 1.0
To: python-list@python.org
Subject: ctypes, strange structures of PKCS11
X-Enigmail-Version: 1.4.4
OpenPGP: id=3F337C71
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig36B91ABAEB0DE9305FABF167"
X-Virus-Scanned: by amavisd-new at pawisda.de
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.269.1346877675.27098.python-list@python.org>
Lines: 101
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1346877675 news.xs4all.nl 6894 [2001:888:2000:d::a6]:36664
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:28541

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig36B91ABAEB0DE9305FABF167
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: quoted-printable

Hi there,

I am trying to use a pkcs11 library (with python 2.7) and address this
library with ctypes.
Alas, I am neither the python black belt guru and C is not my preferred
language.

Till now, I do not want to use pykcs11, since I want to keep my
dependencies low.

I initialized the library, logged in to the token and got a session
(self.hSession).

Now I try to create an AES key using C_CreateKey.

--snip--
    def createAES(self, ks=3D32):
        rv=3D0
        mechanism =3D CK_MECHANISM(CKM_AES_KEY_GEN, NULL, 0)
        print "Mech:",mechanism.mechanism
        print "Mech:",mechanism.pParameter
        print "Mech:",mechanism.usParameterLen
      =20
        keysize =3D c_ulong(ks)
        klass =3D CKO_SECRET_KEY
        keytype =3D CKK_AES
        label =3D "testAES"
        ck_true =3D c_ubyte(1)
        ck_false =3D c_ubyte(0)
        objHandle =3D CK_OBJECT_HANDLE()
      =20
        size=3D7

        CK_TEMPLATE =3D CK_ATTRIBUTE * 6
      =20
        template =3D  CK_TEMPLATE(                    =20
                        CK_ATTRIBUTE(CKA_KEY_TYPE, c_void_p(keytype),0),
                        CK_ATTRIBUTE(CKA_LABEL, cast( label, c_void_p),
len( label )),
                        CK_ATTRIBUTE(CKA_VALUE_LEN,
cast(byref(keysize),c_void_p), sizeof(keysize) ),
                        CK_ATTRIBUTE(CKA_PRIVATE,=20
cast(byref(ck_false),c_void_p), sizeof(ck_false)),
                        CK_ATTRIBUTE(CKA_TOKEN,=20
cast(byref(ck_true),c_void_p), sizeof(ck_true)),
                        CK_ATTRIBUTE(CKA_SENSITIVE,
cast(byref(ck_true),c_void_p), sizeof(ck_true))
                        )

        template_len =3D c_ulong(size)
        print "Template: ", template
        print "Template: ", len(template)
        print "Handle:", objHandle
        print "Handle:", type(addressof(objHandle))
        rv =3D self.etpkcs11.C_GenerateKey(self.hSession,
                                         addressof(mechanism),
                                         addressof(template),
                                         template_len,
                                         objHandle)
        print "rv=3D",rv     =20
        print "handle=3D",objHandle
      =20
        if rv:
            if self.debug: print "Failed to create key: " , rv
            raise Exception("createAES - Failed to C_GenerateKey (%s):
%s" % (rv, pkcs11error(rv)) )
        else:
            if self.debug: print "created key successfully: %s" %
str(handle)
--snap--

Unfortunately I end up with a return value of 32, which means invalid
data -- I guess my template is not that, what is should be.

Any hint on this is highly appreciated.

Kind regards
Cornelius



--------------enig36B91ABAEB0DE9305FABF167
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBHuOEACgkQGUgIxT8zfHHOugCfVgyab1EWNciOH/P9rBItg+1t
1fMAoKlZF461bAzaN+pYOsGiEWGnXZfh
=iHUW
-----END PGP SIGNATURE-----

--------------enig36B91ABAEB0DE9305FABF167--