-
Notifications
You must be signed in to change notification settings - Fork 712
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add AES-CMAC support to pkcs11-tool #2914
Comments
dlegaultbbry
added a commit
to dlegaultbbry/OpenSC
that referenced
this issue
Oct 24, 2023
If not too much to ask, can this be add to 0.24? |
I do not have an issue with landing this in 0.24.0 as it is a simple addition. Regarding the other mechanisms, I think they are added as needed so if you know there are some of them working with your HSM, feel free to add them, but you do not have to go through the whole list. |
Jakuje
pushed a commit
that referenced
this issue
Oct 31, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem Description
AES-CMAC doesn't work using pkcs11-tool as it's missing basic configuration similar to HMAC
NOTE: There are many algorithms which seem to not be setup properly and I'm not sure if one wouldn't need to go through all of them? I don't have a HSM capable of all of them for this task though.
Proposed Resolution
Add proper flags in to recognize that the algorithm requires an secret key and not a private one. Add the flags that it supports sign/verify as per signature algorithm definitions used for MAC algorithms.
Steps to reproduce
See below
The Private key error message is because the algorithm doesn't have MF_CKO_SECRET_KEY set so it fails in find_object_flags and falls back to default of private key for sign.
Logs
The text was updated successfully, but these errors were encountered: