我有一个C_CreateObject PKCS#11 API调用,用于生成128位AES密钥,该密钥因参数错误而失败。
任何人都可以帮我弄清楚模板有什么问题吗?
CK_OBJECT_HANDLE hKey;
CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
CK_KEY_TYPE keyType = CKK_AES;
CK_BBOOL _true = TRUE;
CK_BBOOL _false = FALSE;
CK_BYTE key_value[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef};
CK_ATTRIBUTE keyTemplate[] = {
{CKA_CLASS, &keyClass, sizeof(keyClass)},
{CKA_KEY_TYPE, &keyType, sizeof(keyType)},
{CKA_ENCRYPT, &_true, sizeof(_true)},
{CKA_DECRYPT, &_true, sizeof(_true)},
{CKA_TOKEN, &_true, sizeof(_true)}, /* token object */
{CKA_PRIVATE, &_false, sizeof(_false)}, /* public object */
{CKA_VALUE, key_value, sizeof(key_value)},
{CKA_LABEL, CK_VOID_PTR("key"), sizeof("key")}
};
rv = pfunc11->C_CreateObject(session, keyTemplate, sizeof (keyTemplate)/sizeof (CK_ATTRIBUTE), &hKey);
if (rv != CKR_OK) {
printf("ERROR: rv=0x%08X: C_CreateObject:\n", (unsigned int)rv);
return false;
}
答案 0 :(得分:1)
AES key的密钥值太短 - 您需要在key_value中提供16个字节(128位)或32个字节(256位),例如:
CK_BYTE key_value[] = {
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
0xcd, 0xef, 0x89, 0xab, 0x45, 0x67, 0x01, 0x23,
};