pyauth
HMAC key generation - mechanism invalid
Hello,
I'm trying to create an hmac key using the Utimaco HSM simulator. However, I get error codes which do not make much sense to me. The code is just a modification of the sample code using an rw session:
key = session.generate_key(key_type=pkcs11.KeyType.GENERIC_SECRET, mechanism=pkcs11.Mechanism.SHA256_HMAC, capabilities=pkcs11.constants.MechanismFlag.SIGN, id=keyID, label=keyLabel, store=shallBeStored)
Running the code gives me the following errors: No entry with index 0x00000251 found. Error CKR_MECHANISM_INVALID occured. ... pkcs11.exceptions.MechanismInvalid
However, iterating the mechanisms of the slot clearly states that the mechanism Mechanism.SHA256_HMAC is supported (and it is SHA256_HMAC = 593). I've also tried using pkcs11.KeyType.SHA256_HMAC with the same result. Consulting the Oasis documentation also yielded no result.
This error comes from the HSM. Some pkcs11 libraries have an environment variable to output more information to stderr. One guess would be that you may need to supply key_length.
Actually, reading this code, it's also possible that key_length has never worked correctly for non-AES keys, in which case you will want to supply a template with VALUE_LEN: key_length_in_bits.
