Re: [osol-code] Problem on CKM_AES_KEY_GEN in pkcs11_softtoken.so

Wed, 12 Dec 2007 16:51:34 -0800 

Alick,

 crypto-discuss is a good place to ask these questions.

> I have studied on CKM_AES_KEY_GEN in pkcs11_softtoken.so recently. 
> But there occurs a problem which prompt no reference of C_GenerateKey.
>   

 You might want to print out the error code from this routine.  The list
 of error codes is in /usr/include/security/pkcs11t.h.

> Codes are attached as follows.
> Is there any one who can help me?

 You have specified CKA_PRIVATE and CKA_TOKEN as true. This means
 you need to do a C_Login() to the soft token key store before calling
 C_GenerateKey().

-Krishna

 
> could you please send me an example how to use CKM_AES_KEY_GEN properly?
>
> Thanks a lot!
>
> ----------------------------------------------------------------------
> #include <stdio.h>
> #include <fcntl.h>
> #include <errno.h>
> #include <sys/types.h>
> #include <security/cryptoki.h>
> #include <security/pkcs11.h>
>
> int makeKey(CK_SESSION_HANDLE a_hSession)
> {
>
>       int rc = -1;
>
>       // Generate a 128-bit AES key
>       CK_RV rv;
>       CK_BBOOL bTrue = TRUE;
>       CK_BBOOL bFalse = FALSE;
>       CK_OBJECT_CLASS tKeyClass = CKO_SECRET_KEY;
>       CK_KEY_TYPE tKeyType = CKK_AES;
>       CK_ULONG ulKeyLen = 16;
>       CK_MECHANISM tMechanism =
>       { CKM_AES_KEY_GEN, NULL, 0 };
>       CK_ATTRIBUTE tAttr[] =
>       {
>       { CKA_CLASS, &tKeyClass, sizeof(tKeyClass ) },
>       { CKA_TOKEN, &bTrue, sizeof(bTrue ) },
>       { CKA_PRIVATE, &bTrue, sizeof(bTrue ) },
>       { CKA_MODIFIABLE, &bFalse, sizeof(bFalse ) },
>       { CKA_KEY_TYPE, &tKeyType, sizeof(tKeyType ) },
>       { CKA_ENCRYPT, &bTrue, sizeof(bTrue ) },
>       { CKA_VALUE_LEN, &ulKeyLen, sizeof(ulKeyLen ) }, 
>       };
>
>       CK_ULONG ulAttrCount = sizeof( tAttr ) / sizeof( CK_ATTRIBUTE );
>       CK_OBJECT_HANDLE hObject;
>
>       // Generate the key on the token
>       rv = C_GenerateKey( a_hSession, &tMechanism, tAttr, ulAttrCount, 
> &hObject );
>       if ( rv != CKR_OK )
>               goto out;
>
>       rc = 0;
> out:
>       return rc;
> }
>
> -------------------------------------------------------------------
>  
>  
> This message posted from opensolaris.org
> _______________________________________________
> opensolaris-code mailing list
> [email protected]
> http://mail.opensolaris.org/mailman/listinfo/opensolaris-code
>   

_______________________________________________
opensolaris-code mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/opensolaris-code

Reply via email to