Closed 7ritn closed 1 year ago
According to the PKCS#11 v. 2.4 specs the length of supported keys for AES mechanisms should be in Bytes. The library returns the length in Bits.
$ pkcs11-tool --module ~/Development/sc-hsm-embedded/src/pkcs11/.libs/libsc-hsm-pkcs11.so -M Using slot 0 with a present token (0x1) Supported mechanisms: // [...] AES-CBC, keySize={128,256}, hw, encrypt, decrypt AES-CMAC, keySize={128,256}, hw, sign // [...] AES-KEY-GEN, keySize={128,256}, hw, generate // [...]
https://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/os/pkcs11-base-v2.40-errata01-os-complete.html#_Toc441755753 (3.5 Data types for mechanisms) states that length unit (Bits or Bytes) is mechanism dependent and http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/os/pkcs11-curr-v2.40-os.html#_Toc416960049 (2.8.2 AES secret key objects) states that the AES secret key length should be specified in Bytes
Thanks for reporting this.
CardContact
commented
1 year ago CardContact
commented
1 year ago
According to the PKCS#11 v. 2.4 specs the length of supported keys for AES mechanisms should be in Bytes. The library returns the length in Bits.
https://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/os/pkcs11-base-v2.40-errata01-os-complete.html#_Toc441755753 (3.5 Data types for mechanisms) states that length unit (Bits or Bytes) is mechanism dependent and http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/os/pkcs11-curr-v2.40-os.html#_Toc416960049 (2.8.2 AES secret key objects) states that the AES secret key length should be specified in Bytes