CKR_MECHANISM_INVALID when using CKM_ECDSA_SHA384

LudovicRousseau / PyKCS11

PKCS#11 Wrapper for Python

GNU General Public License v2.0

96 stars 35 forks source link

CKR_MECHANISM_INVALID when using CKM_ECDSA_SHA384 #104

Open sdalgic opened 1 year ago

sdalgic commented 1 year ago

# Your system information

Operating system used:Ubuntu 20.04
PyKCS11 version: 1.5.12
Python version: 3.6
PKCS#11 library used: libsofthsm2.so and /lib64/libprocryptoki.so

# Please describe your issue in as much detail as possible: Describe what you expected should happen. While trying to sign a data by using CKM_ECDSA_SHA384 mechanism with soft hsm and also hard hsm, the same problem occurs. signature = session.sign(priv_key, byte_data, Mechanism(CKM_ECDSA_SHA384, None))

Describe what did happen. When sign method is executed, it returns below exception. Exception : CKR_MECHANISM_INVALID (0x00000070)

# Steps for reproducing this issue:

Install SoftHSM
Import EC keys into SoftHSM
Sign data with CKM_ECDSA_SHA384 mechanism.

LudovicRousseau commented 1 year ago

SoftHSM v2 does not support CKM_ECDSA_SHA384, only CKM_ECDSA. You can use getinfo.py to list all the supported mechanisms:

PYKCS11LIB=/usr/local/lib/softhsm/libsofthsm2.so samples/getinfo.py --mechanisms | grep CKM_ECDSA
   CKM_ECDSA

I guess it the same with your /lib64/libprocryptoki.so.

If you can provide a working sample C code using SoftHSMv2 and CKM_ECDSA_SHA384 then I can re-consider this issue.