Get operation not respecting flexible DES/TDES key lengths

[pfunk1978]

Clear DES/TDES keys when exported can/may have their cryptographic lengths be multiples of 7 bytes instead of 8 due to parity bits. On get operations a 3des key can have a key material which is 192 bits, but the cryptographic length is reported as 168 bits, causing validation to raise a ValueError.

I patched mine locally in kmip/pie/objects.py line 674:

        if not self.key_wrapping_data:
            if ((len(self.value) * 8) != self.cryptographic_length) and \
               (self.cryptographic_algorithm ==
                enums.CryptographicAlgorithm.TRIPLE_DES and
               (len(self.value) * 7) != self.cryptographic_length):
                msg = "key length ({0}) not equal to key value length ({1})"
                msg = msg.format(
                    self.cryptographic_length,
                    len(self.value) * 8
                )
                raise ValueError(msg)

[PeterHamilton]

@pfunk1978 Thanks for filing this. After doing a bit of research, I agree that this is a legitimate issue for DES-style keys. I'll whip up a patch that incorporates your suggested fix.

Thanks again!