fix for issue #140

keldonin · MatthiasValvekens · commit 548056acb880 · 2025-06-19T22:21:44.000+02:00
- Adding a default mechanism for `CKK_GENERIC_SECRET` key type
- Fixing condition for including `CKA_VALUE_LEN` when generating a secret key. It is now skipped only for those algorithms that do not want it.
diff --git a/pkcs11/_pkcs11.pyx b/pkcs11/_pkcs11.pyx
@@ -658,7 +658,7 @@ class Session(types.Session):
             Attribute.DERIVE: MechanismFlag.DERIVE & capabilities,
         }
 
-        if key_type is KeyType.AES:
+        if key_type not in (KeyType.DES2, KeyType.DES3, KeyType.GOST28147, KeyType.SEED):
             if key_length is None:
                 raise ArgumentsBad("Must provide `key_length'")
 
diff --git a/pkcs11/defaults.py b/pkcs11/defaults.py
@@ -26,6 +26,7 @@
     KeyType.RSA: Mechanism.RSA_PKCS_KEY_PAIR_GEN,
     KeyType.X9_42_DH: Mechanism.X9_42_DH_KEY_PAIR_GEN,
     KeyType.EC_EDWARDS: Mechanism.EC_EDWARDS_KEY_PAIR_GEN,
+    KeyType.GENERIC_SECRET: Mechanism.GENERIC_SECRET_KEY_GEN,
 }
 """
 Default mechanisms for generating keys.

Original file line number	Diff line number	Diff line change
`@@ -658,7 +658,7 @@ class Session(types.Session):`
`658`	`658`	`Attribute.DERIVE: MechanismFlag.DERIVE & capabilities,`
`659`	`659`	`}`
`660`	`660`
`661`		`- if key_type is KeyType.AES:`
	`661`	`+ if key_type not in (KeyType.DES2, KeyType.DES3, KeyType.GOST28147, KeyType.SEED):`
`662`	`662`	`if key_length is None:`
`663`	`663`	raise ArgumentsBad("Must provide `key_length'")
`664`	`664`
Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,7 @@`
`26`	`26`	`KeyType.RSA: Mechanism.RSA_PKCS_KEY_PAIR_GEN,`
`27`	`27`	`KeyType.X9_42_DH: Mechanism.X9_42_DH_KEY_PAIR_GEN,`
`28`	`28`	`KeyType.EC_EDWARDS: Mechanism.EC_EDWARDS_KEY_PAIR_GEN,`
	`29`	`+ KeyType.GENERIC_SECRET: Mechanism.GENERIC_SECRET_KEY_GEN,`
`29`	`30`	`}`
`30`	`31`	`"""`
`31`	`32`	`Default mechanisms for generating keys.`