-
Notifications
You must be signed in to change notification settings - Fork 68
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot get a token by label with lib.get_token #89
Comments
Interesting. It feels like something has changed in the string implementation and we're no longer implicitly stripping nuls from the ends of strings. Can I confirm what Python version this is, and what Cython version (should appear in |
Oh, I see what's happened. At some point we started forcing the length of strings we received from PKCS#11 in case they weren't properly null terminated (happens), and so Cython treats them like Pascal strings, and not like C strings. But it only comes up if your HSM does something like returns a null-terminated, but longer buffer. Can you try installing an editable version of python-pkcs11 |
I've changed it to: def _CK_UTF8CHAR_to_str(data):
"""Convert CK_UTF8CHAR to string."""
return data.decode('utf-8').rstrip('\0') And it now works! I'm not sure how to go from here... will you want a PR? will you commit the change yourself? |
Hi, yep, send a pull request, we can run the tests against it. I wonder if it should be |
Interestingly enough the https://github.com/miekg/pkcs11 Go library also has this behavior, maybe this is some kind of bug in the HSM or its pkcs11 module. Either way, I'll send a PR soon. Does this project as a CI somewhere? Are you interested in having a GitHub actions workflow for this project? |
Yeah there’s CI through Travis run against SoftHSM2.
You can also try running the test suite against your HSM but it can be fiddly depending on the features of your HSM. If you want to give it a go have a read of the test scripts. There’s decorators to mask out things we don’t correctly detect as unavailable. Make sure you can create session keys though. Else you’ll create 100s of objects on your HSM.
…On 30 Aug 2020, 05:19 +1000, Rui Lopes ***@***.***>, wrote:
Interestingly enough the https://github.com/miekg/pkcs11 Go library also has this behavior, maybe this is some kind of bug in the HSM or its pkcs11 module.
Either way, I'll send a PR soon.
Does this project as a CI somewhere? Are you interested in having a GitHub actions workflow for this project?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
Its in #90, but I quite puzzled to why the build only failed in Python 3.5. Can you take a look? BTW, the cryptography library is deprecating Python 3.5. BTW, I also created #91 to make the travis build more discoverable. |
I don't know why that failed on Python 3.5, it passed when I reran it. That's weird. That code shouldn't even be passing through your changes. Maybe it's due to a bug in one of our deps. It's probably time to drop Python 3.5 tbh. |
I'm using a SmartCard-HSM-4K-Mini-SIM that I've initialized with:
And the token label ended up being:
But when I try to call
lib.get_token('test (UserPIN)')
it fails with:The actual problem was revealed after enumerating the token labels with:
Which returned:
So it seems that, for some odd reason, the token label is padded with zeros...
And it only works when we do a
token.label.rstrip('\x00')
before comparing with the the user provided token label.Can
lib.get_token
be modified to strip trailingNUL
characters?The text was updated successfully, but these errors were encountered: