How to get rsa , des , sm4 from kmip? How to write a request

Question

How to get rsa , des , sm4 from kmip? How to write a request

Opened this issue 4 years ago · 6 comments

please help me .
now , I only can get aes key from kmip server .when I want to get des or rsa, the server return the same error ID is 7.
my des request like this:
Batch Items: 1
Request Batch Item @ 0x7ffccb1db8f0
Operation: Create
Unique Batch Item ID @ (nil)
Create Request Payload @ 0x7ffccb1db910
Object Type: Symmetric Key
Template Attribute @ 0x7ffccb1db890
Names: 0
Attributes: 3
Attribute @ 0x7ffccb1db960
Attribute Name: Cryptographic Algorithm
Attribute Index: -
Attribute Value: DES
Attribute @ 0x7ffccb1db970
Attribute Name: Cryptographic Length
Attribute Index: -
Attribute Value: 64
Attribute @ 0x7ffccb1db980
Attribute Name: Cryptographic Usage Mask
Attribute Index: -
Attribute Value:
Encrypt
Decrypt

and my rsa request like this:
Batch Items: 1
Request Batch Item @ 0x7ffd3e59fe40
Operation: Create
Unique Batch Item ID @ (nil)
Create Request Payload @ 0x7ffd3e59fe60
Object Type: Private Key
Template Attribute @ 0x7ffd3e59fde0
Names: 0
Attributes: 3
Attribute @ 0x7ffd3e59feb0
Attribute Name: Cryptographic Algorithm
Attribute Index: -
Attribute Value: RSA
Attribute @ 0x7ffd3e59fec0
Attribute Name: Cryptographic Length
Attribute Index: -
Attribute Value: 2048
Attribute @ 0x7ffd3e59fed0
Attribute Name: Cryptographic Usage Mask
Attribute Index: -
Attribute Value:
Sign

the server‘s log is :
2021-02-25 20:40:18,687 - kmip.server.session.00001094 - DEBUG - Session cipher selected: ('ECDHE-RSA-AES256-SHA384', 'TLSv1/SSLv3', 256)
2021-02-25 20:40:18,696 - kmip.server.session.00001094 - INFO - Username and password verify success, username:DHTester
2021-02-25 20:40:18,697 - kmip.server.session.00001094 - DEBUG - No authentication plugins are enabled. The client identity will be extracted from the client certificate.
2021-02-25 20:40:18,700 - kmip.server.session.00001094 - DEBUG - Extraction succeeded for client identity: KmipClient
2021-02-25 20:40:18,700 - kmip.server.session.00001094 - INFO - Session client identity: KmipClient
2021-02-25 20:40:18,715 - kmip.server.engine - DEBUG - Request specified KMIP version: 1.0
2021-02-25 20:40:18,717 - kmip.server.engine - INFO - Processing operation: Create
2021-02-25 20:40:18,719 - kmip.server.session.00001094 - DEBUG - Response encoding: 42007b01000000d042007a0100000048420069010000002042006a0200000004000000010000000042006b0200000004000000000000000042009209000000080000000060379ab242000d0200000004000000010000000042000f010000007842005c0500000004000000010000000042007f0500000004000000010000000042007e0500000004000000070000000042007d070000003c43616e6e6f7420637265617465206120507269766174654b6579206f626a65637420776974682074686520437265617465206f7065726174696f6e2e00000000
2021-02-25 20:40:19,535 - kmip.server.session.00001094 - INFO - Stopping session: 00001094

but I cannot get key from server.The errorID is 7 ,my kmip client just get,
please help, how to get des, rsa and sm4 from server,

Answer 1 · 2021-02-25T14:19:11.000Z

Hi @hxszha, thanks for filing this issue. An error code of 7 likely indicates an invalid field in your Get request. Can you post the client and server logs that are produced when you attempt to retrieve your keys? Are you using libkmip or a different client library?

Answer 2 · 2021-02-26T01:47:45.000Z

I am using libkmip, And my code just like this:
///pack msg
keyLen = 2048;
algorithm = KMIP_CRYPTOALG_RSA;
attribute[0].type = KMIP_ATTR_CRYPTOGRAPHIC_ALGORITHM;
attribute[0].value = &algorithm;
int32 length = keyLen;
attribute[1].type = KMIP_ATTR_CRYPTOGRAPHIC_LENGTH;
attribute[1].value = &length;
int mask = KMIP_CRYPTOMASK_SIGN;
attribute[2].type = KMIP_ATTR_CRYPTOGRAPHIC_USAGE_MASK;
attribute[2].value = &mask;
TemplateAttribute templateAttribute = {0};
templateAttribute.attributes = attribute;
templateAttribute.attribute_count = ARRAY_LENGTH(attribute);
CreateRequestPayload createRequestPayload = {KMIP_OBJTYPE_PRIVATE_KEY, &templateAttribute};
RequestBatchItem requestBatchItem = {KMIP_OP_CREATE, NULL, &createRequestPayload};
RequestMessage requestMessage = {0};
requestMessage.request_header = &requestHeader;
requestMessage.batch_items = &requestBatchItem;
requestMessage.batch_count = 1;

/// send
if (sendMessage(requestMessage))
{
	log_warn("sendMessage fail");
	return -1;
}
/// recv
ResponseMessage responseMessage = {0};
void* pResponsePayload = NULL;
enum result_reason resultReason = KMIP_REASON_GENERAL_FAILURE;
if (ReceiveMessage(responseMessage, &pResponsePayload, resultReason))

then I just recv errorID is 7 . so ,...what should I change.

by the way, The server has been open debug log: logging_level=DEBUG
But the log is less, like this:
2021-02-25 20:40:18,687 - kmip.server.session.00001094 - DEBUG - Session cipher selected: ('ECDHE-RSA-AES256-SHA384', 'TLSv1/SSLv3', 256)
2021-02-25 20:40:18,696 - kmip.server.session.00001094 - INFO - Username and password verify success, username:DHTester
2021-02-25 20:40:18,697 - kmip.server.session.00001094 - DEBUG - No authentication plugins are enabled. The client identity will be extracted from the client certificate.
2021-02-25 20:40:18,700 - kmip.server.session.00001094 - DEBUG - Extraction succeeded for client identity: KmipClient
2021-02-25 20:40:18,700 - kmip.server.session.00001094 - INFO - Session client identity: KmipClient
2021-02-25 20:40:18,715 - kmip.server.engine - DEBUG - Request specified KMIP version: 1.0
2021-02-25 20:40:18,717 - kmip.server.engine - INFO - Processing operation: Create
2021-02-25 20:40:18,719 - kmip.server.session.00001094 - DEBUG - Response encoding: 42007b01000000d042007a0100000048420069010000002042006a0200000004000000010000000042006b0200000004000000000000000042009209000000080000000060379ab242000d0200000004000000010000000042000f010000007842005c0500000004000000010000000042007f0500000004000000010000000042007e0500000004000000070000000042007d070000003c43616e6e6f7420637265617465206120507269766174654b6579206f626a65637420776974682074686520437265617465206f7065726174696f6e2e00000000
2021-02-25 20:40:19,535 - kmip.server.session.00001094 - INFO - Stopping session: 00001094

so, what's the problem with my code .

Answer 3 · 2021-02-26T16:13:59.000Z

You cannot create a PrivateKey using the Create operation. You need to use the CreateKeyPair operation, which libkmip does not currently support. You can only Get and Delete PrivateKeys with libkmip as of the current release. You can however use the PyKMIP client to create PrivateKeys using the CreateKeyPair operation, see here.

Answer 4 · 2021-02-26T17:10:08.000Z

thank you so much for your response， can I get sm4 and creat sm4 by libkmip？any examples can I refer to。发自我的iPhone

…

在 2021年2月27日，00:14，Peter Hamilton ***@***.***> 写道： You cannot create a PrivateKey using the Create operation. You need to use the CreateKeyPair operation, which libkmip does not currently support. You can only Get and Delete PrivateKeys with libkmip as of the current release. You can however use the PyKMIP client to create PrivateKeys using the CreateKeyPair operation, see here. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.

Answer 5 · 2021-03-01T10:37:56.000Z

thank you so much for your response，
can I get sm4 and creat sm4 by libkmip？any examples can I refer to。

Answer 6 · 2021-03-02T13:54:53.000Z

You can create an SM4 key by using KMIP_CRYPTOALG_SM4 as the algorithm value. However, the PyKMIP server does not currently support SM4 key creation; it's available in pyca/cryptography, which is what we use for the server cryptography functionality, but we would need to update the mapping in the engine (along with the associated tests) to enable that functionality. If you are using libkmip with another KMIP server this isn't an issue.