create_key_pair exiting with Timeout when creating RSA Key Pair with length 15360

Question

create_key_pair exiting with Timeout when creating RSA Key Pair with length 15360

Opened this issue 3 years ago · 2 comments

Kindly suggest how to increase socket time out for create_key_pair function?
and What are the supported RSA Key Pair length for py KMIP Server?

Code:
c = ProxyKmipClient(hostname=HOSTNAME_IP,port=SERVER_PORT,cert=CERT_PATH,key=KEY_PATH,ca=CA_PATH)
with c:
key_id = c.create_key_pair(
enums.CryptographicAlgorithm.RSA,
15360,
public_usage_mask=[
enums.CryptographicUsageMask.ENCRYPT
],
private_usage_mask=[
enums.CryptographicUsageMask.DECRYPT
]
)

Error Log:
enums.CryptographicUsageMask.DECRYPT
File "/usr/local/lib/python3.6/site-packages/kmip/pie/client.py", line 39, in wrapper
return function(self, *args, **kwargs)
File "/usr/local/lib/python3.6/site-packages/kmip/pie/client.py", line 364, in create_key_pair
public_key_template_attribute=public_template)
File "/usr/local/lib/python3.6/site-packages/kmip/services/kmip_client.py", line 328, in create_key_pair
response = self._send_and_receive_message(request)
File "/usr/local/lib/python3.6/site-packages/kmip/services/kmip_client.py", line 1613, in _send_and_receive_message
data = self._receive_message()
File "/usr/local/lib/python3.6/site-packages/kmip/services/kmip_client.py", line 1608, in _receive_message
return self.protocol.read()
File "/usr/local/lib/python3.6/site-packages/kmip/services/kmip_protocol.py", line 44, in read
header = self._recv_all(self.HEADER_SIZE)
File "/usr/local/lib/python3.6/site-packages/kmip/services/kmip_protocol.py", line 62, in _recv_all
msg = self.socket.recv(total_bytes_to_be_read - bytes_read)
File "/usr/lib64/python3.6/ssl.py", line 956, in recv
return self.read(buflen)
File "/usr/lib64/python3.6/ssl.py", line 833, in read
return self._sslobj.read(len, buffer)
File "/usr/lib64/python3.6/ssl.py", line 592, in read
v = self._sslobj.read(len)
socket.timeout: The read operation timed out

Answer 1 · 2021-05-13T11:03:49.000Z

@aasikraja since length is higher then , equivalent time is required to generate key, try increase TIMEOUT value in following file, kmip\core\config_helper.py (use actual installed location, motioned relative path) try increasing following value in this file, It MAY work.

    # Timeout measured in seconds
    DEFAULT_TIMEOUT = 30

Answer 2 · 2021-05-25T15:47:16.000Z

Hi @aasikraja, thanks for filing this issue. I haven't conducted performance testing using keys of your requested size. As long as pyca/cryptography and OpenSSL support it, it should be ok to generate them. As for the client timing out retrieving the response containing the key, increasing the default timeout (as suggested above) is the only way right now to mitigate the issue. Thanks to @mshamn6x for the suggestion.

I'll add configuring the socket timeout as a client configuration setting to our backlog.