LudovicRousseau / PyKCS11 / 12851805829

        # get SoftHSM major version

            self.slot, PyKCS11.CKF_SERIAL_SESSION | PyKCS11.CKF_RW_SESSION

        )

        # common templates used in derive test cases

            (PyKCS11.CKA_CLASS, PyKCS11.CKO_SECRET_KEY),

            (PyKCS11.CKA_KEY_TYPE, PyKCS11.CKK_AES),

            (PyKCS11.CKA_VALUE_LEN, 32),

            (PyKCS11.CKA_TOKEN, PyKCS11.CK_TRUE),

            (PyKCS11.CKA_SENSITIVE, PyKCS11.CK_FALSE),

            (PyKCS11.CKA_EXTRACTABLE, PyKCS11.CK_TRUE),

            (PyKCS11.CKA_PRIVATE, PyKCS11.CK_TRUE),

            (PyKCS11.CKA_LABEL, "DeriveTestBaseAes256Key"),

            (PyKCS11.CKA_DERIVE, PyKCS11.CK_TRUE),

        ]

            (PyKCS11.CKA_CLASS, PyKCS11.CKO_SECRET_KEY),

            (PyKCS11.CKA_KEY_TYPE, PyKCS11.CKK_GENERIC_SECRET),

            (PyKCS11.CKA_TOKEN, PyKCS11.CK_FALSE),

            (PyKCS11.CKA_SENSITIVE, PyKCS11.CK_FALSE),

            (PyKCS11.CKA_EXTRACTABLE, PyKCS11.CK_TRUE),

            (PyKCS11.CKA_PRIVATE, PyKCS11.CK_TRUE),

            (PyKCS11.CKA_LABEL, "DeriveTestGenericKey"),

        ]

        # generate a common symmetric base key for tests

        # Select the curve to be used for the keys

        # Setup the domain parameters, unicode conversion needed

        # for the curve string

            (PyKCS11.CKA_CLASS, PyKCS11.CKO_PUBLIC_KEY),

            (PyKCS11.CKA_PRIVATE, PyKCS11.CK_FALSE),

            (PyKCS11.CKA_TOKEN, PyKCS11.CK_TRUE),

            (PyKCS11.CKA_ENCRYPT, PyKCS11.CK_TRUE),

            (PyKCS11.CKA_VERIFY, PyKCS11.CK_TRUE),

            (PyKCS11.CKA_WRAP, PyKCS11.CK_TRUE),

            (PyKCS11.CKA_KEY_TYPE, PyKCS11.CKK_ECDSA),

            (PyKCS11.CKA_EC_PARAMS, self.ecParams),

            (PyKCS11.CKA_LABEL, "TestBaseKeyP256"),

            (PyKCS11.CKA_ID, keyID),

        ]

            (PyKCS11.CKA_CLASS, PyKCS11.CKO_PRIVATE_KEY),

            (PyKCS11.CKA_KEY_TYPE, PyKCS11.CKK_ECDSA),

            (PyKCS11.CKA_TOKEN, PyKCS11.CK_TRUE),

            (PyKCS11.CKA_SENSITIVE, PyKCS11.CK_TRUE),

            (PyKCS11.CKA_PRIVATE, PyKCS11.CK_FALSE),

            (PyKCS11.CKA_DECRYPT, PyKCS11.CK_TRUE),

            (PyKCS11.CKA_SIGN, PyKCS11.CK_TRUE),

            (PyKCS11.CKA_UNWRAP, PyKCS11.CK_TRUE),

            (PyKCS11.CKA_LABEL, "TestBaseKeyP256"),

            (PyKCS11.CKA_ID, keyID),

            (PyKCS11.CKA_DERIVE, PyKCS11.CK_TRUE),

        ]

            self.session.getAttributeValue(

            key, [PyKCS11.CKA_VALUE])[0]

        )

            (PyKCS11.CKA_CLASS, PyKCS11.CKO_PUBLIC_KEY),

            (PyKCS11.CKA_PRIVATE, PyKCS11.CK_FALSE),

            (PyKCS11.CKA_TOKEN, PyKCS11.CK_FALSE),

            (PyKCS11.CKA_ENCRYPT, PyKCS11.CK_TRUE),

            (PyKCS11.CKA_VERIFY, PyKCS11.CK_TRUE),

            (PyKCS11.CKA_WRAP, PyKCS11.CK_TRUE),

            (PyKCS11.CKA_KEY_TYPE, PyKCS11.CKK_ECDSA),

            (PyKCS11.CKA_EC_PARAMS, self.ecParams),

            (PyKCS11.CKA_LABEL, "testKeyP256"),

            (PyKCS11.CKA_ID, keyID),

        ]

            (PyKCS11.CKA_CLASS, PyKCS11.CKO_PRIVATE_KEY),

            (PyKCS11.CKA_KEY_TYPE, PyKCS11.CKK_ECDSA),

            (PyKCS11.CKA_TOKEN, PyKCS11.CK_FALSE),

            (PyKCS11.CKA_SENSITIVE, PyKCS11.CK_TRUE),

            (PyKCS11.CKA_PRIVATE, PyKCS11.CK_TRUE),

            (PyKCS11.CKA_DECRYPT, PyKCS11.CK_TRUE),

            (PyKCS11.CKA_SIGN, PyKCS11.CK_TRUE),

            (PyKCS11.CKA_UNWRAP, PyKCS11.CK_TRUE),

            (PyKCS11.CKA_LABEL, "testKeyP256"),

            (PyKCS11.CKA_ID, keyID),

            (PyKCS11.CKA_DERIVE, PyKCS11.CK_TRUE),

        ]

            (PyKCS11.CKA_CLASS, PyKCS11.CKO_SECRET_KEY),

            (PyKCS11.CKA_KEY_TYPE, PyKCS11.CKK_AES),

            (PyKCS11.CKA_TOKEN, PyKCS11.CK_FALSE),

            (PyKCS11.CKA_SENSITIVE, PyKCS11.CK_TRUE),

            (PyKCS11.CKA_PRIVATE, PyKCS11.CK_TRUE),

            (PyKCS11.CKA_ENCRYPT, PyKCS11.CK_TRUE),

            (PyKCS11.CKA_DECRYPT, PyKCS11.CK_TRUE),

            (PyKCS11.CKA_SIGN, PyKCS11.CK_FALSE),

            (PyKCS11.CKA_EXTRACTABLE, PyKCS11.CK_TRUE),

            (PyKCS11.CKA_VERIFY, PyKCS11.CK_FALSE),

            (PyKCS11.CKA_VALUE_LEN, 24),

            (PyKCS11.CKA_LABEL, "derivedAESKey"),

            (PyKCS11.CKA_ID, keyID),

        ]

        # derive key 1 : self.basePvtKey + pubKey

        # derive key 2 : pvtKey + self.basePubKey

        # match check values

        # cleanup

        # This mechanism is not supported in the current release of SoftHSM (2.6.1), however available in develop branch,

        # see https://github.com/opendnssec/SoftHSMv2/commit/fa595c07a185656382c18ea2a6a12cad825d48b4

        # generate a key to concatenate with

        # concatenate two keys

            (PyKCS11.CKA_VALUE_LEN, 64),

            (PyKCS11.CKA_ID, keyID)

        ]

            self.baseKey, derivedKeyTemplate, mechanism)

        # check derived key's value

        # match: check values

        # cleanup

        # This mechanism is not supported in the current release of SoftHSM (2.6.1), however available in develop branch,

        # see https://github.com/opendnssec/SoftHSMv2/commit/dba00d73e1b69f65b68397d235e7f73bbf59ab6a

        # generate data to concatenate with

        # concatenate key with data

            (PyKCS11.CKA_VALUE_LEN, 64),

            (PyKCS11.CKA_ID, keyID)

        ]

            self.baseKey, derivedKeyTemplate, mechanism)

        # check derived key's value

        # match: check values

        # cleanup

        # This mechanism is not supported in the current release of SoftHSM (2.6.1), however available in develop branch,

        # see https://github.com/opendnssec/SoftHSMv2/commit/fae0d9f769ac30d25f563c5fc6c417e9199e4403

        # generate data to concatenate with

        # concatenate data with key

            (PyKCS11.CKA_VALUE_LEN, 64),

            (PyKCS11.CKA_ID, keyID)

        ]

            self.baseKey, derivedKeyTemplate, mechanism)

        # check derived key's value

        # match: check values

        # cleanup

        # generate data to xor with

        # xor key with data

            (PyKCS11.CKA_VALUE_LEN, 32),

            (PyKCS11.CKA_ID, keyID)

        ]

            self.baseKey, derivedKeyTemplate, mechanism)

        # check derived key's value

        # match: check values

        # cleanup

        # sample from the PKCS#11 specification 3.0, section 2.43.7

        # see https://docs.oasis-open.org/pkcs11/pkcs11-curr/v3.0/os/pkcs11-curr-v3.0-os.html#_Toc30061466

            (PyKCS11.CKA_DERIVE, PyKCS11.CK_TRUE),

            (PyKCS11.CKA_VALUE, [0x32, 0x9f, 0x84, 0xa9])]

        # create a base key

            PyKCS11.CKA_VALUE_LEN, len(expectedDerivedKeyValue))]

        # extract bytes from the base key

            baseKey, derivedKeyTemplate, mechanism)

        # match: check derived key value