PKCS#11 C_CreateObject fails with bad arguments

Question

I have a C_CreateObject PKCS#11 API call to generate a 128 bit AES-key that fails with bad arguments.

Can anyone please help me figuring out what is wrong with the template ?

                            CK_OBJECT_HANDLE hKey;
                            CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
                            CK_KEY_TYPE keyType = CKK_AES;
                            CK_BBOOL _true = TRUE;
                            CK_BBOOL _false = FALSE;                              
                            CK_BYTE key_value[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef};

                            CK_ATTRIBUTE keyTemplate[] = {
                               {CKA_CLASS, &keyClass, sizeof(keyClass)},
                               {CKA_KEY_TYPE, &keyType, sizeof(keyType)},
                               {CKA_ENCRYPT, &_true, sizeof(_true)},
                               {CKA_DECRYPT, &_true, sizeof(_true)},
                               {CKA_TOKEN, &_true, sizeof(_true)},      /* token object  */
                               {CKA_PRIVATE, &_false, sizeof(_false)},  /* public object */
                               {CKA_VALUE, key_value, sizeof(key_value)},
                               {CKA_LABEL, CK_VOID_PTR("key"), sizeof("key")}
                             };

                             rv =  pfunc11->C_CreateObject(session, keyTemplate, sizeof (keyTemplate)/sizeof (CK_ATTRIBUTE), &hKey);
                             if (rv != CKR_OK) {
                                printf("ERROR: rv=0x%08X: C_CreateObject:\n", (unsigned int)rv);
                                return false;
                             }

Answer 1

Your key value is too short for AES key -- you need to provide 16 bytes (128 bits) or 32 bytes (256 bits) in key_value, e.g.:

CK_BYTE key_value[] = { 
        0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
        0xcd, 0xef, 0x89, 0xab, 0x45, 0x67, 0x01, 0x23, 
};

Good luck!