From eb426222e4910e2533355f4de4852b413a08733a Mon Sep 17 00:00:00 2001
From: Eric Devolder <eric.devolder@mastercard.com>
Date: Wed, 7 Sep 2022 20:24:58 +0000
Subject: [PATCH] fix for issue #140

- Adding a default mechanism for `CKK_GENERIC_SECRET` key type
- Fixing condition for including `CKA_VALUE_LEN` when generating a secret key. It is now skipped only for those algorithms that do not want it.
---
 pkcs11/_pkcs11.pyx | 2 +-
 pkcs11/defaults.py | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkcs11/_pkcs11.pyx b/pkcs11/_pkcs11.pyx
index ad1d7f3..0f996d1 100644
--- a/pkcs11/_pkcs11.pyx
+++ b/pkcs11/_pkcs11.pyx
@@ -401,7 +401,7 @@ class Session(types.Session):
             Attribute.DERIVE: MechanismFlag.DERIVE & capabilities,
         }
 
-        if key_type is KeyType.AES:
+        if key_type not in (KeyType.DES2, KeyType.DES3, KeyType.GOST28147, KeyType.SEED):
             if key_length is None:
                 raise ArgumentsBad("Must provide `key_length'")
 
diff --git a/pkcs11/defaults.py b/pkcs11/defaults.py
index ca850c9..e652f42 100644
--- a/pkcs11/defaults.py
+++ b/pkcs11/defaults.py
@@ -26,6 +26,7 @@
     KeyType.EC: Mechanism.EC_KEY_PAIR_GEN,
     KeyType.RSA: Mechanism.RSA_PKCS_KEY_PAIR_GEN,
     KeyType.X9_42_DH: Mechanism.X9_42_DH_KEY_PAIR_GEN,
+    KeyType.GENERIC_SECRET: Mechanism.GENERIC_SECRET_KEY_GEN,
 }
 """
 Default mechanisms for generating keys.