@popovec @hhonkanen @fabled you all contributed to the support of symmetric keys in OpenSC. This PR is doing some pkcs11-level tests on these so I would be glad for feedback, as this is basically my first use of secret keys in pkcs11.

Unfortunately, there is no real support for symmetric enc / decrypt in OpenSC for MyEID card. Currently, the MyEID driver only supports uploading a symmetric key to the card. (Test of this operation can be added to github actions, with OsEID simulation, it works without problems).

It is about one year ago - a have tested the @carblue patch and my MyEID driver patch - outdated version of can be found on github.. #1796 (comment) However, this solution is not complete - there is support for C_EncryptInit (), C_Encrypt () but there is no support for C_EncryptUpdate () and C_EncryptFinal ()... (similar for decrypt - no support for C_DecryptUpdate .. C_DecryptFinal .. ).

Due to the incompleteness of this solution, I have not yet offered my MyEID patch as a PR for OpenSC.

If someone can add symmetric encryption support to the OpenSC (at least similar to the one outlined by @carblue), I will prepare a patch for the MyEID driver that will use it. I would like the solution to be complete - it must also include C_EncryptFinal, C_Encrypt_Update, and the solution must have correspondingly designed interface for the card driver. Personally, I currently don't have enough time to start writing such a big patch.

I would like to comment on problem #1796. This test is incomplete and strongly limited to the use of the CKM_DES_CBC mechanism. If any card supports AES-KEY-WRAP but does not have DES_CBC support for unwrap/wrap .. it will not work. Here we need to add a listing of wrap/unwrap mechanisms and perform a series of tests accordingly to the available wrap/unwrap mechanisms.