thalesgroup / kmip-go Goto Github PK

KMIP client library in Golang

License: MIT License

Dockerfile 0.08% Makefile 1.01% Go 98.91%

kmip

kmip-go's Introduction

kmip-go

kmip-go is a go implemenation of KMIP protocol primitives. It supports marshaling data in TTLV, XML, or JSON encodings to and from go values and structs. It can be used to implement KMIP clients or servers.

Installation

go get github.com/gemalto/kmip-go

Or, to just install the ppkmip pretty printing tool:

go install github.com/gemalto/kmip-go/cmd/ppkmip

Packages

The ttlv package implements the core encoder and decoder logic.

The kmip14 package contains constants for all the tags, types, enumerations and bitmasks defined in the KMIP 1.4 specification. It also contains mappings from these values to the normalized names used in the JSON and XML encodings, and the canonical names used in Attribute structures.
The kmip14 definitions are all automatically registered with ttlv.DefaultRegistry.

The kmip20 package adds additional enumeration values from the 2.0 specification. It is meant to be registered on top of the 1.4 definitions.

The root package defines golang structures for some of the significant Structure definitions in the 1.4 specification, like Attributes, Request, Response, etc. It is incomplete, but can be used as an example for defining other structures. It also contains an example of a client and server.

cmd/kmipgen is a code generation tool which generates the tag and enum constants from a JSON specification input. It can also be used independently in your own code to generate additional tags and constants. make install to build and install the tool. See kmip14/kmip_1_4.go for an example of using the tool.

cmd/kmipgen is a tool for pretty printing kmip values. It can accept KMIP input from stdin or files, encoded in TTLV, XML, or JSON, and output in a variety of formats. make install to intall the tool, and ppkmip --help to see usage.

Contributing

To build, be sure to have a recent go SDK, and make. Run make tools to install other dependencies.

There is also a dockerized build, which only requires make and docker-compose: make docker. You can also do make fish or make bash to shell into the docker build container.

Merge requests are welcome! Before submitting, please run make and make sure all tests pass and there are no linter findings.

kmip-go's People

Contributors

Stargazers

Watchers

kmip-go's Issues

Release status/milestone check

With this report, we would like to check the release cadence of this repo if available. We are mainly looking for 0.0.8 with the changes merged a month ago #19.

Is there any release planned in this month or soon?

Cc @baum

tag a new release with the latest changes

The latest tag is 0.0.5 which is a year older then the latest master code.

When one go get ... the pkg he will get:

github.com/gemalto/kmip-go v0.0.5

which does not include all the code in master.

It is very confusing to see the object_base_test.go examples and try to run them against the go get... package and see it is not compiling...

Decoding Wrapped key value

For decoding the response received for normal get key operation, able to perform that using following code :
decoder.DecodeValue(&keyValue, respPayload.SymmetricKey.KeyBlock.KeyValue.(ttlv.TTLV))
where keyValue is struct, which contains field keyMaterial which is of []byte type.

If get Wrapped key operation is performed, the keyValue returned is of []uint8 type.
Tried to get the keymaterial using the following code :
var respPayload GetResponsePayload
err = decoder.DecodeValue(&respPayload, responseMessage.BatchItem[0].ResponsePayload.(ttlv.TTLV))
if err != nil {
fmt.Println(err)
}
var keyValue []byte
keyValue = respPayload.SymmetricKey.KeyBlock.KeyValue.([]byte)
fmt.Println(hex.EncodeString(keyValue))

Here, the encoded hex string does not match the keyValue in response.
Response message :
SymmetricKey (Structure/352):
KeyBlock (Structure/344):
KeyFormatType (Enumeration/4): Raw
KeyValue (ByteString/128): 0x49ded6a0899e679963466e92e736f7624277e35f258327c13876ccbff4600cd6b5ad0cf27d3f3b46d97e9da22b94420f614795d4e4de963f6724c37f3c21fc08fbe88abf2beaffc48e3b0f713f6c6f35253abab9f51a1340b6e51028236dad53b7fe2db42216c708f8d2b450cff6dae619922b00262f1777eff106f8bb9b685a
CryptographicAlgorithm (Enumeration/4): AES
CryptographicLength (Integer/4): 256
KeyWrappingData (Structure/152):
WrappingMethod (Enumeration/4): Encrypt
EncryptionKeyInformation (Structure/112):
UniqueIdentifier (TextString/64): 278afc60ac1e4185b6b11d3a8186000f759895ccd9e649f6a553b3e7c953a0c2
CryptographicParameters (Structure/32):
PaddingMethod (Enumeration/4): OAEP
HashingAlgorithm (Enumeration/4): SHA_1
EncodingOption (Enumeration/4): NoEncoding

Requesting the correct steps to decode the wrapped key from the response.

Invalid Tag error in TTLV marshal

Getting invalid tag error when MaskHashingAlgorithm is provided in cryptographicParamters in request message.
Same error is seen in response also in get wrapped key when this value is provided in request message.

Sample Request Message :

CommonTemplateAttribute: kmip.TemplateAttribute{
Attribute: []kmip.Attribute{
{
AttributeName: "Cryptographic Algorithm",
AttributeValue: kmip14.CryptographicAlgorithmRSA,
},
{
AttributeName: "Cryptographic Length",
AttributeValue: int32(4096),
},
{
AttributeName: "Cryptographic Parameters",
AttributeValue: cryptographicParameters,
},
}

Where cryptographicParamters is :

cryptographicParameters := kmip.CryptographicParameters{
	PaddingMethod:        kmip14.PaddingMethodOAEP,
	HashingAlgorithm:     kmip14.HashingAlgorithmSHA_384,
	MaskHashingAlgorithm: kmip14.HashingAlgorithmSHA_384,
}

Kindly let us know, how to marshal the request message.

Thanks.

proxy protocol support

Hi,

If the incoming tls is proxy protcol enabled, then how to make the kmip-go work?

Thanks a lot

What is the right way to set value for Name in Template Attribute?

I try to create a new key with a specific Name ( 3.1.3 Use-case: Create / Locate / Get / Destroy from https://docs.oasis-open.org/kmip/usecases/v1.0/cd05/kmip-usecases-1.0-cd-05.html)

	request := kmip.CreateRequestPayload{
		ObjectType: kmip14.ObjectTypeSymmetricKey,
		TemplateAttribute: kmip.TemplateAttribute{},
	}
	request.TemplateAttribute.Append(kmip14.TagCryptographicAlgorithm, kmip14.CryptographicAlgorithmAES)
	request.TemplateAttribute.Append(kmip14.TagCryptographicLength, length)
	request	.TemplateAttribute.Append(kmip14.TagCryptographicUsageMask, kmip14.CryptographicUsageMaskEncrypt|kmip14.CryptographicUsageMaskDecrypt)
	request.TemplateAttribute.Append(kmip14.TagName, "test2")

But pykmip fails to execute my request:

kmip_1     | 2021-04-22 15:26:26,603 kmip.server.session.00000006 INFO     Starting session: 00000006
kmip_1     | 2021-04-22 15:26:26,631 kmip.server.session.00000006 DEBUG    Request encoding: b'4200780100000160'
kmip_1     | 2021-04-22 15:26:26,631 kmip.server.session.00000006 DEBUG    Request encoding: b'4200770100000038420069010000002042006a0200000004000000010000000042006b0200000004000000040000000042000d0200000004000000010000000042000f010000011842005c050000000400000001000000004200930800000010f7edb310b31a4517a6168e673d4b07a042007901000000e84200570500000004000000020000000042009101000000d0420008010000003042000a070000001743727970746f6772617068696320416c676f726974686d0042000b05000000040000000300000000420008010000003042000a070000001443727970746f67726170686963204c656e6774680000000042000b02000000040000010000000000420008010000003042000a070000001843727970746f67726170686963205573616765204d61736b42000b02000000040000000c00000000420008010000002042000a07000000044e616d650000000042000b07000000057465737432000000'
kmip_1     | 2021-04-22 15:26:26,632 kmip.server.session.00000006 DEBUG    Possible session ciphers: 6
kmip_1     | 2021-04-22 15:26:26,632 kmip.server.session.00000006 DEBUG    ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
kmip_1     | 2021-04-22 15:26:26,632 kmip.server.session.00000006 DEBUG    ('TLS_CHACHA20_POLY1305_SHA256', 'TLSv1.3', 256)
kmip_1     | 2021-04-22 15:26:26,632 kmip.server.session.00000006 DEBUG    ('TLS_AES_128_GCM_SHA256', 'TLSv1.3', 128)
kmip_1     | 2021-04-22 15:26:26,632 kmip.server.session.00000006 DEBUG    ('AES256-SHA256', 'TLSv1.2', 256)
kmip_1     | 2021-04-22 15:26:26,632 kmip.server.session.00000006 DEBUG    ('ECDHE-ECDSA-AES256-SHA384', 'TLSv1.2', 256)
kmip_1     | 2021-04-22 15:26:26,632 kmip.server.session.00000006 DEBUG    ('AES128-SHA256', 'TLSv1.2', 128)
kmip_1     | 2021-04-22 15:26:26,632 kmip.server.session.00000006 DEBUG    Session cipher selected: ('AES128-SHA256', 'TLSv1.2', 128)
kmip_1     | 2021-04-22 15:26:26,634 kmip.server.session.00000006 WARNING  Failure parsing request message.
kmip_1     | 2021-04-22 15:26:26,634 kmip.server.session.00000006 ERROR    Tried to read Base.type: expected 1, received 7
kmip_1     | Traceback (most recent call last):
kmip_1     |   File "/usr/local/lib/python3.7/site-packages/kmip/services/server/session.py", line 167, in _handle_message_loop
kmip_1     |     request.read(request_data, kmip_version=kmip_version)
kmip_1     |   File "/usr/local/lib/python3.7/site-packages/kmip/core/messages/messages.py", line 485, in read
kmip_1     |     batch_item.read(istream, kmip_version=kmip_version)
kmip_1     |   File "/usr/local/lib/python3.7/site-packages/kmip/core/messages/messages.py", line 309, in read
kmip_1     |     self.request_payload.read(tstream, kmip_version=kmip_version)
kmip_1     |   File "/usr/local/lib/python3.7/site-packages/kmip/core/messages/payloads/create.py", line 165, in read
kmip_1     |     kmip_version=kmip_version
kmip_1     |   File "/usr/local/lib/python3.7/site-packages/kmip/core/objects.py", line 3478, in read
kmip_1     |     attribute.read(tstream, kmip_version=kmip_version)
kmip_1     |   File "/usr/local/lib/python3.7/site-packages/kmip/core/objects.py", line 120, in read
kmip_1     |     self.attribute_value.read(tstream, kmip_version=kmip_version)
kmip_1     |   File "/usr/local/lib/python3.7/site-packages/kmip/core/attributes.py", line 115, in read
kmip_1     |     super(Name, self).read(istream, kmip_version=kmip_version)
kmip_1     |   File "/usr/local/lib/python3.7/site-packages/kmip/core/primitives.py", line 106, in read
kmip_1     |     self.read_type(istream)
kmip_1     |   File "/usr/local/lib/python3.7/site-packages/kmip/core/primitives.py", line 84, in read_type
kmip_1     |     typ
kmip_1     | kmip.core.exceptions.ReadValueError: Tried to read Base.type: expected 1, received 7
kmip_1     | 2021-04-22 15:26:26,635 kmip.server.session.00000006 DEBUG    Response encoding: b'42007b01000000c842007a0100000048420069010000002042006a0200000004000000010000000042006b02000000040000000000000000420092090000000800000000608195a242000d0200000004000000010000000042000f010000007042007f0500000004000000010000000042007e0500000004000000040000000042007d07000000444572726f722070617273696e672072657175657374206d6573736167652e2053656520736572766572206c6f677320666f72206d6f726520696e666f726d6174696f6e2e00000000'
kmip_1     | 2021-04-22 15:26:26,639 kmip.server.session.00000006 INFO     Stopping session: 00000006

It seems that I need to add Name Type, but can't figure out how I can do this.

Any help would be greatly appreciated.

tls connection has parameter insecureSkipVerify as true in test file

In the pykmip server examples, insecureSkipverify is set as true. Is it possible to use insecureSkipVerify as false and connect to pykmip or thales server ?

For establishing tls connection to thales server, can connection be established with insecureSkipVerify as false ?

performance issue

The performance of ttlv.Marshal and ttlv.Unmarshal is not high. Can we optimize them, such as adding cache to struct

Registering a wrapping key - aes and rsa public key.

Hi,

I am trying to register a wrapping key.
Tried the following request for aes wrapping key.
msg = kmip.RequestMessage{
        RequestHeader: kmip.RequestHeader{
            ProtocolVersion: kmip.ProtocolVersion{
                ProtocolVersionMajor: 1,
                ProtocolVersionMinor: 4,
            },
            BatchCount: 1,
            //Authentication: auth,
        },
        BatchItem: []kmip.RequestBatchItem{
            {
                Operation: kmip14.OperationRegister,
                RequestPayload: kmip.RegisterRequestPayload{
                    ObjectType: kmip14.ObjectTypeSymmetricKey,
                    TemplateAttribute: kmip.TemplateAttribute{
                        Attribute: []kmip.Attribute{
                            {
                                AttributeName:  "Cryptographic Algorithm",
                                AttributeValue: kmip14.CryptographicAlgorithmECDSA,
                            },
                            {
                                AttributeName:  "Cryptographic Length",
                                AttributeValue: int32(256),
                            },
                            {
                                AttributeName:  "Cryptographic Usage Mask",
                                AttributeValue: kmip14.CryptographicUsageMaskWrapKey | kmip14.CryptographicUsageMaskUnwrapKey,
                            },
                        },
                    },
                    SymmetricKey: &kmip.SymmetricKey{
                        KeyBlock: kmip.KeyBlock{
                            KeyFormatType:          kmip14.KeyFormatTypeRaw,
                            CryptographicAlgorithm: kmip14.CryptographicAlgorithmAES,
                            CryptographicLength:    256,
                            KeyValue: kmip.KeyValue{
                                KeyMaterial: "7b4d51b827fb232b109929229864dba3",
                            },
                        },
                    },
                },
            },
        },
    }

This seems to work in thales server but not in pykmip server. is anything need to be included for pykmip server.

Can you please provide an example of registering a rsa public wrapping key ?

Feature: Add Encrypt & Decrypt Ops

It would be great to have Encrypt & Decrypt ops similar to other operations currently implemented.

ceph/ceph-csi#3306

/assign
I'll be working on this soon.

Issues faced with Kmip Go client implementation

Hi,

We are trying to use the Kmip Go client implementation, connect to a Thales CipherTrust manager and perform key operations. But we are running into following issues

DiscoverVersions example provided is not working properly. We had to make some modifications (in example_test.go) to make it work.
We see that Kmip 2.0 related definitions are available. Can you let us know if this has been verified against a Kmip 2.0 compliant server?
For get and destrou key operations, we dont see structures available
Do we have encoding support for Map types? When creating the request for Create key, we are not able to encode the Map type attributes.

Could you please provide an update on the above items?

kmip20.json error

"Adjustment Value": "420162",
"Common Protection Storage Masks": "420163",
"Private Protection Storage Masks": "420164",
"Public Protection Storage Masks": "420165"

the correct way is:

"Adjustment Value": "0x420162",
"Common Protection Storage Masks": "0x420163",
"Private Protection Storage Masks": "0x420164",
"Public Protection Storage Masks": "0x420165"

Example for creation of wrap key

Can you please provide an example for creation of wrapping key.
The wrapping key should be RSA Public key.
Need to wrap an aes key with this rsa public key(wrapping key)

Is the current version is production ready ? Pl confirm

Register rsa public key fails in thales

Hi,

 I am trying to register a public key using thales kmip-go. From the base64 public key values, hex string is derived..
 For key material, ByteString is needed. So, used golang package to decode the hex string and pass it as input.
 
 This code works with pykmip but not with thales server.
  If I directly provide the hex string as keymaterial, keymaterial type is text string and i am getting keyformat not supported.
  If I provide it as decoded bytes, it shows there is not enough key material.

  This is the working xml payload for thales ,

 <RequestPayload>
  <ObjectType type="Enumeration" value="PublicKey"/>
  <TemplateAttribute>
    <Attribute>
      <AttributeName type="TextString" value="Cryptographic Usage Mask"/>
      <AttributeValue type="Integer" value="UnwrapKey WrapKey"/>
    </Attribute>
  </TemplateAttribute>
    <PublicKey>
      <KeyBlock>
      <KeyFormatType type="Enumeration" value="PKCS_1"/>
      <KeyValue>
        <KeyMaterial type="ByteString" value="30820122300d06092a864886f70d01010105000382010f003082010a0282010100a6aba5b452b2d8f5565862c2a6237609803434be5872808d7c70c8a0ee2c95c1eceac659a2bfeeba53c67b9f423551e1c38a34981981885a0579483a056d932aefaabd796733323e1ca7f3609c215b948d69402c9f03d04f75d22ce83181c20c53eb4fdd512e384bb928a8ef20cfabc58c0267cceb99ddcd8855ba89429821c2e5b83e2d0185dfb0d265bd2fc915fdf9363ffd4e0d65bb4df6ddf214d6f1be45343c8db8702db56f4fe9025e3dd8103d4265570162fc0f62959cd71801d845b189eb3c48c5af0d2d42d0afa5eb2acbd19ab4b83f2337af9eefe3fbe8619fb425b056ce42845b98797af3f5ba53cfaf238f95aee4d529ba040ba5ae1f34f1c6a70203010001"/>
      </KeyValue>
      <CryptographicAlgorithm type="Enumeration" value="RSA"/>
      <CryptographicLength type="Integer" value="2048"/>
      </KeyBlock>
    </PublicKey>
</RequestPayload>

Tried the same with kmip-go package. Only difference is 0x prefix gets added in the byteString.

The request message I tried ,

if i decode the hex string to set the key material type as byte string,

key material in request message is
KeyMaterial (ByteString/322): 0x33303831396533303064303630393261383634383836663730643031303130313035303030333831386330303330383138383032383138303535323565636430343966366663323932656265336438343838663230636333643939343138376635323835653639313738323865636331656462363038306564646231626330326235353234373238643131326234323134633662343534313931333937356163623661353233386137616638343865663936356535626562333333656435643862376439666432316265643462626138633539373236396365323538633935363138623264326136373962646361366465386562346439626166663232366531316535396636353338353933623234336263623731653438666237356466393939383635626139633363376232613464326231646164636630323033303130303031

If the keymaterial is directly provide as a string, the correct key material is shown in request message. but type is text string.

KeyMaterial (TextString/324): 0x30819e300d06092a864886f70d010101050003818c003081880281805525ecd049f6fc292ebe3d8488f20cc3d994187f5285e6917828ecc1edb6080eddb1bc02b5524728d112b4214c6b4541913975acb6a5238a7af848ef965e5beb333ed5d8b7d9fd21bed4bba8c597269ce258c95618b2d2a679bdca6de8eb4d9baff226e11e59f6538593b243bcb71e48fb75df999865ba9c3c7b2a4d2b1dadcf0203010001

0x prefix is added in all the input.
But the working example given in xml format. it shows the correct key material and type.
Can you provide any example on how to provide the request message for this ?

Thank you.

What is the right way to set value for Cryptographic Algorithm in Template Attribute?

I try to create a new key pair, and saw answers in #4

But it is still unclear to me how Cryptographic Algorithm can be set.

Here is my create key pair:

type CreateKeyPairRequestPayload struct {
	CommonTemplateAttribute 			kmip.TemplateAttribute
	PrivateKeyTemplateAttribute 		kmip.TemplateAttribute
	PublicKeyTemplateAttribute			kmip.TemplateAttribute
}

type CreateKeyPairResponsePayload struct {
	PrivateKeyUniqueIdentifier  	        string
	PublicKeyUniqueIdentifier  		string
	PrivateKeyTemplateAttribute 	*kmip.TemplateAttribute
	PublicKeyTemplateAttribute		*kmip.TemplateAttribute
}

type CreateHandler struct {
	Create func(ctx context.Context, payload *CreateKeyPairRequestPayload) (*CreateKeyPairResponsePayload, error)
}

func (h *CreateHandler) HandleItem(ctx context.Context, req *kmip.Request) (*kmip.ResponseBatchItem, error) {
	var payload CreateKeyPairRequestPayload
	err := req.DecodePayload(&payload)
	if err != nil {
		return nil, err
	}

	respPayload, err := h.Create(ctx, &payload)
	if err != nil {
		return nil, err
	}

	//req.IDPlaceholder = respPayload.TemplateAttribute.GetTag(kmip14.TagUniqueIdentifier, 0).(string)

	return &kmip.ResponseBatchItem{
		ResponsePayload: respPayload,
	}, nil
}

The command is created as follows:

msg := kmip.RequestMessage{
  RequestHeader: kmip.RequestHeader{
    ProtocolVersion: kmip.ProtocolVersion{
      ProtocolVersionMajor: 1,
      ProtocolVersionMinor: 2,
    },
    BatchCount:             1,
    //ClientCorrelationValue: uuid.New().String(),
  },
  BatchItem: []kmip.RequestBatchItem{
    {
      UniqueBatchItemID: biID[:],
      Operation:         kmip14.OperationCreateKeyPair,
      RequestPayload: kmip_ext.CreateKeyPairRequestPayload{
        PublicKeyTemplateAttribute: kmip.TemplateAttribute{
          Attribute: [] kmip.Attribute {
            {
              AttributeName: kmip14.TagCryptographicAlgorithm.String(),
              AttributeValue: "RSA",
            },
          },
        },
      },
    },
  },
}

pykmip fails to execute my request:

kmip_1   | 2021-04-18 07:38:21,620 kmip.server.session.00000040 INFO     Starting session: 00000040
kmip_1   | 2021-04-18 07:38:24,377 kmip.server.session.00000040 DEBUG    Request encoding: b'42007801000000c8'
kmip_1   | 2021-04-18 07:38:24,377 kmip.server.session.00000040 DEBUG    Request encoding: b'4200770100000038420069010000002042006a0200000004000000010000000042006b0200000004000000020000000042000d0200000004000000010000000042000f010000008042005c0500000004000000020000000042009308000000104bab845a1a5641bfafc3e57ff0865f95420079010000005042001f0100000000420065010000000042006e0100000038420008010000003042000a070000001643727970746f67726170686963416c676f726974686d000042000b07000000035253410000000000'
kmip_1   | 2021-04-18 07:38:24,377 kmip.server.session.00000040 DEBUG    Possible session ciphers: 6
kmip_1   | 2021-04-18 07:38:24,377 kmip.server.session.00000040 DEBUG    ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
kmip_1   | 2021-04-18 07:38:24,378 kmip.server.session.00000040 DEBUG    ('TLS_CHACHA20_POLY1305_SHA256', 'TLSv1.3', 256)
kmip_1   | 2021-04-18 07:38:24,378 kmip.server.session.00000040 DEBUG    ('TLS_AES_128_GCM_SHA256', 'TLSv1.3', 128)
kmip_1   | 2021-04-18 07:38:24,378 kmip.server.session.00000040 DEBUG    ('ECDHE-ECDSA-AES256-SHA384', 'TLSv1.2', 256)
kmip_1   | 2021-04-18 07:38:24,378 kmip.server.session.00000040 DEBUG    ('AES128-SHA256', 'TLSv1.2', 128)
kmip_1   | 2021-04-18 07:38:24,378 kmip.server.session.00000040 DEBUG    ('AES256-SHA256', 'TLSv1.2', 256)
kmip_1   | 2021-04-18 07:38:24,379 kmip.server.session.00000040 DEBUG    Session cipher selected: ('AES128-SHA256', 'TLSv1.2', 128)
kmip_1   | 2021-04-18 07:38:24,381 kmip.server.session.00000040 WARNING  Failure parsing request message.
kmip_1   | 2021-04-18 07:38:24,381 kmip.server.session.00000040 ERROR    No value type for CRYPTOGRAPHICALGORITHM
kmip_1   | Traceback (most recent call last):
kmip_1   |   File "/usr/local/lib/python3.7/site-packages/kmip/services/server/session.py", line 167, in _handle_message_loop
kmip_1   |     request.read(request_data, kmip_version=kmip_version)
kmip_1   |   File "/usr/local/lib/python3.7/site-packages/kmip/core/messages/messages.py", line 485, in read
kmip_1   |     batch_item.read(istream, kmip_version=kmip_version)
kmip_1   |   File "/usr/local/lib/python3.7/site-packages/kmip/core/messages/messages.py", line 309, in read
kmip_1   |     self.request_payload.read(tstream, kmip_version=kmip_version)
kmip_1   |   File "/usr/local/lib/python3.7/site-packages/kmip/core/messages/payloads/create_key_pair.py", line 317, in read
kmip_1   |     kmip_version=kmip_version
kmip_1   |   File "/usr/local/lib/python3.7/site-packages/kmip/core/objects.py", line 3478, in read
kmip_1   |     attribute.read(tstream, kmip_version=kmip_version)
kmip_1   |   File "/usr/local/lib/python3.7/site-packages/kmip/core/objects.py", line 117, in read
kmip_1   |     raise Exception("No value type for {}".format(enum_name))
kmip_1   | Exception: No value type for CRYPTOGRAPHICALGORITHM
kmip_1   | 2021-04-18 07:38:24,382 kmip.server.session.00000040 DEBUG    Response encoding: b'42007b01000000c842007a0100000048420069010000002042006a0200000004000000010000000042006b02000000040000000000000000420092090000000800000000607be1f042000d0200000004000000010000000042000f010000007042007f0500000004000000010000000042007e0500000004000000040000000042007d07000000444572726f722070617273696e672072657175657374206d6573736167652e2053656520736572766572206c6f677320666f72206d6f726520696e666f726d6174696f6e2e00000000'
kmip_1   | 2021-04-18 07:38:24,388 kmip.server.session.00000040 INFO     Stopping session: 00000040

It seems to me that attribute value should not be provided as a string, in accordance to the spec it should be enum. I'm stuck at this point and can't figure out how to provided it correctly.