jyao1
commented
3 years ago Standard reference:
- https://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html
- https://docs.oasis-open.org/pkcs11/pkcs11-base/v3.0/pkcs11-base-v3.0.html
The header file can be found at: Appendix B. Manifest constants.
We can create a cryptolib_pkcs11.
PKCS11 is an industry-standard and generic cryptography interface. Instead of libSPDM supporting multiple bindings to cryptography libraries it could have a single PKCS11 layer that then binds to the underlying cryptography libraries.
e.g. opensource implementation: https://github.com/tpm2-software/tpm2-pkcs11
One possible way is to plug-in pkcs11 instead of replacing crytolib directly. We can let libspdm->cryptlib->pkcs11. e.g. create cryptlib_pkcs11 If anyone implements a pkcs11 lib, then this pkcs11 lib can be plug in. People still prefers to keep cryptlib interface here, because it is simpler than pkcs11.