Dmulder/key auth value - Githubissues

kanidm / hsm-crypto

A library for cryptographic operations backed by a HSM or TPM

Mozilla Public License 2.0

5 stars 5 forks source link

Dmulder/key auth value #33

Closed Firstyear closed 7 months ago

Firstyear commented 7 months ago

Refers #32 - Fix PIN Value support for identity keys. This works on the TPM with it's native lockout features, and soft with argon2id derivation hmaced (peppered) to the machine key.

Checklist

[ x ] This pr contains no AI generated code
[ x ] cargo fmt has been run
[ x ] cargo clippy has been run and there's no issues
[ x ] cargo test has been run and passes

dmulder commented 7 months ago

Odd, I see these:

2024-03-27T14:05:59.108386Z ERROR kanidm_hsm_crypto: elapsed=Ok(331.406153ms)
2024-03-27T14:05:59.124725Z ERROR kanidm_hsm_crypto: elapsed=Ok(332.024759ms)
2024-03-27T14:05:59.438566Z ERROR kanidm_hsm_crypto: elapsed=Ok(330.107573ms)
2024-03-27T14:05:59.464243Z ERROR kanidm_hsm_crypto: elapsed=Ok(339.426009ms)

All the tests pass though. Maybe these should be going to debug, not error?

dmulder commented 7 months ago

Otherwise, LGTM. Thanks for doing this! I built this against some test code and it worked as expected.

dmulder commented 7 months ago

When you merge, can you issue a release?

Firstyear commented 7 months ago

@dmulder released 0.2.0

dmulder commented 7 months ago

@dmulder released 0.2.0

Sigh, I always forget about the dependency loop on compact-jwt. That also needs to be updated to point to the new hsm-crypto (else none of my code will build).

Firstyear commented 7 months ago

If all goes well, I will push my changes to compact-jwt today so we can release them.