search

miekg / pkcs11

pkcs11 wrapper for Go
BSD 3-Clause "New" or "Revised" License
375 stars 133 forks source link

Add RSA AES key wrap mechanism parameters #166

Closed varder closed 1 year ago

varder commented 1 year ago

Mechanism implementation: https://github.com/OP-TEE/optee_os/pull/5647

pkcs11-spec-v3.1-cs01 6.1.23 RSA AES KEY WRAP

The RSA AES key wrap mechanism based on the RSA public-key cryptosystem and the AES key wrap mechanism. It supports single-part key wrapping and key unwrapping.

How to use:

params := &pkcs11.RSAAESKeyWrapParams{
    AESKeyBits: 256,
    OAEPParams: pkcs11.OAEPParams{
        HashAlg:    pkcs11.CKM_SHA256,
        MGF:        pkcs11.CKG_MGF1_SHA256,
        SourceType: pkcs11.CKZ_DATA_SPECIFIED,
    },
}
mechanism := []*pkcs11.Mechanism {
    pkcs11.NewMechanism(pkcs11.CKM_RSA_AES_KEY_WRAP, params)
}
unwrappedKey, err := ctx.UnwrapKey(session, mechanism, wrappingKeyObj,
                                   wrappedKey, unwrappedKeyAttributes)
varder commented 1 year ago

Hi @miekg, Could you please have a look at the PR

miekg commented 1 year ago

some style stuff, otherwise lgtm