Adding 2 new mechanisms: generic key generation and key derivation via encryption

parallaxsecond / rust-cryptoki

Rust wrapper for the PKCS #11 API, Cryptoki

https://docs.rs/cryptoki/

Apache License 2.0

77 stars 61 forks source link

Adding 2 new mechanisms: generic key generation and key derivation via encryption #178

Closed Nk185 closed 1 year ago

Nk185 commented 1 year ago

Added CKM_AES_CBC_ENCRYPT_DATA; Added CKM_GENERIC_SECRET_KEY_GEN; Added prettier MechanismInfo fmt.

wiktor-k commented 1 year ago

:thinking: It looks rather good :+1:

Do you know if SoftHSM supports these mechanisms? If so I think it'd be good to add tests (yeah, I know this is a chore but it's good as a source of examples and somehow mitigates regressions when others are "improving" your code).

Thanks for your time! :wave:

Nk185 commented 1 year ago

@wiktor-k The two mechanisms are surely supported in v2.6.1:

The generic secret: here
The derivation via encryption: here

Sure, I will add tests over weekends, maybe earlier... How would you like those tests for the EKDF? Should it be a simple derive that makes sure a new symmetric key is created? Or should I also check that an expected key was generated?

wiktor-k commented 1 year ago

Should it be a simple derive that makes sure a new symmetric key is created? Or should I also check that an expected key was generated?

Either is fine for me and I guess we have both variants in existing tests 😅

Thanks for taking care of it!

Nk185 commented 1 year ago

@wiktor-k Well, apparently, I found some time earlier than I thought 😅 Tests added :)