Define CKD_SHA256_KDF transformation

parallaxsecond / rust-cryptoki

Rust wrapper for the PKCS #11 API, Cryptoki

https://docs.rs/cryptoki/

Apache License 2.0

71 stars 60 forks source link

Define CKD_SHA256_KDF transformation #213

Open freedge opened 1 month ago

freedge commented 1 month ago

Define CKD_SHA256_KDF transformation to be used with CKM_ECDH1_DERIVE.

Some HSM with FIPS restriction will refuse to derive keys with CKD_NULL. CKD_SHA256_KDF will do fine though.

Unfortunately this is not implemented on softHSM (https://github.com/opendnssec/SoftHSMv2/pull/599) so I provide no test. This was tested fine against Thales DPOD.

wiktor-k commented 1 month ago

I think it looks good. 👍

Unfortunately due to a new Rust version the lints started to pop up.

We could fix them in a similar way as in the tpm repo. What do you think @ionut-arm ?

keldonin commented 1 month ago

@freedge if that helps, the CI bot seems to work now, after the merge of PR #218. You might want to sync up your branch on your repo with the upstream one, to incorporate the latest fixes and get through these issues. I experienced the same and that solved the Execute CI script failures.