Open freedge opened 3 months ago
wiktor-k
commented
3 months ago I think it looks good. 👍
Unfortunately due to a new Rust version the lints started to pop up.
We could fix them in a similar way as in the tpm repo. What do you think @ionut-arm ?
keldonin
commented
2 months ago @freedge if that helps, the CI bot seems to work now, after the merge of PR #218. You might want to sync up your branch on your repo with the upstream one, to incorporate the latest fixes and get through these issues. I experienced the same and that solved the Execute CI script failures.
Define CKD_SHA256_KDF transformation to be used with CKM_ECDH1_DERIVE.
Some HSM with FIPS restriction will refuse to derive keys with CKD_NULL. CKD_SHA256_KDF will do fine though.
Unfortunately this is not implemented on softHSM (https://github.com/opendnssec/SoftHSMv2/pull/599) so I provide no test. This was tested fine against Thales DPOD.