search

parallaxsecond / rust-cryptoki

Rust wrapper for the PKCS #11 API, Cryptoki
https://docs.rs/cryptoki/
Apache License 2.0
77 stars 61 forks source link

feat: support vendor defined mechanisms #232

Closed Direktor799 closed 2 weeks ago

Direktor799 commented 2 weeks ago

Add support for vendor defined mechanisms.

In order to avoid issues mentioned in #105, the parameters are pre-serialized in VendorDefinedMechanism::new, so we don't need to introduce generic to Mechanism or pay extra cost for dynamic dispatching. It's also guaranteed that the new mechanism value is greater or equal to CKM_VENDOR_DEFINED.

It seems to be working fine with AWS CloudHSM's custom CKM_SP800_108_COUNTER_KDF.

wiktor-k commented 2 weeks ago

👍🏻 thanks! I'm guessing SoftHSM doesn't have support for any (mock) vendor mechanisms, right?

My casual skim reveals they don't have any: https://github.com/opendnssec/SoftHSMv2/blob/913e7bfd463194fadcdd28f578087cc9c15643ee/src/lib/SoftHSM.cpp#L723

Too bad, it'd be cool to have tests for this :disappointed:

Edit: also, I couldn't help myself to unsee this. :wink: