Ingo Franzki

icon indicating a website link http://ibm.com

icon company IBM

Results 38 comments of Ingo Franzki

Digest State Serialization

OK, `EVP_MD_CTX_copy_ex()` is there. But how does this help me to get the state in a way that I can pass it back via `C_GetOperationState()` ? What I need is...

Digest State Serialization

No, This is how C_GetOperationState is defined by the PKCS#11 standard: ``` CK_DECLARE_FUNCTION(CK_RV, C_GetOperationState)( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pOperationState, CK_ULONG_PTR pulOperationStateLen ); CK_DECLARE_FUNCTION(CK_RV, C_SetOperationState)( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pOperationState, CK_ULONG ulOperationStateLen, CK_OBJECT_HANDLE...

p11sak: Extend tool to cover Generic-Secret, DH and DSA key types

Support for other key types is now available with commit https://github.com/opencryptoki/opencryptoki/commit/e52f78503e201153bd37e8001aa68998dce5cbc7 and following.

p11sak: list-key with label filter: key objects with labels containing trailing zero bytes

Since https://github.com/opencryptoki/opencryptoki/commit/fb6e0fe5a59ef6b51866d66f074af368b490c326 one can now use wildcards for filtering keys by label. This should also allow to match labels with binary zeros at the end.

deferred - P11sak updates

With https://github.com/opencryptoki/opencryptoki/pull/668 this PR is now obsolete. Closing.

Support secure keys with token specific token_specific_ecdh_pkcs_derive() function

Function `ecdh_pkcs_derive()` is already not prepared for secure key tokens. It calls `ckm_ecdh_pkcs_derive()` and expects the derived secret Z to be passed back in clear. It the applies a KDF...

Support secure keys with token specific token_specific_ecdh_pkcs_derive() function

Correct. That would need the same changes to allow a secure key token to support DH derive. The only thing is, that CCA as far as I know does not...

ica: use new ica_aes_gcm_kma_xxx() API for AES-GCM

Added support with https://github.com/opencryptoki/opencryptoki/pull/761