rust-cryptoki icon indicating copy to clipboard operation
rust-cryptoki copied to clipboard

Published 20 hours ago verified publisher icon parallaxsecond

Define CKD_SHA256_KDF transformation

Open freedge opened this issue 1 year ago • 2 comments

Define CKD_SHA256_KDF transformation to be used with CKM_ECDH1_DERIVE.

Some HSM with FIPS restriction will refuse to derive keys with CKD_NULL. CKD_SHA256_KDF will do fine though.

Unfortunately this is not implemented on softHSM (https://github.com/opendnssec/SoftHSMv2/pull/599) so I provide no test. This was tested fine against Thales DPOD.

freedge avatar Aug 09 '24 18:08 freedge

I think it looks good. 👍

Unfortunately due to a new Rust version the lints started to pop up.

We could fix them in a similar way as in the tpm repo. What do you think @ionut-arm ?

wiktor-k avatar Aug 10 '24 11:08 wiktor-k

@freedge if that helps, the CI bot seems to work now, after the merge of PR #218. You might want to sync up your branch on your repo with the upstream one, to incorporate the latest fixes and get through these issues. I experienced the same and that solved the Execute CI script failures.

keldonin avatar Aug 30 '24 11:08 keldonin

If you rebase and address @ionut-arm 's comments here we can easily get it merged :) !

hug-dev avatar Dec 22 '24 20:12 hug-dev

let's close that for the moment as I don't have time or interest to work on it. thanks for your project though!

freedge avatar Dec 22 '24 21:12 freedge

Understood! Was a shame to not merge it after all your effort so pushed the same + the fix here, hopefully we can get it merged soon and close the corresponding issue :)

hug-dev avatar Dec 22 '24 21:12 hug-dev