-
Notifications
You must be signed in to change notification settings - Fork 66
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: support vendor defined mechanisms #232
feat: support vendor defined mechanisms #232
Conversation
Signed-off-by: Direktor799 <[email protected]>
Signed-off-by: Direktor799 <[email protected]>
Signed-off-by: Direktor799 <[email protected]>
85b6f7e
to
12e21fa
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good idea to do it this way! Only questions about unsafety
Signed-off-by: Direktor799 <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you!
// SPDX-License-Identifier: Apache-2.0 | ||
//! Mechanism types are defined with the objects and mechanism descriptions that use them. | ||
//! Vendor defined values for this type may also be specified. | ||
//! See: <https://docs.oasis-open.org/pkcs11/pkcs11-base/v3.0/os/pkcs11-base-v3.0-os.html#_Toc29976545> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are vendor mechanisms only supported in v3 of PKCS #11?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's also supported in v2.4. I put v3.0 link here since we are using v3.0 headers now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍🏻 thanks! I'm guessing SoftHSM doesn't have support for any (mock) vendor mechanisms, right?
My casual skim reveals they don't have any: https://github.com/opendnssec/SoftHSMv2/blob/913e7bfd463194fadcdd28f578087cc9c15643ee/src/lib/SoftHSM.cpp#L723 Too bad, it'd be cool to have tests for this 😞 Edit: also, I couldn't help myself to unsee this. 😉 |
Add support for vendor defined mechanisms.
In order to avoid issues mentioned in #105, the parameters are pre-serialized in
VendorDefinedMechanism::new
, so we don't need to introduce generic toMechanism
or pay extra cost for dynamic dispatching.It's also guaranteed that the new mechanism value is greater or equal to
CKM_VENDOR_DEFINED
.It seems to be working fine with AWS CloudHSM's custom
CKM_SP800_108_COUNTER_KDF
.