Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: PKCS11 provider library #208

Merged
merged 58 commits into from
Mar 25, 2024
Merged

feat: PKCS11 provider library #208

merged 58 commits into from
Mar 25, 2024

Conversation

bgrieder
Copy link
Contributor

@bgrieder bgrieder commented Mar 15, 2024
edited
Loading

This PR create a PKCS#11 provider library.
Its primary objective is to be compatible with Veracrypt.

The library is loaded in Veracrypt which will then fetch symmetric keys from the server tagged with word disk-encryption. The library is using the kms.json on the machine for the server address and authentication.

The PKCS#11 C ABI is provided by the native-pkcs11 project.

The provider library is in crate pkcs11

Since the library is also a client, like the CLI, a number of files have been moved from the cli to the client and test-server crate, so that they can also be used by the pkcs11 crate. Some structs have also been renamed to reflect the fact that they are not specific to the CLI anymore

Most of the changes of this PR are due to the refactoring.

@bgrieder bgrieder changed the title Draft: Pkcs11 provider PKCS11 provider library Mar 16, 2024
@bgrieder bgrieder requested review from Manuthor and JosePisco March 16, 2024 09:38
@bgrieder bgrieder mentioned this pull request Mar 16, 2024
Closed
@bgrieder bgrieder changed the title PKCS11 provider library Draft: PKCS11 provider library Mar 18, 2024
@JosePisco JosePisco requested a review from tbrezot March 18, 2024 14:17
tbrezot
tbrezot reviewed Mar 18, 2024
View reviewed changes
@Manuthor Manuthor changed the title Draft: PKCS11 provider library feat: PKCS11 provider library Mar 19, 2024
@Manuthor Manuthor marked this pull request as draft March 19, 2024 10:43
bgrieder and others added 19 commits March 21, 2024 20:43
@bgrieder
attempt at vendoring openssl for josekit
53a60f8
@bgrieder
update readme
a1893a9
@ThibsG @bgrieder
Try without vendored for josekit in client
5d32ccd
@bgrieder
more doc for windows
0399ab1
@Manuthor @bgrieder
ci: Run binaries in clean env also in debug mode (#215)
1415a7e 
* ci: run binaries in clean env. also in debug mode

* ci: increase size of tmp files

* ci: test ckms without openssl

* ci: test ckms without openssl

* ci: fix windows build

* ci: only build server just after openssl build

* fix(ckms): remove println on CreateKeyPairAction
@bgrieder
added pkcs11 provider
88b7ec2
@bgrieder
refactored export and import into the client
3d2495f
@bgrieder
refactored encodings to client
c70978b
@bgrieder
unused deps
1420c58
@bgrieder
move logging init to pkcs11
04d55cc
@bgrieder
key data objects
4b874f4
@bgrieder
batching exports
4d0fc3e
@bgrieder
batch operations beta
99bfa2e
@bgrieder
refactoing of tests
5ff7ac3
@bgrieder
fixed tests
7c5b5f9
@bgrieder
fixed test server
53de2f5
@bgrieder
code beta
7d5188b
@bgrieder
switching to the git version of native-pkcs11
b84fa3c
@bgrieder
cargo fmt
9a48e5f
@bgrieder bgrieder marked this pull request as ready for review March 22, 2024 07:30
@Manuthor Manuthor merged commit 18e16f7 into develop Mar 25, 2024
16 of 17 checks passed
@Manuthor Manuthor deleted the pkcs11_provider branch March 25, 2024 14:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tbrezot tbrezot tbrezot left review comments

@Manuthor Manuthor Manuthor approved these changes

@JosePisco JosePisco Awaiting requested review from JosePisco

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@bgrieder @Manuthor @tbrezot @ThibsG