Skip to content

Add support for C_DeriveKey PKCS#11 function #72

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
balsingh1991 wants to merge 2 commits into from
Closed

Add support for C_DeriveKey PKCS#11 function #72

balsingh1991 wants to merge 2 commits into from

Conversation

@balsingh1991
Copy link
Contributor

@balsingh1991 balsingh1991 commented Jun 21, 2020

Add support for CK_KEY_DERIVATION_STRING_DATA struct for use as mechanism parameters
Add support for DUKPT key derivation
Add support for ECIES encrypt/decrypt operations
Note: For DUKPT and ECIES operations, underlying cryto implementation must support it otherwise CKR_MECHANISM_INVALID error is encountered.

@balsingh1991
Add support for C_DeriveKey PKCS#11 function
2526671 
Add support for CK_KEY_DERIVATION_STRING_DATA struct for use as mechanism parameters
Add support for DUKPT key derivation
Add support for ECIES encrypt/decrypt operations
Note: For DUKPT and ECIES operations, underlying cryto implementation must support it otherwise CKR_MECHANISM_INVALID error is encountered.
@coveralls
Copy link

coveralls commented Jun 21, 2020

Coverage Status

Coverage increased (+9.5%) to 57.745% when pulling 2526671 on balsingh1991:dev_c_derivekey into faf137e on LudovicRousseau:master.

@LudovicRousseau
Copy link
Owner

LudovicRousseau commented Jun 22, 2020

It looks nice.

Can yo provide a Unitary Test as the ones in the test/ directory?
The idea is to:

  • test the wrapper is working as expected
  • check for regression in case of future code change
  • "document" how to use the function

@balsingh1991
Copy link
Contributor Author

balsingh1991 commented Jun 22, 2020

I had created few unit tests. Unfortunately, for my use case mechanisms involved are not standard, thus, softhsm will not support it.
Trying to include derive test for CKM_ECDH1_DERIVE, but getting CKR_MECHANISM_PARAM_INVALID from softhsm. I'll add another commit when I resolve it.
Thanks!

@LudovicRousseau
Copy link
Owner

LudovicRousseau commented Feb 18, 2021

Allo @balsingh1991, any progress on the use of SoftHSM with your patches?

@balsingh1991
Copy link
Contributor Author

balsingh1991 commented Feb 20, 2021 via email

@mskalski mskalski mentioned this pull request Nov 9, 2021
Closed
LudovicRousseau
LudovicRousseau requested changes Aug 5, 2022
View reviewed changes
Copy link
Owner

@LudovicRousseau LudovicRousseau left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be perfect if you could:

  • rebase your patches above master
  • split the patches with only one new feature per patch

src/pykcs11.i
#define CKM_HKDF_DATA 0x0000402b
#define CKM_HKDF_KEY_GEN 0x0000402c
#define CKM_VENDOR_DEFINED 0x80000000UL
#define CKM_DES2_DUKPT_MAC (CKM_VENDOR_DEFINED + 0x612)
Copy link
Owner

@LudovicRousseau LudovicRousseau Aug 5, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can't include vendor specific mechanisms.

Are these mechanisms planned for a future version of PKCS#11 standard?

@balsingh1991 balsingh1991 deleted the dev_c_derivekey branch August 6, 2022 20:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@LudovicRousseau LudovicRousseau LudovicRousseau requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@balsingh1991 @coveralls @LudovicRousseau