Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: support vendor defined mechanisms #232

Merged
merged 4 commits into from
Nov 12, 2024
Merged

feat: support vendor defined mechanisms #232

merged 4 commits into from
Nov 12, 2024

Conversation

Direktor799
Copy link
Contributor

Add support for vendor defined mechanisms.

In order to avoid issues mentioned in #105, the parameters are pre-serialized in VendorDefinedMechanism::new, so we don't need to introduce generic to Mechanism or pay extra cost for dynamic dispatching.
It's also guaranteed that the new mechanism value is greater or equal to CKM_VENDOR_DEFINED.

It seems to be working fine with AWS CloudHSM's custom CKM_SP800_108_COUNTER_KDF.

hug-dev
hug-dev reviewed Nov 11, 2024
View reviewed changes
Copy link
Member

@hug-dev hug-dev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good idea to do it this way! Only questions about unsafety

cryptoki/src/mechanism/mod.rs Outdated Show resolved Hide resolved
cryptoki/src/mechanism/vendor_defined.rs Show resolved Hide resolved
hug-dev
hug-dev approved these changes Nov 11, 2024
View reviewed changes
Copy link
Member

@hug-dev hug-dev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

ionut-arm
ionut-arm reviewed Nov 11, 2024
View reviewed changes
cryptoki/src/mechanism/vendor_defined.rs
// SPDX-License-Identifier: Apache-2.0
//! Mechanism types are defined with the objects and mechanism descriptions that use them.
//! Vendor defined values for this type may also be specified.
//! See: <https://docs.oasis-open.org/pkcs11/pkcs11-base/v3.0/os/pkcs11-base-v3.0-os.html#_Toc29976545>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are vendor mechanisms only supported in v3 of PKCS #11?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's also supported in v2.4. I put v3.0 link here since we are using v3.0 headers now.

ionut-arm
ionut-arm approved these changes Nov 12, 2024
View reviewed changes
Copy link
Member

@ionut-arm ionut-arm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍🏻 thanks! I'm guessing SoftHSM doesn't have support for any (mock) vendor mechanisms, right?

@wiktor-k
Copy link
Collaborator

wiktor-k commented Nov 12, 2024
edited
Loading

👍🏻 thanks! I'm guessing SoftHSM doesn't have support for any (mock) vendor mechanisms, right?

My casual skim reveals they don't have any: https://github.com/opendnssec/SoftHSMv2/blob/913e7bfd463194fadcdd28f578087cc9c15643ee/src/lib/SoftHSM.cpp#L723

Too bad, it'd be cool to have tests for this 😞

Edit: also, I couldn't help myself to unsee this. 😉

@hug-dev hug-dev merged commit c2e4f89 into parallaxsecond:main Nov 12, 2024
7 checks passed
This was referenced Nov 14, 2024
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ionut-arm ionut-arm ionut-arm approved these changes

@hug-dev hug-dev hug-dev approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Direktor799 @wiktor-k @hug-dev @ionut-arm