Define CKD_SHA256_KDF transformation #213
Conversation
|
I think it looks good. 👍 Unfortunately due to a new Rust version the lints started to pop up. We could fix them in a similar way as in the tpm repo. What do you think @ionut-arm ? |
| /// The sha256 transformation as defined in the x9 standard. The | ||
| /// derived key is produced by concatenating hashes of the shared | ||
| /// value followed by 00000001, 00000002, etc. until we find | ||
| /// enough bytes to feel the CKA_VALUE_LEN of the derived key. |
There was a problem hiding this comment.
| /// enough bytes to feel the CKA_VALUE_LEN of the derived key. | |
| /// enough bytes to fill the `CKA_VALUE_LEN` of the derived key. |
Define CKD_SHA256_KDF transformation to be used with CKM_ECDH1_DERIVE. Some HSM with FIPS restriction will refuse to derive keys with CKD_NULL. CKD_SHA256_KDF will do fine though. Unfortunately this is not implemented on softHSM (softhsm/SoftHSMv2#599) so I provide no test. This was tested fine against Thales DPOD. Signed-off-by: François Rigault <rigault.francois@gmail.com>
| @@ -93,6 +93,17 @@ impl<'a> EcKdf<'a> { | |||
| } | |||
| } | |||
|
|
|||
| /// The sha256 transformation as defined in the x9 standard. The | |||
There was a problem hiding this comment.
| /// The sha256 transformation as defined in the x9 standard. The | |
| /// The key derivation function based on sha256 as defined in the ANSI X9.63 standard. The |
I'd recommend this change to make the reference clearer. If you'd like to put in a link to the standard that'd be even nicer 😉
| /// derived key is produced by concatenating hashes of the shared | ||
| /// value followed by 00000001, 00000002, etc. until we find | ||
| /// enough bytes to fill the `CKA_VALUE_LEN` of the derived key. | ||
| pub fn sha256_x9() -> Self { |
There was a problem hiding this comment.
| pub fn sha256_x9() -> Self { | |
| pub fn sha256() -> Self { |
I think SHA256 is actually specific enough here, since the type makes it clear it's a KDF.
|
If you rebase and address @ionut-arm 's comments here we can easily get it merged :) ! |
|
let's close that for the moment as I don't have time or interest to work on it. |
|
Understood! Was a shame to not merge it after all your effort so pushed the same + the fix here, hopefully we can get it merged soon and close the corresponding issue :) |
Define CKD_SHA256_KDF transformation to be used with CKM_ECDH1_DERIVE.
Some HSM with FIPS restriction will refuse to derive keys with CKD_NULL. CKD_SHA256_KDF will do fine though.
Unfortunately this is not implemented on softHSM
(softhsm/SoftHSMv2#599) so I provide no test. This was tested fine against Thales DPOD.