attribute extension defining Unhanled attribute type and EC Kdf improvements #241
Conversation
…anged for KDF type and shared value definition. Signed-off-by: İlker BALTACI <ilker.baltaci@tubitak.gov.tr>
Signed-off-by: İlker BALTACI <ilker.baltaci@tubitak.gov.tr>
| @@ -136,6 +136,8 @@ pub enum AttributeType { | |||
| Wrap, | |||
| /// Indicates that the key can only be wrapped with a wrapping key that has the Trusted attribute | |||
| WrapWithTrusted, | |||
| /// Wraps undefined and custom attribute types. | |||
| Unhandled(CK_ATTRIBUTE_TYPE), | |||
There was a problem hiding this comment.
Hey @ilkerBaltaci , thanks for your PR 🙏!
I understand the idea behind the Unhandled types, but I think we strive to only expose in the cryptoki crate idiomatic structures and functions which are safe to use and abstracted away from the raw PKCS11 types. That's summarized in our README:
All the PKCS11 items might not be implemented but everything that is implemented is safe.
I will let other maintainers give their opinions but I think that if you have new types/algos you want to add it's best to do so in the high-level "way" where you add corresponding cryptoki structures/functions for those new types
| @@ -1006,6 +1017,8 @@ impl ObjectClass { | |||
| pub const MECHANISM: ObjectClass = ObjectClass { val: CKO_MECHANISM }; | |||
| /// An OTP key object | |||
| pub const OTP_KEY: ObjectClass = ObjectClass { val: CKO_OTP_KEY }; | |||
| /// A profile object | |||
| pub const PROFILE: ObjectClass = ObjectClass { val: CKO_PROFILE }; | |||
|
I added new EcKdf options here btw, https://github.com/parallaxsecond/rust-cryptoki/pull/239/files! We could add more if needed |
For undefined attribute types in PKCS#11 spec, I defined Unhandled attribute type to get attribute type value and data value as Vec type. I also change visibility of the struct variables to edit from outside of the module. ECKdf struct edited for defining KDF type and shared value.