From 3c59039aea5022a7b1867518e518490ebb485d54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Rigault?= Date: Fri, 9 Aug 2024 19:31:17 +0200 Subject: [PATCH] Define CKD_SHA256_KDF transformation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Define CKD_SHA256_KDF transformation to be used with CKM_ECDH1_DERIVE. Some HSM with FIPS restriction will refuse to derive keys with CKD_NULL. CKD_SHA256_KDF will do fine though. Unfortunately this is not implemented on softHSM (https://github.com/opendnssec/SoftHSMv2/pull/599) so I provide no test. This was tested fine against Thales DPOD. Signed-off-by: François Rigault --- cryptoki/src/mechanism/elliptic_curve.rs | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/cryptoki/src/mechanism/elliptic_curve.rs b/cryptoki/src/mechanism/elliptic_curve.rs index 21f55e0e..75a4012c 100644 --- a/cryptoki/src/mechanism/elliptic_curve.rs +++ b/cryptoki/src/mechanism/elliptic_curve.rs @@ -93,6 +93,17 @@ impl<'a> EcKdf<'a> { } } + /// The sha256 transformation as defined in the x9 standard. The + /// derived key is produced by concatenating hashes of the shared + /// value followed by 00000001, 00000002, etc. until we find + /// enough bytes to feel the CKA_VALUE_LEN of the derived key. + pub fn sha256_x9() -> Self { + Self { + kdf_type: CKD_SHA256_KDF, + shared_data: None, + } + } + // The intention here is to be able to support other methods with // shared data, without it being a breaking change, by just adding // additional constructors here.