Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ANSI X9.63 key derivation functions for CKM_ECDH1_DERIVE #599

Draft
wants to merge 2 commits into
base: develop
Choose a base branch
from
Draft

ANSI X9.63 key derivation functions for CKM_ECDH1_DERIVE #599

wants to merge 2 commits into from

Conversation

Aearsis
Copy link
Contributor

@Aearsis Aearsis commented Jan 27, 2021

Implemented in SoftHSM.cpp, so it works with both OpenSSL and Botan backends. The added tests are kind of elementary, I haven't found any official test vectors. But I have checked the results against doing the SHA's by hand, and against OpenSSL's internal implementation.

It would be awesome if someone could check the outputs with another PKCS#11 implementation.

@rijswijk
Copy link
Contributor

Thanks for the contribution, much appreciated! Code looks good to me, I'm going to discuss it internally, we are having some challenges with the review process due to corona-related pressure on time available to collaborators, so bear with us for some time (apologies in advance).

@rijswijk rijswijk requested a review from halderen January 28, 2021 08:52
@Aearsis Aearsis mentioned this pull request Feb 1, 2021
Open
@antoinelochet
Copy link

Very interested in this PR

@manison manison mentioned this pull request Aug 21, 2023
Merged
@antoinelochet
Copy link

antoinelochet commented Nov 3, 2023
edited
Loading

Hello @Aearsis,
Sorry to revive this conversation this long after the fact.
I have taken your patch for my needs but it seems incoherent compared to CKD_NULL regarding to the truncating.
While for CKD_NULL and the existing implementation, the method ByteString::split is used, you use ByteString::resize.
PKCS#11 specifies: "The truncation removes bytes from the leading end of the secret value."
As you, I could not find any test vectors either.
Maybe some in @rijswijk or someone in the team could chip in on this matter ?

freedge added a commit to freedge/rust-cryptoki that referenced this pull request Aug 9, 2024
@freedge
Define CKD_SHA256_KDF transformation
2fb8919 
I was unable to test rust-cryptoki on some vendor HSM with FIPS
restriction that refuses to derive keys with CKD_NULL.

I was successful however with CKD_SHA256_KDF.

Unfortunately this is not implemented on softHSM
(softhsm/SoftHSMv2#599)
so I provide no test.

This was tested fine on Thales DPOD.

Signed-off-by: François Rigault <rigault.francois@gmail.com>
freedge added a commit to freedge/rust-cryptoki that referenced this pull request Aug 9, 2024
@freedge
Define CKD_SHA256_KDF transformation
3c59039 
Define CKD_SHA256_KDF transformation to be used with CKM_ECDH1_DERIVE.

Some HSM with FIPS restriction will refuse to derive keys with
CKD_NULL. CKD_SHA256_KDF will do fine though.

Unfortunately this is not implemented on softHSM
(softhsm/SoftHSMv2#599)
so I provide no test. This was tested fine against Thales DPOD.

Signed-off-by: François Rigault <rigault.francois@gmail.com>
@freedge freedge mentioned this pull request Aug 9, 2024
Closed
freedge added a commit to freedge/rust-cryptoki that referenced this pull request Aug 10, 2024
@freedge
Define CKD_SHA256_KDF transformation
02a11d7 
Define CKD_SHA256_KDF transformation to be used with CKM_ECDH1_DERIVE.

Some HSM with FIPS restriction will refuse to derive keys with
CKD_NULL. CKD_SHA256_KDF will do fine though.

Unfortunately this is not implemented on softHSM
(softhsm/SoftHSMv2#599)
so I provide no test. This was tested fine against Thales DPOD.

Signed-off-by: François Rigault <rigault.francois@gmail.com>
@jschlyter jschlyter marked this pull request as draft November 29, 2024 16:23
@jschlyter
Copy link
Contributor

Please rebase on develop and mark as ready when ready.

@Aearsis
Implement key derivation functions for CKM_ECDH1_DERIVE
5c8d939 
Signed-off-by: Ondřej Hlavatý <aearsis@eideo.cz>
@Aearsis
Add tests for ECDH with KDFs
6207282 
Signed-off-by: Ondřej Hlavatý <aearsis@eideo.cz>
hug-dev pushed a commit to hug-dev/rust-cryptoki that referenced this pull request Dec 22, 2024
@freedge @hug-dev
Define CKD_SHA256_KDF transformation
7844005 
Define CKD_SHA256_KDF transformation to be used with CKM_ECDH1_DERIVE.

Some HSM with FIPS restriction will refuse to derive keys with
CKD_NULL. CKD_SHA256_KDF will do fine though.

Unfortunately this is not implemented on softHSM
(softhsm/SoftHSMv2#599)
so I provide no test. This was tested fine against Thales DPOD.

Signed-off-by: François Rigault <rigault.francois@gmail.com>
@hug-dev hug-dev mentioned this pull request Dec 22, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@halderen halderen Awaiting requested review from halderen

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Aearsis @rijswijk @antoinelochet @jschlyter