Skip to content

NSS-kryoptic integration finds#431

Open
FrantisekKrenzelok wants to merge 4 commits intolatchset:mainfrom
FrantisekKrenzelok:nss-kryoptic-finds
Open

NSS-kryoptic integration finds#431
FrantisekKrenzelok wants to merge 4 commits intolatchset:mainfrom
FrantisekKrenzelok:nss-kryoptic-finds

Conversation

@FrantisekKrenzelok
Copy link
Copy Markdown

@FrantisekKrenzelok FrantisekKrenzelok commented Mar 24, 2026
edited
Loading

Description

This PR implements logic to permit CKO_DATA objects to be used directly as input key material for HKDF derivation (CKM_HKDF_DERIVE and CKM_HKDF_DATA), safely bypassing the standard CKA_DERIVE check. This aligns with PKCS#11 extraction phase constraints, enabling data objects to be employed provided bExtract is set to TRUE, the exact size matches the HMAC hash length, and a non-null salt is supplied.
Additionally, this PR includes:

  • Registration of the GenericSecretKeyFactory for the CKK_HKDF key type to ensure these secret keys can be correctly instantiated.
  • Removal of the overly restrictive in_use check inside the OpenSSL HashOperation wrapper, properly enabling the finalization of digest operations (and HKDF derivations) on empty data streams.
  • Comprehensive testing in src/tests/kdfs.rs validating success and failure requirements of HKDF derivation from CKO_DATA objects.

Checklist

  • Test suite updated
  • Rustdoc string were added or updated (N/A: Only internal logic and tests were touched)
  • CHANGELOG and/or other documentation added or updated
  • This is not a code change (N/A: It is a code change)

Reviewer's checklist:

  • Any issues marked for closing are fully addressed
  • There is a test suite reasonably covering new functionality or modifications
  • This feature/change has adequate documentation added
  • A changelog entry is added if the change is significant
  • Code conform to coding style that today cannot yet be enforced via the check style test
  • Commits have short titles and sensible text
  • Doc string are properly updated (N/A: No public APIs had their signatures changed)

@FrantisekKrenzelok FrantisekKrenzelok changed the title Nss kryoptic finds NSS-kryoptic integration finds Mar 24, 2026
@FrantisekKrenzelok
hkdf: register object factory for CKK_HKDF secret keys
0e94e00 
Registers a GenericSecretKeyFactory for the (CKO_SECRET_KEY, CKK_HKDF) object type in the HKDF module, ensuring that HKDF secret keys can be correctly instantiated and operations on them are supported.

Signed-off-by: Krenželok František <fkrenzel@redhat.com>
@FrantisekKrenzelok FrantisekKrenzelok force-pushed the nss-kryoptic-finds branch 2 times, most recently from 76c3035 to 9ae5988 Compare March 24, 2026 12:36
simo5
simo5 requested changes Mar 24, 2026
View reviewed changes
FrantisekKrenzelok and others added 3 commits March 27, 2026 12:05
@FrantisekKrenzelok
keymgmt: allow derive from CKO_DATA without CKA_DERIVE
7a691a2 
Permits CKM_HKDF_DERIVE and CKM_HKDF_DATA operations to use CKO_DATA objects as the base key material, bypassing standard CKA_DERIVE checks when specific extract constraints (bExtract=TRUE, correct size, non-null salt) are met.

This follows PKCS latchset#11 specification 3.2 sectoin: 6.62.3 HKDF derive

"The input key must be of type CKK_HKDF or CKK_GENERIC_SECRET and the
length must be the size of the underlying hash function specified in
prfHashMechanism. The exception is a data object which has the same size
as the underlying hash function, and which may be supplied as an input
key. In this case bExtract should be true and non-null salt should be
supplied."

Signed-off-by: Krenželok František <fkrenzel@redhat.com>
@FrantisekKrenzelok
tests: add test for HKDF derivation from CKO_DATA objects
f69d844 
Validates that a CKO_DATA object can be used as the root keying material for CKM_HKDF_DERIVE operations, ensuring that derivation behaves strictly according to the PKCS#11 extract phase constraints (bExtract=TRUE, correct size, non-null salt).

Co-authored-by: Gemini <gemini@google.com>
Signed-off-by: Krenželok František <fkrenzel@redhat.com>
@FrantisekKrenzelok
ossl/hash: allow digest without prior update function
db25a47 
Removes the 'in_use' state requirement in OpenSSL HashOperation finalization, enabling empty data streams or operations without a preceding update function call.

This follows PKCS latchset#11 specification v3.2 section: 5.12.1

"After calling C_DigestInit, the application can either call C_Digest to
digest data in a single part; or call C_DigestUpdate zero or more times,
followed by C_DigestFinal, to digest data in multiple parts. The
message-digesting operation is active until the application uses a call
to C_Digest or C_DigestFinal to actually obtain the message digest. To
process additional data (in single or multiple parts), the application
MUST call C_DigestInit again."

Signed-off-by: Krenželok František <fkrenzel@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@simo5 simo5 Awaiting requested review from simo5

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@FrantisekKrenzelok @simo5