Skip to content

test: commit, delete me later #822

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
JoaoHenrique12 wants to merge 6 commits into from
Closed

test: commit, delete me later #822

JoaoHenrique12 wants to merge 6 commits into from

Conversation

@JoaoHenrique12
Copy link

@JoaoHenrique12 JoaoHenrique12 commented Oct 7, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • New Features

    • Added SLH-DSA (post-quantum) key type and mechanisms for key generation and sign/verify.
    • Enabled SLH-DSA key import via utility; mechanism lists and attributes reflect new support.
    • Provided multiple PKCS#11 sample apps (crypto, checksum, attributes, object, Dilithium, BTC) demonstrating common flows.
    • Introduced a Docker image with OpenSSL toolchain and pre-initialized SoftHSM token.

  • Documentation

    • Added comprehensive guide for IBM Cloud Hyper Protect Crypto Services PKCS#11 usage.

  • Build

    • New configure option and autodetection for SLH-DSA (OpenSSL-only); build scripts and tables updated accordingly.

JoaoHenrique12 and others added 6 commits October 6, 2025 21:11
@JoaoHenrique12
feat: add initial dockerfile do easier the build
0ed54a3 
feat: temporary commit with cache

feat: remove cache
@JoaoHenrique12
feat: using openssl 3.5.1 to build softhsmv2
4751b85
@JoaoHenrique12
chore: dockerfile remove ecc keys, enable only eddsa
0f41d72
@JoaoHenrique12
fix: install opensc and pkcs11 at begining
eae29bd
@JoaoHenrique12
feat: duplicate eddsa (#2)
89b5129 
* feat: duplicate m4 files, still using NID from EDDSA

Update dockerfile to use --with-slhdsa

* feat: duplicate SLH(Public|Private)Key.(cpp|h)

* feat: duplicate OSSLSLH(Public|Private)Key.(cpp|h)

* feat: duplicate OSSLSLHKeypair.(cpp|h)

* feat: add SLHDSA mech and algo to AsymmetricAlgorithm.h

* feat: duplicate OSSLSLHDSA.(cpp|h)

* feat: duplicate on OSSLCryptoFactory.cpp

* feat: OSSLUtil.(cpp|h), duplication by definition

* feat: add duplicated files to crypto/CMakeLists.txt

* feat: duplicate P11ED(Public|Private)KeyObj for slhdsa

PTAL on EC params, update it later, CKK_EC_EDWARDS

* feat: duplicate softhsm2-util-ossl.(cpp|h)

* feat: duplicate SoftHSM.(cpp|h)

* fix: force disable eddsa to avoid conflict with cases and tables

* fix: compilation error by add crypto/Makefile.am cpp new files

grep -r OSSLEDDSA

* feat: add syslog to container

* fix: key gen on SLH-DSA

* fix: add default log level info

* refactor: use separated pkcs constants (with same value) for slh-dsa

* feat(pkcs11): add ibm implementation to access cryptographic tokens
@JoaoHenrique12
feat: update pkcs11 client and add slh-dsa signature (#3)
8dedecb 
* feat: update slh-dsa pkcs11 params, use different numbers

* docs: add links about oid ed25519

* refactor: replace ec to slh on generateSLH

* chore(logs): added to C_GenerateKeyPair flow structure

found where problems in key generation is: EC_PARAMS must be duplicated to SLH_PARAMS
PKCS11 constant is raising error on P11Object::saveTemplate

* feat(pkcs11): update input params for public key to SLH_DSA_PARAMS

* feat: duplication ECParameters to SLHParameters

* feat: update SLH(Public|Priavte)Key, remove EC and use der for attribs

* feat: update OSSLSLH(Public|Priavte)Key classes

* feat: update softhsm2-util-ossl.(cpp|h)

* feat: update P11Attributes.(cpp|h) + P11Objects.cpp

* feat: make changes on OSSLSLHDSA and SoftHSM to store keys

add logs either

* fix: getOrderLength and setDer(Public|Private)Key

setup name when setDer(Public|Private)Key to get the signature length on OSSLSLH(Private|Public
)Key.cpp

* fix: getOrderLength for private and public key not multiply by 2

* fix: OSSLSLHPublicKey, remove ED key len variables

* fix: OSSLSLHPublicKey use inPKEY instead pkey

* fix: pkcs11-slhdsa.c signature size to 7856

* fix: OSSLSLHPublicKey verification of pkey

* chore: add some debug logs on OSSLSLHDSA and SoftHSM files

* test: add pkcs11-slhdsa.c test cases for all signatures with slh-dsa

add as well data.txt

* fix: file OSSLSLHDSA.cpp get back macro with_slhdsa

replace printf and use ERROR_MSG

* chore: dockerfile enable eddsa either

* fix: remove macro slh-dsa for nid functions

* fix: update m4 files to disable slh-dsa for older versions of OSSL

disable SLH-DSA for Botan either

* fix: warning of unused variable

get slhdsaMin/Maxsize oly if slh-dsa is enabled
@JoaoHenrique12 JoaoHenrique12 requested a review from a team as a code owner October 7, 2025 00:12
@coderabbitai
Copy link

coderabbitai bot commented Oct 7, 2025
edited
Loading

Caution

Review failed

The pull request is closed.

Walkthrough

Adds SLH-DSA (SLHDSA) algorithm support across SoftHSM: PKCS#11 constants, attributes, objects, mechanisms, OpenSSL-backed crypto implementation, key generation and import/export, and utility support. Introduces build-time detection and gating via Autoconf. Adds multiple PKCS#11 sample programs and vendor headers. Provides a multi-stage Dockerfile to build a SoftHSM/OpenSSL toolchain.

Changes

Cohort / File(s) Summary
Build tooling (Docker)
Dockerfile		 New multi-stage build for OpenSSL and SoftHSM; config, install, env setup, token init.
Configure scripts (Autoconf)
m4/acx_crypto_backend.m4, m4/acx_openssl_slhdsa.m4		 Adds SLHDSA option, detection for OpenSSL support, WITH_SLHDSA define and conditional.
SoftHSM PKCS#11 constants
src/lib/pkcs11/pkcs11.h, src/bin/dump/tables.h		 Adds CKK_SLHDSA, CKA_SLHDSA_PARAMS, CKM_SLH_KEY_PAIR_GEN, CKM_SLHDSA; updates dump tables.
Core SoftHSM integration
src/lib/SoftHSM.h, src/lib/SoftHSM.cpp		 Adds SLHDSA mechanism handling, keygen path (generateSLH), key retrieval helpers, mech info/list updates.
Object/attribute model
src/lib/P11Attributes.h, src/lib/P11Attributes.cpp, src/lib/P11Objects.h, src/lib/P11Objects.cpp		 Adds CKA_SLHDSA_PARAMS attribute class and defaulting; introduces SLH public/private key object classes; logging tweaks.
Crypto: algorithm/types
src/lib/crypto/AsymmetricAlgorithm.h		 Extends enums for EDDSA and SLHDSA mechanisms.
Crypto: SLHDSA (generic)
src/lib/crypto/SLHParameters.*, src/lib/crypto/SLHPublicKey.*, src/lib/crypto/SLHPrivateKey.*		 New parameter and abstract key classes with (de)serialisation and DER handling.
Crypto: OpenSSL SLHDSA
src/lib/crypto/OSSLCryptoFactory.cpp, src/lib/crypto/OSSLSLHDSA.*, src/lib/crypto/OSSLSLHKeyPair.*, src/lib/crypto/OSSLSLHPublicKey.*, src/lib/crypto/OSSLSLHPrivateKey.*		 OpenSSL-backed SLHDSA implementation: sign/verify, keygen, (de)serialisation, keypair plumbing; factory wiring.
Crypto build files
src/lib/crypto/CMakeLists.txt, src/lib/crypto/Makefile.am		 Adds SLHDSA-related sources to generic and OpenSSL builds.
OpenSSL util guards
src/lib/crypto/OSSLUtil.*		 Preprocessor conditions extended to include WITH_SLHDSA where needed.
Utility: softhsm2 tool
src/bin/util/softhsm2-util-ossl.{h,cpp}		 Adds SLHDSA key import/save support, key material marshaling helpers, header guards for EVP inclusion.
Samples: PKCS#11 headers
hpcs-pkcs11/samples/pkcs11.h, .../pkcs11f.h, .../pkcs11t.h		 Adds local Cryptoki headers and function list scaffolding for samples.
Samples: vendor headers
hpcs-pkcs11/samples/ep11.h, hpcs-pkcs11/samples/grep11.h		 Adds EP11/XCP and GREP11 vendor definitions, enums, and prototypes.
Samples: programs
hpcs-pkcs11/samples/pkcs11-attrs.c, .../pkcs11-crypto.c, .../pkcs11-btc.c, .../pkcs11-checksum.c, .../pkcs11-dilithium.c, .../pkcs11-object.c, .../pkcs11-slhdsa.c, hpcs-pkcs11/samples/sample.h		 Adds multiple standalone PKCS#11 sample apps and helper header; SLH-DSA sample included.
Docs
hpcs-pkcs11/README.md		 New README with HPCS PKCS#11 usage, verification, and sample guidance.
Misc
data.txt		 Adds a single line "msg".

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor User
  participant App as Sample App
  participant P11 as PKCS#11 Module (SoftHSM)
  participant SH as SoftHSM Core
  participant CF as CryptoFactory
  participant SLH as OSSLSLHDSA
  participant OSSL as OpenSSL EVP

  rect rgb(240,248,255)
  note right of App: Key generation (CKM_SLH_KEY_PAIR_GEN)
  User->>App: Run sample (generate SLH keypair)
  App->>P11: C_GenerateKeyPair(mech=CKM_SLH_KEY_PAIR_GEN, templates)
  P11->>SH: generateSLH(...)
  SH->>CF: getAsymmetricAlgorithm(SLHDSA)
  CF-->>SH: OSSLSLHDSA instance
  SH->>SLH: generateKeyPair(params)
  SLH->>OSSL: EVP_PKEY_CTX_new_from_name + keygen
  OSSL-->>SLH: EVP_PKEY*
  SLH-->>SH: Keys
  SH-->>P11: Handles (pub, priv)
  P11-->>App: CKR_OK + handles
  end

  rect rgb(245,255,240)
  note right of App: Sign/Verify (CKM_SLHDSA)
  App->>P11: C_SignInit(handle_priv, CKM_SLHDSA)
  App->>P11: C_Sign(data)
  P11->>SH: sign(...)
  SH->>SLH: sign(privateKey, data, CKM_SLHDSA)
  SLH->>OSSL: EVP_DigestSignInit/Sign
  OSSL-->>SLH: signature
  SLH-->>SH: signature
  SH-->>P11: signature
  P11-->>App: signature

  App->>P11: C_VerifyInit(handle_pub, CKM_SLHDSA)
  App->>P11: C_Verify(data, signature)
  P11->>SH: verify(...)
  SH->>SLH: verify(publicKey, data, sig, CKM_SLHDSA)
  SLH->>OSSL: EVP_DigestVerifyInit/Verify
  OSSL-->>SLH: result
  SLH-->>SH: CKR_OK/FAIL
  SH-->>P11: status
  P11-->>App: CKR_OK
  end
Loading

Estimated code review effort

🎯 5 (Critical) | ⏱️ ~120 minutes

Possibly related PRs

Suggested labels

enhancement

Suggested reviewers

  • bjosv
  • jschlyter
  • kalvdans

Poem

In burrows of code I hop and pry,
New SLH keys beneath the sky.
Autoconf scents the OpenSSL breeze,
SoftHSM sprouts fresh cryptic trees.
With paws on tokens, I sign away—
Carrots, commits, and PKCS hooray! 🥕✨

✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 25b94d4 and 8dedecb.

📒 Files selected for processing (48)
  • Dockerfile (1 hunks)
  • data.txt (1 hunks)
  • hpcs-pkcs11/README.md (1 hunks)
  • hpcs-pkcs11/samples/ep11.h (1 hunks)
  • hpcs-pkcs11/samples/grep11.h (1 hunks)
  • hpcs-pkcs11/samples/pkcs11-attrs.c (1 hunks)
  • hpcs-pkcs11/samples/pkcs11-btc.c (1 hunks)
  • hpcs-pkcs11/samples/pkcs11-checksum.c (1 hunks)
  • hpcs-pkcs11/samples/pkcs11-crypto.c (1 hunks)
  • hpcs-pkcs11/samples/pkcs11-dilithium.c (1 hunks)
  • hpcs-pkcs11/samples/pkcs11-object.c (1 hunks)
  • hpcs-pkcs11/samples/pkcs11-slhdsa.c (1 hunks)
  • hpcs-pkcs11/samples/pkcs11.h (1 hunks)
  • hpcs-pkcs11/samples/pkcs11f.h (1 hunks)
  • hpcs-pkcs11/samples/pkcs11t.h (1 hunks)
  • hpcs-pkcs11/samples/sample.h (1 hunks)
  • m4/acx_crypto_backend.m4 (4 hunks)
  • m4/acx_openssl_slhdsa.m4 (1 hunks)
  • src/bin/dump/tables.h (3 hunks)
  • src/bin/util/softhsm2-util-ossl.cpp (2 hunks)
  • src/bin/util/softhsm2-util-ossl.h (3 hunks)
  • src/lib/P11Attributes.cpp (1 hunks)
  • src/lib/P11Attributes.h (1 hunks)
  • src/lib/P11Objects.cpp (6 hunks)
  • src/lib/P11Objects.h (2 hunks)
  • src/lib/SoftHSM.cpp (34 hunks)
  • src/lib/SoftHSM.h (3 hunks)
  • src/lib/crypto/AsymmetricAlgorithm.h (2 hunks)
  • src/lib/crypto/CMakeLists.txt (2 hunks)
  • src/lib/crypto/Makefile.am (2 hunks)
  • src/lib/crypto/OSSLCryptoFactory.cpp (2 hunks)
  • src/lib/crypto/OSSLSLHDSA.cpp (1 hunks)
  • src/lib/crypto/OSSLSLHDSA.h (1 hunks)
  • src/lib/crypto/OSSLSLHKeyPair.cpp (1 hunks)
  • src/lib/crypto/OSSLSLHKeyPair.h (1 hunks)
  • src/lib/crypto/OSSLSLHPrivateKey.cpp (1 hunks)
  • src/lib/crypto/OSSLSLHPrivateKey.h (1 hunks)
  • src/lib/crypto/OSSLSLHPublicKey.cpp (1 hunks)
  • src/lib/crypto/OSSLSLHPublicKey.h (1 hunks)
  • src/lib/crypto/OSSLUtil.cpp (1 hunks)
  • src/lib/crypto/OSSLUtil.h (2 hunks)
  • src/lib/crypto/SLHParameters.cpp (1 hunks)
  • src/lib/crypto/SLHParameters.h (1 hunks)
  • src/lib/crypto/SLHPrivateKey.cpp (1 hunks)
  • src/lib/crypto/SLHPrivateKey.h (1 hunks)
  • src/lib/crypto/SLHPublicKey.cpp (1 hunks)
  • src/lib/crypto/SLHPublicKey.h (1 hunks)
  • src/lib/pkcs11/pkcs11.h (3 hunks)

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@JoaoHenrique12