Discussion:
[Opendnssec-user] SoftHSM C_GetMechanismInfo question
Dave Fine
2017-01-11 21:57:11 UTC
Permalink
Hello,

I have a question regarding something I saw in C_GetMechanismInfo() in the
SoftHSMv2 code. In this function, I see that the min and max key sizes are
set to 0 for all of the SHA HMAC functions (see here:
https://github.com/opendnssec/SoftHSMv2/blob/develop/src/lib/SoftHSM.cpp#L857).
I find this odd, because the HMAC algorithm requires a key size greater
than zero to use properly. Is there a reason why the Mechanism Info key
size fields are not set to 20 for CKM_SHA_1_HMAC, 28 for CKM_SHA224_HMAC,
32 for CKM_SHA256_HMAC, etc ?

Thank you,
-Dave
Roland van Rijswijk - Deij
2017-01-12 07:23:02 UTC
Permalink
Hi Dave,
Post by Dave Fine
I have a question regarding something I saw in C_GetMechanismInfo() in
the SoftHSMv2 code. In this function, I see that the min and max key
https://github.com/opendnssec/SoftHSMv2/blob/develop/src/lib/SoftHSM.cpp#L857).
I find this odd, because the HMAC algorithm requires a key size greater
than zero to use properly. Is there a reason why the Mechanism Info key
size fields are not set to 20 for CKM_SHA_1_HMAC, 28 for
CKM_SHA224_HMAC, 32 for CKM_SHA256_HMAC, etc ?
The short answer: probably because we did not focus specifically on
implementing these mechanisms, but rather they are there to satisfy
compatibility tests.

Can I ask you to open an issue for this via GitHub? If you do this
yourself you will receive notifications of responses and (if required)
updates to the code. Thanks! (if you do not wish to do this, let me
know, and I will open the issue for you)

https://github.com/opendnssec/SoftHSMv2/issues

Cheers,

Roland
--
-- Roland M. van Rijswijk - Deij
-- SURFnet bv
-- w: http://www.surf.nl/en/about-surf/subsidiaries/surfnet
-- e: ***@surfnet.nl
Dave Fine
2017-01-12 15:34:44 UTC
Permalink
Thanks for the reply. I've captured the issue here:
https://github.com/opendnssec/SoftHSMv2/issues/280


On Thu, Jan 12, 2017 at 2:23 AM Roland van Rijswijk - Deij <
Post by Roland van Rijswijk - Deij
Hi Dave,
Post by Dave Fine
I have a question regarding something I saw in C_GetMechanismInfo() in
the SoftHSMv2 code. In this function, I see that the min and max key
https://github.com/opendnssec/SoftHSMv2/blob/develop/src/lib/SoftHSM.cpp#L857
).
Post by Dave Fine
I find this odd, because the HMAC algorithm requires a key size greater
than zero to use properly. Is there a reason why the Mechanism Info key
size fields are not set to 20 for CKM_SHA_1_HMAC, 28 for
CKM_SHA224_HMAC, 32 for CKM_SHA256_HMAC, etc ?
The short answer: probably because we did not focus specifically on
implementing these mechanisms, but rather they are there to satisfy
compatibility tests.
Can I ask you to open an issue for this via GitHub? If you do this
yourself you will receive notifications of responses and (if required)
updates to the code. Thanks! (if you do not wish to do this, let me
know, and I will open the issue for you)
https://github.com/opendnssec/SoftHSMv2/issues
Cheers,
Roland
--
-- Roland M. van Rijswijk - Deij
-- SURFnet bv
-- w: http://www.surf.nl/en/about-surf/subsidiaries/surfnet
Loading...