Hi, I have a working CKM_HKDF_DERIVE implementation against current main and would like to upstream it. Before opening a PR, I'd appreciate input on a few design choices.
What I have
- CKM_HKDF_DERIVE per PKCS#11 v3, parsing CK_HKDF_PARAMS.
- All three salt sources (NULL / DATA / KEY) and all four extract/expand combinations.
- Sensitive/extractable propagation matching CKM_CONCATENATE_BASE_AND_KEY.
- Support for all PRFs.
- Some RFC 5869 Test Cases passing as a CppUnit test.
Known gaps:
- OpenSSL backend only.
- HKDF logic inline in SoftHSM.cpp, not under src/lib/crypto/.
- CKK_HKDF not wired into newP11Object / P11Attributes.
- No CKM_HKDF_KEY_GEN / CKM_HKDF_DATA, no FIPS gating.
Questions
- Crypto layer — should I model HKDF after MacAlgorithm (new + OSSL/Botan subclasses via CryptoFactory), or build it on top of existing MacAlgorithm HMAC and skip a new factory entry?
- Botan backend — required for merge, or acceptable as follow-up?
- FIPS — for WITH_FIPS builds, allow SHA-2 PRFs only and compile out the rest, matching the CKM_DES_* pattern?
- CKK_HKDF object representation — reuse P11GenericSecretKeyObj (like the CKK_*_HMAC types), or introduce P11HKDFSecretKeyObj?
- Would CKM_HKDF_KEY_GEN / CKM_HKDF_DATA be required to merge?
- Tests — anything beyond DeriveTests.cpp and RFC 5869 vectors you'd like to see?
Motivation
My project uses SoftHSM in CI and needs HKDF; we'd rather upstream than maintain a fork.
Thanks!
Hi, I have a working CKM_HKDF_DERIVE implementation against current main and would like to upstream it. Before opening a PR, I'd appreciate input on a few design choices.
What I have
Known gaps:
Questions
Motivation
My project uses SoftHSM in CI and needs HKDF; we'd rather upstream than maintain a fork.
Thanks!