Skip to content
Commit 54d4781a authored by Stef Walter's avatar Stef Walter
Browse files

Implement HKDF for transport encryption security. 

This is to hash the results of the DH key agreement, since the
generated key size rarely matches the size of our bulk
encryption key size.

 * Add PKCS#11 algorithm CKM_G_HKDF_SHA256_DERIVE
 * Change DH code so it always generates keys of prime size.
 * Change CKM_DH_PKCS11_DERIVE mechanism to support truncating
   or expanding keys on its own (without help from underlying
   implementation) in accordance with PKCS#11. Although we no
   longer use this.
 * Add support for CKK_GENERIC_SECRET keys.
 * Update prompt code to use HKDF in key negotiation.
 * Add secret service dh-ietf1024-sha256-aes128-cbc-pkcs7 algo
   which replaces the previous.
parent b6c94d5f
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment