[Opendnssec-user] SoftHSM C_GetMechanismInfo question

Roland van Rijswijk - Deij roland.vanrijswijk at surfnet.nl
Thu Jan 12 07:23:02 UTC 2017

Hi Dave,

Dave Fine wrote:
> I have a question regarding something I saw in C_GetMechanismInfo() in
> the SoftHSMv2 code. In this function, I see that the min and max key
> sizes are set to 0 for all of the SHA HMAC functions (see here:
> https://github.com/opendnssec/SoftHSMv2/blob/develop/src/lib/SoftHSM.cpp#L857).
> I find this odd, because the HMAC algorithm requires a key size greater
> than zero to use properly. Is there a reason why the Mechanism Info key
> size fields are not set to 20 for CKM_SHA_1_HMAC, 28 for
> CKM_SHA224_HMAC, 32 for CKM_SHA256_HMAC, etc ?

The short answer: probably because we did not focus specifically on
implementing these mechanisms, but rather they are there to satisfy
compatibility tests.

Can I ask you to open an issue for this via GitHub? If you do this
yourself you will receive notifications of responses and (if required)
updates to the code. Thanks! (if you do not wish to do this, let me
know, and I will open the issue for you)




-- Roland M. van Rijswijk - Deij
-- SURFnet bv
-- w: http://www.surf.nl/en/about-surf/subsidiaries/surfnet
-- e: roland.vanrijswijk at surfnet.nl

More information about the Opendnssec-user mailing list