[Opendnssec-user] SoftHSM C_GetMechanismInfo question

Dave Fine finerrecliner at gmail.com
Thu Jan 12 15:34:44 UTC 2017


Thanks for the reply. I've captured the issue here:
https://github.com/opendnssec/SoftHSMv2/issues/280


On Thu, Jan 12, 2017 at 2:23 AM Roland van Rijswijk - Deij <
roland.vanrijswijk at surfnet.nl> wrote:

> Hi Dave,
>
> Dave Fine wrote:
> > I have a question regarding something I saw in C_GetMechanismInfo() in
> > the SoftHSMv2 code. In this function, I see that the min and max key
> > sizes are set to 0 for all of the SHA HMAC functions (see here:
> >
> https://github.com/opendnssec/SoftHSMv2/blob/develop/src/lib/SoftHSM.cpp#L857
> ).
> > I find this odd, because the HMAC algorithm requires a key size greater
> > than zero to use properly. Is there a reason why the Mechanism Info key
> > size fields are not set to 20 for CKM_SHA_1_HMAC, 28 for
> > CKM_SHA224_HMAC, 32 for CKM_SHA256_HMAC, etc ?
>
> The short answer: probably because we did not focus specifically on
> implementing these mechanisms, but rather they are there to satisfy
> compatibility tests.
>
> Can I ask you to open an issue for this via GitHub? If you do this
> yourself you will receive notifications of responses and (if required)
> updates to the code. Thanks! (if you do not wish to do this, let me
> know, and I will open the issue for you)
>
> https://github.com/opendnssec/SoftHSMv2/issues
>
> Cheers,
>
> Roland
>
> --
> -- Roland M. van Rijswijk - Deij
> -- SURFnet bv
> -- w: http://www.surf.nl/en/about-surf/subsidiaries/surfnet
> -- e: roland.vanrijswijk at surfnet.nl
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20170112/f91dd106/attachment.htm>


More information about the Opendnssec-user mailing list