Add leancrypto backend#456
Conversation
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
There was a problem hiding this comment.
Code Review
This pull request integrates the leancrypto library as an optional backend for PBKDF2 key derivation, adding the leancrypto-sys dependency and introducing a new leancrypto module. It maps PKCS#11 mechanism types to leancrypto digest algorithms and implements pbkdf2_derive using the new backend. Additionally, new tests are added to verify PBKDF2 functionality with SHA-2. Feedback includes correcting a copy-paste error in the PBKDF2 derivation error message and using checked conversions (try_from) instead of truncating casts (as) when converting usize to CK_ULONG in the test suite to prevent potential silent data loss.
| iter_count, | ||
| &mut dkm, | ||
| ) | ||
| .map_err(|e| Error::other_error(format!("leancrypto encrypt: {e}")))?; |
There was a problem hiding this comment.
The error message refers to 'leancrypto encrypt', but this function performs PBKDF2 key derivation. This copy-paste error can be misleading during debugging. It should be updated to reflect the actual operation.
| .map_err(|e| Error::other_error(format!("leancrypto encrypt: {e}")))?; | |
| .map_err(|e| Error::other_error(format!("leancrypto pbkdf2 derive: {e}")))?; |
Signed-off-by: Stephan Mueller <smueller@chronox.de>
The DRBG support allows the configuration of "HMAC DRBG SHA256" and "HMAC DRBG SHA512". Yet, both are diverted into using the leancrypto "seeded DRNG" which is a DRNG properly seeded by leancrypto during initialization and during runtime. Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
I have added the DRBG backend. During the addition, I am yet slightly unsure about the naming: The naming required by kryoptic is "HMAC DRBG SHA256" or SHA512. Yet, kryoptic requires effectively the availability of a fully seeded DRBG where the actual type does not really matter. Therefore, the current leancrypto backend uses the "seeded DRNG" logic found in leancrypto which is guaranteed to provide a fully seeded and reseeded DRNG instance. Yet, its type cannot really be configured from the outside as it is initialized as one of the first parts in leancrypto. The default DRBG type used in leancrypto is an XDRBG 256 (i.e. an implementation which is expected to be added to the next revision of SP800-90A). At compile-time of leancrypto, this type can be changed, including to a HMAC-DRBG. Is this approach considered appropriate? |
Signed-off-by: Stephan Mueller <smueller@chronox.de>
simo5
left a comment
There was a problem hiding this comment.
What's the cause of the tests failure?
| use leancrypto_sys::lcr_hash::lcr_hash_digestsize_mapping; | ||
| use leancrypto_sys::lcr_kbkdf::{lcr_kbkdf_ctr, lcr_kbkdf_fb}; | ||
|
|
||
| #[cfg(feature = "fips")] |
There was a problem hiding this comment.
It's odd that you add fips features here when the module is never included if the feature is enabled
| &mut dk_handle, | ||
| ); | ||
| if ret != CKR_OK { | ||
| /* |
There was a problem hiding this comment.
if this only happens with leancrypto I would rather guard this test with the feature.
Otherwise it will also ignore failures it shouldn't for other backends
| derive_template.len() as CK_ULONG, | ||
| &mut handle3, | ||
| ); | ||
| /* Ignore when a backend does not support CMAC KDF */ |
There was a problem hiding this comment.
as above, put a leancrypto feature guard around this
Yes, |
Description
This PR intends to add the leancrypto as backend implementing the cryptographic algorithms used by kryoptic. Leancrypto is intended as a library that focuses on PQC support and does not contain classic algorithms (except Curve25519/448 intended for hybrid algorithms) as outlined in https://leancrypto.org. Furthermore, it is intended to be versatile to be used in various different execution environments (user space, kernel space, EFI, ...) and therefore is intended as a library that provides the needs for large numbers of different use cases.
For now, this PR is a WIP and intends to ask and clarify several questions before or while adding more algorithm support:
The current PR provides PBKDF2 to discuss the questions and the approach. As part of the PR, I added PBKDF2 SHA2 test vectors as leancrypto does not offer SHA-1.
To test the code, perform the following steps:
Checklist
- [ ] Rustdoc string were added or updatedReviewer's checklist: