AES_CBC_ENCRYPT_DATA mechanism for deriveKey

[jahluwalia]

I'm trying to get deriveKey working with AES_CBC_ENCRYPT_DATA set as the mechansim. I noticed that your AesCbc params are missing type and data in the toCKI method. When i tried implementing my own function, SoftHSM2 returns CKR_FUNCTION_FAILED. If i use yours, i get CKR_MECHANISM_PARAM_INVALID, presumably because the data is missing. Any suggestions?

thanks,
jas

[rmhrisk]

You will have to review the SoftHSM source and see what they expect for this call.

[jahluwalia]

Hmmm...been doing that for the past few hours. I thought data and type were my 'eureka' moments, but that ended up making me go a step backwards. Was this table generated with any examples to back it up?

https://github.com/PeculiarVentures/graphene/blob/master/capabilities/SoftHSM2.md

Thanks,
Jas

[rmhrisk]

That table was generated with https://github.com/PeculiarVentures/graphene-cli

[microshine]

@jahluwalia I have added AesCbcEncryptDataParams class and test for SoftHSM AES key derivation

new version of the [email protected] is available

[jahluwalia]

@microshine

Thank you very much for that. We JUST got it working a couple hours ago before your changes. We wrote our own AesCBCEncryptDataParams class that exported teh iv, type, and data. After that, he problem on our side was we were only sending in 16 bytes of data as opposed to 32.

When we upgrade, we'll switch to your class. Thank you for your help.

Thanks,
Jas

[rmhrisk]

@jahluwalia we are always curious to hear what others are doing, if you can share please do.

Either way, we are happy to see your working now