-
-
Notifications
You must be signed in to change notification settings - Fork 35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch pkcs11 crate for cryptoki instead #754
Conversation
…to support non x86_64 architectures, e.g. ARMv7 on a Raspberry Pi 4b. Now gets as far as "2022-01-05 00:36:38 [INFO] [krill::commons::crypto::signing::dispatch::signerrouter] Signer 'YubiHSM2 Nano via PKCS#11' is ready for use" in my testing. Uses the unreleased cryptoki main HEAD code because the released 0.2.0 version lacks functionality we need, e.g. get library and slot info.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not comfortable with using an unreleased version of cryptoki. Other than that it seems to me that all of this is fine. Lots of changes - but as far as I can tell they are all just about using the other API and none of them introduce different behaviour.
…ow which PKCS#11 calls Cryptoki actually makes on our behalf.
This is resolved now. |
Great! I think we can start merging all this into dev then! |
This PR attempts to resolve #752.
On my Raspberry Pi 4b with the YubiHSM2 Nano with a cross compiled build of this PR code I can now get Krill to talk to the YubiHSM2 via the PKCS#11 interface. It remains to be seen if all tests pass, I suspect they do not yet, but it at least gets this far now: (with some parts of the logging stripped such as timestamps and function paths to make it easier to read here)