Skip to content

Add KMIP HSM signing support #540

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 57 commits into
base: main
Choose a base branch
from
Draft

Add KMIP HSM signing support #540

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
57 commits
Select commit Hold shift + click to select a range
74e098d
WIP: Initial skeleton for KMIP based crypto operations.
ximon18 Apr 17, 2025
8b025f3
Merge remote-tracking branch 'origin/new-zonefile' into patches-for-n…
ximon18 Jun 4, 2025
7504216
Merge branch 'main' into poc-kmip-crypto-impl
ximon18 Jun 4, 2025
1ccb990
WIP.
ximon18 Jun 6, 2025
0f49710
Delete trial creds.
ximon18 Jun 6, 2025
bbd555f
WIP.
ximon18 Jun 10, 2025
ab57d41
Merge branch 'main' into poc-kmip-crypto-impl
ximon18 Jun 10, 2025
612a125
WIP.
ximon18 Jun 10, 2025
76e1072
Decode the public key material as an ASN1. SubjectPublicKeyInfo data …
ximon18 Jun 10, 2025
e60197c
Add note about self hashing.
ximon18 Jun 11, 2025
661e899
Fix incorrect fn arg name.
ximon18 Jun 19, 2025
5f26ed6
Add a comment about how to enable more logging.
ximon18 Jun 20, 2025
b7ed2b4
Incorporate pending PR #541.
ximon18 Jun 20, 2025
67aad1e
WIP: More KMIP support.
ximon18 Jun 20, 2025
b3f76cd
Add a KMIP PublicKey type ala how it is done for OpenSSL and Ring.
ximon18 Jun 23, 2025
5c4b7b1
Bump kmip dependency.
ximon18 Jun 23, 2025
20ec639
Compilation fix.
ximon18 Jun 23, 2025
d3793e9
Retry KMIP operations on data not found errors, in case the HSM is no…
ximon18 Jun 24, 2025
c4bf887
Sync with changes made in the patches-for-nameshed-poc branch.
ximon18 Jun 25, 2025
760a588
Document the KMIP client and pool types.
ximon18 Jun 30, 2025
ae44c78
Merge branch 'main' into poc-kmip-crypto-impl
ximon18 Aug 12, 2025
d91a4a2
Sync with latest KMIP changes in the patches-for-nameshed-prototype b…
ximon18 Aug 12, 2025
5e8cadc
Remove no longer needed dependencies.
ximon18 Aug 14, 2025
cdf0bb8
Comment re-wrapping.
ximon18 Aug 14, 2025
ceed159
Move KeyUrl from the kmip::sign module to the kmip module.
ximon18 Aug 14, 2025
e591230
Use from_xxx() naming instead of new_xxx().
ximon18 Aug 14, 2025
0449a19
Remove unused fields and use &str instead of String.
ximon18 Aug 14, 2025
aea0e5e
Add kmip::PublicKey::from_url().
ximon18 Aug 14, 2025
28a0b66
Compilation fix.
ximon18 Aug 14, 2025
ca50acb
Remove unused functions and order fns consistently.
ximon18 Aug 14, 2025
c19f9d5
Compilation fix.
ximon18 Aug 14, 2025
c120ea6
More RustDocs.
ximon18 Aug 14, 2025
2061b47
Remove From<kmip::GenerateError> for GenerateError.
ximon18 Aug 14, 2025
c52f645
Refactoring and cleanup.
ximon18 Aug 14, 2025
db19cdf
Clippy.
ximon18 Aug 14, 2025
1e9cc59
Bump MSRV to earliest version that dependencies require (still > 4 ve…
ximon18 Aug 14, 2025
60afddb
Merge branch 'main' into poc-kmip-crypto-impl
ximon18 Aug 14, 2025
55186a3
Merge branch 'main' into poc-kmip-crypto-impl
ximon18 Aug 14, 2025
e684c58
Merge branch 'main' into poc-kmip-crypto-impl
ximon18 Oct 31, 2025
2e1bd36
Use Cargo.lock from main to reduce the number of changes introduced b…
ximon18 Oct 31, 2025
ee29abe
Merge branch 'main' into poc-kmip-crypto-impl
ximon18 Oct 31, 2025
b57d90c
Sync with latest changes in branch patches-for-nameshed-prototype.
ximon18 Oct 31, 2025
950a45c
Add missing pub.
ximon18 Oct 31, 2025
4092e90
Switch to RustLS for KMIP in order to limit KMIP support to using TLS…
ximon18 Oct 31, 2025
7917909
Make RustDoc comment less ambiguous.
ximon18 Oct 31, 2025
d19b62a
KMIP destroy doesn't solely use the key ID, the given connection pool…
ximon18 Oct 31, 2025
6e32a05
Replace doc string TODO with actual doc string. Reflow a long comment.
ximon18 Oct 31, 2025
f4d554f
More RustDoc on kmip::KeyPair.
ximon18 Oct 31, 2025
428ca68
Fix RustDoc links.
ximon18 Oct 31, 2025
1c5ec6d
RustDoc correction.
ximon18 Oct 31, 2025
89785b5
RustDoc correction.
ximon18 Oct 31, 2025
0a2aea7
RustDoc correction.
ximon18 Oct 31, 2025
e6b5ce5
Replace doc string TODO with actual doc string.
ximon18 Oct 31, 2025
6a96104
RustDoc formating fix.
ximon18 Oct 31, 2025
439b3c0
RustDoc formating fix.
ximon18 Oct 31, 2025
175f541
RustDoc formating fix.
ximon18 Oct 31, 2025
1f95280
RustDoc formating fix.
ximon18 Oct 31, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
455 changes: 439 additions & 16 deletions Cargo.lock
View file
Open in desktop

Large diffs are not rendered by default.

11 changes: 9 additions & 2 deletions Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,13 +34,15 @@ chrono = { version = "0.4.35", optional = true, default-features = false
futures-util = { version = "0.3", optional = true }
hashbrown = { version = "0.14.2", optional = true, default-features = false, features = ["allocator-api2", "inline-more"] } # 0.14.2 introduces explicit hashing
heapless = { version = "0.8", optional = true }
kmip = { git = "https://github.com/NLnetLabs/kmip-protocol", branch = "next", package = "kmip-protocol", version = "0.5.0", optional = true, features = ["tls-with-rustls"] }
libc = { version = "0.2.153", default-features = false, optional = true } # 0.2.79 is the first version that has IP_PMTUDISC_OMIT
log = { version = "0.4.22", optional = true }
parking_lot = { version = "0.12", optional = true }
moka = { version = "0.12.3", optional = true, features = ["future"] }
openssl = { version = "0.10.72", optional = true } # 0.10.70 upgrades to 'bitflags' 2.x
proc-macro2 = { version = "1.0.69", optional = true } # Force proc-macro2 to at least 1.0.69 for minimal-version build
ring = { version = "0.17.2", optional = true }
bcder = { version = "0.7", optional = true }
rustversion = { version = "1", optional = true }
secrecy = { version = "0.10", optional = true }
serde = { version = "1.0.130", optional = true, features = ["derive"] }
Expand All @@ -51,6 +53,8 @@ tokio-rustls = { version = "0.26", optional = true, default-features = false }
tokio-stream = { version = "0.1.1", optional = true }
tracing = { version = "0.1.40", optional = true, features = ["log"] }
tracing-subscriber = { version = "0.3.18", optional = true, features = ["env-filter"] }
url = { version = "2.5.4", optional = true }
uuid = { version = "1.18.0", features = ["v4"], optional = true }

[features]
default = ["std", "rand"]
Expand All @@ -66,8 +70,9 @@ std = ["alloc", "dep:hashbrown", "bumpalo?/std", "bytes?/std", "octseq/s
tracing = ["dep:log", "dep:tracing"]

# Cryptographic backends
ring = ["dep:ring"]
openssl = ["dep:openssl"]
ring = ["dep:ring"]
openssl = ["dep:openssl"]
kmip = ["dep:kmip", "dep:bcder", "dep:url", "dep:uuid", "dep:openssl"]

# Crate features
net = ["bytes", "futures-util", "rand", "std", "tokio"]
Expand All @@ -91,6 +96,8 @@ unstable-zonetree = ["futures-util", "parking_lot", "rustversion", "serde", "std

# Support for testing
arbitrary = ["dep:arbitrary"]
url = ["dep:url"]
uuid = ["dep:uuid"]

[dev-dependencies]
itertools = "0.13.0"
Expand Down
Loading