Skip to content

add support for pkcs11 v3.2 ml-kem#131

Draft
Nicolas-Peiffer wants to merge 16 commits intomasterfrom
pkcs11-v3.2-ml-kem
Draft

add support for pkcs11 v3.2 ml-kem#131
Nicolas-Peiffer wants to merge 16 commits intomasterfrom
pkcs11-v3.2-ml-kem

Conversation

@Nicolas-Peiffer
Copy link
Copy Markdown
Contributor

@Nicolas-Peiffer Nicolas-Peiffer commented Apr 13, 2026

  • README: add support for new PQC crypto algorithms
  • new integration testing with SoftHSMv3
  • rename config file to crypto11.config.json
  • add support for ML-KEM
  • various golang linting

@Nicolas-Peiffer
update to go1.25.8
8c7dd31 
Signed-off-by: Nicolas-Peiffer <102670102+Nicolas-Peiffer@users.noreply.github.com>
@Nicolas-Peiffer
udpate to go 1.26.1
97138bd 
Signed-off-by: Nicolas-Peiffer <102670102+Nicolas-Peiffer@users.noreply.github.com>
@Nicolas-Peiffer
use local miekg/pkcs11 fork
d4f0e38 
this is temporary we wait on the PR to be merged
@Nicolas-Peiffer
add support for pkcs11 v3.2 and ML-KEM
bbe29d1
@Nicolas-Peiffer
assigning the result of this type assertion to a variable (switch opt…
a45f2ff 
…s := opts.(type)) could eliminate type assertions in switch cases https://staticcheck.dev/docs/checks/#S1034
@Nicolas-Peiffer
use fmt.Errorf
54e4ac8
@Nicolas-Peiffer
type assertion to the same type: key.Public() already has type crypto…
a8099ee 
….PublicKey S1040
@Nicolas-Peiffer
type assertion to the same type: key.Public() already has type crypto…
2936a8f 
….PublicKey S1040
@Nicolas-Peiffer
type assertion to the same type: key.Public() already has type crypto…
e631012 
….PublicKey S1040
@Nicolas-Peiffer
should omit nil check; len() for nil slices is defined as zero S1009
1f6bb8f
@Nicolas-Peiffer
Add require.NoError(t, err) after ConfigureFromFile to prevent nil-pt…
a885c55 
…r panic
@Nicolas-Peiffer
TestKeyPairDelete/TestKeyDelete use plural FindKeyPairs/FindKeys; Tes…
da787f0 
…tAccessSameLibraryTwice uses FindKeys; TestNoLogin cleans up unexpected key and skips; TestInvalidPinDoesntDestroyLibrary skips gracefully when tokens absent
@Nicolas-Peiffer
Find truly uninitialized slots via set-difference; create "token1"/"t…
64bd799 
…oken2" for TestInvalidPinDoesntDestroyLibrary
@Nicolas-Peiffer
TestHardDSA skips when CKM_DSA_KEY_PAIR_GEN unsupported
d7ef862
@Nicolas-Peiffer
update readme
d0861f2 
Algorithm support tables covering RSA, ECDSA, DSA, ML-KEM (all three security levels), AES, DES3, certificates, HMAC, and RNG — with which operations each supports
ML-KEM noted as requiring PKCS#11 v3.2 and SoftHSMv3
New SoftHSMv3 testing section explaining the automated SOFTHSM3_MODULE workflow
SoftHSMv2 section updated with a markdown link and a note that ML-KEM tests auto-skip on v2
@Nicolas-Peiffer
config renamed to crypto11.config.json
45081a8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Nicolas-Peiffer