-
Stef Walter authored
This is to hash the results of the DH key agreement, since the generated key size rarely matches the size of our bulk encryption key size. * Add PKCS#11 algorithm CKM_G_HKDF_SHA256_DERIVE * Change DH code so it always generates keys of prime size. * Change CKM_DH_PKCS11_DERIVE mechanism to support truncating or expanding keys on its own (without help from underlying implementation) in accordance with PKCS#11. Although we no longer use this. * Add support for CKK_GENERIC_SECRET keys. * Update prompt code to use HKDF in key negotiation. * Add secret service dh-ietf1024-sha256-aes128-cbc-pkcs7 algo which replaces the previous.
54d4781a