Review the pkcs11 crate dependency

[ximon18]

User @ionut-arm commented on PR #727 that the cryptoki Rust crate was created in part to address "the (security) problems in the [pkcs11] crate".

We should review the decision to use the pkcs11 crate for interfacing with PKCS#11 libraries in Krill. For example:

• Are there known security and/or memory safety issues with the pkcs11 crate?
• Does Krill use the crate in such a way that it is affected by any such issues?
• Is the crate still actively maintained?
• Should we switch to away from the pkcs11 crate?
• Should we switch to the cryptoki crate?
• Are there other viable alternatives?

[ximon18]

See also: #752

[ximon18]

Does Krill use the crate in such a way that it is affected by any such issues?

Unknown, but we have since encountered issue #752 with the pkcs11 crate on ARMv7.

Is the crate still actively maintained?

Comments here and here seem to indicate that the crate is NOT actively maintained.

Should we switch to the cryptoki crate?

Possibly, it seems to not suffer from the #752 issue at least, but it is poorly documented, suffers from some crashes (see here and here (to be fair so does the pkcs11 crate, e.g. see here)), seems to be in need of more testing (see here) and may not have the features Krill needs as the Parsec projects "initial target was to abstract everything that we need in Parsec", and the interface is quite different to that of the pkcs11 crate (modifying the simple keyls tool to switch crates was quite a substantial change).

We would need to create a proof-of-concept modification of Krill to see if the Krill test suite passes with the cryptoki crate.

If that looks good we could address the lacking docs and tests through contributions to the crate if resources and time permit.

[hug-dev]

If that looks good we could address the lacking docs and tests through contributions to the crate if resources and time permit.

Hello, happy new year and thank you for considering the cryptoki crate! We would definitely welcome any contributions to our crate 🆗

I would like to add a few biased comments to what you posted above 😛:

• we need to confirm but pkcs11.open_session_no_callback against Luna Network HSM crashed with SIGSEGV parallaxsecond/rust-cryptoki#72 seems to be fixed on main
• we had and merged a lot of contributions since 0.2.0, some improving the way the documentation is represented
• we don't have too many tests in the crate (still a good base of integration tests) but note that we are using the crate in parsec and by testing Parsec using PKCS11 we are also testing the crate (for what we use in Parsec). Parsec has a huge amount of tests checking various crypto algorithms and key management operations.

There are definitely still things to do and @vkkoskie really nicely listed the areas of improvement, see here.

[ximon18]

Thanks @hug-dev for the useful input!

[ximon18]

A quick PoC seems to show we can use the cryptoki crate, see PR #754.

[ximon18]

Closing as we moved to the cryptoki crate in the dev branch to resolve #752.