Craton HSM
Roadmap
Roadmap
This page summarises the upcoming work on Craton HSM across both the
open-source Core and the Enterprise workspace. It is curated from the
ROADMAP.md files in each repository and is updated with each release;
the per-repository files remain the source of truth for implementation
detail.
Status markers: shipped, in progress, planned.
Where We Are
Core is at v0.9.1 (March 2026). Enterprise is at v0.1.1 (April 2026). Both are pre-1.0 and follow the pre-1.0 semantic-versioning rule that minor bumps may include breaking changes documented in the changelog.
Near-Term
The near-term band covers the current minor-release cycle on both sides.
Core performance work (planned)
A focused pass to close the RSA throughput gap against SoftHSMv2. Target reductions sit in three buckets:
- Hot-path (P1–P3, ~40–50% latency). Eliminate per-operation RSA key
re-parsing by moving from SHA-256-of-DER cache lookups to handle-based
Arc<RsaPrivateKey>; pre-parse RSA public keys at import/generation; reduce lock acquisitions inC_SignandC_Verifyby threading a thread-local session cache alongsideCACHED_HSM. - Lock contention and concurrency (P4–P5, ~5–10%). Drop the per-object
persist_lockbefore disk I/O so concurrent sessions don't serialize throughredb; add an O(1) per-slot session index forlogout_all. - Allocation reduction (P6, ~3–5%). Stack-allocate ECDSA and Ed25519
signature buffers, thread caller-provided output buffers down to the
crypto backend, and replace
serde_jsonwithbincode/postcardforStoredObjectto remove the unzeroized intermediate buffer it creates.
Core test-harness and CI (in progress)
- Evaluate
cargo-nextestto obtain per-process test isolation and retire the--test-threads=1requirement. - Test split (shipped): parallel-safe crypto tests vs. serial PKCS#11 ABI tests are already separated in CI.
PQC crate stabilization (planned)
Upgrade ml-kem, ml-dsa, and slh-dsa from release candidates to
stable. Gated on upstream 1.0 releases. Once the PQC ecosystem unifies on
a single rand_core version, the dual 0.6 + 0.10 dependency in Core will
go away.
Enterprise — hardware vendor backends (in progress)
craton-hsm-nxpfor NXP HSE on S32G2 / S32G3 / S32K3. HSE firmware communication via Messaging Unit (MU); software-stub build remains the default, with thehwfeature enabling the hardware path.craton-hsm-infineonfor Infineon OPTIGA TPM 2.0 (SLB 9670, SLB 9672, OPTIGA Trust M). TSS ESAPI layer vialibtss2-esys; PCR-based key sealing and platform attestation.
Enterprise — cluster and KMIP hardening (in progress)
- Online membership-change protocol (joint consensus) in
craton-hsm-cluster. - KMIP interoperability validation against VMware vSphere, NetApp, and
Dell EMC in
craton-hsm-kmip.
Mid-Term
FIPS 140-3 certification — Phase E2 (planned)
This is the gating milestone for most regulated deployments.
The module's design already conforms to Level 1, and the
craton-hsm-certified crate produces the CMVP submission artefacts
(deterministic builds, binary integrity HMAC, ACVP test-vector runner,
Security Policy generator, FSM Graphviz export, approved-mode
enforcement). What remains is the external process:
- Select a CMVP-accredited testing laboratory.
- Submit the Implementation Under Test (IUT).
- Complete algorithm testing (CAVP / ACVP).
- Security Policy review.
- Issuance of the validation certificate.
Estimated process length is 6–12 months; estimated budget $50K–$200K for Level 1. Target submission window is tracked in ../fips/overview.
Enterprise — deferred features (Phase E3, planned)
- Windows certificate-store integration in
craton-hsm-cng. - TPM 2.0 via Windows Platform Crypto Provider in
craton-hsm-cng. - Threshold cryptography and distributed key generation in
craton-hsm-cluster. - Full KMIP 2.1 profile coverage (split keys, PGP, certificate chains) in
craton-hsm-kmip. - Production-grade (non-mock) cloud integrations in
craton-hsm-cloud.
Core — clustering and KMIP (planned)
Clustering and KMIP live in the Enterprise workspace today. The roadmap tracks whether a minimal subset belongs in Core; the decision is gated on the 1.0 stabilization of the Core public surface.
Long-Term
Craton HSM Cloud — Phase E4 (planned)
The managed-service offering. Multi-tenant HSM-as-a-Service with per-tenant key isolation, usage-based billing, SOC 2 Type II, and geographic residency controls. Surfaces: REST + gRPC + PKCS#11 over network.
Enterprise support tiers are defined around this service:
- Standard — business-hours email, 48 h SLA.
- Professional — 24 / 5, 4 h SLA, dedicated channel.
- Enterprise — 24 / 7, 1 h SLA, named engineer, on-site consulting.
Hardware acceleration
Intel QAT and ARM CryptoCell integrations for bulk symmetric and RSA operations. Planned; no committed date.
Cloud KMS as a backing store
AWS KMS, Azure Key Vault, and GCP Cloud KMS as storage backends for Craton-managed keys, rather than the current shim direction of exposing a Craton-hosted API to KMS consumers.
PKCS#11 v3.1 and formal verification
- Track and implement PKCS#11 v3.1 as OASIS publishes updates.
- Model-check the critical state machines (session lifecycle, POST, approved-mode transitions) as a standalone verification effort.
Shipped Highlights (recent)
For the per-release change list see changelog. The items below represent major inflection points that the roadmap tracked.
- Core 0.9.1 — Security audit hardening: 11 fixes including the DRBG bypass in key generation and the per-key AES-GCM nonce counter.
- Core 0.9.0 — Phases 12–13 polish: Apache-2.0 license clarification,
audit log export (JSON / NDJSON / syslog), audit chain verification,
macOS CI,
cargo-tarpaulincoverage. - Core 0.7.0 — FIPS approved mode, pairwise consistency tests, software integrity test, algorithm indicators, intermediate zeroization.
- Enterprise 0.1.1 — KMIP ACL hardening, Raft HMAC replay protection, persistent AES-GCM counter, CNG NTSTATUS expansion, RBAC LDAP connection-pool isolation.
- Enterprise 0.1.0 — Initial public release of the Enterprise crates under BSL-1.1.