Symmetric MAC support #7
Labels
Comments
Closed
optnfast
pushed a commit
that referenced
this issue
Aug 7, 2018
optnfast
pushed a commit
that referenced
this issue
Aug 7, 2018
optnfast
pushed a commit
that referenced
this issue
Aug 13, 2018
optnfast
pushed a commit
that referenced
this issue
Aug 13, 2018
See miekg/pkcs11#82 for the fix we need. re #7
optnfast
pushed a commit
that referenced
this issue
Oct 2, 2018
optnfast
pushed a commit
that referenced
this issue
Oct 2, 2018
optnfast
pushed a commit
that referenced
this issue
Oct 2, 2018
optnfast
pushed a commit
that referenced
this issue
Oct 3, 2018
optnfast
pushed a commit
that referenced
this issue
Oct 3, 2018
optnfast
pushed a commit
that referenced
this issue
Oct 3, 2018
optnfast
added a commit
that referenced
this issue
Oct 3, 2018
* Implement cipher.Block for AES and DES3 re #6 * Fast CBC support re #6 * Exercise GCM in tests re #6 * HSM-native GCM For testing with SoftHSM2 you need at least version 2.4.0, i.e. at least Debian buster/sid or Ubuntu cosmic (or BYO). This commit also updates our dependency on github.com/miekg/pkcs11 to one with GCM support. re #6 * HMAC implementation re #7 * Finalized symmetric crypto interface You can now have a crypto11.BlockModeCloser, and must call Close(), or a cipher.BlockMode, but it has a finalizer. re #6 * Expose CBC via cipher.AEAD This is rather an abuse of the cipher.AEAD interface as the name and description both indicate it provides authenticated encryption, which is not the case for CBC. The risk of using it in a context where authentication is required is mitigated only by documentation. re #6 * Linter-driven cleanup * Split symmetric support into separate files re #6 re #7 * Documentation review re #6 * Keep blockModeCloser alive during PKCS#11 calls re #6 * Implement HMAC Reset() and make Sum() friendlier re #7 * HMAC empty inputs without panicing re #7 * update Gopkg.lock We depend upon miekg/pkcs11#82. * Query GCM capability rather than provider
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
At present crypto11 only supports asymmetric keys. We would like to extend it to support symmetric ciphers too. This issue covers the relevant integrity interfaces and the issues that they raise.
Interfaces
hash.Hash
crypto/hmac models HMACs as keyed hashes, using
hash.Hash. There are three nontrivial methods:Write(). Adds input data to the MAC.Sum(). Retrieves the current MAC (or hash), but leaves it open for further updates.Reset(). Resets the MAC state.Creating MACs
We have two options for creating MACs using an HSM-protected key. One is to buffer all the data and do a
C_SignInitfollowed byC_Sign. This will behave badly for large messages.The other is to do a
C_SignInitfollowed by multipleC_SignUpdatecall on eachWrite()and aC_SignFinalcall whenSum()orReset()is called. The possibility of getting intermediate values with multiple calls toSum()would be lost (I don't think this is a big deal).Verifying MACs
Go offers no interface for verifying a MAC without having the MAC of the input data in hand within the Go process. In other words it's not possible to use the
C_Verify....functions. This isn't an insurmountable problem but it does mean that processes that only verify must still have sign permission on MAC keys, reducing some of the value of protecting such keys with an HSM.References
The text was updated successfully, but these errors were encountered: