Skip to content

PKCS #11 support for HMAC with MD5, SHA, SHA-2 #2103

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dgarske merged 4 commits into from
Feb 28, 2019
Merged

PKCS #11 support for HMAC with MD5, SHA, SHA-2 #2103

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
700e989
PKCS #11 support for HMAC with MD5, SHA, SHA-2
SparkiDev Feb 19, 2019
cb830a0
Fix for configurations without specific algorithms
SparkiDev Feb 20, 2019
a2f8747
Fix DecodePrivateKey to return NOT_COMPILED_IN with PKCS#11
SparkiDev Feb 25, 2019
edf6318
PKCS#11 casting fix for clang
SparkiDev Feb 27, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions src/internal.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17003,6 +17003,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
}

if (ssl->buffers.keyType == rsa_sa_algo) {
#ifndef NO_RSA
Copy link
Contributor

@toddouska toddouska Feb 25, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ret is zero from AllocKey above, now we're ignoring RSA or ECC keys if they weren't build in but we are succeeding on return code? That doesn't make sense to me.

Copy link
Contributor Author

@SparkiDev SparkiDev Feb 25, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assumed that keyType couldn't be set to rsa_sa_algo unless !NO_RSA.
Changed to return NOT_COMPILED_IN in these cases.

ret = wc_InitRsaKey_Id((RsaKey*)ssl->hsKey,
ssl->buffers.key->buffer, ssl->buffers.key->length,
ssl->heap, ssl->buffers.keyDevId);
Expand All @@ -17015,8 +17016,12 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
/* Return the maximum signature length. */
*length = (word16)wc_ecc_sig_size_calc(ssl->buffers.keySz);
}
#else
ret = NOT_COMPILED_IN;
#endif
}
else if (ssl->buffers.keyType == ecc_dsa_sa_algo) {
#ifdef HAVE_ECC
ret = wc_ecc_init_id((ecc_key*)ssl->hsKey, ssl->buffers.key->buffer,
ssl->buffers.key->length, ssl->heap,
ssl->buffers.keyDevId);
Expand All @@ -17029,6 +17034,9 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
/* Return the maximum signature length. */
*length = (word16)wc_ecc_sig_size_calc(ssl->buffers.keySz);
}
#else
ret = NOT_COMPILED_IN;
#endif
}
goto exit_dpk;
}
Expand Down
2 changes: 1 addition & 1 deletion src/ssl.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11168,7 +11168,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)

FreeDer(&ctx->privateKey);
if (AllocDer(&ctx->privateKey, (word32)sz, PRIVATEKEY_TYPE,
ctx->heap) == 0) {
ctx->heap) == 0) {
XMEMCPY(ctx->privateKey->buffer, id, sz);
ctx->privateKeyId = 1;
ctx->privateKeySz = (word32)keySz;
Expand Down
24 changes: 23 additions & 1 deletion wolfcrypt/src/hmac.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -686,7 +686,7 @@ static int HmacKeyInnerHash(Hmac* hmac)
}

if (ret == 0)
hmac->innerHashKeyed = 1;
hmac->innerHashKeyed = WC_HMAC_INNER_HASH_KEYED_SW;

return ret;
}
Expand Down Expand Up @@ -1070,6 +1070,28 @@ int wc_HmacInit(Hmac* hmac, void* heap, int devId)
return ret;
}

#ifdef HAVE_PKCS11
int wc_HmacInit_Id(Hmac* hmac, unsigned char* id, int len, void* heap,
int devId)
{
int ret = 0;

if (hmac == NULL)
ret = BAD_FUNC_ARG;
if (ret == 0 && (len < 0 || len > HMAC_MAX_ID_LEN))
ret = BUFFER_E;

if (ret == 0)
ret = wc_HmacInit(hmac, heap, devId);
if (ret == 0) {
XMEMCPY(hmac->id, id, len);
hmac->idLen = len;
}

return ret;
}
#endif

/* Free Hmac from use with async device */
void wc_HmacFree(Hmac* hmac)
{
Expand Down
Loading