[Cryptech-Commits] [sw/pkcs11] 04/05: HMAC notes.

git at cryptech.is git at cryptech.is
Sat May 20 22:15:23 UTC 2017

Previous message (by thread): [Cryptech-Commits] [sw/pkcs11] 03/05: Clean up ancient cruft: p11util, SQL-based hsmbully test.
Next message (by thread): [Cryptech-Commits] [sw/pkcs11] 05/05: Clean up C_GetTokenInfo().
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch master
in repository sw/pkcs11.

commit 693a196d4d62f0dc95dd587512aa26ea0916ddca
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Sat May 20 15:23:43 2017 -0400

    HMAC notes.
---
 pkcs11.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/pkcs11.c b/pkcs11.c
index 0be7513..f3ac77b 100644
--- a/pkcs11.c
+++ b/pkcs11.c
@@ -4289,7 +4289,15 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID,
 
 #if 0
     /*
-     * We have Verilog and libhal for these, but no PKCS #11 support (yet).
+     * libhal supports HMAC, but we have no PKCS #11 HMAC support (yet).
+     *
+     * HMAC in PKCS #11 is a bit weird (what a surprise).  It uses the
+     * C_Sign*()/C_Verify*() API, with "generic secret key" objects
+     * (CKO_SECRET_KEY, CKK_GENERIC_SECRET): these can be created with
+     * C_CreateObject() (user-supplied HMAC key) or C_GenerateKey()
+     * (HSM-generated HMAC key, probably from TRNG).  The CKM_*_HMAC
+     * mechanisms have fixed-length output; the CKM_*_HMAC_GENERAL
+     * mechanisms are variable-width output.
      */
   case CKM_SHA_1_HMAC:
   case CKM_SHA224_HMAC:

Previous message (by thread): [Cryptech-Commits] [sw/pkcs11] 03/05: Clean up ancient cruft: p11util, SQL-based hsmbully test.
Next message (by thread): [Cryptech-Commits] [sw/pkcs11] 05/05: Clean up C_GetTokenInfo().
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Commits mailing list