Skip to content

Commit 89235a6

Browse files
hug-devhug-dev
authored
Merge pull request #229 from Direktor799/feat/sha-n-hmac
feat: add SHAn-HMAC
2 parents be13433 + b928a44 commit 89235a6

File tree

2 files changed

+140
-0
lines changed

2 files changed

+140
-0
lines changed

cryptoki/src/mechanism/mod.rs

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -264,6 +264,10 @@ impl MechanismType {
264264
pub const SHA1_HMAC: MechanismType = MechanismType {
265265
val: CKM_SHA_1_HMAC,
266266
};
267+
/// SHA224-HMAC mechanism
268+
pub const SHA224_HMAC: MechanismType = MechanismType {
269+
val: CKM_SHA224_HMAC,
270+
};
267271
/// SHA256-HMAC mechanism
268272
pub const SHA256_HMAC: MechanismType = MechanismType {
269273
val: CKM_SHA256_HMAC,
@@ -708,6 +712,7 @@ impl TryFrom<CK_MECHANISM_TYPE> for MechanismType {
708712
CKM_SHA384_RSA_PKCS => Ok(MechanismType::SHA384_RSA_PKCS),
709713
CKM_SHA512_RSA_PKCS => Ok(MechanismType::SHA512_RSA_PKCS),
710714
CKM_SHA_1_HMAC => Ok(MechanismType::SHA1_HMAC),
715+
CKM_SHA224_HMAC => Ok(MechanismType::SHA224_HMAC),
711716
CKM_SHA256_HMAC => Ok(MechanismType::SHA256_HMAC),
712717
CKM_SHA384_HMAC => Ok(MechanismType::SHA384_HMAC),
713718
CKM_SHA512_HMAC => Ok(MechanismType::SHA512_HMAC),
@@ -890,8 +895,19 @@ pub enum Mechanism<'a> {
890895
Sha384RsaPkcsPss(rsa::PkcsPssParams),
891896
/// SHA256-RSA-PKCS-PSS mechanism
892897
Sha512RsaPkcsPss(rsa::PkcsPssParams),
898+
899+
// SHAn-HMAC
900+
/// SHA1-HMAC mechanism
901+
Sha1Hmac,
902+
/// SHA224-HMAC mechanism
903+
Sha224Hmac,
893904
/// SHA256-HMAC mechanism
894905
Sha256Hmac,
906+
/// SHA384-HMAC mechanism
907+
Sha384Hmac,
908+
/// SHA512-HMAC mechanism
909+
Sha512Hmac,
910+
895911
/// GENERIC-SECRET-KEY-GEN mechanism
896912
GenericSecretKeyGen,
897913
}
@@ -954,7 +970,11 @@ impl Mechanism<'_> {
954970
Mechanism::Sha384RsaPkcsPss(_) => MechanismType::SHA384_RSA_PKCS_PSS,
955971
Mechanism::Sha512RsaPkcsPss(_) => MechanismType::SHA512_RSA_PKCS_PSS,
956972

973+
Mechanism::Sha1Hmac => MechanismType::SHA1_HMAC,
974+
Mechanism::Sha224Hmac => MechanismType::SHA224_HMAC,
957975
Mechanism::Sha256Hmac => MechanismType::SHA256_HMAC,
976+
Mechanism::Sha384Hmac => MechanismType::SHA384_HMAC,
977+
Mechanism::Sha512Hmac => MechanismType::SHA512_HMAC,
958978

959979
Mechanism::GenericSecretKeyGen => MechanismType::GENERIC_SECRET_KEY_GEN,
960980
}
@@ -1022,7 +1042,11 @@ impl From<&Mechanism<'_>> for CK_MECHANISM {
10221042
| Mechanism::Sha256RsaPkcs
10231043
| Mechanism::Sha384RsaPkcs
10241044
| Mechanism::Sha512RsaPkcs
1045+
| Mechanism::Sha1Hmac
1046+
| Mechanism::Sha224Hmac
10251047
| Mechanism::Sha256Hmac
1048+
| Mechanism::Sha384Hmac
1049+
| Mechanism::Sha512Hmac
10261050
| Mechanism::GenericSecretKeyGen => CK_MECHANISM {
10271051
mechanism,
10281052
pParameter: null_mut(),

cryptoki/tests/basic.rs

Lines changed: 116 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1394,6 +1394,64 @@ fn ekdf_aes_cbc_encrypt_data() -> TestResult {
13941394
Ok(())
13951395
}
13961396

1397+
#[test]
1398+
#[serial]
1399+
fn sign_verify_sha1_hmac() -> TestResult {
1400+
let (pkcs11, slot) = init_pins();
1401+
let session = pkcs11.open_rw_session(slot)?;
1402+
session.login(UserType::User, Some(&AuthPin::new(USER_PIN.into())))?;
1403+
1404+
let priv_key_template = vec![
1405+
Attribute::Token(true),
1406+
Attribute::Private(true),
1407+
Attribute::Sensitive(true),
1408+
Attribute::Sign(true),
1409+
Attribute::KeyType(KeyType::GENERIC_SECRET),
1410+
Attribute::Class(ObjectClass::SECRET_KEY),
1411+
Attribute::ValueLen(256.into()),
1412+
];
1413+
1414+
let private = session.generate_key(&Mechanism::GenericSecretKeyGen, &priv_key_template)?;
1415+
1416+
let data = vec![0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF];
1417+
1418+
let signature = session.sign(&Mechanism::Sha1Hmac, private, &data)?;
1419+
1420+
session.verify(&Mechanism::Sha1Hmac, private, &data, &signature)?;
1421+
1422+
session.destroy_object(private)?;
1423+
Ok(())
1424+
}
1425+
1426+
#[test]
1427+
#[serial]
1428+
fn sign_verify_sha224_hmac() -> TestResult {
1429+
let (pkcs11, slot) = init_pins();
1430+
let session = pkcs11.open_rw_session(slot)?;
1431+
session.login(UserType::User, Some(&AuthPin::new(USER_PIN.into())))?;
1432+
1433+
let priv_key_template = vec![
1434+
Attribute::Token(true),
1435+
Attribute::Private(true),
1436+
Attribute::Sensitive(true),
1437+
Attribute::Sign(true),
1438+
Attribute::KeyType(KeyType::GENERIC_SECRET),
1439+
Attribute::Class(ObjectClass::SECRET_KEY),
1440+
Attribute::ValueLen(256.into()),
1441+
];
1442+
1443+
let private = session.generate_key(&Mechanism::GenericSecretKeyGen, &priv_key_template)?;
1444+
1445+
let data = vec![0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF];
1446+
1447+
let signature = session.sign(&Mechanism::Sha224Hmac, private, &data)?;
1448+
1449+
session.verify(&Mechanism::Sha224Hmac, private, &data, &signature)?;
1450+
1451+
session.destroy_object(private)?;
1452+
Ok(())
1453+
}
1454+
13971455
#[test]
13981456
#[serial]
13991457
fn sign_verify_sha256_hmac() -> TestResult {
@@ -1423,6 +1481,64 @@ fn sign_verify_sha256_hmac() -> TestResult {
14231481
Ok(())
14241482
}
14251483

1484+
#[test]
1485+
#[serial]
1486+
fn sign_verify_sha384_hmac() -> TestResult {
1487+
let (pkcs11, slot) = init_pins();
1488+
let session = pkcs11.open_rw_session(slot)?;
1489+
session.login(UserType::User, Some(&AuthPin::new(USER_PIN.into())))?;
1490+
1491+
let priv_key_template = vec![
1492+
Attribute::Token(true),
1493+
Attribute::Private(true),
1494+
Attribute::Sensitive(true),
1495+
Attribute::Sign(true),
1496+
Attribute::KeyType(KeyType::GENERIC_SECRET),
1497+
Attribute::Class(ObjectClass::SECRET_KEY),
1498+
Attribute::ValueLen(256.into()),
1499+
];
1500+
1501+
let private = session.generate_key(&Mechanism::GenericSecretKeyGen, &priv_key_template)?;
1502+
1503+
let data = vec![0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF];
1504+
1505+
let signature = session.sign(&Mechanism::Sha384Hmac, private, &data)?;
1506+
1507+
session.verify(&Mechanism::Sha384Hmac, private, &data, &signature)?;
1508+
1509+
session.destroy_object(private)?;
1510+
Ok(())
1511+
}
1512+
1513+
#[test]
1514+
#[serial]
1515+
fn sign_verify_sha512_hmac() -> TestResult {
1516+
let (pkcs11, slot) = init_pins();
1517+
let session = pkcs11.open_rw_session(slot)?;
1518+
session.login(UserType::User, Some(&AuthPin::new(USER_PIN.into())))?;
1519+
1520+
let priv_key_template = vec![
1521+
Attribute::Token(true),
1522+
Attribute::Private(true),
1523+
Attribute::Sensitive(true),
1524+
Attribute::Sign(true),
1525+
Attribute::KeyType(KeyType::GENERIC_SECRET),
1526+
Attribute::Class(ObjectClass::SECRET_KEY),
1527+
Attribute::ValueLen(256.into()),
1528+
];
1529+
1530+
let private = session.generate_key(&Mechanism::GenericSecretKeyGen, &priv_key_template)?;
1531+
1532+
let data = vec![0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF];
1533+
1534+
let signature = session.sign(&Mechanism::Sha512Hmac, private, &data)?;
1535+
1536+
session.verify(&Mechanism::Sha512Hmac, private, &data, &signature)?;
1537+
1538+
session.destroy_object(private)?;
1539+
Ok(())
1540+
}
1541+
14261542
/// AES-CMAC test vectors from RFC 4493
14271543
#[test]
14281544
#[serial]

0 commit comments

Comments
 (0)