dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

Added support for configurable HKDF.

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2022-11-14 10:14:54 +01:00
parent f65167e3c7
commit 2b2df22d75
2 changed files with 20 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/hsm/cmd_cipher_sym.c
View File

@@ -164,6 +164,19 @@ int cmd_cipher_sym() {
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
res_APDU_size = md_info->size; res_APDU_size = md_info->size;
} }
else if (memcmp(oid, OID_HKDF_SHA256, oid_len) == 0 || memcmp(oid, OID_HKDF_SHA384, oid_len) == 0 || memcmp(oid, OID_HKDF_SHA512, oid_len) == 0) {
const mbedtls_md_info_t *md_info = NULL;
if (memcmp(oid, OID_HKDF_SHA256, oid_len) == 0)
md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
else if (memcmp(oid, OID_HKDF_SHA384, oid_len) == 0)
md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA384);
else if (memcmp(oid, OID_HKDF_SHA512, oid_len) == 0)
md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512);
int r = mbedtls_hkdf(md_info, iv, iv_len, kdata, key_size, enc, enc_len, res_APDU, apdu.ne > 0 ? apdu.ne : apdu.nc);
mbedtls_platform_zeroize(kdata, sizeof(kdata));
if (r != 0)
return SW_EXEC_ERROR();
}
} }
else { else {
mbedtls_platform_zeroize(kdata, sizeof(kdata)); mbedtls_platform_zeroize(kdata, sizeof(kdata));

10
src/hsm/oid.h
View File

@@ -103,10 +103,15 @@
#define OID_CC_FF_PKA OID_CC_FORMAT "\x03" #define OID_CC_FF_PKA OID_CC_FORMAT "\x03"
#define OID_CC_FF_KDA OID_CC_FORMAT "\x04" #define OID_CC_FF_KDA OID_CC_FORMAT "\x04"
#define OID_CHACHA20_POLY1305 "\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03\x12" #define OID_PKCS1_RSADSI "\x2A\x86\x48\x86\xF7\x0D"
#define OID_PKCS9_SMIME_ALG OID_PKCS1_RSADSI "\x01\x09\x10\x03"
#define OID_CHACHA20_POLY1305 OID_PKCS9_SMIME_ALG "\x12"
#define OID_HKDF_SHA256 OID_PKCS9_SMIME_ALG "\x1D"
#define OID_HKDF_SHA384 OID_PKCS9_SMIME_ALG "\x1E"
#define OID_HKDF_SHA512 OID_PKCS9_SMIME_ALG "\x1F"
#define OID_HMAC "\x2A\x86\x48\x86\xF7\x0D\x02" #define OID_HMAC OID_PKCS1_RSADSI "\x02"
#define OID_HMAC_SHA1 OID_HMAC "\x07" #define OID_HMAC_SHA1 OID_HMAC "\x07"
#define OID_HMAC_SHA224 OID_HMAC "\x08" #define OID_HMAC_SHA224 OID_HMAC "\x08"
@@ -114,5 +119,4 @@
#define OID_HMAC_SHA384 OID_HMAC "\x0A" #define OID_HMAC_SHA384 OID_HMAC "\x0A"
#define OID_HMAC_SHA512 OID_HMAC "\x0B" #define OID_HMAC_SHA512 OID_HMAC "\x0B"
#endif #endif