Merge pull request #229 from Direktor799/feat/sha-n-hmac

hug-dev · web-flow · commit 89235a6146ca · 2024-10-23T13:26:42.000+02:00
feat: add SHAn-HMAC
diff --git a/cryptoki/src/mechanism/mod.rs b/cryptoki/src/mechanism/mod.rs
@@ -264,6 +264,10 @@ impl MechanismType {
     pub const SHA1_HMAC: MechanismType = MechanismType {
         val: CKM_SHA_1_HMAC,
     };
+    /// SHA224-HMAC mechanism
+    pub const SHA224_HMAC: MechanismType = MechanismType {
+        val: CKM_SHA224_HMAC,
+    };
     /// SHA256-HMAC mechanism
     pub const SHA256_HMAC: MechanismType = MechanismType {
         val: CKM_SHA256_HMAC,
@@ -708,6 +712,7 @@ impl TryFrom<CK_MECHANISM_TYPE> for MechanismType {
             CKM_SHA384_RSA_PKCS => Ok(MechanismType::SHA384_RSA_PKCS),
             CKM_SHA512_RSA_PKCS => Ok(MechanismType::SHA512_RSA_PKCS),
             CKM_SHA_1_HMAC => Ok(MechanismType::SHA1_HMAC),
+            CKM_SHA224_HMAC => Ok(MechanismType::SHA224_HMAC),
             CKM_SHA256_HMAC => Ok(MechanismType::SHA256_HMAC),
             CKM_SHA384_HMAC => Ok(MechanismType::SHA384_HMAC),
             CKM_SHA512_HMAC => Ok(MechanismType::SHA512_HMAC),
@@ -890,8 +895,19 @@ pub enum Mechanism<'a> {
     Sha384RsaPkcsPss(rsa::PkcsPssParams),
     /// SHA256-RSA-PKCS-PSS mechanism
     Sha512RsaPkcsPss(rsa::PkcsPssParams),
+
+    // SHAn-HMAC
+    /// SHA1-HMAC mechanism
+    Sha1Hmac,
+    /// SHA224-HMAC mechanism
+    Sha224Hmac,
     /// SHA256-HMAC mechanism
     Sha256Hmac,
+    /// SHA384-HMAC mechanism
+    Sha384Hmac,
+    /// SHA512-HMAC mechanism
+    Sha512Hmac,
+
     /// GENERIC-SECRET-KEY-GEN mechanism
     GenericSecretKeyGen,
 }
@@ -954,7 +970,11 @@ impl Mechanism<'_> {
             Mechanism::Sha384RsaPkcsPss(_) => MechanismType::SHA384_RSA_PKCS_PSS,
             Mechanism::Sha512RsaPkcsPss(_) => MechanismType::SHA512_RSA_PKCS_PSS,
 
+            Mechanism::Sha1Hmac => MechanismType::SHA1_HMAC,
+            Mechanism::Sha224Hmac => MechanismType::SHA224_HMAC,
             Mechanism::Sha256Hmac => MechanismType::SHA256_HMAC,
+            Mechanism::Sha384Hmac => MechanismType::SHA384_HMAC,
+            Mechanism::Sha512Hmac => MechanismType::SHA512_HMAC,
 
             Mechanism::GenericSecretKeyGen => MechanismType::GENERIC_SECRET_KEY_GEN,
         }
@@ -1022,7 +1042,11 @@ impl From<&Mechanism<'_>> for CK_MECHANISM {
             | Mechanism::Sha256RsaPkcs
             | Mechanism::Sha384RsaPkcs
             | Mechanism::Sha512RsaPkcs
+            | Mechanism::Sha1Hmac
+            | Mechanism::Sha224Hmac
             | Mechanism::Sha256Hmac
+            | Mechanism::Sha384Hmac
+            | Mechanism::Sha512Hmac
             | Mechanism::GenericSecretKeyGen => CK_MECHANISM {
                 mechanism,
                 pParameter: null_mut(),
diff --git a/cryptoki/tests/basic.rs b/cryptoki/tests/basic.rs
@@ -1394,6 +1394,64 @@ fn ekdf_aes_cbc_encrypt_data() -> TestResult {
     Ok(())
 }
 
+#[test]
+#[serial]
+fn sign_verify_sha1_hmac() -> TestResult {
+    let (pkcs11, slot) = init_pins();
+    let session = pkcs11.open_rw_session(slot)?;
+    session.login(UserType::User, Some(&AuthPin::new(USER_PIN.into())))?;
+
+    let priv_key_template = vec![
+        Attribute::Token(true),
+        Attribute::Private(true),
+        Attribute::Sensitive(true),
+        Attribute::Sign(true),
+        Attribute::KeyType(KeyType::GENERIC_SECRET),
+        Attribute::Class(ObjectClass::SECRET_KEY),
+        Attribute::ValueLen(256.into()),
+    ];
+
+    let private = session.generate_key(&Mechanism::GenericSecretKeyGen, &priv_key_template)?;
+
+    let data = vec![0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF];
+
+    let signature = session.sign(&Mechanism::Sha1Hmac, private, &data)?;
+
+    session.verify(&Mechanism::Sha1Hmac, private, &data, &signature)?;
+
+    session.destroy_object(private)?;
+    Ok(())
+}
+
+#[test]
+#[serial]
+fn sign_verify_sha224_hmac() -> TestResult {
+    let (pkcs11, slot) = init_pins();
+    let session = pkcs11.open_rw_session(slot)?;
+    session.login(UserType::User, Some(&AuthPin::new(USER_PIN.into())))?;
+
+    let priv_key_template = vec![
+        Attribute::Token(true),
+        Attribute::Private(true),
+        Attribute::Sensitive(true),
+        Attribute::Sign(true),
+        Attribute::KeyType(KeyType::GENERIC_SECRET),
+        Attribute::Class(ObjectClass::SECRET_KEY),
+        Attribute::ValueLen(256.into()),
+    ];
+
+    let private = session.generate_key(&Mechanism::GenericSecretKeyGen, &priv_key_template)?;
+
+    let data = vec![0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF];
+
+    let signature = session.sign(&Mechanism::Sha224Hmac, private, &data)?;
+
+    session.verify(&Mechanism::Sha224Hmac, private, &data, &signature)?;
+
+    session.destroy_object(private)?;
+    Ok(())
+}
+
 #[test]
 #[serial]
 fn sign_verify_sha256_hmac() -> TestResult {
@@ -1423,6 +1481,64 @@ fn sign_verify_sha256_hmac() -> TestResult {
     Ok(())
 }
 
+#[test]
+#[serial]
+fn sign_verify_sha384_hmac() -> TestResult {
+    let (pkcs11, slot) = init_pins();
+    let session = pkcs11.open_rw_session(slot)?;
+    session.login(UserType::User, Some(&AuthPin::new(USER_PIN.into())))?;
+
+    let priv_key_template = vec![
+        Attribute::Token(true),
+        Attribute::Private(true),
+        Attribute::Sensitive(true),
+        Attribute::Sign(true),
+        Attribute::KeyType(KeyType::GENERIC_SECRET),
+        Attribute::Class(ObjectClass::SECRET_KEY),
+        Attribute::ValueLen(256.into()),
+    ];
+
+    let private = session.generate_key(&Mechanism::GenericSecretKeyGen, &priv_key_template)?;
+
+    let data = vec![0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF];
+
+    let signature = session.sign(&Mechanism::Sha384Hmac, private, &data)?;
+
+    session.verify(&Mechanism::Sha384Hmac, private, &data, &signature)?;
+
+    session.destroy_object(private)?;
+    Ok(())
+}
+
+#[test]
+#[serial]
+fn sign_verify_sha512_hmac() -> TestResult {
+    let (pkcs11, slot) = init_pins();
+    let session = pkcs11.open_rw_session(slot)?;
+    session.login(UserType::User, Some(&AuthPin::new(USER_PIN.into())))?;
+
+    let priv_key_template = vec![
+        Attribute::Token(true),
+        Attribute::Private(true),
+        Attribute::Sensitive(true),
+        Attribute::Sign(true),
+        Attribute::KeyType(KeyType::GENERIC_SECRET),
+        Attribute::Class(ObjectClass::SECRET_KEY),
+        Attribute::ValueLen(256.into()),
+    ];
+
+    let private = session.generate_key(&Mechanism::GenericSecretKeyGen, &priv_key_template)?;
+
+    let data = vec![0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF];
+
+    let signature = session.sign(&Mechanism::Sha512Hmac, private, &data)?;
+
+    session.verify(&Mechanism::Sha512Hmac, private, &data, &signature)?;
+
+    session.destroy_object(private)?;
+    Ok(())
+}
+
 /// AES-CMAC test vectors from RFC 4493
 #[test]
 #[serial]
