Open
Bug 1397282
Opened 7 years ago
Updated 2 years ago
Implement Blake2 in PK11
Categories
(NSS :: Libraries, enhancement, P3)
NSS
Libraries
Tracking
(Not tracked)
NEW
People
(Reporter: franziskus, Unassigned)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
|
23.20 KB,
patch
|
Details | Diff | Splinter Review |
No description provided.
|
Reporter | |
Comment 1•7 years ago
|
||
Bob, can you have a look at these PK11 changes for blake2b? The algorithm itself landed in freebl.
Attachment #8905042 -
Flags: review?(rrelyea)
|
||
Comment 2•7 years ago
|
||
Comment on attachment 8905042 [details] [diff] [review]
blake2b-pk11.patch
Review of attachment 8905042 [details] [diff] [review]:
-----------------------------------------------------------------
Franziskus,
I think we should move Blake2 into freebl. There is a parallel structure sechash structure there, which would allow and future black7 hooking into other low level functions in the same way we hook shaxxx functions in.
Also, even if we create this as a NSS specific mechanism, we should write the PKCS #11 spec for that mechanism so that it can be submitted to the PKCS #11 group. Blake2 is clearly a public algorithm that should have a public PKCS #11 mechanism assigned to it.
bob
::: lib/softoken/pkcs11i.h
@@ +769,5 @@
> + SFTKObject *key);
> +void sftk_Blake2bMac_Update(void *pctx, const void *data, unsigned int len);
> +void sftk_Blake2bMac_EndHash(void *pctx, void *out, unsigned int *outLength,
> + unsigned int maxLength);
> +void sftk_Blake2bMac_DestroyContext(void *pctx, PRBool free);
I there a reason this isn't implemented in freebl where all the other hash functions are?
|
|
||
Comment 3•7 years ago
|
||
Oh, wait, You've already landed blake 2 in freebl. I missed that. OK, then the only issue is the PKCS #11 mechanism. (Also is blake2bMac different than hmac with blake2b? If not I think there's a generalized hmac function in freebl that can be used.
|
||
Comment 4•7 years ago
|
||
(In reply to Robert Relyea from comment #2)
> Also, even if we create this as a NSS specific mechanism, we should write
> the PKCS #11 spec for that mechanism so that it can be submitted to the PKCS
> #11 group. Blake2 is clearly a public algorithm that should have a public
> PKCS #11 mechanism assigned to it.
I agree with Bob; this should have a public PK11 spec. We're not in any rush to hook Blake2b up to anything, so I don't see any reason to rush here, either.
Bob: Is that something your team can handle?
Status: NEW → ASSIGNED
Priority: -- → P3
|
|
||
Comment 5•7 years ago
|
||
If someone writes up the proposal (model it after an existing hash), I can present it to the PKCS #11 group. It would likely target PKCS #11 3.1 as PKCS #11 3.0 is already being finalized.
bob
|
|
Reporter | |
Comment 6•7 years ago
|
||
> Also is blake2bMac different than hmac with blake2b?
Yes, Blake2bMac is a completely different construction from HMAC.
> If someone writes up the proposal (model it after an existing hash), I can present it to the PKCS #11 group.
I can do it. But it's rather low on the to-do list.
|
|
Reporter | |
Updated•7 years ago
|
Assignee: franziskuskiefer → nobody
Status: ASSIGNED → NEW
|
|
||
Comment 7•7 years ago
|
||
Comment on attachment 8905042 [details] [diff] [review]
blake2b-pk11.patch
remove review request as this is stalled on PKCS #11 documentation.
Attachment #8905042 -
Flags: review?(rrelyea)
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•