Given a clear-text key and clear-text data (lots of it), I'm trying to
compute a clear-text RFC 2104 HMAC aka IPSEC prf()
If the key was all FIPS secure in a PK11SymKey then I believe I could
follow sample3 and kick things off with:
context = PK11_CreateContextBySymKey(CKM_MD5_HMAC, CKA_SIGN, key,
&noParams);
Alas, it isn't :-( Short of implementing the RFC 2104 calculation, or
fudging up some secret key material, is there a way to do this?
BTW, it's probably worth pointing out that for libreswan I had similar
problems but needed to keep the resulting HMAC secure. For instance,
given a clear-text key and secure data, compute a secure hmac
(SKEYSEED = prf(Ni | Nr, g^ir)).
Andrew
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
