Design for support of HMAC precomputed keys #1574
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
fabrice102
pushed a commit
to fabrice102/aws-lc
that referenced
this pull request
May 6, 2024
This commit provides a building block to implement HMAC with precomputed keys from aws#1574. It adds internal functions to export the state of SHA-256 and use such exported state to initialize a SHA-256 context. Once the design is reviewed and approved, we will similar functions to the other Merkle-Damgard hash functions (MD4, MD5, SHA-1, SHA-2).
fabrice102
pushed a commit
to fabrice102/aws-lc
that referenced
this pull request
May 6, 2024
This commit provides a building block to implement HMAC with precomputed keys from aws#1574. It adds internal functions to export the state of SHA-256 and use such exported state to initialize a SHA-256 context. Once the design is reviewed and approved, we will similar functions to the other Merkle-Damgard hash functions (MD4, MD5, SHA-1, SHA-2).
fabrice102
pushed a commit
to fabrice102/aws-lc
that referenced
this pull request
May 6, 2024
This commit provides a building block to implement HMAC with precomputed keys from aws#1574. It adds internal functions to export the state of SHA-256 and use such exported state to initialize a SHA-256 context. Once the design is reviewed and approved, we will similar functions to the other Merkle-Damgard hash functions (MD4, MD5, SHA-1, SHA-2).
added 2 commits
May 6, 2024 13:09
This commit provides a building block to implement HMAC with precomputed keys from aws#1574. It adds internal functions to export the state of SHA-256 and use such exported state to initialize a SHA-256 context. Once the design is reviewed and approved, we will similar functions to the other Merkle-Damgard hash functions (MD4, MD5, SHA-1, SHA-2).
This commit implements an optimization of HMAC described in NIST-FIPS-198-1 (Section 6) and in RFC2104 (Section 4). Instead of using the original key, it is possible to use a precomputed key consisting of two intermediate hashing results. Using this precomputed key removes at least two calls to the hash compression function when computing a HMAC value. As an initial design, only SHA-256 is supported and all other hashes are disabled from HMAC. This makes some unit tests fail. Once this design is validated, we will add back the other hash functions. To allow partial testing, we updated hmac_tests.txt to only contain the HMAC-SHA256 tests. The original file is hmac_tests_full.txt Testing can be done in the CMake build folder using: * `crypto/crypto_test --gtest_filter='HMACTest.TestVectors'` for the changed unit tests. * `ninja acvp_tests` for the ACVP tests (failure is expected for anything using HMAC-xx where xx is not SHA-256).
fabrice102
force-pushed
the
hmac-precompute
branch
from
4acba09
to
7058ed3
Compare
nebeid
reviewed
May 10, 2024
nebeid
reviewed
May 16, 2024
nebeid
reviewed
May 31, 2024
nebeid
reviewed
May 31, 2024
nebeid
reviewed
Jun 12, 2024
There was a problem hiding this comment.
In many external API calls here, we're directly accessing ctx->state or other members of ctx without checking it's not null. I think we should handle this as was done in #1398. This can be its own PR.
Co-authored-by: Nevine Ebeid <66388554+nebeid@users.noreply.github.com>
nebeid
reviewed
Jun 13, 2024
added 2 commits
June 14, 2024 16:14
1. Improve error management: add `OPENSSL_PUT_ERROR` when appropriate. 2. Change behaviour of `out_len` from `HMAC_get_precomputed_key` as per review.
nebeid
reviewed
Jun 14, 2024
Co-authored-by: Nevine Ebeid <66388554+nebeid@users.noreply.github.com>
Co-authored-by: Nevine Ebeid <66388554+nebeid@users.noreply.github.com>
Previous commits in this PR/branch were restricted to SHA-256 to verify the design. Restore the full HMAC tests, which were restricted to HMAC-SHA-256 in a previous commit from this PR/branch.
skmcgrail
reviewed
Jul 17, 2024
`crypto/err/hmac.errordata` generated using `go run ./util/make_errors.go hmac` CMakeLists file updated to add the errordata file.
nebeid
reviewed
Jul 18, 2024
From review from PR aws#1574
skmcgrail
approved these changes
Jul 19, 2024
nebeid
approved these changes
Jul 19, 2024
pennyannn
pushed a commit
to awslabs/aws-lc-verification
that referenced
this pull request
Jul 19, 2024
* Update HMAC proofs for PR aws/aws-lc#1574 HMAC precomputed keys PR aws/aws-lc#1574 adds fields to `hmac_methods_st`, which made the original proof failed. This commit updates the proof. This is a breaking change: the updated proof only works after PR aws/aws-lc#1574 is merged. * Fix .gitmodules src to point to github.com/fabrice102/aws-lc --------- Co-authored-by: Fabrice Benhamouda <yfabrice@amazon.com>
sgmenda-aws
pushed a commit
to sgmenda-aws/aws-lc
that referenced
this pull request
Jul 23, 2024
This commit implements an optimization of HMAC described in NIST-FIPS-198-1 (Section 6) and in RFC2104 (Section 4). Instead of using the original key, it is possible to use a precomputed key consisting of two intermediate hashing results. Using this precomputed key removes at least two calls to the hash compression function when computing a HMAC value. Call-outs: This commit adds a few fields to the methods field of the HMAC context. This slightly increases the size of the HMAC_context (by 24 bytes on a 64-bit architecture).
skmcgrail
added a commit
that referenced
this pull request
Aug 1, 2024
## What's Changed * Added options to x509 tool by @ecdeye in #1696 * Add support to detect Neoverse V2 cores by @andrewhop in #1706 * Move OCSP functions for Ruby out of internal.h by @samuel40791765 in #1704 * Add aes-256-xts to EVP_get_cipherbyname by @torben-hansen in #1707 * Match using CMAKE_SYSTEM_PROCESSOR_LOWER by @justsmth in #1709 * Update MySQL to 9.0.0 by @skmcgrail in #1685 * [EC] Unify scalar multiplication for P-256/384/521 by @dkostic in #1693 * Adds const qualifier to ciphertext parameter in EVP_PKEY_decapsulate by @maddeleine in #1713 * Upstream merge 2024 06 24 by @nebeid in #1661 * NIST SP 800-108r1-upd1: KDF Counter Implementation by @skmcgrail in #1644 * Upstream merge 2024 07 09 by @nebeid in #1694 * Design for support of HMAC precomputed keys by @fabrice102 in #1574 * Fix for select point from table in ec_nistp scalar_mul by @dkostic in #1719 * X509toolcomparison by @ecdeye in #1714 * AWS-LC s2n-bignum update 2024-07-22 by @dkostic in #1718 * Add OpenVPN to CI by @smittals2 in #1705 * Lower required Go version, add CI test for specific version by @andrewhop in #1717 * ec2-test-framework enhancements and graviton 4 testing by @samuel40791765 in #1715 * sha + chacha: Move AArch64/X86-64 dispatching to C. by @justsmth in #1625 * Show number of pruned ec2 instances in dashboard by @samuel40791765 in #1728 * rsa and md5 tools by @ecdeye in #1722 * FIPS 203 IPD update: ML-KEM-IPD-768 and ML-KEM-IPD-1024 by @jakemas in #1724 * bump mysql CI to 9.0.1 by @samuel40791765 in #1727 * Support utility OCSP request functions by @samuel40791765 in #1708 * add support for OCSP_SINGLERESP functions by @samuel40791765 in #1703
This was referenced Aug 1, 2024
fabrice102
pushed a commit
to fabrice102/amazon-corretto-crypto-provider
that referenced
this pull request
Aug 7, 2024
This commit adds support for HMAC Precomputed Keys in ACCP. See aws/aws-lc#1574 This commit uses branch `hmac-precomputed-key-size-define` from https://github.com/fabrice102/aws-lc and thus cannot be merged as is. It can only be merged once the above branch is merged to AWS-LC.
fabrice102
pushed a commit
to fabrice102/amazon-corretto-crypto-provider
that referenced
this pull request
Aug 28, 2024
This commit adds support for HMAC Precomputed Keys in ACCP. See aws/aws-lc#1574
fabrice102
pushed a commit
to fabrice102/amazon-corretto-crypto-provider
that referenced
this pull request
Aug 28, 2024
This commit adds support for HMAC Precomputed Keys in ACCP. See aws/aws-lc#1574
fabrice102
pushed a commit
to fabrice102/amazon-corretto-crypto-provider
that referenced
this pull request
Aug 28, 2024
This commit adds support for HMAC Precomputed Keys in ACCP. See aws/aws-lc#1574
fabrice102
pushed a commit
to fabrice102/amazon-corretto-crypto-provider
that referenced
this pull request
Aug 28, 2024
This commit adds support for HMAC Precomputed Keys in ACCP. See aws/aws-lc#1574
fabrice102
pushed a commit
to fabrice102/amazon-corretto-crypto-provider
that referenced
this pull request
Aug 28, 2024
This commit adds support for HMAC Precomputed Keys in ACCP. See aws/aws-lc#1574
lilpoozie2005
approved these changes
Sep 11, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issues:
N/A
Description of changes:
This commit implements an optimization of HMAC described in NIST-FIPS-198-1 (Section 6) and in RFC2104 (Section 4).
Instead of using the original key, it is possible to use a precomputed key consisting of two intermediate hashing results. Using this precomputed key removes at least two calls to the hash compression function when computing a HMAC value.
The first commit from May 06, 2024 is an initial design. As such, only SHA-256 is supported and all other hashes are disabled from HMAC. This makes some unit tests fail. Once this design is validated, we will add back the other hash functions in additional commits.
Changes:
Call-outs:
methodsfield of the HMAC context. This slightly increases the size of the HMAC_context (by 24 bytes on a 64-bit architecture).Testing:
Testing was added in two places:
crypto/hmac_extra/hmac_test.cc)util/fipstools/acvp/modulewrapper/modulewrapper.cc)To allow partial testing, we updated hmac_tests.txt to only contain the HMAC-SHA256 tests. The original file is hmac_tests_full.txt
Testing can be done in the CMake build folder using:
crypto/crypto_test --gtest_filter='*InitAndGetStateSHA256*:HMACTest.TestVectors'for the new/changed unit testsninja acvp_testsfor the ACVP tests (failure is expected for anything using HMAC-xx where xx is not SHA-256)By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.