OASIS PKCS 11 TC

 View Only
  • 1.  Groups - HMAC-SHA-2 Pseudorandom Functions for PBKDF2 uploaded

    Posted 02-06-2014 22:53
    Submitter's message Hi,

    I just submitted a simple proposal to add four HMAC-SHA-2 pseudorandom functions for PBKDF2, specified in PKCS #5 v2.1.

    Currently only a HMAC-SHA-1 PRF is defined, and there is strong interest in using a HMAC-SHA-256 PRF with PBKDF2.

    I am wondering if it is not too late to incorporate this into PKCS #11 v2.40.

    Wan-Teh Chang -- Wan-Teh Chang Document Name : HMAC-SHA-2 Pseudorandom Functions for PBKDF2 Description A proposal for adding four HMAC-SHA-2 pseudorandom functions for PBKDF2, specified in PKCS #5 v2.1. Download Latest Revision Public Download Link Submitter : Wan-Teh Chang Group : OASIS PKCS 11 TC Folder : Documents Date submitted : 2014-02-06 14:52:59


  • 2.  Re: [pkcs11] Groups - HMAC-SHA-2 Pseudorandom Functions for PBKDF2 uploaded

    Posted 02-07-2014 15:56
    On 02/06/14 22:53, Wan-Teh Chang wrote: /Submitter's message/ Hi, I just submitted a simple proposal to add four HMAC-SHA-2 pseudorandom functions for PBKDF2, specified in PKCS #5 v2.1. Currently only a HMAC-SHA-1 PRF is defined, and there is strong interest in using a HMAC-SHA-256 PRF with PBKDF2. I was tempted to ask for the addition of HMAC-SHA512/t variants of the; since SHA512/t where t is 256 is often faster to calculate on 64bit processors[1] than SHA256. However in this particular case I think the proposal is fine as it is. I am wondering if it is not too late to incorporate this into PKCS #11 v2.40. I have use cases for if it is. [1] that don't have a native SHA256 instruction like SPARC T4 onwards has and Intel is reported to be getting in a future release. -- Darren J Moffat


  • 3.  Re: [pkcs11] Groups - HMAC-SHA-2 Pseudorandom Functions for PBKDF2 uploaded

    Posted 02-07-2014 17:31
    On Fri, Feb 7, 2014 at 7:55 AM, Darren J Moffat <Darren.Moffat@oracle.com> wrote: > > I was tempted to ask for the addition of HMAC-SHA512/t variants of the; > since SHA512/t where t is 256 is often faster to calculate on 64bit > processors[1] than SHA256. However in this particular case I think the > proposal is fine as it is. > ... > > [1] that don't have a native SHA256 instruction like SPARC T4 onwards has > and Intel is reported to be getting in a future release. Hi Darren, Thank you for your comment. For PBKDF2, the lack of a HMAC-SHA-256 PRF identifier in PKCS #11 is a glaring hole. Anything else is mostly for completeness. I added the ones listed in PKCS #5 v2.1 as examples. If you send me suggested text for HMAC-SHA512/t PRF identifiers, I can incorporate them. In particular, do you want HMAC_SHA512_224 and HMAC_SHA512_256 separately, or a single HMAC_SHA512_T with a parameter? Note: the draft I uploaded yesterday has a typo in the value for CKP_PKCS5_PBKD2_HMAC_SHA512. I will upload a new draft to correct the typo. Wan-Teh Chang