From 20d60cfcba4ffd2d63da6375889971413a049517 Mon Sep 17 00:00:00 2001 From: Aveen Ismail Date: Thu, 8 Feb 2024 18:36:45 +0100 Subject: [PATCH] PKCS11: Code optimization --- pkcs11/pkcs11y.h | 1 + pkcs11/yubihsm_pkcs11.c | 10 +++------- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/pkcs11/pkcs11y.h b/pkcs11/pkcs11y.h index 2dfcfcdc..7cf1aa0c 100644 --- a/pkcs11/pkcs11y.h +++ b/pkcs11/pkcs11y.h @@ -33,6 +33,7 @@ #define CKM_YUBICO_AES_CCM_WRAP \ (CKM_VENDOR_DEFINED | YUBICO_BASE_VENDOR | YH_WRAP_KEY) +// TODO: These values are from PKCS11 3.0 and should be removed when we upgrade #define CKD_YUBICO_SHA1_KDF_SP800 0x0000000EUL #define CKD_YUBICO_SHA256_KDF_SP800 0x00000010UL #define CKD_YUBICO_SHA384_KDF_SP800 0x00000011UL diff --git a/pkcs11/yubihsm_pkcs11.c b/pkcs11/yubihsm_pkcs11.c index 5e01a735..2b39968b 100644 --- a/pkcs11/yubihsm_pkcs11.c +++ b/pkcs11/yubihsm_pkcs11.c @@ -5672,10 +5672,8 @@ CK_DEFINE_FUNCTION(CK_RV, C_DeriveKey) ecdh_session_key ecdh_key = {0}; size_t out_len = sizeof(ecdh_key.ecdh_key); - size_t yh_out_len = sizeof(ecdh_key.ecdh_key); - yh_rc rc = - yh_util_derive_ecdh(session->slot->device_session, privkey_id, pubkey, - in_len, ecdh_key.ecdh_key, &yh_out_len); + yh_rc rc = yh_util_derive_ecdh(session->slot->device_session, privkey_id, + pubkey, in_len, ecdh_key.ecdh_key, &out_len); if (rc != YHR_SUCCESS) { DBG_ERR("Unable to derive raw ECDH key: %s", yh_strerror(rc)); rv = yrc_to_rv(rc); @@ -5684,9 +5682,6 @@ CK_DEFINE_FUNCTION(CK_RV, C_DeriveKey) hash_t hash = _NONE; switch (params->kdf) { - case CKD_NULL: - out_len = yh_out_len; - break; case CKD_YUBICO_SHA1_KDF_SP800: hash = _SHA1; break; @@ -5730,6 +5725,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_DeriveKey) // Truncate from the left size_t offset = out_len - value_len; memmove(ecdh_key.ecdh_key, ecdh_key.ecdh_key + offset, value_len); + memset(ecdh_key.ecdh_key + value_len, 0, offset); out_len = value_len; } }