wolfssl icon indicating copy to clipboard operation
wolfssl copied to clipboard

Published 20 hours ago verified publisher icon wolfSSL

Support for KDF counter and feedback modes with HMAC

Open lealem47 opened this issue 11 months ago • 3 comments

Description

Adds wc_HMAC_KDF_Counter() and wc_HMAC_KDF_Feedback() APIs enabled by defining HAVE_HMAC_PRF_KDF. From feature request list.

Testing

Vectors from NIST in wolfCrypt test.

Checklist

  • [ ] added tests
  • [ ] updated/added doxygen
  • [ ] updated appropriate READMEs
  • [ ] Updated manual and documentation

lealem47 avatar Mar 09 '24 00:03 lealem47

Looks good to me, but haven't tested. @SparkiDev will you please review and provide feedback?

dgarske avatar Mar 11 '24 21:03 dgarske

I'm seeing these different KDFs:

  1. mode == 1 (HMAC_KDF_FEEDBACK_MODE) IV or key | info
  2. mode == 0 (HMAC_KDF_CTR_MODE), ctrLocation = BEFORE_FIXED Counter | Info
  3. mode == 0 (HMAC_KDF_CTR_MODE), ctrLocation = AFTER_FIXED Info | Counter
  4. mode == 0 (HMAC_KDF_CTR_MODE), ctrLocation = MIDDLE_FIXED info | Counter | remainingInfo

I don't see n changing in the loop.

The underlying common operation is HMAC of 2 or three items. Make the hidden API take three items which are all optional - NULL means don't hash. Then, depending on mode and ctrLocation, pass different buffers in for the different items to be hashed. One is sometimes a counter which needs to be updated based on a parameter to the hidden function.

SparkiDev avatar Mar 11 '24 22:03 SparkiDev

2^n -1 == (1 << n) - 1

SparkiDev avatar Mar 11 '24 22:03 SparkiDev