-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for KDFs based on SP 800-108 recommendations #123
Conversation
bd4acfd
to
e1d4c92
Compare
Rebased to merge with changes from #91, and added cross-references from the key types to the new algorithms |
e1d4c92
to
8cd43ae
Compare
@athoelke Do you think that it has value to provide a reference implementation of these new algorithms using the PSA crypto MAC APIS? These can can be used to generate test vectors which future implementations can use to verify that they follow the algorithm as we intend it to be followed. I think that it is a good idea to have them, if you agree let me know what is the most suitable place to put them and I can provide the code for them. |
@Vge0rge We will implement this KDF in Mbed TLS, likely in our next release, so that can serve as sample code. With respect to test vectors, we'll likely generate our test data with Cryptodome. |
Cryptodome cannot be used to generate test vectors for PSA_ALG_SP800_108_COUNTER_CMAC because it implements the standard version, not the ‘robust’ variant suggested in these PR. The same holds for OpenSSL. |
I guess it would be possible to use CMAC-AES in Cryptodome to construct the CMAC-based KDF defined here, in order to create test vectors; as the SP800-108 Counter KDF support in Cryptodome uses a different construction? However, I think a reference would be valuable. Whether for constructing or validating text vectors, or just helping to illustrate the construction defined in the Crypto API.
My suggestion for hosting such examples would be to place it in a new
containing a readme.md to briefly describe the example, and any source files? |
Sounds reasonable to me, I will arrange this soon then. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few local remarks, other than that LGTM.
f718c56
to
6b4ec8c
Compare
Reviewer is happy to proceed once comments addressed
Define algorithm identifiers for HMAC and CMAC variants of a counter-mode KDF that follows the construction recommended by NIST SP 800-108r1.
As the specification defines a general construction, the Crypto API specification provides a precise definition, to ensure compatibility between different implementations. See #106 for the enhancement request, and discussion.
Fixes #106