Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for KDFs based on SP 800-108 recommendations #123

Merged
merged 6 commits into from
Dec 11, 2023
Merged

Add support for KDFs based on SP 800-108 recommendations #123

merged 6 commits into from
Dec 11, 2023

Conversation

athoelke
Copy link
Contributor

@athoelke athoelke commented Nov 7, 2023

Define algorithm identifiers for HMAC and CMAC variants of a counter-mode KDF that follows the construction recommended by NIST SP 800-108r1.

As the specification defines a general construction, the Crypto API specification provides a precise definition, to ensure compatibility between different implementations. See #106 for the enhancement request, and discussion.

Fixes #106

@athoelke athoelke added enhancement New feature or request Crypto API Issue or PR related to the Cryptography API labels Nov 7, 2023
@athoelke athoelke added this to the Crypto API 1.2 milestone Nov 7, 2023
@athoelke athoelke self-assigned this Nov 7, 2023
@athoelke
Copy link
Contributor Author

athoelke commented Nov 7, 2023

@adeaarm @Vge0rge - please review this PR.

@athoelke
Copy link
Contributor Author

Rebased to merge with changes from #91, and added cross-references from the key types to the new algorithms

@athoelke athoelke mentioned this pull request Nov 14, 2023
Merged
@Vge0rge
Copy link

Vge0rge commented Nov 21, 2023
edited
Loading

@athoelke Do you think that it has value to provide a reference implementation of these new algorithms using the PSA crypto MAC APIS? These can can be used to generate test vectors which future implementations can use to verify that they follow the algorithm as we intend it to be followed.

I think that it is a good idea to have them, if you agree let me know what is the most suitable place to put them and I can provide the code for them.

@gilles-peskine-arm
Copy link
Contributor

@Vge0rge We will implement this KDF in Mbed TLS, likely in our next release, so that can serve as sample code. With respect to test vectors, we'll likely generate our test data with Cryptodome.

@bheeb
Copy link

bheeb commented Nov 22, 2023

Cryptodome cannot be used to generate test vectors for PSA_ALG_SP800_108_COUNTER_CMAC because it implements the standard version, not the ‘robust’ variant suggested in these PR. The same holds for OpenSSL.

@athoelke
Copy link
Contributor Author

Cryptodome cannot be used to generate test vectors for PSA_ALG_SP800_108_COUNTER_CMAC because it implements the standard version, not the ‘robust’ variant suggested in these PR. The same holds for OpenSSL.

I guess it would be possible to use CMAC-AES in Cryptodome to construct the CMAC-based KDF defined here, in order to create test vectors; as the SP800-108 Counter KDF support in Cryptodome uses a different construction?

However, I think a reference would be valuable. Whether for constructing or validating text vectors, or just helping to illustrate the construction defined in the Crypto API.

let me know what is the most suitable place to put them and I can provide the code for them.

My suggestion for hosting such examples would be to place it in a new /examples folder in this repository. Perhaps:

/examples/crypto/a-good-name-for-the-example/

containing a readme.md to briefly describe the example, and any source files?

@Vge0rge
Copy link

Vge0rge commented Nov 23, 2023

Sounds reasonable to me, I will arrange this soon then.

gilles-peskine-arm
gilles-peskine-arm previously requested changes Nov 27, 2023
View reviewed changes
Copy link
Contributor

@gilles-peskine-arm gilles-peskine-arm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few local remarks, other than that LGTM.

doc/crypto/api/ops/kdf.rst Outdated Show resolved Hide resolved
doc/crypto/api/ops/kdf.rst Outdated Show resolved Hide resolved
doc/crypto/api/ops/kdf.rst Outdated Show resolved Hide resolved
doc/crypto/api/ops/kdf.rst Outdated Show resolved Hide resolved
@mswarowsky mswarowsky mentioned this pull request Dec 1, 2023
Merged
@athoelke athoelke dismissed gilles-peskine-arm’s stale review December 11, 2023 15:47

Reviewer is happy to proceed once comments addressed

@athoelke athoelke merged commit 1cd3d0a into ARM-software:main Dec 11, 2023
@athoelke athoelke deleted the crypto-kdf-sp800-108 branch December 11, 2023 15:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oberon-sk oberon-sk oberon-sk left review comments

@Vge0rge Vge0rge Vge0rge approved these changes

@MarcusJGStreets MarcusJGStreets Awaiting requested review from MarcusJGStreets

@gilles-peskine-arm gilles-peskine-arm Awaiting requested review from gilles-peskine-arm

Assignees

@athoelke athoelke

Labels
Crypto API Issue or PR related to the Cryptography API enhancement New feature or request
Projects
PSA Certified API development
Status: Done
Milestone
Crypto API 1.2
Development

Successfully merging this pull request may close these issues.

Add support for CMAC based KDF algorithms
5 participants
@athoelke @Vge0rge @gilles-peskine-arm @bheeb @oberon-sk