diff --git a/doc/dox_comments/header_files/kdf.h b/doc/dox_comments/header_files/kdf.h index 02088c75d..145811bd0 100644 --- a/doc/dox_comments/header_files/kdf.h +++ b/doc/dox_comments/header_files/kdf.h @@ -223,3 +223,39 @@ int wc_SRTP_KDF_label(const byte* key, word32 keySz, const byte* salt, */ int wc_SRTP_KDF_kdr_to_idx(word32 kdr); +/** + * \brief Performs the single-step key derivation function (KDF) as specified in + * SP800-56C option 1. + * + * \param [in] z The input keying material. + * \param [in] zSz The size of the input keying material. + * \param [in] fixedInfo The fixed information to be included in the KDF. + * \param [in] fixedInfoSz The size of the fixed information. + * \param [in] derivedSecretSz The desired size of the derived secret. + * \param [in] hashType The hash algorithm to be used in the KDF. + * \param [out] output The buffer to store the derived secret. + * \param [in] outputSz The size of the output buffer. + * + + * \return 0 if the KDF operation is successful, + * \return BAD_FUNC_ARG if the input parameters are invalid. + * \return negative error code if the KDF operation fails. + * + * _Example_ + \code + unsigned char z[32] = { ... }; + unsigned char fixedInfo[16] = { ... }; + unsigned char output[32]; + int ret; + + ret = wc_KDA_KDF_onestep(z, sizeof(z), fixedInfo, sizeof(fixedInfo), + sizeof(output), WC_HASH_TYPE_SHA256, output, sizeof(output)); + if (ret != 0) { + WOLFSSL_MSG("wc_KDA_KDF_onestep failed"); + } + \endcode + */ +int wc_KDA_KDF_onestep(const byte* z, word32 zSz, + const byte* fixedInfo, word32 fixedInfoSz, word32 derivedSecretSz, + enum wc_HashType hashType, byte* output, word32 outputSz); + diff --git a/wolfcrypt/src/kdf.c b/wolfcrypt/src/kdf.c index 30046f533..71bda2f4e 100644 --- a/wolfcrypt/src/kdf.c +++ b/wolfcrypt/src/kdf.c @@ -1389,4 +1389,104 @@ int wc_SRTP_KDF_kdr_to_idx(word32 kdr) } #endif /* WC_SRTP_KDF */ +#ifdef WC_KDF_NIST_SP_800_56C +static int wc_KDA_KDF_iteration(const byte* z, word32 zSz, word32 counter, + const byte* fixedInfo, word32 fixedInfoSz, enum wc_HashType hashType, + byte* output) +{ + byte counterBuf[4]; + wc_HashAlg hash; + int ret; + + ret = wc_HashInit(&hash, hashType); + if (ret != 0) + return ret; + c32toa(counter, counterBuf); + ret = wc_HashUpdate(&hash, hashType, counterBuf, 4); + if (ret == 0) { + ret = wc_HashUpdate(&hash, hashType, z, zSz); + } + if (ret == 0 && fixedInfoSz > 0) { + ret = wc_HashUpdate(&hash, hashType, fixedInfo, fixedInfoSz); + } + if (ret == 0) { + ret = wc_HashFinal(&hash, hashType, output); + } + wc_HashFree(&hash, hashType); + return ret; +} + +/** + * \brief Performs the single-step key derivation function (KDF) as specified in + * SP800-56C option 1. + * + * \param [in] z The input keying material. + * \param [in] zSz The size of the input keying material. + * \param [in] fixedInfo The fixed information to be included in the KDF. + * \param [in] fixedInfoSz The size of the fixed information. + * \param [in] derivedSecretSz The desired size of the derived secret. + * \param [in] hashType The hash algorithm to be used in the KDF. + * \param [out] output The buffer to store the derived secret. + * \param [in] outputSz The size of the output buffer. + * + * \return 0 if the KDF operation is successful. + * \return BAD_FUNC_ARG if the input parameters are invalid. + * \return negative error code if the KDF operation fails. + */ +int wc_KDA_KDF_onestep(const byte* z, word32 zSz, const byte* fixedInfo, + word32 fixedInfoSz, word32 derivedSecretSz, enum wc_HashType hashType, + byte* output, word32 outputSz) +{ + byte hashTempBuf[WC_MAX_DIGEST_SIZE]; + word32 counter, outIdx; + int hashOutSz; + int ret; + + if (output == NULL || outputSz < derivedSecretSz) + return BAD_FUNC_ARG; + if (z == NULL || zSz == 0 || (fixedInfoSz > 0 && fixedInfo == NULL)) + return BAD_FUNC_ARG; + if (derivedSecretSz == 0) + return BAD_FUNC_ARG; + + hashOutSz = wc_HashGetDigestSize(hashType); + if (hashOutSz == HASH_TYPE_E) + return BAD_FUNC_ARG; + + /* According to SP800_56C, table 1, the max input size (max_H_inputBits) + * depends on the HASH algo. The smaller value in the table is (2**64-1)/8. + * This is larger than the possible length using word32 integers. */ + + counter = 1; + outIdx = 0; + ret = 0; + + /* According to SP800_56C the number of iterations shall not be greater than + * 2**32-1. This is not possible using word32 integers.*/ + while (outIdx + hashOutSz <= derivedSecretSz) { + ret = wc_KDA_KDF_iteration(z, zSz, counter, fixedInfo, fixedInfoSz, + hashType, output + outIdx); + if (ret != 0) + break; + counter++; + outIdx += hashOutSz; + } + + if (ret == 0 && outIdx < derivedSecretSz) { + ret = wc_KDA_KDF_iteration(z, zSz, counter, fixedInfo, fixedInfoSz, + hashType, hashTempBuf); + if (ret == 0) { + XMEMCPY(output + outIdx, hashTempBuf, derivedSecretSz - outIdx); + } + ForceZero(hashTempBuf, hashOutSz); + } + + if (ret != 0) { + ForceZero(output, derivedSecretSz); + } + + return ret; +} +#endif /* WC_KDF_NIST_SP_800_56C */ + #endif /* NO_KDF */ diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index fec1918bb..c6c82d1f9 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -942,6 +942,340 @@ static int rng_crypto_cb(int thisDevId, wc_CryptoInfo* info, void* ctx) } #endif +#if defined(WC_KDF_NIST_SP_800_56C) +#define INIT_SP80056C_TEST_VECTOR(_z, _fixedInfo, _derivedKey, _hashType) \ + { \ + .z = (const byte*)_z, .zSz = sizeof(_z) - 1, \ + .fixedInfo = (const byte*)_fixedInfo, \ + .fixedInfoSz = sizeof(_fixedInfo) - 1, \ + .derivedKey = (const byte*)_derivedKey, \ + .derivedKeySz = sizeof(_derivedKey) - 1, .hashType = _hashType, \ + } + +#define SP800_56C_MAX_OUT 128 +static WOLFSSL_TEST_SUBROUTINE wc_test_ret_t nist_sp80056c_kdf_test(void) +{ + struct sp800_56c_test_vector { + const byte* z; + word32 zSz; + const byte* fixedInfo; + word32 fixedInfoSz; + const byte* derivedKey; + word32 derivedKeySz; + enum wc_HashType hashType; + }; + struct sp800_56c_test_vector* v; + byte output[SP800_56C_MAX_OUT]; + word32 i; + int ret; + /* vectors from + * https://csrc.nist.gov/projects/cryptographic-standards-and-guidelines/example-values + * + * (KeyManagement) */ + struct sp800_56c_test_vector vctors[] = { +#if !defined(NO_SHA) + /* SHA-1 */ + INIT_SP80056C_TEST_VECTOR( + "\xad\x42\x01\x82\x63\x3f\x85\x26\xbf\xe9\x54\xac\xda\x37\x6f\x05" + "\xe5\xff\x4f\x83\x7f\x54\xfe\xbe\x0f\xb1\x2a\x1b\x3b\xeb\xf2\x63" + "\xee\x21\x64\x13\xed\x06\xa8\x4a\x12\xeb\x51\x11\x59\xf1\x33\x7d", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\x6f\xef\x44\x2f\xc1\x7a\x7e\x2b\x0c\x9d\xec\xe0\xe4\x7a\x57\x48" + "\xac\xb4\x6a\xf1\x98\xd7\x67\x47\x0f\x28\xa1\x04\xb5\x61\x30\xae" + "\xb0\x10\x09\xa4\x56\x82\xa5\xe1", + WC_HASH_TYPE_SHA), + INIT_SP80056C_TEST_VECTOR( + "\xae\x64\xab\x2b\x2b\x75\xa9\x4c\xf8\xef\x24\xda\x24\x56\xbd\x3a" + "\xa3\x6d\xb6\x14\x29\xea\x55\x21", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\xcc\x96\x5a\x52\xd0\x5c\x94\x9e\x52\xc0\x35\xfd\x03\x53\x0d\xb7" + "\xea\xa4\x08\x70\x2c\x9d\x35\x21\x1e\x67\x21\x54\x12\x45\x91\x51" + "\xba\x22\x62\xbd\x1e\x28\xe5\x6b", + WC_HASH_TYPE_SHA), + INIT_SP80056C_TEST_VECTOR( + "\x71\x5d\xc0\xea\x24\x6b\x46\x56\x63\xa8\x9c\xde\x04\x12\xc1\x92" + "\xe1\x9e\x58\xd5\xb0\xb6\x36\x6d\xa7\x89\xad\xbf\x44\x9a\x38\xaa" + "\x46\x69\xfe\x36\x30\xa2\x0f\x7f\xa3\x14\x9c\x9b\x4b\x0a\xb5\xcd" + "\x3e\x14\x18\x2b\x75\x04\xd5\xd2\x75\x2b\xf6\x58\x7a\xab\xc9\xf4" + "\xcb\x8f\xe5\x29\x23\x6a\xb8\x15\x36\xad\xd2\xbd\x25\xd6\xbf\x9d" + "\x5f\x1d\xf5\x76\x16\x5a\xa5\x5c\x24\x99\x61\xd8\xf8\x75\x00\xed" + "\x8d\xbf\xc5\xd2\x50\x53\x4c\x07\xd9\x9a\xc9\x17\xf9\x84\x60\x46" + "\xac\x5c\xb8\xa2\x98\x74\x26\x22\xd3\xc9\x86\x18\x06\x92\x46\xe8" + "\xad\x37\x11\x25\x57\xe0\xe6\x34\xb5\x81\x32\x7a\x4a\xd3\x2c\x7c" + "\x76\x4b\xe8\xf8\x08\x0d\x37\x2c\x63\x20\x93\xa7\x67\xf1\x55\xbd" + "\x22\xec\x00\x3c\xa6\x1c\x8b\x43\x32\x0f\x3a\xbe\xb5\xdd\xc4\xa3" + "\xb1\x89\x82\xfd\xd6\x51\x0f\x88\x3c\x8d\xc1\xe0\xb1\x57\xff\xb9" + "\xcf\xc0\xa5\x9c\xe2\xd4\x05\x5f\xfc\x73\xe7\x15\x2a\x6a\x95\x43" + "\xb9\x19\xe7\x94\xe9\x49\x61\x33\xbe\x2a\x23\x18\xd9\x05\x6e\xfd" + "\x74\x48\x2d\xc6\x3c\x0d\xb5\x8f\xe6\x42\x6b\x0f\xe7\x35\x45\x42" + "\xc2\x19\x7a\xb6\xbd\x35\xf1\xa9\x2d\xce\x90\xb1\xc4\x6d\x32\xc1", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\x1b\x5f\xcc\x8d\x81\xa5\xd9\xa9\x36\x94\xe6\x47\x77\x88\xd8\x03" + "\x15\x84\xc3\xf5\x2e\x9f\x11\x7a\xe8\x18\x4d\xba\x56\x47\x9d\x87" + "\x66\x76\x92\xf1\x2d\x7b\xd3\x8b", + WC_HASH_TYPE_SHA), + INIT_SP80056C_TEST_VECTOR( + "\x33\xe0\x50\xbd\x20\x9f\x2d\xf2\x77\x19\x78\xfc\xd1\xd4\xc8\x2e" + "\x49\xd0\x1d\x65\xbb\x62\x03\x20\xd3\x0b\xfe\xa8\x7a\xa8\x69\xe1" + "\x07\xa5\x17\xa4\xc8\x5b\x69\x28\x45\x21\xca\x54\xb7\x7f\x59\xe9" + "\x4a\x85\x6d\xaa\x30\xa3\x85\xa5\x25\xd8\xa3\xf7\xe1\x5e\xe5\xe9" + "\xaa\x12\x8d\x45\xef\x63\xf9\x0c\x10\xe0\x8f\xc5\x26\x36\x13\x77" + "\x81\x54\x7a\x58\x9f\x97\x87\xf9\xd7\xdd\x61\x43\x41\x9a\x26\x16" + "\x80\x16\x82\x40\xaa\xb2\x01\x3d\x80\x20\xdb\xe8\x4b\x7e\x2b\xed" + "\xce\x67\x1b\x94\x03\xbd\x1f\x91\x71\xa2\x57\x90\xce\x66\x7d\xed", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\x35\x10\x85\x85\xfc\x55\x62\xb5\xf1\x8f\x20\x7b\xa8\x35\x63\xe4" + "\x49\x28\x45\x6a\x5e\x53\x63\x7e\xae\x6b\xb5\xfc\x33\x88\xae\x02" + "\x91\x79\x0a\x1d\xc8\x31\x4e\x28", + WC_HASH_TYPE_SHA), + INIT_SP80056C_TEST_VECTOR( + "\x5c\x80\x4f\x45\x4d\x30\xd9\xc4\xdf\x85\x27\x1f\x93\x52\x8c\x91" + "\xdf\x6b\x48\xab\x5f\x80\xb3\xb5\x9c\xaa\xc1\xb2\x8f\x8a\xcb\xa9" + "\xcd\x3e\x39\xf3\xcb\x61\x45\x25\xd9\x52\x1d\x2e\x64\x4c\x53\xb8" + "\x07\xb8\x10\xf3\x40\x06\x2f\x25\x7d\x7d\x6f\xbf\xe8\xd5\xe8\xf0" + "\x72\xe9\xb6\xe9\xaf\xda\x94\x13\xea\xfb\x2e\x8b\x06\x99\xb1\xfb" + "\x5a\x0c\xac\xed\xde\xae\xad\x7e\x9c\xfb\xb3\x6a\xe2\xb4\x20\x83" + "\x5b\xd8\x3a\x19\xfb\x0b\x5e\x96\xbf\x8f\xa4\xd0\x9e\x34\x55\x25" + "\x16\x7e\xcd\x91\x55\x41\x6f\x46\xf4\x08\xed\x31\xb6\x3c\x6e\x6d", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\xfa\xa0\x22\xce\x7f\xa9\xba\x95\xeb\xa3\x9f\x3f\x44\xf3\xee\x14" + "\x96\x0a\x0b\x23\x9d\x01\x4b\x57\x70\xe4\x71\xd7\x5a\x99\xea\x87" + "\x10\xe3\x8f\x0c\xef\x0f\xfc\x67", + WC_HASH_TYPE_SHA), + INIT_SP80056C_TEST_VECTOR( + "\xad\x42\x01\x82\x63\x3f\x85\x26\xbf\xe9\x54\xac\xda\x37\x6f\x05" + "\xe5\xff\x4f\x83\x7f\x54\xfe\xbe\x0f\xb1\x2a\x1b\x3b\xeb\xf2\x63" + "\xee\x21\x64\x13\xed\x06\xa8\x4a\x12\xeb\x51\x11\x59\xf1\x33\x7d", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\x6f\xef\x44\x2f\xc1\x7a\x7e\x2b\x0c\x9d\xec\xe0\xe4\x7a\x57\x48" + "\xac\xb4\x6a\xf1\x98\xd7\x67\x47\x0f\x28\xa1\x04\xb5\x61\x30\xae" + "\xb0\x10\x09\xa4\x56\x82\xa5\xe1", + WC_HASH_TYPE_SHA), +#endif +#if defined(WOLFSSL_SHA224) + /* SHA-224*/ + INIT_SP80056C_TEST_VECTOR( + "\x8c\x5d\x6e\x5d\x36\x06\x83\xba\x55\xb0\x9d\xb1\x69\x6d\x7c\x64" + "\x02\xff\x87\x88\x5f\xf5\x07\x70\xf2\x76\x7b\x75\x54\x60\x20\x7e" + "\xd5\xc7\x43\xfd\x27\xe7\xeb\x1d\x0c\xa5\x91\xf8\x56\x38\x93\x11" + "\x73\x07\x44\xf2\x04\xd2\xe5\x5b\x8b\xd4\x46\xce\xca\x03\x1f\x7b" + "\xac\xcf\xf1\xa7\x1b\x68\x34\x59\xcc\x54\xd5\x01\xda\xbf\x4a\x84" + "\xcd\xb8\x6d\xfa\xda\xff\x31\x0f\xbd\xba\xf7\x4d\xd5\x1b\xa1\xe1" + "\xe1\x19\x1a\xf1\x4c\x9b\xf8\x94\x43\xbf\x58\x8e\x9c\xe3\x30\x34" + "\xaf\x5e\x89\xbf\x6f\xfc\x47\xd7\xd9\xca\x4a\x5e\x8f\xf8\xa0\x50" + "\x20\xbb\x0f\x95\xbc\xde\x01\x56\xd8\x7f\xb8\x60\xbd\x40\x83\xfa" + "\x5b\x53\x1a\x08\xa4\xfb\x7e\xe0\x20\x1a\xe8\xb3\xcc\xff\xe9\x9f" + "\x27\x0b\xc3\x53\x4b\xaa\xcf\xc0\x01\xcd\xd8\x0a\xd8\x7c\xce\x71" + "\xf0\x91\xe7\x66\xca\x5c\xc2\x75\xcb\x49\x14\x5a\x5e\xe6\x16\x2e" + "\xcc\xf5\x58\xce\xc4\xd3\xee\x53\x1e\x91\xe9\xa5\x29\x69\x63\x4d" + "\x3a\xf8\xd2\x6f\x8d\x15\xdc\x0d\x6f\x6e\x0a\x97\x4b\xe4\x34\x1b" + "\x68\xa0\x19\x90\xdb\xb8\x64\x95\x89\x1a\xd3\xaf\xc1\xe4\xce\xdf" + "\x4c\x6a\xe1\xf1\xcd\x60\x81\xcd\xee\xd8\xe6\xb3\x26\x4e\xc3\xbe" + "\x24\x58\xd1\xc0\xca\x24\x43\x41\x0c\xf3\xb4\x7c\x0c\x25\x4c\x7d" + "\xc8\xec\xb4\x3e\x6c\x23\x64\xe1\xc0\x62\x19\xcc\x7e\xfb\xff\xbb" + "\x63\xd7\xff\xfc\x74\x58\x12\xfd\x24\x0c\x33\xd4\x96\xb9\x99\x2f" + "\x96\x80\xa6\x3c\x07\x96\x3c\x0c\x49\xf3\xc1\xba\xef\xec\xaf\x32" + "\xe2\xaa\x8a\x2f\x7c\xd3\x0d\x8f\x05\x1e\xe2\xf5\x0f\xbf\x05\xab" + "\x13\x96\xa4\xea\x87\x44\x7d\x7b\x98\x1b\x5e\x46\x14\x28\x18\x71" + "\xa6\xf0\xf6\xbf\x1f\xe0\x02\x2f\x7e\xa1\x32\xbe\x0a\xe9\x19\x26" + "\xab\x12\xaf\x6d\xc4\x50\x64\xaa\xd5\x6b\x84\xb9\x0c\x70\x08\x37" + "\x09\xcf\xf7\xe3\x1b\x54\x8f\xb7\xfb\x2c\xf7\x5a\xbf\x96\xe0\x1c" + "\xcd\x3e\x94\x2e\xed\x91\x48\x0d\x4c\x24\xc6\xb7\xf9\x79\xfb\xbe" + "\x5d\xa2\x39\xb3\x76\x16\x7d\x68\x57\x35\x24\xff\xcb\x50\x99\x54" + "\xcc\x80\xa0\xe1\xa7\x1c\x40\xc4\xda\x17\xb8\xd1\x57\x2b\x21\x58" + "\x7a\x8d\x66\xcc\x62\x1c\x7c\xd1\x0f\x49\xab\xd5\xef\x86\x31\x13" + "\xe6\x19\x21\x08\x6f\xac\x25\x31\x2b\x74\x1c\x11\xa8\xfb\xc1\xe3" + "\x3c\x34\xd9\xda\x14\xa8\x22\x47\x7f\xcc\x36\x66\x70\x25\xc4\xf1" + "\x30\xae\x10\x0e\x36\xf1\x5d\xa0\x03\x74\xce\x87\x41\x67\x9f\x61", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\x4b\x99\x6a\x60\xc0\x4a\x35\xc5\xe6\xd4\x74\xb1\x0a\x25\x8d\x56" + "\x2e\xa6\xdc\x52\xf6\xc6\x9b\xf3\x9e\xf8\x8c\x89\xe3\xcc\x8a\x54" + "\xda\x2f\x3c\x0b\x56\x1b\x53\xfe\x76\x55\x13\x63\xd6\x9c\x3c\xef" + "\x74\xe3\x4f\xe8\x8e\xb3\xac\x51", + WC_HASH_TYPE_SHA224), + INIT_SP80056C_TEST_VECTOR( + "\x52\x27\x2f\x50\xf4\x6f\x4e\xdc\x91\x51\x56\x90\x92\xf4\x6d\xf2" + "\xd9\x6e\xcc\x3b\x6d\xc1\x71\x4a\x4e\xa9\x49\xfa\x9f\x18\xff\x54" + "\xf8\x87\x23\x07\x3f\x64\xa6\x95\x3d\x04\x91\x4f\x45\xa2\x3e\xee" + "\x7c\xfc\x46\x67\x08\x0a\xa0\xf9", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\x77\x56\xbc\xfd\xef\x3e\xe6\x9f\x6a\xc2\x3c\xd2\xdc\x60\x7d\x01" + "\xfa\x8c\xe1\xb2\x4f\x5c\xaa\xaa\x48\xe0\x4b\x81\x63\xe1\x73\x3a" + "\xed\x7a\x04\x0e\x73\xf2\xb5\x42\x36\x8f\x00\x54\x8b\x16\x3c\x3d" + "\xc9\x6d\x70\x09\x99\x16\xf1\x6b", + WC_HASH_TYPE_SHA224), +#endif +#if !defined(NO_SHA256) + /* SHA-256 */ + INIT_SP80056C_TEST_VECTOR( + "\xdd\x0f\x53\x96\x21\x9d\x1e\xa3\x93\x31\x04\x12\xd1\x9a\x08\xf1" + "\xf5\x81\x1e\x9d\xc8\xec\x8e\xea\x7f\x80\xd2\x1c\x82\x0c\x27\x88" + "\x22\x76\x84\xe7\x1f\x5c\x31\x3f\xad\xc9\x1e\x52\x98\x07\xe3\x14" + "\x7d\x53\x14\x5b\x15\xab\xd6\xed\x41\x6a\xd3\x5c\xd7\xe6\x83\x8f", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\xc0\x8b\x3d\xe2\x4f\x1a\x38\x1e\x7a\x56\x75\xa2\xa6\x52\x3b\x08" + "\xf3\x54\x60\x5e\xee\x46\xb9\xf3\x9e\xad\xb1\xe9\x75\x34\x41\x6d" + "\x98\xb4\x3c\xae\x8a\xb0\x4a\xfd\x53\xde\xb3\x7f\x44\x02\x23\x52" + "\xc3\xfb\xde\x1e\x2f\x2c\xec\x53\x1c\xfc\x32\x4f\xdd\x0f\xcc\xa6", + WC_HASH_TYPE_SHA256), + INIT_SP80056C_TEST_VECTOR( + "\x44\xf4\x84\x09\xf3\x1b\xf3\x50\x94\x51\xdb\x4d\x30\x4b\xeb\xd8" + "\x3c\x2a\xd6\x50\x1c\x1b\x85\xe6\x32\xbc\x92\x58\x8e\x2d\x48\xb5" + "\xd2\xb8\x44\x44\x62\xad\x94\xe8\xa4\x44\x94\x1e\xd4\x97\x5c\x97" + "\x91\x17\xd7\x5a\x0a\x2b\xa8\x10\xdf\xa8\x80\x4a\x0f\xe9\x42\x6d" + "\xd7\xeb\x95\xf2\x9c\xa4\x30\xda\x37\xef\xa5\x2c\x42\xda\x1d\xe2" + "\x23\x76\x3b\xdd\xc9\x5e\x46\x6a\xa3\xb8\xd2\x06\xb8\x21\x8e\xdf" + "\x23\x97\x3d\x05\xf3\xc7\xc2\x2b\x22\x46\x53\xd4\xf9\x21\x85\x45" + "\x79\x83\x26\x2f\x27\xbc\x55\xa0\xa7\xae\xe5\x43\x54\x55\xd4\x3c" + "\x0e\x0c\x6d\x80\x67\xad\xaf\x90\x42\xb6\xb7\x77\x7e\x19\x8d\x67" + "\x60\x83\x0d\x96\xb2\x9a\x6a\xae\xf5\x74\xd7\x5e\x2d\x65\x43\x55" + "\x0f\x75\x55\xcf\x89\x82\xc8\x21\xc4\xec\x9b\x82\x66\x2b\x09\x36" + "\x69\xfd\x24\x6d\x4d\xcc\xbf\xf3\x1d\x98\x4e\xf6\x3c\x4f\x95\xd7" + "\x39\xc7\x7e\x66\xf6\x9b\x6d\xb0\xd9\xfc\x1a\x97\x3f\x52\x33\xd1" + "\x1f\xe7\x15\x4b\x8a\x6b\xe1\x50\x46\x7d\x92\xda\xf0\x91\x44\x34" + "\xf0\xcf\x17\x6e\x96\x1b\x31\x3f\xe3\xe2\x3b\xfe\x37\x8b\x87\xba" + "\xf2\x73\x93\x7f\xfa\xa6\x85\x65\x8b\x09\x78\x1d\x26\x97\x86\x4b" + "\x0d\x82\x48\x5c\xf7\xd6\x2f\xfc\xea\x34\x33\x88\xcf\xec\x15\x27" + "\x3a\x39\x4b\x84\x32\xee\xb6\x32\x1b\xe3\x1d\x4f\xcd\x16\x15\xc8" + "\x1c\x69\x37\xc0\x8d\x92\x41\x6e\xdb\xdd\x20\x10\xfa\x8b\x6e\x0a" + "\x8a\x60\x3d\xad\xe0\x10\xbc\x9c\xd7\x6b\x14\xe3\xe2\x19\x0e\x3b" + "\xa3\x00\xe7\x1a\xdd\xbf\x24\x4c\xf8\x06\x29\x49\x76\xea\xf0\x7d" + "\x02\x3b\xdb\x57\xfc\x5d\x19\x64\xc7\xd4\x20\x6e\x72\x06\x1b\xfe" + "\x1e\xe4\xee\xbc\x92\x00\xe1\x3a\x6c\xba\x32\x86\x9d\xbe\x80\x82" + "\xcd\xf3\x64\x5b\x5a\x72\x7d\xd2\x7c\xa5\x03\xf4\xed\xeb\x73\xe8" + "\x8a\x3a\x55\x2c\x7e\x00\xd4\xee\x72\x42\x13\x72\x36\xa0\x96\x5c" + "\x1e\xc3\xeb\xc0\xb4\x8c\x2b\x46\x7e\xb8\x42\x41\x5a\x28\x3f\x55" + "\xe2\x20\xff\xd1\x88\x19\x25\x6d\xa2\x47\x4d\x28\xfc\x3b\x04\xe0" + "\xc0\x7e\x4d\x25\xc1\x74\x93\x41\xd2\x22\x97\x01\x5c\xd8\x17\x8c" + "\x39\x18\xbe\x8c\x5c\xdf\x0f\xbf\xbb\x9a\x5a\xcc\xdd\x82\xaf\x07" + "\x83\xef\xe4\xdf\x64\xa8\xd8\x92\x82\x8f\x8d\xe5\x8c\x5d\x56\x9b" + "\x5b\x08\x45\x58\x96\xc4\xd3\xc3\x4f\xd3\xce\x93\xc4\x34\xc3\x8e" + "\xf5\x6c\xed\x30\x56\x1c\x37\x1a\xf9\xf2\xd8\x64\xfd\xc5\xb6\x2f", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\x42\x35\xac\x89\xc9\xf3\x3e\x5d\xbb\x11\x60\x1a\x29\x83\xe3\x76" + "\xe2\x15\x39\x97\x87\xd8\x39\xa0\x38\x55\xfe\x04\x53\x3e\x1a\x67" + "\x66\x91\x5e\x67\xc2\x5e\xeb\x04\x08\x28\xe9\x6c\xd3\xd6\xef\x0a" + "\xb7\xd1\x7b\x43\x13\x43\xa7\xf3\xaa\xc6\x8f\x0c\x4a\x7e\x77\x9b", + WC_HASH_TYPE_SHA256), + /* slightly modified vector to test generation when derivedKeySz % + * hashOutSz != 0*/ + INIT_SP80056C_TEST_VECTOR( + "\xdd\x0f\x53\x96\x21\x9d\x1e\xa3\x93\x31\x04\x12\xd1\x9a\x08\xf1" + "\xf5\x81\x1e\x9d\xc8\xec\x8e\xea\x7f\x80\xd2\x1c\x82\x0c\x27\x88" + "\x22\x76\x84\xe7\x1f\x5c\x31\x3f\xad\xc9\x1e\x52\x98\x07\xe3\x14" + "\x7d\x53\x14\x5b\x15\xab\xd6\xed\x41\x6a\xd3\x5c\xd7\xe6\x83\x8f", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\xc0\x8b\x3d\xe2\x4f\x1a\x38\x1e\x7a\x56\x75\xa2\xa6\x52\x3b\x08" + "\xf3\x54\x60\x5e\xee\x46\xb9\xf3\x9e\xad\xb1\xe9\x75\x34\x41\x6d" + "\x98\xb4\x3c\xae\x8a\xb0\x4a\xfd\x53\xde\xb3\x7f\x44\x02\x23\x52" + "\xc3\xfb\xde\x1e\x2f\x2c\xec\x53\x1c\xfc\x32\x4f\xdd\x0f\xcc", + WC_HASH_TYPE_SHA256), + +#endif +#if defined(WOLFSSL_SHA384) + /* SHA-384 */ + INIT_SP80056C_TEST_VECTOR( + "\x5e\xa1\xfc\x4a\xf7\x25\x6d\x20\x55\x98\x1b\x11\x05\x75\xe0\xa8" + "\xca\xe5\x31\x60\x13\x7d\x90\x4c\x59\xd9\x26\xeb\x1b\x84\x56\xe4" + "\x27\xaa\x8a\x45\x40\x88\x4c\x37\xde\x15\x9a\x58\x02\x8a\xbc\x0e" + "\x88\x76\x9c\xb7\x2f\xc5\xac\x45\x7c\xd5\x8e\x89\x08\x9b\x19\x6a" + "\x70\xbf\x53\x3c\x6d\xc9\x1c\x9c\x7e\x17\x41\xdb\x5e\x7a\xb6\xb0" + "\x84\x9f\x01\xde\xa6\x5f\xed\xd0\x6c\x77\x18\x7c\xd8\x8e\xd0\x30", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\x8e\x6e\x26\x5f\x20\x82\xf1\x4d\x34\xda\x23\xe1\x03\x2c\x90\x24" + "\x83\x4a\xf0\x15\x72\xb6\x64\x77\x82\x41\x1b\xdd\xcb\x84\xa5\xda" + "\xee\x11\x7b\xa6\xfb\xa6\xd0\xeb\x28\x08\xef\x8a\xb0\x70\x05\xee" + "\xab\xe5\x2d\x2e\xfd\x31\x12\x1c\x7b\xf9\xd5\xfa\xfc\x40\xe0\x0c" + "\x6d\x6d\xbf\x39\xef\x43\xfe\x97\x15\xc7\x20\x2c\xdc\x2d\xb7\xe8" + "\x2b\x88\xd7\x48\xeb\x84\x25\x8b\xf8\x4d\x85\x82\xf2\xbf\xd9\x40", + WC_HASH_TYPE_SHA384), +#endif +#if defined(WOLFSSL_SHA512) + /* SHA-512 */ + INIT_SP80056C_TEST_VECTOR( + "\x00\xcd\xea\x89\x62\x1c\xfa\x46\xb1\x32\xf9\xe4\xcf\xe2\x26\x1c" + "\xde\x2d\x43\x68\xeb\x56\x56\x63\x4c\x7c\xc9\x8c\x7a\x00\xcd\xe5" + "\x4e\xd1\x86\x6a\x0d\xd3\xe6\x12\x6c\x9d\x2f\x84\x5d\xaf\xf8\x2c" + "\xeb\x1d\xa0\x8f\x5d\x87\x52\x1b\xb0\xeb\xec\xa7\x79\x11\x16\x9c" + "\x20\xcc\x01\x38\xa6\x72\xb6\x95\x8b\xd7\x84\xe5\xd7\xfa\x83\x73" + "\x8a\xc6\x8f\x9b\x34\x23\xb4\x83\xf9\xbf\x53\x9e\x71\x14\x1e\x45" + "\xdb\xfb\x7a\xfe\xd1\x8b\x11\xc0\x02\x8b\x13\xf1\xf8\x60\xef\x43" + "\xc4\x80\xf4\xda\xcd\xa2\x08\x10\x59\xd3\x97\x8c\x99\x9d\x5d\x1a" + "\xde\x34\x54\xe4", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\x2d\x4a\x46\xa1\x70\x99\xba\xa8\x33\x0b\xc5\x9d\x4a\x1c\xf5\xae" + "\x3a\x30\x75\xb4\xc6\x2b\xb2\x6e\x7f\xc9\x89\x24\x72\x6d\x27\x4c" + "\x09\x64\x6f\x44\x08\xe6\x85\x8c\x43\xb4\x2d\xae\xd0\x15\xef\x26" + "\x17\x08\xd5\x5e\xf2\x4d\xaa\x7d\x3e\xa3\xd1\xc4\xa0\x8c\xfd\x24" + "\xdb\x60\x00\xa5\xb8\xa6\x7d\xe7\x46\xf3\xd3\xf4\xff\x34\x85\x15" + "\x8f\xd3\xb6\x91\x55\x79\x1d\xf4\x67\x47\xd4\xdb\xbe\x17\xc4\xb5" + "\x58\x46\x2e\x26\xbe\x5e\xd3\x5f\xe6\x80\xe2\x97\x14\x22\xc3\xb0" + "\x1b\x17\xe1\x67\xfc\x43\x7f\x84\x86\x9d\x85\x49\x53\x7b\x33\x38", + WC_HASH_TYPE_SHA512), +#endif + INIT_SP80056C_TEST_VECTOR( + "\x00\xcd\xea\x89\x62\x1c\xfa\x46\xb1\x32\xf9\xe4\xcf\xe2\x26\x1c" + "\xde\x2d\x43\x68\xeb\x56\x56\x63\x4c\x7c\xc9\x8c\x7a\x00\xcd\xe5" + "\x4e\xd1\x86\x6a\x0d\xd3\xe6\x12\x6c\x9d\x2f\x84\x5d\xaf\xf8\x2c" + "\xeb\x1d\xa0\x8f\x5d\x87\x52\x1b\xb0\xeb\xec\xa7\x79\x11\x16\x9c" + "\x20\xcc\x01\x38\xa6\x72\xb6\x95\x8b\xd7\x84\xe5\xd7\xfa\x83\x73" + "\x8a\xc6\x8f\x9b\x34\x23\xb4\x83\xf9\xbf\x53\x9e\x71\x14\x1e\x45" + "\xdb\xfb\x7a\xfe\xd1\x8b\x11\xc0\x02\x8b\x13\xf1\xf8\x60\xef\x43" + "\xc4\x80\xf4\xda\xcd\xa2\x08\x10\x59\xd3\x97\x8c\x99\x9d\x5d\x1a" + "\xde\x34\x54\xe4", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\x2d\x4a", + WC_HASH_TYPE_SHA512), + + }; + + for (i = 0; i < sizeof(vctors) / sizeof(vctors[0]); i++) { + v = &vctors[i]; + ret = wc_KDA_KDF_onestep(v->z, v->zSz, v->fixedInfo, v->fixedInfoSz, + v->derivedKeySz, v->hashType, output, + /* use derivedKeySz to force the function to use a temporary buff + for the last block */ + v->derivedKeySz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(output, v->derivedKey, v->derivedKeySz) != 0) + return WC_TEST_RET_ENC_NC; + } + + /* negative tests */ + ret = wc_KDA_KDF_onestep(NULL, 0, (byte*)"fixed_info", + sizeof("fixed_info"), 16, WC_HASH_TYPE_SHA256, output, 16); + if (ret != BAD_FUNC_ARG) + return WC_TEST_RET_ENC_NC; + ret = wc_KDA_KDF_onestep((byte*)"secret", sizeof("secret"), NULL, 1, 16, + WC_HASH_TYPE_SHA256, output, 16); + if (ret != BAD_FUNC_ARG) + return WC_TEST_RET_ENC_NC; + + /* allow empty FixedInfo */ + ret = wc_KDA_KDF_onestep((byte*)"secret", sizeof("secret"), NULL, 0, 16, + WC_HASH_TYPE_SHA256, output, 16); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + return 0; +} +#endif /* WC_KDF_NIST_SP_800_56C */ + /* optional macro to add sleep between tests */ #ifndef TEST_SLEEP #define TEST_SLEEP() WC_DO_NOTHING @@ -1442,6 +1776,13 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ PRIVATE_KEY_LOCK(); #endif +#if defined(WC_KDF_NIST_SP_800_56C) + if ( (ret = nist_sp80056c_kdf_test()) != 0) + TEST_FAIL("NIST SP 800-56C KDF test failed!\n", ret); + else + TEST_PASS("NIST SP 800-56C KDF test passed!\n"); +#endif + #if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128) && \ !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) && \ !defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) @@ -26252,6 +26593,7 @@ out: } #endif + #if defined(HAVE_HKDF) && !defined(NO_HMAC) #if defined(WOLFSSL_AFALG_XILINX) || defined(WOLFSSL_AFALG_XILINX_AES) || \ diff --git a/wolfssl/wolfcrypt/kdf.h b/wolfssl/wolfcrypt/kdf.h index eb917cb7b..ad107e5e5 100644 --- a/wolfssl/wolfcrypt/kdf.h +++ b/wolfssl/wolfcrypt/kdf.h @@ -166,6 +166,11 @@ WOLFSSL_API int wc_SRTP_KDF_kdr_to_idx(word32 kdr); #endif /* WC_SRTP_KDF */ +#ifdef WC_KDF_NIST_SP_800_56C +WOLFSSL_API int wc_KDA_KDF_onestep(const byte* z, word32 zSz, + const byte* fixedInfo, word32 fixedInfoSz, word32 derivedSecretSz, + enum wc_HashType hashType, byte* output, word32 outputSz); +#endif #ifdef __cplusplus } /* extern "C" */ #endif