Closed Bug 1599603 Opened 2 years ago Closed 2 years ago

NIST SP800-108 KBKDF - PKCS#11 implementation


(NSS :: Libraries, enhancement, P2)



(Not tracked)



(Reporter: alexander.m.scheel, Assigned: alexander.m.scheel)




(1 file)

User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0

Steps to reproduce:

This is the implementation of NIST SP800-108: Key Based KDFs. It is included in the new/upcoming PKCS#11 v3.0 draft specification, but other than a few constants and structures, doesn't depend on any of the new features and is a regular KDF. There's a few errata in the PKCS#11 v3.0 draft specification I've noted as appropriate in the headers; they've also been compiled in my draft PR.

I'm still working on a little bit of cleanup and migrating my existing pk11_gtest test cases to do CAVP parsing as part of fipstest.c. So the timing of this BZ is mostly for internal reasons.

The counter mode variant of this KDF is required for SCP03 support. This imposes the additional use of deriving data objects in addition to secret keys.

However, I will appreciate feedback on this PRF.

Actual results:

NSS doesn't currently support KBKDF.

Expected results:

NSS should consider supporting KBKDF.

This implements NIST SP800-108 Counter, Feedback, and Double Pipeline
mode KDFs suitable for use in SCP03 and other protocols. These KDFs were
introduced in PKCS#11 v3.0.

Resolves: BZ#1599603

Assignee: nobody → alexander.m.scheel
Ever confirmed: true
Priority: -- → P2
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.50

Ah my bad -- I was following the precedent set under tests/fips/cavs_samples/IKE/req/ikev1_dsa.req{,_orig} where the original CAVP test case was added alongside the modified file (removing unsupported options).

Thanks for the merge and the cleanup!

Honestly, the .orig file convention got caught by mozilla-central and blocked as being a mercurial merge artifact that shouldn't be committed, so blocked my uplfit. If we want to add them back in, they just need to not be exactly suffixed with .orig -- at least in the patch. I imagine existing files are getting grandfathered.

I'm happy with either. I committed only the one CAVP for Counter Mode KBKDF. I had originally tried submitting all six of the CAVP for KBKDFs (Counter mode, Feedback mode with no counter, Feedback mode with zero IVs, Feedback mode with no zero IVs, Pipeline mode with counter, and Pipeline mode without counter).

Bob -- what do you think? Should I file another BZ with separate Moz-Phab submissions for the remaining CAVP tests? Should I re-add the dropped original file as .fax_orig? Or leave everything be?

Without adding the orig files and adding everything mentioned above is another 56MB of data in the repo. It isn't too hard to find the CAVP test files and downloading them doesn't require a log-in... Perhaps we should leave it as-is and add a comment that says where to find additional ones if people want them?

Flags: needinfo?(rrelyea)

I think you can just readd the dropped file as fax_org. If the file is just the original from NIST, then I'm OK with dropping ti as well.

Flags: needinfo?(rrelyea)
You need to log in before you can comment on or make changes to this bug.