NIST SP800-108 KBKDF - PKCS#11 implementation
Categories
(NSS :: Libraries, enhancement, P2)
Tracking
(Not tracked)
People
(Reporter: alexander.m.scheel, Assigned: alexander.m.scheel)
References
Details
Attachments
(1 file)
User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0
Steps to reproduce:
This is the implementation of NIST SP800-108: Key Based KDFs. It is included in the new/upcoming PKCS#11 v3.0 draft specification, but other than a few constants and structures, doesn't depend on any of the new features and is a regular KDF. There's a few errata in the PKCS#11 v3.0 draft specification I've noted as appropriate in the headers; they've also been compiled in my draft PR.
I'm still working on a little bit of cleanup and migrating my existing pk11_gtest
test cases to do CAVP parsing as part of fipstest.c
. So the timing of this BZ is mostly for internal reasons.
The counter mode variant of this KDF is required for SCP03 support. This imposes the additional use of deriving data objects in addition to secret keys.
However, I will appreciate feedback on this PRF.
Actual results:
NSS doesn't currently support KBKDF.
Expected results:
NSS should consider supporting KBKDF.
Assignee | ||
Comment 1•5 years ago
|
||
This implements NIST SP800-108 Counter, Feedback, and Double Pipeline
mode KDFs suitable for use in SCP03 and other protocols. These KDFs were
introduced in PKCS#11 v3.0.
Resolves: BZ#1599603
Updated•5 years ago
|
Comment 2•5 years ago
|
||
Comment 3•5 years ago
|
||
Assignee | ||
Comment 4•5 years ago
|
||
Ah my bad -- I was following the precedent set under tests/fips/cavs_samples/IKE/req/ikev1_dsa.req{,_orig}
where the original CAVP test case was added alongside the modified file (removing unsupported options).
Thanks for the merge and the cleanup!
Comment 5•5 years ago
|
||
Honestly, the .orig
file convention got caught by mozilla-central and blocked as being a mercurial merge artifact that shouldn't be committed, so blocked my uplfit. If we want to add them back in, they just need to not be exactly suffixed with .orig
-- at least in the patch. I imagine existing files are getting grandfathered.
Assignee | ||
Comment 6•5 years ago
|
||
I'm happy with either. I committed only the one CAVP for Counter Mode KBKDF. I had originally tried submitting all six of the CAVP for KBKDFs (Counter mode, Feedback mode with no counter, Feedback mode with zero IVs, Feedback mode with no zero IVs, Pipeline mode with counter, and Pipeline mode without counter).
Bob -- what do you think? Should I file another BZ with separate Moz-Phab submissions for the remaining CAVP tests? Should I re-add the dropped original file as .fax_orig
? Or leave everything be?
Without adding the orig
files and adding everything mentioned above is another 56MB of data in the repo. It isn't too hard to find the CAVP test files and downloading them doesn't require a log-in... Perhaps we should leave it as-is and add a comment that says where to find additional ones if people want them?
Comment 7•5 years ago
|
||
I think you can just readd the dropped file as fax_org. If the file is just the original from NIST, then I'm OK with dropping ti as well.
Description
•