cmac kdf: add NIST SP 800-108, and NIST SP 800-56C two-step.

Author: philljj

.wolfssl_known_macro_extras

@@ -606,7 +606,6 @@ WC_DISABLE_RADIX_ZERO_PAD
 WC_ECC_NONBLOCK_ONLY
 WC_FLAG_DONT_USE_AESNI
 WC_FORCE_LINUXKM_FORTIFY_SOURCE
-WC_KDF_NIST_SP_800_56C
 WC_LMS_FULL_HASH
 WC_NO_RNG_SIMPLE
 WC_NO_STATIC_ASSERT

configure.ac

@@ -1334,6 +1334,7 @@ then
     test "$enable_eccencrypt" = "" && test "$enable_ecc" != "no" && enable_eccencrypt=yes
     test "$enable_psk" = "" && enable_psk=yes
     test "$enable_cmac" = "" && enable_cmac=yes
+    test "$enable_cmac_kdf" = "" && enable_cmac_kdf=yes
     test "$enable_siphash" = "" && enable_siphash=yes
     test "$enable_ocsp" = "" && enable_ocsp=yes
     test "$enable_ocspstapling" = "" && test "$enable_ocsp" != "no" && enable_ocspstapling=yes
@@ -1441,6 +1442,9 @@ then
 
     # Store issuer name components when parsing certificates.
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_ISSUER_NAMES"
+
+    # Enable onestep KDF from NIST SP 800 56c option 1.
+    AM_CFLAGS="$AM_CFLAGS -DWC_KDF_NIST_SP_800_56C"
 fi
 
 # wolfGuard
@@ -5600,6 +5604,20 @@ AC_ARG_ENABLE([siphash],
 AS_IF([test "x$ENABLED_SIPHASH" = "xyes"],
       [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIPHASH"])
 
+AC_ARG_ENABLE([cmac-kdf],
+    [AS_HELP_STRING([--enable-cmac-kdf],[Enables cmac-kdf support (default: disabled)])],
+    [ ENABLED_CMAC_KDF=$enableval ],
+    [ ENABLED_CMAC_KDF=no ]
+    )
+
+if test "$ENABLED_CMAC_KDF" = "yes"
+then
+ if test "$ENABLED_KDF" != "yes"
+ then
+   AC_MSG_ERROR([enable-cmac-kdf requires --enable-kdf])
+ fi
+  AM_CFLAGS="$AM_CFLAGS -DHAVE_CMAC_KDF"
+fi
 
 # CMAC
 AC_ARG_ENABLE([cmac],
@@ -5608,7 +5626,7 @@ AC_ARG_ENABLE([cmac],
     [ ENABLED_CMAC=no ]
     )
 
-if test "$ENABLED_WPAS" != "no" || test "$ENABLED_NTP" = "yes" || test "$ENABLED_AESSIV" = "yes" || test "$ENABLED_WOLFENGINE" = "yes" || test "$ENABLED_AESEAX" = "yes"
+if test "$ENABLED_WPAS" != "no" || test "$ENABLED_NTP" = "yes" || test "$ENABLED_AESSIV" = "yes" || test "$ENABLED_WOLFENGINE" = "yes" || test "$ENABLED_AESEAX" = "yes" || test "$ENABLED_CMAC_KDF" = "yes"
 then
     ENABLED_CMAC=yes
 fi

tests/api/test_aes.c

@@ -2753,8 +2753,11 @@ int test_wc_AesEaxEncryptAuth(void)
     /* Test bad key lengths */
     for (i = 0; i <= 32; i++) {
         int exp_ret;
-        if (i == AES_128_KEY_SIZE || i == AES_192_KEY_SIZE
-                                  || i == AES_256_KEY_SIZE) {
+        if (i == AES_128_KEY_SIZE
+            #if defined(WOLFSSL_AES_192)
+            || i == AES_192_KEY_SIZE
+            #endif /* WOLFSSL_AES_192 */
+            || i == AES_256_KEY_SIZE) {
             exp_ret = 0;
         }
         else {
@@ -2865,8 +2868,11 @@ int test_wc_AesEaxDecryptAuth(void)
     /* Test bad key lengths */
     for (i = 0; i <= 32; i++) {
         int exp_ret;
-        if (i == AES_128_KEY_SIZE || i == AES_192_KEY_SIZE
-                                  || i == AES_256_KEY_SIZE) {
+        if (i == AES_128_KEY_SIZE
+            #if defined(WOLFSSL_AES_192)
+            || i == AES_192_KEY_SIZE
+            #endif /* WOLFSSL_AES_192 */
+            || i == AES_256_KEY_SIZE) {
             exp_ret = WC_NO_ERR_TRACE(AES_EAX_AUTH_E);
         }
         else {
@@ -2896,7 +2902,7 @@ int test_wc_AesEaxDecryptAuth(void)
     return EXPECT_RESULT();
 } /* END test_wc_AesEaxDecryptAuth() */
 
-#endif /* WOLFSSL_AES_EAX &&
+#endif /* WOLFSSL_AES_EAX && WOLFSSL_AES_256
         * (!HAVE_FIPS || FIPS_VERSION_GE(5, 3)) && !HAVE_SELFTEST
         */
 

tests/api/test_aes.h

@@ -40,7 +40,7 @@ int test_wc_AesCcmEncryptDecrypt(void);
 int test_wc_AesEaxVectors(void);
 int test_wc_AesEaxEncryptAuth(void);
 int test_wc_AesEaxDecryptAuth(void);
-#endif /* WOLFSSL_AES_EAX */
+#endif /* WOLFSSL_AES_EAX && WOLFSSL_AES_256*/
 
 int test_wc_GmacSetKey(void);
 int test_wc_GmacUpdate(void);

wolfcrypt/src/cryptocb.c

@@ -174,12 +174,14 @@ static const char* GetCryptoCbCmdTypeStr(int type)
 }
 #endif
 
-#if defined(HAVE_HKDF) && !defined(NO_HMAC)
+#if (defined(HAVE_HKDF) && !defined(NO_HMAC)) || defined(HAVE_CMAC_KDF)
 static const char* GetKdfTypeStr(int type)
 {
     switch (type) {
         case WC_KDF_TYPE_HKDF:
             return "HKDF";
+        case WC_KDF_TYPE_TWOSTEP_CMAC:
+            return "TWOSTEP_CMAC";
     }
     return NULL;
 }
@@ -251,7 +253,8 @@ void wc_CryptoCb_InfoString(wc_CryptoInfo* info)
             GetCryptoCbCmdTypeStr(info->cmd.type), info->cmd.type);
     }
 #endif
-#if defined(HAVE_HKDF) && !defined(NO_HMAC)
+#if (defined(HAVE_HKDF) && !defined(NO_HMAC)) || \
+    defined(HAVE_CMAC_KDF)
     else if (info->algo_type == WC_ALGO_TYPE_KDF) {
         printf("Crypto CB: %s %s (%d)\n", GetAlgoTypeStr(info->algo_type),
                GetKdfTypeStr(info->kdf.type), info->kdf.type);
@@ -2025,4 +2028,42 @@ int wc_CryptoCb_Hkdf(int hashType, const byte* inKey, word32 inKeySz,
 }
 #endif /* HAVE_HKDF && !NO_HMAC */
 
+
+#if defined(HAVE_CMAC_KDF)
+/* Crypto callback for NIST SP 800 56C two-step CMAC KDF. See software
+ * implementation in wc_KDA_KDF_twostep_cmac for more comments.
+ * */
+int wc_CryptoCb_Kdf_TwostepCmac(const byte * salt, word32 saltSz,
+                                const byte* z, word32 zSz,
+                                const byte* fixedInfo, word32 fixedInfoSz,
+                                byte* output, word32 outputSz, int devId)
+{
+    int       ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
+    CryptoCb* dev;
+
+    /* Find registered callback device */
+    dev = wc_CryptoCb_FindDevice(devId, WC_ALGO_TYPE_KDF);
+
+    if (dev && dev->cb) {
+        wc_CryptoInfo cryptoInfo;
+        XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
+
+        cryptoInfo.algo_type                    = WC_ALGO_TYPE_KDF;
+        cryptoInfo.kdf.type                     = WC_KDF_TYPE_TWOSTEP_CMAC;
+        cryptoInfo.kdf.twostep_cmac.salt        = salt;
+        cryptoInfo.kdf.twostep_cmac.saltSz      = saltSz;
+        cryptoInfo.kdf.twostep_cmac.z           = z;
+        cryptoInfo.kdf.twostep_cmac.zSz         = zSz;
+        cryptoInfo.kdf.twostep_cmac.fixedInfo   = fixedInfo;
+        cryptoInfo.kdf.twostep_cmac.fixedInfoSz = fixedInfoSz;
+        cryptoInfo.kdf.twostep_cmac.out         = output;
+        cryptoInfo.kdf.twostep_cmac.outSz       = outputSz;
+
+        ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
+    }
+
+    return wc_CryptoCb_TranslateErrorCode(ret);
+}
+#endif /* HAVE_CMAC_KDF */
+
 #endif /* WOLF_CRYPTO_CB */