Makes our CredRandom derivation FIPS compliant (#613)

* Makes our CredRandom derivation FIPS compliant This change breaks existing usage of CredRandom. * fixes rust_crypto and HKDF test style
2023-04-11 14:48:42 +02:00
parent be42b47caf
commit a1d6ed0223
6 changed files with 96 additions and 30 deletions
--- a/libraries/opensk/src/api/crypto/hkdf256.rs
+++ b/libraries/opensk/src/api/crypto/hkdf256.rs
@@ -16,11 +16,28 @@ use super::HASH_SIZE;

 /// HKDF using SHA256.
 pub trait Hkdf256 {
+    /// Computes the HKDF with 256 bit (one block) output.
+    ///
+    /// # Arguments
+    ///
+    /// * `ikm` - Input keying material
+    /// * `salt` - Byte string that acts as a key
+    /// * `info` - Optional context and application specific information
+    ///
+    /// This implementation is equivalent to a standard HKD, with `salt` fixed at a length of
+    /// 32 byte and the output length l as 32.
+    fn hkdf_256(ikm: &[u8], salt: &[u8; HASH_SIZE], info: &[u8]) -> [u8; HASH_SIZE];
+
    /// Computes the HKDF with empty salt and 256 bit (one block) output.
    ///
    /// # Arguments
    ///
    /// * `ikm` - Input keying material
    /// * `info` - Optional context and application specific information
-    fn hkdf_empty_salt_256(ikm: &[u8], info: &[u8]) -> [u8; HASH_SIZE];
+    ///
+    /// This implementation is equivalent to a standard HKDF, with `salt` set to the
+    /// default block of zeros and the output length l as 32.
+    fn hkdf_empty_salt_256(ikm: &[u8], info: &[u8]) -> [u8; HASH_SIZE] {
+        Self::hkdf_256(ikm, &[0; HASH_SIZE], info)
+    }
 }