kbkdf

package module

v0.0.0-...-3b1308f Latest Latest Go to latest Published: Jan 4, 2025 License: LGPL-3.0 Imports: 2 Imported by: 2

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/canonical/go-kbkdf

Links

Open Source Insights

README ¶

Description

This package implements the key derivation functions defined in NIST SP800-108.

It implements the 3 modes specified:

Counter mode
Feedback mode (with or without iteration counter)
Double-Pipeline mode (with or without iteration counter)

It includes a sub-package implementing various HMAC based pseudo-random functions.

The counter mode KDF with HMAC based PRF is used in the TPM 2.0 Reference Library specification and consumed by the Go TPM2 package

Unit testing

The included unit tests are automatically generated based on the CAVP test vectors supplied by NIST, which means that they test the correctness of the key derivation functions against the specification.

Documentation ¶

Overview ¶

Package kbkdf implements the key derivation functions described in NIST SP-800-108.

All 3 modes are implemented - counter, feedback and pipeline.

The counter mode is used extensively in the reference TPM implementation.

Index ¶

func CounterModeKey(prf PRF, key, label, context []byte, bitLength uint32) []byte
func FeedbackModeKey(prf PRF, key, label, context, iv []byte, bitLength uint32, ...) []byte
func PipelineModeKey(prf PRF, key, label, context []byte, bitLength uint32, ...) []byte
type IterationCounterMode
type PRF

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CounterModeKey ¶

func CounterModeKey(prf PRF, key, label, context []byte, bitLength uint32) []byte

CounterModeKey derives a key of the specified length using the counter mode function described in NIST SP-800-108, using the supplied PRF, secret key and other input parameters.

func FeedbackModeKey ¶

func FeedbackModeKey(prf PRF, key, label, context, iv []byte, bitLength uint32, iterationCounterMode IterationCounterMode) []byte

FeebackModeKey derives a key of the specified length using the feedback mode function described in NIST SP-800-108, using the supplied PRF, secret key and other input parameters.

The iterationCounterMode argument specifies whether the iteration counter should be included as an input to the PRF.

func PipelineModeKey ¶

func PipelineModeKey(prf PRF, key, label, context []byte, bitLength uint32, iterationCounterMode IterationCounterMode) []byte

PipelineModeKey derives a key of the specified length using the double-pipeline iteration mode function described in NIST SP-800-108, using the supplied PRF, secret key and other input parameters.

The iterationCounterMode argument specifies whether the iteration counter should be included as an input to the PRF.

Types ¶

type IterationCounterMode ¶

type IterationCounterMode bool

IterationCounterMode defines whether the iteration counter is included in the feedback and double-pipeline KDFs

const (
	OmitIterationCounter    IterationCounterMode = false
	IncludeIterationCounter IterationCounterMode = true
)

type PRF ¶

type PRF interface {
	// Size returns the output length of this PRF.
	Size() uint32

	// Run computes bytes for the supplied seed and input value.
	Run(s, x []byte) []byte
}

PRF represents a pseudorandom function.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
hmac_prf Package hmac_prf implements HMAC based pseudo-random functions (PRFs).	Package hmac_prf implements HMAC based pseudo-random functions (PRFs).

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL