func (s *TestSuite) Test384Secret_256Key(c *C) { //when test := DeriveConcatKDF(256, z2, algId, partyUInfo, partyVInfo, arrays.UInt32ToBytes(256), nil, sha256.New()) //then c.Assert(test, DeepEquals, []byte{27, 55, 33, 99, 20, 191, 202, 69, 84, 176, 250, 108, 99, 7, 91, 49, 200, 47, 219, 142, 190, 216, 197, 154, 235, 17, 76, 12, 165, 75, 201, 108}) }
// DeriveConcatKDF implements NIST SP 800-56A Concatenation Key Derivation Function. Derives // key material of keydatalen bits size given Z (sharedSecret), OtherInfo (AlgorithmID | // PartyUInfo | PartyVInfo | SuppPubInfo | SuppPrivInfo) and hash function func DeriveConcatKDF(keydatalen int, sharedSecret, algId, partyUInfo, partyVInfo, suppPubInfo, suppPrivInfo []byte, h hash.Hash) []byte { otherInfo := arrays.Concat(algId, partyUInfo, partyVInfo, suppPubInfo, suppPrivInfo) keyLenBytes := keydatalen >> 3 reps := int(math.Ceil(float64(keyLenBytes) / float64(h.Size()))) if reps > MaxInt { panic("kdf.DeriveConcatKDF: too much iterations (more than 2^32-1).") } dk := make([]byte, 0, keyLenBytes) for counter := 1; counter <= reps; counter++ { h.Reset() counterBytes := arrays.UInt32ToBytes(uint32(counter)) h.Write(counterBytes) h.Write(sharedSecret) h.Write(otherInfo) dk = h.Sum(dk) } return dk[:keyLenBytes] }
func (s *TestSuite) Test256Secret_521Key(c *C) { //when test := DeriveConcatKDF(521, z, algId, partyUInfo, partyVInfo, arrays.UInt32ToBytes(521), nil, sha256.New()) //then c.Assert(test, DeepEquals, []byte{245, 40, 159, 13, 25, 70, 170, 74, 210, 240, 242, 224, 37, 215, 23, 201, 126, 90, 108, 103, 205, 180, 48, 193, 131, 40, 86, 183, 97, 144, 1, 150, 154, 186, 196, 127, 6, 19, 17, 230, 75, 144, 229, 195, 61, 240, 20, 173, 167, 159, 50, 103, 133, 177, 241, 145, 134, 84, 50, 246, 157, 252, 51, 24, 35}) }
func (s *TestSuite) Test256Secret_384Key(c *C) { //when test := DeriveConcatKDF(384, z, algId, partyUInfo, partyVInfo, arrays.UInt32ToBytes(384), nil, sha256.New()) //then c.Assert(test, DeepEquals, []byte{187, 16, 110, 253, 151, 199, 57, 235, 219, 8, 73, 191, 208, 108, 63, 241, 235, 137, 178, 149, 3, 199, 216, 99, 105, 217, 45, 114, 109, 213, 83, 198, 52, 101, 99, 146, 193, 31, 172, 157, 19, 140, 25, 202, 153, 92, 252, 192}) }
func (s *TestSuite) Test256Secret_256Key(c *C) { //when test := DeriveConcatKDF(256, z, algId, partyUInfo, partyVInfo, arrays.UInt32ToBytes(256), nil, sha256.New()) //then c.Assert(test, DeepEquals, []byte{190, 69, 15, 62, 38, 64, 30, 141, 208, 163, 55, 202, 18, 71, 176, 174, 114, 221, 249, 255, 207, 131, 190, 77, 12, 115, 220, 144, 102, 149, 78, 28}) }
func f(salt []byte, iterationCount, blockIndex int, prf hash.Hash) []byte { prf.Reset() prf.Write(salt) prf.Write(arrays.UInt32ToBytes(uint32(blockIndex))) u := prf.Sum(nil) // U_1 = PRF (P, S || INT (i)) result := u for i := 2; i <= iterationCount; i++ { prf.Reset() prf.Write(u) u = prf.Sum(nil) // U_c = PRF (P, U_{c-1}) . result = arrays.Xor(result, u) // U_1 \xor U_2 \xor ... \xor U_c } return result }
func prependDatalen(bytes []byte) []byte { return arrays.Concat(arrays.UInt32ToBytes(uint32(len(bytes))), bytes) }
func (alg *Ecdh) deriveKey(pubKey *ecdsa.PublicKey, privKey *ecdsa.PrivateKey, keySizeBits int, header map[string]interface{}) []byte { var enc, apv, apu []byte var err error enc = []byte(header[alg.idHeader()].(string)) if a, ok := header["apv"].(string); !ok { if apv, err = base64url.Decode(a); err != nil { apv = nil } } if a, ok := header["apu"].(string); !ok { if apu, err = base64url.Decode(a); err != nil { apu = nil } } z, _ := pubKey.Curve.ScalarMult(pubKey.X, pubKey.Y, privKey.D.Bytes()) zBytes := padding.Align(z.Bytes(), privKey.Curve.Params().BitSize) return kdf.DeriveConcatKDF(keySizeBits, zBytes, prependDatalen(enc), prependDatalen(apu), prependDatalen(apv), arrays.UInt32ToBytes(uint32(keySizeBits)), nil, sha256.New()) }