func (s *TestSuite) Test384Secret_256Key(c *C) {
//when
test := DeriveConcatKDF(256, z2, algId, partyUInfo, partyVInfo, arrays.UInt32ToBytes(256), nil, sha256.New())
//then
c.Assert(test, DeepEquals, []byte{27, 55, 33, 99, 20, 191, 202, 69, 84, 176, 250, 108, 99, 7, 91, 49, 200, 47, 219, 142, 190, 216, 197, 154, 235, 17, 76, 12, 165, 75, 201, 108})
}
// DeriveConcatKDF implements NIST SP 800-56A Concatenation Key Derivation Function. Derives
// key material of keydatalen bits size given Z (sharedSecret), OtherInfo (AlgorithmID |
// PartyUInfo | PartyVInfo | SuppPubInfo | SuppPrivInfo) and hash function
func DeriveConcatKDF(keydatalen int, sharedSecret, algId, partyUInfo, partyVInfo, suppPubInfo, suppPrivInfo []byte, h hash.Hash) []byte {
otherInfo := arrays.Concat(algId, partyUInfo, partyVInfo, suppPubInfo, suppPrivInfo)
keyLenBytes := keydatalen >> 3
reps := int(math.Ceil(float64(keyLenBytes) / float64(h.Size())))
if reps > MaxInt {
panic("kdf.DeriveConcatKDF: too much iterations (more than 2^32-1).")
}
dk := make([]byte, 0, keyLenBytes)
for counter := 1; counter <= reps; counter++ {
h.Reset()
counterBytes := arrays.UInt32ToBytes(uint32(counter))
h.Write(counterBytes)
h.Write(sharedSecret)
h.Write(otherInfo)
dk = h.Sum(dk)
}
return dk[:keyLenBytes]
}
func (s *TestSuite) Test256Secret_521Key(c *C) {
//when
test := DeriveConcatKDF(521, z, algId, partyUInfo, partyVInfo, arrays.UInt32ToBytes(521), nil, sha256.New())
//then
c.Assert(test, DeepEquals, []byte{245, 40, 159, 13, 25, 70, 170, 74, 210, 240, 242, 224, 37, 215, 23, 201, 126, 90, 108, 103, 205, 180, 48, 193, 131, 40, 86, 183, 97, 144, 1, 150, 154, 186, 196, 127, 6, 19, 17, 230, 75, 144, 229, 195, 61, 240, 20, 173, 167, 159, 50, 103, 133, 177, 241, 145, 134, 84, 50, 246, 157, 252, 51, 24, 35})
}
func (s *TestSuite) Test256Secret_384Key(c *C) {
//when
test := DeriveConcatKDF(384, z, algId, partyUInfo, partyVInfo, arrays.UInt32ToBytes(384), nil, sha256.New())
//then
c.Assert(test, DeepEquals, []byte{187, 16, 110, 253, 151, 199, 57, 235, 219, 8, 73, 191, 208, 108, 63, 241, 235, 137, 178, 149, 3, 199, 216, 99, 105, 217, 45, 114, 109, 213, 83, 198, 52, 101, 99, 146, 193, 31, 172, 157, 19, 140, 25, 202, 153, 92, 252, 192})
}
func (s *TestSuite) Test256Secret_256Key(c *C) {
//when
test := DeriveConcatKDF(256, z, algId, partyUInfo, partyVInfo, arrays.UInt32ToBytes(256), nil, sha256.New())
//then
c.Assert(test, DeepEquals, []byte{190, 69, 15, 62, 38, 64, 30, 141, 208, 163, 55, 202, 18, 71, 176, 174, 114, 221, 249, 255, 207, 131, 190, 77, 12, 115, 220, 144, 102, 149, 78, 28})
}
func f(salt []byte, iterationCount, blockIndex int, prf hash.Hash) []byte {
prf.Reset()
prf.Write(salt)
prf.Write(arrays.UInt32ToBytes(uint32(blockIndex)))
u := prf.Sum(nil) // U_1 = PRF (P, S || INT (i))
result := u
for i := 2; i <= iterationCount; i++ {
prf.Reset()
prf.Write(u)
u = prf.Sum(nil) // U_c = PRF (P, U_{c-1}) .
result = arrays.Xor(result, u) // U_1 \xor U_2 \xor ... \xor U_c
}
return result
}
func prependDatalen(bytes []byte) []byte {
return arrays.Concat(arrays.UInt32ToBytes(uint32(len(bytes))), bytes)
}
func (alg *Ecdh) deriveKey(pubKey *ecdsa.PublicKey, privKey *ecdsa.PrivateKey, keySizeBits int, header map[string]interface{}) []byte {
var enc, apv, apu []byte
var err error
enc = []byte(header[alg.idHeader()].(string))
if a, ok := header["apv"].(string); !ok {
if apv, err = base64url.Decode(a); err != nil {
apv = nil
}
}
if a, ok := header["apu"].(string); !ok {
if apu, err = base64url.Decode(a); err != nil {
apu = nil
}
}
z, _ := pubKey.Curve.ScalarMult(pubKey.X, pubKey.Y, privKey.D.Bytes())
zBytes := padding.Align(z.Bytes(), privKey.Curve.Params().BitSize)
return kdf.DeriveConcatKDF(keySizeBits, zBytes, prependDatalen(enc), prependDatalen(apu), prependDatalen(apv), arrays.UInt32ToBytes(uint32(keySizeBits)), nil, sha256.New())
}