chipsalliance · mtimkovich · Nov 15, 2024 · Nov 15, 2024
@@ -32,21 +32,23 @@ use caliptra_error::CaliptraResult;
 ///               the label and context.
 /// * `trng` - TRNG driver instance
 /// * `output` - Location to store the output
+/// * `mode` - HMAC Mode
 #[cfg_attr(not(feature = "no-cfi"), cfi_mod_fn)]
-pub fn hmac384_kdf(
+pub fn hmac_kdf(
     hmac: &mut Hmac,
     key: HmacKey,
     label: &[u8],
     context: Option<&[u8]>,
     trng: &mut Trng,
     output: HmacTag,
+    mode: HmacMode,
 ) -> CaliptraResult<()> {
     #[cfg(feature = "fips-test-hooks")]
     unsafe {
         crate::FipsTestHook::error_if_hook_set(crate::FipsTestHook::HMAC384_FAILURE)?
     }
 
-    let mut hmac_op = hmac.hmac_init(&key, trng, output, HmacMode::Hmac384)?;
+    let mut hmac_op = hmac.hmac_init(&key, trng, output, mode)?;
 
     hmac_op.update(&1_u32.to_be_bytes())?;
     hmac_op.update(label)?;

@@ -77,7 +77,7 @@ pub use fuse_bank::{
 };
 pub use hand_off::FirmwareHandoffTable;
 pub use hmac::{Hmac, HmacData, HmacKey, HmacMode, HmacOp, HmacTag};
-pub use hmac384_kdf::hmac384_kdf;
+pub use hmac384_kdf::hmac_kdf;
 pub use key_vault::{KeyId, KeyUsage, KeyVault};
 pub use kv_access::{KeyReadArgs, KeyWriteArgs};
 pub use lms::{

@@ -17,7 +17,7 @@ Abstract:
 
 use caliptra_cfi_lib::CfiCounter;
 use caliptra_drivers::{
-    hmac384_kdf, Array4x12, Array4x16, Ecc384, Ecc384PrivKeyOut, Ecc384Scalar, Ecc384Seed, Hmac,
+    hmac_kdf, Array4x12, Array4x16, Ecc384, Ecc384PrivKeyOut, Ecc384Scalar, Ecc384Seed, Hmac,
     HmacMode, KeyId, KeyReadArgs, KeyUsage, KeyWriteArgs, Trng,
 };
 use caliptra_kat::Hmac384KdfKat;
@@ -406,7 +406,7 @@ fn test_hmac5() {
     assert_eq!(hmac_step_1, hmac_step_2);
 }
 
-fn test_kdf(
+fn test_kdf_hmac384(
     key_0: &[u8; 48],
     msg_0: &[u8],
     label: &[u8],
@@ -445,13 +445,14 @@ fn test_kdf(
 
     let kdf_out = KeyWriteArgs::new(KeyId::KeyId1, KeyUsage::default().set_ecc_key_gen_seed_en());
 
-    hmac384_kdf(
+    hmac_kdf(
         &mut hmac384,
         kdf_key_in.into(),
         label,
         context,
         &mut trng,
         kdf_out.into(),
+        HmacMode::Hmac384,
     )
     .unwrap();
 
@@ -471,7 +472,7 @@ fn test_kdf(
 }
 
 // context_len = 48
-fn test_kdf0() {
+fn test_kdf0_hmac384() {
     let key_0 = [
         0x9e, 0x2c, 0xce, 0xc7, 0x00, 0x16, 0x1e, 0x42, 0xff, 0x0e, 0x13, 0x8c, 0x48, 0x89, 0xe4,
         0xd6, 0xa0, 0x88, 0x8d, 0x13, 0x1d, 0x58, 0xcb, 0x44, 0xf5, 0xe2, 0x92, 0x47, 0x59, 0x64,
@@ -504,7 +505,7 @@ fn test_kdf0() {
         0xcb, 0x13, 0x18,
     ];
 
-    test_kdf(
+    test_kdf_hmac384(
         &key_0,
         &msg_0,
         &label,
@@ -515,7 +516,7 @@ fn test_kdf0() {
 }
 
 // context_len = 0
-fn test_kdf1() {
+fn test_kdf1_hmac384() {
     let key_0 = [
         0xd3, 0x45, 0xe5, 0x14, 0x19, 0xda, 0xc6, 0x9c, 0x70, 0xc8, 0x22, 0x71, 0xe9, 0x12, 0x28,
         0x58, 0x65, 0x64, 0x16, 0xc9, 0x92, 0xf3, 0xda, 0x58, 0x5a, 0xca, 0x96, 0xe5, 0x99, 0x29,
@@ -542,11 +543,11 @@ fn test_kdf1() {
         0x9a, 0xa4, 0x19,
     ];
 
-    test_kdf(&key_0, &msg_0, &label, None, &out_pub_x, &out_pub_y);
+    test_kdf_hmac384(&key_0, &msg_0, &label, None, &out_pub_x, &out_pub_y);
 }
 
 // Test using a NIST vector.
-fn test_kdf2() {
+fn test_kdf2_hmac384() {
     let mut hmac384 = unsafe { Hmac::new(HmacReg::new()) };
     let mut trng = unsafe {
         Trng::new(
@@ -578,19 +579,114 @@ fn test_kdf2() {
 
     let mut out_buf = Array4x12::default();
 
-    hmac384_kdf(
+    hmac_kdf(
         &mut hmac384,
         (&Array4x12::from(&key)).into(),
         &label,
         None,
         &mut trng,
         (&mut out_buf).into(),
+        HmacMode::Hmac384,
     )
     .unwrap();
 
     assert_eq!(<[u8; 48]>::from(out_buf)[..out.len()], out);
 }
 
+fn test_kdf0_hmac512() {
+    let mut hmac = unsafe { Hmac::new(HmacReg::new()) };
+    let mut trng = unsafe {
+        Trng::new(
+            CsrngReg::new(),
+            EntropySrcReg::new(),
+            SocIfcTrngReg::new(),
+            &SocIfcReg::new(),
+        )
+        .unwrap()
+    };
+
+    let key = [
+        0x0f, 0xf2, 0xc2, 0x79, 0x65, 0x3a, 0x7b, 0x95, 0x4a, 0xfb, 0x00, 0x96, 0xc2, 0xb1, 0x6e,
+        0x59, 0x1f, 0xa3, 0x2e, 0xef, 0x39, 0xed, 0xd8, 0x14, 0x1c, 0x65, 0x13, 0xd6, 0xdc, 0x6c,
+        0x08, 0x63, 0xaf, 0x0e, 0x94, 0xbf, 0xd5, 0x7b, 0x17, 0x81, 0x7c, 0xd1, 0x03, 0x8f, 0x37,
+        0x63, 0x9c, 0xf8, 0xd6, 0x38, 0x71, 0xae, 0xf4, 0x6e, 0xe8, 0x19, 0x47, 0x52, 0x6b, 0xc5,
+        0x45, 0x4c, 0x13, 0xf2,
+    ];
+    let label = [
+        0x16, 0xee, 0x1d, 0xae, 0xf6, 0xa0, 0x31, 0x6a, 0xa0, 0x46, 0x76, 0x46, 0xc5, 0x21, 0xfa,
+        0x30, 0x16, 0x5f, 0xe3, 0x36, 0xb2, 0x49, 0x60, 0x0f, 0x1e, 0x56, 0x5d, 0x28, 0x7b, 0x97,
+        0x01, 0x80, 0x33, 0xe2, 0xba, 0xd4, 0x5d, 0x76, 0xc6, 0x68, 0x5d, 0x77, 0x33, 0x9b, 0x27,
+        0xeb, 0xdd, 0x9c, 0xce, 0x1b, 0x34, 0xc1, 0xe4, 0x61, 0x9a, 0x97, 0x77, 0x4d, 0x94, 0xe7,
+    ];
+    let out = [
+        0xbc, 0x0e, 0x3c, 0xb2, 0xb7, 0x8b, 0xd9, 0xd6, 0xe2, 0xec, 0x54, 0x46, 0x72, 0xad, 0xbe,
+        0x44, 0x39, 0x8f, 0xdb, 0xa7, 0xef, 0x33, 0x2f, 0x1c, 0x42, 0x35, 0xc1, 0x04, 0xca, 0x32,
+        0xec, 0x00, 0xfb, 0x47, 0xd4, 0x72, 0x09, 0xe1, 0x51, 0x97,
+    ];
+
+    let mut out_buf = Array4x16::default();
+
+    hmac_kdf(
+        &mut hmac,
+        (&Array4x16::from(&key)).into(),
+        &label,
+        None,
+        &mut trng,
+        (&mut out_buf).into(),
+        HmacMode::Hmac512,
+    )
+    .unwrap();
+
+    assert_eq!(<[u8; 64]>::from(out_buf)[..out.len()], out);
+}
+
+fn test_kdf1_hmac512() {
+    let mut hmac = unsafe { Hmac::new(HmacReg::new()) };
+    let mut trng = unsafe {
+        Trng::new(
+            CsrngReg::new(),
+            EntropySrcReg::new(),
+            SocIfcTrngReg::new(),
+            &SocIfcReg::new(),
+        )
+        .unwrap()
+    };
+
+    let key = [
+        0xa9, 0xf4, 0xa2, 0xc5, 0xaf, 0x83, 0x98, 0x67, 0xf5, 0xdb, 0x5a, 0x1e, 0x52, 0x0a, 0xb3,
+        0xcc, 0xa7, 0x2a, 0x16, 0x6c, 0xa6, 0x0d, 0xe5, 0x12, 0xfd, 0x7f, 0xe7, 0xe6, 0x4c, 0xf9,
+        0x4f, 0x92, 0xcf, 0x1d, 0x8b, 0x63, 0x61, 0x75, 0xf2, 0x93, 0xe0, 0x03, 0x27, 0x5e, 0x02,
+        0x10, 0x18, 0xc3, 0xf0, 0xed, 0xe4, 0x95, 0x99, 0x7a, 0x50, 0x5e, 0xc9, 0xa2, 0xaf, 0xeb,
+        0x04, 0x95, 0xbe, 0x57,
+    ];
+    let label = [
+        0x8e, 0x9d, 0xb3, 0x33, 0x57, 0x79, 0xdb, 0x68, 0x8b, 0xcf, 0xe0, 0x96, 0x66, 0x8d, 0x9c,
+        0x3b, 0xc6, 0x4e, 0x19, 0x3e, 0x35, 0x29, 0xc4, 0x30, 0xe6, 0x8d, 0x09, 0xd5, 0x6c, 0x83,
+        0x7d, 0xd6, 0xc0, 0xf9, 0x46, 0x78, 0xf1, 0x21, 0xa6, 0x8e, 0xe1, 0xfe, 0xea, 0x47, 0x35,
+        0xda, 0x85, 0xa4, 0x9d, 0x34, 0xa5, 0x29, 0x0a, 0xa3, 0x9f, 0x7b, 0x40, 0xde, 0x43, 0x5f,
+    ];
+    let out = [
+        0x6d, 0xb8, 0x80, 0xda, 0xac, 0x98, 0xb0, 0x78, 0xee, 0x38, 0x9a, 0x21, 0x64, 0x25, 0x2d,
+        0xed, 0x61, 0x32, 0x2d, 0x66, 0x1e, 0x2b, 0x49, 0x24, 0x7e, 0xa9, 0x21, 0xe5, 0x44, 0x67,
+        0x5d, 0x8f, 0x17, 0xaf, 0x2b, 0xf6, 0x6d, 0xd4, 0x0d, 0x81,
+    ];
+
+    let mut out_buf = Array4x16::default();
+
+    hmac_kdf(
+        &mut hmac,
+        (&Array4x16::from(&key)).into(),
+        &label,
+        None,
+        &mut trng,
+        (&mut out_buf).into(),
+        HmacMode::Hmac512,
+    )
+    .unwrap();
+
+    assert_eq!(<[u8; 64]>::from(out_buf)[..out.len()], out);
+}
+
 fn test_hmac_multi_block() {
     let mut hmac384 = unsafe { Hmac::new(HmacReg::new()) };
     let mut trng = unsafe {
@@ -1015,9 +1111,11 @@ test_suite! {
     test_hmac4,
     test_hmac_kv_multiblock,
     test_hmac5,
-    test_kdf0,
-    test_kdf1,
-    test_kdf2,
+    test_kdf0_hmac384,
+    test_kdf1_hmac384,
+    test_kdf2_hmac384,
+    test_kdf0_hmac512,
+    test_kdf1_hmac512,
     test_hmac_multi_block,
     test_hmac_exact_single_block,
     test_hmac_multi_block_two_step,

@@ -9,9 +9,7 @@ use crate::fmc_env::FmcEnv;
 use caliptra_cfi_derive::cfi_impl_fn;
 use caliptra_common::{crypto::Ecc384KeyPair, keyids::KEY_ID_TMP};
 use caliptra_drivers::{
-    hmac384_kdf, okref, Array4x12, Array4x5, Array4x8, CaliptraResult, Ecc384PrivKeyIn,
-    Ecc384PrivKeyOut, Ecc384PubKey, Ecc384Result, Ecc384Signature, KeyId, KeyReadArgs, KeyUsage,
-    KeyWriteArgs, Sha256Alg,
+    hmac_kdf, okref, Array4x12, Array4x5, Array4x8, CaliptraResult, Ecc384PrivKeyIn, Ecc384PrivKeyOut, Ecc384PubKey, Ecc384Result, Ecc384Signature, HmacMode, KeyId, KeyReadArgs, KeyUsage, KeyWriteArgs, Sha256Alg
 };
 
 pub enum Crypto {}
@@ -78,8 +76,9 @@ impl Crypto {
         label: &[u8],
         context: Option<&[u8]>,
         output: KeyId,
+        mode: HmacMode
     ) -> CaliptraResult<()> {
-        hmac384_kdf(
+        hmac_kdf(
             &mut env.hmac384,
             KeyReadArgs::new(key).into(),
             label,
@@ -92,6 +91,7 @@ impl Crypto {
                     .set_ecc_key_gen_seed_en(),
             )
             .into(),
+            mode,
         )
     }
 
@@ -114,7 +114,7 @@ impl Crypto {
         label: &[u8],
         priv_key: KeyId,
     ) -> CaliptraResult<Ecc384KeyPair> {
-        Crypto::hmac384_kdf(env, cdi, label, None, KEY_ID_TMP)?;
+        Crypto::hmac384_kdf(env, cdi, label, None, KEY_ID_TMP, HmacMode::Hmac384,)?;
 
         let key_out = Ecc384PrivKeyOut::Key(KeyWriteArgs::new(
             priv_key,

@@ -28,8 +28,7 @@ use caliptra_common::crypto::Ecc384KeyPair;
 use caliptra_common::keyids::{KEY_ID_RT_CDI, KEY_ID_RT_PRIV_KEY, KEY_ID_TMP};
 use caliptra_common::HexBytes;
 use caliptra_drivers::{
-    okref, report_boot_status, CaliptraError, CaliptraResult, Ecc384Result, KeyId, PersistentData,
-    ResetReason,
+    okref, report_boot_status, CaliptraError, CaliptraResult, Ecc384Result, HmacMode, KeyId, PersistentData, ResetReason
 };
 use caliptra_x509::{NotAfter, NotBefore, RtAliasCertTbs, RtAliasCertTbsParams};
 
@@ -252,7 +251,7 @@ impl RtAliasLayer {
         tci[SHA384_HASH_SIZE..2 * SHA384_HASH_SIZE].copy_from_slice(&image_manifest_digest);
 
         // Permute CDI from FMC TCI
-        Crypto::hmac384_kdf(env, fmc_cdi, b"rt_alias_cdi", Some(&tci), rt_cdi)?;
+        Crypto::hmac384_kdf(env, fmc_cdi, b"rt_alias_cdi", Some(&tci), rt_cdi, HmacMode::Hmac384,)?;
         report_boot_status(FmcBootStatus::RtAliasDeriveCdiComplete as u32);
         Ok(())
     }

@@ -12,7 +12,7 @@ Abstract:
 
 --*/
 
-use caliptra_drivers::{hmac384_kdf, Array4x12, CaliptraError, CaliptraResult, Hmac, Trng};
+use caliptra_drivers::{hmac_kdf, Array4x12, CaliptraError, CaliptraResult, Hmac, HmacMode, Trng};
 
 const KEY: Array4x12 = Array4x12::new([
     0xb57dc523, 0x54afee11, 0xedb4c905, 0x2a528344, 0x348b2c6b, 0x6c39f321, 0x33ed3bb7, 0x2035a4ab,
@@ -67,7 +67,7 @@ impl Hmac384KdfKat {
     fn kat_nist_vector(&self, hmac: &mut Hmac, trng: &mut Trng) -> CaliptraResult<()> {
         let mut out = Array4x12::default();
 
-        hmac384_kdf(hmac, (&KEY).into(), &LABEL, None, trng, (&mut out).into())
+        hmac_kdf(hmac, (&KEY).into(), &LABEL, None, trng, (&mut out).into(), HmacMode::Hmac384,)
             .map_err(|_| CaliptraError::KAT_HMAC384_FAILURE)?;
 
         if EXPECTED_OUT != <[u8; 48]>::from(out)[..EXPECTED_OUT.len()] {

@@ -137,7 +137,7 @@ impl Crypto {
         )
     }
 
-    /// Calculate HMAC-348 KDF
+    /// Calculate HMAC KDF
     ///
     /// # Arguments
     ///
@@ -146,15 +146,17 @@ impl Crypto {
     /// * `label` - Input label
     /// * `context` - Input context
     /// * `output` - Key slot to store the output
+    /// * `mode` - HMAC Mode
     #[inline(always)]
-    pub fn hmac384_kdf(
+    pub fn hmac_kdf(
         env: &mut RomEnv,
         key: KeyId,
         label: &[u8],
         context: Option<&[u8]>,
         output: KeyId,
+        mode: HmacMode
     ) -> CaliptraResult<()> {
-        hmac384_kdf(
+        hmac_kdf(
             &mut env.hmac384,
             KeyReadArgs::new(key).into(),
             label,
@@ -167,6 +169,7 @@ impl Crypto {
                     .set_ecc_key_gen_seed_en(),
             )
             .into(),
+            mode,
         )
     }
 
@@ -188,7 +191,7 @@ impl Crypto {
         label: &[u8],
         priv_key: KeyId,
     ) -> CaliptraResult<Ecc384KeyPair> {
-        Crypto::hmac384_kdf(env, cdi, label, None, KEY_ID_TMP)?;
+        Crypto::hmac_kdf(env, cdi, label, None, KEY_ID_TMP, HmacMode::Hmac512,)?;
 
         let key_out = Ecc384PrivKeyOut::Key(KeyWriteArgs::new(
             priv_key,
@@ -260,8 +263,7 @@ impl Crypto {
         key_pair_seed: KeyId,
     ) -> CaliptraResult<MlDsaKeyPair> {
         // Generate the seed for key pair generation.
-        // [CAP2][TODO] Change this to hmac512_kdfwhen available.
-        Crypto::hmac384_kdf(env, cdi, label, None, key_pair_seed)?;
+        Crypto::hmac_kdf(env, cdi, label, None, key_pair_seed, HmacMode::Hmac512,)?;
 
         // Generate the public key.
         let pub_key = env

@@ -31,7 +31,7 @@ use caliptra_common::keyids::{
 };
 use caliptra_common::pcr::PCR_ID_FMC_CURRENT;
 use caliptra_common::RomBootStatus::*;
-use caliptra_drivers::{okmutref, report_boot_status, Array4x12, CaliptraResult, KeyId, Lifecycle};
+use caliptra_drivers::{okmutref, report_boot_status, Array4x12, CaliptraResult, HmacMode, KeyId, Lifecycle};
 use caliptra_x509::{FmcAliasCertTbs, FmcAliasCertTbsParams};
 use zeroize::Zeroize;
 
@@ -111,7 +111,7 @@ impl FmcAliasLayer {
     fn derive_cdi(env: &mut RomEnv, measurements: &Array4x12, cdi: KeyId) -> CaliptraResult<()> {
         let mut measurements: [u8; 48] = measurements.into();
 
-        let result = Crypto::hmac384_kdf(env, cdi, b"fmc_alias_cdi", Some(&measurements), cdi);
+        let result = Crypto::hmac_kdf(env, cdi, b"fmc_alias_cdi", Some(&measurements), cdi, HmacMode::Hmac512,);
         measurements.zeroize();
         result?;
         report_boot_status(FmcAliasDeriveCdiComplete.into());

@@ -183,7 +183,7 @@ impl InitDevIdLayer {
     /// * `cdi` - Key Slot to store the generated CDI
     #[cfg_attr(not(feature = "no-cfi"), cfi_impl_fn)]
     fn derive_cdi(env: &mut RomEnv, uds: KeyId, cdi: KeyId) -> CaliptraResult<()> {
-        Crypto::hmac384_kdf(env, uds, b"idevid_cdi", None, cdi)?;
+        Crypto::hmac_kdf(env, uds, b"idevid_cdi", None, cdi, HmacMode::Hmac512)?;
 
         cprintln!("[idev] Erasing UDS.KEYID = {}", uds as u8);
         env.key_vault.erase_key(uds)?;