Make CMAC KDF SP800-compliant by including zero Context

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/camellia-ccm@24086 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 16 insertions, 4 deletions

diff --git a/src/lib/crypto/krb/dk/derive.c b/src/lib/crypto/krb/dk/derive.c
index f560aa9..24dcb53 100644
--- a/src/lib/crypto/krb/dk/derive.c
+++ b/src/lib/crypto/krb/dk/derive.c
@@ -130,13 +130,16 @@ cleanup:
     return ret;
 }
 
+/*
+ * NIST SP800-108 KDF in feedback mode with CMAC as PRF
+ */
 static krb5_error_code
 derive_random_sp800_cmac(const struct krb5_enc_provider *enc,
                          krb5_key inkey, krb5_data *outrnd,
                          const krb5_data *in_constant)
 {
     size_t blocksize, keybytes, n;
-    krb5_crypto_iov iov[4];
+    krb5_crypto_iov iov[6];
     krb5_error_code ret;
     krb5_data prf;
     unsigned int i;
@@ -153,21 +156,30 @@ derive_random_sp800_cmac(const struct krb5_enc_provider *enc,
     if (ret)
         return ret;
 
-    /* NIST SP800-108 KDF in feedback mode with CMAC as PRF */
+    /* K(i-1) */
     iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
     iov[0].data = prf;
+    /* [i]2 */
     iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
     iov[1].data = make_data(ibuf, sizeof(ibuf));
+    /* Label */
     iov[2].flags = KRB5_CRYPTO_TYPE_DATA;
     iov[2].data = *in_constant;
+    /* 0x00 */
     iov[3].flags = KRB5_CRYPTO_TYPE_DATA;
-    iov[3].data = make_data(Lbuf, sizeof(Lbuf));
+    iov[3].data = make_data("", 1);
+    /* Context */
+    iov[4].flags = KRB5_CRYPTO_TYPE_DATA;
+    iov[4].data = empty_data();
+    /* [L]2 */
+    iov[5].flags = KRB5_CRYPTO_TYPE_DATA;
+    iov[5].data = make_data(Lbuf, sizeof(Lbuf));
     store_32_be(outrnd->length, Lbuf);
 
     for (i = 1, n = 0; n < keybytes; i++) {
         store_32_be(i, ibuf);
 
-        ret = krb5int_cmac_checksum(enc, inkey, iov, 4, &prf);
+        ret = krb5int_cmac_checksum(enc, inkey, iov, 6, &prf);
         if (ret)
             goto cleanup;