Template Function desfire::kdf_an10922(cmac_keychain const&, crypto&, mlab::bin_data&, std::array<std::uint8_t, NBlocks>)

Function Documentation

template<std::size_t BlockSize, std::size_t NBlocks>
key_body<BlockSize * NBlocks> desfire::kdf_an10922(cmac_keychain const &keychain, crypto &crypto, mlab::bin_data &diversify_input, std::array<std::uint8_t, NBlocks> data_prepend_const)

Generalized version of AN10922 key diversification protocol.

The KDF protocol described in AN10922 essentially works always in the same way.

  1. A max of (2 * block_size - 1) diversification data is in the input.

  2. Prepend a constant to it.

  3. Prepare data according to the CMAC procedure (cmac_keychain::prepare_cmac_data). This consists of padding with 80 00 .. 00 up to 2 * block_size, and XORing the last block with the appropriately derived key.

  4. The resulting data is passed through the CMAC in crypto::do_crypto

  5. The last block of encrypted data (which constitutes a CMAC) is used as diversified key.

  6. The procedure above is repeated with different constants for all the blocks that constitute a key, i.e. for three in 3K3DES, two in 2K3DES, one in AES128, and, well, theoretically generalizes to one for DES.

This function abstracts the whole procedure for the given number of blocks and block size. Does not set the version of the key, the caller is responsible for that.

Template Parameters:

  • BlockSize – Size of the cipher block in bytes. 8 for DES-derives, 16 for AES128.

  • NBlocks – Number of blocks constituting a key. 1 for AES128, 1 for DES, 2 for 2K3DES, 3 for 3K3DES.

Parameters:

  • keychain – Keychain object holding the subkeys for CMAC operations. Its cmac_keychain::block_size must match the template parameter BlockSize.

  • crypto – Cryptographic object on which the CMAC operation will be run.

  • diversify_input – Diversification input. At most 2 * BlockSize - 1 bytes wil be used. It will be modified by the operation.

  • data_prepend_const – Constants to prepend to each block process. These are specific to AN10922.

Returns:

A diversified key of length BlockSize * NBlocks.