Merge pull request #228 from bigbrett/cmac-kdf

Add support for wolfCrypt CMAC KDF

Author: AlexLanzano

benchmark/bench_modules/wh_bench_mod_all.h

@@ -165,6 +165,12 @@ int wh_Bench_Mod_HmacSha3256Dma(whClientContext* client, whBenchOpContext* ctx,
 int wh_Bench_Mod_HkdfSha256(whClientContext* client, whBenchOpContext* ctx,
                             int id, void* params);
 
+/*
+ * CMAC KDF benchmark module prototypes (wh_bench_mod_cmac_kdf.c)
+ */
+int wh_Bench_Mod_CmacKdf(whClientContext* client, whBenchOpContext* ctx, int id,
+                         void* params);
+
 /*
  * ECC benchmark module prototypes (wh_bench_mod_ecc.c)
  */

benchmark/bench_modules/wh_bench_mod_cmac_kdf.c

@@ -0,0 +1,111 @@
+/*
+ * Copyright (C) 2025 wolfSSL Inc.
+ *
+ * This file is part of wolfHSM.
+ *
+ * wolfHSM is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfHSM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with wolfHSM.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "wh_bench_mod.h"
+#include "wolfhsm/wh_error.h"
+#include "wolfhsm/wh_client.h"
+#include "wolfhsm/wh_client_crypto.h"
+
+#include "wolfssl/wolfcrypt/cmac.h"
+#include "wolfssl/wolfcrypt/kdf.h"
+
+#if defined(WOLFHSM_CFG_BENCH_ENABLE)
+
+#if defined(HAVE_CMAC_KDF) && defined(WOLFSSL_CMAC)
+
+#define WH_BENCH_CMAC_KDF_OUT_SIZE 40
+
+static int _benchCmacKdf(whClientContext* client, whBenchOpContext* ctx, int id,
+                         int devId)
+{
+    /* Derivation inputs mirror the unit test vectors to provide realistic
+     * message sizes while keeping the benchmark deterministic. */
+    static const uint8_t cmacKdfSalt[] = {
+        0x20, 0x51, 0xaf, 0x34, 0x76, 0x2e, 0xbe, 0x55, 0x6f, 0x72, 0xa5, 0xc6,
+        0xed, 0xc7, 0x77, 0x1e, 0xb9, 0x24, 0x5f, 0xad, 0x76, 0xf0, 0x34, 0xbe};
+    static const uint8_t cmacKdfZ[] = {
+        0xae, 0x8e, 0x93, 0xc9, 0xc9, 0x91, 0xcf, 0x89, 0x6a, 0x49, 0x1a,
+        0x89, 0x07, 0xdf, 0x4e, 0x4b, 0xe5, 0x18, 0x6a, 0xe4, 0x96, 0xcd,
+        0x34, 0x0d, 0xc1, 0x9b, 0x23, 0x78, 0x21, 0xdb, 0x7b, 0x60};
+    static const uint8_t cmacKdfFixedInfo[] = {
+        0xa2, 0x59, 0xca, 0xe2, 0xc4, 0xa3, 0x6b, 0x89, 0x56, 0x3c, 0xb1, 0x48,
+        0xc7, 0x82, 0x51, 0x34, 0x3b, 0xbf, 0xab, 0xdc, 0x13, 0xca, 0x7a, 0xc2,
+        0x17, 0x1c, 0x2e, 0xb6, 0x02, 0x1f, 0x44, 0x77, 0xfe, 0xa3, 0x3b, 0x28,
+        0x72, 0x4d, 0xa7, 0x21, 0xee, 0x08, 0x7b, 0xff, 0xd7, 0x94, 0xa1, 0x56,
+        0x37, 0x54, 0xb4, 0x25, 0xa8, 0xd0, 0x9b, 0x3e, 0x0d, 0xa5, 0xff, 0xed};
+    static const uint8_t label[] = "cmac-kdf-bench";
+
+    int     ret = 0;
+    whKeyId keyId;
+    int     i;
+
+    (void)devId;
+
+    for (i = 0; i < WOLFHSM_CFG_BENCH_KG_ITERS && ret == 0; i++) {
+        int benchStartRet;
+        int benchStopRet;
+
+        keyId = WH_KEYID_ERASED;
+
+        benchStartRet = wh_Bench_StartOp(ctx, id);
+        ret           = wh_Client_CmacKdfMakeCacheKey(
+                      client, WH_KEYID_ERASED, cmacKdfSalt, (uint32_t)sizeof(cmacKdfSalt),
+                      WH_KEYID_ERASED, cmacKdfZ, (uint32_t)sizeof(cmacKdfZ),
+                      cmacKdfFixedInfo, (uint32_t)sizeof(cmacKdfFixedInfo), &keyId,
+                      WH_NVM_FLAGS_NONE, label, (uint32_t)sizeof(label),
+                      WH_BENCH_CMAC_KDF_OUT_SIZE);
+        benchStopRet = wh_Bench_StopOp(ctx, id);
+
+        if (benchStartRet != 0) {
+            WH_BENCH_PRINTF("Failed to wh_Bench_StartOp %d\n", benchStartRet);
+            ret = benchStartRet;
+            break;
+        }
+        if (ret != 0) {
+            WH_BENCH_PRINTF("Failed to wh_Client_CmacKdfMakeCacheKey %d\n",
+                            ret);
+            break;
+        }
+        if (benchStopRet != 0) {
+            WH_BENCH_PRINTF("Failed to wh_Bench_StopOp %d\n", benchStopRet);
+            ret = benchStopRet;
+            break;
+        }
+
+        /* Evict the cached key to free resources for next iteration */
+        ret = wh_Client_KeyEvict(client, keyId);
+        if (ret != 0) {
+            WH_BENCH_PRINTF("Failed to wh_Client_KeyEvict %d\n", ret);
+            break;
+        }
+    }
+
+    return ret;
+}
+
+int wh_Bench_Mod_CmacKdf(whClientContext* client, whBenchOpContext* ctx, int id,
+                         void* params)
+{
+    (void)params;
+    return _benchCmacKdf(client, ctx, id, WH_DEV_ID);
+}
+
+#endif /* HAVE_CMAC_KDF && WOLFSSL_CMAC */
+
+#endif /* WOLFHSM_CFG_BENCH_ENABLE */

benchmark/bench_modules/wh_bench_mod_hkdf.c

@@ -19,6 +19,8 @@
 
 #include "wh_bench_mod.h"
 #include "wolfhsm/wh_error.h"
+#include "wolfhsm/wh_client.h"
+#include "wolfhsm/wh_client_crypto.h"
 
 #if !defined(WOLFHSM_CFG_NO_CRYPTO) && defined(WOLFHSM_CFG_BENCH_ENABLE)
 #include "wolfssl/wolfcrypt/hmac.h"
@@ -44,24 +46,26 @@ static int _benchHkdf(whClientContext* client, whBenchOpContext* ctx, int id,
                                         0x0a, 0x0b, 0x0c};
     static const uint8_t hkdf_info[] = {0xf0, 0xf1, 0xf2, 0xf3, 0xf4,
                                         0xf5, 0xf6, 0xf7, 0xf8, 0xf9};
-
+    static const uint8_t label[]     = "hkdf-bench";
 
     int     ret = 0;
-    uint8_t okm[WH_BENCH_HKDF_OKM_SIZE];
+    whKeyId keyId;
     int     i;
 
-    (void)client;
+    (void)devId;
 
     for (i = 0; i < WOLFHSM_CFG_BENCH_KG_ITERS && ret == 0; i++) {
         int benchStartRet;
         int benchStopRet;
 
+        keyId = WH_KEYID_ERASED;
+
         benchStartRet = wh_Bench_StartOp(ctx, id);
-        ret          = wc_HKDF_ex(WC_SHA256, hkdf_ikm, (word32)sizeof(hkdf_ikm),
-                                  hkdf_salt, (word32)sizeof(hkdf_salt), hkdf_info,
-                                  (word32)sizeof(hkdf_info), okm, (word32)sizeof(okm),
-                                  NULL, /* heap */
-                                  devId);
+        ret           = wh_Client_HkdfMakeCacheKey(
+                      client, WC_SHA256, WH_KEYID_ERASED, hkdf_ikm,
+                      (uint32_t)sizeof(hkdf_ikm), hkdf_salt, (uint32_t)sizeof(hkdf_salt),
+                      hkdf_info, (uint32_t)sizeof(hkdf_info), &keyId, WH_NVM_FLAGS_NONE,
+                      label, (uint32_t)sizeof(label), WH_BENCH_HKDF_OKM_SIZE);
         benchStopRet = wh_Bench_StopOp(ctx, id);
 
         if (benchStartRet != 0) {
@@ -70,14 +74,21 @@ static int _benchHkdf(whClientContext* client, whBenchOpContext* ctx, int id,
             break;
         }
         if (ret != 0) {
-            WH_BENCH_PRINTF("Failed to wc_HKDF_ex %d\n", ret);
+            WH_BENCH_PRINTF("Failed to wh_Client_HkdfMakeCacheKey %d\n", ret);
             break;
         }
         if (benchStopRet != 0) {
             WH_BENCH_PRINTF("Failed to wh_Bench_StopOp %d\n", benchStopRet);
             ret = benchStopRet;
             break;
         }
+
+        /* Evict the cached key to free resources for next iteration */
+        ret = wh_Client_KeyEvict(client, keyId);
+        if (ret != 0) {
+            WH_BENCH_PRINTF("Failed to wh_Client_KeyEvict %d\n", ret);
+            break;
+        }
     }
 
     return ret;

benchmark/config/user_settings.h

@@ -157,6 +157,7 @@ extern "C" {
 
 /** Composite features */
 #define HAVE_HKDF
+#define HAVE_CMAC_KDF
 
 /* Remove unneeded crypto */
 #define NO_DSA

benchmark/wh_bench.c

@@ -167,6 +167,11 @@ typedef enum BenchModuleIdx {
     BENCH_MODULE_IDX_HKDF_SHA2_256,
 #endif /* HAVE_HKDF */
 
+/* CMAC KDF */
+#if defined(HAVE_CMAC_KDF) && defined(WOLFSSL_CMAC)
+    BENCH_MODULE_IDX_CMAC_KDF,
+#endif /* HAVE_CMAC_KDF && WOLFSSL_CMAC */
+
 /* ECC */
 #if defined(HAVE_ECC)
     BENCH_MODULE_IDX_ECC_P256_SIGN,
@@ -335,6 +340,11 @@ static BenchModule g_benchModules[] = {
     [BENCH_MODULE_IDX_HKDF_SHA2_256]           = {"HKDF-SHA2-256",               wh_Bench_Mod_HkdfSha256,            BENCH_THROUGHPUT_OPS, 0, NULL},
 #endif /* HAVE_HKDF */
 
+    /* CMAC KDF */
+#if defined(HAVE_CMAC_KDF) && defined(WOLFSSL_CMAC)
+    [BENCH_MODULE_IDX_CMAC_KDF]                = {"CMAC-KDF-AES",                wh_Bench_Mod_CmacKdf,               BENCH_THROUGHPUT_OPS, 0, NULL},
+#endif /* HAVE_CMAC_KDF && WOLFSSL_CMAC */
+
     /* ECC */
 #if defined(HAVE_ECC)
     [BENCH_MODULE_IDX_ECC_P256_SIGN]           = {"ECC-P256-SIGN",                wh_Bench_Mod_EccP256Sign,            BENCH_THROUGHPUT_OPS, 0, NULL},

benchmark/wh_bench_ops.h

@@ -26,7 +26,7 @@
 #include <stdint.h>
 
 /* Maximum number of operations that can be registered */
-#define MAX_BENCH_OPS 88
+#define MAX_BENCH_OPS 89
 /* Maximum length of operation name */
 #define MAX_OP_NAME 64
 

examples/demo/client/wh_demo_client_all.c

@@ -132,6 +132,23 @@ int wh_DemoClient_All(whClientContext* clientContext)
     }
 #endif /* HAVE_HKDF */
 
+#if defined(HAVE_CMAC_KDF) && defined(WOLFSSL_CMAC)
+    rc = wh_DemoClient_CryptoCmacKdfExport(clientContext);
+    if (rc != 0) {
+        return rc;
+    }
+
+    rc = wh_DemoClient_CryptoCmacKdfCache(clientContext);
+    if (rc != 0) {
+        return rc;
+    }
+
+    rc = wh_DemoClient_CryptoCmacKdfCacheInputs(clientContext);
+    if (rc != 0) {
+        return rc;
+    }
+#endif /* HAVE_CMAC_KDF && WOLFSSL_CMAC */
+
 #if defined(WOLFSSL_CMAC)
     rc = wh_DemoClient_CryptoCmac(clientContext);
     if (rc != 0) {