New KDF for crypto4

[romanstrobl]

Description

New universal KDF uses KMAC-256 defined as:

• byte[] Mac.kmac256(SecretKey key, byte[] data, byte[] custom, int outLength) where
  • key (K) is a key of any length
  • data (X) is the main input data. It may be of any length, including zero.
  • custom (S) is an optional customization string. Use UTF-8 to reinterpret string into bytes.
  • outLength (L) is an integer representing the requested output length in bytes.

Then KDF implementation is defined as:

• SecretKey KDF.derive(SecretKey key, long index, byte[] context = null, int outLength = 32)
  • key - is key to be derived
  • index - is numeric index to distinguish multiple keys.
  • context - optional byte array containing the information related to the derived keying material
  • outLength - integer representing the requested output length in bytes.
• Pseudocode:

    byte[] INDEX_BYTES = ByteUtils.encode(index);
  byte[] CTX;
  if (context != null) {
      CTX = ByteUtils.concat(INDEX_BYTES, ByteUtils.concatWithSizes(context));
  } else {
      CTX = INDEX_BYTES;
  }
  byte[] K_DERIVED = Mac.kmac256(key, CTX, "PA4KDF", outLength);

Cover the new KDF by tests.

Acceptance criteria

No response

Technical specification

No response

QA specification

No response

JIRA issue code

No response