From 2b2df22d75cc14f727e6c18e4e358c935d5f5f2f Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Mon, 14 Nov 2022 10:14:54 +0100
Subject: [PATCH] Added support for configurable HKDF.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 src/hsm/cmd_cipher_sym.c | 13 +++++++++++++
 src/hsm/oid.h            | 10 +++++++---
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/src/hsm/cmd_cipher_sym.c b/src/hsm/cmd_cipher_sym.c
index 73e8122..e0c440e 100644
--- a/src/hsm/cmd_cipher_sym.c
+++ b/src/hsm/cmd_cipher_sym.c
@@ -164,6 +164,19 @@ int cmd_cipher_sym() {
                 return SW_EXEC_ERROR();
             res_APDU_size = md_info->size;
         }
+        else if (memcmp(oid, OID_HKDF_SHA256, oid_len) == 0 || memcmp(oid, OID_HKDF_SHA384, oid_len) == 0 || memcmp(oid, OID_HKDF_SHA512, oid_len) == 0) {
+            const mbedtls_md_info_t *md_info = NULL;
+            if (memcmp(oid, OID_HKDF_SHA256, oid_len) == 0)
+                md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
+            else if (memcmp(oid, OID_HKDF_SHA384, oid_len) == 0)
+                md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA384);
+            else if (memcmp(oid, OID_HKDF_SHA512, oid_len) == 0)
+                md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512);
+            int r = mbedtls_hkdf(md_info, iv, iv_len, kdata, key_size, enc, enc_len, res_APDU, apdu.ne > 0 ? apdu.ne : apdu.nc);
+            mbedtls_platform_zeroize(kdata, sizeof(kdata));
+            if (r != 0)
+                return SW_EXEC_ERROR();
+        }
     }
     else {
         mbedtls_platform_zeroize(kdata, sizeof(kdata));
diff --git a/src/hsm/oid.h b/src/hsm/oid.h
index b055407..6906a8a 100644
--- a/src/hsm/oid.h
+++ b/src/hsm/oid.h
@@ -103,10 +103,15 @@
 #define OID_CC_FF_PKA                   OID_CC_FORMAT "\x03"
 #define OID_CC_FF_KDA                   OID_CC_FORMAT "\x04"
 
-#define OID_CHACHA20_POLY1305           "\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03\x12"
+#define OID_PKCS1_RSADSI                "\x2A\x86\x48\x86\xF7\x0D"
+#define OID_PKCS9_SMIME_ALG             OID_PKCS1_RSADSI "\x01\x09\x10\x03"
 
+#define OID_CHACHA20_POLY1305           OID_PKCS9_SMIME_ALG "\x12"
+#define OID_HKDF_SHA256                 OID_PKCS9_SMIME_ALG "\x1D"
+#define OID_HKDF_SHA384                 OID_PKCS9_SMIME_ALG "\x1E"
+#define OID_HKDF_SHA512                 OID_PKCS9_SMIME_ALG "\x1F"
 
-#define OID_HMAC                    "\x2A\x86\x48\x86\xF7\x0D\x02"
+#define OID_HMAC                    OID_PKCS1_RSADSI "\x02"
 
 #define OID_HMAC_SHA1               OID_HMAC "\x07"
 #define OID_HMAC_SHA224             OID_HMAC "\x08"
@@ -114,5 +119,4 @@
 #define OID_HMAC_SHA384             OID_HMAC "\x0A"
 #define OID_HMAC_SHA512             OID_HMAC "\x0B"
 
-
 #endif