Add support for HKDF offload

Author: bigbrett

src/wh_client_crypto.c

@@ -89,6 +89,16 @@ static int _RsaMakeKey(whClientContext* ctx, uint32_t size, uint32_t e,
                        whKeyId* inout_key_id, RsaKey* rsa);
 #endif
 
+#ifdef HAVE_HKDF
+/* Generate HKDF output on the server based on the flags */
+static int _HkdfMakeKey(whClientContext* ctx, int hashType,
+                        const uint8_t* inKey, uint32_t inKeySz,
+                        const uint8_t* salt, uint32_t saltSz,
+                        const uint8_t* info, uint32_t infoSz, whNvmFlags flags,
+                        uint32_t label_len, const uint8_t* label,
+                        whKeyId* inout_key_id, uint8_t* out, uint32_t outSz);
+#endif
+
 #ifdef HAVE_DILITHIUM
 /* Make a ML-DSA key on the server based on the flags */
 static int _MlDsaMakeKey(whClientContext* ctx, int size, int level,
@@ -2282,6 +2292,180 @@ int wh_Client_RsaGetSize(whClientContext* ctx, const RsaKey* key, int* out_size)
 
 #endif /* !NO_RSA */
 
+#ifdef HAVE_HKDF
+/* Internal helper function to generate HKDF output on the server */
+static int _HkdfMakeKey(whClientContext* ctx, int hashType,
+                        const uint8_t* inKey, uint32_t inKeySz,
+                        const uint8_t* salt, uint32_t saltSz,
+                        const uint8_t* info, uint32_t infoSz, whNvmFlags flags,
+                        uint32_t label_len, const uint8_t* label,
+                        whKeyId* inout_key_id, uint8_t* out, uint32_t outSz)
+{
+    int                           ret     = WH_ERROR_OK;
+    uint8_t*                      dataPtr = NULL;
+    whMessageCrypto_HkdfRequest*  req     = NULL;
+    whMessageCrypto_HkdfResponse* res     = NULL;
+    uint16_t                      group   = WH_MESSAGE_GROUP_CRYPTO;
+    uint16_t                      action  = WC_ALGO_TYPE_KDF;
+    whKeyId                       key_id  = WH_KEYID_ERASED;
+
+    if ((ctx == NULL) || (inKey == NULL)) {
+        return WH_ERROR_BADARGS;
+    }
+
+    /* Get data pointer from the context to use as request/response storage */
+    dataPtr = wh_CommClient_GetDataPtr(ctx->comm);
+    if (dataPtr == NULL) {
+        return WH_ERROR_BADARGS;
+    }
+
+    /* Setup generic header and get pointer to request data */
+    req = (whMessageCrypto_HkdfRequest*)_createCryptoRequest(dataPtr,
+                                                             WC_ALGO_TYPE_KDF);
+
+    /* Calculate request length including variable-length data */
+    uint16_t req_len = sizeof(whMessageCrypto_GenericRequestHeader) +
+                       sizeof(*req) + inKeySz + saltSz + infoSz;
+
+    /* Use the supplied key id if provided */
+    if (inout_key_id != NULL) {
+        key_id = *inout_key_id;
+    }
+
+    /* Populate request body */
+    req->flags    = flags;
+    req->keyId    = key_id;
+    req->hashType = hashType;
+    req->inKeySz  = inKeySz;
+    req->saltSz   = saltSz;
+    req->infoSz   = infoSz;
+    req->outSz    = outSz;
+
+    /* Copy label if provided */
+    if ((label != NULL) && (label_len > 0)) {
+        if (label_len > WH_NVM_LABEL_LEN) {
+            label_len = WH_NVM_LABEL_LEN;
+        }
+        memcpy(req->label, label, label_len);
+        if (label_len < WH_NVM_LABEL_LEN) {
+            req->label[label_len] = '\0';
+        }
+    }
+    else {
+        memset(req->label, 0, WH_NVM_LABEL_LEN);
+    }
+
+    /* Copy variable-length data after the request structure */
+    uint8_t* data_ptr = (uint8_t*)(req + 1);
+
+    /* Copy input key material */
+    memcpy(data_ptr, inKey, inKeySz);
+    data_ptr += inKeySz;
+
+    /* Copy salt if provided */
+    if (salt != NULL && saltSz > 0) {
+        memcpy(data_ptr, salt, saltSz);
+        data_ptr += saltSz;
+    }
+
+    /* Copy info if provided */
+    if (info != NULL && infoSz > 0) {
+        memcpy(data_ptr, info, infoSz);
+    }
+
+    /* Send Request */
+    ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr);
+
+#ifdef DEBUG_CRYPTOCB_VERBOSE
+    printf("HKDF Req sent: hashType:%d inKeySz:%u saltSz:%u infoSz:%u outSz:%u "
+           "ret:%d\n",
+           req->hashType, req->inKeySz, req->saltSz, req->infoSz, req->outSz,
+           ret);
+#endif
+
+    if (ret == 0) {
+        uint16_t res_len = 0;
+        do {
+            ret =
+                wh_Client_RecvResponse(ctx, &group, &action, &res_len, dataPtr);
+        } while (ret == WH_ERROR_NOTREADY);
+
+#ifdef DEBUG_CRYPTOCB_VERBOSE
+        printf("HKDF Res recv: ret:%d, res_len: %u\n", ret, res_len);
+#endif
+
+        if (ret == WH_ERROR_OK) {
+            /* Get response structure pointer, validates generic header rc */
+            ret =
+                _getCryptoResponse(dataPtr, WC_ALGO_TYPE_KDF, (uint8_t**)&res);
+        }
+
+        if (ret == WH_ERROR_OK) {
+            /* Key is cached on server or is ephemeral */
+            key_id = (whKeyId)(res->keyId);
+
+            /* Update output variable if requested */
+            if (inout_key_id != NULL) {
+                *inout_key_id = key_id;
+            }
+
+            /* Copy output key material if output buffer provided */
+            if (out != NULL) {
+                if (res->outSz <= outSz) {
+                    uint8_t* hkdf_out = (uint8_t*)(res + 1);
+                    memcpy(out, hkdf_out, res->outSz);
+
+#ifdef DEBUG_CRYPTOCB_VERBOSE
+                    printf("[client] %s Set key_id:%x with flags:%x outSz:%u\n",
+                           __func__, key_id, flags, res->outSz);
+#endif
+                }
+                else {
+                    /* Server returned more than we can handle - error */
+                    ret = WH_ERROR_ABORTED;
+                }
+            }
+        }
+    }
+    return ret;
+}
+
+int wh_Client_HkdfMakeCacheKey(whClientContext* ctx, int hashType,
+                               const uint8_t* inKey, uint32_t inKeySz,
+                               const uint8_t* salt, uint32_t saltSz,
+                               const uint8_t* info, uint32_t infoSz,
+                               whKeyId* inout_key_id, whNvmFlags flags,
+                               const uint8_t* label, uint32_t label_len,
+                               uint32_t outSz)
+{
+    /* Valid ctx and keyid ptr are required in this form */
+    if ((ctx == NULL) || (inout_key_id == NULL)) {
+        return WH_ERROR_BADARGS;
+    }
+
+    return _HkdfMakeKey(ctx, hashType, inKey, inKeySz, salt, saltSz, info,
+                        infoSz, flags, label_len, label, inout_key_id, NULL,
+                        outSz);
+}
+
+int wh_Client_HkdfMakeExportKey(whClientContext* ctx, int hashType,
+                                const uint8_t* inKey, uint32_t inKeySz,
+                                const uint8_t* salt, uint32_t saltSz,
+                                const uint8_t* info, uint32_t infoSz,
+                                uint8_t* out, uint32_t outSz)
+{
+    /* Valid ctx and out are required for this form */
+    if ((ctx == NULL) || (out == NULL)) {
+        return WH_ERROR_BADARGS;
+    }
+
+    return _HkdfMakeKey(ctx, hashType, inKey, inKeySz, salt, saltSz, info,
+                        infoSz, WH_NVM_FLAGS_EPHEMERAL, 0, NULL, NULL, out,
+                        outSz);
+}
+
+#endif /* HAVE_HKDF */
+
 #ifndef NO_AES
 int wh_Client_AesSetKeyId(Aes* key, whNvmId keyId)
 {

src/wh_client_cryptocb.c

@@ -464,6 +464,33 @@ int wh_Client_CryptoCb(int devId, wc_CryptoInfo* info, void* inCtx)
         }
     } break; /* case WC_ALGO_TYPE_HASH */
 
+#ifdef HAVE_HKDF
+    case WC_ALGO_TYPE_KDF: {
+        /* Handle different KDF types */
+        switch (info->kdf.type) {
+            case WC_KDF_TYPE_HKDF: {
+                /* Extract HKDF-specific parameters */
+                int         hashType = info->kdf.hkdf.hashType;
+                const byte* inKey    = info->kdf.hkdf.inKey;
+                word32      inKeySz  = info->kdf.hkdf.inKeySz;
+                const byte* salt     = info->kdf.hkdf.salt;
+                word32      saltSz   = info->kdf.hkdf.saltSz;
+                const byte* kdf_info = info->kdf.hkdf.info;
+                word32      infoSz   = info->kdf.hkdf.infoSz;
+                byte*       out      = info->kdf.hkdf.out;
+                word32      outSz    = info->kdf.hkdf.outSz;
+
+                ret = wh_Client_HkdfMakeExportKey(ctx, hashType, inKey, inKeySz,
+                                                  salt, saltSz, kdf_info,
+                                                  infoSz, out, outSz);
+            } break;
+            default:
+                ret = CRYPTOCB_UNAVAILABLE;
+                break;
+        }
+    } break; /* case WC_ALGO_TYPE_KDF */
+#endif       /* HAVE_HKDF */
+
     case WC_ALGO_TYPE_NONE:
     default:
         ret = CRYPTOCB_UNAVAILABLE;

src/wh_message_crypto.c

@@ -273,6 +273,41 @@ int wh_MessageCrypto_TranslateRsaGetSizeResponse(
     return 0;
 }
 
+/* HKDF Request translation */
+int wh_MessageCrypto_TranslateHkdfRequest(
+    uint16_t magic, const whMessageCrypto_HkdfRequest* src,
+    whMessageCrypto_HkdfRequest* dest)
+{
+    if ((src == NULL) || (dest == NULL)) {
+        return WH_ERROR_BADARGS;
+    }
+    WH_T32(magic, dest, src, flags);
+    WH_T32(magic, dest, src, keyId);
+    WH_T32(magic, dest, src, hashType);
+    WH_T32(magic, dest, src, inKeySz);
+    WH_T32(magic, dest, src, saltSz);
+    WH_T32(magic, dest, src, infoSz);
+    WH_T32(magic, dest, src, outSz);
+    /* Label is just a byte array, no translation needed */
+    if (src != dest) {
+        memcpy(dest->label, src->label, WH_NVM_LABEL_LEN);
+    }
+    return 0;
+}
+
+/* HKDF Response translation */
+int wh_MessageCrypto_TranslateHkdfResponse(
+    uint16_t magic, const whMessageCrypto_HkdfResponse* src,
+    whMessageCrypto_HkdfResponse* dest)
+{
+    if ((src == NULL) || (dest == NULL)) {
+        return WH_ERROR_BADARGS;
+    }
+    WH_T32(magic, dest, src, keyId);
+    WH_T32(magic, dest, src, outSz);
+    return 0;
+}
+
 /* ECC Key Generation Request translation */
 int wh_MessageCrypto_TranslateEccKeyGenRequest(
     uint16_t magic, const whMessageCrypto_EccKeyGenRequest* src,