From e28b5f0a2efac31520f3b8c370fe0b8aced68488 Mon Sep 17 00:00:00 2001 From: Patrick Favre-Bulle Date: Tue, 20 Nov 2018 10:30:20 +0100 Subject: [PATCH] Update readme --- README.md | 16 +++++++++++++--- .../at/favre/lib/crypto/SingleStepKdfTest.java | 17 +++++++++++++++++ 2 files changed, 30 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 4a98b14..a0946ed 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Single Step KDF (NIST SP 800-56A) -WIP +This is an implementation of the single-step key derivation function as described in [NIST SP 800-56A revision 1, chapter 4](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr1.pdf). It is an unopinionated approach towards the subject, allowing all 3 options (message digest, hmac and kmac) as H function and leaving open the exact format of the `fixedInfo` parameter. [![Download](https://api.bintray.com/packages/patrickfav/maven/singlestep-kdf/images/download.svg)](https://bintray.com/patrickfav/maven/singlestep-kdf/_latestVersion) [![Build Status](https://travis-ci.org/patrickfav/singlestep-kdf.svg?branch=master)](https://travis-ci.org/patrickfav/singlestep-kdf) @@ -22,17 +22,27 @@ Add dependency to your `pom.xml`: A very simple example: ```java -TBD +// a shared secret provided by your protocol +byte[] sharedSecret = ... +// a salt; if you don't have access to a salt use SingleStepKdf.fromSha256() or similar +byte[] salt = ... +// other info to bind the key to the context, see the NIST spec for more detail +byte[] otherInfo = "macKey".getBytes(); +byte[] keyMaterial = SingleStepKdf.fromHmacSha256().derive(sharedSecret, 32, salt, otherInfo); +SecretKey secretKey = new SecretKeySpec(keyMaterial, "AES"); ``` ### Full Example +### Using with Message Digest (Option 1) ```java TBD ``` +### Using with HMAC (Option 2) + -### Using custom HMAC implementation +### Using custom Message Digest / HMAC implementation ```java TBD diff --git a/src/test/java/at/favre/lib/crypto/SingleStepKdfTest.java b/src/test/java/at/favre/lib/crypto/SingleStepKdfTest.java index e040994..a4a8f95 100644 --- a/src/test/java/at/favre/lib/crypto/SingleStepKdfTest.java +++ b/src/test/java/at/favre/lib/crypto/SingleStepKdfTest.java @@ -3,10 +3,27 @@ import at.favre.lib.bytes.Bytes; import org.junit.Test; +import javax.crypto.SecretKey; +import javax.crypto.spec.SecretKeySpec; + +import static org.junit.Assert.assertNotNull; import static org.junit.Assert.fail; public class SingleStepKdfTest { + @Test + public void quickstart() { + // a shared secret provided by your protocol + byte[] sharedSecret = Bytes.random(16).array(); + // a salt; if you don't have access to a salt use SingleStepKdf.fromSha256() or similar + byte[] salt = Bytes.random(16).array(); + // other info to bind the key to the context, see the NIST spec for more detail + byte[] otherInfo = "macKey".getBytes(); + byte[] keyMaterial = SingleStepKdf.fromHmacSha256().derive(sharedSecret, 32, salt, otherInfo); + SecretKey secretKey = new SecretKeySpec(keyMaterial, "AES"); + assertNotNull(secretKey); + } + @Test public void testIllegalOutLength() { SingleStepKdf kdf = SingleStepKdf.fromSha256();