This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 24838 - inconsistent references for HKDF-CTR
Summary: inconsistent references for HKDF-CTR
Status: RESOLVED FIXED
Alias: None
Product: Web Cryptography
Classification: Unclassified
Component: Web Cryptography API Document (show other bugs)
Version: unspecified
Hardware: PC All
: P2 normal
Target Milestone: ---
Assignee: Mark Watson
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-02-27 17:59 UTC by Mark Watson
Modified: 2014-03-05 02:03 UTC (History)
0 users

See Also:


Attachments

Description Mark Watson 2014-02-27 17:59:06 UTC
HKDF-CTR references RFC5869, NIST SP800-56C and NIST SP800-108.

These references specify different algorithms.

RFC5869 calculates output keying material as the concatenation of T(i) i=1, ..., N where T(i) = HMAC-Hash(PRK, T(i-1) | info | [i] ) where PRK is a key derived from the base key through an extraction step and [i] is a single octet representation of i.

By contrast, SP800-108 calculates the output keying material as the concatenation of K(i) i=1,...,N where K(i) := PRF(KI, [i] || Label || 0x00 || Context || [L] ) where KI is the key derivation key and [L] is the binary representation of the number of output bits.

Which reference should we use, or should we support both as separate algorithms ?
Comment 1 Mark Watson 2014-03-05 02:03:41 UTC
Aligning with SP 100-108 as per mailing list discussion

https://dvcs.w3.org/hg/webcrypto-api/rev/8f4969dfc115