Skip to content

Proposing a KMAC Mechanism #38

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Proposing a KMAC Mechanism #38

wants to merge 2 commits into from

Conversation

simo5
Copy link
Contributor

@simo5 simo5 commented Sep 11, 2025

This PR proposes mechanism for the implementation of KMAC as described in NIST Special Publication 800-185

Fixes #37

@simo5 simo5 force-pushed the KMAC branch 2 times, most recently from d9166f8 to 77866e9 Compare October 11, 2025 20:02
@simo5
KMAC Mechanism
125ec73 
Signed-off-by: Simo Sorce <[email protected]>
@simo5
Add SHAKE hashing mechanisms to spec
dc6f3ae 
This commit adds documentation for the CKM_SHAKE_128 and CKM_SHAKE_256
extensible-output hash mechanisms.

A new "SHAKE Hashing" section is added to define these mechanisms and their
use with the extensible output digesting functions (e.g., C_XoHashInit). The
main mechanism table has been updated to include these new definitions.

Signed-off-by: Simo Sorce <[email protected]>
@optnfast
Copy link

This design supports use of KMAC as a keyed XOF, but doesn't really suit its use as a MAC in an idiomatic way.

I think only a small change is needed to fix this

  • permit use with the C_Sign... and C_Verify... APIs
  • forbid ulMacLength = 0 with C_Sign... and C_Verify...

@simo5
Copy link
Contributor Author

simo5 commented Oct 16, 2025

This design supports use of KMAC as a keyed XOF, but doesn't really suit its use as a MAC in an idiomatic way.

I think only a small change is needed to fix this

* permit use with the `C_Sign...` and `C_Verify...`  APIs

* forbid `ulMacLength = 0` with `C_Sign...` and `C_Verify...`

So what you are saying is that you want to be able to use KMAC also through the C_sign/C_Verify interface but w/o XOF ?

@optnfast
Copy link

Yes, that's right.

The current implementation of KMAC in nShield HSMs functions purely as a MAC, using the native equivalents of the PKCS#11 C_Sign... and C_Verify... APIs. I'd like to be able to expose that functionality via PKCS#11.

The XOF-style interface isn't currently supported for KMAC in nShield (though it could be added, if there is demand for it).

@simo5
Copy link
Contributor Author

simo5 commented Oct 16, 2025

And the signature size output is fully determined by the ulMacLength mechanism parameter in your implementation ? Do you have any limitations on the maximum size of that value ?

@optnfast
Copy link

That's right. Currently we require the MAC tag to be between 8 and 4096 bytes.

  • The lower limit of 8 is based on a conservative reading of SP800-185.
  • The upper limit is (currently) arbitrary and could be expanded a bit if there is demand for more.

@simo5
Copy link
Contributor Author

simo5 commented Oct 16, 2025

That's right. Currently we require the MAC tag to be between 8 and 4096 bytes.

* The lower limit of 8 is based on a conservative reading of SP800-185.

* The upper limit is (currently) arbitrary and could be expanded a bit if there is demand for more.

Just trying to asses what language the spec should use for this field, in the both the XOF and non XOF case. I think I will add langauge that says that implementation may put limits on what is an acceptable value but I want to also provide a "safe" space for interoperability where implentations must support at least a certain range. 8-4096 sound like ok, but I think the spec should mandate something narrower as base line like 32-256 and leave it open to any other value.

@optnfast
Copy link

I'd suggest a baseline of 16-256, since 16-byte output from KMAC128 is a very reasonable thing to want. Apart from that, sounds good.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

PKCS#11 Prototype Project Board
Status: No Status

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add KMAC in PKCS#11 3.3

2 participants

@simo5 @optnfast