Skip to content

Use standardized KDF with retry #5193

New issue
New issue
Open
Task
Open
Use standardized KDF with retry#5193
Task
Assignees
anrossi
Labels
Area: CoreRelated to the shared, core protocol logicArea: SecurityRelated to security or quality testing
Milestone
 
Release 2.5
@anrossi

Description

@anrossi
anrossi
opened on Jun 28, 2025

Stateless retry keys are generated using a non-standard KDF.
Use a standardized KDF, SP800-108 Hashed Counter, to generate the key.

This work will involve exposing a new crypto API through the CXPLAT interface, for both bcrypt and libcrypto (openSSL), which perform this functionality.

Metadata

Metadata

Assignees

Labels

Area: CoreRelated to the shared, core protocol logicArea: SecurityRelated to security or quality testing

Type

Projects

DPT Iteration Tracker

Status

Planned

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions