Botan::SP800_108_Pipeline Class Reference

#include <sp800_108.h>

Inheritance diagram for Botan::SP800_108_Pipeline:

Public Member Functions
KDF *	clone () const override
secure_vector< uint8_t >	derive_key (size_t key_len, const uint8_t secret[], size_t secret_len, const uint8_t salt[], size_t salt_len, const uint8_t label[]=nullptr, size_t label_len=0) const
secure_vector< uint8_t >	derive_key (size_t key_len, const secure_vector< uint8_t > &secret, const std::string &salt="", const std::string &label="") const
template<typename Alloc , typename Alloc2 , typename Alloc3 >
secure_vector< uint8_t >	derive_key (size_t key_len, const std::vector< uint8_t, Alloc > &secret, const std::vector< uint8_t, Alloc2 > &salt, const std::vector< uint8_t, Alloc3 > &label) const
secure_vector< uint8_t >	derive_key (size_t key_len, const secure_vector< uint8_t > &secret, const uint8_t salt[], size_t salt_len, const std::string &label="") const
secure_vector< uint8_t >	derive_key (size_t key_len, const uint8_t secret[], size_t secret_len, const std::string &salt="", const std::string &label="") const
size_t	kdf (uint8_t key[], size_t key_len, const uint8_t secret[], size_t secret_len, const uint8_t salt[], size_t salt_len, const uint8_t label[], size_t label_len) const override
std::string	name () const override
	SP800_108_Pipeline (MessageAuthenticationCode *mac)

Static Public Member Functions
static std::unique_ptr< KDF >	create (const std::string &algo_spec, const std::string &provider="")
static std::unique_ptr< KDF >	create_or_throw (const std::string &algo_spec, const std::string &provider="")
static std::vector< std::string >	providers (const std::string &algo_spec)

Detailed Description

NIST SP 800-108 KDF in Double Pipeline Mode (5.3)

Definition at line 96 of file sp800_108.h.

Constructor & Destructor Documentation

SP800_108_Pipeline()

Botan::SP800_108_Pipeline::SP800_108_Pipeline ( MessageAuthenticationCode *  mac )

inlineexplicit

Definition at line 125 of file sp800_108.h.

: m_prf(mac) {}

Member Function Documentation

clone()

KDF* Botan::SP800_108_Pipeline::clone ( ) const

inlineoverridevirtual

Returns

new object representing the same algorithm as *this

Implements Botan::KDF.

Definition at line 101 of file sp800_108.h.

{ return new SP800_108_Pipeline(m_prf->clone()); }

create()

std::unique_ptr< KDF > Botan::KDF::create ( const std::string &  algo_spec, const std::string &  provider = ""  )

staticinherited

Create an instance based on a name If provider is empty then best available is chosen.

Parameters

algo_spec	algorithm name
provider	provider implementation to choose

Returns

a null pointer if the algo/provider combination cannot be found

Definition at line 69 of file kdf.cpp.

References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_count(), BOTAN_UNUSED, Botan::HashFunction::create(), Botan::MessageAuthenticationCode::create(), and hash.

Referenced by Botan::KDF::create_or_throw(), and Botan::get_kdf().

   {
   const SCAN_Name req(algo_spec);

#if defined(BOTAN_HAS_HKDF)
   if(req.algo_name() == "HKDF" && req.arg_count() == 1)
      {
      if(provider.empty() || provider == "base")
         {
         return kdf_create_mac_or_hash<HKDF>(req.arg(0));
         }
      }

   if(req.algo_name() == "HKDF-Extract" && req.arg_count() == 1)
      {
      if(provider.empty() || provider == "base")
         {
         return kdf_create_mac_or_hash<HKDF_Extract>(req.arg(0));
         }
      }

   if(req.algo_name() == "HKDF-Expand" && req.arg_count() == 1)
      {
      if(provider.empty() || provider == "base")
         {
         return kdf_create_mac_or_hash<HKDF_Expand>(req.arg(0));
         }
      }
#endif

#if defined(BOTAN_HAS_KDF2)
   if(req.algo_name() == "KDF2" && req.arg_count() == 1)
      {
      if(provider.empty() || provider == "base")
         {
         if(auto hash = HashFunction::create(req.arg(0)))
            return std::unique_ptr<KDF>(new KDF2(hash.release()));
         }
      }
#endif

#if defined(BOTAN_HAS_KDF1_18033)
   if(req.algo_name() == "KDF1-18033" && req.arg_count() == 1)
      {
      if(provider.empty() || provider == "base")
         {
         if(auto hash = HashFunction::create(req.arg(0)))
            return std::unique_ptr<KDF>(new KDF1_18033(hash.release()));
         }
      }
#endif

#if defined(BOTAN_HAS_KDF1)
   if(req.algo_name() == "KDF1" && req.arg_count() == 1)
      {
      if(provider.empty() || provider == "base")
         {
         if(auto hash = HashFunction::create(req.arg(0)))
            return std::unique_ptr<KDF>(new KDF1(hash.release()));
         }
      }
#endif

#if defined(BOTAN_HAS_TLS_V10_PRF)
   if(req.algo_name() == "TLS-PRF" && req.arg_count() == 0)
      {
      if(provider.empty() || provider == "base")
         {
         return std::unique_ptr<KDF>(new TLS_PRF);
         }
      }
#endif

#if defined(BOTAN_HAS_TLS_V12_PRF)
   if(req.algo_name() == "TLS-12-PRF" && req.arg_count() == 1)
      {
      if(provider.empty() || provider == "base")
         {
         return kdf_create_mac_or_hash<TLS_12_PRF>(req.arg(0));
         }
      }
#endif

#if defined(BOTAN_HAS_X942_PRF)
   if(req.algo_name() == "X9.42-PRF" && req.arg_count() == 1)
      {
      if(provider.empty() || provider == "base")
         {
         return std::unique_ptr<KDF>(new X942_PRF(req.arg(0)));
         }
      }
#endif

#if defined(BOTAN_HAS_SP800_108)
   if(req.algo_name() == "SP800-108-Counter" && req.arg_count() == 1)
      {
      if(provider.empty() || provider == "base")
         {
         return kdf_create_mac_or_hash<SP800_108_Counter>(req.arg(0));
         }
      }

   if(req.algo_name() == "SP800-108-Feedback" && req.arg_count() == 1)
      {
      if(provider.empty() || provider == "base")
         {
         return kdf_create_mac_or_hash<SP800_108_Feedback>(req.arg(0));
         }
      }

   if(req.algo_name() == "SP800-108-Pipeline" && req.arg_count() == 1)
      {
      if(provider.empty() || provider == "base")
         {
         return kdf_create_mac_or_hash<SP800_108_Pipeline>(req.arg(0));
         }
      }
#endif

#if defined(BOTAN_HAS_SP800_56A)
   if(req.algo_name() == "SP800-56A" && req.arg_count() == 1)
      {
      if(auto hash = HashFunction::create(req.arg(0)))
         return std::unique_ptr<KDF>(new SP800_56A_Hash(hash.release()));
      if(auto mac = MessageAuthenticationCode::create(req.arg(0)))
         return std::unique_ptr<KDF>(new SP800_56A_HMAC(mac.release()));
      }
#endif

#if defined(BOTAN_HAS_SP800_56C)
   if(req.algo_name() == "SP800-56C" && req.arg_count() == 1)
      {
      std::unique_ptr<KDF> exp(kdf_create_mac_or_hash<SP800_108_Feedback>(req.arg(0)));
      if(exp)
         {
         if(auto mac = MessageAuthenticationCode::create(req.arg(0)))
            return std::unique_ptr<KDF>(new SP800_56C(mac.release(), exp.release()));

         if(auto mac = MessageAuthenticationCode::create("HMAC(" + req.arg(0) + ")"))
            return std::unique_ptr<KDF>(new SP800_56C(mac.release(), exp.release()));
         }
      }
#endif

   BOTAN_UNUSED(req);
   BOTAN_UNUSED(provider);

   return nullptr;
   }

create_or_throw()

std::unique_ptr< KDF > Botan::KDF::create_or_throw ( const std::string &  algo_spec, const std::string &  provider = ""  )

staticinherited

Create an instance based on a name, or throw if the algo/provider combination cannot be found. If provider is empty then best available is chosen.

Definition at line 222 of file kdf.cpp.

References Botan::KDF::create(), and Botan::KDF::kdf().

Referenced by Botan::ECIES_KA_Operation::derive_secret().

   {
   if(auto kdf = KDF::create(algo, provider))
      {
      return kdf;
      }
   throw Lookup_Error("KDF", algo, provider);
   }

derive_key() [1/5]

secure_vector<uint8_t> Botan::KDF::derive_key ( size_t  key_len, const uint8_t  secret[], size_t  secret_len, const uint8_t  salt[], size_t  salt_len, const uint8_t  label[] = nullptr, size_t  label_len = 0  ) const

inlineinherited

Derive a key

Parameters

key_len	the desired output length in bytes
secret	the secret input
secret_len	size of secret in bytes
salt	a diversifier
salt_len	size of salt in bytes
label	purpose for the derived keying material
label_len	size of label in bytes

Returns

the derived key

Definition at line 83 of file kdf.h.

References salt_len.

         {
         secure_vector<uint8_t> key(key_len);
         key.resize(kdf(key.data(), key.size(), secret, secret_len, salt, salt_len, label, label_len));
         return key;
         }

derive_key() [2/5]

secure_vector<uint8_t> Botan::KDF::derive_key ( size_t  key_len, const secure_vector< uint8_t > &  secret, const std::string &  salt = "", const std::string &  label = ""  ) const

inlineinherited

Derive a key

Parameters

key_len	the desired output length in bytes
secret	the secret input
salt	a diversifier
label	purpose for the derived keying material

Returns

the derived key

Definition at line 104 of file kdf.h.

References Botan::cast_char_ptr_to_uint8().

         {
         return derive_key(key_len, secret.data(), secret.size(),
                           cast_char_ptr_to_uint8(salt.data()),
                           salt.length(),
                           cast_char_ptr_to_uint8(label.data()),
                           label.length());

         }

derive_key() [3/5]

template<typename Alloc , typename Alloc2 , typename Alloc3 >

secure_vector<uint8_t> Botan::KDF::derive_key ( size_t  key_len, const std::vector< uint8_t, Alloc > &  secret, const std::vector< uint8_t, Alloc2 > &  salt, const std::vector< uint8_t, Alloc3 > &  label  ) const

inlineinherited

Derive a key

Parameters

key_len	the desired output length in bytes
secret	the secret input
salt	a diversifier
label	purpose for the derived keying material

Returns

the derived key

Definition at line 126 of file kdf.h.

         {
         return derive_key(key_len,
                           secret.data(), secret.size(),
                           salt.data(), salt.size(),
                           label.data(), label.size());
         }

derive_key() [4/5]

secure_vector<uint8_t> Botan::KDF::derive_key ( size_t  key_len, const secure_vector< uint8_t > &  secret, const uint8_t  salt[], size_t  salt_len, const std::string &  label = ""  ) const

inlineinherited

Derive a key

Parameters

key_len	the desired output length in bytes
secret	the secret input
salt	a diversifier
salt_len	size of salt in bytes
label	purpose for the derived keying material

Returns

the derived key

Definition at line 146 of file kdf.h.

References Botan::cast_char_ptr_to_uint8(), and salt_len.

         {
         return derive_key(key_len,
                           secret.data(), secret.size(),
                           salt, salt_len,
                           cast_char_ptr_to_uint8(label.data()),
                           label.size());
         }

derive_key() [5/5]

secure_vector<uint8_t> Botan::KDF::derive_key ( size_t  key_len, const uint8_t  secret[], size_t  secret_len, const std::string &  salt = "", const std::string &  label = ""  ) const

inlineinherited

Derive a key

Parameters

key_len	the desired output length in bytes
secret	the secret input
secret_len	size of secret in bytes
salt	a diversifier
label	purpose for the derived keying material

Returns

the derived key

Definition at line 168 of file kdf.h.

References Botan::cast_char_ptr_to_uint8().

         {
         return derive_key(key_len, secret, secret_len,
                           cast_char_ptr_to_uint8(salt.data()),
                           salt.length(),
                           cast_char_ptr_to_uint8(label.data()),
                           label.length());
         }

kdf()

size_t Botan::SP800_108_Pipeline::kdf ( uint8_t  key[], size_t  key_len, const uint8_t  secret[], size_t  secret_len, const uint8_t  salt[], size_t  salt_len, const uint8_t  label[], size_t  label_len  ) const

overridevirtual

Derive a key using the SP800-108 KDF in Double Pipeline mode.

The implementation uses the optional counter i and hard codes the length of [L]_2 and [i]_2 (the value r) to 32 bits.

Parameters

key	resulting keying material
key_len	the desired output length in bytes
secret	K_I
secret_len	size of K_I in bytes
salt	Context
salt_len	size of Context in bytes
label	Label
label_len	size of Label in bytes

Exceptions

Invalid_Argument

key_len > 2^32

Implements Botan::KDF.

Definition at line 102 of file sp800_108.cpp.

References Botan::copy_mem(), salt_len, and Botan::store_be().

   {
   const uint32_t length = static_cast<uint32_t>(key_len * 8);
   const std::size_t prf_len =  m_prf->output_length();
   const uint8_t delim = 0;

   uint8_t *p = key;
   uint32_t counter = 1;
   uint8_t be_len[4] = { 0 };
   secure_vector<uint8_t> ai, ki;

   store_be(length, be_len);
   m_prf->set_key(secret,secret_len);

   // A(0)
   std::copy(label,label + label_len,std::back_inserter(ai));
   ai.emplace_back(delim);
   std::copy(salt,salt + salt_len,std::back_inserter(ai));
   std::copy(be_len,be_len + 4,std::back_inserter(ai));

   while(p < key + key_len && counter != 0)
      {
      // A(i)
      m_prf->update(ai);
      m_prf->final(ai);

      // K(i)
      const std::size_t to_copy = std::min< std::size_t >(key + key_len - p, prf_len);
      uint8_t be_cnt[4] = { 0 };

      store_be(counter, be_cnt);

      m_prf->update(ai);
      m_prf->update(be_cnt,4);
      m_prf->update(label, label_len);
      m_prf->update(delim);
      m_prf->update(salt, salt_len);
      m_prf->update(be_len,4);
      m_prf->final(ki);

      copy_mem(p, ki.data(), to_copy);
      p += to_copy;

      ++counter;

      if(counter == 0)
         throw Invalid_Argument("Can't process more than 4GB");
      }

   return key_len;
   }

name()

std::string Botan::SP800_108_Pipeline::name ( ) const

inlineoverridevirtual

Returns

KDF name

Implements Botan::KDF.

Definition at line 99 of file sp800_108.h.

{ return "SP800-108-Pipeline(" + m_prf->name() + ")"; }

providers()

std::vector< std::string > Botan::KDF::providers ( const std::string &  algo_spec )

staticinherited

Returns

list of available providers for this algorithm, empty if not available

Definition at line 232 of file kdf.cpp.

   {
   return probe_providers_of<KDF>(algo_spec, { "base" });
   }

---

The documentation for this class was generated from the following files:

• src/lib/kdf/sp800_108/sp800_108.h
• src/lib/kdf/sp800_108/sp800_108.cpp