#include <sp800_108.h>
Inheritance diagram for Botan::SP800_108_Pipeline:
Public Member Functions | |
| KDF * | clone () const override |
| secure_vector< uint8_t > | derive_key (size_t key_len, const secure_vector< uint8_t > &secret, const std::string &salt="", const std::string &label="") const |
| secure_vector< uint8_t > | derive_key (size_t key_len, const secure_vector< uint8_t > &secret, const uint8_t salt[], size_t salt_len, const std::string &label="") const |
| template<typename Alloc , typename Alloc2 , typename Alloc3 > | |
| secure_vector< uint8_t > | derive_key (size_t key_len, const std::vector< uint8_t, Alloc > &secret, const std::vector< uint8_t, Alloc2 > &salt, const std::vector< uint8_t, Alloc3 > &label) const |
| secure_vector< uint8_t > | derive_key (size_t key_len, const uint8_t secret[], size_t secret_len, const std::string &salt="", const std::string &label="") const |
| secure_vector< uint8_t > | derive_key (size_t key_len, const uint8_t secret[], size_t secret_len, const uint8_t salt[], size_t salt_len, const uint8_t label[]=nullptr, size_t label_len=0) const |
| size_t | kdf (uint8_t key[], size_t key_len, const uint8_t secret[], size_t secret_len, const uint8_t salt[], size_t salt_len, const uint8_t label[], size_t label_len) const override |
| std::string | name () const override |
| SP800_108_Pipeline (MessageAuthenticationCode *mac) | |
Static Public Member Functions | |
| static std::unique_ptr< KDF > | create (const std::string &algo_spec, const std::string &provider="") |
| static std::unique_ptr< KDF > | create_or_throw (const std::string &algo_spec, const std::string &provider="") |
| static std::vector< std::string > | providers (const std::string &algo_spec) |
Detailed Description
NIST SP 800-108 KDF in Double Pipeline Mode (5.3)
Definition at line 98 of file sp800_108.h.
Constructor & Destructor Documentation
◆ SP800_108_Pipeline()
|
inlineexplicit |
Definition at line 127 of file sp800_108.h.
127: m_prf(mac) {}
Member Function Documentation
◆ clone()
|
inlineoverridevirtual |
- Returns
- new object representing the same algorithm as *this
Implements Botan::KDF.
Definition at line 103 of file sp800_108.h.
SP800_108_Pipeline(MessageAuthenticationCode *mac)
Definition: sp800_108.h:127
◆ create()
|
staticinherited |
Create an instance based on a name If provider is empty then best available is chosen.
- Parameters
-
algo_spec algorithm name provider provider implementation to choose
- Returns
- a null pointer if the algo/provider combination cannot be found
Definition at line 69 of file kdf.cpp.
71 {
72 const SCAN_Name req(algo_spec);
73
74#if defined(BOTAN_HAS_HKDF)
75 if(req.algo_name() == "HKDF" && req.arg_count() == 1)
76 {
77 if(provider.empty() || provider == "base")
78 {
79 return kdf_create_mac_or_hash<HKDF>(req.arg(0));
80 }
81 }
82
83 if(req.algo_name() == "HKDF-Extract" && req.arg_count() == 1)
84 {
85 if(provider.empty() || provider == "base")
86 {
87 return kdf_create_mac_or_hash<HKDF_Extract>(req.arg(0));
88 }
89 }
90
91 if(req.algo_name() == "HKDF-Expand" && req.arg_count() == 1)
92 {
93 if(provider.empty() || provider == "base")
94 {
95 return kdf_create_mac_or_hash<HKDF_Expand>(req.arg(0));
96 }
97 }
98#endif
99
100#if defined(BOTAN_HAS_KDF2)
101 if(req.algo_name() == "KDF2" && req.arg_count() == 1)
102 {
103 if(provider.empty() || provider == "base")
104 {
107 }
108 }
109#endif
110
111#if defined(BOTAN_HAS_KDF1_18033)
112 if(req.algo_name() == "KDF1-18033" && req.arg_count() == 1)
113 {
114 if(provider.empty() || provider == "base")
115 {
118 }
119 }
120#endif
121
122#if defined(BOTAN_HAS_KDF1)
123 if(req.algo_name() == "KDF1" && req.arg_count() == 1)
124 {
125 if(provider.empty() || provider == "base")
126 {
129 }
130 }
131#endif
132
133#if defined(BOTAN_HAS_TLS_V10_PRF)
134 if(req.algo_name() == "TLS-PRF" && req.arg_count() == 0)
135 {
136 if(provider.empty() || provider == "base")
137 {
140
141 if(hmac_md5 && hmac_sha1)
142 return std::unique_ptr<KDF>(new TLS_PRF(std::move(hmac_md5), std::move(hmac_sha1)));
143 }
144 }
145#endif
146
147#if defined(BOTAN_HAS_TLS_V12_PRF)
148 if(req.algo_name() == "TLS-12-PRF" && req.arg_count() == 1)
149 {
150 if(provider.empty() || provider == "base")
151 {
152 return kdf_create_mac_or_hash<TLS_12_PRF>(req.arg(0));
153 }
154 }
155#endif
156
157#if defined(BOTAN_HAS_X942_PRF)
158 if(req.algo_name() == "X9.42-PRF" && req.arg_count() == 1)
159 {
160 if(provider.empty() || provider == "base")
161 {
162 return std::unique_ptr<KDF>(new X942_PRF(req.arg(0)));
163 }
164 }
165#endif
166
167#if defined(BOTAN_HAS_SP800_108)
168 if(req.algo_name() == "SP800-108-Counter" && req.arg_count() == 1)
169 {
170 if(provider.empty() || provider == "base")
171 {
172 return kdf_create_mac_or_hash<SP800_108_Counter>(req.arg(0));
173 }
174 }
175
176 if(req.algo_name() == "SP800-108-Feedback" && req.arg_count() == 1)
177 {
178 if(provider.empty() || provider == "base")
179 {
180 return kdf_create_mac_or_hash<SP800_108_Feedback>(req.arg(0));
181 }
182 }
183
184 if(req.algo_name() == "SP800-108-Pipeline" && req.arg_count() == 1)
185 {
186 if(provider.empty() || provider == "base")
187 {
188 return kdf_create_mac_or_hash<SP800_108_Pipeline>(req.arg(0));
189 }
190 }
191#endif
192
193#if defined(BOTAN_HAS_SP800_56A)
194 if(req.algo_name() == "SP800-56A" && req.arg_count() == 1)
195 {
199 return std::unique_ptr<KDF>(new SP800_56A_HMAC(mac.release()));
200 }
201#endif
202
203#if defined(BOTAN_HAS_SP800_56C)
204 if(req.algo_name() == "SP800-56C" && req.arg_count() == 1)
205 {
206 std::unique_ptr<KDF> exp(kdf_create_mac_or_hash<SP800_108_Feedback>(req.arg(0)));
207 if(exp)
208 {
210 return std::unique_ptr<KDF>(new SP800_56C(mac.release(), exp.release()));
211
213 return std::unique_ptr<KDF>(new SP800_56C(mac.release(), exp.release()));
214 }
215 }
216#endif
217
218 BOTAN_UNUSED(req);
219 BOTAN_UNUSED(provider);
220
221 return nullptr;
222 }
static std::unique_ptr< HashFunction > create(const std::string &algo_spec, const std::string &provider="")
Definition: hash.cpp:106
static std::unique_ptr< MessageAuthenticationCode > create(const std::string &algo_spec, const std::string &provider="")
Definition: mac.cpp:46
References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_count(), BOTAN_UNUSED, Botan::HashFunction::create(), Botan::MessageAuthenticationCode::create(), and hash.
Referenced by Botan::KDF::create_or_throw(), and Botan::get_kdf().
◆ create_or_throw()
|
staticinherited |
Create an instance based on a name, or throw if the algo/provider combination cannot be found. If provider is empty then best available is chosen.
Definition at line 226 of file kdf.cpp.
228 {
230 {
232 }
233 throw Lookup_Error("KDF", algo, provider);
234 }
virtual size_t kdf(uint8_t key[], size_t key_len, const uint8_t secret[], size_t secret_len, const uint8_t salt[], size_t salt_len, const uint8_t label[], size_t label_len) const =0
static std::unique_ptr< KDF > create(const std::string &algo_spec, const std::string &provider="")
Definition: kdf.cpp:69
References Botan::KDF::create(), and Botan::KDF::kdf().
Referenced by Botan::ECIES_KA_Operation::derive_secret().
◆ derive_key() [1/5]
|
inlineinherited |
Derive a key
- Parameters
-
key_len the desired output length in bytes secret the secret input salt a diversifier label purpose for the derived keying material
- Returns
- the derived key
Definition at line 104 of file kdf.h.
108 {
110 cast_char_ptr_to_uint8(salt.data()),
111 salt.length(),
112 cast_char_ptr_to_uint8(label.data()),
113 label.length());
114
115 }
secure_vector< uint8_t > derive_key(size_t key_len, const uint8_t secret[], size_t secret_len, const uint8_t salt[], size_t salt_len, const uint8_t label[]=nullptr, size_t label_len=0) const
Definition: kdf.h:83
const uint8_t * cast_char_ptr_to_uint8(const char *s)
Definition: mem_ops.h:190
References Botan::cast_char_ptr_to_uint8().
◆ derive_key() [2/5]
|
inlineinherited |
Derive a key
- Parameters
-
key_len the desired output length in bytes secret the secret input salt a diversifier salt_len size of salt in bytes label purpose for the derived keying material
- Returns
- the derived key
Definition at line 146 of file kdf.h.
151 {
153 secret.data(), secret.size(),
154 salt, salt_len,
155 cast_char_ptr_to_uint8(label.data()),
156 label.size());
157 }
References Botan::cast_char_ptr_to_uint8(), and salt_len.
◆ derive_key() [3/5]
template<typename Alloc , typename Alloc2 , typename Alloc3 >
|
inlineinherited |
Derive a key
- Parameters
-
key_len the desired output length in bytes secret the secret input salt a diversifier label purpose for the derived keying material
- Returns
- the derived key
Definition at line 126 of file kdf.h.
130 {
132 secret.data(), secret.size(),
133 salt.data(), salt.size(),
134 label.data(), label.size());
135 }
◆ derive_key() [4/5]
|
inlineinherited |
Derive a key
- Parameters
-
key_len the desired output length in bytes secret the secret input secret_len size of secret in bytes salt a diversifier label purpose for the derived keying material
- Returns
- the derived key
Definition at line 168 of file kdf.h.
173 {
175 cast_char_ptr_to_uint8(salt.data()),
176 salt.length(),
177 cast_char_ptr_to_uint8(label.data()),
178 label.length());
179 }
References Botan::cast_char_ptr_to_uint8().
◆ derive_key() [5/5]
|
inlineinherited |
Derive a key
- Parameters
-
key_len the desired output length in bytes secret the secret input secret_len size of secret in bytes salt a diversifier salt_len size of salt in bytes label purpose for the derived keying material label_len size of label in bytes
- Returns
- the derived key
Definition at line 83 of file kdf.h.
90 {
91 secure_vector<uint8_t> key(key_len);
93 return key;
94 }
References salt_len.
◆ kdf()
|
overridevirtual |
Derive a key using the SP800-108 KDF in Double Pipeline mode.
The implementation uses the optional counter i and hard codes the length of [L]_2 and [i]_2 (the value r) to 32 bits.
- Parameters
-
key resulting keying material key_len the desired output length in bytes secret K_I secret_len size of K_I in bytes salt Context salt_len size of Context in bytes label Label label_len size of Label in bytes
- Exceptions
-
Invalid_Argument key_len > 2^32
Implements Botan::KDF.
Definition at line 112 of file sp800_108.cpp.
116 {
117 const uint32_t length = static_cast<uint32_t>(key_len * 8);
118 const std::size_t prf_len = m_prf->output_length();
119 const uint8_t delim = 0;
120
121 const uint64_t blocks_required = (key_len + prf_len - 1) / prf_len;
122
123 if(blocks_required > 0xFFFFFFFF)
124 throw Invalid_Argument("SP800_108_Feedback output size too large");
125
126 uint8_t *p = key;
127 uint32_t counter = 1;
128 uint8_t be_len[4] = { 0 };
129 secure_vector<uint8_t> ai, ki;
130
131 store_be(length, be_len);
132 m_prf->set_key(secret,secret_len);
133
134 // A(0)
135 std::copy(label,label + label_len,std::back_inserter(ai));
136 ai.emplace_back(delim);
137 std::copy(salt,salt + salt_len,std::back_inserter(ai));
138 std::copy(be_len,be_len + 4,std::back_inserter(ai));
139
140 while(p < key + key_len)
141 {
142 // A(i)
143 m_prf->update(ai);
144 m_prf->final(ai);
145
146 // K(i)
147 const std::size_t to_copy = std::min< std::size_t >(key + key_len - p, prf_len);
148 uint8_t be_cnt[4] = { 0 };
149
150 store_be(counter, be_cnt);
151
152 m_prf->update(ai);
153 m_prf->update(be_cnt,4);
154 m_prf->update(label, label_len);
155 m_prf->update(delim);
156 m_prf->update(salt, salt_len);
157 m_prf->update(be_len,4);
158 m_prf->final(ki);
159
160 copy_mem(p, ki.data(), to_copy);
161 p += to_copy;
162
163 ++counter;
164
166 }
167
168 return key_len;
169 }
References BOTAN_ASSERT, Botan::copy_mem(), salt_len, and Botan::store_be().
◆ name()
|
inlineoverridevirtual |
- Returns
- KDF name
Implements Botan::KDF.
Definition at line 101 of file sp800_108.h.
101{ return "SP800-108-Pipeline(" + m_prf->name() + ")"; }
◆ providers()
|
staticinherited |
The documentation for this class was generated from the following files:
- src/lib/kdf/sp800_108/sp800_108.h
- src/lib/kdf/sp800_108/sp800_108.cpp
