Botan 3.5.0
Crypto and TLS for C&
Botan::X942_PRF Class Referencefinal

#include <prf_x942.h>

Inheritance diagram for Botan::X942_PRF:
Botan::KDF

Public Member Functions

KDFclone () const
 
template<concepts::resizable_byte_buffer T = secure_vector<uint8_t>>
T derive_key (size_t key_len, const uint8_t secret[], size_t secret_len, const uint8_t salt[], size_t salt_len, const uint8_t label[]=nullptr, size_t label_len=0) const
 
template<concepts::resizable_byte_buffer T = secure_vector<uint8_t>>
T derive_key (size_t key_len, const uint8_t secret[], size_t secret_len, std::string_view salt="", std::string_view label="") const
 
template<concepts::resizable_byte_buffer T = secure_vector<uint8_t>>
T derive_key (size_t key_len, std::span< const uint8_t > secret, const uint8_t salt[], size_t salt_len, std::string_view label="") const
 
template<concepts::resizable_byte_buffer T = secure_vector<uint8_t>>
T derive_key (size_t key_len, std::span< const uint8_t > secret, std::span< const uint8_t > salt, std::span< const uint8_t > label) const
 
template<concepts::resizable_byte_buffer T = secure_vector<uint8_t>>
T derive_key (size_t key_len, std::span< const uint8_t > secret, std::string_view salt="", std::string_view label="") const
 
void derive_key (std::span< uint8_t > key, std::span< const uint8_t > secret, std::span< const uint8_t > salt, std::span< const uint8_t > label) const
 
void kdf (uint8_t key[], size_t key_len, const uint8_t secret[], size_t secret_len, const uint8_t salt[], size_t salt_len, const uint8_t label[], size_t label_len) const override
 
std::string name () const override
 
std::unique_ptr< KDFnew_object () const override
 
 X942_PRF (const OID &oid)
 
 X942_PRF (std::string_view oid)
 

Static Public Member Functions

static std::unique_ptr< KDFcreate (std::string_view algo_spec, std::string_view provider="")
 
static std::unique_ptr< KDFcreate_or_throw (std::string_view algo_spec, std::string_view provider="")
 
static std::vector< std::string > providers (std::string_view algo_spec)
 

Detailed Description

PRF from ANSI X9.42

Definition at line 19 of file prf_x942.h.

Constructor & Destructor Documentation

◆ X942_PRF() [1/2]

Botan::X942_PRF::X942_PRF ( std::string_view oid)
inlineexplicit

Definition at line 34 of file prf_x942.h.

34: m_key_wrap_oid(OID::from_string(oid)) {}
static OID from_string(std::string_view str)
Definition asn1_oid.cpp:86

◆ X942_PRF() [2/2]

Botan::X942_PRF::X942_PRF ( const OID & oid)
inlineexplicit

Definition at line 36 of file prf_x942.h.

36: m_key_wrap_oid(oid) {}

Member Function Documentation

◆ clone()

KDF * Botan::KDF::clone ( ) const
inlineinherited
Returns
new object representing the same algorithm as *this

Definition at line 203 of file kdf.h.

203{ return this->new_object().release(); }
virtual std::unique_ptr< KDF > new_object() const =0

◆ create()

std::unique_ptr< KDF > Botan::KDF::create ( std::string_view algo_spec,
std::string_view provider = "" )
staticinherited

Create an instance based on a name If provider is empty then best available is chosen.

Parameters
algo_specalgorithm name
providerprovider implementation to choose
Returns
a null pointer if the algo/provider combination cannot be found

Definition at line 71 of file kdf.cpp.

71 {
72 const SCAN_Name req(algo_spec);
73
74#if defined(BOTAN_HAS_HKDF)
75 if(req.algo_name() == "HKDF" && req.arg_count() == 1) {
76 if(provider.empty() || provider == "base") {
77 return kdf_create_mac_or_hash<HKDF>(req.arg(0));
78 }
79 }
80
81 if(req.algo_name() == "HKDF-Extract" && req.arg_count() == 1) {
82 if(provider.empty() || provider == "base") {
83 return kdf_create_mac_or_hash<HKDF_Extract>(req.arg(0));
84 }
85 }
86
87 if(req.algo_name() == "HKDF-Expand" && req.arg_count() == 1) {
88 if(provider.empty() || provider == "base") {
89 return kdf_create_mac_or_hash<HKDF_Expand>(req.arg(0));
90 }
91 }
92#endif
93
94#if defined(BOTAN_HAS_KDF2)
95 if(req.algo_name() == "KDF2" && req.arg_count() == 1) {
96 if(provider.empty() || provider == "base") {
97 if(auto hash = HashFunction::create(req.arg(0))) {
98 return std::make_unique<KDF2>(std::move(hash));
99 }
100 }
101 }
102#endif
103
104#if defined(BOTAN_HAS_KDF1_18033)
105 if(req.algo_name() == "KDF1-18033" && req.arg_count() == 1) {
106 if(provider.empty() || provider == "base") {
107 if(auto hash = HashFunction::create(req.arg(0))) {
108 return std::make_unique<KDF1_18033>(std::move(hash));
109 }
110 }
111 }
112#endif
113
114#if defined(BOTAN_HAS_KDF1)
115 if(req.algo_name() == "KDF1" && req.arg_count() == 1) {
116 if(provider.empty() || provider == "base") {
117 if(auto hash = HashFunction::create(req.arg(0))) {
118 return std::make_unique<KDF1>(std::move(hash));
119 }
120 }
121 }
122#endif
123
124#if defined(BOTAN_HAS_TLS_V12_PRF)
125 if(req.algo_name() == "TLS-12-PRF" && req.arg_count() == 1) {
126 if(provider.empty() || provider == "base") {
127 return kdf_create_mac_or_hash<TLS_12_PRF>(req.arg(0));
128 }
129 }
130#endif
131
132#if defined(BOTAN_HAS_X942_PRF)
133 if(req.algo_name() == "X9.42-PRF" && req.arg_count() == 1) {
134 if(provider.empty() || provider == "base") {
135 return std::make_unique<X942_PRF>(req.arg(0));
136 }
137 }
138#endif
139
140#if defined(BOTAN_HAS_SP800_108)
141 if(req.algo_name() == "SP800-108-Counter" && req.arg_count() == 1) {
142 if(provider.empty() || provider == "base") {
143 return kdf_create_mac_or_hash<SP800_108_Counter>(req.arg(0));
144 }
145 }
146
147 if(req.algo_name() == "SP800-108-Feedback" && req.arg_count() == 1) {
148 if(provider.empty() || provider == "base") {
149 return kdf_create_mac_or_hash<SP800_108_Feedback>(req.arg(0));
150 }
151 }
152
153 if(req.algo_name() == "SP800-108-Pipeline" && req.arg_count() == 1) {
154 if(provider.empty() || provider == "base") {
155 return kdf_create_mac_or_hash<SP800_108_Pipeline>(req.arg(0));
156 }
157 }
158#endif
159
160#if defined(BOTAN_HAS_SP800_56A)
161 if(req.algo_name() == "SP800-56A" && req.arg_count() == 1) {
162 if(auto hash = HashFunction::create(req.arg(0))) {
163 return std::make_unique<SP800_56C_One_Step_Hash>(std::move(hash));
164 }
165 if(req.arg(0) == "KMAC-128") {
166 return std::make_unique<SP800_56C_One_Step_KMAC128>();
167 }
168 if(req.arg(0) == "KMAC-256") {
169 return std::make_unique<SP800_56C_One_Step_KMAC256>();
170 }
171 if(auto mac = MessageAuthenticationCode::create(req.arg(0))) {
172 return std::make_unique<SP800_56C_One_Step_HMAC>(std::move(mac));
173 }
174 }
175#endif
176
177#if defined(BOTAN_HAS_SP800_56C)
178 if(req.algo_name() == "SP800-56C" && req.arg_count() == 1) {
179 std::unique_ptr<KDF> exp(kdf_create_mac_or_hash<SP800_108_Feedback>(req.arg(0)));
180 if(exp) {
181 if(auto mac = MessageAuthenticationCode::create(req.arg(0))) {
182 return std::make_unique<SP800_56C_Two_Step>(std::move(mac), std::move(exp));
183 }
184
185 if(auto mac = MessageAuthenticationCode::create(fmt("HMAC({})", req.arg(0)))) {
186 return std::make_unique<SP800_56C_Two_Step>(std::move(mac), std::move(exp));
187 }
188 }
189 }
190#endif
191
192 BOTAN_UNUSED(req);
193 BOTAN_UNUSED(provider);
194
195 return nullptr;
196}
#define BOTAN_UNUSED
Definition assert.h:118
static std::unique_ptr< HashFunction > create(std::string_view algo_spec, std::string_view provider="")
Definition hash.cpp:107
static std::unique_ptr< MessageAuthenticationCode > create(std::string_view algo_spec, std::string_view provider="")
Definition mac.cpp:51
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53

References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_count(), BOTAN_UNUSED, Botan::HashFunction::create(), Botan::MessageAuthenticationCode::create(), and Botan::fmt().

Referenced by Botan::KDF::create_or_throw(), and Botan::get_kdf().

◆ create_or_throw()

std::unique_ptr< KDF > Botan::KDF::create_or_throw ( std::string_view algo_spec,
std::string_view provider = "" )
staticinherited

Create an instance based on a name, or throw if the algo/provider combination cannot be found. If provider is empty then best available is chosen.

Definition at line 199 of file kdf.cpp.

199 {
200 if(auto kdf = KDF::create(algo, provider)) {
201 return kdf;
202 }
203 throw Lookup_Error("KDF", algo, provider);
204}
static std::unique_ptr< KDF > create(std::string_view algo_spec, std::string_view provider="")
Definition kdf.cpp:71
virtual void kdf(uint8_t key[], size_t key_len, const uint8_t secret[], size_t secret_len, const uint8_t salt[], size_t salt_len, const uint8_t label[], size_t label_len) const =0

References Botan::KDF::create(), and Botan::KDF::kdf().

Referenced by botan_kdf(), Botan::ECIES_KA_Operation::derive_secret(), Botan::PK_Ops::KEM_Decryption_with_KDF::KEM_Decryption_with_KDF(), Botan::PK_Ops::KEM_Encryption_with_KDF::KEM_Encryption_with_KDF(), Botan::PK_Ops::Key_Agreement_with_KDF::Key_Agreement_with_KDF(), and Botan::TLS::Handshake_State::protocol_specific_prf().

◆ derive_key() [1/6]

template<concepts::resizable_byte_buffer T = secure_vector<uint8_t>>
T Botan::KDF::derive_key ( size_t key_len,
const uint8_t secret[],
size_t secret_len,
const uint8_t salt[],
size_t salt_len,
const uint8_t label[] = nullptr,
size_t label_len = 0 ) const
inlineinherited

Derive a key

Parameters
key_lenthe desired output length in bytes
secretthe secret input
secret_lensize of secret in bytes
salta diversifier
salt_lensize of salt in bytes
labelpurpose for the derived keying material
label_lensize of label in bytes
Returns
the derived key

Definition at line 86 of file kdf.h.

92 {
93 T key(key_len);
94 kdf(key.data(), key.size(), secret, secret_len, salt, salt_len, label, label_len);
95 return key;
96 }
FE_25519 T
Definition ge.cpp:34

References T.

◆ derive_key() [2/6]

template<concepts::resizable_byte_buffer T = secure_vector<uint8_t>>
T Botan::KDF::derive_key ( size_t key_len,
const uint8_t secret[],
size_t secret_len,
std::string_view salt = "",
std::string_view label = "" ) const
inlineinherited

Derive a key

Parameters
key_lenthe desired output length in bytes
secretthe secret input
secret_lensize of secret in bytes
salta diversifier
labelpurpose for the derived keying material
Returns
the derived key

Definition at line 181 of file kdf.h.

185 {
186 return derive_key<T>(key_len,
187 secret,
188 secret_len,
189 cast_char_ptr_to_uint8(salt.data()),
190 salt.length(),
191 cast_char_ptr_to_uint8(label.data()),
192 label.length());
193 }
T derive_key(size_t key_len, const uint8_t secret[], size_t secret_len, const uint8_t salt[], size_t salt_len, const uint8_t label[]=nullptr, size_t label_len=0) const
Definition kdf.h:86
const uint8_t * cast_char_ptr_to_uint8(const char *s)
Definition mem_ops.h:273

References Botan::cast_char_ptr_to_uint8().

◆ derive_key() [3/6]

template<concepts::resizable_byte_buffer T = secure_vector<uint8_t>>
T Botan::KDF::derive_key ( size_t key_len,
std::span< const uint8_t > secret,
const uint8_t salt[],
size_t salt_len,
std::string_view label = "" ) const
inlineinherited

Derive a key

Parameters
key_lenthe desired output length in bytes
secretthe secret input
salta diversifier
salt_lensize of salt in bytes
labelpurpose for the derived keying material
Returns
the derived key

Definition at line 162 of file kdf.h.

166 {
167 return derive_key<T>(
168 key_len, secret.data(), secret.size(), salt, salt_len, cast_char_ptr_to_uint8(label.data()), label.size());
169 }

References Botan::cast_char_ptr_to_uint8().

◆ derive_key() [4/6]

template<concepts::resizable_byte_buffer T = secure_vector<uint8_t>>
T Botan::KDF::derive_key ( size_t key_len,
std::span< const uint8_t > secret,
std::span< const uint8_t > salt,
std::span< const uint8_t > label ) const
inlineinherited

Derive a key

Parameters
key_lenthe desired output length in bytes
secretthe secret input
salta diversifier
labelpurpose for the derived keying material
Returns
the derived key

Definition at line 144 of file kdf.h.

147 {
148 return derive_key<T>(
149 key_len, secret.data(), secret.size(), salt.data(), salt.size(), label.data(), label.size());
150 }

◆ derive_key() [5/6]

template<concepts::resizable_byte_buffer T = secure_vector<uint8_t>>
T Botan::KDF::derive_key ( size_t key_len,
std::span< const uint8_t > secret,
std::string_view salt = "",
std::string_view label = "" ) const
inlineinherited

Derive a key

Parameters
key_lenthe desired output length in bytes
secretthe secret input
salta diversifier
labelpurpose for the derived keying material
Returns
the derived key

Definition at line 107 of file kdf.h.

110 {
111 return derive_key<T>(key_len,
112 secret.data(),
113 secret.size(),
114 cast_char_ptr_to_uint8(salt.data()),
115 salt.length(),
116 cast_char_ptr_to_uint8(label.data()),
117 label.length());
118 }

References Botan::cast_char_ptr_to_uint8().

◆ derive_key() [6/6]

void Botan::KDF::derive_key ( std::span< uint8_t > key,
std::span< const uint8_t > secret,
std::span< const uint8_t > salt,
std::span< const uint8_t > label ) const
inlineinherited

Derive a key

Parameters
keythe output buffer for the to-be-derived key
secretthe secret input
salta diversifier
labelpurpose for the derived keying material

Definition at line 127 of file kdf.h.

130 {
131 return kdf(
132 key.data(), key.size(), secret.data(), secret.size(), salt.data(), salt.size(), label.data(), label.size());
133 }

◆ kdf()

void Botan::X942_PRF::kdf ( uint8_t key[],
size_t key_len,
const uint8_t secret[],
size_t secret_len,
const uint8_t salt[],
size_t salt_len,
const uint8_t label[],
size_t label_len ) const
overridevirtual

Derive a key

Parameters
keybuffer holding the derived key, must be of length key_len
key_lenthe desired output length in bytes
secretthe secret input
secret_lensize of secret in bytes
salta diversifier
salt_lensize of salt in bytes
labelpurpose for the derived keying material
label_lensize of label in bytes

Implements Botan::KDF.

Definition at line 33 of file prf_x942.cpp.

40 {
41 if(key_len == 0) {
42 return;
43 }
44
45 const size_t blocks_required = key_len / 20; // Fixed to use SHA-1
46
47 if(blocks_required >= 0xFFFFFFFE) {
48 throw Invalid_Argument("X942_PRF maximum output length exceeeded");
49 }
50
51 auto hash = HashFunction::create("SHA-1");
52
55 size_t offset = 0;
56 uint32_t counter = 1;
57
58 in.reserve(salt_len + label_len);
59 in += std::make_pair(label, label_len);
60 in += std::make_pair(salt, salt_len);
61
62 while(offset != key_len && counter) {
63 hash->update(secret, secret_len);
64
65 hash->update(
66 DER_Encoder()
67 .start_sequence()
68
69 .start_sequence()
70 .encode(m_key_wrap_oid)
71 .raw_bytes(encode_x942_int(counter))
72 .end_cons()
73
74 .encode_if(salt_len != 0, DER_Encoder().start_explicit(0).encode(in, ASN1_Type::OctetString).end_explicit())
75
76 .start_explicit(2)
77 .raw_bytes(encode_x942_int(static_cast<uint32_t>(8 * key_len)))
78 .end_explicit()
79
80 .end_cons()
81 .get_contents());
82
83 hash->final(h);
84 const size_t copied = std::min(h.size(), key_len - offset);
85 copy_mem(&key[offset], h.data(), copied);
86 offset += copied;
87
88 ++counter;
89 BOTAN_ASSERT_NOMSG(counter != 0);
90 }
91}
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59
std::string encode(const uint8_t der[], size_t length, std::string_view label, size_t width)
Definition pem.cpp:39
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61
constexpr void copy_mem(T *out, const T *in, size_t n)
Definition mem_ops.h:146

References BOTAN_ASSERT_NOMSG, Botan::copy_mem(), Botan::HashFunction::create(), and Botan::OctetString.

◆ name()

std::string Botan::X942_PRF::name ( ) const
overridevirtual
Returns
KDF name

Implements Botan::KDF.

Definition at line 93 of file prf_x942.cpp.

93 {
94 return "X9.42-PRF(" + m_key_wrap_oid.to_formatted_string() + ")";
95}
std::string to_formatted_string() const
Definition asn1_oid.cpp:139

References Botan::OID::to_formatted_string().

◆ new_object()

std::unique_ptr< KDF > Botan::X942_PRF::new_object ( ) const
inlineoverridevirtual
Returns
new object representing the same algorithm as *this

Implements Botan::KDF.

Definition at line 23 of file prf_x942.h.

23{ return std::make_unique<X942_PRF>(m_key_wrap_oid); }

◆ providers()

std::vector< std::string > Botan::KDF::providers ( std::string_view algo_spec)
staticinherited
Returns
list of available providers for this algorithm, empty if not available

Definition at line 206 of file kdf.cpp.

206 {
207 return probe_providers_of<KDF>(algo_spec);
208}
std::vector< std::string > probe_providers_of(std::string_view algo_spec, const std::vector< std::string > &possible={"base"})
Definition scan_name.h:105

References Botan::probe_providers_of().


The documentation for this class was generated from the following files: