Botan 3.0.0-alpha0
Crypto and TLS for C&
Public Member Functions | Static Public Member Functions | List of all members
Botan::X942_PRF Class Referencefinal

#include <prf_x942.h>

Inheritance diagram for Botan::X942_PRF:
Botan::KDF

Public Member Functions

KDFclone () const
 
secure_vector< uint8_t > derive_key (size_t key_len, const secure_vector< uint8_t > &secret, const std::string &salt="", const std::string &label="") const
 
secure_vector< uint8_t > derive_key (size_t key_len, const secure_vector< uint8_t > &secret, const uint8_t salt[], size_t salt_len, const std::string &label="") const
 
template<typename Alloc , typename Alloc2 , typename Alloc3 >
secure_vector< uint8_t > derive_key (size_t key_len, const std::vector< uint8_t, Alloc > &secret, const std::vector< uint8_t, Alloc2 > &salt, const std::vector< uint8_t, Alloc3 > &label) const
 
secure_vector< uint8_t > derive_key (size_t key_len, const uint8_t secret[], size_t secret_len, const std::string &salt="", const std::string &label="") const
 
secure_vector< uint8_t > derive_key (size_t key_len, const uint8_t secret[], size_t secret_len, const uint8_t salt[], size_t salt_len, const uint8_t label[]=nullptr, size_t label_len=0) const
 
void kdf (uint8_t key[], size_t key_len, const uint8_t secret[], size_t secret_len, const uint8_t salt[], size_t salt_len, const uint8_t label[], size_t label_len) const override
 
std::string name () const override
 
std::unique_ptr< KDFnew_object () const override
 
 X942_PRF (const OID &oid)
 
 X942_PRF (const std::string &oid)
 

Static Public Member Functions

static std::unique_ptr< KDFcreate (const std::string &algo_spec, const std::string &provider="")
 
static std::unique_ptr< KDFcreate_or_throw (const std::string &algo_spec, const std::string &provider="")
 
static std::vector< std::string > providers (const std::string &algo_spec)
 

Detailed Description

PRF from ANSI X9.42

Definition at line 19 of file prf_x942.h.

Constructor & Destructor Documentation

◆ X942_PRF() [1/2]

Botan::X942_PRF::X942_PRF ( const std::string &  oid)
inlineexplicit

Definition at line 31 of file prf_x942.h.

31: m_key_wrap_oid(OID::from_string(oid)) {}
static OID from_string(const std::string &str)
Definition: asn1_oid.cpp:61

◆ X942_PRF() [2/2]

Botan::X942_PRF::X942_PRF ( const OID oid)
inlineexplicit

Definition at line 33 of file prf_x942.h.

33: m_key_wrap_oid(oid) {}

Member Function Documentation

◆ clone()

KDF * Botan::KDF::clone ( ) const
inlineinherited
Returns
new object representing the same algorithm as *this

Definition at line 188 of file kdf.h.

189 {
190 return this->new_object().release();
191 }
virtual std::unique_ptr< KDF > new_object() const =0

◆ create()

std::unique_ptr< KDF > Botan::KDF::create ( const std::string &  algo_spec,
const std::string &  provider = "" 
)
staticinherited

Create an instance based on a name If provider is empty then best available is chosen.

Parameters
algo_specalgorithm name
providerprovider implementation to choose
Returns
a null pointer if the algo/provider combination cannot be found

Definition at line 69 of file kdf.cpp.

71 {
72 const SCAN_Name req(algo_spec);
73
74#if defined(BOTAN_HAS_HKDF)
75 if(req.algo_name() == "HKDF" && req.arg_count() == 1)
76 {
77 if(provider.empty() || provider == "base")
78 {
79 return kdf_create_mac_or_hash<HKDF>(req.arg(0));
80 }
81 }
82
83 if(req.algo_name() == "HKDF-Extract" && req.arg_count() == 1)
84 {
85 if(provider.empty() || provider == "base")
86 {
87 return kdf_create_mac_or_hash<HKDF_Extract>(req.arg(0));
88 }
89 }
90
91 if(req.algo_name() == "HKDF-Expand" && req.arg_count() == 1)
92 {
93 if(provider.empty() || provider == "base")
94 {
95 return kdf_create_mac_or_hash<HKDF_Expand>(req.arg(0));
96 }
97 }
98#endif
99
100#if defined(BOTAN_HAS_KDF2)
101 if(req.algo_name() == "KDF2" && req.arg_count() == 1)
102 {
103 if(provider.empty() || provider == "base")
104 {
105 if(auto hash = HashFunction::create(req.arg(0)))
106 return std::make_unique<KDF2>(std::move(hash));
107 }
108 }
109#endif
110
111#if defined(BOTAN_HAS_KDF1_18033)
112 if(req.algo_name() == "KDF1-18033" && req.arg_count() == 1)
113 {
114 if(provider.empty() || provider == "base")
115 {
116 if(auto hash = HashFunction::create(req.arg(0)))
117 return std::make_unique<KDF1_18033>(std::move(hash));
118 }
119 }
120#endif
121
122#if defined(BOTAN_HAS_KDF1)
123 if(req.algo_name() == "KDF1" && req.arg_count() == 1)
124 {
125 if(provider.empty() || provider == "base")
126 {
127 if(auto hash = HashFunction::create(req.arg(0)))
128 return std::make_unique<KDF1>(std::move(hash));
129 }
130 }
131#endif
132
133#if defined(BOTAN_HAS_TLS_V12_PRF)
134 if(req.algo_name() == "TLS-12-PRF" && req.arg_count() == 1)
135 {
136 if(provider.empty() || provider == "base")
137 {
138 return kdf_create_mac_or_hash<TLS_12_PRF>(req.arg(0));
139 }
140 }
141#endif
142
143#if defined(BOTAN_HAS_X942_PRF)
144 if(req.algo_name() == "X9.42-PRF" && req.arg_count() == 1)
145 {
146 if(provider.empty() || provider == "base")
147 {
148 return std::make_unique<X942_PRF>(req.arg(0));
149 }
150 }
151#endif
152
153#if defined(BOTAN_HAS_SP800_108)
154 if(req.algo_name() == "SP800-108-Counter" && req.arg_count() == 1)
155 {
156 if(provider.empty() || provider == "base")
157 {
158 return kdf_create_mac_or_hash<SP800_108_Counter>(req.arg(0));
159 }
160 }
161
162 if(req.algo_name() == "SP800-108-Feedback" && req.arg_count() == 1)
163 {
164 if(provider.empty() || provider == "base")
165 {
166 return kdf_create_mac_or_hash<SP800_108_Feedback>(req.arg(0));
167 }
168 }
169
170 if(req.algo_name() == "SP800-108-Pipeline" && req.arg_count() == 1)
171 {
172 if(provider.empty() || provider == "base")
173 {
174 return kdf_create_mac_or_hash<SP800_108_Pipeline>(req.arg(0));
175 }
176 }
177#endif
178
179#if defined(BOTAN_HAS_SP800_56A)
180 if(req.algo_name() == "SP800-56A" && req.arg_count() == 1)
181 {
182 if(auto hash = HashFunction::create(req.arg(0)))
183 return std::make_unique<SP800_56A_Hash>(std::move(hash));
184 if(auto mac = MessageAuthenticationCode::create(req.arg(0)))
185 return std::make_unique<SP800_56A_HMAC>(std::move(mac));
186 }
187#endif
188
189#if defined(BOTAN_HAS_SP800_56C)
190 if(req.algo_name() == "SP800-56C" && req.arg_count() == 1)
191 {
192 std::unique_ptr<KDF> exp(kdf_create_mac_or_hash<SP800_108_Feedback>(req.arg(0)));
193 if(exp)
194 {
195 if(auto mac = MessageAuthenticationCode::create(req.arg(0)))
196 return std::make_unique<SP800_56C>(std::move(mac), std::move(exp));
197
198 if(auto mac = MessageAuthenticationCode::create("HMAC(" + req.arg(0) + ")"))
199 return std::make_unique<SP800_56C>(std::move(mac), std::move(exp));
200 }
201 }
202#endif
203
204 BOTAN_UNUSED(req);
205 BOTAN_UNUSED(provider);
206
207 return nullptr;
208 }
#define BOTAN_UNUSED(...)
Definition: assert.h:141
static std::unique_ptr< HashFunction > create(const std::string &algo_spec, const std::string &provider="")
Definition: hash.cpp:98
static std::unique_ptr< MessageAuthenticationCode > create(const std::string &algo_spec, const std::string &provider="")
Definition: mac.cpp:46
MechanismType hash

References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_count(), BOTAN_UNUSED, Botan::HashFunction::create(), Botan::MessageAuthenticationCode::create(), and hash.

Referenced by Botan::KDF::create_or_throw(), and Botan::get_kdf().

◆ create_or_throw()

std::unique_ptr< KDF > Botan::KDF::create_or_throw ( const std::string &  algo_spec,
const std::string &  provider = "" 
)
staticinherited

Create an instance based on a name, or throw if the algo/provider combination cannot be found. If provider is empty then best available is chosen.

Definition at line 212 of file kdf.cpp.

214 {
215 if(auto kdf = KDF::create(algo, provider))
216 {
217 return kdf;
218 }
219 throw Lookup_Error("KDF", algo, provider);
220 }
static std::unique_ptr< KDF > create(const std::string &algo_spec, const std::string &provider="")
Definition: kdf.cpp:69
virtual void kdf(uint8_t key[], size_t key_len, const uint8_t secret[], size_t secret_len, const uint8_t salt[], size_t salt_len, const uint8_t label[], size_t label_len) const =0

References Botan::KDF::create(), and Botan::KDF::kdf().

Referenced by botan_kdf(), Botan::ECIES_KA_Operation::derive_secret(), Botan::PK_Ops::KEM_Decryption_with_KDF::KEM_Decryption_with_KDF(), Botan::PK_Ops::KEM_Encryption_with_KDF::KEM_Encryption_with_KDF(), Botan::PK_Ops::Key_Agreement_with_KDF::Key_Agreement_with_KDF(), and Botan::TLS::Handshake_State::protocol_specific_prf().

◆ derive_key() [1/5]

secure_vector< uint8_t > Botan::KDF::derive_key ( size_t  key_len,
const secure_vector< uint8_t > &  secret,
const std::string &  salt = "",
const std::string &  label = "" 
) const
inlineinherited

Derive a key

Parameters
key_lenthe desired output length in bytes
secretthe secret input
salta diversifier
labelpurpose for the derived keying material
Returns
the derived key

Definition at line 103 of file kdf.h.

107 {
108 return derive_key(key_len, secret.data(), secret.size(),
109 cast_char_ptr_to_uint8(salt.data()),
110 salt.length(),
111 cast_char_ptr_to_uint8(label.data()),
112 label.length());
113
114 }
secure_vector< uint8_t > derive_key(size_t key_len, const uint8_t secret[], size_t secret_len, const uint8_t salt[], size_t salt_len, const uint8_t label[]=nullptr, size_t label_len=0) const
Definition: kdf.h:82
const uint8_t * cast_char_ptr_to_uint8(const char *s)
Definition: mem_ops.h:183

References Botan::cast_char_ptr_to_uint8().

◆ derive_key() [2/5]

secure_vector< uint8_t > Botan::KDF::derive_key ( size_t  key_len,
const secure_vector< uint8_t > &  secret,
const uint8_t  salt[],
size_t  salt_len,
const std::string &  label = "" 
) const
inlineinherited

Derive a key

Parameters
key_lenthe desired output length in bytes
secretthe secret input
salta diversifier
salt_lensize of salt in bytes
labelpurpose for the derived keying material
Returns
the derived key

Definition at line 145 of file kdf.h.

150 {
151 return derive_key(key_len,
152 secret.data(), secret.size(),
153 salt, salt_len,
154 cast_char_ptr_to_uint8(label.data()),
155 label.size());
156 }
size_t salt_len
Definition: x509_obj.cpp:25

References Botan::cast_char_ptr_to_uint8(), and salt_len.

◆ derive_key() [3/5]

template<typename Alloc , typename Alloc2 , typename Alloc3 >
secure_vector< uint8_t > Botan::KDF::derive_key ( size_t  key_len,
const std::vector< uint8_t, Alloc > &  secret,
const std::vector< uint8_t, Alloc2 > &  salt,
const std::vector< uint8_t, Alloc3 > &  label 
) const
inlineinherited

Derive a key

Parameters
key_lenthe desired output length in bytes
secretthe secret input
salta diversifier
labelpurpose for the derived keying material
Returns
the derived key

Definition at line 125 of file kdf.h.

129 {
130 return derive_key(key_len,
131 secret.data(), secret.size(),
132 salt.data(), salt.size(),
133 label.data(), label.size());
134 }

◆ derive_key() [4/5]

secure_vector< uint8_t > Botan::KDF::derive_key ( size_t  key_len,
const uint8_t  secret[],
size_t  secret_len,
const std::string &  salt = "",
const std::string &  label = "" 
) const
inlineinherited

Derive a key

Parameters
key_lenthe desired output length in bytes
secretthe secret input
secret_lensize of secret in bytes
salta diversifier
labelpurpose for the derived keying material
Returns
the derived key

Definition at line 167 of file kdf.h.

172 {
173 return derive_key(key_len, secret, secret_len,
174 cast_char_ptr_to_uint8(salt.data()),
175 salt.length(),
176 cast_char_ptr_to_uint8(label.data()),
177 label.length());
178 }

References Botan::cast_char_ptr_to_uint8().

◆ derive_key() [5/5]

secure_vector< uint8_t > Botan::KDF::derive_key ( size_t  key_len,
const uint8_t  secret[],
size_t  secret_len,
const uint8_t  salt[],
size_t  salt_len,
const uint8_t  label[] = nullptr,
size_t  label_len = 0 
) const
inlineinherited

Derive a key

Parameters
key_lenthe desired output length in bytes
secretthe secret input
secret_lensize of secret in bytes
salta diversifier
salt_lensize of salt in bytes
labelpurpose for the derived keying material
label_lensize of label in bytes
Returns
the derived key

Definition at line 82 of file kdf.h.

89 {
90 secure_vector<uint8_t> key(key_len);
91 kdf(key.data(), key.size(), secret, secret_len, salt, salt_len, label, label_len);
92 return key;
93 }

References salt_len.

◆ kdf()

void Botan::X942_PRF::kdf ( uint8_t  key[],
size_t  key_len,
const uint8_t  secret[],
size_t  secret_len,
const uint8_t  salt[],
size_t  salt_len,
const uint8_t  label[],
size_t  label_len 
) const
overridevirtual

Derive a key

Parameters
keybuffer holding the derived key, must be of length key_len
key_lenthe desired output length in bytes
secretthe secret input
secret_lensize of secret in bytes
salta diversifier
salt_lensize of salt in bytes
labelpurpose for the derived keying material
label_lensize of label in bytes

Implements Botan::KDF.

Definition at line 33 of file prf_x942.cpp.

37 {
38 if(key_len == 0)
39 return;
40
41 const size_t blocks_required = key_len / 20; // Fixed to use SHA-1
42
43 if(blocks_required >= 0xFFFFFFFE)
44 throw Invalid_Argument("X942_PRF maximum output length exceeeded");
45
46 std::unique_ptr<HashFunction> hash(HashFunction::create("SHA-160"));
47
48 secure_vector<uint8_t> h;
49 secure_vector<uint8_t> in;
50 size_t offset = 0;
51 uint32_t counter = 1;
52
53 in.reserve(salt_len + label_len);
54 in += std::make_pair(label,label_len);
55 in += std::make_pair(salt,salt_len);
56
57 while(offset != key_len && counter)
58 {
59 hash->update(secret, secret_len);
60
61 hash->update(
62 DER_Encoder().start_sequence()
63
64 .start_sequence()
65 .encode(m_key_wrap_oid)
66 .raw_bytes(encode_x942_int(counter))
67 .end_cons()
68
69 .encode_if(salt_len != 0,
70 DER_Encoder()
71 .start_explicit(0)
73 .end_explicit()
74 )
75
76 .start_explicit(2)
77 .raw_bytes(encode_x942_int(static_cast<uint32_t>(8 * key_len)))
78 .end_explicit()
79
80 .end_cons().get_contents()
81 );
82
83 hash->final(h);
84 const size_t copied = std::min(h.size(), key_len - offset);
85 copy_mem(&key[offset], h.data(), copied);
86 offset += copied;
87
88 ++counter;
89 BOTAN_ASSERT_NOMSG(counter != 0);
90 }
91 }
#define BOTAN_ASSERT_NOMSG(expr)
Definition: assert.h:67
std::string encode(const uint8_t der[], size_t length, const std::string &label, size_t width)
Definition: pem.cpp:41
constexpr void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:126

References BOTAN_ASSERT_NOMSG, Botan::copy_mem(), Botan::HashFunction::create(), Botan::PEM_Code::encode(), hash, Botan::OctetString, and salt_len.

◆ name()

std::string Botan::X942_PRF::name ( ) const
overridevirtual
Returns
KDF name

Implements Botan::KDF.

Definition at line 93 of file prf_x942.cpp.

94 {
95 return "X9.42-PRF(" + m_key_wrap_oid.to_formatted_string() + ")";
96 }
std::string to_formatted_string() const
Definition: asn1_oid.cpp:109

References Botan::OID::to_formatted_string().

◆ new_object()

std::unique_ptr< KDF > Botan::X942_PRF::new_object ( ) const
inlineoverridevirtual
Returns
new object representing the same algorithm as *this

Implements Botan::KDF.

Definition at line 24 of file prf_x942.h.

24{ return std::make_unique<X942_PRF>(m_key_wrap_oid); }

◆ providers()

std::vector< std::string > Botan::KDF::providers ( const std::string &  algo_spec)
staticinherited
Returns
list of available providers for this algorithm, empty if not available

Definition at line 222 of file kdf.cpp.

223 {
224 return probe_providers_of<KDF>(algo_spec);
225 }

The documentation for this class was generated from the following files: