Botan 3.7.1
Crypto and TLS for C&
kdf2.cpp
Go to the documentation of this file.
1/*
2* KDF2
3* (C) 1999-2007 Jack Lloyd
4* (C) 2024 René Meusel, Rohde & Schwarz Cybersecurity
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#include <botan/internal/kdf2.h>
10
11#include <botan/exceptn.h>
12#include <botan/internal/bit_ops.h>
13#include <botan/internal/fmt.h>
14#include <botan/internal/stl_util.h>
15
16namespace Botan {
17
18std::string KDF2::name() const {
19 return fmt("KDF2({})", m_hash->name());
20}
21
22std::unique_ptr<KDF> KDF2::new_object() const {
23 return std::make_unique<KDF2>(m_hash->new_object());
24}
25
26void KDF2::perform_kdf(std::span<uint8_t> key,
27 std::span<const uint8_t> secret,
28 std::span<const uint8_t> salt,
29 std::span<const uint8_t> label) const {
30 if(key.empty()) {
31 return;
32 }
33
34 const size_t hash_output_length = m_hash->output_length();
35 const auto blocks_required = ceil_division<uint64_t /* for 32bit systems */>(key.size(), hash_output_length);
36
37 // This KDF uses a 32-bit counter for the hash blocks, initialized at 1.
38 // It will wrap around after 2^32 - 1 iterations limiting the theoretically
39 // possible output to 2^32 - 1 blocks.
40 BOTAN_ARG_CHECK(blocks_required <= 0xFFFFFFFE, "KDF2 maximum output length exceeeded");
41
42 BufferStuffer k(key);
43 for(uint32_t counter = 1; !k.full(); ++counter) {
44 BOTAN_ASSERT_NOMSG(counter != 0); // no overflow
45
46 m_hash->update(secret);
47 m_hash->update_be(counter);
48 m_hash->update(label);
49 m_hash->update(salt);
50
51 // Write straight into the output buffer, except if the hash output needs
52 // a truncation in the final iteration.
53 if(k.remaining_capacity() >= hash_output_length) {
54 m_hash->final(k.next(hash_output_length));
55 } else {
56 const auto h = m_hash->final();
57 k.append(std::span{h}.first(k.remaining_capacity()));
58 }
59 }
60}
61
62} // namespace Botan
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:29
std::unique_ptr< KDF > new_object() const override
Definition kdf2.cpp:22
std::string name() const override
Definition kdf2.cpp:18
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53
constexpr T ceil_division(T a, T b)
Definition bit_ops.h:160