doxygen/prf__x942_8cpp_source.html

/*

* X9.42 PRF

* (C) 1999-2007 Jack Lloyd

*

* Botan is released under the Simplified BSD License (see license.txt)

*/


#include <botan/internal/prf_x942.h>


#include <botan/der_enc.h>

#include <botan/hash.h>

#include <botan/internal/loadstor.h>

#include <algorithm>


namespace Botan {


namespace {


/*

* Encode an integer as an OCTET STRING

*/

std::vector<uint8_t> encode_x942_int(uint32_t n) {

   uint8_t n_buf[4] = {0};

   store_be(n, n_buf);


   std::vector<uint8_t> output;

   DER_Encoder(output).encode(n_buf, 4, ASN1_Type::OctetString);

   return output;

}


}  // namespace


void X942_PRF::kdf(uint8_t key[],

                   size_t key_len,

                   const uint8_t secret[],

                   size_t secret_len,

                   const uint8_t salt[],

                   size_t salt_len,

                   const uint8_t label[],

                   size_t label_len) const {

   if(key_len == 0) {

      return;

   }


   const size_t blocks_required = key_len / 20;  // Fixed to use SHA-1


   if(blocks_required >= 0xFFFFFFFE) {

      throw Invalid_Argument("X942_PRF maximum output length exceeeded");

   }


   auto hash = HashFunction::create("SHA-1");


   secure_vector<uint8_t> h;

   secure_vector<uint8_t> in;

   size_t offset = 0;

   uint32_t counter = 1;


   in.reserve(salt_len + label_len);

   in += std::make_pair(label, label_len);

   in += std::make_pair(salt, salt_len);


   while(offset != key_len && counter) {

      hash->update(secret, secret_len);


      hash->update(

         DER_Encoder()

            .start_sequence()


            .start_sequence()

            .encode(m_key_wrap_oid)

            .raw_bytes(encode_x942_int(counter))

            .end_cons()


            .encode_if(salt_len != 0, DER_Encoder().start_explicit(0).encode(in, ASN1_Type::OctetString).end_explicit())


            .start_explicit(2)

            .raw_bytes(encode_x942_int(static_cast<uint32_t>(8 * key_len)))

            .end_explicit()


            .end_cons()

            .get_contents());


      hash->final(h);

      const size_t copied = std::min(h.size(), key_len - offset);

      copy_mem(&key[offset], h.data(), copied);

      offset += copied;


      ++counter;

      BOTAN_ASSERT_NOMSG(counter != 0);

   }

}


std::string X942_PRF::name() const {

   return "X9.42-PRF(" + m_key_wrap_oid.to_formatted_string() + ")";

}


}  // namespace Botan

BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59

Botan::DER_Encoder
Definition der_enc.h:22

Botan::HashFunction::create
static std::unique_ptr< HashFunction > create(std::string_view algo_spec, std::string_view provider="")
Definition hash.cpp:103

Botan::Invalid_Argument
Definition exceptn.h:131

Botan::OID::to_formatted_string
std::string to_formatted_string() const
Definition asn1_oid.cpp:114

Botan::X942_PRF::name
std::string name() const override
Definition prf_x942.cpp:93

Botan::X942_PRF::kdf
void kdf(uint8_t key[], size_t key_len, const uint8_t secret[], size_t secret_len, const uint8_t salt[], size_t salt_len, const uint8_t label[], size_t label_len) const override
Definition prf_x942.cpp:33

Botan
Definition alg_id.cpp:13

Botan::ASN1_Type::OctetString
@ OctetString

Botan::copy_mem
constexpr void copy_mem(T *out, const T *in, size_t n)
Definition mem_ops.h:120

Botan::store_be
constexpr void store_be(uint16_t in, uint8_t out[2])
Definition loadstor.h:389

Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61