Botan  2.13.0
Crypto and TLS for C++11
sp800_108.h
Go to the documentation of this file.
1 /*
2 * KDFs defined in NIST SP 800-108
3 * (C) 2016 Kai Michaelis
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #ifndef BOTAN_SP800_108_H_
9 #define BOTAN_SP800_108_H_
10 
11 #include <botan/kdf.h>
12 #include <botan/mac.h>
13 
15 
16 namespace Botan {
17 
18 /**
19  * NIST SP 800-108 KDF in Counter Mode (5.1)
20  */
22  {
23  public:
24  std::string name() const override { return "SP800-108-Counter(" + m_prf->name() + ")"; }
25 
26  KDF* clone() const override { return new SP800_108_Counter(m_prf->clone()); }
27 
28  /**
29  * Derive a key using the SP800-108 KDF in Counter mode.
30  *
31  * The implementation hard codes the length of [L]_2
32  * and [i]_2 (the value r) to 32 bits.
33  *
34  * @param key resulting keying material
35  * @param key_len the desired output length in bytes
36  * @param secret K_I
37  * @param secret_len size of K_I in bytes
38  * @param salt Context
39  * @param salt_len size of Context in bytes
40  * @param label Label
41  * @param label_len size of Label in bytes
42  *
43  * @throws Invalid_Argument key_len > 2^32
44  */
45  size_t kdf(uint8_t key[], size_t key_len,
46  const uint8_t secret[], size_t secret_len,
47  const uint8_t salt[], size_t salt_len,
48  const uint8_t label[], size_t label_len) const override;
49 
50  /**
51  * @param mac MAC algorithm to use
52  */
53  explicit SP800_108_Counter(MessageAuthenticationCode* mac) : m_prf(mac) {}
54  private:
55  std::unique_ptr<MessageAuthenticationCode> m_prf;
56  };
57 
58 /**
59  * NIST SP 800-108 KDF in Feedback Mode (5.2)
60  */
62  {
63  public:
64  std::string name() const override { return "SP800-108-Feedback(" + m_prf->name() + ")"; }
65 
66  KDF* clone() const override { return new SP800_108_Feedback(m_prf->clone()); }
67 
68  /**
69  * Derive a key using the SP800-108 KDF in Feedback mode.
70  *
71  * The implementation uses the optional counter i and hard
72  * codes the length of [L]_2 and [i]_2 (the value r) to 32 bits.
73  *
74  * @param key resulting keying material
75  * @param key_len the desired output length in bytes
76  * @param secret K_I
77  * @param secret_len size of K_I in bytes
78  * @param salt IV || Context
79  * @param salt_len size of Context plus IV in bytes
80  * @param label Label
81  * @param label_len size of Label in bytes
82  *
83  * @throws Invalid_Argument key_len > 2^32
84  */
85  size_t kdf(uint8_t key[], size_t key_len,
86  const uint8_t secret[], size_t secret_len,
87  const uint8_t salt[], size_t salt_len,
88  const uint8_t label[], size_t label_len) const override;
89 
90  explicit SP800_108_Feedback(MessageAuthenticationCode* mac) : m_prf(mac) {}
91  private:
92  std::unique_ptr<MessageAuthenticationCode> m_prf;
93  };
94 
95 /**
96  * NIST SP 800-108 KDF in Double Pipeline Mode (5.3)
97  */
99  {
100  public:
101  std::string name() const override { return "SP800-108-Pipeline(" + m_prf->name() + ")"; }
102 
103  KDF* clone() const override { return new SP800_108_Pipeline(m_prf->clone()); }
104 
105  /**
106  * Derive a key using the SP800-108 KDF in Double Pipeline mode.
107  *
108  * The implementation uses the optional counter i and hard
109  * codes the length of [L]_2 and [i]_2 (the value r) to 32 bits.
110  *
111  * @param key resulting keying material
112  * @param key_len the desired output length in bytes
113  * @param secret K_I
114  * @param secret_len size of K_I in bytes
115  * @param salt Context
116  * @param salt_len size of Context in bytes
117  * @param label Label
118  * @param label_len size of Label in bytes
119  *
120  * @throws Invalid_Argument key_len > 2^32
121  */
122  size_t kdf(uint8_t key[], size_t key_len,
123  const uint8_t secret[], size_t secret_len,
124  const uint8_t salt[], size_t salt_len,
125  const uint8_t label[], size_t label_len) const override;
126 
127  explicit SP800_108_Pipeline(MessageAuthenticationCode* mac) : m_prf(mac) {}
128 
129  private:
130  std::unique_ptr<MessageAuthenticationCode> m_prf;
131  };
132 
133 }
134 
135 #endif
std::string name() const override
Definition: sp800_108.h:24
std::string name() const override
Definition: sp800_108.h:101
int(* final)(unsigned char *, CTX *)
KDF * clone() const override
Definition: sp800_108.h:66
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
size_t salt_len
Definition: x509_obj.cpp:25
Definition: alg_id.cpp:13
KDF * clone() const override
Definition: sp800_108.h:26
SP800_108_Feedback(MessageAuthenticationCode *mac)
Definition: sp800_108.h:90
Definition: kdf.h:20
SP800_108_Pipeline(MessageAuthenticationCode *mac)
Definition: sp800_108.h:127
virtual size_t kdf(uint8_t key[], size_t key_len, const uint8_t secret[], size_t secret_len, const uint8_t salt[], size_t salt_len, const uint8_t label[], size_t label_len) const =0
KDF * clone() const override
Definition: sp800_108.h:103
SP800_108_Counter(MessageAuthenticationCode *mac)
Definition: sp800_108.h:53
#define BOTAN_FUTURE_INTERNAL_HEADER(hdr)
Definition: compiler.h:139
std::string name() const override
Definition: sp800_108.h:64