Botan 2.19.1
Crypto and TLS for C&
sp800_108.h
Go to the documentation of this file.
1/*
2* KDFs defined in NIST SP 800-108
3* (C) 2016 Kai Michaelis
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#ifndef BOTAN_SP800_108_H_
9#define BOTAN_SP800_108_H_
10
11#include <botan/kdf.h>
12#include <botan/mac.h>
13
15
16namespace Botan {
17
18/**
19 * NIST SP 800-108 KDF in Counter Mode (5.1)
20 */
22 {
23 public:
24 std::string name() const override { return "SP800-108-Counter(" + m_prf->name() + ")"; }
25
26 KDF* clone() const override { return new SP800_108_Counter(m_prf->clone()); }
27
28 /**
29 * Derive a key using the SP800-108 KDF in Counter mode.
30 *
31 * The implementation hard codes the length of [L]_2
32 * and [i]_2 (the value r) to 32 bits.
33 *
34 * @param key resulting keying material
35 * @param key_len the desired output length in bytes
36 * @param secret K_I
37 * @param secret_len size of K_I in bytes
38 * @param salt Context
39 * @param salt_len size of Context in bytes
40 * @param label Label
41 * @param label_len size of Label in bytes
42 *
43 * @throws Invalid_Argument key_len > 2^32
44 */
45 size_t kdf(uint8_t key[], size_t key_len,
46 const uint8_t secret[], size_t secret_len,
47 const uint8_t salt[], size_t salt_len,
48 const uint8_t label[], size_t label_len) const override;
49
50 /**
51 * @param mac MAC algorithm to use
52 */
53 explicit SP800_108_Counter(MessageAuthenticationCode* mac) : m_prf(mac) {}
54 private:
55 std::unique_ptr<MessageAuthenticationCode> m_prf;
56 };
57
58/**
59 * NIST SP 800-108 KDF in Feedback Mode (5.2)
60 */
62 {
63 public:
64 std::string name() const override { return "SP800-108-Feedback(" + m_prf->name() + ")"; }
65
66 KDF* clone() const override { return new SP800_108_Feedback(m_prf->clone()); }
67
68 /**
69 * Derive a key using the SP800-108 KDF in Feedback mode.
70 *
71 * The implementation uses the optional counter i and hard
72 * codes the length of [L]_2 and [i]_2 (the value r) to 32 bits.
73 *
74 * @param key resulting keying material
75 * @param key_len the desired output length in bytes
76 * @param secret K_I
77 * @param secret_len size of K_I in bytes
78 * @param salt IV || Context
79 * @param salt_len size of Context plus IV in bytes
80 * @param label Label
81 * @param label_len size of Label in bytes
82 *
83 * @throws Invalid_Argument key_len > 2^32
84 */
85 size_t kdf(uint8_t key[], size_t key_len,
86 const uint8_t secret[], size_t secret_len,
87 const uint8_t salt[], size_t salt_len,
88 const uint8_t label[], size_t label_len) const override;
89
90 explicit SP800_108_Feedback(MessageAuthenticationCode* mac) : m_prf(mac) {}
91 private:
92 std::unique_ptr<MessageAuthenticationCode> m_prf;
93 };
94
95/**
96 * NIST SP 800-108 KDF in Double Pipeline Mode (5.3)
97 */
99 {
100 public:
101 std::string name() const override { return "SP800-108-Pipeline(" + m_prf->name() + ")"; }
102
103 KDF* clone() const override { return new SP800_108_Pipeline(m_prf->clone()); }
104
105 /**
106 * Derive a key using the SP800-108 KDF in Double Pipeline mode.
107 *
108 * The implementation uses the optional counter i and hard
109 * codes the length of [L]_2 and [i]_2 (the value r) to 32 bits.
110 *
111 * @param key resulting keying material
112 * @param key_len the desired output length in bytes
113 * @param secret K_I
114 * @param secret_len size of K_I in bytes
115 * @param salt Context
116 * @param salt_len size of Context in bytes
117 * @param label Label
118 * @param label_len size of Label in bytes
119 *
120 * @throws Invalid_Argument key_len > 2^32
121 */
122 size_t kdf(uint8_t key[], size_t key_len,
123 const uint8_t secret[], size_t secret_len,
124 const uint8_t salt[], size_t salt_len,
125 const uint8_t label[], size_t label_len) const override;
126
127 explicit SP800_108_Pipeline(MessageAuthenticationCode* mac) : m_prf(mac) {}
128
129 private:
130 std::unique_ptr<MessageAuthenticationCode> m_prf;
131 };
132
133}
134
135#endif
Definition: kdf.h:21
virtual size_t kdf(uint8_t key[], size_t key_len, const uint8_t secret[], size_t secret_len, const uint8_t salt[], size_t salt_len, const uint8_t label[], size_t label_len) const =0
KDF * clone() const override
Definition: sp800_108.h:26
SP800_108_Counter(MessageAuthenticationCode *mac)
Definition: sp800_108.h:53
std::string name() const override
Definition: sp800_108.h:24
std::string name() const override
Definition: sp800_108.h:64
KDF * clone() const override
Definition: sp800_108.h:66
SP800_108_Feedback(MessageAuthenticationCode *mac)
Definition: sp800_108.h:90
SP800_108_Pipeline(MessageAuthenticationCode *mac)
Definition: sp800_108.h:127
KDF * clone() const override
Definition: sp800_108.h:103
std::string name() const override
Definition: sp800_108.h:101
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
#define BOTAN_FUTURE_INTERNAL_HEADER(hdr)
Definition: compiler.h:136
Definition: alg_id.cpp:13
size_t salt_len
Definition: x509_obj.cpp:25