Botan 3.8.1
Crypto and TLS for C&
sp800_108.h
Go to the documentation of this file.
1/*
2* KDFs defined in NIST SP 800-108
3* (C) 2016 Kai Michaelis
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#ifndef BOTAN_SP800_108_H_
9#define BOTAN_SP800_108_H_
10
11#include <botan/kdf.h>
12#include <botan/mac.h>
13
14namespace Botan {
15
16/**
17 * NIST SP 800-108 KDF in Counter Mode (5.1)
18 */
19class SP800_108_Counter final : public KDF {
20 public:
21 std::string name() const override;
22
23 std::unique_ptr<KDF> new_object() const override;
24
25 /**
26 * @param mac MAC algorithm to use
27 * @param r encoding bit-length of the internal counter {8, 16, 24, or 32}
28 * @param L encoding bit-length of the output length in bits {8, 16, 24, or 32}
29 */
30 SP800_108_Counter(std::unique_ptr<MessageAuthenticationCode> mac, size_t r, size_t L);
31
32 private:
33 /**
34 * Derive a key using the SP800-108 KDF in Counter mode.
35 *
36 * The implementation hard codes the length of [L]_2
37 * and [i]_2 (the value r) to 32 bits.
38 *
39 * @param key resulting keying material
40 * @param secret K_I
41 * @param salt Context
42 * @param label Label
43 *
44 * @throws Invalid_Argument key_len > 2^32
45 */
46 void perform_kdf(std::span<uint8_t> key,
47 std::span<const uint8_t> secret,
48 std::span<const uint8_t> salt,
49 std::span<const uint8_t> label) const override;
50
51 private:
52 std::unique_ptr<MessageAuthenticationCode> m_prf;
53 size_t m_counter_bits;
54 size_t m_output_length_bits;
55};
56
57/**
58 * NIST SP 800-108 KDF in Feedback Mode (5.2)
59 */
60class SP800_108_Feedback final : public KDF {
61 public:
62 std::string name() const override;
63
64 std::unique_ptr<KDF> new_object() const override;
65
66 /**
67 * @param mac MAC algorithm to use
68 * @param r encoding bit-length of the internal counter {8, 16, 24, or 32}
69 * @param L encoding bit-length of the output length in bits {8, 16, 24, or 32}
70 */
71 SP800_108_Feedback(std::unique_ptr<MessageAuthenticationCode> mac, size_t r, size_t L);
72
73 private:
74 /**
75 * Derive a key using the SP800-108 KDF in Feedback mode.
76 *
77 * The implementation uses the optional counter i and hard
78 * codes the length of [L]_2 and [i]_2 (the value r) to 32 bits.
79 *
80 * @param key resulting keying material
81 * @param secret K_I
82 * @param salt IV || Context
83 * @param label Label
84 *
85 * @throws Invalid_Argument key_len > 2^32
86 */
87 void perform_kdf(std::span<uint8_t> key,
88 std::span<const uint8_t> secret,
89 std::span<const uint8_t> salt,
90 std::span<const uint8_t> label) const override;
91
92 private:
93 std::unique_ptr<MessageAuthenticationCode> m_prf;
94 size_t m_counter_bits;
95 size_t m_output_length_bits;
96};
97
98/**
99 * NIST SP 800-108 KDF in Double Pipeline Mode (5.3)
100 */
101class SP800_108_Pipeline final : public KDF {
102 public:
103 std::string name() const override;
104
105 std::unique_ptr<KDF> new_object() const override;
106
107 /**
108 * @param mac MAC algorithm to use
109 * @param r encoding bit-length of the internal counter {8, 16, 24, or 32}
110 * @param L encoding bit-length of the output length in bits {8, 16, 24, or 32}
111 */
112 SP800_108_Pipeline(std::unique_ptr<MessageAuthenticationCode> mac, size_t r, size_t L);
113
114 private:
115 /**
116 * Derive a key using the SP800-108 KDF in Double Pipeline mode.
117 *
118 * The implementation uses the optional counter i and hard
119 * codes the length of [L]_2 and [i]_2 (the value r) to 32 bits.
120 *
121 * @param key resulting keying material
122 * @param secret K_I
123 * @param salt Context
124 * @param label Label
125 *
126 * @throws Invalid_Argument key_len > 2^32
127 */
128 void perform_kdf(std::span<uint8_t> key,
129 std::span<const uint8_t> secret,
130 std::span<const uint8_t> salt,
131 std::span<const uint8_t> label) const override;
132
133 private:
134 std::unique_ptr<MessageAuthenticationCode> m_prf;
135 size_t m_counter_bits;
136 size_t m_output_length_bits;
137};
138
139} // namespace Botan
140
141#endif
Botan::SP800_108_Counter::SP800_108_Counter
SP800_108_Counter(std::unique_ptr< MessageAuthenticationCode > mac, size_t r, size_t L)
Definition sp800_108.cpp:85
Botan::SP800_108_Counter::name
std::string name() const override
Definition sp800_108.cpp:90
Botan::SP800_108_Counter::new_object
std::unique_ptr< KDF > new_object() const override
Definition sp800_108.cpp:97
Botan::SP800_108_Feedback::name
std::string name() const override
Definition sp800_108.cpp:142
Botan::SP800_108_Feedback::SP800_108_Feedback
SP800_108_Feedback(std::unique_ptr< MessageAuthenticationCode > mac, size_t r, size_t L)
Definition sp800_108.cpp:137
Botan::SP800_108_Feedback::new_object
std::unique_ptr< KDF > new_object() const override
Definition sp800_108.cpp:149
Botan::SP800_108_Pipeline::new_object
std::unique_ptr< KDF > new_object() const override
Definition sp800_108.cpp:202
Botan::SP800_108_Pipeline::name
std::string name() const override
Definition sp800_108.cpp:195
Botan::SP800_108_Pipeline::SP800_108_Pipeline
SP800_108_Pipeline(std::unique_ptr< MessageAuthenticationCode > mac, size_t r, size_t L)
Definition sp800_108.cpp:190
Generated by doxygen 1.13.2