Botan  2.8.0
Crypto and TLS for C++11
sp800_108.h
Go to the documentation of this file.
1 /*
2 * KDFs defined in NIST SP 800-108
3 * (C) 2016 Kai Michaelis
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #ifndef BOTAN_SP800_108_H_
9 #define BOTAN_SP800_108_H_
10 
11 #include <botan/kdf.h>
12 #include <botan/mac.h>
13 
14 namespace Botan {
15 
16 /**
17  * NIST SP 800-108 KDF in Counter Mode (5.1)
18  */
20  {
21  public:
22  std::string name() const override { return "SP800-108-Counter(" + m_prf->name() + ")"; }
23 
24  KDF* clone() const override { return new SP800_108_Counter(m_prf->clone()); }
25 
26  /**
27  * Derive a key using the SP800-108 KDF in Counter mode.
28  *
29  * The implementation hard codes the length of [L]_2
30  * and [i]_2 (the value r) to 32 bits.
31  *
32  * @param key resulting keying material
33  * @param key_len the desired output length in bytes
34  * @param secret K_I
35  * @param secret_len size of K_I in bytes
36  * @param salt Context
37  * @param salt_len size of Context in bytes
38  * @param label Label
39  * @param label_len size of Label in bytes
40  *
41  * @throws Invalid_Argument key_len > 2^32
42  */
43  size_t kdf(uint8_t key[], size_t key_len,
44  const uint8_t secret[], size_t secret_len,
45  const uint8_t salt[], size_t salt_len,
46  const uint8_t label[], size_t label_len) const override;
47 
48  /**
49  * @param mac MAC algorithm to use
50  */
51  explicit SP800_108_Counter(MessageAuthenticationCode* mac) : m_prf(mac) {}
52  private:
53  std::unique_ptr<MessageAuthenticationCode> m_prf;
54  };
55 
56 /**
57  * NIST SP 800-108 KDF in Feedback Mode (5.2)
58  */
60  {
61  public:
62  std::string name() const override { return "SP800-108-Feedback(" + m_prf->name() + ")"; }
63 
64  KDF* clone() const override { return new SP800_108_Feedback(m_prf->clone()); }
65 
66  /**
67  * Derive a key using the SP800-108 KDF in Feedback mode.
68  *
69  * The implementation uses the optional counter i and hard
70  * codes the length of [L]_2 and [i]_2 (the value r) to 32 bits.
71  *
72  * @param key resulting keying material
73  * @param key_len the desired output length in bytes
74  * @param secret K_I
75  * @param secret_len size of K_I in bytes
76  * @param salt IV || Context
77  * @param salt_len size of Context plus IV in bytes
78  * @param label Label
79  * @param label_len size of Label in bytes
80  *
81  * @throws Invalid_Argument key_len > 2^32
82  */
83  size_t kdf(uint8_t key[], size_t key_len,
84  const uint8_t secret[], size_t secret_len,
85  const uint8_t salt[], size_t salt_len,
86  const uint8_t label[], size_t label_len) const override;
87 
88  explicit SP800_108_Feedback(MessageAuthenticationCode* mac) : m_prf(mac) {}
89  private:
90  std::unique_ptr<MessageAuthenticationCode> m_prf;
91  };
92 
93 /**
94  * NIST SP 800-108 KDF in Double Pipeline Mode (5.3)
95  */
97  {
98  public:
99  std::string name() const override { return "SP800-108-Pipeline(" + m_prf->name() + ")"; }
100 
101  KDF* clone() const override { return new SP800_108_Pipeline(m_prf->clone()); }
102 
103  /**
104  * Derive a key using the SP800-108 KDF in Double Pipeline mode.
105  *
106  * The implementation uses the optional counter i and hard
107  * codes the length of [L]_2 and [i]_2 (the value r) to 32 bits.
108  *
109  * @param key resulting keying material
110  * @param key_len the desired output length in bytes
111  * @param secret K_I
112  * @param secret_len size of K_I in bytes
113  * @param salt Context
114  * @param salt_len size of Context in bytes
115  * @param label Label
116  * @param label_len size of Label in bytes
117  *
118  * @throws Invalid_Argument key_len > 2^32
119  */
120  size_t kdf(uint8_t key[], size_t key_len,
121  const uint8_t secret[], size_t secret_len,
122  const uint8_t salt[], size_t salt_len,
123  const uint8_t label[], size_t label_len) const override;
124 
125  explicit SP800_108_Pipeline(MessageAuthenticationCode* mac) : m_prf(mac) {}
126 
127  private:
128  std::unique_ptr<MessageAuthenticationCode> m_prf;
129  };
130 
131 }
132 
133 #endif
std::string name() const override
Definition: sp800_108.h:22
std::string name() const override
Definition: sp800_108.h:99
int(* final)(unsigned char *, CTX *)
KDF * clone() const override
Definition: sp800_108.h:64
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:27
size_t salt_len
Definition: x509_obj.cpp:26
Definition: alg_id.cpp:13
KDF * clone() const override
Definition: sp800_108.h:24
SP800_108_Feedback(MessageAuthenticationCode *mac)
Definition: sp800_108.h:88
Definition: kdf.h:20
SP800_108_Pipeline(MessageAuthenticationCode *mac)
Definition: sp800_108.h:125
KDF * clone() const override
Definition: sp800_108.h:101
SP800_108_Counter(MessageAuthenticationCode *mac)
Definition: sp800_108.h:51
std::string name() const override
Definition: sp800_108.h:62