Botan 3.0.0-alpha0
Crypto and TLS for C&
sp800_108.h
Go to the documentation of this file.
1/*
2* KDFs defined in NIST SP 800-108
3* (C) 2016 Kai Michaelis
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#ifndef BOTAN_SP800_108_H_
9#define BOTAN_SP800_108_H_
10
11#include <botan/kdf.h>
12#include <botan/mac.h>
13
14namespace Botan {
15
16/**
17 * NIST SP 800-108 KDF in Counter Mode (5.1)
18 */
20 {
21 public:
22 std::string name() const override { return "SP800-108-Counter(" + m_prf->name() + ")"; }
23
24 std::unique_ptr<KDF> new_object() const override { return std::make_unique<SP800_108_Counter>(m_prf->new_object()); }
25
26 /**
27 * Derive a key using the SP800-108 KDF in Counter mode.
28 *
29 * The implementation hard codes the length of [L]_2
30 * and [i]_2 (the value r) to 32 bits.
31 *
32 * @param key resulting keying material
33 * @param key_len the desired output length in bytes
34 * @param secret K_I
35 * @param secret_len size of K_I in bytes
36 * @param salt Context
37 * @param salt_len size of Context in bytes
38 * @param label Label
39 * @param label_len size of Label in bytes
40 *
41 * @throws Invalid_Argument key_len > 2^32
42 */
43 void kdf(uint8_t key[], size_t key_len,
44 const uint8_t secret[], size_t secret_len,
45 const uint8_t salt[], size_t salt_len,
46 const uint8_t label[], size_t label_len) const override;
47
48 /**
49 * @param mac MAC algorithm to use
50 */
51 explicit SP800_108_Counter(std::unique_ptr<MessageAuthenticationCode> mac) : m_prf(std::move(mac)) {}
52 private:
53 std::unique_ptr<MessageAuthenticationCode> m_prf;
54 };
55
56/**
57 * NIST SP 800-108 KDF in Feedback Mode (5.2)
58 */
60 {
61 public:
62 std::string name() const override { return "SP800-108-Feedback(" + m_prf->name() + ")"; }
63
64 std::unique_ptr<KDF> new_object() const override { return std::make_unique<SP800_108_Feedback>(m_prf->new_object()); }
65
66 /**
67 * Derive a key using the SP800-108 KDF in Feedback mode.
68 *
69 * The implementation uses the optional counter i and hard
70 * codes the length of [L]_2 and [i]_2 (the value r) to 32 bits.
71 *
72 * @param key resulting keying material
73 * @param key_len the desired output length in bytes
74 * @param secret K_I
75 * @param secret_len size of K_I in bytes
76 * @param salt IV || Context
77 * @param salt_len size of Context plus IV in bytes
78 * @param label Label
79 * @param label_len size of Label in bytes
80 *
81 * @throws Invalid_Argument key_len > 2^32
82 */
83 void kdf(uint8_t key[], size_t key_len,
84 const uint8_t secret[], size_t secret_len,
85 const uint8_t salt[], size_t salt_len,
86 const uint8_t label[], size_t label_len) const override;
87
88 explicit SP800_108_Feedback(std::unique_ptr<MessageAuthenticationCode> mac) : m_prf(std::move(mac)) {}
89 private:
90 std::unique_ptr<MessageAuthenticationCode> m_prf;
91 };
92
93/**
94 * NIST SP 800-108 KDF in Double Pipeline Mode (5.3)
95 */
97 {
98 public:
99 std::string name() const override { return "SP800-108-Pipeline(" + m_prf->name() + ")"; }
100
101 std::unique_ptr<KDF> new_object() const override { return std::make_unique<SP800_108_Pipeline>(m_prf->new_object()); }
102
103 /**
104 * Derive a key using the SP800-108 KDF in Double Pipeline mode.
105 *
106 * The implementation uses the optional counter i and hard
107 * codes the length of [L]_2 and [i]_2 (the value r) to 32 bits.
108 *
109 * @param key resulting keying material
110 * @param key_len the desired output length in bytes
111 * @param secret K_I
112 * @param secret_len size of K_I in bytes
113 * @param salt Context
114 * @param salt_len size of Context in bytes
115 * @param label Label
116 * @param label_len size of Label in bytes
117 *
118 * @throws Invalid_Argument key_len > 2^32
119 */
120 void kdf(uint8_t key[], size_t key_len,
121 const uint8_t secret[], size_t secret_len,
122 const uint8_t salt[], size_t salt_len,
123 const uint8_t label[], size_t label_len) const override;
124
125 explicit SP800_108_Pipeline(std::unique_ptr<MessageAuthenticationCode> mac) : m_prf(std::move(mac)) {}
126
127 private:
128 std::unique_ptr<MessageAuthenticationCode> m_prf;
129 };
130
131}
132
133#endif
Definition: kdf.h:21
void kdf(uint8_t key[], size_t key_len, const uint8_t secret[], size_t secret_len, const uint8_t salt[], size_t salt_len, const uint8_t label[], size_t label_len) const override
Definition: sp800_108.cpp:15
SP800_108_Counter(std::unique_ptr< MessageAuthenticationCode > mac)
Definition: sp800_108.h:51
std::string name() const override
Definition: sp800_108.h:22
std::unique_ptr< KDF > new_object() const override
Definition: sp800_108.h:24
std::string name() const override
Definition: sp800_108.h:62
SP800_108_Feedback(std::unique_ptr< MessageAuthenticationCode > mac)
Definition: sp800_108.h:88
void kdf(uint8_t key[], size_t key_len, const uint8_t secret[], size_t secret_len, const uint8_t salt[], size_t salt_len, const uint8_t label[], size_t label_len) const override
Definition: sp800_108.cpp:60
std::unique_ptr< KDF > new_object() const override
Definition: sp800_108.h:64
std::unique_ptr< KDF > new_object() const override
Definition: sp800_108.h:101
SP800_108_Pipeline(std::unique_ptr< MessageAuthenticationCode > mac)
Definition: sp800_108.h:125
std::string name() const override
Definition: sp800_108.h:99
void kdf(uint8_t key[], size_t key_len, const uint8_t secret[], size_t secret_len, const uint8_t salt[], size_t salt_len, const uint8_t label[], size_t label_len) const override
Definition: sp800_108.cpp:108
int(* final)(unsigned char *, CTX *)
Definition: alg_id.cpp:13
Definition: bigint.h:1077
size_t salt_len
Definition: x509_obj.cpp:25