Botan  2.16.0
Crypto and TLS for C++11
sp800_56a.h
Go to the documentation of this file.
1 /*
2 * KDF defined in NIST SP 800-56a revision 2 (Single-step key-derivation function)
3 *
4 * (C) 2017 Ribose Inc. Written by Krzysztof Kwiatkowski.
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #ifndef BOTAN_SP800_56A_H_
10 #define BOTAN_SP800_56A_H_
11 
12 #include <botan/kdf.h>
13 #include <botan/hash.h>
14 #include <botan/mac.h>
15 
17 
18 namespace Botan {
19 
20 /**
21  * NIST SP 800-56A KDF using hash function
22  * @warning This KDF ignores the provided salt value
23  */
25  {
26  public:
27  std::string name() const override { return "SP800-56A(" + m_hash->name() + ")"; }
28 
29  KDF* clone() const override { return new SP800_56A_Hash(m_hash->clone()); }
30 
31  /**
32  * Derive a key using the SP800-56A KDF.
33  *
34  * The implementation hard codes the context value for the
35  * expansion step to the empty string.
36  *
37  * @param key derived keying material K_M
38  * @param key_len the desired output length in bytes
39  * @param secret shared secret Z
40  * @param secret_len size of Z in bytes
41  * @param salt ignored
42  * @param salt_len ignored
43  * @param label label for the expansion step
44  * @param label_len size of label in bytes
45  *
46  * @throws Invalid_Argument key_len > 2^32
47  */
48  size_t kdf(uint8_t key[], size_t key_len,
49  const uint8_t secret[], size_t secret_len,
50  const uint8_t salt[], size_t salt_len,
51  const uint8_t label[], size_t label_len) const override;
52 
53  /**
54  * @param hash the hash function to use as the auxiliary function
55  */
56  explicit SP800_56A_Hash(HashFunction* hash) : m_hash(hash) {}
57  private:
58  std::unique_ptr<HashFunction> m_hash;
59  };
60 
61 /**
62  * NIST SP 800-56A KDF using HMAC
63  */
65  {
66  public:
67  std::string name() const override { return "SP800-56A(" + m_mac->name() + ")"; }
68 
69  KDF* clone() const override { return new SP800_56A_HMAC(m_mac->clone()); }
70 
71  /**
72  * Derive a key using the SP800-56A KDF.
73  *
74  * The implementation hard codes the context value for the
75  * expansion step to the empty string.
76  *
77  * @param key derived keying material K_M
78  * @param key_len the desired output length in bytes
79  * @param secret shared secret Z
80  * @param secret_len size of Z in bytes
81  * @param salt ignored
82  * @param salt_len ignored
83  * @param label label for the expansion step
84  * @param label_len size of label in bytes
85  *
86  * @throws Invalid_Argument key_len > 2^32 or MAC is not a HMAC
87  */
88  size_t kdf(uint8_t key[], size_t key_len,
89  const uint8_t secret[], size_t secret_len,
90  const uint8_t salt[], size_t salt_len,
91  const uint8_t label[], size_t label_len) const override;
92 
93  /**
94  * @param mac the HMAC to use as the auxiliary function
95  */
97  private:
98  std::unique_ptr<MessageAuthenticationCode> m_mac;
99  };
100 
101 }
102 
103 #endif
SP800_56A_Hash(HashFunction *hash)
Definition: sp800_56a.h:56
std::string name() const override
Definition: sp800_56a.h:67
KDF * clone() const override
Definition: sp800_56a.h:29
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
size_t salt_len
Definition: x509_obj.cpp:25
Definition: alg_id.cpp:13
Definition: kdf.h:20
std::string name() const override
Definition: sp800_56a.h:27
virtual size_t kdf(uint8_t key[], size_t key_len, const uint8_t secret[], size_t secret_len, const uint8_t salt[], size_t salt_len, const uint8_t label[], size_t label_len) const =0
KDF * clone() const override
Definition: sp800_56a.h:69
#define BOTAN_FUTURE_INTERNAL_HEADER(hdr)
Definition: compiler.h:145
MechanismType hash