12#include <botan/internal/sp800_56c_one_step.h>
14#include <botan/exceptn.h>
15#include <botan/internal/bit_ops.h>
16#include <botan/internal/fmt.h>
17#include <botan/internal/kmac.h>
25concept hash_or_mac_type = std::is_same_v<T, HashFunction> || std::is_same_v<T, MessageAuthenticationCode>;
30template <hash_or_mac_type HashOrMacType>
31void kdm_internal(std::span<uint8_t> output_buffer,
32 std::span<const uint8_t> z,
33 std::span<const uint8_t> fixed_info,
34 HashOrMacType& hash_or_mac,
35 const std::function<
void(HashOrMacType&)>& init_h_callback) {
36 size_t l = output_buffer.size() * 8;
41 size_t reps =
ceil_division(l, hash_or_mac.output_length() * 8);
63 for(
size_t i = 1; i <= reps; i++) {
68 init_h_callback(hash_or_mac);
71 hash_or_mac.update_be(counter);
72 hash_or_mac.update(z);
73 hash_or_mac.update(fixed_info);
74 auto k_i = hash_or_mac.final();
77 result.insert(result.end(), k_i.begin(), k_i.end());
81 copy_mem(output_buffer, std::span(result).subspan(0, output_buffer.size()));
86void SP800_56C_One_Step_Hash::perform_kdf(std::span<uint8_t> key,
87 std::span<const uint8_t> secret,
88 std::span<const uint8_t> salt,
89 std::span<const uint8_t> label)
const {
90 BOTAN_ARG_CHECK(salt.empty(),
"SP800_56A_Hash does not support a non-empty salt");
91 kdm_internal<HashFunction>(key, secret, label, *m_hash, [](
HashFunction&) { });
95 return fmt(
"SP800-56A({})", m_hash->name());
99 return std::make_unique<SP800_56C_One_Step_Hash>(m_hash->new_object());
103 m_mac(std::move(mac)) {
105 if(!m_mac->name().starts_with(
"HMAC(")) {
106 throw Algorithm_Not_Found(
"Only HMAC can be used with SP800_56A_HMAC");
110void SP800_56C_One_Step_HMAC::perform_kdf(std::span<uint8_t> key,
111 std::span<const uint8_t> secret,
112 std::span<const uint8_t> salt,
113 std::span<const uint8_t> label)
const {
128 return fmt(
"SP800-56A({})", m_mac->name());
132 return std::make_unique<SP800_56C_One_Step_HMAC>(m_mac->new_object());
136void SP800_56A_One_Step_KMAC_Abstract::perform_kdf(std::span<uint8_t> key,
137 std::span<const uint8_t> secret,
138 std::span<const uint8_t> salt,
139 std::span<const uint8_t> label)
const {
159 kdf_mac.
start(std::array<uint8_t, 3>{
'K',
'D',
'F'});
163std::unique_ptr<MessageAuthenticationCode> SP800_56C_One_Step_KMAC128::create_kmac_instance(
164 size_t output_byte_len)
const {
165 return std::make_unique<KMAC128>(output_byte_len * 8);
168std::unique_ptr<MessageAuthenticationCode> SP800_56C_One_Step_KMAC256::create_kmac_instance(
169 size_t output_byte_len)
const {
170 return std::make_unique<KMAC256>(output_byte_len * 8);
#define BOTAN_ARG_CHECK(expr, msg)
void start(std::span< const uint8_t > nonce)
virtual std::unique_ptr< MessageAuthenticationCode > create_kmac_instance(size_t output_byte_len) const =0
virtual size_t default_salt_length() const =0
See SP800-56C Section 4.1 - Implementation-Dependent Parameters 3.
SP800_56C_One_Step_HMAC(std::unique_ptr< MessageAuthenticationCode > mac)
std::string name() const override
std::unique_ptr< KDF > new_object() const override
std::string name() const override
std::unique_ptr< KDF > new_object() const override
void set_key(const SymmetricKey &key)
std::string fmt(std::string_view format, const T &... args)
constexpr T ceil_division(T a, T b)
std::vector< T, secure_allocator< T > > secure_vector
constexpr void copy_mem(T *out, const T *in, size_t n)