Botan 3.7.1
Crypto and TLS for C&
sp800_56c_one_step.h
Go to the documentation of this file.
1/*
2* KDF defined in NIST SP 800-56a revision 2 (Single-step key-derivation function)
3* or in NIST SP 800-56C revision 2 (Section 4 - One-Step KDM)
4*
5* (C) 2017 Ribose Inc. Written by Krzysztof Kwiatkowski.
6* (C) 2024 Fabian Albert - Rohde & Schwarz Cybersecurity
7*
8* Botan is released under the Simplified BSD License (see license.txt)
9*/
10
11#ifndef BOTAN_SP800_56A_H_
12#define BOTAN_SP800_56A_H_
13
14#include <botan/hash.h>
15#include <botan/kdf.h>
16#include <botan/mac.h>
17
18namespace Botan {
19
20/**
21 * NIST SP 800-56Cr2 One-Step KDF using hash function
22 * @warning The salt for this KDF must be empty.
23 */
25 public:
26 std::string name() const override;
27
28 std::unique_ptr<KDF> new_object() const override;
29
30 /**
31 * @param hash the hash function to use as the auxiliary function
32 */
33 explicit SP800_56C_One_Step_Hash(std::unique_ptr<HashFunction> hash) : m_hash(std::move(hash)) {}
34
35 private:
36 /**
37 * Derive a key using the SP800-56Cr2 One-Step KDF.
38 *
39 * @param key DerivedKeyingMaterial output buffer
40 * @param secret shared secret Z
41 * @param salt the salt. Ignored.
42 * @param label FixedInfo
43 *
44 * @throws Invalid_Argument if key_len > (2^32 - 1) * Hash output bits.
45 * Or thrown if salt is non-empty
46 */
47 void perform_kdf(std::span<uint8_t> key,
48 std::span<const uint8_t> secret,
49 std::span<const uint8_t> salt,
50 std::span<const uint8_t> label) const override;
51
52 private:
53 std::unique_ptr<HashFunction> m_hash;
54};
55
56/**
57 * NIST SP800-56Cr2 One-Step KDF using HMAC
58 */
60 public:
61 std::string name() const override;
62
63 std::unique_ptr<KDF> new_object() const override;
64
65 /**
66 * @param mac the HMAC to use as the auxiliary function
67 */
68 explicit SP800_56C_One_Step_HMAC(std::unique_ptr<MessageAuthenticationCode> mac);
69
70 private:
71 /**
72 * Derive a key using the SP800-56Cr2 One-Step KDF.
73 *
74 * @param key DerivedKeyingMaterial output buffer
75 * @param secret shared secret Z
76 * @param salt the salt. If empty the default_salt is used.
77 * @param label FixedInfo
78 *
79 * @throws Invalid_Argument if key_len > (2^32 - 1) * HMAC output bits
80 */
81 void perform_kdf(std::span<uint8_t> key,
82 std::span<const uint8_t> secret,
83 std::span<const uint8_t> salt,
84 std::span<const uint8_t> label) const override;
85
86 private:
87 std::unique_ptr<MessageAuthenticationCode> m_mac;
88};
89
90/**
91 * NIST SP800-56Cr2 One-Step KDF using KMAC (Abstract class)
92 */
94 private:
95 /**
96 * Derive a key using the SP800-56Cr2 One-Step KDF.
97 *
98 * @param key DerivedKeyingMaterial output buffer
99 * @param secret shared secret Z
100 * @param salt the salt. If empty the default_salt is used.
101 * @param label FixedInfo
102 *
103 * @throws Invalid_Argument if key_len > (2^32 - 1) * KMAC output bits
104 */
105 void perform_kdf(std::span<uint8_t> key,
106 std::span<const uint8_t> secret,
107 std::span<const uint8_t> salt,
108 std::span<const uint8_t> label) const final;
109
110 protected:
111 virtual std::unique_ptr<MessageAuthenticationCode> create_kmac_instance(size_t output_byte_len) const = 0;
112
113 /// See SP800-56C Section 4.1 - Implementation-Dependent Parameters 3.
114 virtual size_t default_salt_length() const = 0;
115};
116
117/**
118 * NIST SP800-56Cr2 One-Step KDF using KMAC-128
119 */
121 public:
122 std::string name() const override { return "SP800-56A(KMAC-128)"; }
123
124 std::unique_ptr<KDF> new_object() const override { return std::make_unique<SP800_56C_One_Step_KMAC128>(); }
125
126 private:
127 std::unique_ptr<MessageAuthenticationCode> create_kmac_instance(size_t output_byte_len) const override;
128
129 size_t default_salt_length() const override { return 164; }
130};
131
132/**
133 * NIST SP800-56Cr2 One-Step KDF using KMAC-256
134 */
136 public:
137 std::string name() const override { return "SP800-56A(KMAC-256)"; }
138
139 std::unique_ptr<KDF> new_object() const override { return std::make_unique<SP800_56C_One_Step_KMAC256>(); }
140
141 private:
142 std::unique_ptr<MessageAuthenticationCode> create_kmac_instance(size_t output_byte_len) const override;
143
144 size_t default_salt_length() const override { return 132; }
145};
146
147} // namespace Botan
148
149#endif
virtual std::unique_ptr< MessageAuthenticationCode > create_kmac_instance(size_t output_byte_len) const =0
virtual size_t default_salt_length() const =0
See SP800-56C Section 4.1 - Implementation-Dependent Parameters 3.
SP800_56C_One_Step_HMAC(std::unique_ptr< MessageAuthenticationCode > mac)
std::string name() const override
std::unique_ptr< KDF > new_object() const override
std::string name() const override
SP800_56C_One_Step_Hash(std::unique_ptr< HashFunction > hash)
std::unique_ptr< KDF > new_object() const override
std::unique_ptr< KDF > new_object() const override
std::string name() const override
std::string name() const override
std::unique_ptr< KDF > new_object() const override
int(* final)(unsigned char *, CTX *)