aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/kdf/sp800_108/sp800_108.cpp
diff options
context:
space:
mode:
authorKai Michaelis <[email protected]>2016-01-28 15:56:00 +0100
committerKai Michaelis <[email protected]>2016-04-20 13:01:53 +0200
commit835f2827cab6aef1d34a5f10e1770efae17ea100 (patch)
tree56e1d1accc8d6e21ded0ddd80c733551053dfea3 /src/lib/kdf/sp800_108/sp800_108.cpp
parenta4358c96a0de1ab7afc0b437ab79bfc35f2e1824 (diff)
NIST SP800-108 & 56c
Diffstat (limited to 'src/lib/kdf/sp800_108/sp800_108.cpp')
-rw-r--r--src/lib/kdf/sp800_108/sp800_108.cpp157
1 files changed, 157 insertions, 0 deletions
diff --git a/src/lib/kdf/sp800_108/sp800_108.cpp b/src/lib/kdf/sp800_108/sp800_108.cpp
new file mode 100644
index 000000000..873db814c
--- /dev/null
+++ b/src/lib/kdf/sp800_108/sp800_108.cpp
@@ -0,0 +1,157 @@
+/*
+* KDFs defined in NIST SP 800-108
+* (C) 2016 Kai Michaelis
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#include <botan/sp800_108.h>
+#include <botan/hmac.h>
+
+namespace Botan {
+
+SP800_108_Counter* SP800_108_Counter::make(const Spec& spec)
+ {
+ if(auto mac = MessageAuthenticationCode::create(spec.arg(0)))
+ return new SP800_108_Counter(mac.release());
+
+ if(auto mac = MessageAuthenticationCode::create("HMAC(" + spec.arg(0) + ")"))
+ return new SP800_108_Counter(mac.release());
+
+ return nullptr;
+ }
+
+size_t SP800_108_Counter::kdf(byte key[], size_t key_len,
+ const byte secret[], size_t secret_len,
+ const byte salt[], size_t salt_len) const
+ {
+ const std::size_t prf_len = m_prf->output_length();
+ byte *p = key;
+ uint32_t counter = 1;
+ secure_vector<byte> tmp;
+
+ m_prf->set_key(secret, secret_len);
+
+ while(p < key + key_len && counter != 0)
+ {
+ const std::size_t to_copy = std::min< std::size_t >(key + key_len - p, prf_len);
+ byte be_cnt[4] = { 0 };
+
+ store_be(counter, be_cnt);
+
+ m_prf->update(be_cnt,4);
+ m_prf->update(salt, salt_len);
+ m_prf->final(tmp);
+
+ std::move(tmp.begin(), tmp.begin() + to_copy, p);
+ ++counter;
+
+ if (counter == 0)
+ throw Invalid_Argument("Can't process more than 4GB");
+
+ p += to_copy;
+ }
+
+ return key_len;
+ }
+
+SP800_108_Feedback* SP800_108_Feedback::make(const Spec& spec)
+ {
+ if(auto mac = MessageAuthenticationCode::create(spec.arg(0)))
+ return new SP800_108_Feedback(mac.release());
+
+ if(auto mac = MessageAuthenticationCode::create("HMAC(" + spec.arg(0) + ")"))
+ return new SP800_108_Feedback(mac.release());
+
+ return nullptr;
+ }
+
+size_t SP800_108_Feedback::kdf(byte key[], size_t key_len,
+ const byte secret[], size_t secret_len,
+ const byte salt[], size_t salt_len) const
+ {
+ const std::size_t prf_len = m_prf->output_length();
+ const std::size_t iv_len = (salt_len >= prf_len ? prf_len : 0);
+
+ byte *p = key;
+ uint32_t counter = 1;
+ secure_vector< byte > prev(salt, salt + iv_len);
+ secure_vector< byte > ctx(salt + iv_len, salt + salt_len);
+
+ m_prf->set_key(secret, secret_len);
+
+ while(p < key + key_len && counter != 0)
+ {
+ const std::size_t to_copy = std::min< std::size_t >(key + key_len - p, prf_len);
+ byte be_cnt[4] = { 0 };
+
+ store_be(counter, be_cnt);
+
+ m_prf->update(prev);
+ m_prf->update(be_cnt,4);
+ m_prf->update(ctx);
+ m_prf->final(prev);
+
+ std::copy(prev.begin(), prev.begin() + to_copy, p);
+ ++counter;
+
+ if (counter == 0)
+ throw Invalid_Argument("Can't process more than 4GB");
+
+ p += to_copy;
+ }
+
+ return key_len;
+ }
+
+SP800_108_Pipeline* SP800_108_Pipeline::make(const Spec& spec)
+ {
+ if(auto mac = MessageAuthenticationCode::create(spec.arg(0)))
+ return new SP800_108_Pipeline(mac.release());
+
+ if(auto mac = MessageAuthenticationCode::create("HMAC(" + spec.arg(0) + ")"))
+ return new SP800_108_Pipeline(mac.release());
+
+ return nullptr;
+ }
+
+size_t SP800_108_Pipeline::kdf(byte key[], size_t key_len,
+ const byte secret[], size_t secret_len,
+ const byte salt[], size_t salt_len) const
+ {
+ const std::size_t prf_len = m_prf->output_length();
+ byte *p = key;
+ uint32_t counter = 1;
+ secure_vector<byte> ai(salt, salt + salt_len), ki;
+
+ m_prf->set_key(secret,secret_len);
+
+ while(p < key + key_len && counter != 0)
+ {
+ // A(i)
+ m_prf->update(ai);
+ m_prf->final(ai);
+
+ // K(i)
+ const std::size_t to_copy = std::min< std::size_t >(key + key_len - p, prf_len);
+ byte be_cnt[4] = { 0 };
+
+ store_be(counter, be_cnt);
+
+ m_prf->update(ai);
+ m_prf->update(be_cnt,4);
+ m_prf->update(salt, salt_len);
+ m_prf->final(ki);
+
+ std::copy(ki.begin(), ki.begin() + to_copy, p);
+ ++counter;
+
+ if (counter == 0)
+ throw Invalid_Argument("Can't process more than 4GB");
+
+ p += to_copy;
+ }
+
+ return key_len;
+ }
+}