diff options
author | Kai Michaelis <[email protected]> | 2016-01-28 15:56:00 +0100 |
---|---|---|
committer | Kai Michaelis <[email protected]> | 2016-04-20 13:01:53 +0200 |
commit | 835f2827cab6aef1d34a5f10e1770efae17ea100 (patch) | |
tree | 56e1d1accc8d6e21ded0ddd80c733551053dfea3 /src/lib/kdf/sp800_108 | |
parent | a4358c96a0de1ab7afc0b437ab79bfc35f2e1824 (diff) |
NIST SP800-108 & 56c
Diffstat (limited to 'src/lib/kdf/sp800_108')
-rw-r--r-- | src/lib/kdf/sp800_108/info.txt | 6 | ||||
-rw-r--r-- | src/lib/kdf/sp800_108/sp800_108.cpp | 157 | ||||
-rw-r--r-- | src/lib/kdf/sp800_108/sp800_108.h | 81 |
3 files changed, 244 insertions, 0 deletions
diff --git a/src/lib/kdf/sp800_108/info.txt b/src/lib/kdf/sp800_108/info.txt new file mode 100644 index 000000000..a78531fe7 --- /dev/null +++ b/src/lib/kdf/sp800_108/info.txt @@ -0,0 +1,6 @@ +define SP800_108 20160128 + +<requires> +mac +hmac +</requires> diff --git a/src/lib/kdf/sp800_108/sp800_108.cpp b/src/lib/kdf/sp800_108/sp800_108.cpp new file mode 100644 index 000000000..873db814c --- /dev/null +++ b/src/lib/kdf/sp800_108/sp800_108.cpp @@ -0,0 +1,157 @@ +/* +* KDFs defined in NIST SP 800-108 +* (C) 2016 Kai Michaelis +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include <botan/sp800_108.h> +#include <botan/hmac.h> + +namespace Botan { + +SP800_108_Counter* SP800_108_Counter::make(const Spec& spec) + { + if(auto mac = MessageAuthenticationCode::create(spec.arg(0))) + return new SP800_108_Counter(mac.release()); + + if(auto mac = MessageAuthenticationCode::create("HMAC(" + spec.arg(0) + ")")) + return new SP800_108_Counter(mac.release()); + + return nullptr; + } + +size_t SP800_108_Counter::kdf(byte key[], size_t key_len, + const byte secret[], size_t secret_len, + const byte salt[], size_t salt_len) const + { + const std::size_t prf_len = m_prf->output_length(); + byte *p = key; + uint32_t counter = 1; + secure_vector<byte> tmp; + + m_prf->set_key(secret, secret_len); + + while(p < key + key_len && counter != 0) + { + const std::size_t to_copy = std::min< std::size_t >(key + key_len - p, prf_len); + byte be_cnt[4] = { 0 }; + + store_be(counter, be_cnt); + + m_prf->update(be_cnt,4); + m_prf->update(salt, salt_len); + m_prf->final(tmp); + + std::move(tmp.begin(), tmp.begin() + to_copy, p); + ++counter; + + if (counter == 0) + throw Invalid_Argument("Can't process more than 4GB"); + + p += to_copy; + } + + return key_len; + } + +SP800_108_Feedback* SP800_108_Feedback::make(const Spec& spec) + { + if(auto mac = MessageAuthenticationCode::create(spec.arg(0))) + return new SP800_108_Feedback(mac.release()); + + if(auto mac = MessageAuthenticationCode::create("HMAC(" + spec.arg(0) + ")")) + return new SP800_108_Feedback(mac.release()); + + return nullptr; + } + +size_t SP800_108_Feedback::kdf(byte key[], size_t key_len, + const byte secret[], size_t secret_len, + const byte salt[], size_t salt_len) const + { + const std::size_t prf_len = m_prf->output_length(); + const std::size_t iv_len = (salt_len >= prf_len ? prf_len : 0); + + byte *p = key; + uint32_t counter = 1; + secure_vector< byte > prev(salt, salt + iv_len); + secure_vector< byte > ctx(salt + iv_len, salt + salt_len); + + m_prf->set_key(secret, secret_len); + + while(p < key + key_len && counter != 0) + { + const std::size_t to_copy = std::min< std::size_t >(key + key_len - p, prf_len); + byte be_cnt[4] = { 0 }; + + store_be(counter, be_cnt); + + m_prf->update(prev); + m_prf->update(be_cnt,4); + m_prf->update(ctx); + m_prf->final(prev); + + std::copy(prev.begin(), prev.begin() + to_copy, p); + ++counter; + + if (counter == 0) + throw Invalid_Argument("Can't process more than 4GB"); + + p += to_copy; + } + + return key_len; + } + +SP800_108_Pipeline* SP800_108_Pipeline::make(const Spec& spec) + { + if(auto mac = MessageAuthenticationCode::create(spec.arg(0))) + return new SP800_108_Pipeline(mac.release()); + + if(auto mac = MessageAuthenticationCode::create("HMAC(" + spec.arg(0) + ")")) + return new SP800_108_Pipeline(mac.release()); + + return nullptr; + } + +size_t SP800_108_Pipeline::kdf(byte key[], size_t key_len, + const byte secret[], size_t secret_len, + const byte salt[], size_t salt_len) const + { + const std::size_t prf_len = m_prf->output_length(); + byte *p = key; + uint32_t counter = 1; + secure_vector<byte> ai(salt, salt + salt_len), ki; + + m_prf->set_key(secret,secret_len); + + while(p < key + key_len && counter != 0) + { + // A(i) + m_prf->update(ai); + m_prf->final(ai); + + // K(i) + const std::size_t to_copy = std::min< std::size_t >(key + key_len - p, prf_len); + byte be_cnt[4] = { 0 }; + + store_be(counter, be_cnt); + + m_prf->update(ai); + m_prf->update(be_cnt,4); + m_prf->update(salt, salt_len); + m_prf->final(ki); + + std::copy(ki.begin(), ki.begin() + to_copy, p); + ++counter; + + if (counter == 0) + throw Invalid_Argument("Can't process more than 4GB"); + + p += to_copy; + } + + return key_len; + } +} diff --git a/src/lib/kdf/sp800_108/sp800_108.h b/src/lib/kdf/sp800_108/sp800_108.h new file mode 100644 index 000000000..0acdfacf9 --- /dev/null +++ b/src/lib/kdf/sp800_108/sp800_108.h @@ -0,0 +1,81 @@ +/* +* KDFs defined in NIST SP 800-108 +* (C) 2016 Kai Michaelis +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_SP800_108_H__ +#define BOTAN_SP800_108_H__ + +#include <botan/kdf.h> +#include <botan/mac.h> + +namespace Botan { + +/** + * NIST SP 800-108 KDF in Counter Mode (5.1) + */ +class BOTAN_DLL SP800_108_Counter : public KDF + { + public: + std::string name() const override { return "SP800-108-Counter(" + m_prf->name() + ")"; } + + KDF* clone() const override { return new SP800_108_Counter(m_prf->clone()); } + + size_t kdf(byte key[], size_t key_len, + const byte secret[], size_t secret_len, + const byte salt[], size_t salt_len) const override; + + SP800_108_Counter(MessageAuthenticationCode* mac) : m_prf(mac) {} + + static SP800_108_Counter* make(const Spec& spec); + private: + std::unique_ptr<MessageAuthenticationCode> m_prf; + }; + +/** + * NIST SP 800-108 KDF in Feedback Mode (5.2) + */ +class BOTAN_DLL SP800_108_Feedback : public KDF + { + public: + std::string name() const override { return "SP800-108-Feedback(" + m_prf->name() + ")"; } + + KDF* clone() const override { return new SP800_108_Feedback(m_prf->clone()); } + + size_t kdf(byte key[], size_t key_len, + const byte secret[], size_t secret_len, + const byte salt[], size_t salt_len) const override; + + SP800_108_Feedback(MessageAuthenticationCode* mac) : m_prf(mac) {} + + static SP800_108_Feedback* make(const Spec& spec); + private: + std::unique_ptr<MessageAuthenticationCode> m_prf; + }; + +/** + * NIST SP 800-108 KDF in Double Pipeline Mode (5.3) + */ +class BOTAN_DLL SP800_108_Pipeline : public KDF + { + public: + std::string name() const override { return "SP800-108-Pipeline(" + m_prf->name() + ")"; } + + KDF* clone() const override { return new SP800_108_Pipeline(m_prf->clone()); } + + size_t kdf(byte key[], size_t key_len, + const byte secret[], size_t secret_len, + const byte salt[], size_t salt_len) const override; + + SP800_108_Pipeline(MessageAuthenticationCode* mac) : m_prf(mac) {} + + static SP800_108_Pipeline* make(const Spec& spec); + private: + std::unique_ptr<MessageAuthenticationCode> m_prf; + }; + +} + +#endif |