aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/kdf/sp800_108
diff options
context:
space:
mode:
authorKai Michaelis <[email protected]>2016-01-28 15:56:00 +0100
committerKai Michaelis <[email protected]>2016-04-20 13:01:53 +0200
commit835f2827cab6aef1d34a5f10e1770efae17ea100 (patch)
tree56e1d1accc8d6e21ded0ddd80c733551053dfea3 /src/lib/kdf/sp800_108
parenta4358c96a0de1ab7afc0b437ab79bfc35f2e1824 (diff)
NIST SP800-108 & 56c
Diffstat (limited to 'src/lib/kdf/sp800_108')
-rw-r--r--src/lib/kdf/sp800_108/info.txt6
-rw-r--r--src/lib/kdf/sp800_108/sp800_108.cpp157
-rw-r--r--src/lib/kdf/sp800_108/sp800_108.h81
3 files changed, 244 insertions, 0 deletions
diff --git a/src/lib/kdf/sp800_108/info.txt b/src/lib/kdf/sp800_108/info.txt
new file mode 100644
index 000000000..a78531fe7
--- /dev/null
+++ b/src/lib/kdf/sp800_108/info.txt
@@ -0,0 +1,6 @@
+define SP800_108 20160128
+
+<requires>
+mac
+hmac
+</requires>
diff --git a/src/lib/kdf/sp800_108/sp800_108.cpp b/src/lib/kdf/sp800_108/sp800_108.cpp
new file mode 100644
index 000000000..873db814c
--- /dev/null
+++ b/src/lib/kdf/sp800_108/sp800_108.cpp
@@ -0,0 +1,157 @@
+/*
+* KDFs defined in NIST SP 800-108
+* (C) 2016 Kai Michaelis
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#include <botan/sp800_108.h>
+#include <botan/hmac.h>
+
+namespace Botan {
+
+SP800_108_Counter* SP800_108_Counter::make(const Spec& spec)
+ {
+ if(auto mac = MessageAuthenticationCode::create(spec.arg(0)))
+ return new SP800_108_Counter(mac.release());
+
+ if(auto mac = MessageAuthenticationCode::create("HMAC(" + spec.arg(0) + ")"))
+ return new SP800_108_Counter(mac.release());
+
+ return nullptr;
+ }
+
+size_t SP800_108_Counter::kdf(byte key[], size_t key_len,
+ const byte secret[], size_t secret_len,
+ const byte salt[], size_t salt_len) const
+ {
+ const std::size_t prf_len = m_prf->output_length();
+ byte *p = key;
+ uint32_t counter = 1;
+ secure_vector<byte> tmp;
+
+ m_prf->set_key(secret, secret_len);
+
+ while(p < key + key_len && counter != 0)
+ {
+ const std::size_t to_copy = std::min< std::size_t >(key + key_len - p, prf_len);
+ byte be_cnt[4] = { 0 };
+
+ store_be(counter, be_cnt);
+
+ m_prf->update(be_cnt,4);
+ m_prf->update(salt, salt_len);
+ m_prf->final(tmp);
+
+ std::move(tmp.begin(), tmp.begin() + to_copy, p);
+ ++counter;
+
+ if (counter == 0)
+ throw Invalid_Argument("Can't process more than 4GB");
+
+ p += to_copy;
+ }
+
+ return key_len;
+ }
+
+SP800_108_Feedback* SP800_108_Feedback::make(const Spec& spec)
+ {
+ if(auto mac = MessageAuthenticationCode::create(spec.arg(0)))
+ return new SP800_108_Feedback(mac.release());
+
+ if(auto mac = MessageAuthenticationCode::create("HMAC(" + spec.arg(0) + ")"))
+ return new SP800_108_Feedback(mac.release());
+
+ return nullptr;
+ }
+
+size_t SP800_108_Feedback::kdf(byte key[], size_t key_len,
+ const byte secret[], size_t secret_len,
+ const byte salt[], size_t salt_len) const
+ {
+ const std::size_t prf_len = m_prf->output_length();
+ const std::size_t iv_len = (salt_len >= prf_len ? prf_len : 0);
+
+ byte *p = key;
+ uint32_t counter = 1;
+ secure_vector< byte > prev(salt, salt + iv_len);
+ secure_vector< byte > ctx(salt + iv_len, salt + salt_len);
+
+ m_prf->set_key(secret, secret_len);
+
+ while(p < key + key_len && counter != 0)
+ {
+ const std::size_t to_copy = std::min< std::size_t >(key + key_len - p, prf_len);
+ byte be_cnt[4] = { 0 };
+
+ store_be(counter, be_cnt);
+
+ m_prf->update(prev);
+ m_prf->update(be_cnt,4);
+ m_prf->update(ctx);
+ m_prf->final(prev);
+
+ std::copy(prev.begin(), prev.begin() + to_copy, p);
+ ++counter;
+
+ if (counter == 0)
+ throw Invalid_Argument("Can't process more than 4GB");
+
+ p += to_copy;
+ }
+
+ return key_len;
+ }
+
+SP800_108_Pipeline* SP800_108_Pipeline::make(const Spec& spec)
+ {
+ if(auto mac = MessageAuthenticationCode::create(spec.arg(0)))
+ return new SP800_108_Pipeline(mac.release());
+
+ if(auto mac = MessageAuthenticationCode::create("HMAC(" + spec.arg(0) + ")"))
+ return new SP800_108_Pipeline(mac.release());
+
+ return nullptr;
+ }
+
+size_t SP800_108_Pipeline::kdf(byte key[], size_t key_len,
+ const byte secret[], size_t secret_len,
+ const byte salt[], size_t salt_len) const
+ {
+ const std::size_t prf_len = m_prf->output_length();
+ byte *p = key;
+ uint32_t counter = 1;
+ secure_vector<byte> ai(salt, salt + salt_len), ki;
+
+ m_prf->set_key(secret,secret_len);
+
+ while(p < key + key_len && counter != 0)
+ {
+ // A(i)
+ m_prf->update(ai);
+ m_prf->final(ai);
+
+ // K(i)
+ const std::size_t to_copy = std::min< std::size_t >(key + key_len - p, prf_len);
+ byte be_cnt[4] = { 0 };
+
+ store_be(counter, be_cnt);
+
+ m_prf->update(ai);
+ m_prf->update(be_cnt,4);
+ m_prf->update(salt, salt_len);
+ m_prf->final(ki);
+
+ std::copy(ki.begin(), ki.begin() + to_copy, p);
+ ++counter;
+
+ if (counter == 0)
+ throw Invalid_Argument("Can't process more than 4GB");
+
+ p += to_copy;
+ }
+
+ return key_len;
+ }
+}
diff --git a/src/lib/kdf/sp800_108/sp800_108.h b/src/lib/kdf/sp800_108/sp800_108.h
new file mode 100644
index 000000000..0acdfacf9
--- /dev/null
+++ b/src/lib/kdf/sp800_108/sp800_108.h
@@ -0,0 +1,81 @@
+/*
+* KDFs defined in NIST SP 800-108
+* (C) 2016 Kai Michaelis
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#ifndef BOTAN_SP800_108_H__
+#define BOTAN_SP800_108_H__
+
+#include <botan/kdf.h>
+#include <botan/mac.h>
+
+namespace Botan {
+
+/**
+ * NIST SP 800-108 KDF in Counter Mode (5.1)
+ */
+class BOTAN_DLL SP800_108_Counter : public KDF
+ {
+ public:
+ std::string name() const override { return "SP800-108-Counter(" + m_prf->name() + ")"; }
+
+ KDF* clone() const override { return new SP800_108_Counter(m_prf->clone()); }
+
+ size_t kdf(byte key[], size_t key_len,
+ const byte secret[], size_t secret_len,
+ const byte salt[], size_t salt_len) const override;
+
+ SP800_108_Counter(MessageAuthenticationCode* mac) : m_prf(mac) {}
+
+ static SP800_108_Counter* make(const Spec& spec);
+ private:
+ std::unique_ptr<MessageAuthenticationCode> m_prf;
+ };
+
+/**
+ * NIST SP 800-108 KDF in Feedback Mode (5.2)
+ */
+class BOTAN_DLL SP800_108_Feedback : public KDF
+ {
+ public:
+ std::string name() const override { return "SP800-108-Feedback(" + m_prf->name() + ")"; }
+
+ KDF* clone() const override { return new SP800_108_Feedback(m_prf->clone()); }
+
+ size_t kdf(byte key[], size_t key_len,
+ const byte secret[], size_t secret_len,
+ const byte salt[], size_t salt_len) const override;
+
+ SP800_108_Feedback(MessageAuthenticationCode* mac) : m_prf(mac) {}
+
+ static SP800_108_Feedback* make(const Spec& spec);
+ private:
+ std::unique_ptr<MessageAuthenticationCode> m_prf;
+ };
+
+/**
+ * NIST SP 800-108 KDF in Double Pipeline Mode (5.3)
+ */
+class BOTAN_DLL SP800_108_Pipeline : public KDF
+ {
+ public:
+ std::string name() const override { return "SP800-108-Pipeline(" + m_prf->name() + ")"; }
+
+ KDF* clone() const override { return new SP800_108_Pipeline(m_prf->clone()); }
+
+ size_t kdf(byte key[], size_t key_len,
+ const byte secret[], size_t secret_len,
+ const byte salt[], size_t salt_len) const override;
+
+ SP800_108_Pipeline(MessageAuthenticationCode* mac) : m_prf(mac) {}
+
+ static SP800_108_Pipeline* make(const Spec& spec);
+ private:
+ std::unique_ptr<MessageAuthenticationCode> m_prf;
+ };
+
+}
+
+#endif