/src/botan/build/include/botan/sp800_56a.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * KDF defined in NIST SP 800-56a revision 2 (Single-step key-derivation function) |
3 | | * |
4 | | * (C) 2017 Ribose Inc. Written by Krzysztof Kwiatkowski. |
5 | | * |
6 | | * Botan is released under the Simplified BSD License (see license.txt) |
7 | | */ |
8 | | |
9 | | #ifndef BOTAN_SP800_56A_H_ |
10 | | #define BOTAN_SP800_56A_H_ |
11 | | |
12 | | #include <botan/kdf.h> |
13 | | #include <botan/hash.h> |
14 | | #include <botan/mac.h> |
15 | | |
16 | | BOTAN_FUTURE_INTERNAL_HEADER(sp800_56a.h) |
17 | | |
18 | | namespace Botan { |
19 | | |
20 | | /** |
21 | | * NIST SP 800-56A KDF using hash function |
22 | | * @warning This KDF ignores the provided salt value |
23 | | */ |
24 | | class BOTAN_PUBLIC_API(2,2) SP800_56A_Hash final : public KDF |
25 | | { |
26 | | public: |
27 | 0 | std::string name() const override { return "SP800-56A(" + m_hash->name() + ")"; } |
28 | | |
29 | 0 | KDF* clone() const override { return new SP800_56A_Hash(m_hash->clone()); } |
30 | | |
31 | | /** |
32 | | * Derive a key using the SP800-56A KDF. |
33 | | * |
34 | | * The implementation hard codes the context value for the |
35 | | * expansion step to the empty string. |
36 | | * |
37 | | * @param key derived keying material K_M |
38 | | * @param key_len the desired output length in bytes |
39 | | * @param secret shared secret Z |
40 | | * @param secret_len size of Z in bytes |
41 | | * @param salt ignored |
42 | | * @param salt_len ignored |
43 | | * @param label label for the expansion step |
44 | | * @param label_len size of label in bytes |
45 | | * |
46 | | * @throws Invalid_Argument key_len > 2^32 |
47 | | */ |
48 | | size_t kdf(uint8_t key[], size_t key_len, |
49 | | const uint8_t secret[], size_t secret_len, |
50 | | const uint8_t salt[], size_t salt_len, |
51 | | const uint8_t label[], size_t label_len) const override; |
52 | | |
53 | | /** |
54 | | * @param hash the hash function to use as the auxiliary function |
55 | | */ |
56 | 0 | explicit SP800_56A_Hash(HashFunction* hash) : m_hash(hash) {} |
57 | | private: |
58 | | std::unique_ptr<HashFunction> m_hash; |
59 | | }; |
60 | | |
61 | | /** |
62 | | * NIST SP 800-56A KDF using HMAC |
63 | | */ |
64 | | class BOTAN_PUBLIC_API(2,2) SP800_56A_HMAC final : public KDF |
65 | | { |
66 | | public: |
67 | 0 | std::string name() const override { return "SP800-56A(" + m_mac->name() + ")"; } |
68 | | |
69 | 0 | KDF* clone() const override { return new SP800_56A_HMAC(m_mac->clone()); } |
70 | | |
71 | | /** |
72 | | * Derive a key using the SP800-56A KDF. |
73 | | * |
74 | | * The implementation hard codes the context value for the |
75 | | * expansion step to the empty string. |
76 | | * |
77 | | * @param key derived keying material K_M |
78 | | * @param key_len the desired output length in bytes |
79 | | * @param secret shared secret Z |
80 | | * @param secret_len size of Z in bytes |
81 | | * @param salt ignored |
82 | | * @param salt_len ignored |
83 | | * @param label label for the expansion step |
84 | | * @param label_len size of label in bytes |
85 | | * |
86 | | * @throws Invalid_Argument key_len > 2^32 or MAC is not a HMAC |
87 | | */ |
88 | | size_t kdf(uint8_t key[], size_t key_len, |
89 | | const uint8_t secret[], size_t secret_len, |
90 | | const uint8_t salt[], size_t salt_len, |
91 | | const uint8_t label[], size_t label_len) const override; |
92 | | |
93 | | /** |
94 | | * @param mac the HMAC to use as the auxiliary function |
95 | | */ |
96 | | explicit SP800_56A_HMAC(MessageAuthenticationCode* mac); |
97 | | private: |
98 | | std::unique_ptr<MessageAuthenticationCode> m_mac; |
99 | | }; |
100 | | |
101 | | } |
102 | | |
103 | | #endif |