/src/botan/src/lib/kdf/sp800_108/sp800_108.cpp

Source (jump to first uncovered line)
/*
* KDFs defined in NIST SP 800-108
* (C) 2016 Kai Michaelis
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/internal/sp800_108.h>
#include <botan/internal/loadstor.h>
#include <botan/exceptn.h>
#include <iterator>

namespace Botan {

void SP800_108_Counter::kdf(uint8_t key[], size_t key_len,
                              const uint8_t secret[], size_t secret_len,
                              const uint8_t salt[], size_t salt_len,
                              const uint8_t label[], size_t label_len) const
   {
   const std::size_t prf_len =  m_prf->output_length();

   const uint64_t blocks_required = (key_len + prf_len - 1) / prf_len;

   if(blocks_required > 0xFFFFFFFF)
      throw Invalid_Argument("SP800_108_Counter output size too large");

   const uint8_t delim = 0;
   const uint32_t length = static_cast<uint32_t>(key_len * 8);

   uint8_t *p = key;
   uint32_t counter = 1;
   uint8_t be_len[4] = { 0 };
   secure_vector<uint8_t> tmp;

   store_be(length, be_len);
   m_prf->set_key(secret, secret_len);

   while(p < key + key_len)
      {
      const std::size_t to_copy = std::min< std::size_t >(key + key_len - p, prf_len);
      uint8_t be_cnt[4] = { 0 };

      store_be(counter, be_cnt);

      m_prf->update(be_cnt,4);
      m_prf->update(label,label_len);
      m_prf->update(delim);
      m_prf->update(salt,salt_len);
      m_prf->update(be_len,4);
      m_prf->final(tmp);

      copy_mem(p, tmp.data(), to_copy);
      p += to_copy;

      ++counter;
      BOTAN_ASSERT(counter != 0, "No counter overflow");
      }
   }

void SP800_108_Feedback::kdf(uint8_t key[], size_t key_len,
                               const uint8_t secret[], size_t secret_len,
                               const uint8_t salt[], size_t salt_len,
                               const uint8_t label[], size_t label_len) const
   {
   const uint32_t length = static_cast<uint32_t>(key_len * 8);
   const std::size_t prf_len =  m_prf->output_length();
   const std::size_t iv_len = (salt_len >= prf_len ? prf_len : 0);
   const uint8_t delim = 0;

   const uint64_t blocks_required = (key_len + prf_len - 1) / prf_len;

   if(blocks_required > 0xFFFFFFFF)
      throw Invalid_Argument("SP800_108_Feedback output size too large");

   uint8_t *p = key;
   uint32_t counter = 1;
   uint8_t be_len[4] = { 0 };
   secure_vector< uint8_t > prev(salt, salt + iv_len);
   secure_vector< uint8_t > ctx(salt + iv_len, salt + salt_len);

   store_be(length, be_len);
   m_prf->set_key(secret, secret_len);

   while(p < key + key_len)
      {
      const std::size_t to_copy = std::min< std::size_t >(key + key_len - p, prf_len);
      uint8_t be_cnt[4] = { 0 };

      store_be(counter, be_cnt);

      m_prf->update(prev);
      m_prf->update(be_cnt,4);
      m_prf->update(label,label_len);
      m_prf->update(delim);
      m_prf->update(ctx);
      m_prf->update(be_len,4);
      m_prf->final(prev);

      copy_mem(p, prev.data(), to_copy);
      p += to_copy;

      ++counter;

      BOTAN_ASSERT(counter != 0, "No overflow");
      }
   }

void SP800_108_Pipeline::kdf(uint8_t key[], size_t key_len,
                               const uint8_t secret[], size_t secret_len,
                               const uint8_t salt[], size_t salt_len,
                               const uint8_t label[], size_t label_len) const
   {
   const uint32_t length = static_cast<uint32_t>(key_len * 8);
   const std::size_t prf_len =  m_prf->output_length();
   const uint8_t delim = 0;

   const uint64_t blocks_required = (key_len + prf_len - 1) / prf_len;

   if(blocks_required > 0xFFFFFFFF)
      throw Invalid_Argument("SP800_108_Feedback output size too large");

   uint8_t *p = key;
   uint32_t counter = 1;
   uint8_t be_len[4] = { 0 };
   secure_vector<uint8_t> ai, ki;

   store_be(length, be_len);
   m_prf->set_key(secret,secret_len);

   // A(0)
   std::copy(label,label + label_len,std::back_inserter(ai));
   ai.emplace_back(delim);
   std::copy(salt,salt + salt_len,std::back_inserter(ai));
   std::copy(be_len,be_len + 4,std::back_inserter(ai));

   while(p < key + key_len)
      {
      // A(i)
      m_prf->update(ai);
      m_prf->final(ai);

      // K(i)
      const std::size_t to_copy = std::min< std::size_t >(key + key_len - p, prf_len);
      uint8_t be_cnt[4] = { 0 };

      store_be(counter, be_cnt);

      m_prf->update(ai);
      m_prf->update(be_cnt,4);
      m_prf->update(label, label_len);
      m_prf->update(delim);
      m_prf->update(salt, salt_len);
      m_prf->update(be_len,4);
      m_prf->final(ki);

      copy_mem(p, ki.data(), to_copy);
      p += to_copy;

      ++counter;

      BOTAN_ASSERT(counter != 0, "No overflow");
      }
   }
}

Line	Count	Source (jump to first uncovered line)
1		/*
2		* KDFs defined in NIST SP 800-108
3		* (C) 2016 Kai Michaelis
4		*
5		* Botan is released under the Simplified BSD License (see license.txt)
6		*/
7
8		#include <botan/internal/sp800_108.h>
9		#include <botan/internal/loadstor.h>
10		#include <botan/exceptn.h>
11		#include <iterator>
12
13		namespace Botan {
14
15		void SP800_108_Counter::kdf(uint8_t key[], size_t key_len,
16		const uint8_t secret[], size_t secret_len,
17		const uint8_t salt[], size_t salt_len,
18		const uint8_t label[], size_t label_len) const
19	0	{
20	0	const std::size_t prf_len = m_prf->output_length();
21
22	0	const uint64_t blocks_required = (key_len + prf_len - 1) / prf_len;
23
24	0	if(blocks_required > 0xFFFFFFFF)
25	0	throw Invalid_Argument("SP800_108_Counter output size too large");
26
27	0	const uint8_t delim = 0;
28	0	const uint32_t length = static_cast<uint32_t>(key_len * 8);
29
30	0	uint8_t *p = key;
31	0	uint32_t counter = 1;
32	0	uint8_t be_len[4] = { 0 };
33	0	secure_vector<uint8_t> tmp;
34
35	0	store_be(length, be_len);
36	0	m_prf->set_key(secret, secret_len);
37
38	0	while(p < key + key_len)
39	0	{
40	0	const std::size_t to_copy = std::min< std::size_t >(key + key_len - p, prf_len);
41	0	uint8_t be_cnt[4] = { 0 };
42
43	0	store_be(counter, be_cnt);
44
45	0	m_prf->update(be_cnt,4);
46	0	m_prf->update(label,label_len);
47	0	m_prf->update(delim);
48	0	m_prf->update(salt,salt_len);
49	0	m_prf->update(be_len,4);
50	0	m_prf->final(tmp);
51
52	0	copy_mem(p, tmp.data(), to_copy);
53	0	p += to_copy;
54
55	0	++counter;
56	0	BOTAN_ASSERT(counter != 0, "No counter overflow");
57	0	}
58	0	}
59
60		void SP800_108_Feedback::kdf(uint8_t key[], size_t key_len,
61		const uint8_t secret[], size_t secret_len,
62		const uint8_t salt[], size_t salt_len,
63		const uint8_t label[], size_t label_len) const
64	0	{
65	0	const uint32_t length = static_cast<uint32_t>(key_len * 8);
66	0	const std::size_t prf_len = m_prf->output_length();
67	0	const std::size_t iv_len = (salt_len >= prf_len ? prf_len : 0);
68	0	const uint8_t delim = 0;
69
70	0	const uint64_t blocks_required = (key_len + prf_len - 1) / prf_len;
71
72	0	if(blocks_required > 0xFFFFFFFF)
73	0	throw Invalid_Argument("SP800_108_Feedback output size too large");
74
75	0	uint8_t *p = key;
76	0	uint32_t counter = 1;
77	0	uint8_t be_len[4] = { 0 };
78	0	secure_vector< uint8_t > prev(salt, salt + iv_len);
79	0	secure_vector< uint8_t > ctx(salt + iv_len, salt + salt_len);
80
81	0	store_be(length, be_len);
82	0	m_prf->set_key(secret, secret_len);
83
84	0	while(p < key + key_len)
85	0	{
86	0	const std::size_t to_copy = std::min< std::size_t >(key + key_len - p, prf_len);
87	0	uint8_t be_cnt[4] = { 0 };
88
89	0	store_be(counter, be_cnt);
90
91	0	m_prf->update(prev);
92	0	m_prf->update(be_cnt,4);
93	0	m_prf->update(label,label_len);
94	0	m_prf->update(delim);
95	0	m_prf->update(ctx);
96	0	m_prf->update(be_len,4);
97	0	m_prf->final(prev);
98
99	0	copy_mem(p, prev.data(), to_copy);
100	0	p += to_copy;
101
102	0	++counter;
103
104	0	BOTAN_ASSERT(counter != 0, "No overflow");
105	0	}
106	0	}
107
108		void SP800_108_Pipeline::kdf(uint8_t key[], size_t key_len,
109		const uint8_t secret[], size_t secret_len,
110		const uint8_t salt[], size_t salt_len,
111		const uint8_t label[], size_t label_len) const
112	0	{
113	0	const uint32_t length = static_cast<uint32_t>(key_len * 8);
114	0	const std::size_t prf_len = m_prf->output_length();
115	0	const uint8_t delim = 0;
116
117	0	const uint64_t blocks_required = (key_len + prf_len - 1) / prf_len;
118
119	0	if(blocks_required > 0xFFFFFFFF)
120	0	throw Invalid_Argument("SP800_108_Feedback output size too large");
121
122	0	uint8_t *p = key;
123	0	uint32_t counter = 1;
124	0	uint8_t be_len[4] = { 0 };
125	0	secure_vector<uint8_t> ai, ki;
126
127	0	store_be(length, be_len);
128	0	m_prf->set_key(secret,secret_len);
129
130		// A(0)
131	0	std::copy(label,label + label_len,std::back_inserter(ai));
132	0	ai.emplace_back(delim);
133	0	std::copy(salt,salt + salt_len,std::back_inserter(ai));
134	0	std::copy(be_len,be_len + 4,std::back_inserter(ai));
135
136	0	while(p < key + key_len)
137	0	{
138		// A(i)
139	0	m_prf->update(ai);
140	0	m_prf->final(ai);
141
142		// K(i)
143	0	const std::size_t to_copy = std::min< std::size_t >(key + key_len - p, prf_len);
144	0	uint8_t be_cnt[4] = { 0 };
145
146	0	store_be(counter, be_cnt);
147
148	0	m_prf->update(ai);
149	0	m_prf->update(be_cnt,4);
150	0	m_prf->update(label, label_len);
151	0	m_prf->update(delim);
152	0	m_prf->update(salt, salt_len);
153	0	m_prf->update(be_len,4);
154	0	m_prf->final(ki);
155
156	0	copy_mem(p, ki.data(), to_copy);
157	0	p += to_copy;
158
159	0	++counter;
160
161	0	BOTAN_ASSERT(counter != 0, "No overflow");
162	0	}
163	0	}
164		}

Coverage Report

Created: 2021-04-07 06:07