/src/botan/build/include/botan/internal/sp800_56a.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * KDF defined in NIST SP 800-56a revision 2 (Single-step key-derivation function) |
3 | | * |
4 | | * (C) 2017 Ribose Inc. Written by Krzysztof Kwiatkowski. |
5 | | * |
6 | | * Botan is released under the Simplified BSD License (see license.txt) |
7 | | */ |
8 | | |
9 | | #ifndef BOTAN_SP800_56A_H_ |
10 | | #define BOTAN_SP800_56A_H_ |
11 | | |
12 | | #include <botan/kdf.h> |
13 | | #include <botan/hash.h> |
14 | | #include <botan/mac.h> |
15 | | |
16 | | namespace Botan { |
17 | | |
18 | | /** |
19 | | * NIST SP 800-56A KDF using hash function |
20 | | * @warning This KDF ignores the provided salt value |
21 | | */ |
22 | | class SP800_56A_Hash final : public KDF |
23 | | { |
24 | | public: |
25 | 0 | std::string name() const override { return "SP800-56A(" + m_hash->name() + ")"; } |
26 | | |
27 | 0 | std::unique_ptr<KDF> new_object() const override { return std::make_unique<SP800_56A_Hash>(m_hash->new_object()); } |
28 | | |
29 | | /** |
30 | | * Derive a key using the SP800-56A KDF. |
31 | | * |
32 | | * The implementation hard codes the context value for the |
33 | | * expansion step to the empty string. |
34 | | * |
35 | | * @param key derived keying material K_M |
36 | | * @param key_len the desired output length in bytes |
37 | | * @param secret shared secret Z |
38 | | * @param secret_len size of Z in bytes |
39 | | * @param salt ignored |
40 | | * @param salt_len ignored |
41 | | * @param label label for the expansion step |
42 | | * @param label_len size of label in bytes |
43 | | * |
44 | | * @throws Invalid_Argument key_len > 2^32 |
45 | | */ |
46 | | void kdf(uint8_t key[], size_t key_len, |
47 | | const uint8_t secret[], size_t secret_len, |
48 | | const uint8_t salt[], size_t salt_len, |
49 | | const uint8_t label[], size_t label_len) const override; |
50 | | |
51 | | /** |
52 | | * @param hash the hash function to use as the auxiliary function |
53 | | */ |
54 | 0 | explicit SP800_56A_Hash(std::unique_ptr<HashFunction> hash) : m_hash(std::move(hash)) {} |
55 | | private: |
56 | | std::unique_ptr<HashFunction> m_hash; |
57 | | }; |
58 | | |
59 | | /** |
60 | | * NIST SP 800-56A KDF using HMAC |
61 | | */ |
62 | | class SP800_56A_HMAC final : public KDF |
63 | | { |
64 | | public: |
65 | 0 | std::string name() const override { return "SP800-56A(" + m_mac->name() + ")"; } |
66 | | |
67 | 0 | std::unique_ptr<KDF> new_object() const override { return std::make_unique<SP800_56A_HMAC>(m_mac->new_object()); } |
68 | | |
69 | | /** |
70 | | * Derive a key using the SP800-56A KDF. |
71 | | * |
72 | | * The implementation hard codes the context value for the |
73 | | * expansion step to the empty string. |
74 | | * |
75 | | * @param key derived keying material K_M |
76 | | * @param key_len the desired output length in bytes |
77 | | * @param secret shared secret Z |
78 | | * @param secret_len size of Z in bytes |
79 | | * @param salt ignored |
80 | | * @param salt_len ignored |
81 | | * @param label label for the expansion step |
82 | | * @param label_len size of label in bytes |
83 | | * |
84 | | * @throws Invalid_Argument key_len > 2^32 or MAC is not a HMAC |
85 | | */ |
86 | | void kdf(uint8_t key[], size_t key_len, |
87 | | const uint8_t secret[], size_t secret_len, |
88 | | const uint8_t salt[], size_t salt_len, |
89 | | const uint8_t label[], size_t label_len) const override; |
90 | | |
91 | | /** |
92 | | * @param mac the HMAC to use as the auxiliary function |
93 | | */ |
94 | | explicit SP800_56A_HMAC(std::unique_ptr<MessageAuthenticationCode> mac); |
95 | | private: |
96 | | std::unique_ptr<MessageAuthenticationCode> m_mac; |
97 | | }; |
98 | | |
99 | | } |
100 | | |
101 | | #endif |