Coverage Report

Created: 2024-11-29 06:10

/src/botan/build/include/internal/botan/internal/sp800_56c_one_step.h
Line
Count
Source (jump to first uncovered line)
1
/*
2
* KDF defined in NIST SP 800-56a revision 2 (Single-step key-derivation function)
3
* or in NIST SP 800-56C revision 2 (Section 4 - One-Step KDM)
4
*
5
* (C) 2017 Ribose Inc. Written by Krzysztof Kwiatkowski.
6
* (C) 2024 Fabian Albert - Rohde & Schwarz Cybersecurity
7
*
8
* Botan is released under the Simplified BSD License (see license.txt)
9
*/
10
11
#ifndef BOTAN_SP800_56A_H_
12
#define BOTAN_SP800_56A_H_
13
14
#include <botan/hash.h>
15
#include <botan/kdf.h>
16
#include <botan/mac.h>
17
18
namespace Botan {
19
20
/**
21
 * NIST SP 800-56Cr2 One-Step KDF using hash function
22
 * @warning The salt for this KDF must be empty.
23
 */
24
class SP800_56C_One_Step_Hash final : public KDF {
25
   public:
26
      std::string name() const override;
27
28
      std::unique_ptr<KDF> new_object() const override;
29
30
      /**
31
      * Derive a key using the SP800-56Cr2 One-Step KDF.
32
      *
33
      * @param key DerivedKeyingMaterial output buffer
34
      * @param key_len the desired output length in bytes
35
      * @param secret shared secret Z
36
      * @param secret_len size of Z in bytes
37
      * @param salt the salt. Ignored.
38
      * @param salt_len size of salt in bytes. Must be 0.
39
      * @param label FixedInfo
40
      * @param label_len size of label in bytes
41
      *
42
      * @throws Invalid_Argument if key_len > (2^32 - 1) * Hash output bits.
43
      *         Or thrown if salt is non-empty
44
      */
45
      void kdf(uint8_t key[],
46
               size_t key_len,
47
               const uint8_t secret[],
48
               size_t secret_len,
49
               const uint8_t salt[],
50
               size_t salt_len,
51
               const uint8_t label[],
52
               size_t label_len) const override;
53
54
      /**
55
      * @param hash the hash function to use as the auxiliary function
56
      */
57
0
      explicit SP800_56C_One_Step_Hash(std::unique_ptr<HashFunction> hash) : m_hash(std::move(hash)) {}
58
59
   private:
60
      std::unique_ptr<HashFunction> m_hash;
61
};
62
63
/**
64
 * NIST SP800-56Cr2 One-Step KDF using HMAC
65
 */
66
class SP800_56C_One_Step_HMAC final : public KDF {
67
   public:
68
      std::string name() const override;
69
70
      std::unique_ptr<KDF> new_object() const override;
71
72
      /**
73
      * Derive a key using the SP800-56Cr2 One-Step KDF.
74
      *
75
      * @param key DerivedKeyingMaterial output buffer
76
      * @param key_len the desired output length in bytes
77
      * @param secret shared secret Z
78
      * @param secret_len size of Z in bytes
79
      * @param salt the salt. If empty the default_salt is used.
80
      * @param salt_len size of salt in bytes
81
      * @param label FixedInfo
82
      * @param label_len size of label in bytes
83
      *
84
      * @throws Invalid_Argument if key_len > (2^32 - 1) * HMAC output bits
85
      */
86
      void kdf(uint8_t key[],
87
               size_t key_len,
88
               const uint8_t secret[],
89
               size_t secret_len,
90
               const uint8_t salt[],
91
               size_t salt_len,
92
               const uint8_t label[],
93
               size_t label_len) const override;
94
95
      /**
96
      * @param mac the HMAC to use as the auxiliary function
97
      */
98
      explicit SP800_56C_One_Step_HMAC(std::unique_ptr<MessageAuthenticationCode> mac);
99
100
   private:
101
      std::unique_ptr<MessageAuthenticationCode> m_mac;
102
};
103
104
/**
105
 * NIST SP800-56Cr2 One-Step KDF using KMAC (Abstract class)
106
 */
107
class SP800_56A_One_Step_KMAC_Abstract : public KDF {
108
   public:
109
      /**
110
      * Derive a key using the SP800-56Cr2 One-Step KDF.
111
      *
112
      * @param key DerivedKeyingMaterial output buffer
113
      * @param key_len the desired output length in bytes
114
      * @param secret shared secret Z
115
      * @param secret_len size of Z in bytes
116
      * @param salt the salt. If empty the default_salt is used.
117
      * @param salt_len size of salt in bytes
118
      * @param label FixedInfo
119
      * @param label_len size of label in bytes
120
      *
121
      * @throws Invalid_Argument if key_len > (2^32 - 1) * KMAC output bits
122
      */
123
      void kdf(uint8_t key[],
124
               size_t key_len,
125
               const uint8_t secret[],
126
               size_t secret_len,
127
               const uint8_t salt[],
128
               size_t salt_len,
129
               const uint8_t label[],
130
               size_t label_len) const override;
131
132
   protected:
133
      virtual std::unique_ptr<MessageAuthenticationCode> create_kmac_instance(size_t output_byte_len) const = 0;
134
135
      /// See SP800-56C Section 4.1 - Implementation-Dependent Parameters 3.
136
      virtual size_t default_salt_length() const = 0;
137
};
138
139
/**
140
 * NIST SP800-56Cr2 One-Step KDF using KMAC-128
141
 */
142
class SP800_56C_One_Step_KMAC128 final : public SP800_56A_One_Step_KMAC_Abstract {
143
   public:
144
0
      std::string name() const override { return "SP800-56A(KMAC-128)"; }
145
146
0
      std::unique_ptr<KDF> new_object() const override { return std::make_unique<SP800_56C_One_Step_KMAC128>(); }
147
148
   private:
149
      std::unique_ptr<MessageAuthenticationCode> create_kmac_instance(size_t output_byte_len) const override;
150
151
0
      size_t default_salt_length() const override { return 164; }
152
};
153
154
/**
155
 * NIST SP800-56Cr2 One-Step KDF using KMAC-256
156
 */
157
class SP800_56C_One_Step_KMAC256 final : public SP800_56A_One_Step_KMAC_Abstract {
158
   public:
159
0
      std::string name() const override { return "SP800-56A(KMAC-256)"; }
160
161
0
      std::unique_ptr<KDF> new_object() const override { return std::make_unique<SP800_56C_One_Step_KMAC256>(); }
162
163
   private:
164
      std::unique_ptr<MessageAuthenticationCode> create_kmac_instance(size_t output_byte_len) const override;
165
166
0
      size_t default_salt_length() const override { return 132; }
167
};
168
169
}  // namespace Botan
170
171
#endif