/src/botan/build/include/internal/botan/internal/sp800_56c_one_step.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * KDF defined in NIST SP 800-56a revision 2 (Single-step key-derivation function) |
3 | | * or in NIST SP 800-56C revision 2 (Section 4 - One-Step KDM) |
4 | | * |
5 | | * (C) 2017 Ribose Inc. Written by Krzysztof Kwiatkowski. |
6 | | * (C) 2024 Fabian Albert - Rohde & Schwarz Cybersecurity |
7 | | * |
8 | | * Botan is released under the Simplified BSD License (see license.txt) |
9 | | */ |
10 | | |
11 | | #ifndef BOTAN_SP800_56A_H_ |
12 | | #define BOTAN_SP800_56A_H_ |
13 | | |
14 | | #include <botan/hash.h> |
15 | | #include <botan/kdf.h> |
16 | | #include <botan/mac.h> |
17 | | |
18 | | namespace Botan { |
19 | | |
20 | | /** |
21 | | * NIST SP 800-56Cr2 One-Step KDF using hash function |
22 | | * @warning The salt for this KDF must be empty. |
23 | | */ |
24 | | class SP800_56C_One_Step_Hash final : public KDF { |
25 | | public: |
26 | | std::string name() const override; |
27 | | |
28 | | std::unique_ptr<KDF> new_object() const override; |
29 | | |
30 | | /** |
31 | | * Derive a key using the SP800-56Cr2 One-Step KDF. |
32 | | * |
33 | | * @param key DerivedKeyingMaterial output buffer |
34 | | * @param key_len the desired output length in bytes |
35 | | * @param secret shared secret Z |
36 | | * @param secret_len size of Z in bytes |
37 | | * @param salt the salt. Ignored. |
38 | | * @param salt_len size of salt in bytes. Must be 0. |
39 | | * @param label FixedInfo |
40 | | * @param label_len size of label in bytes |
41 | | * |
42 | | * @throws Invalid_Argument if key_len > (2^32 - 1) * Hash output bits. |
43 | | * Or thrown if salt is non-empty |
44 | | */ |
45 | | void kdf(uint8_t key[], |
46 | | size_t key_len, |
47 | | const uint8_t secret[], |
48 | | size_t secret_len, |
49 | | const uint8_t salt[], |
50 | | size_t salt_len, |
51 | | const uint8_t label[], |
52 | | size_t label_len) const override; |
53 | | |
54 | | /** |
55 | | * @param hash the hash function to use as the auxiliary function |
56 | | */ |
57 | 0 | explicit SP800_56C_One_Step_Hash(std::unique_ptr<HashFunction> hash) : m_hash(std::move(hash)) {} |
58 | | |
59 | | private: |
60 | | std::unique_ptr<HashFunction> m_hash; |
61 | | }; |
62 | | |
63 | | /** |
64 | | * NIST SP800-56Cr2 One-Step KDF using HMAC |
65 | | */ |
66 | | class SP800_56C_One_Step_HMAC final : public KDF { |
67 | | public: |
68 | | std::string name() const override; |
69 | | |
70 | | std::unique_ptr<KDF> new_object() const override; |
71 | | |
72 | | /** |
73 | | * Derive a key using the SP800-56Cr2 One-Step KDF. |
74 | | * |
75 | | * @param key DerivedKeyingMaterial output buffer |
76 | | * @param key_len the desired output length in bytes |
77 | | * @param secret shared secret Z |
78 | | * @param secret_len size of Z in bytes |
79 | | * @param salt the salt. If empty the default_salt is used. |
80 | | * @param salt_len size of salt in bytes |
81 | | * @param label FixedInfo |
82 | | * @param label_len size of label in bytes |
83 | | * |
84 | | * @throws Invalid_Argument if key_len > (2^32 - 1) * HMAC output bits |
85 | | */ |
86 | | void kdf(uint8_t key[], |
87 | | size_t key_len, |
88 | | const uint8_t secret[], |
89 | | size_t secret_len, |
90 | | const uint8_t salt[], |
91 | | size_t salt_len, |
92 | | const uint8_t label[], |
93 | | size_t label_len) const override; |
94 | | |
95 | | /** |
96 | | * @param mac the HMAC to use as the auxiliary function |
97 | | */ |
98 | | explicit SP800_56C_One_Step_HMAC(std::unique_ptr<MessageAuthenticationCode> mac); |
99 | | |
100 | | private: |
101 | | std::unique_ptr<MessageAuthenticationCode> m_mac; |
102 | | }; |
103 | | |
104 | | /** |
105 | | * NIST SP800-56Cr2 One-Step KDF using KMAC (Abstract class) |
106 | | */ |
107 | | class SP800_56A_One_Step_KMAC_Abstract : public KDF { |
108 | | public: |
109 | | /** |
110 | | * Derive a key using the SP800-56Cr2 One-Step KDF. |
111 | | * |
112 | | * @param key DerivedKeyingMaterial output buffer |
113 | | * @param key_len the desired output length in bytes |
114 | | * @param secret shared secret Z |
115 | | * @param secret_len size of Z in bytes |
116 | | * @param salt the salt. If empty the default_salt is used. |
117 | | * @param salt_len size of salt in bytes |
118 | | * @param label FixedInfo |
119 | | * @param label_len size of label in bytes |
120 | | * |
121 | | * @throws Invalid_Argument if key_len > (2^32 - 1) * KMAC output bits |
122 | | */ |
123 | | void kdf(uint8_t key[], |
124 | | size_t key_len, |
125 | | const uint8_t secret[], |
126 | | size_t secret_len, |
127 | | const uint8_t salt[], |
128 | | size_t salt_len, |
129 | | const uint8_t label[], |
130 | | size_t label_len) const override; |
131 | | |
132 | | protected: |
133 | | virtual std::unique_ptr<MessageAuthenticationCode> create_kmac_instance(size_t output_byte_len) const = 0; |
134 | | |
135 | | /// See SP800-56C Section 4.1 - Implementation-Dependent Parameters 3. |
136 | | virtual size_t default_salt_length() const = 0; |
137 | | }; |
138 | | |
139 | | /** |
140 | | * NIST SP800-56Cr2 One-Step KDF using KMAC-128 |
141 | | */ |
142 | | class SP800_56C_One_Step_KMAC128 final : public SP800_56A_One_Step_KMAC_Abstract { |
143 | | public: |
144 | 0 | std::string name() const override { return "SP800-56A(KMAC-128)"; } |
145 | | |
146 | 0 | std::unique_ptr<KDF> new_object() const override { return std::make_unique<SP800_56C_One_Step_KMAC128>(); } |
147 | | |
148 | | private: |
149 | | std::unique_ptr<MessageAuthenticationCode> create_kmac_instance(size_t output_byte_len) const override; |
150 | | |
151 | 0 | size_t default_salt_length() const override { return 164; } |
152 | | }; |
153 | | |
154 | | /** |
155 | | * NIST SP800-56Cr2 One-Step KDF using KMAC-256 |
156 | | */ |
157 | | class SP800_56C_One_Step_KMAC256 final : public SP800_56A_One_Step_KMAC_Abstract { |
158 | | public: |
159 | 0 | std::string name() const override { return "SP800-56A(KMAC-256)"; } |
160 | | |
161 | 0 | std::unique_ptr<KDF> new_object() const override { return std::make_unique<SP800_56C_One_Step_KMAC256>(); } |
162 | | |
163 | | private: |
164 | | std::unique_ptr<MessageAuthenticationCode> create_kmac_instance(size_t output_byte_len) const override; |
165 | | |
166 | 0 | size_t default_salt_length() const override { return 132; } |
167 | | }; |
168 | | |
169 | | } // namespace Botan |
170 | | |
171 | | #endif |