/src/botan/src/lib/kdf/kdf1_iso18033/kdf1_iso18033.cpp

Source (jump to first uncovered line)
/*
* KDF1 from ISO 18033-2
* (C) 2016 Philipp Weber
* (C) 2024 René Meusel, Rohde & Schwarz Cybersecurity
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/internal/kdf1_iso18033.h>

#include <botan/exceptn.h>
#include <botan/internal/bit_ops.h>
#include <botan/internal/fmt.h>
#include <botan/internal/stl_util.h>

namespace Botan {

void KDF1_18033::perform_kdf(std::span<uint8_t> key,
                             std::span<const uint8_t> secret,
                             std::span<const uint8_t> salt,
                             std::span<const uint8_t> label) const {
   if(key.empty()) {
      return;
   }

   const auto hash_output_length = m_hash->output_length();
   const auto blocks_required = ceil_division<uint64_t /* for 32bit systems */>(key.size(), hash_output_length);

   // This KDF uses a 32-bit counter for the hash blocks, initialized at 0.
   // It will wrap around after 2^32 iterations which limits the theoretically
   // possible output to 2^32 blocks.
   BOTAN_ARG_CHECK(blocks_required <= 0xFFFFFFFF, "KDF1-18033 maximum output length exceeeded");

   BufferStuffer k(key);
   for(uint32_t counter = 0; !k.full(); ++counter) {
      m_hash->update(secret);
      m_hash->update_be(counter);
      m_hash->update(label);
      m_hash->update(salt);

      // Write straight into the output buffer, except if the hash output needs
      // a truncation in the final iteration.
      if(k.remaining_capacity() >= hash_output_length) {
         m_hash->final(k.next(hash_output_length));
      } else {
         const auto h = m_hash->final();
         k.append(std::span{h}.first(k.remaining_capacity()));
      }
   }
}

std::string KDF1_18033::name() const {
   return fmt("KDF1-18033({})", m_hash->name());
}

std::unique_ptr<KDF> KDF1_18033::new_object() const {
   return std::make_unique<KDF1_18033>(m_hash->new_object());
}

}  // namespace Botan

Coverage Report

Created: 2025-04-11 06:34

Line	Count	Source (jump to first uncovered line)
1		/*
2		* KDF1 from ISO 18033-2
3		* (C) 2016 Philipp Weber
4		* (C) 2024 René Meusel, Rohde & Schwarz Cybersecurity
5		*
6		* Botan is released under the Simplified BSD License (see license.txt)
7		*/
8
9		#include <botan/internal/kdf1_iso18033.h>
10
11		#include <botan/exceptn.h>
12		#include <botan/internal/bit_ops.h>
13		#include <botan/internal/fmt.h>
14		#include <botan/internal/stl_util.h>
15
16		namespace Botan {
17
18		void KDF1_18033::perform_kdf(std::span<uint8_t> key,
19		std::span<const uint8_t> secret,
20		std::span<const uint8_t> salt,
21	0	std::span<const uint8_t> label) const {
22	0	if(key.empty()) {
23	0	return;
24	0	}
25
26	0	const auto hash_output_length = m_hash->output_length();
27	0	const auto blocks_required = ceil_division<uint64_t /* for 32bit systems */>(key.size(), hash_output_length);
28
29		// This KDF uses a 32-bit counter for the hash blocks, initialized at 0.
30		// It will wrap around after 2^32 iterations which limits the theoretically
31		// possible output to 2^32 blocks.
32	0	BOTAN_ARG_CHECK(blocks_required <= 0xFFFFFFFF, "KDF1-18033 maximum output length exceeeded");
33
34	0	BufferStuffer k(key);
35	0	for(uint32_t counter = 0; !k.full(); ++counter) {
36	0	m_hash->update(secret);
37	0	m_hash->update_be(counter);
38	0	m_hash->update(label);
39	0	m_hash->update(salt);
40
41		// Write straight into the output buffer, except if the hash output needs
42		// a truncation in the final iteration.
43	0	if(k.remaining_capacity() >= hash_output_length) {
44	0	m_hash->final(k.next(hash_output_length));
45	0	} else {
46	0	const auto h = m_hash->final();
47	0	k.append(std::span{h}.first(k.remaining_capacity()));
48	0	}
49	0	}
50	0	}
51
52	0	std::string KDF1_18033::name() const {
53	0	return fmt("KDF1-18033({})", m_hash->name());
54	0	}
55
56	0	std::unique_ptr<KDF> KDF1_18033::new_object() const {
57	0	return std::make_unique<KDF1_18033>(m_hash->new_object());
58	0	}
59
60		} // namespace Botan