2
* KDFs defined in NIST SP 800-108
3
* (C) 2016 Kai Michaelis
5
* Botan is released under the Simplified BSD License (see license.txt)
8
#ifndef BOTAN_SP800_108_H_
9
#define BOTAN_SP800_108_H_
11
#include <botan/kdf.h>
12
#include <botan/mac.h>
17
* NIST SP 800-108 KDF in Counter Mode (5.1)
19
class BOTAN_PUBLIC_API(2,0) SP800_108_Counter final : public KDF
22
std::string name() const override { return "SP800-108-Counter(" + m_prf->name() + ")"; }
24
KDF* clone() const override { return new SP800_108_Counter(m_prf->clone()); }
27
* Derive a key using the SP800-108 KDF in Counter mode.
29
* The implementation hard codes the length of [L]_2
30
* and [i]_2 (the value r) to 32 bits.
32
* @param key resulting keying material
33
* @param key_len the desired output length in bytes
35
* @param secret_len size of K_I in bytes
37
* @param salt_len size of Context in bytes
39
* @param label_len size of Label in bytes
41
* @throws Invalid_Argument key_len > 2^32
43
size_t kdf(uint8_t key[], size_t key_len,
44
const uint8_t secret[], size_t secret_len,
45
const uint8_t salt[], size_t salt_len,
46
const uint8_t label[], size_t label_len) const override;
49
* @param mac MAC algorithm to use
51
explicit SP800_108_Counter(MessageAuthenticationCode* mac) : m_prf(mac) {}
53
std::unique_ptr<MessageAuthenticationCode> m_prf;
57
* NIST SP 800-108 KDF in Feedback Mode (5.2)
59
class BOTAN_PUBLIC_API(2,0) SP800_108_Feedback final : public KDF
62
std::string name() const override { return "SP800-108-Feedback(" + m_prf->name() + ")"; }
64
KDF* clone() const override { return new SP800_108_Feedback(m_prf->clone()); }
67
* Derive a key using the SP800-108 KDF in Feedback mode.
69
* The implementation uses the optional counter i and hard
70
* codes the length of [L]_2 and [i]_2 (the value r) to 32 bits.
72
* @param key resulting keying material
73
* @param key_len the desired output length in bytes
75
* @param secret_len size of K_I in bytes
76
* @param salt IV || Context
77
* @param salt_len size of Context plus IV in bytes
79
* @param label_len size of Label in bytes
81
* @throws Invalid_Argument key_len > 2^32
83
size_t kdf(uint8_t key[], size_t key_len,
84
const uint8_t secret[], size_t secret_len,
85
const uint8_t salt[], size_t salt_len,
86
const uint8_t label[], size_t label_len) const override;
88
explicit SP800_108_Feedback(MessageAuthenticationCode* mac) : m_prf(mac) {}
90
std::unique_ptr<MessageAuthenticationCode> m_prf;
94
* NIST SP 800-108 KDF in Double Pipeline Mode (5.3)
96
class BOTAN_PUBLIC_API(2,0) SP800_108_Pipeline final : public KDF
99
std::string name() const override { return "SP800-108-Pipeline(" + m_prf->name() + ")"; }
101
KDF* clone() const override { return new SP800_108_Pipeline(m_prf->clone()); }
104
* Derive a key using the SP800-108 KDF in Double Pipeline mode.
106
* The implementation uses the optional counter i and hard
107
* codes the length of [L]_2 and [i]_2 (the value r) to 32 bits.
109
* @param key resulting keying material
110
* @param key_len the desired output length in bytes
112
* @param secret_len size of K_I in bytes
113
* @param salt Context
114
* @param salt_len size of Context in bytes
116
* @param label_len size of Label in bytes
118
* @throws Invalid_Argument key_len > 2^32
120
size_t kdf(uint8_t key[], size_t key_len,
121
const uint8_t secret[], size_t secret_len,
122
const uint8_t salt[], size_t salt_len,
123
const uint8_t label[], size_t label_len) const override;
125
explicit SP800_108_Pipeline(MessageAuthenticationCode* mac) : m_prf(mac) {}
128
std::unique_ptr<MessageAuthenticationCode> m_prf;