diff --git a/src/lib/kdf/kdf.cpp b/src/lib/kdf/kdf.cpp index 328d1f73033..297f34218e8 100644 --- a/src/lib/kdf/kdf.cpp +++ b/src/lib/kdf/kdf.cpp @@ -42,11 +42,11 @@ #endif #if defined(BOTAN_HAS_SP800_56A) - #include + #include #endif #if defined(BOTAN_HAS_SP800_56C) - #include + #include #endif namespace Botan { @@ -160,16 +160,16 @@ std::unique_ptr KDF::create(std::string_view algo_spec, std::string_view pr #if defined(BOTAN_HAS_SP800_56A) if(req.algo_name() == "SP800-56A" && req.arg_count() == 1) { if(auto hash = HashFunction::create(req.arg(0))) { - return std::make_unique(std::move(hash)); + return std::make_unique(std::move(hash)); } if(req.arg(0) == "KMAC-128") { - return std::make_unique(); + return std::make_unique(); } if(req.arg(0) == "KMAC-256") { - return std::make_unique(); + return std::make_unique(); } if(auto mac = MessageAuthenticationCode::create(req.arg(0))) { - return std::make_unique(std::move(mac)); + return std::make_unique(std::move(mac)); } } #endif @@ -179,11 +179,11 @@ std::unique_ptr KDF::create(std::string_view algo_spec, std::string_view pr std::unique_ptr exp(kdf_create_mac_or_hash(req.arg(0))); if(exp) { if(auto mac = MessageAuthenticationCode::create(req.arg(0))) { - return std::make_unique(std::move(mac), std::move(exp)); + return std::make_unique(std::move(mac), std::move(exp)); } if(auto mac = MessageAuthenticationCode::create(fmt("HMAC({})", req.arg(0)))) { - return std::make_unique(std::move(mac), std::move(exp)); + return std::make_unique(std::move(mac), std::move(exp)); } } } diff --git a/src/lib/kdf/sp800_56a/sp800_56a.cpp b/src/lib/kdf/sp800_56a/sp800_56c_one_step.cpp similarity index 77% rename from src/lib/kdf/sp800_56a/sp800_56a.cpp rename to src/lib/kdf/sp800_56a/sp800_56c_one_step.cpp index 1647ca014b9..aa92e75f91b 100644 --- a/src/lib/kdf/sp800_56a/sp800_56a.cpp +++ b/src/lib/kdf/sp800_56a/sp800_56c_one_step.cpp @@ -8,7 +8,7 @@ * Botan is released under the Simplified BSD License (see license.txt) */ -#include +#include #include #include @@ -77,14 +77,14 @@ void kdm_internal(std::span output_buffer, } // namespace -void SP800_56A_Hash::kdf(uint8_t key[], - size_t key_len, - const uint8_t secret[], - size_t secret_len, - const uint8_t salt[], - size_t salt_len, - const uint8_t label[], - size_t label_len) const { +void SP800_56C_One_Step_Hash::kdf(uint8_t key[], + size_t key_len, + const uint8_t secret[], + size_t secret_len, + const uint8_t salt[], + size_t salt_len, + const uint8_t label[], + size_t label_len) const { BOTAN_UNUSED(salt); BOTAN_ARG_CHECK(salt_len == 0, "SP800_56A_Hash does not support a non-empty salt"); @@ -95,29 +95,30 @@ void SP800_56A_Hash::kdf(uint8_t key[], }); } -std::string SP800_56A_Hash::name() const { +std::string SP800_56C_One_Step_Hash::name() const { return fmt("SP800-56A({})", m_hash->name()); } -std::unique_ptr SP800_56A_Hash::new_object() const { - return std::make_unique(m_hash->new_object()); +std::unique_ptr SP800_56C_One_Step_Hash::new_object() const { + return std::make_unique(m_hash->new_object()); } -SP800_56A_HMAC::SP800_56A_HMAC(std::unique_ptr mac) : m_mac(std::move(mac)) { +SP800_56C_One_Step_HMAC::SP800_56C_One_Step_HMAC(std::unique_ptr mac) : + m_mac(std::move(mac)) { // TODO: we need a MessageAuthenticationCode::is_hmac if(!m_mac->name().starts_with("HMAC(")) { throw Algorithm_Not_Found("Only HMAC can be used with SP800_56A_HMAC"); } } -void SP800_56A_HMAC::kdf(uint8_t key[], - size_t key_len, - const uint8_t secret[], - size_t secret_len, - const uint8_t salt[], - size_t salt_len, - const uint8_t label[], - size_t label_len) const { +void SP800_56C_One_Step_HMAC::kdf(uint8_t key[], + size_t key_len, + const uint8_t secret[], + size_t secret_len, + const uint8_t salt[], + size_t salt_len, + const uint8_t label[], + size_t label_len) const { kdm_internal({key, key_len}, {secret, secret_len}, {label, label_len}, *m_mac, [&](Buffered_Computation* kdf) { MessageAuthenticationCode* kdf_mac = dynamic_cast(kdf); BOTAN_ASSERT_NONNULL(kdf_mac); @@ -134,23 +135,23 @@ void SP800_56A_HMAC::kdf(uint8_t key[], }); } -std::string SP800_56A_HMAC::name() const { +std::string SP800_56C_One_Step_HMAC::name() const { return fmt("SP800-56A({})", m_mac->name()); } -std::unique_ptr SP800_56A_HMAC::new_object() const { - return std::make_unique(m_mac->new_object()); +std::unique_ptr SP800_56C_One_Step_HMAC::new_object() const { + return std::make_unique(m_mac->new_object()); } // Option 3 - KMAC -void SP800_56A_KMAC_Abstract::kdf(uint8_t key[], - size_t key_len, - const uint8_t secret[], - size_t secret_len, - const uint8_t salt[], - size_t salt_len, - const uint8_t label[], - size_t label_len) const { +void SP800_56A_One_Step_KMAC_Abstract::kdf(uint8_t key[], + size_t key_len, + const uint8_t secret[], + size_t secret_len, + const uint8_t salt[], + size_t salt_len, + const uint8_t label[], + size_t label_len) const { auto mac = create_kmac_instance(key_len); kdm_internal({key, key_len}, {secret, secret_len}, {label, label_len}, *mac, [&](Buffered_Computation* kdf) { MessageAuthenticationCode* kdf_mac = dynamic_cast(kdf); @@ -178,11 +179,13 @@ void SP800_56A_KMAC_Abstract::kdf(uint8_t key[], }); } -std::unique_ptr SP800_56A_KMAC128::create_kmac_instance(size_t output_byte_len) const { +std::unique_ptr SP800_56C_One_Step_KMAC128::create_kmac_instance( + size_t output_byte_len) const { return std::make_unique(output_byte_len * 8); } -std::unique_ptr SP800_56A_KMAC256::create_kmac_instance(size_t output_byte_len) const { +std::unique_ptr SP800_56C_One_Step_KMAC256::create_kmac_instance( + size_t output_byte_len) const { return std::make_unique(output_byte_len * 8); } diff --git a/src/lib/kdf/sp800_56a/sp800_56a.h b/src/lib/kdf/sp800_56a/sp800_56c_one_step.h similarity index 88% rename from src/lib/kdf/sp800_56a/sp800_56a.h rename to src/lib/kdf/sp800_56a/sp800_56c_one_step.h index 3df6288395c..abffeaaa24c 100644 --- a/src/lib/kdf/sp800_56a/sp800_56a.h +++ b/src/lib/kdf/sp800_56a/sp800_56c_one_step.h @@ -21,7 +21,7 @@ namespace Botan { * NIST SP 800-56Cr2 One-Step KDF using hash function * @warning This KDF ignores the provided salt value */ -class SP800_56A_Hash final : public KDF { +class SP800_56C_One_Step_Hash final : public KDF { public: std::string name() const override; @@ -56,7 +56,7 @@ class SP800_56A_Hash final : public KDF { /** * @param hash the hash function to use as the auxiliary function */ - explicit SP800_56A_Hash(std::unique_ptr hash) : m_hash(std::move(hash)) {} + explicit SP800_56C_One_Step_Hash(std::unique_ptr hash) : m_hash(std::move(hash)) {} private: std::unique_ptr m_hash; @@ -65,7 +65,7 @@ class SP800_56A_Hash final : public KDF { /** * NIST SP800-56Cr2 One-Step KDF using HMAC */ -class SP800_56A_HMAC final : public KDF { +class SP800_56C_One_Step_HMAC final : public KDF { public: std::string name() const override; @@ -100,7 +100,7 @@ class SP800_56A_HMAC final : public KDF { /** * @param mac the HMAC to use as the auxiliary function */ - explicit SP800_56A_HMAC(std::unique_ptr mac); + explicit SP800_56C_One_Step_HMAC(std::unique_ptr mac); private: std::unique_ptr m_mac; @@ -109,7 +109,7 @@ class SP800_56A_HMAC final : public KDF { /** * NIST SP800-56Cr2 One-Step KDF using KMAC (Abstract class) */ -class SP800_56A_KMAC_Abstract : public KDF { +class SP800_56A_One_Step_KMAC_Abstract : public KDF { public: /** * Derive a key using the SP800-56A KDF. @@ -144,11 +144,11 @@ class SP800_56A_KMAC_Abstract : public KDF { /** * NIST SP800-56Cr2 One-Step KDF using KMAC-128 */ -class SP800_56A_KMAC128 final : public SP800_56A_KMAC_Abstract { +class SP800_56C_One_Step_KMAC128 final : public SP800_56A_One_Step_KMAC_Abstract { public: std::string name() const override { return "SP800-56A(KMAC-128)"; } - std::unique_ptr new_object() const override { return std::make_unique(); } + std::unique_ptr new_object() const override { return std::make_unique(); } protected: std::unique_ptr create_kmac_instance(size_t output_byte_len) const override; @@ -157,11 +157,11 @@ class SP800_56A_KMAC128 final : public SP800_56A_KMAC_Abstract { /** * NIST SP800-56Cr2 One-Step KDF using KMAC-256 */ -class SP800_56A_KMAC256 final : public SP800_56A_KMAC_Abstract { +class SP800_56C_One_Step_KMAC256 final : public SP800_56A_One_Step_KMAC_Abstract { public: std::string name() const override { return "SP800-56A(KMAC-256)"; } - std::unique_ptr new_object() const override { return std::make_unique(); } + std::unique_ptr new_object() const override { return std::make_unique(); } protected: std::unique_ptr create_kmac_instance(size_t output_byte_len) const override; diff --git a/src/lib/kdf/sp800_56c/sp800_56c.cpp b/src/lib/kdf/sp800_56c/sp800_56c.cpp deleted file mode 100644 index 85676c09311..00000000000 --- a/src/lib/kdf/sp800_56c/sp800_56c.cpp +++ /dev/null @@ -1,41 +0,0 @@ -/* -* KDF defined in NIST SP 800-56c -* (C) 2016 Kai Michaelis -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include - -#include - -namespace Botan { - -std::string SP800_56C::name() const { - return fmt("SP800-56C({})", m_prf->name()); -} - -std::unique_ptr SP800_56C::new_object() const { - return std::make_unique(m_prf->new_object(), m_exp->new_object()); -} - -void SP800_56C::kdf(uint8_t key[], - size_t key_len, - const uint8_t secret[], - size_t secret_len, - const uint8_t salt[], - size_t salt_len, - const uint8_t label[], - size_t label_len) const { - // Randomness Extraction - secure_vector k_dk; - - m_prf->set_key(salt, salt_len); - m_prf->update(secret, secret_len); - m_prf->final(k_dk); - - // Key Expansion - m_exp->kdf(key, key_len, k_dk.data(), k_dk.size(), nullptr, 0, label, label_len); -} - -} // namespace Botan diff --git a/src/lib/kdf/sp800_56c/sp800_56c_two_step.cpp b/src/lib/kdf/sp800_56c/sp800_56c_two_step.cpp new file mode 100644 index 00000000000..1a1bf4008dc --- /dev/null +++ b/src/lib/kdf/sp800_56c/sp800_56c_two_step.cpp @@ -0,0 +1,41 @@ +/* +* Two-Step KDF defined in NIST SP 800-56Cr2 (Section 5) +* (C) 2016 Kai Michaelis +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include + +#include + +namespace Botan { + +std::string SP800_56C_Two_Step::name() const { + return fmt("SP800-56C({})", m_prf->name()); +} + +std::unique_ptr SP800_56C_Two_Step::new_object() const { + return std::make_unique(m_prf->new_object(), m_exp->new_object()); +} + +void SP800_56C_Two_Step::kdf(uint8_t key[], + size_t key_len, + const uint8_t secret[], + size_t secret_len, + const uint8_t salt[], + size_t salt_len, + const uint8_t label[], + size_t label_len) const { + // Randomness Extraction + secure_vector k_dk; + + m_prf->set_key(salt, salt_len); + m_prf->update(secret, secret_len); + m_prf->final(k_dk); + + // Key Expansion + m_exp->kdf(key, key_len, k_dk.data(), k_dk.size(), nullptr, 0, label, label_len); +} + +} // namespace Botan diff --git a/src/lib/kdf/sp800_56c/sp800_56c.h b/src/lib/kdf/sp800_56c/sp800_56c_two_step.h similarity index 83% rename from src/lib/kdf/sp800_56c/sp800_56c.h rename to src/lib/kdf/sp800_56c/sp800_56c_two_step.h index c62d6c2af2d..99da9238def 100644 --- a/src/lib/kdf/sp800_56c/sp800_56c.h +++ b/src/lib/kdf/sp800_56c/sp800_56c_two_step.h @@ -1,5 +1,5 @@ /* -* KDF defined in NIST SP 800-56c +* Two-Step KDF defined in NIST SP 800-56Cr2 (Section 5) * (C) 2016 Kai Michaelis * * Botan is released under the Simplified BSD License (see license.txt) @@ -14,16 +14,16 @@ namespace Botan { /** - * NIST SP 800-56C KDF + * NIST SP 800-56C Two-Step KDF (Section 5) */ -class SP800_56C final : public KDF { +class SP800_56C_Two_Step final : public KDF { public: std::string name() const override; std::unique_ptr new_object() const override; /** - * Derive a key using the SP800-56C KDF. + * Derive a key using the SP800-56C Two-Step KDF. * * The implementation hard codes the context value for the * expansion step to the empty string. @@ -50,7 +50,7 @@ class SP800_56C final : public KDF { * @param mac MAC algorithm used for randomness extraction * @param exp KDF used for key expansion */ - SP800_56C(std::unique_ptr mac, std::unique_ptr exp) : + SP800_56C_Two_Step(std::unique_ptr mac, std::unique_ptr exp) : m_prf(std::move(mac)), m_exp(std::move(exp)) {} private: