sp800_108.hpp
Go to the documentation of this file.
1 //---------------------------------------------------------------------------//
2 // Copyright (c) 2019 Mikhail Komarov <nemo@nil.foundation>
3 //
4 // MIT License
5 //
6 // Permission is hereby granted, free of charge, to any person obtaining a copy
7 // of this software and associated documentation files (the "Software"), to deal
8 // in the Software without restriction, including without limitation the rights
9 // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 // copies of the Software, and to permit persons to whom the Software is
11 // furnished to do so, subject to the following conditions:
12 //
13 // The above copyright notice and this permission notice shall be included in all
14 // copies or substantial portions of the Software.
15 //
16 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 // SOFTWARE.
23 //---------------------------------------------------------------------------//
24 
25 #ifndef CRYPTO3_KDF_SP800_108_HPP
26 #define CRYPTO3_KDF_SP800_108_HPP
27 
28 #include <nil/crypto3/kdf/detail/sp800_108/sp800_108_functions.hpp>
29 
30 #include <vector>
31 
32 namespace nil {
33  namespace crypto3 {
34  namespace kdf {
35  namespace mode {
41  template<typename MessageAuthenticationCode>
42  struct sp800_108_mode {
43  typedef MessageAuthenticationCode mac_type;
44  };
50  template<typename MessageAuthenticationCode>
51  struct counter : sp800_108_mode<MessageAuthenticationCode> {
52  typedef typename sp800_108_mode<MessageAuthenticationCode>::mac_type mac_type;
53 
54  constexpr static const std::size_t secret_bits = mac_type::key_bits;
55  typedef typename mac_type::key_type secret_type;
56 
57  counter(const secret_type &key) : mac(key) {
58  }
59 
60  inline void process() {
61  const std::size_t prf_len = m_prf->output_length();
62  const uint8_t delim = 0;
63  const uint32_t length = static_cast<uint32_t>(key_len * 8);
64 
65  uint8_t *p = key;
66  uint32_t counter = 1;
67  uint8_t be_len[4] = {0};
68  std::vector<uint8_t> tmp;
69 
70  store_be(length, be_len);
71  m_prf->set_key(secret, secret_len);
72 
73  while (p < key + key_len && counter != 0) {
74  const std::size_t to_copy = std::min<std::size_t>(key + key_len - p, prf_len);
75  uint8_t be_cnt[4] = {0};
76 
77  store_be(counter, be_cnt);
78 
79  m_prf->update(be_cnt, 4);
80  m_prf->update(label, label_len);
81  m_prf->update(delim);
82  m_prf->update(salt, salt_len);
83  m_prf->update(be_len, 4);
84  m_prf->final(tmp);
85 
86  copy_mem(p, tmp.data(), to_copy);
87  p += to_copy;
88 
89  ++counter;
90  if (counter == 0) {
91  throw std::invalid_argument("Can't process more than 4GB");
92  }
93  }
94 
95  return key_len;
96  }
97 
98  protected:
99  mac_type mac;
100  };
101 
107  template<typename MessageAuthenticationCode>
108  struct feedback : sp800_108_mode<MessageAuthenticationCode> {
109  typedef typename sp800_108_mode<MessageAuthenticationCode>::mac_type mac_type;
110 
111  constexpr static const std::size_t secret_bits = mac_type::key_bits;
112  typedef typename mac_type::key_type secret_type;
113 
114  feedback(const secret_type &key) : mac(key) {
115  }
116 
117  inline void process() {
118  const uint32_t length = static_cast<uint32_t>(key_len * 8);
119  const std::size_t prf_len = m_prf->output_length();
120  const std::size_t iv_len = (salt_len >= prf_len ? prf_len : 0);
121  const uint8_t delim = 0;
122 
123  uint8_t *p = key;
124  uint32_t counter = 1;
125  uint8_t be_len[4] = {0};
126  std::vector<uint8_t> prev(salt, salt + iv_len);
127  std::vector<uint8_t> ctx(salt + iv_len, salt + salt_len);
128 
129  store_be(length, be_len);
130  m_prf->set_key(secret, secret_len);
131 
132  while (p < key + key_len && counter != 0) {
133  const std::size_t to_copy = std::min<std::size_t>(key + key_len - p, prf_len);
134  uint8_t be_cnt[4] = {0};
135 
136  store_be(counter, be_cnt);
137 
138  m_prf->update(prev);
139  m_prf->update(be_cnt, 4);
140  m_prf->update(label, label_len);
141  m_prf->update(delim);
142  m_prf->update(ctx);
143  m_prf->update(be_len, 4);
144  m_prf->final(prev);
145 
146  copy_mem(p, prev.data(), to_copy);
147  p += to_copy;
148 
149  ++counter;
150 
151  if (counter == 0) {
152  throw std::invalid_argument("Can't process more than 4GB");
153  }
154  }
155 
156  return key_len;
157  }
158 
159  protected:
160  mac_type mac;
161  };
162 
168  template<typename MessageAuthenticationCode>
169  struct pipeline : sp800_108_mode<MessageAuthenticationCode> {
170  typedef typename sp800_108_mode<MessageAuthenticationCode>::mac_type mac_type;
171 
172  constexpr static const std::size_t secret_bits = mac_type::key_bits;
173  typedef typename mac_type::key_type secret_type;
174 
175  pipeline(const secret_type &key) : mac(key) {
176  }
177 
178  inline void process() {
179  const uint32_t length = static_cast<uint32_t>(key_len * 8);
180  const std::size_t prf_len = m_prf->output_length();
181  const uint8_t delim = 0;
182 
183  uint8_t *p = key;
184  uint32_t counter = 1;
185  uint8_t be_len[4] = {0};
186  std::vector<uint8_t> ai, ki;
187 
188  store_be(length, be_len);
189  m_prf->set_key(secret, secret_len);
190 
191  // A(0)
192  std::copy(label, label + label_len, std::back_inserter(ai));
193  ai.emplace_back(delim);
194  std::copy(salt, salt + salt_len, std::back_inserter(ai));
195  std::copy(be_len, be_len + 4, std::back_inserter(ai));
196 
197  while (p < key + key_len && counter != 0) {
198  // A(i)
199  m_prf->update(ai);
200  m_prf->final(ai);
201 
202  // K(i)
203  const std::size_t to_copy = std::min<std::size_t>(key + key_len - p, prf_len);
204  uint8_t be_cnt[4] = {0};
205 
206  store_be(counter, be_cnt);
207 
208  m_prf->update(ai);
209  m_prf->update(be_cnt, 4);
210  m_prf->update(label, label_len);
211  m_prf->update(delim);
212  m_prf->update(salt, salt_len);
213  m_prf->update(be_len, 4);
214  m_prf->final(ki);
215 
216  copy_mem(p, ki.data(), to_copy);
217  p += to_copy;
218 
219  ++counter;
220 
221  if (counter == 0) {
222  throw std::invalid_argument("Can't process more than 4GB");
223  }
224  }
225 
226  return key_len;
227  }
228 
229  protected:
230  mac_type mac;
231  };
232  } // namespace mode
233 
240  template<typename MessageAuthenticationCode, template<typename> class Mode>
241  class sp800_108 {
242  typedef detail::sp800_108_functions<MessageAuthenticationCode, Mode> policy_type;
243 
244  public:
245  typedef typename policy_type::mode_type mode_type;
246  typedef typename policy_type::mac_type mac_type;
247 
248  constexpr static const std::size_t secret_bits = mode_type::secret_bits;
249  typedef typename mode_type::secret_type secret_type;
250 
251  sp800_108(const secret_type &key) : mode(key) {
252  }
253 
254  void process() {
255  mode.process();
256  }
257 
258  protected:
259  mode_type mode;
260  };
261  } // namespace kdf
262  } // namespace crypto3
263 } // namespace nil
264 
265 #endif
nil::crypto3::kdf::sp800_108
NIST SP 800-108 KDF.
Definition: sp800_108.hpp:241
nil::crypto3::kdf::sp800_108::sp800_108
sp800_108(const secret_type &key)
Definition: sp800_108.hpp:251
nil::crypto3::kdf::sp800_108::mode_type
policy_type::mode_type mode_type
Definition: sp800_108.hpp:245
nil::crypto3::kdf::sp800_108::secret_type
mode_type::secret_type secret_type
Definition: sp800_108.hpp:249
nil::crypto3::kdf::sp800_108::mode
mode_type mode
Definition: sp800_108.hpp:259
nil::crypto3::kdf::sp800_108::secret_bits
constexpr static const std::size_t secret_bits
Definition: sp800_108.hpp:248
nil::crypto3::kdf::sp800_108::process
void process()
Definition: sp800_108.hpp:254
nil::crypto3::kdf::sp800_108::mac_type
policy_type::mac_type mac_type
Definition: sp800_108.hpp:246
nil::crypto3::accumulators::extract::kdf
boost::mpl::apply< AccumulatorSet, tag::kdf< Mode > >::type::result_type kdf(const AccumulatorSet &acc)
Definition: kdf.hpp:177
nil::crypto3::copy_mem
void copy_mem(T *out, const T *in, size_t n)
Definition: memory_operations.hpp:186
nil
Definition: pair.hpp:31
sp800_108_functions.hpp
nil::crypto3::kdf::detail::sp800_108_functions
Definition: sp800_108_functions.hpp:35
nil::crypto3::kdf::detail::sp800_108_functions::mac_type
policy_type::mac_type mac_type
Definition: sp800_108_functions.hpp:38
nil::crypto3::kdf::detail::sp800_108_functions::mode_type
policy_type::mode_type mode_type
Definition: sp800_108_functions.hpp:37
nil::crypto3::kdf::mode::counter
NIST SP 800-108 KDF Counter Mode (5.1)
Definition: sp800_108.hpp:51
nil::crypto3::kdf::mode::counter::counter
counter(const secret_type &key)
Definition: sp800_108.hpp:57
nil::crypto3::kdf::mode::counter::mac
mac_type mac
Definition: sp800_108.hpp:99
nil::crypto3::kdf::mode::counter::secret_type
mac_type::key_type secret_type
Definition: sp800_108.hpp:55
nil::crypto3::kdf::mode::counter::mac_type
sp800_108_mode< MessageAuthenticationCode >::mac_type mac_type
Definition: sp800_108.hpp:52
nil::crypto3::kdf::mode::counter::process
void process()
Definition: sp800_108.hpp:60
nil::crypto3::kdf::mode::counter::secret_bits
constexpr static const std::size_t secret_bits
Definition: sp800_108.hpp:54
nil::crypto3::kdf::mode::feedback
NIST SP 800-108 KDF Feedback Mode (5.2)
Definition: sp800_108.hpp:108
nil::crypto3::kdf::mode::feedback::process
void process()
Definition: sp800_108.hpp:117
nil::crypto3::kdf::mode::feedback::mac_type
sp800_108_mode< MessageAuthenticationCode >::mac_type mac_type
Definition: sp800_108.hpp:109
nil::crypto3::kdf::mode::feedback::secret_type
mac_type::key_type secret_type
Definition: sp800_108.hpp:112
nil::crypto3::kdf::mode::feedback::feedback
feedback(const secret_type &key)
Definition: sp800_108.hpp:114
nil::crypto3::kdf::mode::feedback::secret_bits
constexpr static const std::size_t secret_bits
Definition: sp800_108.hpp:111
nil::crypto3::kdf::mode::feedback::mac
mac_type mac
Definition: sp800_108.hpp:160
nil::crypto3::kdf::mode::pipeline
NIST SP 800-108 KDF Double Pipeline Mode (5.3)
Definition: sp800_108.hpp:169
nil::crypto3::kdf::mode::pipeline::mac
mac_type mac
Definition: sp800_108.hpp:230
nil::crypto3::kdf::mode::pipeline::process
void process()
Definition: sp800_108.hpp:178
nil::crypto3::kdf::mode::pipeline::mac_type
sp800_108_mode< MessageAuthenticationCode >::mac_type mac_type
Definition: sp800_108.hpp:170
nil::crypto3::kdf::mode::pipeline::secret_bits
constexpr static const std::size_t secret_bits
Definition: sp800_108.hpp:172
nil::crypto3::kdf::mode::pipeline::secret_type
mac_type::key_type secret_type
Definition: sp800_108.hpp:173
nil::crypto3::kdf::mode::pipeline::pipeline
pipeline(const secret_type &key)
Definition: sp800_108.hpp:175
nil::crypto3::kdf::mode::sp800_108_mode
sp800_108 key derivation function policy base class
Definition: sp800_108.hpp:42
nil::crypto3::kdf::mode::sp800_108_mode::mac_type
MessageAuthenticationCode mac_type
Definition: sp800_108.hpp:43