sp800_56a.hpp
Go to the documentation of this file.
1 //---------------------------------------------------------------------------//
2 // Copyright (c) 2019 Mikhail Komarov <nemo@nil.foundation>
3 //
4 // MIT License
5 //
6 // Permission is hereby granted, free of charge, to any person obtaining a copy
7 // of this software and associated documentation files (the "Software"), to deal
8 // in the Software without restriction, including without limitation the rights
9 // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 // copies of the Software, and to permit persons to whom the Software is
11 // furnished to do so, subject to the following conditions:
12 //
13 // The above copyright notice and this permission notice shall be included in all
14 // copies or substantial portions of the Software.
15 //
16 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 // SOFTWARE.
23 //---------------------------------------------------------------------------//
24 
25 #ifndef CRYPTO3_KDF_SP800_56A_HPP
26 #define CRYPTO3_KDF_SP800_56A_HPP
27 
28 #include <nil/crypto3/detail/type_traits.hpp>
29 
30 #include <nil/crypto3/mac/hmac.hpp>
31 
32 #include <nil/crypto3/kdf/detail/sp800_56a/sp800_56a_policy.hpp>
33 
34 #include <vector>
35 
36 namespace nil {
37  namespace crypto3 {
38  namespace kdf {
44  template<typename Construction, typename = void>
45  class sp800_56a { };
46 
52  template<typename Hash>
53  class sp800_56a<Hash, typename std::enable_if<is_hash<Hash>::value>::type> {
54  public:
55  typedef Hash hash_type;
56  };
57 
63  template<typename MessageAuthenticationCode>
64  class sp800_56a<MessageAuthenticationCode,
65  typename std::enable_if<is_mac<MessageAuthenticationCode>::value>::type> {
66  typedef detail::sp800_56a_policy<MessageAuthenticationCode> policy_type;
67 
68  public:
69  typedef typename policy_type::hash_type hash_type;
70  typedef typename policy_type::mac_type mac_type;
71 
72  constexpr static const std::size_t salt_bits = policy_type::salt_bits;
73  typedef typename policy_type::salt_type salt_type;
74 
75  constexpr static const std::size_t min_key_bits = policy_type::min_key_bits;
76  constexpr static const std::size_t max_key_bits = policy_type::max_key_bits;
77  typedef typename policy_type::key_type key_type;
78 
79  sp800_56a(const salt_type &salt) : mac(salt) {
80  }
81 
82  static void process(const key_type &key) {
83  const uint64_t kRepsUpperBound = (1ULL << 32U);
84 
85  const size_t digest_len = auxfunc.output_length();
86 
87  const size_t reps = key.size() / digest_len + ((key.size() % digest_len) ? 1 : 0);
88 
89  if (reps >= kRepsUpperBound) {
90  // See SP-800-56A, point 5.8.1
91  throw std::invalid_argument("SP800-56A KDF requested output too large");
92  }
93 
94  uint32_t counter = 1;
95  std::vector<uint8_t> result;
96  for (size_t i = 0; i < reps; i++) {
97  auxfunc.update_be(counter++);
98  auxfunc.update(secret, secret_len);
99  auxfunc.update(label, label_len);
100  auxfunc.final(result);
101 
102  const size_t offset = digest_len * i;
103  const size_t len = std::min(result.size(), key_len - offset);
104  copy_mem(&key[offset], result.data(), len);
105  }
106 
107  return key_len;
108  }
109 
110  protected:
111  mac_type mac;
112  };
113 
119  template<typename Hash>
120  class sp800_56a<mac::hmac<Hash>, typename std::enable_if<is_mac<mac::hmac<Hash>>::value>::type> {
121  typedef detail::sp800_56a_policy<mac::hmac<Hash>> policy_type;
122 
123  public:
124  typedef typename policy_type::hash_type hash_type;
125  typedef typename policy_type::mac_type mac_type;
126 
127  constexpr static const std::size_t salt_bits = policy_type::salt_bits;
128  typedef typename policy_type::salt_type salt_type;
129 
130  constexpr static const std::size_t min_key_bits = policy_type::min_key_bits;
131  constexpr static const std::size_t max_key_bits = policy_type::max_key_bits;
132  typedef typename policy_type::key_type key_type;
133 
134  sp800_56a(const salt_type &salt) : mac(salt) {
135  }
136 
137  static void process(const key_type &key) {
138  mac_type mac(key);
139 
140  const uint64_t kRepsUpperBound = (1ULL << 32U);
141 
142  const size_t digest_len = auxfunc.output_length();
143 
144  const size_t reps = key.size() / digest_len + ((key.size() % digest_len) ? 1 : 0);
145 
146  if (reps >= kRepsUpperBound) {
147  // See SP-800-56A, point 5.8.1
148  throw std::invalid_argument("SP800-56A KDF requested output too large");
149  }
150 
151  uint32_t counter = 1;
152  std::vector<uint8_t> result;
153  for (size_t i = 0; i < reps; i++) {
154  auxfunc.update_be(counter++);
155  auxfunc.update(secret, secret_len);
156  auxfunc.update(label, label_len);
157  auxfunc.final(result);
158 
159  const size_t offset = digest_len * i;
160  const size_t len = std::min(result.size(), key_len - offset);
161  copy_mem(&key[offset], result.data(), len);
162  }
163 
164  return key_len;
165  }
166 
167  protected:
168  mac_type mac;
169  };
170  } // namespace kdf
171  } // namespace crypto3
172 } // namespace nil
173 
174 #endif
nil::crypto3::kdf::sp800_56a< Hash, typename std::enable_if< is_hash< Hash >::value >::type >::hash_type
Hash hash_type
Definition: sp800_56a.hpp:55
nil::crypto3::kdf::sp800_56a< MessageAuthenticationCode, typename std::enable_if< is_mac< MessageAuthenticationCode >::value >::type >::mac
mac_type mac
Definition: sp800_56a.hpp:111
nil::crypto3::kdf::sp800_56a< MessageAuthenticationCode, typename std::enable_if< is_mac< MessageAuthenticationCode >::value >::type >::hash_type
policy_type::hash_type hash_type
Definition: sp800_56a.hpp:69
nil::crypto3::kdf::sp800_56a< MessageAuthenticationCode, typename std::enable_if< is_mac< MessageAuthenticationCode >::value >::type >::salt_type
policy_type::salt_type salt_type
Definition: sp800_56a.hpp:73
nil::crypto3::kdf::sp800_56a< MessageAuthenticationCode, typename std::enable_if< is_mac< MessageAuthenticationCode >::value >::type >::process
static void process(const key_type &key)
Definition: sp800_56a.hpp:82
nil::crypto3::kdf::sp800_56a< MessageAuthenticationCode, typename std::enable_if< is_mac< MessageAuthenticationCode >::value >::type >::mac_type
policy_type::mac_type mac_type
Definition: sp800_56a.hpp:70
nil::crypto3::kdf::sp800_56a< MessageAuthenticationCode, typename std::enable_if< is_mac< MessageAuthenticationCode >::value >::type >::key_type
policy_type::key_type key_type
Definition: sp800_56a.hpp:77
nil::crypto3::kdf::sp800_56a< MessageAuthenticationCode, typename std::enable_if< is_mac< MessageAuthenticationCode >::value >::type >::sp800_56a
sp800_56a(const salt_type &salt)
Definition: sp800_56a.hpp:79
nil::crypto3::kdf::sp800_56a< mac::hmac< Hash >, typename std::enable_if< is_mac< mac::hmac< Hash > >::value >::type >::key_type
policy_type::key_type key_type
Definition: sp800_56a.hpp:132
nil::crypto3::kdf::sp800_56a< mac::hmac< Hash >, typename std::enable_if< is_mac< mac::hmac< Hash > >::value >::type >::hash_type
policy_type::hash_type hash_type
Definition: sp800_56a.hpp:124
nil::crypto3::kdf::sp800_56a< mac::hmac< Hash >, typename std::enable_if< is_mac< mac::hmac< Hash > >::value >::type >::mac
mac_type mac
Definition: sp800_56a.hpp:168
nil::crypto3::kdf::sp800_56a< mac::hmac< Hash >, typename std::enable_if< is_mac< mac::hmac< Hash > >::value >::type >::salt_type
policy_type::salt_type salt_type
Definition: sp800_56a.hpp:128
nil::crypto3::kdf::sp800_56a< mac::hmac< Hash >, typename std::enable_if< is_mac< mac::hmac< Hash > >::value >::type >::sp800_56a
sp800_56a(const salt_type &salt)
Definition: sp800_56a.hpp:134
nil::crypto3::kdf::sp800_56a< mac::hmac< Hash >, typename std::enable_if< is_mac< mac::hmac< Hash > >::value >::type >::process
static void process(const key_type &key)
Definition: sp800_56a.hpp:137
nil::crypto3::kdf::sp800_56a< mac::hmac< Hash >, typename std::enable_if< is_mac< mac::hmac< Hash > >::value >::type >::mac_type
policy_type::mac_type mac_type
Definition: sp800_56a.hpp:125
nil::crypto3::kdf::sp800_56a
KDF defined in NIST SP 800-56a revision 2 (Single-step key-derivation function)
Definition: sp800_56a.hpp:45
nil::crypto3::algebra::min
constexpr T min(const vector< T, N > &v)
computes the minimum valued element
Definition: algebra/include/nil/crypto3/algebra/vector/math.hpp:135
nil::crypto3::accumulators::extract::mac
boost::mpl::apply< AccumulatorSet, tag::mac< ProcessingPolicy > >::type::result_type mac(const AccumulatorSet &acc)
Definition: accumulators/mac.hpp:99
nil::crypto3::accumulators::extract::kdf
boost::mpl::apply< AccumulatorSet, tag::kdf< Mode > >::type::result_type kdf(const AccumulatorSet &acc)
Definition: kdf.hpp:177
nil::crypto3::copy_mem
void copy_mem(T *out, const T *in, size_t n)
Definition: memory_operations.hpp:186
nil
Definition: pair.hpp:31
sp800_56a_policy.hpp
nil::crypto3::kdf::detail::sp800_56a_policy
Definition: sp800_56a_policy.hpp:37