Botan 2.19.3
Crypto and TLS for C&
prf_x942.cpp
Go to the documentation of this file.
1/*
2* X9.42 PRF
3* (C) 1999-2007 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/prf_x942.h>
9#include <botan/der_enc.h>
10#include <botan/hash.h>
11#include <botan/loadstor.h>
12#include <algorithm>
13
14namespace Botan {
15
16namespace {
17
18/*
19* Encode an integer as an OCTET STRING
20*/
21std::vector<uint8_t> encode_x942_int(uint32_t n)
22 {
23 uint8_t n_buf[4] = { 0 };
24 store_be(n, n_buf);
25
26 std::vector<uint8_t> output;
27 DER_Encoder(output).encode(n_buf, 4, OCTET_STRING);
28 return output;
29 }
30
31}
32
33size_t X942_PRF::kdf(uint8_t key[], size_t key_len,
34 const uint8_t secret[], size_t secret_len,
35 const uint8_t salt[], size_t salt_len,
36 const uint8_t label[], size_t label_len) const
37 {
38 std::unique_ptr<HashFunction> hash(HashFunction::create("SHA-160"));
39
42 size_t offset = 0;
43 uint32_t counter = 1;
44
45 in.reserve(salt_len + label_len);
46 in += std::make_pair(label,label_len);
47 in += std::make_pair(salt,salt_len);
48
49 while(offset != key_len && counter)
50 {
51 hash->update(secret, secret_len);
52
53 hash->update(
54 DER_Encoder().start_cons(SEQUENCE)
55
56 .start_cons(SEQUENCE)
57 .encode(m_key_wrap_oid)
58 .raw_bytes(encode_x942_int(counter))
59 .end_cons()
60
61 .encode_if(salt_len != 0,
63 .start_explicit(0)
64 .encode(in, OCTET_STRING)
65 .end_explicit()
66 )
67
68 .start_explicit(2)
69 .raw_bytes(encode_x942_int(static_cast<uint32_t>(8 * key_len)))
70 .end_explicit()
71
72 .end_cons().get_contents()
73 );
74
75 hash->final(h);
76 const size_t copied = std::min(h.size(), key_len - offset);
77 copy_mem(&key[offset], h.data(), copied);
78 offset += copied;
79
80 ++counter;
81 }
82
83 // FIXME: returns truncated output
84 return offset;
85 }
86
87std::string X942_PRF::name() const
88 {
89 return "X9.42-PRF(" + m_key_wrap_oid.to_formatted_string() + ")";
90 }
91
92}
static std::unique_ptr< HashFunction > create(const std::string &algo_spec, const std::string &provider="")
Definition hash.cpp:102
std::string to_formatted_string() const
Definition asn1_oid.cpp:111
size_t kdf(uint8_t key[], size_t key_len, const uint8_t secret[], size_t secret_len, const uint8_t salt[], size_t salt_len, const uint8_t label[], size_t label_len) const override
Definition prf_x942.cpp:33
std::string name() const override
Definition prf_x942.cpp:87
void store_be(uint16_t in, uint8_t out[2])
Definition loadstor.h:438
void copy_mem(T *out, const T *in, size_t n)
Definition mem_ops.h:133
@ SEQUENCE
Definition asn1_obj.h:42
@ OCTET_STRING
Definition asn1_obj.h:38
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:65
MechanismType hash
size_t salt_len
Definition x509_obj.cpp:25