diff options
Diffstat (limited to 'botan/src/kdf')
-rw-r--r-- | botan/src/kdf/info.txt | 14 | ||||
-rw-r--r-- | botan/src/kdf/kdf.cpp | 68 | ||||
-rw-r--r-- | botan/src/kdf/kdf.h | 60 | ||||
-rw-r--r-- | botan/src/kdf/kdf1/info.txt | 14 | ||||
-rw-r--r-- | botan/src/kdf/kdf1/kdf1.cpp | 24 | ||||
-rw-r--r-- | botan/src/kdf/kdf1/kdf1.h | 36 | ||||
-rw-r--r-- | botan/src/kdf/kdf2/info.txt | 14 | ||||
-rw-r--r-- | botan/src/kdf/kdf2/kdf2.cpp | 41 | ||||
-rw-r--r-- | botan/src/kdf/kdf2/kdf2.h | 34 | ||||
-rw-r--r-- | botan/src/kdf/mgf1/info.txt | 14 | ||||
-rw-r--r-- | botan/src/kdf/mgf1/mgf1.cpp | 58 | ||||
-rw-r--r-- | botan/src/kdf/mgf1/mgf1.h | 36 | ||||
-rw-r--r-- | botan/src/kdf/ssl_prf/info.txt | 16 | ||||
-rw-r--r-- | botan/src/kdf/ssl_prf/prf_ssl3.cpp | 76 | ||||
-rw-r--r-- | botan/src/kdf/ssl_prf/prf_ssl3.h | 27 | ||||
-rw-r--r-- | botan/src/kdf/tls_prf/info.txt | 17 | ||||
-rw-r--r-- | botan/src/kdf/tls_prf/prf_tls.cpp | 85 | ||||
-rw-r--r-- | botan/src/kdf/tls_prf/prf_tls.h | 34 | ||||
-rw-r--r-- | botan/src/kdf/x942_prf/info.txt | 16 | ||||
-rw-r--r-- | botan/src/kdf/x942_prf/prf_x942.cpp | 91 | ||||
-rw-r--r-- | botan/src/kdf/x942_prf/prf_x942.h | 31 |
21 files changed, 806 insertions, 0 deletions
diff --git a/botan/src/kdf/info.txt b/botan/src/kdf/info.txt new file mode 100644 index 0000000..1965a20 --- /dev/null +++ b/botan/src/kdf/info.txt @@ -0,0 +1,14 @@ +realname "KDF Base Class" + +define KDF_BASE + +load_on auto + +<add> +kdf.cpp +kdf.h +</add> + +<requires> +alloc +</requires> diff --git a/botan/src/kdf/kdf.cpp b/botan/src/kdf/kdf.cpp new file mode 100644 index 0000000..4be8475 --- /dev/null +++ b/botan/src/kdf/kdf.cpp @@ -0,0 +1,68 @@ +/* +* KDF Base Class +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/kdf.h> + +namespace Botan { + +/* +* Derive a key +*/ +SecureVector<byte> KDF::derive_key(u32bit key_len, + const MemoryRegion<byte>& secret, + const std::string& salt) const + { + return derive_key(key_len, secret, secret.size(), + reinterpret_cast<const byte*>(salt.data()), + salt.length()); + } + +/* +* Derive a key +*/ +SecureVector<byte> KDF::derive_key(u32bit key_len, + const MemoryRegion<byte>& secret, + const byte salt[], u32bit salt_len) const + { + return derive_key(key_len, secret.begin(), secret.size(), + salt, salt_len); + } + +/* +* Derive a key +*/ +SecureVector<byte> KDF::derive_key(u32bit key_len, + const MemoryRegion<byte>& secret, + const MemoryRegion<byte>& salt) const + { + return derive_key(key_len, secret.begin(), secret.size(), + salt.begin(), salt.size()); + } + +/* +* Derive a key +*/ +SecureVector<byte> KDF::derive_key(u32bit key_len, + const byte secret[], u32bit secret_len, + const std::string& salt) const + { + return derive_key(key_len, secret, secret_len, + reinterpret_cast<const byte*>(salt.data()), + salt.length()); + } + +/* +* Derive a key +*/ +SecureVector<byte> KDF::derive_key(u32bit key_len, + const byte secret[], u32bit secret_len, + const byte salt[], u32bit salt_len) const + { + return derive(key_len, secret, secret_len, salt, salt_len); + } + +} diff --git a/botan/src/kdf/kdf.h b/botan/src/kdf/kdf.h new file mode 100644 index 0000000..70f636b --- /dev/null +++ b/botan/src/kdf/kdf.h @@ -0,0 +1,60 @@ +/* +* KDF/MGF +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_KDF_BASE_H__ +#define BOTAN_KDF_BASE_H__ + +#include <botan/secmem.h> +#include <botan/types.h> + +namespace Botan { + +/* +* Key Derivation Function +*/ +class BOTAN_DLL KDF + { + public: + SecureVector<byte> derive_key(u32bit key_len, + const MemoryRegion<byte>& secret, + const std::string& salt = "") const; + SecureVector<byte> derive_key(u32bit key_len, + const MemoryRegion<byte>& secret, + const MemoryRegion<byte>& salt) const; + + SecureVector<byte> derive_key(u32bit key_len, + const MemoryRegion<byte>& secret, + const byte salt[], u32bit salt_len) const; + + SecureVector<byte> derive_key(u32bit key_len, + const byte secret[], u32bit secret_len, + const std::string& salt = "") const; + SecureVector<byte> derive_key(u32bit key_len, + const byte secret[], u32bit secret_len, + const byte salt[], u32bit salt_len) const; + + virtual ~KDF() {} + private: + virtual SecureVector<byte> derive(u32bit, const byte[], u32bit, + const byte[], u32bit) const = 0; + }; + +/* +* Mask Generation Function +*/ +class BOTAN_DLL MGF + { + public: + virtual void mask(const byte in[], u32bit in_len, + byte out[], u32bit out_len) const = 0; + + virtual ~MGF() {} + }; + +} + +#endif diff --git a/botan/src/kdf/kdf1/info.txt b/botan/src/kdf/kdf1/info.txt new file mode 100644 index 0000000..ede1001 --- /dev/null +++ b/botan/src/kdf/kdf1/info.txt @@ -0,0 +1,14 @@ +realname "KDF1" + +define KDF1 + +load_on auto + +<add> +kdf1.h +kdf1.cpp +</add> + +<requires> +hash +</requires> diff --git a/botan/src/kdf/kdf1/kdf1.cpp b/botan/src/kdf/kdf1/kdf1.cpp new file mode 100644 index 0000000..539d9ed --- /dev/null +++ b/botan/src/kdf/kdf1/kdf1.cpp @@ -0,0 +1,24 @@ +/* +* KDF1 +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/kdf1.h> + +namespace Botan { + +/* +* KDF1 Key Derivation Mechanism +*/ +SecureVector<byte> KDF1::derive(u32bit, + const byte secret[], u32bit secret_len, + const byte P[], u32bit P_len) const + { + hash->update(secret, secret_len); + hash->update(P, P_len); + return hash->final(); + } + +} diff --git a/botan/src/kdf/kdf1/kdf1.h b/botan/src/kdf/kdf1/kdf1.h new file mode 100644 index 0000000..d657ccc --- /dev/null +++ b/botan/src/kdf/kdf1/kdf1.h @@ -0,0 +1,36 @@ +/* +* KDF1 +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_KDF1_H__ +#define BOTAN_KDF1_H__ + +#include <botan/kdf.h> +#include <botan/hash.h> + +namespace Botan { + +/* +* KDF1 +*/ +class BOTAN_DLL KDF1 : public KDF + { + public: + SecureVector<byte> derive(u32bit, + const byte secret[], u32bit secret_len, + const byte P[], u32bit P_len) const; + + KDF1(HashFunction* h) : hash(h) {} + KDF1(const KDF1& other) : KDF(), hash(other.hash->clone()) {} + + ~KDF1() { delete hash; } + private: + HashFunction* hash; + }; + +} + +#endif diff --git a/botan/src/kdf/kdf2/info.txt b/botan/src/kdf/kdf2/info.txt new file mode 100644 index 0000000..1858f89 --- /dev/null +++ b/botan/src/kdf/kdf2/info.txt @@ -0,0 +1,14 @@ +realname "KDF2" + +define KDF2 + +load_on auto + +<add> +kdf2.cpp +kdf2.h +</add> + +<requires> +hash +</requires> diff --git a/botan/src/kdf/kdf2/kdf2.cpp b/botan/src/kdf/kdf2/kdf2.cpp new file mode 100644 index 0000000..167f644 --- /dev/null +++ b/botan/src/kdf/kdf2/kdf2.cpp @@ -0,0 +1,41 @@ +/* +* KDF2 +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/kdf2.h> +#include <botan/loadstor.h> + +namespace Botan { + +/* +* KDF2 Key Derivation Mechanism +*/ +SecureVector<byte> KDF2::derive(u32bit out_len, + const byte secret[], u32bit secret_len, + const byte P[], u32bit P_len) const + { + SecureVector<byte> output; + u32bit counter = 1; + + while(out_len && counter) + { + hash->update(secret, secret_len); + for(u32bit j = 0; j != 4; ++j) + hash->update(get_byte(j, counter)); + hash->update(P, P_len); + SecureVector<byte> hash_result = hash->final(); + + u32bit added = std::min(hash_result.size(), out_len); + output.append(hash_result, added); + out_len -= added; + + ++counter; + } + + return output; + } + +} diff --git a/botan/src/kdf/kdf2/kdf2.h b/botan/src/kdf/kdf2/kdf2.h new file mode 100644 index 0000000..f748bed --- /dev/null +++ b/botan/src/kdf/kdf2/kdf2.h @@ -0,0 +1,34 @@ +/* +* KDF2 +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_KDF2_H__ +#define BOTAN_KDF2_H__ + +#include <botan/kdf.h> +#include <botan/hash.h> + +namespace Botan { + +/* +* KDF2 +*/ +class BOTAN_DLL KDF2 : public KDF + { + public: + SecureVector<byte> derive(u32bit, const byte[], u32bit, + const byte[], u32bit) const; + + KDF2(HashFunction* h) : hash(h) {} + KDF2(const KDF2& other) : KDF(), hash(other.hash->clone()) {} + ~KDF2() { delete hash; } + private: + HashFunction* hash; + }; + +} + +#endif diff --git a/botan/src/kdf/mgf1/info.txt b/botan/src/kdf/mgf1/info.txt new file mode 100644 index 0000000..f9e952f --- /dev/null +++ b/botan/src/kdf/mgf1/info.txt @@ -0,0 +1,14 @@ +realname "MGF1" + +define MGF1 + +load_on dep + +<add> +mgf1.h +mgf1.cpp +</add> + +<requires> +hash +</requires> diff --git a/botan/src/kdf/mgf1/mgf1.cpp b/botan/src/kdf/mgf1/mgf1.cpp new file mode 100644 index 0000000..a26e33a --- /dev/null +++ b/botan/src/kdf/mgf1/mgf1.cpp @@ -0,0 +1,58 @@ +/* +* MGF1 +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/mgf1.h> +#include <botan/loadstor.h> +#include <botan/exceptn.h> +#include <botan/xor_buf.h> +#include <algorithm> +#include <memory> + +namespace Botan { + +/* +* MGF1 Mask Generation Function +*/ +void MGF1::mask(const byte in[], u32bit in_len, byte out[], + u32bit out_len) const + { + u32bit counter = 0; + + while(out_len) + { + hash->update(in, in_len); + for(u32bit j = 0; j != 4; ++j) + hash->update(get_byte(j, counter)); + SecureVector<byte> buffer = hash->final(); + + u32bit xored = std::min(buffer.size(), out_len); + xor_buf(out, buffer.begin(), xored); + out += xored; + out_len -= xored; + + ++counter; + } + } + +/* +* MGF1 Constructor +*/ +MGF1::MGF1(HashFunction* h) : hash(h) + { + if(!hash) + throw Invalid_Argument("MGF1 given null hash object"); + } + +/* +* MGF1 Destructor +*/ +MGF1::~MGF1() + { + delete hash; + } + +} diff --git a/botan/src/kdf/mgf1/mgf1.h b/botan/src/kdf/mgf1/mgf1.h new file mode 100644 index 0000000..799ba7e --- /dev/null +++ b/botan/src/kdf/mgf1/mgf1.h @@ -0,0 +1,36 @@ +/* +* MGF1 +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_MGF1_H__ +#define BOTAN_MGF1_H__ + +#include <botan/kdf.h> +#include <botan/hash.h> + +namespace Botan { + +/* +* MGF1 (Mask Generation Function) +*/ +class BOTAN_DLL MGF1 : public MGF + { + public: + void mask(const byte[], u32bit, byte[], u32bit) const; + + /** + MGF1 constructor: takes ownership of hash + */ + MGF1(HashFunction* hash); + + ~MGF1(); + private: + HashFunction* hash; + }; + +} + +#endif diff --git a/botan/src/kdf/ssl_prf/info.txt b/botan/src/kdf/ssl_prf/info.txt new file mode 100644 index 0000000..f862905 --- /dev/null +++ b/botan/src/kdf/ssl_prf/info.txt @@ -0,0 +1,16 @@ +realname "SSLv3 PRF" + +define SSL_V3_PRF + +load_on auto + +<add> +prf_ssl3.h +prf_ssl3.cpp +</add> + +<requires> +md5 +sha1 +sym_algo +</requires> diff --git a/botan/src/kdf/ssl_prf/prf_ssl3.cpp b/botan/src/kdf/ssl_prf/prf_ssl3.cpp new file mode 100644 index 0000000..2b67644 --- /dev/null +++ b/botan/src/kdf/ssl_prf/prf_ssl3.cpp @@ -0,0 +1,76 @@ +/* +* SSLv3 PRF +* (C) 2004-2006 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/prf_ssl3.h> +#include <botan/symkey.h> +#include <botan/exceptn.h> +#include <botan/sha160.h> +#include <botan/md5.h> +#include <memory> + +namespace Botan { + +namespace { + +/* +* Return the next inner hash +*/ +OctetString next_hash(u32bit where, u32bit want, + HashFunction& md5, HashFunction& sha1, + const byte secret[], u32bit secret_len, + const byte seed[], u32bit seed_len) + { + if(want > md5.OUTPUT_LENGTH) + throw Internal_Error("SSL3_PRF:next_hash: want is too big"); + + const byte ASCII_A_CHAR = 0x41; + + for(u32bit j = 0; j != where + 1; j++) + sha1.update(ASCII_A_CHAR + where); + sha1.update(secret, secret_len); + sha1.update(seed, seed_len); + SecureVector<byte> sha1_hash = sha1.final(); + + md5.update(secret, secret_len); + md5.update(sha1_hash); + SecureVector<byte> md5_hash = md5.final(); + + return OctetString(md5_hash, want); + } + +} + +/* +* SSL3 PRF +*/ +SecureVector<byte> SSL3_PRF::derive(u32bit key_len, + const byte secret[], u32bit secret_len, + const byte seed[], u32bit seed_len) const + { + if(key_len > 416) + throw Internal_Error("SSL3_PRF: Requested key length is too large"); + + MD5 md5; + SHA_160 sha1; + + OctetString output; + + int counter = 0; + while(key_len) + { + const u32bit produce = std::min(key_len, md5.OUTPUT_LENGTH); + + output = output + next_hash(counter++, produce, md5, sha1, + secret, secret_len, seed, seed_len); + + key_len -= produce; + } + + return output.bits_of(); + } + +} diff --git a/botan/src/kdf/ssl_prf/prf_ssl3.h b/botan/src/kdf/ssl_prf/prf_ssl3.h new file mode 100644 index 0000000..165fc7c --- /dev/null +++ b/botan/src/kdf/ssl_prf/prf_ssl3.h @@ -0,0 +1,27 @@ +/* +* SSLv3 PRF +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_SSLV3_PRF_H__ +#define BOTAN_SSLV3_PRF_H__ + +#include <botan/kdf.h> + +namespace Botan { + +/* +* SSL3 PRF +*/ +class BOTAN_DLL SSL3_PRF : public KDF + { + public: + SecureVector<byte> derive(u32bit, const byte[], u32bit, + const byte[], u32bit) const; + }; + +} + +#endif diff --git a/botan/src/kdf/tls_prf/info.txt b/botan/src/kdf/tls_prf/info.txt new file mode 100644 index 0000000..f95ef9c --- /dev/null +++ b/botan/src/kdf/tls_prf/info.txt @@ -0,0 +1,17 @@ +realname "TLS v1.0 PRF" + +define TLS_V10_PRF + +load_on auto + +<add> +prf_tls.h +prf_tls.cpp +</add> + +<requires> +hmac +mac +md5 +sha1 +</requires> diff --git a/botan/src/kdf/tls_prf/prf_tls.cpp b/botan/src/kdf/tls_prf/prf_tls.cpp new file mode 100644 index 0000000..7c638b9 --- /dev/null +++ b/botan/src/kdf/tls_prf/prf_tls.cpp @@ -0,0 +1,85 @@ +/* +* TLS PRF +* (C) 2004-2006 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/prf_tls.h> +#include <botan/xor_buf.h> +#include <botan/hmac.h> +#include <botan/md5.h> +#include <botan/sha160.h> + +namespace Botan { + +namespace { + +/* +* TLS PRF P_hash function +*/ +SecureVector<byte> P_hash(MessageAuthenticationCode* mac, + u32bit len, + const byte secret[], u32bit secret_len, + const byte seed[], u32bit seed_len) + { + SecureVector<byte> out; + + mac->set_key(secret, secret_len); + + SecureVector<byte> A(seed, seed_len); + while(len) + { + const u32bit this_block_len = std::min(mac->OUTPUT_LENGTH, len); + + A = mac->process(A); + + mac->update(A); + mac->update(seed, seed_len); + SecureVector<byte> block = mac->final(); + + out.append(block, this_block_len); + len -= this_block_len; + } + return out; + } + +} + +/* +* TLS PRF Constructor and Destructor +*/ +TLS_PRF::TLS_PRF() + { + hmac_md5 = new HMAC(new MD5); + hmac_sha1 = new HMAC(new SHA_160); + } + +TLS_PRF::~TLS_PRF() + { + delete hmac_md5; + delete hmac_sha1; + } + +/* +* TLS PRF +*/ +SecureVector<byte> TLS_PRF::derive(u32bit key_len, + const byte secret[], u32bit secret_len, + const byte seed[], u32bit seed_len) const + { + u32bit S1_len = (secret_len + 1) / 2, + S2_len = (secret_len + 1) / 2; + const byte* S1 = secret; + const byte* S2 = secret + (secret_len - S2_len); + + SecureVector<byte> key1, key2; + key1 = P_hash(hmac_md5, key_len, S1, S1_len, seed, seed_len); + key2 = P_hash(hmac_sha1, key_len, S2, S2_len, seed, seed_len); + + xor_buf(key1.begin(), key2.begin(), key2.size()); + + return key1; + } + +} diff --git a/botan/src/kdf/tls_prf/prf_tls.h b/botan/src/kdf/tls_prf/prf_tls.h new file mode 100644 index 0000000..d212795 --- /dev/null +++ b/botan/src/kdf/tls_prf/prf_tls.h @@ -0,0 +1,34 @@ +/* +* TLS v1.0 PRF +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_TLS_PRF_H__ +#define BOTAN_TLS_PRF_H__ + +#include <botan/kdf.h> +#include <botan/mac.h> + +namespace Botan { + +/* +* TLS PRF +*/ +class BOTAN_DLL TLS_PRF : public KDF + { + public: + SecureVector<byte> derive(u32bit, const byte[], u32bit, + const byte[], u32bit) const; + + TLS_PRF(); + ~TLS_PRF(); + private: + MessageAuthenticationCode* hmac_md5; + MessageAuthenticationCode* hmac_sha1; + }; + +} + +#endif diff --git a/botan/src/kdf/x942_prf/info.txt b/botan/src/kdf/x942_prf/info.txt new file mode 100644 index 0000000..295c2cd --- /dev/null +++ b/botan/src/kdf/x942_prf/info.txt @@ -0,0 +1,16 @@ +realname "X942 PRF" + +define X942_PRF + +load_on auto + +<add> +prf_x942.cpp +prf_x942.h +</add> + +<requires> +asn1 +oid_lookup +sha1 +</requires> diff --git a/botan/src/kdf/x942_prf/prf_x942.cpp b/botan/src/kdf/x942_prf/prf_x942.cpp new file mode 100644 index 0000000..d9ee09d --- /dev/null +++ b/botan/src/kdf/x942_prf/prf_x942.cpp @@ -0,0 +1,91 @@ +/* +* X9.42 PRF +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/prf_x942.h> +#include <botan/der_enc.h> +#include <botan/oids.h> +#include <botan/sha160.h> +#include <botan/loadstor.h> +#include <algorithm> +#include <memory> + +namespace Botan { + +namespace { + +/* +* Encode an integer as an OCTET STRING +*/ +MemoryVector<byte> encode_x942_int(u32bit n) + { + byte n_buf[4] = { 0 }; + store_be(n, n_buf); + return DER_Encoder().encode(n_buf, 4, OCTET_STRING).get_contents(); + } + +} + +/* +* X9.42 PRF +*/ +SecureVector<byte> X942_PRF::derive(u32bit key_len, + const byte secret[], u32bit secret_len, + const byte salt[], u32bit salt_len) const + { + SHA_160 hash; + const OID kek_algo(key_wrap_oid); + + SecureVector<byte> key; + u32bit counter = 1; + + while(key.size() != key_len && counter) + { + hash.update(secret, secret_len); + + hash.update( + DER_Encoder().start_cons(SEQUENCE) + + .start_cons(SEQUENCE) + .encode(kek_algo) + .raw_bytes(encode_x942_int(counter)) + .end_cons() + + .encode_if(salt_len != 0, + DER_Encoder() + .start_explicit(0) + .encode(salt, salt_len, OCTET_STRING) + .end_explicit() + ) + + .start_explicit(2) + .raw_bytes(encode_x942_int(8 * key_len)) + .end_explicit() + + .end_cons().get_contents() + ); + + SecureVector<byte> digest = hash.final(); + key.append(digest, std::min(digest.size(), key_len - key.size())); + + ++counter; + } + + return key; + } + +/* +* X9.42 Constructor +*/ +X942_PRF::X942_PRF(const std::string& oid) + { + if(OIDS::have_oid(oid)) + key_wrap_oid = OIDS::lookup(oid).as_string(); + else + key_wrap_oid = oid; + } + +} diff --git a/botan/src/kdf/x942_prf/prf_x942.h b/botan/src/kdf/x942_prf/prf_x942.h new file mode 100644 index 0000000..f957566 --- /dev/null +++ b/botan/src/kdf/x942_prf/prf_x942.h @@ -0,0 +1,31 @@ +/* +* X9.42 PRF +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_ANSI_X942_PRF_H__ +#define BOTAN_ANSI_X942_PRF_H__ + +#include <botan/kdf.h> + +namespace Botan { + +/* +* X9.42 PRF +*/ +class BOTAN_DLL X942_PRF : public KDF + { + public: + SecureVector<byte> derive(u32bit, const byte[], u32bit, + const byte[], u32bit) const; + + X942_PRF(const std::string&); + private: + std::string key_wrap_oid; + }; + +} + +#endif |