doxygen/cbc_8cpp_source.html

 /*
 * CBC Mode
 * (C) 1999-2007,2013,2017 Jack Lloyd
 * (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity
 *
 * Botan is released under the Simplified BSD License (see license.txt)
 */

 #include <botan/cbc.h>
 #include <botan/mode_pad.h>
 #include <botan/internal/rounding.h>

 namespace Botan {

 CBC_Mode::CBC_Mode(BlockCipher* cipher, BlockCipherModePaddingMethod* padding) :
    m_cipher(cipher),
    m_padding(padding),
    m_state(m_cipher->block_size())
    {
    if(m_padding && !m_padding->valid_blocksize(cipher->block_size()))
       throw Invalid_Argument("Padding " + m_padding->name() +
                              " cannot be used with " +
                              cipher->name() + "/CBC");
    }

 void CBC_Mode::clear()
    {
    m_cipher->clear();
    reset();
    }

 void CBC_Mode::reset()
    {
    zeroise(m_state);
    }

 std::string CBC_Mode::name() const
    {
    if(m_padding)
       return cipher().name() + "/CBC/" + padding().name();
    else
       return cipher().name() + "/CBC/CTS";
    }

 size_t CBC_Mode::update_granularity() const
    {
    return cipher().parallel_bytes();
    }

 Key_Length_Specification CBC_Mode::key_spec() const
    {
    return cipher().key_spec();
    }

 size_t CBC_Mode::default_nonce_length() const
    {
    return block_size();
    }

 bool CBC_Mode::valid_nonce_length(size_t n) const
    {
    return (n == 0 || n == block_size());
    }

 void CBC_Mode::key_schedule(const uint8_t key[], size_t length)
    {
    m_cipher->set_key(key, length);
    }

 void CBC_Mode::start_msg(const uint8_t nonce[], size_t nonce_len)
    {
    if(!valid_nonce_length(nonce_len))
       throw Invalid_IV_Length(name(), nonce_len);

    /*
    * A nonce of zero length means carry the last ciphertext value over
    * as the new IV, as unfortunately some protocols require this. If
    * this is the first message then we use an IV of all zeros.
    */
    if(nonce_len)
       m_state.assign(nonce, nonce + nonce_len);
    }

 size_t CBC_Encryption::minimum_final_size() const
    {
    return 0;
    }

 size_t CBC_Encryption::output_length(size_t input_length) const
    {
    if(input_length == 0)
       return block_size();
    else
       return round_up(input_length, block_size());
    }

 size_t CBC_Encryption::process(uint8_t buf[], size_t sz)
    {
    const size_t BS = block_size();

    BOTAN_ASSERT(sz % BS == 0, "CBC input is full blocks");
    const size_t blocks = sz / BS;

    if(blocks > 0)
       {
       xor_buf(&buf[0], state_ptr(), BS);
       cipher().encrypt(&buf[0]);

       for(size_t i = 1; i != blocks; ++i)
          {
          xor_buf(&buf[BS*i], &buf[BS*(i-1)], BS);
          cipher().encrypt(&buf[BS*i]);
          }

       state().assign(&buf[BS*(blocks-1)], &buf[BS*blocks]);
       }

    return sz;
    }

 void CBC_Encryption::finish(secure_vector<uint8_t>& buffer, size_t offset)
    {
    BOTAN_ASSERT(buffer.size() >= offset, "Offset is sane");

    const size_t BS = block_size();

    const size_t bytes_in_final_block = (buffer.size()-offset) % BS;

    padding().add_padding(buffer, bytes_in_final_block, BS);

    if((buffer.size()-offset) % BS)
       throw Exception("Did not pad to full block size in " + name());

    update(buffer, offset);
    }

 bool CTS_Encryption::valid_nonce_length(size_t n) const
    {
    return (n == block_size());
    }

 size_t CTS_Encryption::minimum_final_size() const
    {
    return block_size() + 1;
    }

 size_t CTS_Encryption::output_length(size_t input_length) const
    {
    return input_length; // no ciphertext expansion in CTS
    }

 void CTS_Encryption::finish(secure_vector<uint8_t>& buffer, size_t offset)
    {
    BOTAN_ASSERT(buffer.size() >= offset, "Offset is sane");
    uint8_t* buf = buffer.data() + offset;
    const size_t sz = buffer.size() - offset;

    const size_t BS = block_size();

    if(sz < BS + 1)
       throw Encoding_Error(name() + ": insufficient data to encrypt");

    if(sz % BS == 0)
       {
       update(buffer, offset);

       // swap last two blocks
       for(size_t i = 0; i != BS; ++i)
          std::swap(buffer[buffer.size()-BS+i], buffer[buffer.size()-2*BS+i]);
       }
    else
       {
       const size_t full_blocks = ((sz / BS) - 1) * BS;
       const size_t final_bytes = sz - full_blocks;
       BOTAN_ASSERT(final_bytes > BS && final_bytes < 2*BS, "Left over size in expected range");

       secure_vector<uint8_t> last(buf + full_blocks, buf + full_blocks + final_bytes);
       buffer.resize(full_blocks + offset);
       update(buffer, offset);

       xor_buf(last.data(), state_ptr(), BS);
       cipher().encrypt(last.data());

       for(size_t i = 0; i != final_bytes - BS; ++i)
          {
          last[i] ^= last[i + BS];
          last[i + BS] ^= last[i];
          }

       cipher().encrypt(last.data());

       buffer += last;
       }
    }

 size_t CBC_Decryption::output_length(size_t input_length) const
    {
    return input_length; // precise for CTS, worst case otherwise
    }

 size_t CBC_Decryption::minimum_final_size() const
    {
    return block_size();
    }

 size_t CBC_Decryption::process(uint8_t buf[], size_t sz)
    {
    const size_t BS = block_size();

    BOTAN_ASSERT(sz % BS == 0, "Input is full blocks");
    size_t blocks = sz / BS;

    while(blocks)
       {
       const size_t to_proc = std::min(BS * blocks, m_tempbuf.size());

       cipher().decrypt_n(buf, m_tempbuf.data(), to_proc / BS);

       xor_buf(m_tempbuf.data(), state_ptr(), BS);
       xor_buf(&m_tempbuf[BS], buf, to_proc - BS);
       copy_mem(state_ptr(), buf + (to_proc - BS), BS);

       copy_mem(buf, m_tempbuf.data(), to_proc);

       buf += to_proc;
       blocks -= to_proc / BS;
       }

    return sz;
    }

 void CBC_Decryption::finish(secure_vector<uint8_t>& buffer, size_t offset)
    {
    BOTAN_ASSERT(buffer.size() >= offset, "Offset is sane");
    const size_t sz = buffer.size() - offset;

    const size_t BS = block_size();

    if(sz == 0 || sz % BS)
       throw Decoding_Error(name() + ": Ciphertext not a multiple of block size");

    update(buffer, offset);

    const size_t pad_bytes = BS - padding().unpad(&buffer[buffer.size()-BS], BS);
    buffer.resize(buffer.size() - pad_bytes); // remove padding
    if(pad_bytes == 0 && padding().name() != "NoPadding")
       {
       throw Decoding_Error(name());
       }
    }

 void CBC_Decryption::reset()
    {
    zeroise(state());
    zeroise(m_tempbuf);
    }

 bool CTS_Decryption::valid_nonce_length(size_t n) const
    {
    return (n == block_size());
    }

 size_t CTS_Decryption::minimum_final_size() const
    {
    return block_size() + 1;
    }

 void CTS_Decryption::finish(secure_vector<uint8_t>& buffer, size_t offset)
    {
    BOTAN_ASSERT(buffer.size() >= offset, "Offset is sane");
    const size_t sz = buffer.size() - offset;
    uint8_t* buf = buffer.data() + offset;

    const size_t BS = block_size();

    if(sz < BS + 1)
       throw Encoding_Error(name() + ": insufficient data to decrypt");

    if(sz % BS == 0)
       {
       // swap last two blocks

       for(size_t i = 0; i != BS; ++i)
          std::swap(buffer[buffer.size()-BS+i], buffer[buffer.size()-2*BS+i]);

       update(buffer, offset);
       }
    else
       {
       const size_t full_blocks = ((sz / BS) - 1) * BS;
       const size_t final_bytes = sz - full_blocks;
       BOTAN_ASSERT(final_bytes > BS && final_bytes < 2*BS, "Left over size in expected range");

       secure_vector<uint8_t> last(buf + full_blocks, buf + full_blocks + final_bytes);
       buffer.resize(full_blocks + offset);
       update(buffer, offset);

       cipher().decrypt(last.data());

       xor_buf(last.data(), &last[BS], final_bytes - BS);

       for(size_t i = 0; i != final_bytes - BS; ++i)
          std::swap(last[i], last[i + BS]);

       cipher().decrypt(last.data());
       xor_buf(last.data(), state_ptr(), BS);

       buffer += last;
       }
    }

 }
Botan::CTS_Encryption::finish
void finish(secure_vector< uint8_t > &final_block, size_t offset=0) override
Definition: cbc.cpp:152

Botan::CBC_Mode::state
secure_vector< uint8_t > & state()
Definition: cbc.h:49

Botan::Invalid_Argument
Definition: exceptn.h:33

Botan::CBC_Mode::key_spec
Key_Length_Specification key_spec() const override
Definition: cbc.cpp:50

Botan::BlockCipher::parallel_bytes
size_t parallel_bytes() const
Definition: block_cipher.h:63

Botan::CBC_Mode::clear
void clear() override
Definition: cbc.cpp:26

Botan::CBC_Decryption::finish
void finish(secure_vector< uint8_t > &final_block, size_t offset=0) override
Definition: cbc.cpp:232

Botan::CBC_Mode::name
std::string name() const override
Definition: cbc.cpp:37

Botan::Exception
Definition: exceptn.h:20

Botan::CBC_Mode::padding
const BlockCipherModePaddingMethod & padding() const
Definition: cbc.h:43

Botan::CBC_Mode::valid_nonce_length
bool valid_nonce_length(size_t n) const override
Definition: cbc.cpp:60

Botan::BlockCipher::decrypt_n
virtual void decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const =0

Botan::CBC_Mode::update_granularity
size_t update_granularity() const override
Definition: cbc.cpp:45

Botan::CBC_Mode::CBC_Mode
CBC_Mode(BlockCipher *cipher, BlockCipherModePaddingMethod *padding)
Definition: cbc.cpp:15

Botan::Cipher_Mode::update
void update(secure_vector< uint8_t > &buffer, size_t offset=0)
Definition: cipher_mode.h:115

Botan::Key_Length_Specification
Definition: key_spec.h:18

Botan::BlockCipher::decrypt
void decrypt(const uint8_t in[], uint8_t out[]) const
Definition: block_cipher.h:91

Botan::CBC_Mode::default_nonce_length
size_t default_nonce_length() const override
Definition: cbc.cpp:55

BOTAN_ASSERT
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:43

Botan::Decoding_Error
Definition: exceptn.h:175

Botan::CBC_Decryption::minimum_final_size
size_t minimum_final_size() const override
Definition: cbc.cpp:201

Botan::CTS_Encryption::valid_nonce_length
bool valid_nonce_length(size_t n) const override
Definition: cbc.cpp:137

Botan::CBC_Decryption::reset
void reset() override
Definition: cbc.cpp:252

Botan::xor_buf
void xor_buf(uint8_t out[], const uint8_t in[], size_t length)
Definition: mem_ops.h:174

Botan::SymmetricAlgorithm::name
virtual std::string name() const =0

Botan::CBC_Mode::reset
void reset() override
Definition: cbc.cpp:32

Botan::CBC_Decryption::output_length
size_t output_length(size_t input_length) const override
Definition: cbc.cpp:196

Botan::CBC_Mode::state_ptr
uint8_t * state_ptr()
Definition: cbc.h:53

Botan::CBC_Encryption::process
size_t process(uint8_t buf[], size_t size) override
Definition: cbc.cpp:97

Botan::copy_mem
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:108

Botan
Definition: alg_id.cpp:13

Botan::CBC_Mode::block_size
size_t block_size() const
Definition: cbc.h:51

Botan::BlockCipherModePaddingMethod
Definition: mode_pad.h:26

Botan::BlockCipher::encrypt
void encrypt(const uint8_t in[], uint8_t out[]) const
Definition: block_cipher.h:81

Botan::SymmetricAlgorithm::key_spec
virtual Key_Length_Specification key_spec() const =0

Botan::Encoding_Error
Definition: exceptn.h:166

Botan::BlockCipherModePaddingMethod::add_padding
virtual void add_padding(secure_vector< uint8_t > &buffer, size_t final_block_bytes, size_t block_size) const =0

Botan::CBC_Encryption::finish
void finish(secure_vector< uint8_t > &final_block, size_t offset=0) override
Definition: cbc.cpp:121

Botan::CBC_Encryption::minimum_final_size
size_t minimum_final_size() const override
Definition: cbc.cpp:84

Botan::BlockCipherModePaddingMethod::unpad
virtual size_t unpad(const uint8_t block[], size_t size) const =0

Botan::CTS_Decryption::finish
void finish(secure_vector< uint8_t > &final_block, size_t offset=0) override
Definition: cbc.cpp:268

Botan::CBC_Mode::cipher
const BlockCipher & cipher() const
Definition: cbc.h:41

Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:88

Botan::CTS_Encryption::minimum_final_size
size_t minimum_final_size() const override
Definition: cbc.cpp:142

Botan::CTS_Encryption::output_length
size_t output_length(size_t input_length) const override
Definition: cbc.cpp:147

Botan::round_up
size_t round_up(size_t n, size_t align_to)
Definition: rounding.h:21

Botan::BlockCipherModePaddingMethod::name
virtual std::string name() const =0

Botan::BlockCipher::block_size
virtual size_t block_size() const =0

Botan::CBC_Encryption::output_length
size_t output_length(size_t input_length) const override
Definition: cbc.cpp:89

Botan::CBC_Decryption::process
size_t process(uint8_t buf[], size_t size) override
Definition: cbc.cpp:206

Botan::CTS_Decryption::valid_nonce_length
bool valid_nonce_length(size_t n) const override
Definition: cbc.cpp:258

Botan::CTS_Decryption::minimum_final_size
size_t minimum_final_size() const override
Definition: cbc.cpp:263

Botan::BlockCipher
Definition: block_cipher.h:20

Botan::zeroise
void zeroise(std::vector< T, Alloc > &vec)
Definition: secmem.h:183