Botan 3.5.0
Crypto and TLS for C&
ccm.h
Go to the documentation of this file.
1/*
2* CCM Mode
3* (C) 2013 Jack Lloyd
4* (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#ifndef BOTAN_AEAD_CCM_H_
10#define BOTAN_AEAD_CCM_H_
11
12#include <botan/aead.h>
13#include <botan/block_cipher.h>
14
15namespace Botan {
16
17/**
18* Base class for CCM encryption and decryption
19* @see RFC 3610
20*/
21class CCM_Mode : public AEAD_Mode {
22 public:
23 void set_associated_data_n(size_t idx, std::span<const uint8_t> ad) final;
24
25 bool associated_data_requires_key() const final { return false; }
26
27 std::string name() const final;
28
29 size_t update_granularity() const final;
30
31 size_t ideal_granularity() const final;
32
33 bool requires_entire_message() const final;
34
36
37 bool valid_nonce_length(size_t) const final;
38
39 size_t default_nonce_length() const final;
40
41 void clear() final;
42
43 void reset() final;
44
45 size_t tag_size() const final { return m_tag_size; }
46
47 bool has_keying_material() const final;
48
49 protected:
50 CCM_Mode(std::unique_ptr<BlockCipher> cipher, size_t tag_size, size_t L);
51
52 size_t L() const { return m_L; }
53
54 const BlockCipher& cipher() const { return *m_cipher; }
55
56 void encode_length(uint64_t len, uint8_t out[]);
57
58 static void inc(secure_vector<uint8_t>& C);
59
60 const secure_vector<uint8_t>& ad_buf() const { return m_ad_buf; }
61
62 secure_vector<uint8_t>& msg_buf() { return m_msg_buf; }
63
64 secure_vector<uint8_t> format_b0(size_t msg_size);
66
67 private:
68 void start_msg(const uint8_t nonce[], size_t nonce_len) final;
69 size_t process_msg(uint8_t buf[], size_t sz) final;
70
71 void key_schedule(std::span<const uint8_t> key) final;
72
73 const size_t m_tag_size;
74 const size_t m_L;
75
76 std::unique_ptr<BlockCipher> m_cipher;
77 secure_vector<uint8_t> m_nonce, m_msg_buf, m_ad_buf;
78};
79
80/**
81* CCM Encryption
82*/
84 public:
85 /**
86 * @param cipher a 128-bit block cipher
87 * @param tag_size is how big the auth tag will be (even values
88 * between 4 and 16 are accepted)
89 * @param L length of L parameter. The total message length
90 * must be less than 2**L bytes, and the nonce is 15-L bytes.
91 */
92 CCM_Encryption(std::unique_ptr<BlockCipher> cipher, size_t tag_size = 16, size_t L = 3) :
93 CCM_Mode(std::move(cipher), tag_size, L) {}
94
95 size_t output_length(size_t input_length) const override { return input_length + tag_size(); }
96
97 size_t minimum_final_size() const override { return 0; }
98
99 private:
100 void finish_msg(secure_vector<uint8_t>& final_block, size_t offset = 0) override;
101};
102
103/**
104* CCM Decryption
105*/
107 public:
108 /**
109 * @param cipher a 128-bit block cipher
110 * @param tag_size is how big the auth tag will be (even values
111 * between 4 and 16 are accepted)
112 * @param L length of L parameter. The total message length
113 * must be less than 2**L bytes, and the nonce is 15-L bytes.
114 */
115 CCM_Decryption(std::unique_ptr<BlockCipher> cipher, size_t tag_size = 16, size_t L = 3) :
116 CCM_Mode(std::move(cipher), tag_size, L) {}
117
118 size_t output_length(size_t input_length) const override {
119 BOTAN_ARG_CHECK(input_length >= tag_size(), "Sufficient input");
120 return input_length - tag_size();
121 }
122
123 size_t minimum_final_size() const override { return tag_size(); }
124
125 private:
126 void finish_msg(secure_vector<uint8_t>& final_block, size_t offset = 0) override;
127};
128
129} // namespace Botan
130
131#endif
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:29
size_t output_length(size_t input_length) const override
Definition ccm.h:118
CCM_Decryption(std::unique_ptr< BlockCipher > cipher, size_t tag_size=16, size_t L=3)
Definition ccm.h:115
size_t minimum_final_size() const override
Definition ccm.h:123
size_t minimum_final_size() const override
Definition ccm.h:97
size_t output_length(size_t input_length) const override
Definition ccm.h:95
CCM_Encryption(std::unique_ptr< BlockCipher > cipher, size_t tag_size=16, size_t L=3)
Definition ccm.h:92
size_t ideal_granularity() const final
Definition ccm.cpp:65
bool requires_entire_message() const final
Definition ccm.cpp:70
void reset() final
Definition ccm.cpp:43
bool associated_data_requires_key() const final
Definition ccm.h:25
static void inc(secure_vector< uint8_t > &C)
Definition ccm.cpp:133
size_t update_granularity() const final
Definition ccm.cpp:61
void clear() final
Definition ccm.cpp:38
secure_vector< uint8_t > & msg_buf()
Definition ccm.h:62
const BlockCipher & cipher() const
Definition ccm.h:54
void encode_length(uint64_t len, uint8_t out[])
Definition ccm.cpp:119
size_t L() const
Definition ccm.h:52
size_t tag_size() const final
Definition ccm.h:45
Key_Length_Specification key_spec() const final
Definition ccm.cpp:74
bool valid_nonce_length(size_t) const final
Definition ccm.cpp:53
void set_associated_data_n(size_t idx, std::span< const uint8_t > ad) final
Definition ccm.cpp:86
secure_vector< uint8_t > format_c0()
Definition ccm.cpp:157
bool has_keying_material() const final
Definition ccm.cpp:78
std::string name() const final
Definition ccm.cpp:49
const secure_vector< uint8_t > & ad_buf() const
Definition ccm.h:60
secure_vector< uint8_t > format_b0(size_t msg_size)
Definition ccm.cpp:141
size_t default_nonce_length() const final
Definition ccm.cpp:57
int(* final)(unsigned char *, CTX *)
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61