Botan 3.9.0
Crypto and TLS for C&
Public Member Functions | Static Public Member Functions | Protected Member Functions | List of all members
Botan::BlockCipherModePaddingMethod Class Referenceabstract

#include <mode_pad.h>

Inheritance diagram for Botan::BlockCipherModePaddingMethod:
Botan::ANSI_X923_Padding Botan::ESP_Padding Botan::Null_Padding Botan::OneAndZeros_Padding Botan::PKCS7_Padding

Public Member Functions

virtual void add_padding (std::span< uint8_t > buffer, size_t final_block_bytes, size_t block_size) const
virtual std::string name () const =0
virtual size_t output_length (size_t input_length, size_t block_size) const
size_t unpad (std::span< const uint8_t > last_block) const
virtual bool valid_blocksize (size_t block_size) const =0
virtual ~BlockCipherModePaddingMethod ()=default

Static Public Member Functions

static std::unique_ptr< BlockCipherModePaddingMethodcreate (std::string_view algo_spec)

Protected Member Functions

virtual void apply_padding (std::span< uint8_t > last_block, size_t padding_start_pos) const =0
virtual size_t remove_padding (std::span< const uint8_t > last_block) const =0

Detailed Description

Block Cipher Mode Padding Method This class is pretty limited, it cannot deal well with randomized padding methods, or any padding method that wants to add more than one block. For instance, it should be possible to define cipher text stealing mode as simply a padding mode for CBC, which happens to consume the last two block (and requires use of the block cipher).

Definition at line 30 of file mode_pad.h.

Constructor & Destructor Documentation

◆ ~BlockCipherModePaddingMethod()

virtual Botan::BlockCipherModePaddingMethod::~BlockCipherModePaddingMethod ( )
virtualdefault

virtual destructor

Member Function Documentation

◆ add_padding()

void Botan::BlockCipherModePaddingMethod::add_padding ( std::span< uint8_t > buffer,
size_t final_block_bytes,
size_t block_size ) const
virtual

Add padding bytes to buffer.

Parameters
bufferdata to pad, span must be large enough to hold the padding behind the final (partial) block
final_block_bytessize of the final block in bytes
block_sizesize of each block in bytes

Reimplemented in Botan::Null_Padding.

Definition at line 44 of file mode_pad.cpp.

44 {
45 BOTAN_ASSERT_NOMSG(valid_blocksize(BS));
46 BOTAN_ASSERT_NOMSG(last_byte_pos < BS);
47 BOTAN_ASSERT_NOMSG(buffer.size() % BS == 0);
48 BOTAN_ASSERT_NOMSG(buffer.size() >= BS);
49
50 auto poison = CT::scoped_poison(last_byte_pos, buffer);
51 apply_padding(buffer.last(BS), last_byte_pos);
52}
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:75
Botan::BlockCipherModePaddingMethod::valid_blocksize
virtual bool valid_blocksize(size_t block_size) const =0
Botan::BlockCipherModePaddingMethod::apply_padding
virtual void apply_padding(std::span< uint8_t > last_block, size_t padding_start_pos) const =0
Botan::CT::scoped_poison
constexpr auto scoped_poison(const Ts &... xs)
Definition ct_utils.h:220
Botan::CT::poison
constexpr void poison(const T *p, size_t n)
Definition ct_utils.h:54

References apply_padding(), BOTAN_ASSERT_NOMSG, Botan::CT::scoped_poison(), and valid_blocksize().

◆ apply_padding()

virtual void Botan::BlockCipherModePaddingMethod::apply_padding ( std::span< uint8_t > last_block,
size_t padding_start_pos ) const
protectedpure virtual

Applies the concrete padding to the last_block assuming the padding bytes should start at padding_start_pos within the last block.

Concrete implementations of this function must ensure not to leak padding_start_pos via side channels. Both the bytes of last_block and padding_start_pos are passed in with CT::poison applied.

Implemented in Botan::ANSI_X923_Padding, Botan::ESP_Padding, Botan::OneAndZeros_Padding, and Botan::PKCS7_Padding.

Referenced by add_padding().

◆ create()

std::unique_ptr< BlockCipherModePaddingMethod > Botan::BlockCipherModePaddingMethod::create ( std::string_view algo_spec)
static

Get a block cipher padding mode by name (eg "NoPadding" or "PKCS7")

Parameters
algo_specblock cipher padding mode name

Get a block cipher padding method by name

Definition at line 20 of file mode_pad.cpp.

20 {
21 if(algo_spec == "NoPadding") {
22 return std::make_unique<Null_Padding>();
23 }
24
25 if(algo_spec == "PKCS7") {
26 return std::make_unique<PKCS7_Padding>();
27 }
28
29 if(algo_spec == "OneAndZeros") {
30 return std::make_unique<OneAndZeros_Padding>();
31 }
32
33 if(algo_spec == "X9.23") {
34 return std::make_unique<ANSI_X923_Padding>();
35 }
36
37 if(algo_spec == "ESP") {
38 return std::make_unique<ESP_Padding>();
39 }
40
41 return nullptr;
42}

Referenced by Botan::Cipher_Mode::create().

◆ name()

virtual std::string Botan::BlockCipherModePaddingMethod::name ( ) const
pure virtual
Returns
name of the mode

Implemented in Botan::ANSI_X923_Padding, Botan::ESP_Padding, Botan::Null_Padding, Botan::OneAndZeros_Padding, and Botan::PKCS7_Padding.

◆ output_length()

virtual size_t Botan::BlockCipherModePaddingMethod::output_length ( size_t input_length,
size_t block_size ) const
inlinevirtual
Parameters
input_lengthnumber of bytes to be padded
block_sizesize of each block in bytes
Returns
the total number of output bytes (including the padding)

Reimplemented in Botan::Null_Padding.

Definition at line 66 of file mode_pad.h.

66 {
67 return ((input_length + block_size) / block_size) * block_size;
68 }

Referenced by Botan::CBC_Encryption::output_length().

◆ remove_padding()

virtual size_t Botan::BlockCipherModePaddingMethod::remove_padding ( std::span< const uint8_t > last_block) const
protectedpure virtual

Removes the padding from last_block and returns the number of data bytes. If the padding is invalid, this returns the byte length of last_block.

Concrete implementations of this function must ensure not to leak the size or validity of the padding via side channels. The bytes of last_block are passed in with CT::poison applied to them.

Implemented in Botan::ANSI_X923_Padding, Botan::ESP_Padding, Botan::Null_Padding, Botan::OneAndZeros_Padding, and Botan::PKCS7_Padding.

Referenced by unpad().

◆ unpad()

size_t Botan::BlockCipherModePaddingMethod::unpad ( std::span< const uint8_t > last_block) const

Remove padding bytes from block

Parameters
last_blockthe last block containing the padding
Returns
number of data bytes, or if the padding is invalid returns the byte length of last_block (i.e. the block size)

Definition at line 54 of file mode_pad.cpp.

54 {
55 if(!valid_blocksize(last_block.size())) {
56 return last_block.size();
57 }
58
59 auto poison = CT::scoped_poison(last_block);
60 return CT::driveby_unpoison(remove_padding(last_block));
61}
Botan::BlockCipherModePaddingMethod::remove_padding
virtual size_t remove_padding(std::span< const uint8_t > last_block) const =0
Botan::CT::driveby_unpoison
decltype(auto) driveby_unpoison(T &&v)
Definition ct_utils.h:241

References Botan::CT::driveby_unpoison(), remove_padding(), Botan::CT::scoped_poison(), and valid_blocksize().

◆ valid_blocksize()

virtual bool Botan::BlockCipherModePaddingMethod::valid_blocksize ( size_t block_size) const
pure virtual
Parameters
block_sizeof the cipher
Returns
valid block size for this padding mode

Implemented in Botan::ANSI_X923_Padding, Botan::ESP_Padding, Botan::Null_Padding, Botan::OneAndZeros_Padding, and Botan::PKCS7_Padding.

Referenced by add_padding(), and unpad().

The documentation for this class was generated from the following files:
Generated by doxygen 1.14.0