#include <cfb.h>

Inheritance diagram for Botan::CFB_Mode:

Public Member Functions
virtual bool	authenticated () const

void	clear () override final

size_t	default_nonce_length () const override final

virtual void	finish (secure_vector< uint8_t > &final_block, size_t offset=0)=0

Key_Length_Specification	key_spec () const override final

size_t	maximum_keylength () const

size_t	minimum_final_size () const override final

size_t	minimum_keylength () const

std::string	name () const override final

size_t	output_length (size_t input_length) const override final

virtual size_t	process (uint8_t msg[], size_t msg_len)=0

virtual std::string	provider () const

void	reset () override final

template<typename Alloc >
void	set_key (const std::vector< uint8_t, Alloc > &key)

void	set_key (const SymmetricKey &key)

void	set_key (const uint8_t key[], size_t length)

void	start ()

template<typename Alloc >
void	start (const std::vector< uint8_t, Alloc > &nonce)

void	start (const uint8_t nonce[], size_t nonce_len)

virtual size_t	tag_size () const

void	update (secure_vector< uint8_t > &buffer, size_t offset=0)

size_t	update_granularity () const override final

bool	valid_keylength (size_t length) const

bool	valid_nonce_length (size_t n) const override final

Static Public Member Functions
static std::unique_ptr< Cipher_Mode >	create (const std::string &algo, Cipher_Dir direction, const std::string &provider="")

static std::unique_ptr< Cipher_Mode >	create_or_throw (const std::string &algo, Cipher_Dir direction, const std::string &provider="")

static std::vector< std::string >	providers (const std::string &algo_spec)

Protected Member Functions
size_t	block_size () const

	CFB_Mode (BlockCipher *cipher, size_t feedback_bits)

const BlockCipher &	cipher () const

size_t	feedback () const

void	shift_register ()

void	verify_key_set (bool cond) const

Protected Attributes
secure_vector< uint8_t >	m_keystream

size_t	m_keystream_pos = 0

secure_vector< uint8_t >	m_state

Detailed Description

CFB Mode

Definition at line 22 of file cfb.h.

Constructor & Destructor Documentation

◆ CFB_Mode()

Botan::CFB_Mode::CFB_Mode	(	BlockCipher *	cipher,
		size_t	feedback_bits
	)

protected

Definition at line 13 of file cfb.cpp.

                                                            :
   m_cipher(cipher),
   m_block_size(m_cipher->block_size()),
   m_feedback_bytes(feedback_bits ? feedback_bits / 8 : m_block_size)
   {
   if(feedback_bits % 8 || feedback() > cipher->block_size())
      throw Invalid_Argument(name() + ": feedback bits " +
                                  std::to_string(feedback_bits) + " not supported");
   }

Member Function Documentation

◆ authenticated()

virtual bool Botan::Cipher_Mode::authenticated ( ) const

inlinevirtualinherited

Returns: true iff this mode provides authentication as well as confidentiality.

Reimplemented in Botan::AEAD_Mode.

Definition at line 169 of file cipher_mode.h.

169{ return false; }

◆ block_size()

size_t Botan::CFB_Mode::block_size ( ) const

inlineprotected

Definition at line 49 of file cfb.h.

49{ return m_block_size; }

Referenced by default_nonce_length(), name(), shift_register(), and valid_nonce_length().

◆ cipher()

const BlockCipher & Botan::CFB_Mode::cipher ( ) const

inlineprotected

Definition at line 48 of file cfb.h.

48{ return *m_cipher; }

Referenced by key_spec(), name(), and shift_register().

◆ clear()

void Botan::CFB_Mode::clear ( )

finaloverridevirtual

Reset the state.

Implements Botan::SymmetricAlgorithm.

Definition at line 23 of file cfb.cpp.

   {
   m_cipher->clear();
   m_keystream.clear();
   reset();
   }

References m_keystream, and reset().

◆ create()

std::unique_ptr< Cipher_Mode > Botan::Cipher_Mode::create	(	const std::string &	algo,
		Cipher_Dir	direction,
		const std::string &	provider = `""`
	)

staticinherited

Create an AEAD mode

Parameters

algo	the algorithm to create
direction	specify if this should be an encryption or decryption AEAD
provider	optional specification for provider to use

Returns: an AEAD mode or a null pointer if not available

Definition at line 54 of file cipher_mode.cpp.

   {
#if defined(BOTAN_HAS_COMMONCRYPTO)
   if(provider.empty() || provider == "commoncrypto")
      {
      std::unique_ptr<Cipher_Mode> commoncrypto_cipher(make_commoncrypto_cipher_mode(algo, direction));
 
      if(commoncrypto_cipher)
         return commoncrypto_cipher;
 
      if(!provider.empty())
         return std::unique_ptr<Cipher_Mode>();
      }
#endif
 
#if defined(BOTAN_HAS_OPENSSL)
   if(provider.empty() || provider == "openssl")
      {
      std::unique_ptr<Cipher_Mode> openssl_cipher(make_openssl_cipher_mode(algo, direction));
 
      if(openssl_cipher)
         return openssl_cipher;
 
      if(!provider.empty())
         return std::unique_ptr<Cipher_Mode>();
      }
#endif
 
#if defined(BOTAN_HAS_STREAM_CIPHER)
   if(auto sc = StreamCipher::create(algo))
      {
      return std::unique_ptr<Cipher_Mode>(new Stream_Cipher_Mode(sc.release()));
      }
#endif
 
#if defined(BOTAN_HAS_AEAD_MODES)
   if(auto aead = AEAD_Mode::create(algo, direction))
      {
      return std::unique_ptr<Cipher_Mode>(aead.release());
      }
#endif
 
   if(algo.find('/') != std::string::npos)
      {
      const std::vector<std::string> algo_parts = split_on(algo, '/');
      const std::string cipher_name = algo_parts[0];
      const std::vector<std::string> mode_info = parse_algorithm_name(algo_parts[1]);
 
      if(mode_info.empty())
         return std::unique_ptr<Cipher_Mode>();
 
      std::ostringstream alg_args;
 
      alg_args << '(' << cipher_name;
      for(size_t i = 1; i < mode_info.size(); ++i)
         alg_args << ',' << mode_info[i];
      for(size_t i = 2; i < algo_parts.size(); ++i)
         alg_args << ',' << algo_parts[i];
      alg_args << ')';
 
      const std::string mode_name = mode_info[0] + alg_args.str();
      return Cipher_Mode::create(mode_name, direction, provider);
      }
 
#if defined(BOTAN_HAS_BLOCK_CIPHER)
 
   SCAN_Name spec(algo);
 
   if(spec.arg_count() == 0)
      {
      return std::unique_ptr<Cipher_Mode>();
      }
 
   std::unique_ptr<BlockCipher> bc(BlockCipher::create(spec.arg(0), provider));
 
   if(!bc)
      {
      return std::unique_ptr<Cipher_Mode>();
      }
 
#if defined(BOTAN_HAS_MODE_CBC)
   if(spec.algo_name() == "CBC")
      {
      const std::string padding = spec.arg(1, "PKCS7");
 
      if(padding == "CTS")
         {
         if(direction == ENCRYPTION)
            return std::unique_ptr<Cipher_Mode>(new CTS_Encryption(bc.release()));
         else
            return std::unique_ptr<Cipher_Mode>(new CTS_Decryption(bc.release()));
         }
      else
         {
         std::unique_ptr<BlockCipherModePaddingMethod> pad(get_bc_pad(padding));
 
         if(pad)
            {
            if(direction == ENCRYPTION)
               return std::unique_ptr<Cipher_Mode>(new CBC_Encryption(bc.release(), pad.release()));
            else
               return std::unique_ptr<Cipher_Mode>(new CBC_Decryption(bc.release(), pad.release()));
            }
         }
      }
#endif
 
#if defined(BOTAN_HAS_MODE_XTS)
   if(spec.algo_name() == "XTS")
      {
      if(direction == ENCRYPTION)
         return std::unique_ptr<Cipher_Mode>(new XTS_Encryption(bc.release()));
      else
         return std::unique_ptr<Cipher_Mode>(new XTS_Decryption(bc.release()));
      }
#endif
 
#if defined(BOTAN_HAS_MODE_CFB)
   if(spec.algo_name() == "CFB")
      {
      const size_t feedback_bits = spec.arg_as_integer(1, 8*bc->block_size());
      if(direction == ENCRYPTION)
         return std::unique_ptr<Cipher_Mode>(new CFB_Encryption(bc.release(), feedback_bits));
      else
         return std::unique_ptr<Cipher_Mode>(new CFB_Decryption(bc.release(), feedback_bits));
      }
#endif
 
#endif
 
   return std::unique_ptr<Cipher_Mode>();
   }

References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_as_integer(), Botan::SCAN_Name::arg_count(), Botan::AEAD_Mode::create(), Botan::Cipher_Mode::create(), Botan::BlockCipher::create(), Botan::StreamCipher::create(), Botan::ENCRYPTION, Botan::get_bc_pad(), Botan::make_commoncrypto_cipher_mode(), Botan::make_openssl_cipher_mode(), Botan::parse_algorithm_name(), Botan::Cipher_Mode::provider(), and Botan::split_on().

Referenced by botan_cipher_init(), Botan::Cipher_Mode::create(), Botan::Cipher_Mode::create_or_throw(), Botan::get_cipher_mode(), Botan::pbes2_decrypt(), and Botan::Cipher_Mode::providers().

◆ create_or_throw()

std::unique_ptr< Cipher_Mode > Botan::Cipher_Mode::create_or_throw	(	const std::string &	algo,
		Cipher_Dir	direction,
		const std::string &	provider = `""`
	)

staticinherited

Create an AEAD mode, or throw

Parameters

algo	the algorithm to create
direction	specify if this should be an encryption or decryption AEAD
provider	optional specification for provider to use

Returns: an AEAD mode, or throw an exception

Definition at line 44 of file cipher_mode.cpp.

   {
   if(auto mode = Cipher_Mode::create(algo, direction, provider))
      return mode;
 
   throw Lookup_Error("Cipher mode", algo, provider);
   }

References Botan::Cipher_Mode::create(), and Botan::Cipher_Mode::provider().

Referenced by Botan::ECIES_System_Params::create_cipher(), Botan::CryptoBox::decrypt_bin(), Botan::CryptoBox::encrypt(), and Botan::get_cipher().

◆ default_nonce_length()

size_t Botan::CFB_Mode::default_nonce_length ( ) const

finaloverridevirtual

Returns: the default size for a nonce

Implements Botan::Cipher_Mode.

Definition at line 64 of file cfb.cpp.

   {
   return block_size();
   }

References block_size().

◆ feedback()

size_t Botan::CFB_Mode::feedback ( ) const

inlineprotected

Definition at line 47 of file cfb.h.

47{ return m_feedback_bytes; }

Referenced by name(), Botan::CFB_Encryption::process(), Botan::CFB_Decryption::process(), shift_register(), and update_granularity().

◆ finish()

virtual void Botan::Cipher_Mode::finish	(	secure_vector< uint8_t > &	final_block,
		size_t	offset = `0`
	)

pure virtualinherited

Complete processing of a message.

Parameters

final_block	in/out parameter which must be at least minimum_final_size() bytes, and will be set to any final output
offset	an offset into final_block to begin processing

Referenced by botan_cipher_update(), and Botan::TLS::write_record().

◆ key_spec()

Key_Length_Specification Botan::CFB_Mode::key_spec ( ) const

finaloverridevirtual

Returns: object describing limits on key size

Implements Botan::SymmetricAlgorithm.

Definition at line 59 of file cfb.cpp.

   {
   return cipher().key_spec();
   }

References cipher(), and Botan::SymmetricAlgorithm::key_spec().

◆ maximum_keylength()

size_t Botan::SymmetricAlgorithm::maximum_keylength ( ) const

inlineinherited

Returns: maximum allowed key length

Definition at line 120 of file sym_algo.h.

         {
         return key_spec().maximum_keylength();
         }

◆ minimum_final_size()

size_t Botan::CFB_Mode::minimum_final_size ( ) const

finaloverridevirtual

Returns: required minimium size to finalize() - may be any length larger than this.

Implements Botan::Cipher_Mode.

Definition at line 54 of file cfb.cpp.

   {
   return 0;
   }

◆ minimum_keylength()

size_t Botan::SymmetricAlgorithm::minimum_keylength ( ) const

inlineinherited

Returns: minimum allowed key length

Definition at line 128 of file sym_algo.h.

         {
         return key_spec().minimum_keylength();
         }

Referenced by botan_block_cipher_get_keyspec(), and botan_mac_get_keyspec().

◆ name()

std::string Botan::CFB_Mode::name ( ) const

finaloverridevirtual

Returns: the algorithm name

Implements Botan::SymmetricAlgorithm.

Definition at line 36 of file cfb.cpp.

   {
   if(feedback() == cipher().block_size())
      return cipher().name() + "/CFB";
   else
      return cipher().name() + "/CFB(" + std::to_string(feedback()*8) + ")";
   }

References block_size(), cipher(), feedback(), Botan::SymmetricAlgorithm::name(), and Botan::ASN1::to_string().

◆ output_length()

size_t Botan::CFB_Mode::output_length ( size_t input_length ) const

finaloverridevirtual

Returns the size of the output if this transform is used to process a message with input_length bytes. In most cases the answer is precise. If it is not possible to precise (namely for CBC decryption) instead a lower bound is returned.

Implements Botan::Cipher_Mode.

Definition at line 44 of file cfb.cpp.

   {
   return input_length;
   }

◆ process()

virtual size_t Botan::Cipher_Mode::process	(	uint8_t	msg[],
		size_t	msg_len
	)

pure virtualinherited

Process message blocks

Input must be a multiple of update_granularity

Processes msg in place and returns bytes written. Normally this will be either msg_len (indicating the entire message was processed) or for certain AEAD modes zero (indicating that the mode requires the entire message be processed in one pass).

Parameters

msg	the message to be processed
msg_len	length of the message in bytes

Implemented in Botan::ChaCha20Poly1305_Encryption, Botan::ChaCha20Poly1305_Decryption, Botan::EAX_Encryption, Botan::EAX_Decryption, Botan::GCM_Encryption, Botan::GCM_Decryption, Botan::OCB_Encryption, Botan::OCB_Decryption, Botan::SIV_Mode, Botan::CBC_Encryption, Botan::CBC_Decryption, Botan::CFB_Encryption, Botan::CFB_Decryption, Botan::XTS_Encryption, Botan::XTS_Decryption, Botan::CCM_Mode, and Botan::TLS::TLS_CBC_HMAC_AEAD_Mode.

◆ provider()

virtual std::string Botan::Cipher_Mode::provider ( ) const

inlinevirtualinherited

Returns: provider information about this implementation. Default is "base", might also return "sse2", "avx2", "openssl", or some other arbitrary string.

Reimplemented in Botan::GCM_Mode.

Definition at line 180 of file cipher_mode.h.

180{ return "base"; }

Referenced by Botan::AEAD_Mode::create(), Botan::Cipher_Mode::create(), Botan::AEAD_Mode::create_or_throw(), and Botan::Cipher_Mode::create_or_throw().

◆ providers()

std::vector< std::string > Botan::Cipher_Mode::providers ( const std::string & algo_spec )

staticinherited

Returns: list of available providers for this algorithm, empty if not available

Parameters

algo_spec algorithm name

Definition at line 190 of file cipher_mode.cpp.

   {
   const std::vector<std::string>& possible = { "base", "openssl", "commoncrypto" };
   std::vector<std::string> providers;
   for(auto&& prov : possible)
      {
      std::unique_ptr<Cipher_Mode> mode = Cipher_Mode::create(algo_spec, ENCRYPTION, prov);
      if(mode)
         {
         providers.push_back(prov); // available
         }
      }
   return providers;
   }

References Botan::Cipher_Mode::create(), Botan::ENCRYPTION, and Botan::Cipher_Mode::providers().

Referenced by Botan::Cipher_Mode::providers().

◆ reset()

void Botan::CFB_Mode::reset ( )

finaloverridevirtual

Resets just the message specific state and allows encrypting again under the existing key

Implements Botan::Cipher_Mode.

Definition at line 30 of file cfb.cpp.

   {
   m_state.clear();
   zeroise(m_keystream);
   }

References m_keystream, m_state, and Botan::zeroise().

Referenced by clear().

◆ set_key() [1/3]

template<typename Alloc >

void Botan::SymmetricAlgorithm::set_key ( const std::vector< uint8_t, Alloc > & key )

inlineinherited

Definition at line 153 of file sym_algo.h.

         {
         set_key(key.data(), key.size());
         }

◆ set_key() [2/3]

void Botan::SymmetricAlgorithm::set_key ( const SymmetricKey & key )

inlineinherited

Set the symmetric key of this object.

Parameters

key	the SymmetricKey to be set.

Definition at line 147 of file sym_algo.h.

         {
         set_key(key.begin(), key.length());
         }

References Botan::OctetString::begin(), and Botan::OctetString::length().

Referenced by Botan::aont_package(), Botan::aont_unpackage(), botan_block_cipher_set_key(), botan_cipher_set_key(), botan_mac_set_key(), Botan::Sodium::crypto_stream_salsa20(), Botan::Sodium::crypto_stream_salsa20_xor_ic(), Botan::Sodium::crypto_stream_xsalsa20(), Botan::Sodium::crypto_stream_xsalsa20_xor_ic(), Botan::FPE::fe1_decrypt(), Botan::FPE::fe1_encrypt(), and Botan::Sodium::randombytes_buf_deterministic().

◆ set_key() [3/3]

void Botan::SymmetricAlgorithm::set_key	(	const uint8_t	key[],
		size_t	length
	)

inherited

Set the symmetric key of this object.

Parameters

key	the to be set as a byte array.
length	in bytes of key param

Definition at line 17 of file sym_algo.cpp.

   {
   if(!valid_keylength(length))
      throw Invalid_Key_Length(name(), length);
   key_schedule(key, length);
   }

References Botan::SymmetricAlgorithm::name(), and Botan::SymmetricAlgorithm::valid_keylength().

◆ shift_register()

void Botan::CFB_Mode::shift_register ( )

protected

Definition at line 103 of file cfb.cpp.

   {
   const size_t shift = feedback();
   const size_t carryover = block_size() - shift;
 
   if(carryover > 0)
      {
      copy_mem(m_state.data(), &m_state[shift], carryover);
      }
   copy_mem(&m_state[carryover], m_keystream.data(), shift);
   cipher().encrypt(m_state, m_keystream);
   m_keystream_pos = 0;
   }

References block_size(), cipher(), Botan::copy_mem(), Botan::BlockCipher::encrypt(), feedback(), m_keystream, m_keystream_pos, and m_state.

Referenced by Botan::CFB_Encryption::process(), and Botan::CFB_Decryption::process().

◆ start() [1/3]

void Botan::Cipher_Mode::start ( )

inlineinherited

Begin processing a message.

Definition at line 87 of file cipher_mode.h.

         {
         return start_msg(nullptr, 0);
         }

◆ start() [2/3]

template<typename Alloc >

void Botan::Cipher_Mode::start ( const std::vector< uint8_t, Alloc > & nonce )

inlineinherited

Begin processing a message.

Parameters

nonce the per message nonce

Definition at line 69 of file cipher_mode.h.

         {
         start_msg(nonce.data(), nonce.size());
         }

Referenced by botan_cipher_start(), and Botan::TLS::write_record().

◆ start() [3/3]

void Botan::Cipher_Mode::start	(	const uint8_t	nonce[],
		size_t	nonce_len
	)

inlineinherited

Begin processing a message.

Parameters

nonce	the per message nonce
nonce_len	length of nonce

Definition at line 79 of file cipher_mode.h.

         {
         start_msg(nonce, nonce_len);
         }

◆ tag_size()

virtual size_t Botan::Cipher_Mode::tag_size ( ) const

inlinevirtualinherited

Returns: the size of the authentication tag used (in bytes)

Reimplemented in Botan::CCM_Mode, Botan::ChaCha20Poly1305_Mode, Botan::EAX_Mode, Botan::GCM_Mode, Botan::OCB_Mode, Botan::SIV_Mode, and Botan::TLS::TLS_CBC_HMAC_AEAD_Mode.

Definition at line 174 of file cipher_mode.h.

174{ return 0; }

◆ update()

void Botan::Cipher_Mode::update	(	secure_vector< uint8_t > &	buffer,
		size_t	offset = `0`
	)

inlineinherited

Process some data. Input must be in size update_granularity() uint8_t blocks.

Parameters

buffer	in/out parameter which will possibly be resized
offset	an offset into blocks to begin processing

Definition at line 112 of file cipher_mode.h.

         {
         BOTAN_ASSERT(buffer.size() >= offset, "Offset ok");
         uint8_t* buf = buffer.data() + offset;
         const size_t buf_size = buffer.size() - offset;
 
         const size_t written = process(buf, buf_size);
         buffer.resize(offset + written);
         }

References BOTAN_ASSERT.

Referenced by botan_cipher_update(), Botan::ChaCha20Poly1305_Encryption::finish(), Botan::EAX_Encryption::finish(), Botan::CBC_Encryption::finish(), Botan::CTS_Encryption::finish(), Botan::CBC_Decryption::finish(), Botan::CTS_Decryption::finish(), Botan::CFB_Encryption::finish(), Botan::CFB_Decryption::finish(), Botan::XTS_Encryption::finish(), Botan::XTS_Decryption::finish(), Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::finish(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption::finish().

◆ update_granularity()

size_t Botan::CFB_Mode::update_granularity ( ) const

finaloverridevirtual

Returns: size of required blocks to update

Implements Botan::Cipher_Mode.

Definition at line 49 of file cfb.cpp.

   {
   return feedback();
   }

References feedback().

◆ valid_keylength()

bool Botan::SymmetricAlgorithm::valid_keylength ( size_t length ) const

inlineinherited

Check whether a given key length is valid for this algorithm.

Parameters

length the key length to be checked.

Returns: true if the key length is valid.

Definition at line 138 of file sym_algo.h.

         {
         return key_spec().valid_keylength(length);
         }

Referenced by Botan::aont_package(), Botan::aont_unpackage(), and Botan::SymmetricAlgorithm::set_key().

◆ valid_nonce_length()

bool Botan::CFB_Mode::valid_nonce_length ( size_t nonce_len ) const

finaloverridevirtual

Returns: true iff nonce_len is a valid length for the nonce

Implements Botan::Cipher_Mode.

Definition at line 69 of file cfb.cpp.

   {
   return (n == 0 || n == block_size());
   }

References block_size().

◆ verify_key_set()

void Botan::SymmetricAlgorithm::verify_key_set ( bool cond ) const

inlineprotectedinherited

Definition at line 171 of file sym_algo.h.

         {
         if(cond == false)
            throw_key_not_set_error();
         }

Member Data Documentation

◆ m_keystream

secure_vector<uint8_t> Botan::CFB_Mode::m_keystream

protected

Definition at line 52 of file cfb.h.

Referenced by clear(), Botan::CFB_Encryption::process(), Botan::CFB_Decryption::process(), reset(), and shift_register().

◆ m_keystream_pos

size_t Botan::CFB_Mode::m_keystream_pos = 0

protected

Definition at line 53 of file cfb.h.

Referenced by Botan::CFB_Encryption::process(), Botan::CFB_Decryption::process(), and shift_register().

◆ m_state

secure_vector<uint8_t> Botan::CFB_Mode::m_state

protected

Definition at line 51 of file cfb.h.

Referenced by Botan::CFB_Encryption::process(), Botan::CFB_Decryption::process(), reset(), and shift_register().

The documentation for this class was generated from the following files:

src/lib/modes/cfb/cfb.h
src/lib/modes/cfb/cfb.cpp

Public Member Functions

Static Public Member Functions

Protected Member Functions

Protected Attributes

Detailed Description

Constructor & Destructor Documentation

◆ CFB_Mode()

Member Function Documentation

◆ authenticated()

◆ block_size()

◆ cipher()

◆ clear()

◆ create()

◆ create_or_throw()

◆ default_nonce_length()

◆ feedback()

◆ finish()

◆ key_spec()

◆ maximum_keylength()

◆ minimum_final_size()

◆ minimum_keylength()

◆ name()

◆ output_length()

◆ process()

◆ provider()

◆ providers()

◆ reset()

◆ set_key() [1/3]

◆ set_key() [2/3]

◆ set_key() [3/3]

◆ shift_register()

◆ start() [1/3]

◆ start() [2/3]

◆ start() [3/3]

◆ tag_size()

◆ update()

◆ update_granularity()

◆ valid_keylength()

◆ valid_nonce_length()

◆ verify_key_set()

Member Data Documentation

◆ m_keystream

◆ m_keystream_pos

◆ m_state