Botan::CFB_Mode Class Reference

#include <cfb.h>

Inheritance diagram for Botan::CFB_Mode:

Public Member Functions
bool	authenticated () const
void	clear () final
size_t	default_nonce_length () const final
void	finish (secure_vector< uint8_t > &final_block, size_t offset=0)
template<concepts::resizable_byte_buffer T>
void	finish (T &final_block, size_t offset=0)
bool	has_keying_material () const final
size_t	ideal_granularity () const final
Key_Length_Specification	key_spec () const final
size_t	maximum_keylength () const
size_t	minimum_final_size () const final
size_t	minimum_keylength () const
std::string	name () const final
size_t	output_length (size_t input_length) const final
size_t	process (std::span< uint8_t > msg)
size_t	process (uint8_t msg[], size_t msg_len)
virtual std::string	provider () const
virtual bool	requires_entire_message () const
void	reset () final
void	set_key (const SymmetricKey &key)
void	set_key (const uint8_t key[], size_t length)
void	set_key (std::span< const uint8_t > key)
void	start ()
void	start (const uint8_t nonce[], size_t nonce_len)
void	start (std::span< const uint8_t > nonce)
virtual size_t	tag_size () const
template<concepts::resizable_byte_buffer T>
void	update (T &buffer, size_t offset=0)
size_t	update_granularity () const final
bool	valid_keylength (size_t length) const
bool	valid_nonce_length (size_t n) const final

Static Public Member Functions
static std::unique_ptr< Cipher_Mode >	create (std::string_view algo, Cipher_Dir direction, std::string_view provider="")
static std::unique_ptr< Cipher_Mode >	create_or_throw (std::string_view algo, Cipher_Dir direction, std::string_view provider="")
static std::vector< std::string >	providers (std::string_view algo_spec)

Protected Member Functions
void	assert_key_material_set () const
void	assert_key_material_set (bool predicate) const
size_t	block_size () const
	CFB_Mode (std::unique_ptr< BlockCipher > cipher, size_t feedback_bits)
const BlockCipher &	cipher () const
size_t	feedback () const
virtual void	finish_msg (secure_vector< uint8_t > &final_block, size_t offset=0)=0
virtual size_t	process_msg (uint8_t msg[], size_t msg_len)=0
void	shift_register ()

Protected Attributes
secure_vector< uint8_t >	m_keystream
size_t	m_keystream_pos = 0
secure_vector< uint8_t >	m_state

Detailed Description

CFB Mode

Definition at line 20 of file cfb.h.

Constructor & Destructor Documentation

CFB_Mode()

Botan::CFB_Mode::CFB_Mode ( std::unique_ptr< BlockCipher > cipher, size_t feedback_bits )

protected

Definition at line 15 of file cfb.cpp.

                                                                          :
      m_cipher(std::move(cipher)),
      m_block_size(m_cipher->block_size()),
      m_feedback_bytes(feedback_bits ? feedback_bits / 8 : m_block_size) {
   if(feedback_bits % 8 || feedback() > m_block_size) {
      throw Invalid_Argument(fmt("{} does not support feedback bits of {}", name(), feedback_bits));
   }
}

References feedback(), Botan::fmt(), and name().

Member Function Documentation

assert_key_material_set() [1/2]

void Botan::SymmetricAlgorithm::assert_key_material_set ( ) const

inlineprotectedinherited

Definition at line 139 of file sym_algo.h.

{ assert_key_material_set(has_keying_material()); }

References Botan::SymmetricAlgorithm::assert_key_material_set().

Referenced by Botan::SymmetricAlgorithm::assert_key_material_set(), Botan::Salsa20::cipher_bytes(), Botan::AES_128::decrypt_n(), Botan::AES_192::decrypt_n(), Botan::AES_256::decrypt_n(), Botan::ARIA_128::decrypt_n(), Botan::ARIA_192::decrypt_n(), Botan::ARIA_256::decrypt_n(), Botan::Blowfish::decrypt_n(), Botan::Camellia_128::decrypt_n(), Botan::Camellia_192::decrypt_n(), Botan::Camellia_256::decrypt_n(), Botan::CAST_128::decrypt_n(), Botan::DES::decrypt_n(), Botan::GOST_28147_89::decrypt_n(), Botan::IDEA::decrypt_n(), Botan::Kuznyechik::decrypt_n(), Botan::Lion::decrypt_n(), Botan::Noekeon::decrypt_n(), Botan::SEED::decrypt_n(), Botan::Serpent::decrypt_n(), Botan::SHACAL2::decrypt_n(), Botan::SM4::decrypt_n(), Botan::Threefish_512::decrypt_n(), Botan::TripleDES::decrypt_n(), Botan::Twofish::decrypt_n(), Botan::AES_128::encrypt_n(), Botan::AES_192::encrypt_n(), Botan::AES_256::encrypt_n(), Botan::ARIA_128::encrypt_n(), Botan::ARIA_192::encrypt_n(), Botan::ARIA_256::encrypt_n(), Botan::Blowfish::encrypt_n(), Botan::Camellia_128::encrypt_n(), Botan::Camellia_192::encrypt_n(), Botan::Camellia_256::encrypt_n(), Botan::CAST_128::encrypt_n(), Botan::DES::encrypt_n(), Botan::GOST_28147_89::encrypt_n(), Botan::IDEA::encrypt_n(), Botan::Kuznyechik::encrypt_n(), Botan::Lion::encrypt_n(), Botan::Noekeon::encrypt_n(), Botan::SEED::encrypt_n(), Botan::Serpent::encrypt_n(), Botan::SHACAL2::encrypt_n(), Botan::SM4::encrypt_n(), Botan::Threefish_512::encrypt_n(), Botan::TripleDES::encrypt_n(), Botan::Twofish::encrypt_n(), Botan::GHASH::final(), Botan::GHASH::ghash_update(), Botan::ChaCha::seek(), Botan::CTR_BE::seek(), Botan::Salsa20::seek(), Botan::OCB_Mode::set_associated_data_n(), Botan::Salsa20::set_iv_bytes(), Botan::GHASH::update(), and Botan::GHASH::update_associated_data().

assert_key_material_set() [2/2]

void Botan::SymmetricAlgorithm::assert_key_material_set ( bool predicate ) const

inlineprotectedinherited

Definition at line 141 of file sym_algo.h.

                                                         {
         if(!predicate) {
            throw_key_not_set_error();
         }
      }

authenticated()

bool Botan::Cipher_Mode::authenticated ( ) const

inlineinherited

Return the length in bytes of the authentication tag this algorithm generates. If the mode is not authenticated, this will return 0.

Returns

true iff this mode provides authentication as well as confidentiality.

Definition at line 264 of file cipher_mode.h.

{ return this->tag_size() > 0; }

block_size()

size_t Botan::CFB_Mode::block_size ( ) const

inlineprotected

Definition at line 53 of file cfb.h.

{ return m_block_size; }

Referenced by default_nonce_length(), name(), shift_register(), and valid_nonce_length().

cipher()

const BlockCipher & Botan::CFB_Mode::cipher ( ) const

inlineprotected

Definition at line 51 of file cfb.h.

{ return *m_cipher; }

Referenced by key_spec(), name(), and shift_register().

clear()

void Botan::CFB_Mode::clear ( )

finalvirtual

Reset the internal state. This includes not just the key, but any partial message that may have been in process.

Implements Botan::SymmetricAlgorithm.

Definition at line 24 of file cfb.cpp.

                     {
   m_cipher->clear();
   m_keystream.clear();
   reset();
}

References m_keystream, and reset().

create()

std::unique_ptr< Cipher_Mode > Botan::Cipher_Mode::create ( std::string_view algo, Cipher_Dir direction, std::string_view provider = "" )

staticinherited

Create an AEAD mode

Parameters

algo	the algorithm to create
direction	specify if this should be an encryption or decryption AEAD
provider	optional specification for provider to use

Returns

an AEAD mode or a null pointer if not available

Definition at line 51 of file cipher_mode.cpp.

                                                                          {
#if defined(BOTAN_HAS_COMMONCRYPTO)
   if(provider.empty() || provider == "commoncrypto") {
      if(auto cm = make_commoncrypto_cipher_mode(algo, direction))
         return cm;
 
      if(!provider.empty())
         return nullptr;
   }
#endif
 
   if(provider != "base" && !provider.empty()) {
      return nullptr;
   }
 
#if defined(BOTAN_HAS_STREAM_CIPHER)
   if(auto sc = StreamCipher::create(algo)) {
      return std::make_unique<Stream_Cipher_Mode>(std::move(sc));
   }
#endif
 
#if defined(BOTAN_HAS_AEAD_MODES)
   if(auto aead = AEAD_Mode::create(algo, direction)) {
      return aead;
   }
#endif
 
   if(algo.find('/') != std::string::npos) {
      const std::vector<std::string> algo_parts = split_on(algo, '/');
      std::string_view cipher_name = algo_parts[0];
      const std::vector<std::string> mode_info = parse_algorithm_name(algo_parts[1]);
 
      if(mode_info.empty()) {
         return std::unique_ptr<Cipher_Mode>();
      }
 
      std::ostringstream mode_name;
 
      mode_name << mode_info[0] << '(' << cipher_name;
      for(size_t i = 1; i < mode_info.size(); ++i) {
         mode_name << ',' << mode_info[i];
      }
      for(size_t i = 2; i < algo_parts.size(); ++i) {
         mode_name << ',' << algo_parts[i];
      }
      mode_name << ')';
 
      return Cipher_Mode::create(mode_name.str(), direction, provider);
   }
 
#if defined(BOTAN_HAS_BLOCK_CIPHER)
 
   SCAN_Name spec(algo);
 
   if(spec.arg_count() == 0) {
      return std::unique_ptr<Cipher_Mode>();
   }
 
   auto bc = BlockCipher::create(spec.arg(0), provider);
 
   if(!bc) {
      return std::unique_ptr<Cipher_Mode>();
   }
 
   #if defined(BOTAN_HAS_MODE_CBC)
   if(spec.algo_name() == "CBC") {
      const std::string padding = spec.arg(1, "PKCS7");
 
      if(padding == "CTS") {
         if(direction == Cipher_Dir::Encryption) {
            return std::make_unique<CTS_Encryption>(std::move(bc));
         } else {
            return std::make_unique<CTS_Decryption>(std::move(bc));
         }
      } else {
         auto pad = BlockCipherModePaddingMethod::create(padding);
 
         if(pad) {
            if(direction == Cipher_Dir::Encryption) {
               return std::make_unique<CBC_Encryption>(std::move(bc), std::move(pad));
            } else {
               return std::make_unique<CBC_Decryption>(std::move(bc), std::move(pad));
            }
         }
      }
   }
   #endif
 
   #if defined(BOTAN_HAS_MODE_XTS)
   if(spec.algo_name() == "XTS") {
      if(direction == Cipher_Dir::Encryption) {
         return std::make_unique<XTS_Encryption>(std::move(bc));
      } else {
         return std::make_unique<XTS_Decryption>(std::move(bc));
      }
   }
   #endif
 
   #if defined(BOTAN_HAS_MODE_CFB)
   if(spec.algo_name() == "CFB") {
      const size_t feedback_bits = spec.arg_as_integer(1, 8 * bc->block_size());
      if(direction == Cipher_Dir::Encryption) {
         return std::make_unique<CFB_Encryption>(std::move(bc), feedback_bits);
      } else {
         return std::make_unique<CFB_Decryption>(std::move(bc), feedback_bits);
      }
   }
   #endif
 
#endif
 
   return std::unique_ptr<Cipher_Mode>();
}

References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_as_integer(), Botan::SCAN_Name::arg_count(), Botan::AEAD_Mode::create(), Botan::BlockCipher::create(), Botan::BlockCipherModePaddingMethod::create(), Botan::Cipher_Mode::create(), Botan::StreamCipher::create(), Botan::Encryption, Botan::make_commoncrypto_cipher_mode(), Botan::parse_algorithm_name(), Botan::Cipher_Mode::provider(), and Botan::split_on().

Referenced by botan_cipher_init(), Botan::Cipher_Mode::create(), Botan::Cipher_Mode::create_or_throw(), Botan::get_cipher_mode(), Botan::pbes2_decrypt(), and Botan::Cipher_Mode::providers().

create_or_throw()

std::unique_ptr< Cipher_Mode > Botan::Cipher_Mode::create_or_throw ( std::string_view algo, Cipher_Dir direction, std::string_view provider = "" )

staticinherited

Create an AEAD mode, or throw

Parameters

algo	the algorithm to create
direction	specify if this should be an encryption or decryption AEAD
provider	optional specification for provider to use

Returns

an AEAD mode, or throw an exception

Definition at line 41 of file cipher_mode.cpp.

                                                                                   {
   if(auto mode = Cipher_Mode::create(algo, direction, provider)) {
      return mode;
   }
 
   throw Lookup_Error("Cipher mode", algo, provider);
}

References Botan::Cipher_Mode::create(), and Botan::Cipher_Mode::provider().

Referenced by Botan::ECIES_System_Params::create_cipher(), Botan::CryptoBox::decrypt_bin(), Botan::CryptoBox::encrypt(), and Botan::get_cipher().

default_nonce_length()

size_t Botan::CFB_Mode::default_nonce_length ( ) const

finalvirtual

Returns

the default size for a nonce

Implements Botan::Cipher_Mode.

Definition at line 64 of file cfb.cpp.

                                            {
   return block_size();
}

References block_size().

feedback()

size_t Botan::CFB_Mode::feedback ( ) const

inlineprotected

Definition at line 49 of file cfb.h.

{ return m_feedback_bytes; }

Referenced by CFB_Mode(), ideal_granularity(), name(), shift_register(), and update_granularity().

finish() [1/2]

void Botan::Cipher_Mode::finish ( secure_vector< uint8_t > & final_block, size_t offset = 0 )

inlineinherited

Complete procession of a message with a final input of buffer, which is treated the same as with update(). If you have the entire message in hand, calling finish() without ever calling update() is both efficient and convenient.

When using an AEAD_Mode, if the supplied authentication tag does not validate, this will throw an instance of Invalid_Authentication_Tag.

If this occurs, all plaintext previously output via calls to update must be destroyed and not used in any way that an attacker could observe the effects of. This could be anything from echoing the plaintext back (perhaps in an error message), or by making an external RPC whose destination or contents depend on the plaintext. The only thing you can do is buffer it, and in the event of an invalid tag, erase the previously decrypted content from memory.

One simple way to assure this could never happen is to never call update, and instead always marshal the entire message into a single buffer and call finish on it when decrypting.

Parameters

final_block	in/out parameter which must be at least minimum_final_size() bytes, and will be set to any final output
offset	an offset into final_block to begin processing

Definition at line 180 of file cipher_mode.h.

{ finish_msg(final_block, offset); }

Referenced by botan_cipher_update(), and Botan::TLS::write_record().

finish() [2/2]

template<concepts::resizable_byte_buffer T>

void Botan::Cipher_Mode::finish ( T & final_block, size_t offset = 0 )

inlineinherited

Complete procession of a message.

Note: Using this overload with anything but a Botan::secure_vector<> is copying the bytes in the in/out buffer.

Parameters

final_block	in/out parameter which must be at least minimum_final_size() bytes, and will be set to any final output
offset	an offset into final_block to begin processing

Definition at line 193 of file cipher_mode.h.

                                                     {
         Botan::secure_vector<uint8_t> tmp(final_block.begin(), final_block.end());
         finish_msg(tmp, offset);
         final_block.resize(tmp.size());
         std::copy(tmp.begin(), tmp.end(), final_block.begin());
      }

finish_msg()

virtual void Botan::Cipher_Mode::finish_msg ( secure_vector< uint8_t > & final_block, size_t offset = 0 )

protectedpure virtualinherited

has_keying_material()

bool Botan::CFB_Mode::has_keying_material ( ) const

finalvirtual

Returns

true if a key has been set on this object

Implements Botan::SymmetricAlgorithm.

Definition at line 72 of file cfb.cpp.

                                         {
   return m_cipher->has_keying_material();
}

ideal_granularity()

size_t Botan::CFB_Mode::ideal_granularity ( ) const

finalvirtual

Return an ideal granularity. This will be a multiple of the result of update_granularity but may be larger. If so it indicates that better performance may be achieved by providing buffers that are at least that size (due to SIMD execution, etc).

Implements Botan::Cipher_Mode.

Definition at line 51 of file cfb.cpp.

                                         {
   // Multiplier here is arbitrary
   return 16 * feedback();
}

References feedback().

key_spec()

Key_Length_Specification Botan::CFB_Mode::key_spec ( ) const

finalvirtual

Returns

object describing limits on key size

Implements Botan::SymmetricAlgorithm.

Definition at line 60 of file cfb.cpp.

                                                  {
   return cipher().key_spec();
}

References cipher(), and Botan::SymmetricAlgorithm::key_spec().

maximum_keylength()

size_t Botan::SymmetricAlgorithm::maximum_keylength ( ) const

inlineinherited

Returns

maximum allowed key length

Definition at line 95 of file sym_algo.h.

{ return key_spec().maximum_keylength(); }

minimum_final_size()

size_t Botan::CFB_Mode::minimum_final_size ( ) const

finalvirtual

Returns

required minimium size to finalize() - may be any length larger than this.

Implements Botan::Cipher_Mode.

Definition at line 56 of file cfb.cpp.

                                          {
   return 0;
}

minimum_keylength()

size_t Botan::SymmetricAlgorithm::minimum_keylength ( ) const

inlineinherited

Returns

minimum allowed key length

Definition at line 100 of file sym_algo.h.

{ return key_spec().minimum_keylength(); }

name()

std::string Botan::CFB_Mode::name ( ) const

finalvirtual

Returns

the algorithm name

Implements Botan::SymmetricAlgorithm.

Definition at line 35 of file cfb.cpp.

                               {
   if(feedback() == cipher().block_size()) {
      return fmt("{}/CFB", cipher().name());
   } else {
      return fmt("{}/CFB({})", cipher().name(), feedback() * 8);
   }
}

References block_size(), cipher(), feedback(), Botan::fmt(), and name().

Referenced by CFB_Mode(), and name().

output_length()

size_t Botan::CFB_Mode::output_length ( size_t input_length ) const

finalvirtual

Returns the size of the output if this transform is used to process a message with input_length bytes. In most cases the answer is precise. If it is not possible to precise (namely for CBC decryption) instead an upper bound is returned.

Implements Botan::Cipher_Mode.

Definition at line 43 of file cfb.cpp.

                                                        {
   return input_length;
}

process() [1/2]

size_t Botan::Cipher_Mode::process ( std::span< uint8_t > msg )

inlineinherited

Process message blocks

Input must be a multiple of update_granularity

Processes msg in place and returns bytes written. Normally this will be either msg_len (indicating the entire message was processed) or for certain AEAD modes zero (indicating that the mode requires the entire message be processed in one pass).

Parameters

msg	the message to be processed

Returns

bytes written in-place

Definition at line 132 of file cipher_mode.h.

{ return this->process_msg(msg.data(), msg.size()); }

Referenced by botan_cipher_update().

process() [2/2]

size_t Botan::Cipher_Mode::process ( uint8_t msg[], size_t msg_len )

inlineinherited

Definition at line 134 of file cipher_mode.h.

{ return this->process_msg(msg, msg_len); }

process_msg()

virtual size_t Botan::Cipher_Mode::process_msg ( uint8_t msg[], size_t msg_len )

protectedpure virtualinherited

provider()

virtual std::string Botan::Cipher_Mode::provider ( ) const

inlinevirtualinherited

Returns

provider information about this implementation. Default is "base", might also return "sse2", "avx2", "openssl", or some other arbitrary string.

Reimplemented in Botan::GCM_Mode.

Definition at line 275 of file cipher_mode.h.

{ return "base"; }

Referenced by Botan::AEAD_Mode::create(), Botan::Cipher_Mode::create(), Botan::AEAD_Mode::create_or_throw(), and Botan::Cipher_Mode::create_or_throw().

providers()

std::vector< std::string > Botan::Cipher_Mode::providers ( std::string_view algo_spec )

staticinherited

Returns

list of available providers for this algorithm, empty if not available

Parameters

algo_spec

algorithm name

Definition at line 168 of file cipher_mode.cpp.

                                                                    {
   const std::vector<std::string>& possible = {"base", "commoncrypto"};
   std::vector<std::string> providers;
   for(auto&& prov : possible) {
      auto mode = Cipher_Mode::create(algo_spec, Cipher_Dir::Encryption, prov);
      if(mode) {
         providers.push_back(prov);  // available
      }
   }
   return providers;
}

References Botan::Cipher_Mode::create(), Botan::Encryption, and Botan::Cipher_Mode::providers().

Referenced by Botan::Cipher_Mode::providers().

requires_entire_message()

virtual bool Botan::Cipher_Mode::requires_entire_message ( ) const

inlinevirtualinherited

Certain modes require the entire message be available before any processing can occur. For such modes, input will be consumed but not returned, until finish is called, which returns the entire message.

This function returns true if this mode has this style of operation.

Reimplemented in Botan::CCM_Mode, and Botan::SIV_Mode.

Definition at line 234 of file cipher_mode.h.

{ return false; }

Referenced by botan_cipher_update().

reset()

void Botan::CFB_Mode::reset ( )

finalvirtual

Resets just the message specific state and allows encrypting again under the existing key

Implements Botan::Cipher_Mode.

Definition at line 30 of file cfb.cpp.

                     {
   m_state.clear();
   zeroise(m_keystream);
}

References m_keystream, m_state, and Botan::zeroise().

Referenced by clear().

set_key() [1/3]

void Botan::SymmetricAlgorithm::set_key ( const SymmetricKey & key )

inlineinherited

Set the symmetric key of this object.

Parameters

key	the SymmetricKey to be set.

Definition at line 113 of file sym_algo.h.

{ set_key(std::span{key.begin(), key.length()}); }

References Botan::OctetString::begin(), Botan::OctetString::length(), and Botan::SymmetricAlgorithm::set_key().

Referenced by Botan::create_aes_row_generator(), Botan::Sodium::crypto_stream_salsa20(), Botan::Sodium::crypto_stream_salsa20_xor_ic(), Botan::Sodium::crypto_stream_xsalsa20(), Botan::Sodium::crypto_stream_xsalsa20_xor_ic(), Botan::FPE::fe1_decrypt(), Botan::FPE::fe1_encrypt(), Botan::Sphincs_Hash_Functions_Sha2::PRF_msg(), Botan::Sodium::randombytes_buf_deterministic(), and Botan::SymmetricAlgorithm::set_key().

set_key() [2/3]

void Botan::SymmetricAlgorithm::set_key ( const uint8_t key[], size_t length )

inlineinherited

Set the symmetric key of this object.

Parameters

key	the to be set as a byte array.
length	in bytes of key param

Definition at line 126 of file sym_algo.h.

{ set_key(std::span{key, length}); }

References Botan::SymmetricAlgorithm::set_key().

Referenced by Botan::SymmetricAlgorithm::set_key().

set_key() [3/3]

void Botan::SymmetricAlgorithm::set_key ( std::span< const uint8_t > key )

inherited

Set the symmetric key of this object.

Parameters

key	the contiguous byte range to be set.

Definition at line 17 of file sym_algo.cpp.

                                                           {
   if(!valid_keylength(key.size())) {
      throw Invalid_Key_Length(name(), key.size());
   }
   key_schedule(key);
}

References Botan::SymmetricAlgorithm::name(), and Botan::SymmetricAlgorithm::valid_keylength().

shift_register()

void Botan::CFB_Mode::shift_register ( )

protected

Definition at line 100 of file cfb.cpp.

                              {
   const size_t shift = feedback();
   const size_t carryover = block_size() - shift;
 
   if(carryover > 0) {
      copy_mem(m_state.data(), &m_state[shift], carryover);
   }
   copy_mem(&m_state[carryover], m_keystream.data(), shift);
   cipher().encrypt(m_state, m_keystream);
   m_keystream_pos = 0;
}

References block_size(), cipher(), Botan::copy_mem(), Botan::BlockCipher::encrypt(), feedback(), m_keystream, m_keystream_pos, and m_state.

start() [1/3]

void Botan::Cipher_Mode::start ( )

inlineinherited

Begin processing a message.

The exact semantics of this depend on the mode. For many modes, the call will fail since a nonce must be provided.

For certain modes such as CBC this will instead cause the last ciphertext block to be used as the nonce of the new message; doing this isn't a good idea, but some (mostly older) protocols do this.

Definition at line 117 of file cipher_mode.h.

{ return start_msg(nullptr, 0); }

start() [2/3]

void Botan::Cipher_Mode::start ( const uint8_t nonce[], size_t nonce_len )

inlineinherited

Begin processing a message with a fresh nonce.

Parameters

nonce	the per message nonce
nonce_len	length of nonce

Definition at line 105 of file cipher_mode.h.

{ start_msg(nonce, nonce_len); }

start() [3/3]

void Botan::Cipher_Mode::start ( std::span< const uint8_t > nonce )

inlineinherited

Begin processing a message with a fresh nonce.

Warning

Typically one must not reuse the same nonce for more than one message under the same key. For most cipher modes this would mean total loss of security and/or authenticity guarantees.

Note

If reliably generating unique nonces is difficult in your environment, use SIV which retains security even if nonces are repeated.

Parameters

nonce

the per message nonce

Definition at line 98 of file cipher_mode.h.

{ start_msg(nonce.data(), nonce.size()); }

Referenced by botan_cipher_start(), and Botan::TLS::write_record().

tag_size()

virtual size_t Botan::Cipher_Mode::tag_size ( ) const

inlinevirtualinherited

Returns

the size of the authentication tag used (in bytes)

Reimplemented in Botan::CCM_Mode, Botan::ChaCha20Poly1305_Mode, Botan::EAX_Mode, Botan::GCM_Mode, Botan::OCB_Mode, Botan::SIV_Mode, and Botan::TLS::TLS_CBC_HMAC_AEAD_Mode.

Definition at line 269 of file cipher_mode.h.

{ return 0; }

update()

template<concepts::resizable_byte_buffer T>

void Botan::Cipher_Mode::update ( T & buffer, size_t offset = 0 )

inlineinherited

Process some data. Input must be in size update_granularity() uint8_t blocks. The buffer is an in/out parameter and may be resized. In particular, some modes require that all input be consumed before any output is produced; with these modes, buffer will be returned empty.

The first offset bytes of buffer will be ignored (this allows in place processing of a buffer that contains an initial plaintext header).

Parameters

buffer	in/out parameter which will possibly be resized
offset	an offset into blocks to begin processing

Definition at line 149 of file cipher_mode.h.

                                                {
         BOTAN_ASSERT(buffer.size() >= offset, "Offset ok");
         const size_t written = process(std::span(buffer).subspan(offset));
         buffer.resize(offset + written);
      }

References BOTAN_ASSERT.

update_granularity()

size_t Botan::CFB_Mode::update_granularity ( ) const

finalvirtual

The :cpp:class:Cipher_Mode interface requires message processing in multiples of the block size. This returns size of required blocks to update. If the mode implementation does not require buffering it will return 1.

Returns

size of required blocks to update

Implements Botan::Cipher_Mode.

Definition at line 47 of file cfb.cpp.

                                          {
   return feedback();
}

References feedback().

valid_keylength()

bool Botan::SymmetricAlgorithm::valid_keylength ( size_t length ) const

inlineinherited

Check whether a given key length is valid for this algorithm.

Parameters

length

the key length to be checked.

Returns

true if the key length is valid.

Definition at line 107 of file sym_algo.h.

{ return key_spec().valid_keylength(length); }

Referenced by Botan::SymmetricAlgorithm::set_key().

valid_nonce_length()

bool Botan::CFB_Mode::valid_nonce_length ( size_t nonce_len ) const

finalvirtual

Returns

true iff nonce_len is a valid length for the nonce

Implements Botan::Cipher_Mode.

Definition at line 68 of file cfb.cpp.

                                                {
   return (n == 0 || n == block_size());
}

References block_size().

Member Data Documentation

m_keystream

secure_vector<uint8_t> Botan::CFB_Mode::m_keystream

protected

Definition at line 56 of file cfb.h.

Referenced by clear(), reset(), and shift_register().

m_keystream_pos

size_t Botan::CFB_Mode::m_keystream_pos = 0

protected

Definition at line 57 of file cfb.h.

Referenced by shift_register().

m_state

secure_vector<uint8_t> Botan::CFB_Mode::m_state

protected

Definition at line 55 of file cfb.h.

Referenced by reset(), and shift_register().

---

The documentation for this class was generated from the following files:

• src/lib/modes/cfb/cfb.h
• src/lib/modes/cfb/cfb.cpp