Botan 3.6.1
Crypto and TLS for C&
Botan::EAX_Decryption Class Referencefinal

#include <eax.h>

Inheritance diagram for Botan::EAX_Decryption:
Botan::EAX_Mode Botan::AEAD_Mode Botan::Cipher_Mode Botan::SymmetricAlgorithm

Public Member Functions

virtual bool associated_data_requires_key () const
 
bool authenticated () const
 
void clear () final
 
size_t default_nonce_length () const override
 
 EAX_Decryption (std::unique_ptr< BlockCipher > cipher, size_t tag_size=0)
 
void finish (secure_vector< uint8_t > &final_block, size_t offset=0)
 
template<concepts::resizable_byte_buffer T>
void finish (T &final_block, size_t offset=0)
 
bool has_keying_material () const final
 
size_t ideal_granularity () const final
 
Key_Length_Specification key_spec () const final
 
virtual size_t maximum_associated_data_inputs () const
 
size_t maximum_keylength () const
 
size_t minimum_final_size () const override
 
size_t minimum_keylength () const
 
std::string name () const final
 
size_t output_length (size_t input_length) const override
 
size_t process (std::span< uint8_t > msg)
 
size_t process (uint8_t msg[], size_t msg_len)
 
virtual std::string provider () const
 
virtual bool requires_entire_message () const
 
void reset () final
 
void set_ad (std::span< const uint8_t > ad)
 
void set_associated_data (const uint8_t ad[], size_t ad_len)
 
void set_associated_data (std::span< const uint8_t > ad)
 
void set_associated_data_n (size_t idx, std::span< const uint8_t > ad) final
 
template<typename Alloc >
void set_associated_data_vec (const std::vector< uint8_t, Alloc > &ad)
 
void set_key (const SymmetricKey &key)
 
void set_key (const uint8_t key[], size_t length)
 
void set_key (std::span< const uint8_t > key)
 
void start ()
 
void start (const uint8_t nonce[], size_t nonce_len)
 
void start (std::span< const uint8_t > nonce)
 
size_t tag_size () const final
 
template<concepts::resizable_byte_buffer T>
void update (T &buffer, size_t offset=0)
 
size_t update_granularity () const final
 
bool valid_keylength (size_t length) const
 
bool valid_nonce_length (size_t) const final
 

Static Public Member Functions

static std::unique_ptr< AEAD_Modecreate (std::string_view algo, Cipher_Dir direction, std::string_view provider="")
 
static std::unique_ptr< AEAD_Modecreate_or_throw (std::string_view algo, Cipher_Dir direction, std::string_view provider="")
 
static std::vector< std::string > providers (std::string_view algo_spec)
 

Protected Member Functions

void assert_key_material_set () const
 
void assert_key_material_set (bool predicate) const
 
size_t block_size () const
 

Protected Attributes

secure_vector< uint8_t > m_ad_mac
 
std::unique_ptr< BlockCipherm_cipher
 
std::unique_ptr< MessageAuthenticationCodem_cmac
 
std::unique_ptr< StreamCipherm_ctr
 
secure_vector< uint8_t > m_nonce_mac
 
size_t m_tag_size
 

Detailed Description

EAX Decryption

Definition at line 94 of file eax.h.

Constructor & Destructor Documentation

◆ EAX_Decryption()

Botan::EAX_Decryption::EAX_Decryption ( std::unique_ptr< BlockCipher > cipher,
size_t tag_size = 0 )
inline
Parameters
ciphera 128-bit block cipher
tag_sizeis how big the auth tag will be

Definition at line 100 of file eax.h.

100 :
101 EAX_Mode(std::move(cipher), tag_size) {}
size_t tag_size() const final
Definition eax.h:37
EAX_Mode(std::unique_ptr< BlockCipher > cipher, size_t tag_size)
Definition eax.cpp:38

Member Function Documentation

◆ assert_key_material_set() [1/2]

void Botan::SymmetricAlgorithm::assert_key_material_set ( ) const
inlineprotectedinherited

Definition at line 139 of file sym_algo.h.

virtual bool has_keying_material() const =0
void assert_key_material_set() const
Definition sym_algo.h:139

References Botan::SymmetricAlgorithm::assert_key_material_set().

Referenced by Botan::SymmetricAlgorithm::assert_key_material_set(), Botan::Salsa20::cipher_bytes(), Botan::AES_128::decrypt_n(), Botan::AES_192::decrypt_n(), Botan::AES_256::decrypt_n(), Botan::ARIA_128::decrypt_n(), Botan::ARIA_192::decrypt_n(), Botan::ARIA_256::decrypt_n(), Botan::Blowfish::decrypt_n(), Botan::Camellia_128::decrypt_n(), Botan::Camellia_192::decrypt_n(), Botan::Camellia_256::decrypt_n(), Botan::CAST_128::decrypt_n(), Botan::DES::decrypt_n(), Botan::GOST_28147_89::decrypt_n(), Botan::IDEA::decrypt_n(), Botan::Kuznyechik::decrypt_n(), Botan::Lion::decrypt_n(), Botan::Noekeon::decrypt_n(), Botan::SEED::decrypt_n(), Botan::Serpent::decrypt_n(), Botan::SHACAL2::decrypt_n(), Botan::SM4::decrypt_n(), Botan::Threefish_512::decrypt_n(), Botan::TripleDES::decrypt_n(), Botan::Twofish::decrypt_n(), Botan::AES_128::encrypt_n(), Botan::AES_192::encrypt_n(), Botan::AES_256::encrypt_n(), Botan::ARIA_128::encrypt_n(), Botan::ARIA_192::encrypt_n(), Botan::ARIA_256::encrypt_n(), Botan::Blowfish::encrypt_n(), Botan::Camellia_128::encrypt_n(), Botan::Camellia_192::encrypt_n(), Botan::Camellia_256::encrypt_n(), Botan::CAST_128::encrypt_n(), Botan::DES::encrypt_n(), Botan::GOST_28147_89::encrypt_n(), Botan::IDEA::encrypt_n(), Botan::Kuznyechik::encrypt_n(), Botan::Lion::encrypt_n(), Botan::Noekeon::encrypt_n(), Botan::SEED::encrypt_n(), Botan::Serpent::encrypt_n(), Botan::SHACAL2::encrypt_n(), Botan::SM4::encrypt_n(), Botan::Threefish_512::encrypt_n(), Botan::TripleDES::encrypt_n(), Botan::Twofish::encrypt_n(), Botan::GHASH::final(), Botan::GHASH::ghash_update(), Botan::ChaCha::seek(), Botan::CTR_BE::seek(), Botan::Salsa20::seek(), Botan::OCB_Mode::set_associated_data_n(), Botan::Salsa20::set_iv_bytes(), Botan::GHASH::update(), and Botan::GHASH::update_associated_data().

◆ assert_key_material_set() [2/2]

void Botan::SymmetricAlgorithm::assert_key_material_set ( bool predicate) const
inlineprotectedinherited

Definition at line 141 of file sym_algo.h.

141 {
142 if(!predicate) {
143 throw_key_not_set_error();
144 }
145 }

◆ associated_data_requires_key()

virtual bool Botan::AEAD_Mode::associated_data_requires_key ( ) const
inlinevirtualinherited

Most AEADs require the key to be set prior to setting the AD A few allow the AD to be set even before the cipher is keyed. Such ciphers would return false from this function.

Reimplemented in Botan::CCM_Mode, and Botan::ChaCha20Poly1305_Mode.

Definition at line 98 of file aead.h.

98{ return true; }

◆ authenticated()

bool Botan::Cipher_Mode::authenticated ( ) const
inlineinherited

Return the length in bytes of the authentication tag this algorithm generates. If the mode is not authenticated, this will return 0.

Returns
true iff this mode provides authentication as well as confidentiality.

Definition at line 264 of file cipher_mode.h.

264{ return this->tag_size() > 0; }
virtual size_t tag_size() const

◆ block_size()

size_t Botan::EAX_Mode::block_size ( ) const
inlineprotectedinherited

Definition at line 52 of file eax.h.

52{ return m_cipher->block_size(); }
std::unique_ptr< BlockCipher > m_cipher
Definition eax.h:56

References Botan::EAX_Mode::m_cipher.

Referenced by Botan::EAX_Mode::set_associated_data_n().

◆ clear()

void Botan::EAX_Mode::clear ( )
finalvirtualinherited

Reset the internal state. This includes not just the key, but any partial message that may have been in process.

Implements Botan::SymmetricAlgorithm.

Definition at line 48 of file eax.cpp.

48 {
49 m_cipher->clear();
50 m_ctr->clear();
51 m_cmac->clear();
52 reset();
53}
std::unique_ptr< StreamCipher > m_ctr
Definition eax.h:57
std::unique_ptr< MessageAuthenticationCode > m_cmac
Definition eax.h:58
void reset() final
Definition eax.cpp:55

References Botan::EAX_Mode::m_cipher, Botan::EAX_Mode::m_cmac, Botan::EAX_Mode::m_ctr, and Botan::EAX_Mode::reset().

◆ create()

std::unique_ptr< AEAD_Mode > Botan::AEAD_Mode::create ( std::string_view algo,
Cipher_Dir direction,
std::string_view provider = "" )
staticinherited

Create an AEAD mode

Parameters
algothe algorithm to create
directionspecify if this should be an encryption or decryption AEAD
provideroptional specification for provider to use
Returns
an AEAD mode or a null pointer if not available

Definition at line 53 of file aead.cpp.

53 {
55#if defined(BOTAN_HAS_AEAD_CHACHA20_POLY1305)
56 if(algo == "ChaCha20Poly1305") {
57 if(dir == Cipher_Dir::Encryption) {
58 return std::make_unique<ChaCha20Poly1305_Encryption>();
59 } else {
60 return std::make_unique<ChaCha20Poly1305_Decryption>();
61 }
62 }
63#endif
64
65 if(algo.find('/') != std::string::npos) {
66 const std::vector<std::string> algo_parts = split_on(algo, '/');
67 std::string_view cipher_name = algo_parts[0];
68 const std::vector<std::string> mode_info = parse_algorithm_name(algo_parts[1]);
69
70 if(mode_info.empty()) {
71 return std::unique_ptr<AEAD_Mode>();
72 }
73
74 std::ostringstream mode_name;
75
76 mode_name << mode_info[0] << '(' << cipher_name;
77 for(size_t i = 1; i < mode_info.size(); ++i) {
78 mode_name << ',' << mode_info[i];
79 }
80 for(size_t i = 2; i < algo_parts.size(); ++i) {
81 mode_name << ',' << algo_parts[i];
82 }
83 mode_name << ')';
84
85 return AEAD_Mode::create(mode_name.str(), dir);
86 }
87
88#if defined(BOTAN_HAS_BLOCK_CIPHER)
89
90 SCAN_Name req(algo);
91
92 if(req.arg_count() == 0) {
93 return std::unique_ptr<AEAD_Mode>();
94 }
95
96 auto bc = BlockCipher::create(req.arg(0), provider);
97
98 if(!bc) {
99 return std::unique_ptr<AEAD_Mode>();
100 }
101
102 #if defined(BOTAN_HAS_AEAD_CCM)
103 if(req.algo_name() == "CCM") {
104 size_t tag_len = req.arg_as_integer(1, 16);
105 size_t L_len = req.arg_as_integer(2, 3);
106 if(dir == Cipher_Dir::Encryption) {
107 return std::make_unique<CCM_Encryption>(std::move(bc), tag_len, L_len);
108 } else {
109 return std::make_unique<CCM_Decryption>(std::move(bc), tag_len, L_len);
110 }
111 }
112 #endif
113
114 #if defined(BOTAN_HAS_AEAD_GCM)
115 if(req.algo_name() == "GCM") {
116 size_t tag_len = req.arg_as_integer(1, 16);
117 if(dir == Cipher_Dir::Encryption) {
118 return std::make_unique<GCM_Encryption>(std::move(bc), tag_len);
119 } else {
120 return std::make_unique<GCM_Decryption>(std::move(bc), tag_len);
121 }
122 }
123 #endif
124
125 #if defined(BOTAN_HAS_AEAD_OCB)
126 if(req.algo_name() == "OCB") {
127 size_t tag_len = req.arg_as_integer(1, 16);
128 if(dir == Cipher_Dir::Encryption) {
129 return std::make_unique<OCB_Encryption>(std::move(bc), tag_len);
130 } else {
131 return std::make_unique<OCB_Decryption>(std::move(bc), tag_len);
132 }
133 }
134 #endif
135
136 #if defined(BOTAN_HAS_AEAD_EAX)
137 if(req.algo_name() == "EAX") {
138 size_t tag_len = req.arg_as_integer(1, bc->block_size());
139 if(dir == Cipher_Dir::Encryption) {
140 return std::make_unique<EAX_Encryption>(std::move(bc), tag_len);
141 } else {
142 return std::make_unique<EAX_Decryption>(std::move(bc), tag_len);
143 }
144 }
145 #endif
146
147 #if defined(BOTAN_HAS_AEAD_SIV)
148 if(req.algo_name() == "SIV") {
149 if(dir == Cipher_Dir::Encryption) {
150 return std::make_unique<SIV_Encryption>(std::move(bc));
151 } else {
152 return std::make_unique<SIV_Decryption>(std::move(bc));
153 }
154 }
155 #endif
156
157#endif
158
159 return std::unique_ptr<AEAD_Mode>();
160}
#define BOTAN_UNUSED
Definition assert.h:118
static std::unique_ptr< AEAD_Mode > create(std::string_view algo, Cipher_Dir direction, std::string_view provider="")
Definition aead.cpp:53
static std::unique_ptr< BlockCipher > create(std::string_view algo_spec, std::string_view provider="")
virtual std::string provider() const
std::vector< std::string > split_on(std::string_view str, char delim)
Definition parsing.cpp:111
std::vector< std::string > parse_algorithm_name(std::string_view namex)
Definition parsing.cpp:57

References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_as_integer(), Botan::SCAN_Name::arg_count(), BOTAN_UNUSED, Botan::AEAD_Mode::create(), Botan::BlockCipher::create(), Botan::Encryption, Botan::parse_algorithm_name(), Botan::Cipher_Mode::provider(), and Botan::split_on().

Referenced by Botan::AEAD_Mode::create(), Botan::Cipher_Mode::create(), Botan::AEAD_Mode::create_or_throw(), and Botan::get_aead().

◆ create_or_throw()

std::unique_ptr< AEAD_Mode > Botan::AEAD_Mode::create_or_throw ( std::string_view algo,
Cipher_Dir direction,
std::string_view provider = "" )
staticinherited

Create an AEAD mode, or throw

Parameters
algothe algorithm to create
directionspecify if this should be an encryption or decryption AEAD
provideroptional specification for provider to use
Returns
an AEAD mode, or throw an exception

Definition at line 43 of file aead.cpp.

45 {
46 if(auto aead = AEAD_Mode::create(algo, dir, provider)) {
47 return aead;
48 }
49
50 throw Lookup_Error("AEAD", algo, provider);
51}

References Botan::AEAD_Mode::create(), and Botan::Cipher_Mode::provider().

Referenced by Botan::TLS::Cipher_State::advance_with_server_hello(), Botan::TLS::Connection_Cipher_State::Connection_Cipher_State(), Botan::TLS::Session::decrypt(), and Botan::TLS::Session::encrypt().

◆ default_nonce_length()

size_t Botan::AEAD_Mode::default_nonce_length ( ) const
inlineoverridevirtualinherited
Returns
default AEAD nonce size (a commonly supported value among AEAD modes, and large enough that random collisions are unlikely)

Implements Botan::Cipher_Mode.

Reimplemented in Botan::CCM_Mode, and Botan::TLS::TLS_CBC_HMAC_AEAD_Mode.

Definition at line 130 of file aead.h.

130{ return 12; }

◆ finish() [1/2]

void Botan::Cipher_Mode::finish ( secure_vector< uint8_t > & final_block,
size_t offset = 0 )
inlineinherited

Complete procession of a message with a final input of buffer, which is treated the same as with update(). If you have the entire message in hand, calling finish() without ever calling update() is both efficient and convenient.

When using an AEAD_Mode, if the supplied authentication tag does not validate, this will throw an instance of Invalid_Authentication_Tag.

If this occurs, all plaintext previously output via calls to update must be destroyed and not used in any way that an attacker could observe the effects of. This could be anything from echoing the plaintext back (perhaps in an error message), or by making an external RPC whose destination or contents depend on the plaintext. The only thing you can do is buffer it, and in the event of an invalid tag, erase the previously decrypted content from memory.

One simple way to assure this could never happen is to never call update, and instead always marshal the entire message into a single buffer and call finish on it when decrypting.

Parameters
final_blockin/out parameter which must be at least minimum_final_size() bytes, and will be set to any final output
offsetan offset into final_block to begin processing

Definition at line 180 of file cipher_mode.h.

180{ finish_msg(final_block, offset); }
virtual void finish_msg(secure_vector< uint8_t > &final_block, size_t offset=0)=0

Referenced by botan_cipher_update(), and Botan::TLS::write_record().

◆ finish() [2/2]

template<concepts::resizable_byte_buffer T>
void Botan::Cipher_Mode::finish ( T & final_block,
size_t offset = 0 )
inlineinherited

Complete procession of a message.

Note: Using this overload with anything but a Botan::secure_vector<> is copying the bytes in the in/out buffer.

Parameters
final_blockin/out parameter which must be at least minimum_final_size() bytes, and will be set to any final output
offsetan offset into final_block to begin processing

Definition at line 193 of file cipher_mode.h.

193 {
194 Botan::secure_vector<uint8_t> tmp(final_block.begin(), final_block.end());
195 finish_msg(tmp, offset);
196 final_block.resize(tmp.size());
197 std::copy(tmp.begin(), tmp.end(), final_block.begin());
198 }
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61

◆ has_keying_material()

bool Botan::EAX_Mode::has_keying_material ( ) const
finalvirtualinherited
Returns
true if a key has been set on this object

Implements Botan::SymmetricAlgorithm.

Definition at line 81 of file eax.cpp.

81 {
82 return m_ctr->has_keying_material() && m_cmac->has_keying_material();
83}

References Botan::EAX_Mode::m_cmac, and Botan::EAX_Mode::m_ctr.

◆ ideal_granularity()

size_t Botan::EAX_Mode::ideal_granularity ( ) const
finalvirtualinherited

Return an ideal granularity. This will be a multiple of the result of update_granularity but may be larger. If so it indicates that better performance may be achieved by providing buffers that are at least that size (due to SIMD execution, etc).

Implements Botan::Cipher_Mode.

Definition at line 73 of file eax.cpp.

73 {
74 return m_cipher->parallel_bytes();
75}

References Botan::EAX_Mode::m_cipher.

◆ key_spec()

Key_Length_Specification Botan::EAX_Mode::key_spec ( ) const
finalvirtualinherited
Returns
object describing limits on key size

Implements Botan::SymmetricAlgorithm.

Definition at line 77 of file eax.cpp.

77 {
78 return m_ctr->key_spec();
79}

References Botan::EAX_Mode::m_ctr.

◆ maximum_associated_data_inputs()

virtual size_t Botan::AEAD_Mode::maximum_associated_data_inputs ( ) const
inlinevirtualinherited

Returns the maximum supported number of associated data inputs which can be provided to set_associated_data_n

If returns 0, then no associated data is supported.

Reimplemented in Botan::SIV_Mode.

Definition at line 91 of file aead.h.

91{ return 1; }

◆ maximum_keylength()

size_t Botan::SymmetricAlgorithm::maximum_keylength ( ) const
inlineinherited
Returns
maximum allowed key length

Definition at line 95 of file sym_algo.h.

95{ return key_spec().maximum_keylength(); }
size_t maximum_keylength() const
Definition sym_algo.h:54
virtual Key_Length_Specification key_spec() const =0

◆ minimum_final_size()

size_t Botan::EAX_Decryption::minimum_final_size ( ) const
inlineoverridevirtual
Returns
required minimium size to finalize() - may be any length larger than this.

Implements Botan::Cipher_Mode.

Definition at line 108 of file eax.h.

108{ return tag_size(); }

References Botan::EAX_Mode::tag_size().

◆ minimum_keylength()

size_t Botan::SymmetricAlgorithm::minimum_keylength ( ) const
inlineinherited
Returns
minimum allowed key length

Definition at line 100 of file sym_algo.h.

100{ return key_spec().minimum_keylength(); }
size_t minimum_keylength() const
Definition sym_algo.h:49

◆ name()

std::string Botan::EAX_Mode::name ( ) const
finalvirtualinherited
Returns
the algorithm name

Implements Botan::SymmetricAlgorithm.

Definition at line 65 of file eax.cpp.

65 {
66 return (m_cipher->name() + "/EAX");
67}

References Botan::EAX_Mode::m_cipher.

◆ output_length()

size_t Botan::EAX_Decryption::output_length ( size_t input_length) const
inlineoverridevirtual

Returns the size of the output if this transform is used to process a message with input_length bytes. In most cases the answer is precise. If it is not possible to precise (namely for CBC decryption) instead an upper bound is returned.

Implements Botan::Cipher_Mode.

Definition at line 103 of file eax.h.

103 {
104 BOTAN_ARG_CHECK(input_length >= tag_size(), "Sufficient input");
105 return input_length - tag_size();
106 }
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:29

References BOTAN_ARG_CHECK, and Botan::EAX_Mode::tag_size().

◆ process() [1/2]

size_t Botan::Cipher_Mode::process ( std::span< uint8_t > msg)
inlineinherited

Process message blocks

Input must be a multiple of update_granularity

Processes msg in place and returns bytes written. Normally this will be either msg_len (indicating the entire message was processed) or for certain AEAD modes zero (indicating that the mode requires the entire message be processed in one pass).

Parameters
msgthe message to be processed
Returns
bytes written in-place

Definition at line 132 of file cipher_mode.h.

132{ return this->process_msg(msg.data(), msg.size()); }
virtual size_t process_msg(uint8_t msg[], size_t msg_len)=0

Referenced by botan_cipher_update().

◆ process() [2/2]

size_t Botan::Cipher_Mode::process ( uint8_t msg[],
size_t msg_len )
inlineinherited

Definition at line 134 of file cipher_mode.h.

134{ return this->process_msg(msg, msg_len); }

◆ provider()

virtual std::string Botan::Cipher_Mode::provider ( ) const
inlinevirtualinherited
Returns
provider information about this implementation. Default is "base", might also return "sse2", "avx2", "openssl", or some other arbitrary string.

Reimplemented in Botan::GCM_Mode.

Definition at line 275 of file cipher_mode.h.

275{ return "base"; }

Referenced by Botan::AEAD_Mode::create(), Botan::Cipher_Mode::create(), Botan::AEAD_Mode::create_or_throw(), and Botan::Cipher_Mode::create_or_throw().

◆ providers()

std::vector< std::string > Botan::Cipher_Mode::providers ( std::string_view algo_spec)
staticinherited
Returns
list of available providers for this algorithm, empty if not available
Parameters
algo_specalgorithm name

Definition at line 168 of file cipher_mode.cpp.

168 {
169 const std::vector<std::string>& possible = {"base", "commoncrypto"};
170 std::vector<std::string> providers;
171 for(auto&& prov : possible) {
172 auto mode = Cipher_Mode::create(algo_spec, Cipher_Dir::Encryption, prov);
173 if(mode) {
174 providers.push_back(prov); // available
175 }
176 }
177 return providers;
178}
static std::unique_ptr< Cipher_Mode > create(std::string_view algo, Cipher_Dir direction, std::string_view provider="")
static std::vector< std::string > providers(std::string_view algo_spec)

References Botan::Cipher_Mode::create(), Botan::Encryption, and Botan::Cipher_Mode::providers().

Referenced by Botan::Cipher_Mode::providers().

◆ requires_entire_message()

virtual bool Botan::Cipher_Mode::requires_entire_message ( ) const
inlinevirtualinherited

Certain modes require the entire message be available before any processing can occur. For such modes, input will be consumed but not returned, until finish is called, which returns the entire message.

This function returns true if this mode has this style of operation.

Reimplemented in Botan::CCM_Mode, and Botan::SIV_Mode.

Definition at line 234 of file cipher_mode.h.

234{ return false; }

Referenced by botan_cipher_update().

◆ reset()

void Botan::EAX_Mode::reset ( )
finalvirtualinherited

Resets just the message specific state and allows encrypting again under the existing key

Implements Botan::Cipher_Mode.

Definition at line 55 of file eax.cpp.

55 {
56 m_ad_mac.clear();
57 m_nonce_mac.clear();
58
59 // Clear out any data added to the CMAC calculation
60 try {
61 m_cmac->final();
62 } catch(Key_Not_Set&) {}
63}
secure_vector< uint8_t > m_nonce_mac
Definition eax.h:62
secure_vector< uint8_t > m_ad_mac
Definition eax.h:60

References Botan::EAX_Mode::m_ad_mac, Botan::EAX_Mode::m_cmac, and Botan::EAX_Mode::m_nonce_mac.

Referenced by Botan::EAX_Mode::clear().

◆ set_ad()

void Botan::AEAD_Mode::set_ad ( std::span< const uint8_t > ad)
inlineinherited

Set associated data that is not included in the ciphertext but that should be authenticated. Must be called after set_key() and before start().

See set_associated_data().

Parameters
adthe associated data

Definition at line 124 of file aead.h.

124{ set_associated_data(ad); }
void set_associated_data(std::span< const uint8_t > ad)
Definition aead.h:59

◆ set_associated_data() [1/2]

void Botan::AEAD_Mode::set_associated_data ( const uint8_t ad[],
size_t ad_len )
inlineinherited

Definition at line 61 of file aead.h.

61{ set_associated_data(std::span(ad, ad_len)); }

References Botan::AEAD_Mode::set_associated_data().

Referenced by Botan::AEAD_Mode::set_associated_data().

◆ set_associated_data() [2/2]

void Botan::AEAD_Mode::set_associated_data ( std::span< const uint8_t > ad)
inlineinherited

Set associated data that is not included in the ciphertext but that should be authenticated. Must be called after set_key() and before start().

Unless reset by another call, the associated data is kept between messages. Thus, if the AD does not change, calling once (after set_key()) is the optimum.

Parameters
adthe associated data

Definition at line 59 of file aead.h.

59{ set_associated_data_n(0, ad); }
virtual void set_associated_data_n(size_t idx, std::span< const uint8_t > ad)=0

Referenced by Botan::TLS::write_record().

◆ set_associated_data_n()

void Botan::EAX_Mode::set_associated_data_n ( size_t idx,
std::span< const uint8_t > ad )
finalvirtualinherited

Set associated data that is not included in the ciphertext but that should be authenticated. Must be called after set_key() and before start().

Unless reset by another call, the associated data is kept between messages. Thus, if the AD does not change, calling once (after set_key()) is the optimum.

Some AEADs (namely SIV) support multiple AD inputs. For all other modes only nominal AD input 0 is supported; all other values of idx will cause an exception.

Derived AEADs must implement this. For AEADs where maximum_associated_data_inputs() returns 1 (the default), the idx must simply be ignored.

Parameters
idxwhich associated data to set
adthe associated data

Implements Botan::AEAD_Mode.

Definition at line 100 of file eax.cpp.

100 {
101 BOTAN_ARG_CHECK(idx == 0, "EAX: cannot handle non-zero index in set_associated_data_n");
102 if(m_nonce_mac.empty() == false) {
103 throw Invalid_State("Cannot set AD for EAX while processing a message");
104 }
105 m_ad_mac = eax_prf(1, block_size(), *m_cmac, ad.data(), ad.size());
106}
size_t block_size() const
Definition eax.h:52

References Botan::EAX_Mode::block_size(), BOTAN_ARG_CHECK, Botan::EAX_Mode::m_ad_mac, Botan::EAX_Mode::m_cmac, and Botan::EAX_Mode::m_nonce_mac.

◆ set_associated_data_vec()

template<typename Alloc >
void Botan::AEAD_Mode::set_associated_data_vec ( const std::vector< uint8_t, Alloc > & ad)
inlineinherited

Set associated data that is not included in the ciphertext but that should be authenticated. Must be called after set_key() and before start().

See set_associated_data().

Parameters
adthe associated data

Definition at line 111 of file aead.h.

111 {
113 }

◆ set_key() [1/3]

◆ set_key() [2/3]

void Botan::SymmetricAlgorithm::set_key ( const uint8_t key[],
size_t length )
inlineinherited

Set the symmetric key of this object.

Parameters
keythe to be set as a byte array.
lengthin bytes of key param

Definition at line 126 of file sym_algo.h.

126{ set_key(std::span{key, length}); }

References Botan::SymmetricAlgorithm::set_key().

Referenced by Botan::SymmetricAlgorithm::set_key().

◆ set_key() [3/3]

void Botan::SymmetricAlgorithm::set_key ( std::span< const uint8_t > key)
inherited

Set the symmetric key of this object.

Parameters
keythe contiguous byte range to be set.

Definition at line 17 of file sym_algo.cpp.

17 {
18 if(!valid_keylength(key.size())) {
19 throw Invalid_Key_Length(name(), key.size());
20 }
21 key_schedule(key);
22}
bool valid_keylength(size_t length) const
Definition sym_algo.h:107
virtual std::string name() const =0

References Botan::SymmetricAlgorithm::name(), and Botan::SymmetricAlgorithm::valid_keylength().

◆ start() [1/3]

void Botan::Cipher_Mode::start ( )
inlineinherited

Begin processing a message.

The exact semantics of this depend on the mode. For many modes, the call will fail since a nonce must be provided.

For certain modes such as CBC this will instead cause the last ciphertext block to be used as the nonce of the new message; doing this isn't a good idea, but some (mostly older) protocols do this.

Definition at line 117 of file cipher_mode.h.

117{ return start_msg(nullptr, 0); }
virtual void start_msg(const uint8_t nonce[], size_t nonce_len)=0

◆ start() [2/3]

void Botan::Cipher_Mode::start ( const uint8_t nonce[],
size_t nonce_len )
inlineinherited

Begin processing a message with a fresh nonce.

Parameters
noncethe per message nonce
nonce_lenlength of nonce

Definition at line 105 of file cipher_mode.h.

105{ start_msg(nonce, nonce_len); }

◆ start() [3/3]

void Botan::Cipher_Mode::start ( std::span< const uint8_t > nonce)
inlineinherited

Begin processing a message with a fresh nonce.

Warning
Typically one must not reuse the same nonce for more than one message under the same key. For most cipher modes this would mean total loss of security and/or authenticity guarantees.
Note
If reliably generating unique nonces is difficult in your environment, use SIV which retains security even if nonces are repeated.
Parameters
noncethe per message nonce

Definition at line 98 of file cipher_mode.h.

98{ start_msg(nonce.data(), nonce.size()); }

Referenced by botan_cipher_start(), and Botan::TLS::write_record().

◆ tag_size()

size_t Botan::EAX_Mode::tag_size ( ) const
inlinefinalvirtualinherited
Returns
the size of the authentication tag used (in bytes)

Reimplemented from Botan::Cipher_Mode.

Definition at line 37 of file eax.h.

37{ return m_tag_size; }
size_t m_tag_size
Definition eax.h:54

References Botan::EAX_Mode::m_tag_size.

Referenced by minimum_final_size(), output_length(), and Botan::EAX_Encryption::output_length().

◆ update()

template<concepts::resizable_byte_buffer T>
void Botan::Cipher_Mode::update ( T & buffer,
size_t offset = 0 )
inlineinherited

Process some data. Input must be in size update_granularity() uint8_t blocks. The buffer is an in/out parameter and may be resized. In particular, some modes require that all input be consumed before any output is produced; with these modes, buffer will be returned empty.

The first offset bytes of buffer will be ignored (this allows in place processing of a buffer that contains an initial plaintext header).

Parameters
bufferin/out parameter which will possibly be resized
offsetan offset into blocks to begin processing

Definition at line 149 of file cipher_mode.h.

149 {
150 BOTAN_ASSERT(buffer.size() >= offset, "Offset ok");
151 const size_t written = process(std::span(buffer).subspan(offset));
152 buffer.resize(offset + written);
153 }
#define BOTAN_ASSERT(expr, assertion_made)
Definition assert.h:50
size_t process(std::span< uint8_t > msg)

References BOTAN_ASSERT.

◆ update_granularity()

size_t Botan::EAX_Mode::update_granularity ( ) const
finalvirtualinherited

The :cpp:class:Cipher_Mode interface requires message processing in multiples of the block size. This returns size of required blocks to update. If the mode implementation does not require buffering it will return 1.

Returns
size of required blocks to update

Implements Botan::Cipher_Mode.

Definition at line 69 of file eax.cpp.

69 {
70 return 1;
71}

◆ valid_keylength()

bool Botan::SymmetricAlgorithm::valid_keylength ( size_t length) const
inlineinherited

Check whether a given key length is valid for this algorithm.

Parameters
lengththe key length to be checked.
Returns
true if the key length is valid.

Definition at line 107 of file sym_algo.h.

107{ return key_spec().valid_keylength(length); }
bool valid_keylength(size_t length) const
Definition sym_algo.h:42

Referenced by Botan::SymmetricAlgorithm::set_key().

◆ valid_nonce_length()

bool Botan::EAX_Mode::valid_nonce_length ( size_t nonce_len) const
inlinefinalvirtualinherited
Returns
true iff nonce_len is a valid length for the nonce

Implements Botan::Cipher_Mode.

Definition at line 35 of file eax.h.

35{ return true; }

Member Data Documentation

◆ m_ad_mac

secure_vector<uint8_t> Botan::EAX_Mode::m_ad_mac
protectedinherited

Definition at line 60 of file eax.h.

Referenced by Botan::EAX_Mode::reset(), and Botan::EAX_Mode::set_associated_data_n().

◆ m_cipher

std::unique_ptr<BlockCipher> Botan::EAX_Mode::m_cipher
protectedinherited

◆ m_cmac

◆ m_ctr

std::unique_ptr<StreamCipher> Botan::EAX_Mode::m_ctr
protectedinherited

◆ m_nonce_mac

secure_vector<uint8_t> Botan::EAX_Mode::m_nonce_mac
protectedinherited

Definition at line 62 of file eax.h.

Referenced by Botan::EAX_Mode::reset(), and Botan::EAX_Mode::set_associated_data_n().

◆ m_tag_size

size_t Botan::EAX_Mode::m_tag_size
protectedinherited

Definition at line 54 of file eax.h.

Referenced by Botan::EAX_Mode::EAX_Mode(), and Botan::EAX_Mode::tag_size().


The documentation for this class was generated from the following files: