Botan  1.11.34
Crypto and TLS for C++11
Public Member Functions | Protected Member Functions | Protected Attributes | List of all members
Botan::EAX_Decryption Class Referencefinal

#include <eax.h>

Inheritance diagram for Botan::EAX_Decryption:
Botan::EAX_Mode Botan::AEAD_Mode Botan::Cipher_Mode

Public Member Functions

bool authenticated () const override
 
void clear () override
 
size_t default_nonce_length () const override
 
 EAX_Decryption (BlockCipher *cipher, size_t tag_size=0)
 
void finish (secure_vector< byte > &final_block, size_t offset=0) override
 
Key_Length_Specification key_spec () const override
 
size_t minimum_final_size () const override
 
std::string name () const override
 
size_t output_length (size_t input_length) const override
 
size_t process (uint8_t buf[], size_t size) override
 
virtual std::string provider () const
 
void reset () override
 
template<typename Alloc >
void set_ad (const std::vector< byte, Alloc > &ad)
 
void set_associated_data (const byte ad[], size_t ad_len) override
 
template<typename Alloc >
void set_associated_data_vec (const std::vector< byte, Alloc > &ad)
 
template<typename Alloc >
void set_key (const std::vector< byte, Alloc > &key)
 
void set_key (const SymmetricKey &key)
 
void set_key (const byte key[], size_t length)
 
template<typename Alloc >
void start (const std::vector< byte, Alloc > &nonce)
 
void start (const byte nonce[], size_t nonce_len)
 
void start ()
 
size_t tag_size () const override
 
void update (secure_vector< byte > &buffer, size_t offset=0)
 
size_t update_granularity () const override
 
bool valid_keylength (size_t length) const
 
bool valid_nonce_length (size_t) const override
 

Protected Member Functions

size_t block_size () const
 

Protected Attributes

secure_vector< bytem_ad_mac
 
std::unique_ptr< BlockCipherm_cipher
 
std::unique_ptr< MessageAuthenticationCodem_cmac
 
std::unique_ptr< StreamCipherm_ctr
 
secure_vector< bytem_nonce_mac
 
size_t m_tag_size
 

Detailed Description

EAX Decryption

Definition at line 92 of file eax.h.

Constructor & Destructor Documentation

§ EAX_Decryption()

Botan::EAX_Decryption::EAX_Decryption ( BlockCipher cipher,
size_t  tag_size = 0 
)
inline
Parameters
ciphera 128-bit block cipher
tag_sizeis how big the auth tag will be

Definition at line 99 of file eax.h.

99  :
100  EAX_Mode(cipher, tag_size) {}
EAX_Mode(BlockCipher *cipher, size_t tag_size)
Definition: eax.cpp:39
size_t tag_size() const override
Definition: eax.h:36

Member Function Documentation

§ authenticated()

bool Botan::AEAD_Mode::authenticated ( ) const
inlineoverridevirtualinherited
Returns
true iff this mode provides authentication as well as confidentiality.

Reimplemented from Botan::Cipher_Mode.

Definition at line 25 of file aead.h.

25 { return true; }

§ block_size()

size_t Botan::EAX_Mode::block_size ( ) const
inlineprotectedinherited

Definition at line 49 of file eax.h.

Referenced by Botan::EAX_Encryption::finish(), finish(), and Botan::EAX_Mode::set_associated_data().

49 { return m_cipher->block_size(); }
std::unique_ptr< BlockCipher > m_cipher
Definition: eax.h:53

§ clear()

void Botan::EAX_Mode::clear ( )
overridevirtualinherited

Zeroise all state See also reset_msg()

Implements Botan::Cipher_Mode.

Definition at line 49 of file eax.cpp.

References Botan::EAX_Mode::m_cipher, Botan::EAX_Mode::m_cmac, Botan::EAX_Mode::m_ctr, and Botan::EAX_Mode::reset().

50  {
51  m_cipher->clear();
52  m_ctr->clear();
53  m_cmac->clear();
54  reset();
55  }
std::unique_ptr< BlockCipher > m_cipher
Definition: eax.h:53
void reset() override
Definition: eax.cpp:57
std::unique_ptr< MessageAuthenticationCode > m_cmac
Definition: eax.h:55
std::unique_ptr< StreamCipher > m_ctr
Definition: eax.h:54

§ default_nonce_length()

size_t Botan::AEAD_Mode::default_nonce_length ( ) const
inlineoverridevirtualinherited
Returns
default AEAD nonce size (a commonly supported value among AEAD modes, and large enough that random collisions are unlikely)

Implements Botan::Cipher_Mode.

Reimplemented in Botan::TLS::TLS_CBC_HMAC_AEAD_Mode, and Botan::CCM_Mode.

Definition at line 75 of file aead.h.

75 { return 12; }

§ finish()

void Botan::EAX_Decryption::finish ( secure_vector< byte > &  final_block,
size_t  offset = 0 
)
overridevirtual

Complete processing of a message.

Parameters
final_blockin/out parameter which must be at least minimum_final_size() bytes, and will be set to any final output
offsetan offset into final_block to begin processing

Implements Botan::Cipher_Mode.

Definition at line 144 of file eax.cpp.

References Botan::EAX_Mode::block_size(), BOTAN_ASSERT, Botan::EAX_Mode::m_ad_mac, Botan::EAX_Mode::m_cmac, Botan::EAX_Mode::m_ctr, Botan::EAX_Mode::m_nonce_mac, Botan::same_mem(), and Botan::EAX_Mode::tag_size().

145  {
146  BOTAN_ASSERT(buffer.size() >= offset, "Offset is sane");
147  const size_t sz = buffer.size() - offset;
148  byte* buf = buffer.data() + offset;
149 
150  BOTAN_ASSERT(sz >= tag_size(), "Have the tag as part of final input");
151 
152  const size_t remaining = sz - tag_size();
153 
154  if(remaining)
155  {
156  m_cmac->update(buf, remaining);
157  m_ctr->cipher(buf, buf, remaining);
158  }
159 
160  const byte* included_tag = &buf[remaining];
161 
162  secure_vector<byte> mac = m_cmac->final();
163  mac ^= m_nonce_mac;
164 
165  if(m_ad_mac.empty())
166  {
167  m_ad_mac = eax_prf(1, block_size(), *m_cmac, nullptr, 0);
168  }
169 
170  mac ^= m_ad_mac;
171 
172  if(!same_mem(mac.data(), included_tag, tag_size()))
173  throw Integrity_Failure("EAX tag check failed");
174 
175  buffer.resize(offset + remaining);
176  }
bool same_mem(const T *p1, const T *p2, size_t n)
Definition: mem_ops.h:98
size_t block_size() const
Definition: eax.h:49
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
secure_vector< byte > m_nonce_mac
Definition: eax.h:59
size_t tag_size() const override
Definition: eax.h:36
secure_vector< byte > m_ad_mac
Definition: eax.h:57
std::unique_ptr< MessageAuthenticationCode > m_cmac
Definition: eax.h:55
std::unique_ptr< StreamCipher > m_ctr
Definition: eax.h:54
std::uint8_t byte
Definition: types.h:31

§ key_spec()

Key_Length_Specification Botan::EAX_Mode::key_spec ( ) const
overridevirtualinherited
Returns
object describing limits on key size

Implements Botan::Cipher_Mode.

Definition at line 73 of file eax.cpp.

References Botan::EAX_Mode::m_cipher, Botan::EAX_Mode::m_cmac, and Botan::EAX_Mode::m_ctr.

74  {
75  return m_cipher->key_spec();
76  }
std::unique_ptr< BlockCipher > m_cipher
Definition: eax.h:53

§ minimum_final_size()

size_t Botan::EAX_Decryption::minimum_final_size ( ) const
inlineoverridevirtual
Returns
required minimium size to finalize() - may be any length larger than this.

Implements Botan::Cipher_Mode.

Definition at line 108 of file eax.h.

108 { return tag_size(); }
size_t tag_size() const override
Definition: eax.h:36

§ name()

std::string Botan::EAX_Mode::name ( ) const
overridevirtualinherited

Implements Botan::Cipher_Mode.

Definition at line 63 of file eax.cpp.

References Botan::EAX_Mode::m_cipher.

Referenced by Botan::EAX_Mode::EAX_Mode(), and Botan::EAX_Mode::set_associated_data().

64  {
65  return (m_cipher->name() + "/EAX");
66  }
std::unique_ptr< BlockCipher > m_cipher
Definition: eax.h:53

§ output_length()

size_t Botan::EAX_Decryption::output_length ( size_t  input_length) const
inlineoverridevirtual

Returns the size of the output if this transform is used to process a message with input_length bytes. Will throw if unable to give a precise answer.

Implements Botan::Cipher_Mode.

Definition at line 102 of file eax.h.

References BOTAN_ASSERT.

103  {
104  BOTAN_ASSERT(input_length >= tag_size(), "Sufficient input");
105  return input_length - tag_size();
106  }
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
size_t tag_size() const override
Definition: eax.h:36

§ process()

size_t Botan::EAX_Decryption::process ( uint8_t  msg[],
size_t  msg_len 
)
overridevirtual

Process message blocks

Input must be a multiple of update_granularity

Processes msg in place and returns bytes written. Normally this will be either msg_len (indicating the entire message was processed) or for certain AEAD modes zero (indicating that the mode requires the entire message be processed in one pass).

Parameters
msgthe message to be processed
msg_lenlength of the message in bytes

Implements Botan::Cipher_Mode.

Definition at line 137 of file eax.cpp.

References Botan::EAX_Mode::m_cmac, and Botan::EAX_Mode::m_ctr.

138  {
139  m_cmac->update(buf, sz);
140  m_ctr->cipher(buf, buf, sz);
141  return sz;
142  }
std::unique_ptr< MessageAuthenticationCode > m_cmac
Definition: eax.h:55
std::unique_ptr< StreamCipher > m_ctr
Definition: eax.h:54

§ provider()

virtual std::string Botan::Cipher_Mode::provider ( ) const
inlinevirtualinherited
Returns
provider information about this implementation. Default is "base", might also return "sse2", "avx2", "openssl", or some other arbitrary string.

Reimplemented in Botan::GCM_Mode.

Definition at line 202 of file cipher_mode.h.

202 { return "base"; }

§ reset()

void Botan::EAX_Mode::reset ( )
overridevirtualinherited

Resets just the message specific state and allows encrypting again under the existing key

Implements Botan::Cipher_Mode.

Definition at line 57 of file eax.cpp.

References Botan::EAX_Mode::m_ad_mac, and Botan::EAX_Mode::m_nonce_mac.

Referenced by Botan::EAX_Mode::clear().

58  {
59  m_ad_mac.clear();
60  m_nonce_mac.clear();
61  }
secure_vector< byte > m_nonce_mac
Definition: eax.h:59
secure_vector< byte > m_ad_mac
Definition: eax.h:57

§ set_ad()

template<typename Alloc >
void Botan::AEAD_Mode::set_ad ( const std::vector< byte, Alloc > &  ad)
inlineinherited

Set associated data that is not included in the ciphertext but that should be authenticated. Must be called after set_key and before start.

See set_associated_data().

Parameters
adthe associated data

Definition at line 66 of file aead.h.

Referenced by Botan::TLS::write_record().

67  {
68  set_associated_data(ad.data(), ad.size());
69  }
virtual void set_associated_data(const byte ad[], size_t ad_len)=0

§ set_associated_data()

void Botan::EAX_Mode::set_associated_data ( const byte  ad[],
size_t  ad_len 
)
overridevirtualinherited

Set associated data that is not included in the ciphertext but that should be authenticated. Must be called after set_key and before start.

Unless reset by another call, the associated data is kept between messages. Thus, if the AD does not change, calling once (after set_key) is the optimum.

Parameters
adthe associated data
ad_lenlength of add in bytes

Implements Botan::AEAD_Mode.

Definition at line 94 of file eax.cpp.

References Botan::EAX_Mode::block_size(), Botan::EAX_Mode::m_ad_mac, Botan::EAX_Mode::m_cmac, Botan::EAX_Mode::m_ctr, Botan::EAX_Mode::m_nonce_mac, Botan::EAX_Mode::name(), and Botan::EAX_Mode::valid_nonce_length().

95  {
96  m_ad_mac = eax_prf(1, block_size(), *m_cmac, ad, length);
97  }
size_t block_size() const
Definition: eax.h:49
secure_vector< byte > m_ad_mac
Definition: eax.h:57
std::unique_ptr< MessageAuthenticationCode > m_cmac
Definition: eax.h:55

§ set_associated_data_vec()

template<typename Alloc >
void Botan::AEAD_Mode::set_associated_data_vec ( const std::vector< byte, Alloc > &  ad)
inlineinherited

Set associated data that is not included in the ciphertext but that should be authenticated. Must be called after set_key and before start.

See set_associated_data().

Parameters
adthe associated data

Definition at line 51 of file aead.h.

Referenced by Botan::TLS::write_record().

52  {
53  set_associated_data(ad.data(), ad.size());
54  }
virtual void set_associated_data(const byte ad[], size_t ad_len)=0

§ set_key() [1/3]

template<typename Alloc >
void Botan::Cipher_Mode::set_key ( const std::vector< byte, Alloc > &  key)
inlineinherited

Set the symmetric key of this transform

Parameters
keycontains the key material

Definition at line 172 of file cipher_mode.h.

Referenced by botan_cipher_set_key().

173  {
174  set_key(key.data(), key.size());
175  }
void set_key(const std::vector< byte, Alloc > &key)
Definition: cipher_mode.h:172

§ set_key() [2/3]

void Botan::Cipher_Mode::set_key ( const SymmetricKey key)
inlineinherited

Set the symmetric key of this transform

Parameters
keycontains the key material

Definition at line 181 of file cipher_mode.h.

References Botan::OctetString::begin(), and Botan::OctetString::length().

182  {
183  set_key(key.begin(), key.length());
184  }
void set_key(const std::vector< byte, Alloc > &key)
Definition: cipher_mode.h:172

§ set_key() [3/3]

void Botan::Cipher_Mode::set_key ( const byte  key[],
size_t  length 
)
inlineinherited

Set the symmetric key of this transform

Parameters
keycontains the key material
lengthin bytes of key param

Definition at line 191 of file cipher_mode.h.

192  {
193  if(!valid_keylength(length))
194  throw Invalid_Key_Length(name(), length);
195  key_schedule(key, length);
196  }
virtual std::string name() const =0
bool valid_keylength(size_t length) const
Definition: cipher_mode.h:162

§ start() [1/3]

template<typename Alloc >
void Botan::Cipher_Mode::start ( const std::vector< byte, Alloc > &  nonce)
inlineinherited

Begin processing a message.

Parameters
noncethe per message nonce

Definition at line 38 of file cipher_mode.h.

Referenced by botan_cipher_start(), and Botan::TLS::write_record().

39  {
40  start_msg(nonce.data(), nonce.size());
41  }
virtual void start_msg(const byte nonce[], size_t nonce_len)=0

§ start() [2/3]

void Botan::Cipher_Mode::start ( const byte  nonce[],
size_t  nonce_len 
)
inlineinherited

Begin processing a message.

Parameters
noncethe per message nonce
nonce_lenlength of nonce

Definition at line 48 of file cipher_mode.h.

49  {
50  start_msg(nonce, nonce_len);
51  }
virtual void start_msg(const byte nonce[], size_t nonce_len)=0

§ start() [3/3]

void Botan::Cipher_Mode::start ( )
inlineinherited

Begin processing a message.

Definition at line 56 of file cipher_mode.h.

57  {
58  return start_msg(nullptr, 0);
59  }
virtual void start_msg(const byte nonce[], size_t nonce_len)=0

§ tag_size()

size_t Botan::EAX_Mode::tag_size ( ) const
inlineoverridevirtualinherited
Returns
the size of the authentication tag used (in bytes)

Reimplemented from Botan::Cipher_Mode.

Definition at line 36 of file eax.h.

Referenced by Botan::EAX_Encryption::finish(), and finish().

36 { return m_tag_size; }
size_t m_tag_size
Definition: eax.h:51

§ update()

void Botan::Cipher_Mode::update ( secure_vector< byte > &  buffer,
size_t  offset = 0 
)
inlineinherited

Process some data. Input must be in size update_granularity() byte blocks.

Parameters
bufferin/out parameter which will possibly be resized
offsetan offset into blocks to begin processing

Definition at line 81 of file cipher_mode.h.

References BOTAN_ASSERT.

Referenced by botan_cipher_update(), Botan::ECB_Encryption::finish(), Botan::XTS_Encryption::finish(), Botan::ChaCha20Poly1305_Encryption::finish(), Botan::CBC_Encryption::finish(), Botan::CFB_Encryption::finish(), Botan::EAX_Encryption::finish(), Botan::XTS_Decryption::finish(), Botan::ECB_Decryption::finish(), Botan::CFB_Decryption::finish(), Botan::CTS_Encryption::finish(), Botan::CBC_Decryption::finish(), Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::finish(), Botan::CTS_Decryption::finish(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption::finish().

82  {
83  BOTAN_ASSERT(buffer.size() >= offset, "Offset ok");
84  byte* buf = buffer.data() + offset;
85  const size_t buf_size = buffer.size() - offset;
86 
87  const size_t written = process(buf, buf_size);
88  buffer.resize(offset + written);
89  }
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
virtual size_t process(uint8_t msg[], size_t msg_len)=0
std::uint8_t byte
Definition: types.h:31

§ update_granularity()

size_t Botan::EAX_Mode::update_granularity ( ) const
overridevirtualinherited
Returns
size of required blocks to update

Implements Botan::Cipher_Mode.

Definition at line 68 of file eax.cpp.

69  {
70  return 1;
71  }

§ valid_keylength()

bool Botan::Cipher_Mode::valid_keylength ( size_t  length) const
inlineinherited

Check whether a given key length is valid for this algorithm.

Parameters
lengththe key length to be checked.
Returns
true if the key length is valid.

Definition at line 162 of file cipher_mode.h.

163  {
164  return key_spec().valid_keylength(length);
165  }
virtual Key_Length_Specification key_spec() const =0
bool valid_keylength(size_t length) const
Definition: key_spec.h:51

§ valid_nonce_length()

bool Botan::EAX_Mode::valid_nonce_length ( size_t  nonce_len) const
inlineoverridevirtualinherited
Returns
true iff nonce_len is a valid length for the nonce

Implements Botan::Cipher_Mode.

Definition at line 34 of file eax.h.

Referenced by Botan::EAX_Mode::set_associated_data().

34 { return true; }

Member Data Documentation

§ m_ad_mac

secure_vector<byte> Botan::EAX_Mode::m_ad_mac
protectedinherited

§ m_cipher

std::unique_ptr<BlockCipher> Botan::EAX_Mode::m_cipher
protectedinherited

Definition at line 53 of file eax.h.

Referenced by Botan::EAX_Mode::clear(), Botan::EAX_Mode::key_spec(), and Botan::EAX_Mode::name().

§ m_cmac

std::unique_ptr<MessageAuthenticationCode> Botan::EAX_Mode::m_cmac
protectedinherited

§ m_ctr

std::unique_ptr<StreamCipher> Botan::EAX_Mode::m_ctr
protectedinherited

§ m_nonce_mac

secure_vector<byte> Botan::EAX_Mode::m_nonce_mac
protectedinherited

§ m_tag_size

size_t Botan::EAX_Mode::m_tag_size
protectedinherited

Definition at line 51 of file eax.h.


The documentation for this class was generated from the following files: