Botan 3.6.1
Crypto and TLS for C&
|
#include <tls_cbc.h>
Public Member Functions | |
virtual bool | associated_data_requires_key () const |
bool | authenticated () const |
void | clear () final |
size_t | default_nonce_length () const final |
void | finish (secure_vector< uint8_t > &final_block, size_t offset=0) |
template<concepts::resizable_byte_buffer T> | |
void | finish (T &final_block, size_t offset=0) |
bool | has_keying_material () const final |
size_t | ideal_granularity () const final |
Key_Length_Specification | key_spec () const final |
virtual size_t | maximum_associated_data_inputs () const |
size_t | maximum_keylength () const |
size_t | minimum_final_size () const override |
size_t | minimum_keylength () const |
std::string | name () const final |
size_t | output_length (size_t input_length) const override |
size_t | process (std::span< uint8_t > msg) |
size_t | process (uint8_t msg[], size_t msg_len) |
virtual std::string | provider () const |
virtual bool | requires_entire_message () const |
void | reset () final |
void | set_ad (std::span< const uint8_t > ad) |
void | set_associated_data (const uint8_t ad[], size_t ad_len) |
void | set_associated_data (std::span< const uint8_t > ad) |
void | set_associated_data_n (size_t idx, std::span< const uint8_t > ad) override |
template<typename Alloc > | |
void | set_associated_data_vec (const std::vector< uint8_t, Alloc > &ad) |
void | set_key (const SymmetricKey &key) |
void | set_key (const uint8_t key[], size_t length) |
void | set_key (std::span< const uint8_t > key) |
void | start () |
void | start (const uint8_t nonce[], size_t nonce_len) |
void | start (std::span< const uint8_t > nonce) |
size_t | tag_size () const final |
TLS_CBC_HMAC_AEAD_Encryption (std::unique_ptr< BlockCipher > cipher, std::unique_ptr< MessageAuthenticationCode > mac, const size_t cipher_keylen, const size_t mac_keylen, const Protocol_Version version, bool use_encrypt_then_mac) | |
template<concepts::resizable_byte_buffer T> | |
void | update (T &buffer, size_t offset=0) |
size_t | update_granularity () const final |
bool | valid_keylength (size_t length) const |
bool | valid_nonce_length (size_t nl) const final |
Static Public Member Functions | |
static std::unique_ptr< AEAD_Mode > | create (std::string_view algo, Cipher_Dir direction, std::string_view provider="") |
static std::unique_ptr< AEAD_Mode > | create_or_throw (std::string_view algo, Cipher_Dir direction, std::string_view provider="") |
static std::vector< std::string > | providers (std::string_view algo_spec) |
Protected Member Functions | |
void | assert_key_material_set () const |
void | assert_key_material_set (bool predicate) const |
std::vector< uint8_t > & | assoc_data () |
std::vector< uint8_t > | assoc_data_with_len (uint16_t len) |
size_t | block_size () const |
Cipher_Mode & | cbc () const |
secure_vector< uint8_t > & | cbc_state () |
size_t | cipher_keylen () const |
bool | is_datagram_protocol () const |
size_t | iv_size () const |
MessageAuthenticationCode & | mac () const |
size_t | mac_keylen () const |
secure_vector< uint8_t > & | msg () |
bool | use_encrypt_then_mac () const |
|
inline |
Definition at line 114 of file tls_cbc.h.
References Botan::Encryption.
|
inlineprotectedinherited |
Definition at line 139 of file sym_algo.h.
References Botan::SymmetricAlgorithm::assert_key_material_set().
Referenced by Botan::SymmetricAlgorithm::assert_key_material_set(), Botan::Salsa20::cipher_bytes(), Botan::AES_128::decrypt_n(), Botan::AES_192::decrypt_n(), Botan::AES_256::decrypt_n(), Botan::ARIA_128::decrypt_n(), Botan::ARIA_192::decrypt_n(), Botan::ARIA_256::decrypt_n(), Botan::Blowfish::decrypt_n(), Botan::Camellia_128::decrypt_n(), Botan::Camellia_192::decrypt_n(), Botan::Camellia_256::decrypt_n(), Botan::CAST_128::decrypt_n(), Botan::DES::decrypt_n(), Botan::GOST_28147_89::decrypt_n(), Botan::IDEA::decrypt_n(), Botan::Kuznyechik::decrypt_n(), Botan::Lion::decrypt_n(), Botan::Noekeon::decrypt_n(), Botan::SEED::decrypt_n(), Botan::Serpent::decrypt_n(), Botan::SHACAL2::decrypt_n(), Botan::SM4::decrypt_n(), Botan::Threefish_512::decrypt_n(), Botan::TripleDES::decrypt_n(), Botan::Twofish::decrypt_n(), Botan::AES_128::encrypt_n(), Botan::AES_192::encrypt_n(), Botan::AES_256::encrypt_n(), Botan::ARIA_128::encrypt_n(), Botan::ARIA_192::encrypt_n(), Botan::ARIA_256::encrypt_n(), Botan::Blowfish::encrypt_n(), Botan::Camellia_128::encrypt_n(), Botan::Camellia_192::encrypt_n(), Botan::Camellia_256::encrypt_n(), Botan::CAST_128::encrypt_n(), Botan::DES::encrypt_n(), Botan::GOST_28147_89::encrypt_n(), Botan::IDEA::encrypt_n(), Botan::Kuznyechik::encrypt_n(), Botan::Lion::encrypt_n(), Botan::Noekeon::encrypt_n(), Botan::SEED::encrypt_n(), Botan::Serpent::encrypt_n(), Botan::SHACAL2::encrypt_n(), Botan::SM4::encrypt_n(), Botan::Threefish_512::encrypt_n(), Botan::TripleDES::encrypt_n(), Botan::Twofish::encrypt_n(), Botan::GHASH::final(), Botan::GHASH::ghash_update(), Botan::ChaCha::seek(), Botan::CTR_BE::seek(), Botan::Salsa20::seek(), Botan::OCB_Mode::set_associated_data_n(), Botan::Salsa20::set_iv_bytes(), Botan::GHASH::update(), and Botan::GHASH::update_associated_data().
|
inlineprotectedinherited |
Definition at line 141 of file sym_algo.h.
|
inlineprotectedinherited |
|
protectedinherited |
Definition at line 122 of file tls_cbc.cpp.
References BOTAN_ASSERT, and Botan::get_byte().
|
inlinevirtualinherited |
Most AEADs require the key to be set prior to setting the AD A few allow the AD to be set even before the cipher is keyed. Such ciphers would return false from this function.
Reimplemented in Botan::CCM_Mode, and Botan::ChaCha20Poly1305_Mode.
Definition at line 98 of file aead.h.
|
inlineinherited |
Return the length in bytes of the authentication tag this algorithm generates. If the mode is not authenticated, this will return 0.
Definition at line 264 of file cipher_mode.h.
|
inlineprotectedinherited |
Definition at line 62 of file tls_cbc.h.
Referenced by output_length(), set_associated_data_n(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::valid_nonce_length().
|
inlineprotectedinherited |
Definition at line 68 of file tls_cbc.h.
Referenced by Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::clear(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::has_keying_material().
|
inlineprotectedinherited |
Definition at line 75 of file tls_cbc.h.
Referenced by Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::reset().
|
inlineprotectedinherited |
|
finalvirtualinherited |
Reset the internal state. This includes not just the key, but any partial message that may have been in process.
Implements Botan::SymmetricAlgorithm.
Definition at line 55 of file tls_cbc.cpp.
References Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::cbc(), Botan::SymmetricAlgorithm::clear(), Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::mac(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::reset().
|
staticinherited |
Create an AEAD mode
algo | the algorithm to create |
direction | specify if this should be an encryption or decryption AEAD |
provider | optional specification for provider to use |
Definition at line 53 of file aead.cpp.
References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_as_integer(), Botan::SCAN_Name::arg_count(), BOTAN_UNUSED, Botan::AEAD_Mode::create(), Botan::BlockCipher::create(), Botan::Encryption, Botan::parse_algorithm_name(), Botan::Cipher_Mode::provider(), and Botan::split_on().
Referenced by Botan::AEAD_Mode::create(), Botan::Cipher_Mode::create(), Botan::AEAD_Mode::create_or_throw(), and Botan::get_aead().
|
staticinherited |
Create an AEAD mode, or throw
algo | the algorithm to create |
direction | specify if this should be an encryption or decryption AEAD |
provider | optional specification for provider to use |
Definition at line 43 of file aead.cpp.
References Botan::AEAD_Mode::create(), and Botan::Cipher_Mode::provider().
Referenced by Botan::TLS::Cipher_State::advance_with_server_hello(), Botan::TLS::Connection_Cipher_State::Connection_Cipher_State(), Botan::TLS::Session::decrypt(), and Botan::TLS::Session::encrypt().
|
inlinefinalvirtualinherited |
Reimplemented from Botan::AEAD_Mode.
Definition at line 39 of file tls_cbc.h.
|
inlineinherited |
Complete procession of a message with a final input of buffer
, which is treated the same as with update(). If you have the entire message in hand, calling finish() without ever calling update() is both efficient and convenient.
When using an AEAD_Mode, if the supplied authentication tag does not validate, this will throw an instance of Invalid_Authentication_Tag.
If this occurs, all plaintext previously output via calls to update must be destroyed and not used in any way that an attacker could observe the effects of. This could be anything from echoing the plaintext back (perhaps in an error message), or by making an external RPC whose destination or contents depend on the plaintext. The only thing you can do is buffer it, and in the event of an invalid tag, erase the previously decrypted content from memory.
One simple way to assure this could never happen is to never call update, and instead always marshal the entire message into a single buffer and call finish on it when decrypting.
final_block | in/out parameter which must be at least minimum_final_size() bytes, and will be set to any final output |
offset | an offset into final_block to begin processing |
Definition at line 180 of file cipher_mode.h.
Referenced by botan_cipher_update(), and Botan::TLS::write_record().
|
inlineinherited |
Complete procession of a message.
Note: Using this overload with anything but a Botan::secure_vector<> is copying the bytes in the in/out buffer.
final_block | in/out parameter which must be at least minimum_final_size() bytes, and will be set to any final output |
offset | an offset into final_block to begin processing |
Definition at line 193 of file cipher_mode.h.
|
finalvirtualinherited |
Implements Botan::SymmetricAlgorithm.
Definition at line 90 of file tls_cbc.cpp.
References Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::cbc(), Botan::SymmetricAlgorithm::has_keying_material(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::mac().
|
finalvirtualinherited |
Return an ideal granularity. This will be a multiple of the result of update_granularity but may be larger. If so it indicates that better performance may be achieved by providing buffers that are at least that size (due to SIMD execution, etc).
Implements Botan::Cipher_Mode.
Definition at line 75 of file tls_cbc.cpp.
|
inlineprotectedinherited |
|
inlineprotectedinherited |
Definition at line 60 of file tls_cbc.h.
Referenced by set_associated_data_n(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::valid_nonce_length().
|
finalvirtualinherited |
Implements Botan::SymmetricAlgorithm.
Definition at line 86 of file tls_cbc.cpp.
|
inlineprotectedinherited |
Definition at line 70 of file tls_cbc.h.
References BOTAN_ASSERT_NONNULL.
Referenced by Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::clear(), Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::has_keying_material(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::TLS_CBC_HMAC_AEAD_Mode().
|
inlineprotectedinherited |
|
inlinevirtualinherited |
Returns the maximum supported number of associated data inputs which can be provided to set_associated_data_n
If returns 0, then no associated data is supported.
Reimplemented in Botan::SIV_Mode.
Definition at line 91 of file aead.h.
|
inlineinherited |
Definition at line 95 of file sym_algo.h.
|
inlineoverridevirtual |
Implements Botan::Cipher_Mode.
Definition at line 132 of file tls_cbc.h.
|
inlineinherited |
Definition at line 100 of file sym_algo.h.
|
inlineprotectedinherited |
|
finalvirtualinherited |
Implements Botan::SymmetricAlgorithm.
Definition at line 67 of file tls_cbc.cpp.
|
overridevirtual |
Returns the size of the output if this transform is used to process a message with input_length bytes. In most cases the answer is precise. If it is not possible to precise (namely for CBC decryption) instead an upper bound is returned.
Implements Botan::Cipher_Mode.
Definition at line 182 of file tls_cbc.cpp.
References Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::block_size(), Botan::round_up(), Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::tag_size(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::use_encrypt_then_mac().
|
inlineinherited |
Process message blocks
Input must be a multiple of update_granularity
Processes msg in place and returns bytes written. Normally this will be either msg_len (indicating the entire message was processed) or for certain AEAD modes zero (indicating that the mode requires the entire message be processed in one pass).
msg | the message to be processed |
Definition at line 132 of file cipher_mode.h.
Referenced by botan_cipher_update().
|
inlineinherited |
Definition at line 134 of file cipher_mode.h.
|
inlinevirtualinherited |
Reimplemented in Botan::GCM_Mode.
Definition at line 275 of file cipher_mode.h.
Referenced by Botan::AEAD_Mode::create(), Botan::Cipher_Mode::create(), Botan::AEAD_Mode::create_or_throw(), and Botan::Cipher_Mode::create_or_throw().
|
staticinherited |
algo_spec | algorithm name |
Definition at line 168 of file cipher_mode.cpp.
References Botan::Cipher_Mode::create(), Botan::Encryption, and Botan::Cipher_Mode::providers().
Referenced by Botan::Cipher_Mode::providers().
|
inlinevirtualinherited |
Certain modes require the entire message be available before any processing can occur. For such modes, input will be consumed but not returned, until finish
is called, which returns the entire message.
This function returns true if this mode has this style of operation.
Reimplemented in Botan::CCM_Mode, and Botan::SIV_Mode.
Definition at line 234 of file cipher_mode.h.
Referenced by botan_cipher_update().
|
finalvirtualinherited |
Resets just the message specific state and allows encrypting again under the existing key
Implements Botan::Cipher_Mode.
Definition at line 61 of file tls_cbc.cpp.
References Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::cbc_state().
Referenced by Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::clear().
|
inlineinherited |
Set associated data that is not included in the ciphertext but that should be authenticated. Must be called after set_key() and before start().
ad | the associated data |
Definition at line 124 of file aead.h.
|
inlineinherited |
Definition at line 61 of file aead.h.
References Botan::AEAD_Mode::set_associated_data().
Referenced by Botan::AEAD_Mode::set_associated_data().
|
inlineinherited |
Set associated data that is not included in the ciphertext but that should be authenticated. Must be called after set_key() and before start().
Unless reset by another call, the associated data is kept between messages. Thus, if the AD does not change, calling once (after set_key()) is the optimum.
ad | the associated data |
Definition at line 59 of file aead.h.
Referenced by Botan::TLS::write_record().
|
overridevirtual |
Set associated data that is not included in the ciphertext but that should be authenticated. Must be called after set_key() and before start().
Unless reset by another call, the associated data is kept between messages. Thus, if the AD does not change, calling once (after set_key()) is the optimum.
Some AEADs (namely SIV) support multiple AD inputs. For all other modes only nominal AD input 0 is supported; all other values of idx will cause an exception.
Derived AEADs must implement this. For AEADs where maximum_associated_data_inputs()
returns 1 (the default), the idx
must simply be ignored.
idx | which associated data to set |
ad | the associated data |
Implements Botan::AEAD_Mode.
Definition at line 138 of file tls_cbc.cpp.
References Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::assoc_data(), Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::block_size(), Botan::get_byte(), Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::iv_size(), Botan::make_uint16(), Botan::round_up(), Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::set_associated_data_n(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::use_encrypt_then_mac().
|
inlineinherited |
|
inlineinherited |
Set the symmetric key of this object.
key | the SymmetricKey to be set. |
Definition at line 113 of file sym_algo.h.
References Botan::OctetString::begin(), Botan::OctetString::length(), and Botan::SymmetricAlgorithm::set_key().
Referenced by Botan::create_aes_row_generator(), Botan::Sodium::crypto_stream_salsa20(), Botan::Sodium::crypto_stream_salsa20_xor_ic(), Botan::Sodium::crypto_stream_xsalsa20(), Botan::Sodium::crypto_stream_xsalsa20_xor_ic(), Botan::FPE::fe1_decrypt(), Botan::FPE::fe1_encrypt(), Botan::Sphincs_Hash_Functions_Sha2::PRF_msg(), Botan::Sodium::randombytes_buf_deterministic(), and Botan::SymmetricAlgorithm::set_key().
|
inlineinherited |
Set the symmetric key of this object.
key | the to be set as a byte array. |
length | in bytes of key param |
Definition at line 126 of file sym_algo.h.
References Botan::SymmetricAlgorithm::set_key().
Referenced by Botan::SymmetricAlgorithm::set_key().
|
inherited |
Set the symmetric key of this object.
key | the contiguous byte range to be set. |
Definition at line 17 of file sym_algo.cpp.
References Botan::SymmetricAlgorithm::name(), and Botan::SymmetricAlgorithm::valid_keylength().
|
inlineinherited |
Begin processing a message.
The exact semantics of this depend on the mode. For many modes, the call will fail since a nonce must be provided.
For certain modes such as CBC this will instead cause the last ciphertext block to be used as the nonce of the new message; doing this isn't a good idea, but some (mostly older) protocols do this.
Definition at line 117 of file cipher_mode.h.
|
inlineinherited |
Begin processing a message with a fresh nonce.
nonce | the per message nonce |
nonce_len | length of nonce |
Definition at line 105 of file cipher_mode.h.
|
inlineinherited |
Begin processing a message with a fresh nonce.
nonce | the per message nonce |
Definition at line 98 of file cipher_mode.h.
Referenced by botan_cipher_start(), and Botan::TLS::write_record().
|
inlinefinalvirtualinherited |
Reimplemented from Botan::Cipher_Mode.
Definition at line 37 of file tls_cbc.h.
Referenced by output_length().
|
inlineinherited |
Process some data. Input must be in size update_granularity() uint8_t blocks. The buffer
is an in/out parameter and may be resized. In particular, some modes require that all input be consumed before any output is produced; with these modes, buffer
will be returned empty.
The first offset
bytes of buffer
will be ignored (this allows in place processing of a buffer that contains an initial plaintext header).
buffer | in/out parameter which will possibly be resized |
offset | an offset into blocks to begin processing |
Definition at line 149 of file cipher_mode.h.
References BOTAN_ASSERT.
|
finalvirtualinherited |
The :cpp:class:Cipher_Mode
interface requires message processing in multiples of the block size. This returns size of required blocks to update. If the mode implementation does not require buffering it will return 1.
Implements Botan::Cipher_Mode.
Definition at line 71 of file tls_cbc.cpp.
|
inlineprotectedinherited |
Definition at line 64 of file tls_cbc.h.
Referenced by output_length(), and set_associated_data_n().
|
inlineinherited |
Check whether a given key length is valid for this algorithm.
length | the key length to be checked. |
Definition at line 107 of file sym_algo.h.
Referenced by Botan::SymmetricAlgorithm::set_key().
|
finalvirtualinherited |
Implements Botan::Cipher_Mode.
Definition at line 79 of file tls_cbc.cpp.
References Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::block_size(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::iv_size().