#include <tls_cbc.h>

Inheritance diagram for Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption:

Public Member Functions
virtual bool	associated_data_requires_key () const

bool	authenticated () const

void	clear () override final

size_t	default_nonce_length () const override final

void	finish (secure_vector< uint8_t > &final_block, size_t offset=0)

template<concepts::resizable_byte_buffer T>
void	finish (T &final_block, size_t offset=0)

bool	has_keying_material () const override final

size_t	ideal_granularity () const override final

Key_Length_Specification	key_spec () const override final

virtual size_t	maximum_associated_data_inputs () const

size_t	maximum_keylength () const

size_t	minimum_final_size () const override

size_t	minimum_keylength () const

std::string	name () const override final

size_t	output_length (size_t input_length) const override

size_t	process (std::span< uint8_t > msg)

size_t	process (uint8_t msg[], size_t msg_len)

virtual std::string	provider () const

virtual bool	requires_entire_message () const

void	reset () override final

void	set_ad (std::span< const uint8_t > ad)

void	set_associated_data (const uint8_t ad[], size_t ad_len)

void	set_associated_data (std::span< const uint8_t > ad)

void	set_associated_data_n (size_t idx, std::span< const uint8_t > ad) override

template<typename Alloc >
void	set_associated_data_vec (const std::vector< uint8_t, Alloc > &ad)

void	set_key (const SymmetricKey &key)

void	set_key (const uint8_t key[], size_t length)

void	set_key (std::span< const uint8_t > key)

void	start ()

void	start (const uint8_t nonce[], size_t nonce_len)

void	start (std::span< const uint8_t > nonce)

size_t	tag_size () const override final

	TLS_CBC_HMAC_AEAD_Encryption (std::unique_ptr< BlockCipher > cipher, std::unique_ptr< MessageAuthenticationCode > mac, const size_t cipher_keylen, const size_t mac_keylen, const Protocol_Version version, bool use_encrypt_then_mac)

template<concepts::resizable_byte_buffer T>
void	update (T &buffer, size_t offset=0)

size_t	update_granularity () const override final

bool	valid_keylength (size_t length) const

bool	valid_nonce_length (size_t nl) const override final

Static Public Member Functions
static std::unique_ptr< AEAD_Mode >	create (std::string_view algo, Cipher_Dir direction, std::string_view provider="")

static std::unique_ptr< AEAD_Mode >	create_or_throw (std::string_view algo, Cipher_Dir direction, std::string_view provider="")

static std::vector< std::string >	providers (std::string_view algo_spec)

Protected Member Functions
void	assert_key_material_set () const

void	assert_key_material_set (bool predicate) const

std::vector< uint8_t > &	assoc_data ()

std::vector< uint8_t >	assoc_data_with_len (uint16_t len)

size_t	block_size () const

Cipher_Mode &	cbc () const

secure_vector< uint8_t > &	cbc_state ()

size_t	cipher_keylen () const

bool	is_datagram_protocol () const

size_t	iv_size () const

MessageAuthenticationCode &	mac () const

size_t	mac_keylen () const

secure_vector< uint8_t > &	msg ()

bool	use_encrypt_then_mac () const

Detailed Description

TLS_CBC_HMAC_AEAD Encryption

Definition at line 108 of file tls_cbc.h.

Constructor & Destructor Documentation

◆ TLS_CBC_HMAC_AEAD_Encryption()

Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::TLS_CBC_HMAC_AEAD_Encryption	(	std::unique_ptr< BlockCipher >	cipher,
		std::unique_ptr< MessageAuthenticationCode >	mac,
		const size_t	cipher_keylen,
		const size_t	mac_keylen,
		const Protocol_Version	version,
		bool	use_encrypt_then_mac
	)

inline

Definition at line 113 of file tls_cbc.h.

                                                        :
         TLS_CBC_HMAC_AEAD_Mode(Cipher_Dir::Encryption,
                                std::move(cipher),
                                std::move(mac),
                                cipher_keylen,
                                mac_keylen,
                                version,
                                use_encrypt_then_mac)
         {}

References Botan::Encryption.

Member Function Documentation

◆ assert_key_material_set() [1/2]

void Botan::SymmetricAlgorithm::assert_key_material_set ( ) const

inlineprotectedinherited

Definition at line 182 of file sym_algo.h.

         {
         assert_key_material_set(has_keying_material());
         }

◆ assert_key_material_set() [2/2]

void Botan::SymmetricAlgorithm::assert_key_material_set ( bool predicate ) const

inlineprotectedinherited

Definition at line 187 of file sym_algo.h.

         {
         if(!predicate)
            throw_key_not_set_error();
         }

◆ assoc_data()

std::vector< uint8_t > & Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::assoc_data ( )

inlineprotectedinherited

Definition at line 76 of file tls_cbc.h.

76{ return m_ad; }

Referenced by set_associated_data_n().

◆ assoc_data_with_len()

std::vector< uint8_t > Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::assoc_data_with_len ( uint16_t len )

protectedinherited

Definition at line 132 of file tls_cbc.cpp.

   {
   std::vector<uint8_t> ad = m_ad;
   BOTAN_ASSERT(ad.size() == 13, "Expected AAD size");
   ad[11] = get_byte<0>(len);
   ad[12] = get_byte<1>(len);
   return ad;
   }

References BOTAN_ASSERT.

◆ associated_data_requires_key()

virtual bool Botan::AEAD_Mode::associated_data_requires_key ( ) const

inlinevirtualinherited

Most AEADs require the key to be set prior to setting the AD A few allow the AD to be set even before the cipher is keyed. Such ciphers would return false from this function.

Reimplemented in Botan::ChaCha20Poly1305_Mode, and Botan::CCM_Mode.

Definition at line 100 of file aead.h.

100{ return true; }

◆ authenticated()

bool Botan::Cipher_Mode::authenticated ( ) const

inlineinherited

Returns: true iff this mode provides authentication as well as confidentiality.

Definition at line 239 of file cipher_mode.h.

239{ return this->tag_size() > 0; }

Botan::Cipher_Mode::tag_size

virtual size_t tag_size() const

Definition: cipher_mode.h:244

◆ block_size()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::block_size ( ) const

inlineprotectedinherited

Definition at line 61 of file tls_cbc.h.

61{ return m_block_size; }

Referenced by output_length(), set_associated_data_n(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::valid_nonce_length().

◆ cbc()

Cipher_Mode & Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::cbc ( ) const

inlineprotectedinherited

Definition at line 67 of file tls_cbc.h.

67{ return *m_cbc; }

Referenced by Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::clear(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::has_keying_material().

◆ cbc_state()

secure_vector< uint8_t > & Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::cbc_state ( )

inlineprotectedinherited

Definition at line 75 of file tls_cbc.h.

75{ return m_cbc_state; }

Referenced by Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::reset().

◆ cipher_keylen()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::cipher_keylen ( ) const

inlineprotectedinherited

Definition at line 58 of file tls_cbc.h.

58{ return m_cipher_keylen; }

◆ clear()

void Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::clear ( )

finaloverridevirtualinherited

Reset the internal state. This includes not just the key, but any partial message that may have been in process.

Implements Botan::SymmetricAlgorithm.

Definition at line 54 of file tls_cbc.cpp.

   {
   cbc().clear();
   mac().clear();
   reset();
   }

References Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::cbc(), Botan::SymmetricAlgorithm::clear(), Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::mac(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::reset().

◆ create()

std::unique_ptr< AEAD_Mode > Botan::AEAD_Mode::create	(	std::string_view	algo,
		Cipher_Dir	direction,
		std::string_view	provider = `""`
	)

staticinherited

Create an AEAD mode

Parameters

algo	the algorithm to create
direction	specify if this should be an encryption or decryption AEAD
provider	optional specification for provider to use

Returns: an AEAD mode or a null pointer if not available

Definition at line 52 of file aead.cpp.

   {
   BOTAN_UNUSED(provider);
#if defined(BOTAN_HAS_AEAD_CHACHA20_POLY1305)
   if(algo == "ChaCha20Poly1305")
      {
      if(dir == Cipher_Dir::Encryption)
         return std::make_unique<ChaCha20Poly1305_Encryption>();
      else
         return std::make_unique<ChaCha20Poly1305_Decryption>();
 
      }
#endif
 
   if(algo.find('/') != std::string::npos)
      {
      const std::vector<std::string> algo_parts = split_on(algo, '/');
      std::string_view cipher_name = algo_parts[0];
      const std::vector<std::string> mode_info = parse_algorithm_name(algo_parts[1]);
 
      if(mode_info.empty())
         return std::unique_ptr<AEAD_Mode>();
 
      std::ostringstream mode_name;
 
      mode_name << mode_info[0] << '(' << cipher_name;
      for(size_t i = 1; i < mode_info.size(); ++i)
         mode_name << ',' << mode_info[i];
      for(size_t i = 2; i < algo_parts.size(); ++i)
         mode_name << ',' << algo_parts[i];
      mode_name << ')';
 
      return AEAD_Mode::create(mode_name.str(), dir);
      }
 
#if defined(BOTAN_HAS_BLOCK_CIPHER)
 
   SCAN_Name req(algo);
 
   if(req.arg_count() == 0)
      {
      return std::unique_ptr<AEAD_Mode>();
      }
 
   auto bc = BlockCipher::create(req.arg(0), provider);
 
   if(!bc)
      {
      return std::unique_ptr<AEAD_Mode>();
      }
 
#if defined(BOTAN_HAS_AEAD_CCM)
   if(req.algo_name() == "CCM")
      {
      size_t tag_len = req.arg_as_integer(1, 16);
      size_t L_len = req.arg_as_integer(2, 3);
      if(dir == Cipher_Dir::Encryption)
         return std::make_unique<CCM_Encryption>(std::move(bc), tag_len, L_len);
      else
         return std::make_unique<CCM_Decryption>(std::move(bc), tag_len, L_len);
      }
#endif
 
#if defined(BOTAN_HAS_AEAD_GCM)
   if(req.algo_name() == "GCM")
      {
      size_t tag_len = req.arg_as_integer(1, 16);
      if(dir == Cipher_Dir::Encryption)
         return std::make_unique<GCM_Encryption>(std::move(bc), tag_len);
      else
         return std::make_unique<GCM_Decryption>(std::move(bc), tag_len);
      }
#endif
 
#if defined(BOTAN_HAS_AEAD_OCB)
   if(req.algo_name() == "OCB")
      {
      size_t tag_len = req.arg_as_integer(1, 16);
      if(dir == Cipher_Dir::Encryption)
         return std::make_unique<OCB_Encryption>(std::move(bc), tag_len);
      else
         return std::make_unique<OCB_Decryption>(std::move(bc), tag_len);
      }
#endif
 
#if defined(BOTAN_HAS_AEAD_EAX)
   if(req.algo_name() == "EAX")
      {
      size_t tag_len = req.arg_as_integer(1, bc->block_size());
      if(dir == Cipher_Dir::Encryption)
         return std::make_unique<EAX_Encryption>(std::move(bc), tag_len);
      else
         return std::make_unique<EAX_Decryption>(std::move(bc), tag_len);
      }
#endif
 
#if defined(BOTAN_HAS_AEAD_SIV)
   if(req.algo_name() == "SIV")
      {
      if(dir == Cipher_Dir::Encryption)
         return std::make_unique<SIV_Encryption>(std::move(bc));
      else
         return std::make_unique<SIV_Decryption>(std::move(bc));
      }
#endif
 
#endif
 
   return std::unique_ptr<AEAD_Mode>();
   }

References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_as_integer(), Botan::SCAN_Name::arg_count(), BOTAN_UNUSED, Botan::AEAD_Mode::create(), Botan::BlockCipher::create(), Botan::Encryption, Botan::parse_algorithm_name(), Botan::Cipher_Mode::provider(), and Botan::split_on().

Referenced by Botan::AEAD_Mode::create(), Botan::Cipher_Mode::create(), Botan::AEAD_Mode::create_or_throw(), and Botan::get_aead().

◆ create_or_throw()

std::unique_ptr< AEAD_Mode > Botan::AEAD_Mode::create_or_throw	(	std::string_view	algo,
		Cipher_Dir	direction,
		std::string_view	provider = `""`
	)

staticinherited

Create an AEAD mode, or throw

Parameters

algo	the algorithm to create
direction	specify if this should be an encryption or decryption AEAD
provider	optional specification for provider to use

Returns: an AEAD mode, or throw an exception

Definition at line 42 of file aead.cpp.

   {
   if(auto aead = AEAD_Mode::create(algo, dir, provider))
      return aead;
 
   throw Lookup_Error("AEAD", algo, provider);
   }

References Botan::AEAD_Mode::create(), and Botan::Cipher_Mode::provider().

Referenced by Botan::TLS::Cipher_State::advance_with_server_hello(), Botan::TLS::Connection_Cipher_State::Connection_Cipher_State(), Botan::TLS::Session::decrypt(), and Botan::TLS::Session::encrypt().

◆ default_nonce_length()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::default_nonce_length ( ) const

inlinefinaloverridevirtualinherited

Returns: default AEAD nonce size (a commonly supported value among AEAD modes, and large enough that random collisions are unlikely)

Reimplemented from Botan::AEAD_Mode.

Definition at line 42 of file tls_cbc.h.

42{ return m_iv_size; }

◆ finish() [1/2]

void Botan::Cipher_Mode::finish	(	secure_vector< uint8_t > &	final_block,
		size_t	offset = `0`
	)

inlineinherited

Complete processing of a message.

Parameters

final_block	in/out parameter which must be at least minimum_final_size() bytes, and will be set to any final output
offset	an offset into final_block to begin processing

Definition at line 158 of file cipher_mode.h.

         {
         finish_msg(final_block, offset);
         }

Referenced by botan_cipher_update(), and Botan::TLS::write_record().

◆ finish() [2/2]

template<concepts::resizable_byte_buffer T>

void Botan::Cipher_Mode::finish	(	T &	final_block,
		size_t	offset = `0`
	)

inlineinherited

Complete procession of a message.

Note: Using this overload with anything but a Botan::secure_vector<> is copying the bytes in the in/out buffer.

Parameters

final_block	in/out parameter which must be at least minimum_final_size() bytes, and will be set to any final output
offset	an offset into final_block to begin processing

Definition at line 174 of file cipher_mode.h.

         {
         Botan::secure_vector<uint8_t> tmp(final_block.begin(), final_block.end());
         finish_msg(tmp, offset);
         final_block.resize(tmp.size());
         std::copy(tmp.begin(), tmp.end(), final_block.begin());
         }

◆ has_keying_material()

bool Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::has_keying_material ( ) const

finaloverridevirtualinherited

Returns: true if a key has been set on this object

Implements Botan::SymmetricAlgorithm.

Definition at line 95 of file tls_cbc.cpp.

   {
   return mac().has_keying_material() && cbc().has_keying_material();
   }

References Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::cbc(), Botan::SymmetricAlgorithm::has_keying_material(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::mac().

◆ ideal_granularity()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::ideal_granularity ( ) const

finaloverridevirtualinherited

Return an ideal granularity. This will be a multiple of the result of update_granularity but may be larger. If so it indicates that better performance may be achieved by providing buffers that are at least that size.

Implements Botan::Cipher_Mode.

Definition at line 78 of file tls_cbc.cpp.

   {
   return 1; // just buffers anyway
   }

◆ is_datagram_protocol()

bool Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::is_datagram_protocol ( ) const

inlineprotectedinherited

Definition at line 65 of file tls_cbc.h.

65{ return m_is_datagram; }

◆ iv_size()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::iv_size ( ) const

inlineprotectedinherited

Definition at line 60 of file tls_cbc.h.

60{ return m_iv_size; }

Referenced by set_associated_data_n(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::valid_nonce_length().

◆ key_spec()

Key_Length_Specification Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::key_spec ( ) const

finaloverridevirtualinherited

Returns: object describing limits on key size

Implements Botan::SymmetricAlgorithm.

Definition at line 90 of file tls_cbc.cpp.

   {
   return Key_Length_Specification(m_cipher_keylen + m_mac_keylen);
   }

◆ mac()

MessageAuthenticationCode & Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::mac ( ) const

inlineprotectedinherited

Definition at line 69 of file tls_cbc.h.

         {
         BOTAN_ASSERT_NONNULL(m_mac);
         return *m_mac;
         }

References BOTAN_ASSERT_NONNULL.

Referenced by Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::clear(), Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::has_keying_material(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::TLS_CBC_HMAC_AEAD_Mode().

◆ mac_keylen()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::mac_keylen ( ) const

inlineprotectedinherited

Definition at line 59 of file tls_cbc.h.

59{ return m_mac_keylen; }

◆ maximum_associated_data_inputs()

virtual size_t Botan::AEAD_Mode::maximum_associated_data_inputs ( ) const

inlinevirtualinherited

Returns the maximum supported number of associated data inputs which can be provided to set_associated_data_n

If returns 0, then no associated data is supported.

Reimplemented in Botan::SIV_Mode.

Definition at line 93 of file aead.h.

93{ return 1; }

◆ maximum_keylength()

size_t Botan::SymmetricAlgorithm::maximum_keylength ( ) const

inlineinherited

Returns: maximum allowed key length

Definition at line 123 of file sym_algo.h.

         {
         return key_spec().maximum_keylength();
         }

◆ minimum_final_size()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::minimum_final_size ( ) const

inlineoverridevirtual

Returns: required minimium size to finalize() - may be any length larger than this.

Implements Botan::Cipher_Mode.

Definition at line 133 of file tls_cbc.h.

133{ return 0; }

◆ minimum_keylength()

size_t Botan::SymmetricAlgorithm::minimum_keylength ( ) const

inlineinherited

Returns: minimum allowed key length

Definition at line 131 of file sym_algo.h.

         {
         return key_spec().minimum_keylength();
         }

◆ msg()

secure_vector< uint8_t > & Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::msg ( )

inlineprotectedinherited

Definition at line 77 of file tls_cbc.h.

77{ return m_msg; }

◆ name()

std::string Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::name ( ) const

finaloverridevirtualinherited

Returns: the algorithm name

Implements Botan::SymmetricAlgorithm.

Definition at line 68 of file tls_cbc.cpp.

   {
   return "TLS_CBC(" + m_cipher_name + "," + m_mac_name + ")";
   }

◆ output_length()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::output_length ( size_t input_length ) const

overridevirtual

Returns the size of the output if this transform is used to process a message with input_length bytes. In most cases the answer is precise. If it is not possible to precise (namely for CBC decryption) instead an upper bound is returned.

Implements Botan::Cipher_Mode.

Definition at line 196 of file tls_cbc.cpp.

   {
   return round_up(input_length + 1 + (use_encrypt_then_mac() ? 0 : tag_size()), block_size()) +
      (use_encrypt_then_mac() ? tag_size() : 0);
   }

References Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::block_size(), Botan::round_up(), Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::tag_size(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::use_encrypt_then_mac().

◆ process() [1/2]

size_t Botan::Cipher_Mode::process ( std::span< uint8_t > msg )

inlineinherited

Process message blocks

Input must be a multiple of update_granularity

Processes msg in place and returns bytes written. Normally this will be either msg_len (indicating the entire message was processed) or for certain AEAD modes zero (indicating that the mode requires the entire message be processed in one pass).

Parameters

msg	the message to be processed

Returns: bytes written in-place

Definition at line 133 of file cipher_mode.h.

134 { return this->process_msg(msg.data(), msg.size()); }

Botan::Cipher_Mode::process_msg

virtual size_t process_msg(uint8_t msg[], size_t msg_len)=0

◆ process() [2/2]

size_t Botan::Cipher_Mode::process	(	uint8_t	msg[],
		size_t	msg_len
	)

inlineinherited

Definition at line 135 of file cipher_mode.h.

136 { return this->process_msg(msg, msg_len); }

◆ provider()

virtual std::string Botan::Cipher_Mode::provider ( ) const

inlinevirtualinherited

Returns: provider information about this implementation. Default is "base", might also return "sse2", "avx2", "openssl", or some other arbitrary string.

Reimplemented in Botan::GCM_Mode.

Definition at line 250 of file cipher_mode.h.

250{ return "base"; }

Referenced by Botan::AEAD_Mode::create(), Botan::Cipher_Mode::create(), Botan::AEAD_Mode::create_or_throw(), and Botan::Cipher_Mode::create_or_throw().

◆ providers()

std::vector< std::string > Botan::Cipher_Mode::providers ( std::string_view algo_spec )

staticinherited

Returns: list of available providers for this algorithm, empty if not available

Parameters

algo_spec algorithm name

Definition at line 172 of file cipher_mode.cpp.

   {
   const std::vector<std::string>& possible = { "base", "commoncrypto" };
   std::vector<std::string> providers;
   for(auto&& prov : possible)
      {
      auto mode = Cipher_Mode::create(algo_spec, Cipher_Dir::Encryption, prov);
      if(mode)
         {
         providers.push_back(prov); // available
         }
      }
   return providers;
   }

References Botan::Cipher_Mode::create(), Botan::Encryption, and Botan::Cipher_Mode::providers().

Referenced by Botan::Cipher_Mode::providers().

◆ requires_entire_message()

virtual bool Botan::Cipher_Mode::requires_entire_message ( ) const

inlinevirtualinherited

Certain modes require the entire message be available before any processing can occur. For such modes, input will be consumed but not returned, until finish is called, which returns the entire message.

This function returns true if this mode has this style of operation.

Reimplemented in Botan::CCM_Mode, and Botan::SIV_Mode.

Definition at line 212 of file cipher_mode.h.

212{ return false; }

◆ reset()

void Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::reset ( )

finaloverridevirtualinherited

Resets just the message specific state and allows encrypting again under the existing key

Implements Botan::Cipher_Mode.

Definition at line 61 of file tls_cbc.cpp.

   {
   cbc_state().clear();
   m_ad.clear();
   m_msg.clear();
   }

References Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::cbc_state().

Referenced by Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::clear().

◆ set_ad()

void Botan::AEAD_Mode::set_ad ( std::span< const uint8_t > ad )

inlineinherited

Set associated data that is not included in the ciphertext but that should be authenticated. Must be called after set_key and before start.

See set_associated_data().

Parameters

ad	the associated data

Definition at line 128 of file aead.h.

         {
         set_associated_data(ad);
         }

◆ set_associated_data() [1/2]

void Botan::AEAD_Mode::set_associated_data	(	const uint8_t	ad[],
		size_t	ad_len
	)

inlineinherited

Definition at line 62 of file aead.h.

63 { set_associated_data(std::span(ad, ad_len)); }

◆ set_associated_data() [2/2]

void Botan::AEAD_Mode::set_associated_data ( std::span< const uint8_t > ad )

inlineinherited

Set associated data that is not included in the ciphertext but that should be authenticated. Must be called after set_key and before start.

Unless reset by another call, the associated data is kept between messages. Thus, if the AD does not change, calling once (after set_key) is the optimum.

Parameters

ad	the associated data

Definition at line 60 of file aead.h.

61 { set_associated_data_n(0, ad); }

Botan::AEAD_Mode::set_associated_data_n

virtual void set_associated_data_n(size_t idx, std::span< const uint8_t > ad)=0

Referenced by Botan::TLS::write_record().

◆ set_associated_data_n()

void Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::set_associated_data_n	(	size_t	idx,
		std::span< const uint8_t >	ad
	)

overridevirtual

Set associated data that is not included in the ciphertext but that should be authenticated. Must be called after set_key and before start.

Unless reset by another call, the associated data is kept between messages. Thus, if the AD does not change, calling once (after set_key) is the optimum.

Some AEADs (namely SIV) support multiple AD inputs. For all other modes only nominal AD input 0 is supported; all other values of idx will cause an exception.

Derived AEADs must implement this. For AEADs where maximum_associated_data_inputs() returns 1 (the default), the idx must simply be ignored.

Parameters

idx	which associated data to set
ad	the associated data

Reimplemented from Botan::TLS::TLS_CBC_HMAC_AEAD_Mode.

Definition at line 149 of file tls_cbc.cpp.

   {
   TLS_CBC_HMAC_AEAD_Mode::set_associated_data_n(idx, ad);
 
   if(use_encrypt_then_mac())
      {
      // AAD hack for EtM
      // EtM uses ciphertext size instead of plaintext size for AEAD input
      const uint16_t pt_size = make_uint16(assoc_data()[11], assoc_data()[12]);
      const uint16_t enc_size = static_cast<uint16_t>(round_up(iv_size() + pt_size + 1, block_size()));
      assoc_data()[11] = get_byte<0, uint16_t>(enc_size);
      assoc_data()[12] = get_byte<1, uint16_t>(enc_size);
      }
   }

References Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::assoc_data(), Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::block_size(), Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::iv_size(), Botan::make_uint16(), Botan::round_up(), Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::set_associated_data_n(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::use_encrypt_then_mac().

◆ set_associated_data_vec()

template<typename Alloc >

void Botan::AEAD_Mode::set_associated_data_vec ( const std::vector< uint8_t, Alloc > & ad )

inlineinherited

Set associated data that is not included in the ciphertext but that should be authenticated. Must be called after set_key and before start.

See set_associated_data().

Parameters

ad	the associated data

Definition at line 113 of file aead.h.

         {
         set_associated_data(ad);
         }

◆ set_key() [1/3]

void Botan::SymmetricAlgorithm::set_key ( const SymmetricKey & key )

inlineinherited

Set the symmetric key of this object.

Parameters

key	the SymmetricKey to be set.

Definition at line 150 of file sym_algo.h.

         {
         set_key(key.begin(), key.length());
         }

References Botan::OctetString::begin(), and Botan::OctetString::length().

Referenced by Botan::Sodium::crypto_stream_salsa20(), Botan::Sodium::crypto_stream_salsa20_xor_ic(), Botan::Sodium::crypto_stream_xsalsa20(), Botan::Sodium::crypto_stream_xsalsa20_xor_ic(), Botan::FPE::fe1_decrypt(), Botan::FPE::fe1_encrypt(), and Botan::Sodium::randombytes_buf_deterministic().

◆ set_key() [2/3]

void Botan::SymmetricAlgorithm::set_key	(	const uint8_t	key[],
		size_t	length
	)

inherited

Set the symmetric key of this object.

Parameters

key	the to be set as a byte array.
length	in bytes of key param

Definition at line 17 of file sym_algo.cpp.

   {
   if(!valid_keylength(length))
      throw Invalid_Key_Length(name(), length);
   key_schedule(key, length);
   }

References Botan::SymmetricAlgorithm::name(), and Botan::SymmetricAlgorithm::valid_keylength().

◆ set_key() [3/3]

void Botan::SymmetricAlgorithm::set_key ( std::span< const uint8_t > key )

inlineinherited

Set the symmetric key of this object.

Parameters

key	the contiguous byte range to be set.

Definition at line 159 of file sym_algo.h.

         {
         set_key(key.data(), key.size());
         }

◆ start() [1/3]

void Botan::Cipher_Mode::start ( )

inlineinherited

Begin processing a message.

The exact semantics of this depend on the mode. For many modes, the call will fail since a nonce must be provided.

For certain modes such as CBC this will instead cause the last ciphertext block to be used as the nonce of the new message; doing this isn't a good idea, but some (mostly older) protocols do this.

Definition at line 115 of file cipher_mode.h.

         {
         return start_msg(nullptr, 0);
         }

◆ start() [2/3]

void Botan::Cipher_Mode::start	(	const uint8_t	nonce[],
		size_t	nonce_len
	)

inlineinherited

Begin processing a message with a fresh nonce.

Parameters

nonce	the per message nonce
nonce_len	length of nonce

Definition at line 100 of file cipher_mode.h.

         {
         start_msg(nonce, nonce_len);
         }

◆ start() [3/3]

void Botan::Cipher_Mode::start ( std::span< const uint8_t > nonce )

inlineinherited

Begin processing a message with a fresh nonce.

Parameters

nonce the per message nonce

Definition at line 90 of file cipher_mode.h.

         {
         start_msg(nonce.data(), nonce.size());
         }

Referenced by botan_cipher_start(), and Botan::TLS::write_record().

◆ tag_size()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::tag_size ( ) const

inlinefinaloverridevirtualinherited

Returns: the size of the authentication tag used (in bytes)

Reimplemented from Botan::Cipher_Mode.

Definition at line 40 of file tls_cbc.h.

40{ return m_tag_size; }

Referenced by output_length().

◆ update()

template<concepts::resizable_byte_buffer T>

void Botan::Cipher_Mode::update	(	T &	buffer,
		size_t	offset = `0`
	)

inlineinherited

Process some data. Input must be in size update_granularity() uint8_t blocks.

Parameters

buffer	in/out parameter which will possibly be resized
offset	an offset into blocks to begin processing

Definition at line 144 of file cipher_mode.h.

         {
         BOTAN_ASSERT(buffer.size() >= offset, "Offset ok");
         const size_t written = process(std::span(buffer).subspan(offset));
         buffer.resize(offset + written);
         }

References BOTAN_ASSERT.

Referenced by botan_cipher_update().

◆ update_granularity()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::update_granularity ( ) const

finaloverridevirtualinherited

Returns: size of required blocks to update

Implements Botan::Cipher_Mode.

Definition at line 73 of file tls_cbc.cpp.

   {
   return 1; // just buffers anyway
   }

◆ use_encrypt_then_mac()

bool Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::use_encrypt_then_mac ( ) const

inlineprotectedinherited

Definition at line 63 of file tls_cbc.h.

63{ return m_use_encrypt_then_mac; }

Referenced by output_length(), and set_associated_data_n().

◆ valid_keylength()

bool Botan::SymmetricAlgorithm::valid_keylength ( size_t length ) const

inlineinherited

Check whether a given key length is valid for this algorithm.

Parameters

length the key length to be checked.

Returns: true if the key length is valid.

Definition at line 141 of file sym_algo.h.

         {
         return key_spec().valid_keylength(length);
         }

Referenced by Botan::SymmetricAlgorithm::set_key().

◆ valid_nonce_length()

bool Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::valid_nonce_length ( size_t nonce_len ) const

finaloverridevirtualinherited

Returns: true iff nonce_len is a valid length for the nonce

Implements Botan::Cipher_Mode.

Definition at line 83 of file tls_cbc.cpp.

   {
   if(m_cbc_state.empty())
      return nl == block_size();
   return nl == iv_size();
   }

References Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::block_size(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::iv_size().

The documentation for this class was generated from the following files:

src/lib/tls/tls12/tls_cbc/tls_cbc.h
src/lib/tls/tls12/tls_cbc/tls_cbc.cpp

Public Member Functions

Static Public Member Functions

Protected Member Functions

Detailed Description

Constructor & Destructor Documentation

◆ TLS_CBC_HMAC_AEAD_Encryption()

Member Function Documentation

◆ assert_key_material_set() [1/2]

◆ assert_key_material_set() [2/2]

◆ assoc_data()

◆ assoc_data_with_len()

◆ associated_data_requires_key()

◆ authenticated()

◆ block_size()

◆ cbc()

◆ cbc_state()

◆ cipher_keylen()

◆ clear()

◆ create()

◆ create_or_throw()

◆ default_nonce_length()

◆ finish() [1/2]

◆ finish() [2/2]

◆ has_keying_material()

◆ ideal_granularity()

◆ is_datagram_protocol()

◆ iv_size()

◆ key_spec()

◆ mac()

◆ mac_keylen()

◆ maximum_associated_data_inputs()

◆ maximum_keylength()

◆ minimum_final_size()

◆ minimum_keylength()

◆ msg()

◆ name()

◆ output_length()

◆ process() [1/2]

◆ process() [2/2]

◆ provider()

◆ providers()

◆ requires_entire_message()

◆ reset()

◆ set_ad()

◆ set_associated_data() [1/2]

◆ set_associated_data() [2/2]

◆ set_associated_data_n()

◆ set_associated_data_vec()

◆ set_key() [1/3]

◆ set_key() [2/3]

◆ set_key() [3/3]

◆ start() [1/3]

◆ start() [2/3]

◆ start() [3/3]

◆ tag_size()

◆ update()

◆ update_granularity()

◆ use_encrypt_then_mac()

◆ valid_keylength()

◆ valid_nonce_length()