Botan::TLS::TLS_CBC_HMAC_AEAD_Mode Class Reference

#include <tls_cbc.h>

Inheritance diagram for Botan::TLS::TLS_CBC_HMAC_AEAD_Mode:

Public Member Functions
virtual bool	associated_data_requires_key () const
bool	authenticated () const
void	clear () final
size_t	default_nonce_length () const final
void	finish (secure_vector< uint8_t > &final_block, size_t offset=0)
template<concepts::resizable_byte_buffer T>
void	finish (T &final_block, size_t offset=0)
bool	has_keying_material () const final
size_t	ideal_granularity () const final
Key_Length_Specification	key_spec () const final
virtual size_t	maximum_associated_data_inputs () const
size_t	maximum_keylength () const
virtual size_t	minimum_final_size () const =0
size_t	minimum_keylength () const
std::string	name () const final
virtual size_t	output_length (size_t input_length) const =0
size_t	process (std::span< uint8_t > msg)
size_t	process (uint8_t msg[], size_t msg_len)
virtual std::string	provider () const
virtual bool	requires_entire_message () const
void	reset () final
void	set_ad (std::span< const uint8_t > ad)
void	set_associated_data (const uint8_t ad[], size_t ad_len)
void	set_associated_data (std::span< const uint8_t > ad)
void	set_associated_data_n (size_t idx, std::span< const uint8_t > ad) override
template<typename Alloc>
void	set_associated_data_vec (const std::vector< uint8_t, Alloc > &ad)
void	set_key (const OctetString &key)
void	set_key (const uint8_t key[], size_t length)
void	set_key (std::span< const uint8_t > key)
void	start ()
void	start (const uint8_t nonce[], size_t nonce_len)
void	start (std::span< const uint8_t > nonce)
size_t	tag_size () const final
template<concepts::resizable_byte_buffer T>
void	update (T &buffer, size_t offset=0)
size_t	update_granularity () const final
bool	valid_keylength (size_t length) const
bool	valid_nonce_length (size_t nl) const final

Static Public Member Functions
static std::unique_ptr< AEAD_Mode >	create (std::string_view algo, Cipher_Dir direction, std::string_view provider="")
static std::unique_ptr< AEAD_Mode >	create_or_throw (std::string_view algo, Cipher_Dir direction, std::string_view provider="")
static std::vector< std::string >	providers (std::string_view algo_spec)

Protected Member Functions
void	assert_key_material_set () const
void	assert_key_material_set (bool predicate) const
std::vector< uint8_t > &	assoc_data ()
std::vector< uint8_t >	assoc_data_with_len (uint16_t len)
size_t	block_size () const
Cipher_Mode &	cbc () const
secure_vector< uint8_t > &	cbc_state ()
size_t	cipher_keylen () const
virtual void	finish_msg (secure_vector< uint8_t > &final_block, size_t offset=0)=0
bool	is_datagram_protocol () const
size_t	iv_size () const
MessageAuthenticationCode &	mac () const
size_t	mac_keylen () const
secure_vector< uint8_t > &	msg ()
	TLS_CBC_HMAC_AEAD_Mode (Cipher_Dir direction, std::unique_ptr< BlockCipher > cipher, std::unique_ptr< MessageAuthenticationCode > mac, size_t cipher_keylen, size_t mac_keylen, Protocol_Version version, bool use_encrypt_then_mac)
bool	use_encrypt_then_mac () const

Detailed Description

TLS CBC+HMAC AEAD base class (GenericBlockCipher in TLS spec) This is the weird TLS-specific mode, not for general consumption.

Definition at line 23 of file tls_cbc.h.

Constructor & Destructor Documentation

TLS_CBC_HMAC_AEAD_Mode()

Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::TLS_CBC_HMAC_AEAD_Mode ( Cipher_Dir direction, std::unique_ptr< BlockCipher > cipher, std::unique_ptr< MessageAuthenticationCode > mac, size_t cipher_keylen, size_t mac_keylen, Protocol_Version version, bool use_encrypt_then_mac )

protected

Definition at line 26 of file tls_cbc.cpp.

                                                                          :
      m_cipher_name(cipher->name()),
      m_mac_name(mac->name()),
      m_cipher_keylen(cipher_keylen),
      m_mac_keylen(mac_keylen),
      m_use_encrypt_then_mac(use_encrypt_then_mac) {
   m_tag_size = mac->output_length();
   m_block_size = cipher->block_size();
 
   m_iv_size = m_block_size;
 
   m_is_datagram = version.is_datagram_protocol();
 
   m_mac = std::move(mac);
 
   auto null_padding = std::make_unique<Null_Padding>();
   if(dir == Cipher_Dir::Encryption) {
      m_cbc = std::make_unique<CBC_Encryption>(std::move(cipher), std::move(null_padding));
   } else {
      m_cbc = std::make_unique<CBC_Decryption>(std::move(cipher), std::move(null_padding));
   }
}

References cipher_keylen(), Botan::Encryption, Botan::TLS::Protocol_Version::is_datagram_protocol(), mac(), mac_keylen(), name(), and use_encrypt_then_mac().

Referenced by Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption::TLS_CBC_HMAC_AEAD_Decryption(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::TLS_CBC_HMAC_AEAD_Encryption().

Member Function Documentation

assert_key_material_set() [1/2]

void Botan::SymmetricAlgorithm::assert_key_material_set ( ) const

inlineprotectedinherited

Definition at line 141 of file sym_algo.h.

{ assert_key_material_set(has_keying_material()); }

References assert_key_material_set(), and has_keying_material().

Referenced by assert_key_material_set(), Botan::Salsa20::cipher_bytes(), Botan::Lion::decrypt_n(), Botan::Lion::encrypt_n(), Botan::GHASH::final(), Botan::GHASH::nonce_hash(), Botan::ChaCha::seek(), Botan::CTR_BE::seek(), Botan::Salsa20::seek(), Botan::GHASH::set_associated_data(), Botan::OCB_Mode::set_associated_data_n(), Botan::Salsa20::set_iv_bytes(), Botan::GHASH::update(), and Botan::GHASH::update_associated_data().

assert_key_material_set() [2/2]

void Botan::SymmetricAlgorithm::assert_key_material_set ( bool predicate ) const

inlineprotectedinherited

Definition at line 143 of file sym_algo.h.

                                                         {
         if(!predicate) {
            throw_key_not_set_error();
         }
      }

assoc_data()

std::vector< uint8_t > & Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::assoc_data ( )

inlineprotected

Definition at line 74 of file tls_cbc.h.

{ return m_ad; }

Referenced by Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::set_associated_data_n().

assoc_data_with_len()

std::vector< uint8_t > Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::assoc_data_with_len ( uint16_t len )

protected

Definition at line 122 of file tls_cbc.cpp.

                                                                           {
   std::vector<uint8_t> ad = m_ad;
   BOTAN_ASSERT(ad.size() == 13, "Expected AAD size");
   ad[11] = get_byte<0>(len);
   ad[12] = get_byte<1>(len);
   return ad;
}

References BOTAN_ASSERT, and Botan::get_byte().

associated_data_requires_key()

virtual bool Botan::AEAD_Mode::associated_data_requires_key ( ) const

inlinevirtualinherited

Most AEADs require the key to be set prior to setting the AD A few allow the AD to be set even before the cipher is keyed. Such ciphers would return false from this function.

Reimplemented in Botan::CCM_Mode, and Botan::ChaCha20Poly1305_Mode.

Definition at line 98 of file aead.h.

{ return true; }

authenticated()

bool Botan::Cipher_Mode::authenticated ( ) const

inlineinherited

Return the length in bytes of the authentication tag this algorithm generates. If the mode is not authenticated, this will return 0.

Returns

true iff this mode provides authentication as well as confidentiality.

Definition at line 263 of file cipher_mode.h.

{ return this->tag_size() > 0; }

References tag_size().

block_size()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::block_size ( ) const

inlineprotected

Definition at line 62 of file tls_cbc.h.

{ return m_block_size; }

Referenced by Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::output_length(), Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::set_associated_data_n(), and valid_nonce_length().

cbc()

Cipher_Mode & Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::cbc ( ) const

inlineprotected

Definition at line 68 of file tls_cbc.h.

{ return *m_cbc; }

Referenced by clear(), and has_keying_material().

cbc_state()

secure_vector< uint8_t > & Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::cbc_state ( )

inlineprotected

Definition at line 72 of file tls_cbc.h.

{ return m_cbc_state; }

Referenced by reset().

cipher_keylen()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::cipher_keylen ( ) const

inlineprotected

Definition at line 56 of file tls_cbc.h.

{ return m_cipher_keylen; }

References cipher_keylen().

Referenced by cipher_keylen(), Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption::TLS_CBC_HMAC_AEAD_Decryption(), Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::TLS_CBC_HMAC_AEAD_Encryption(), and TLS_CBC_HMAC_AEAD_Mode().

clear()

void Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::clear ( )

finalvirtual

Reset the internal state. This includes not just the key, but any partial message that may have been in process.

Implements Botan::SymmetricAlgorithm.

Definition at line 55 of file tls_cbc.cpp.

                                   {
   cbc().clear();
   mac().clear();
   reset();
}

References cbc(), Botan::SymmetricAlgorithm::clear(), mac(), and reset().

create()

std::unique_ptr< AEAD_Mode > Botan::AEAD_Mode::create ( std::string_view algo, Cipher_Dir direction, std::string_view provider = "" )

staticinherited

Create an AEAD mode

Parameters

algo	the algorithm to create
direction	specify if this should be an encryption or decryption AEAD
provider	optional specification for provider to use

Returns

an AEAD mode or a null pointer if not available

Definition at line 54 of file aead.cpp.

                                                                                                       {
   BOTAN_UNUSED(provider);
#if defined(BOTAN_HAS_AEAD_CHACHA20_POLY1305)
   if(algo == "ChaCha20Poly1305") {
      if(dir == Cipher_Dir::Encryption) {
         return std::make_unique<ChaCha20Poly1305_Encryption>();
      } else {
         return std::make_unique<ChaCha20Poly1305_Decryption>();
      }
   }
#endif
 
   if(algo.find('/') != std::string::npos) {
      const std::vector<std::string> algo_parts = split_on(algo, '/');
      std::string_view cipher_name = algo_parts[0];
      const std::vector<std::string> mode_info = parse_algorithm_name(algo_parts[1]);
 
      if(mode_info.empty()) {
         return std::unique_ptr<AEAD_Mode>();
      }
 
      std::ostringstream mode_name;
 
      mode_name << mode_info[0] << '(' << cipher_name;
      for(size_t i = 1; i < mode_info.size(); ++i) {
         mode_name << ',' << mode_info[i];
      }
      for(size_t i = 2; i < algo_parts.size(); ++i) {
         mode_name << ',' << algo_parts[i];
      }
      mode_name << ')';
 
      return AEAD_Mode::create(mode_name.str(), dir);
   }
 
#if defined(BOTAN_HAS_BLOCK_CIPHER)
 
   SCAN_Name req(algo);
 
   if(req.arg_count() == 0) {
      return std::unique_ptr<AEAD_Mode>();
   }
 
   auto bc = BlockCipher::create(req.arg(0), provider);
 
   if(!bc) {
      return std::unique_ptr<AEAD_Mode>();
   }
 
   #if defined(BOTAN_HAS_AEAD_CCM)
   if(req.algo_name() == "CCM") {
      size_t tag_len = req.arg_as_integer(1, 16);
      size_t L_len = req.arg_as_integer(2, 3);
      if(dir == Cipher_Dir::Encryption) {
         return std::make_unique<CCM_Encryption>(std::move(bc), tag_len, L_len);
      } else {
         return std::make_unique<CCM_Decryption>(std::move(bc), tag_len, L_len);
      }
   }
   #endif
 
   #if defined(BOTAN_HAS_AEAD_GCM)
   if(req.algo_name() == "GCM") {
      size_t tag_len = req.arg_as_integer(1, 16);
      if(dir == Cipher_Dir::Encryption) {
         return std::make_unique<GCM_Encryption>(std::move(bc), tag_len);
      } else {
         return std::make_unique<GCM_Decryption>(std::move(bc), tag_len);
      }
   }
   #endif
 
   #if defined(BOTAN_HAS_AEAD_OCB)
   if(req.algo_name() == "OCB") {
      size_t tag_len = req.arg_as_integer(1, 16);
      if(dir == Cipher_Dir::Encryption) {
         return std::make_unique<OCB_Encryption>(std::move(bc), tag_len);
      } else {
         return std::make_unique<OCB_Decryption>(std::move(bc), tag_len);
      }
   }
   #endif
 
   #if defined(BOTAN_HAS_AEAD_EAX)
   if(req.algo_name() == "EAX") {
      size_t tag_len = req.arg_as_integer(1, bc->block_size());
      if(dir == Cipher_Dir::Encryption) {
         return std::make_unique<EAX_Encryption>(std::move(bc), tag_len);
      } else {
         return std::make_unique<EAX_Decryption>(std::move(bc), tag_len);
      }
   }
   #endif
 
   #if defined(BOTAN_HAS_AEAD_SIV)
   if(req.algo_name() == "SIV") {
      if(dir == Cipher_Dir::Encryption) {
         return std::make_unique<SIV_Encryption>(std::move(bc));
      } else {
         return std::make_unique<SIV_Decryption>(std::move(bc));
      }
   }
   #endif
 
#endif
 
   return std::unique_ptr<AEAD_Mode>();
}

References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_as_integer(), Botan::SCAN_Name::arg_count(), BOTAN_UNUSED, create(), Botan::BlockCipher::create(), Botan::Encryption, Botan::parse_algorithm_name(), Botan::Cipher_Mode::provider(), and Botan::split_on().

Referenced by Botan::ChaCha20Poly1305_Mode::ChaCha20Poly1305_Mode(), create(), Botan::Cipher_Mode::create(), create_or_throw(), and Botan::get_aead().

create_or_throw()

std::unique_ptr< AEAD_Mode > Botan::AEAD_Mode::create_or_throw ( std::string_view algo, Cipher_Dir direction, std::string_view provider = "" )

staticinherited

Create an AEAD mode, or throw

Parameters

algo	the algorithm to create
direction	specify if this should be an encryption or decryption AEAD
provider	optional specification for provider to use

Returns

an AEAD mode, or throw an exception

Definition at line 44 of file aead.cpp.

                                                                               {
   if(auto aead = AEAD_Mode::create(algo, dir, provider)) {
      return aead;
   }
 
   throw Lookup_Error("AEAD", algo, provider);
}

References create(), and Botan::Cipher_Mode::provider().

Referenced by Botan::TLS::Cipher_State::advance_with_server_hello(), Botan::TLS::Connection_Cipher_State::Connection_Cipher_State(), Botan::TLS::Session::decrypt(), and Botan::TLS::Session::encrypt().

default_nonce_length()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::default_nonce_length ( ) const

inlinefinalvirtual

Returns

default AEAD nonce size (a commonly supported value among AEAD modes, and large enough that random collisions are unlikely)

Reimplemented from Botan::AEAD_Mode.

Definition at line 39 of file tls_cbc.h.

{ return m_iv_size; }

finish() [1/2]

void Botan::Cipher_Mode::finish ( secure_vector< uint8_t > & final_block, size_t offset = 0 )

inlineinherited

Complete procession of a message with a final input of buffer, which is treated the same as with update(). If you have the entire message in hand, calling finish() without ever calling update() is both efficient and convenient.

When using an AEAD_Mode, if the supplied authentication tag does not validate, this will throw an instance of Invalid_Authentication_Tag.

If this occurs, all plaintext previously output via calls to update must be destroyed and not used in any way that an attacker could observe the effects of. This could be anything from echoing the plaintext back (perhaps in an error message), or by making an external RPC whose destination or contents depend on the plaintext. The only thing you can do is buffer it, and in the event of an invalid tag, erase the previously decrypted content from memory.

One simple way to assure this could never happen is to never call update, and instead always marshal the entire message into a single buffer and call finish on it when decrypting.

Parameters

final_block	in/out parameter which must be at least minimum_final_size() bytes, and will be set to any final output
offset	an offset into final_block to begin processing

Definition at line 179 of file cipher_mode.h.

{ finish_msg(final_block, offset); }

References finish_msg().

Referenced by botan_cipher_update(), and Botan::TLS::write_record().

finish() [2/2]

template<concepts::resizable_byte_buffer T>

void Botan::Cipher_Mode::finish ( T & final_block, size_t offset = 0 )

inlineinherited

Complete procession of a message.

Note: Using this overload with anything but a Botan::secure_vector<> is copying the bytes in the in/out buffer.

Parameters

final_block	in/out parameter which must be at least minimum_final_size() bytes, and will be set to any final output
offset	an offset into final_block to begin processing

Definition at line 192 of file cipher_mode.h.

                                                     {
         Botan::secure_vector<uint8_t> tmp(final_block.begin(), final_block.end());
         finish_msg(tmp, offset);
         final_block.resize(tmp.size());
         std::copy(tmp.begin(), tmp.end(), final_block.begin());
      }

References finish_msg().

finish_msg()

virtual void Botan::Cipher_Mode::finish_msg ( secure_vector< uint8_t > & final_block, size_t offset = 0 )

protectedpure virtualinherited

Referenced by finish(), and finish().

has_keying_material()

bool Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::has_keying_material ( ) const

finalvirtual

Returns

true if a key has been set on this object

Implements Botan::SymmetricAlgorithm.

Definition at line 90 of file tls_cbc.cpp.

                                                       {
   return mac().has_keying_material() && cbc().has_keying_material();
}

References cbc(), Botan::SymmetricAlgorithm::has_keying_material(), and mac().

ideal_granularity()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::ideal_granularity ( ) const

finalvirtual

Return an ideal granularity. This will be a multiple of the result of update_granularity but may be larger. If so it indicates that better performance may be achieved by providing buffers that are at least that size (due to SIMD execution, etc).

Implements Botan::Cipher_Mode.

Definition at line 75 of file tls_cbc.cpp.

                                                       {
   return 1;  // just buffers anyway
}

is_datagram_protocol()

bool Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::is_datagram_protocol ( ) const

inlineprotected

Definition at line 66 of file tls_cbc.h.

{ return m_is_datagram; }

iv_size()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::iv_size ( ) const

inlineprotected

Definition at line 60 of file tls_cbc.h.

{ return m_iv_size; }

Referenced by Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::set_associated_data_n(), and valid_nonce_length().

key_spec()

Key_Length_Specification Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::key_spec ( ) const

finalvirtual

Returns

object describing limits on key size

Implements Botan::SymmetricAlgorithm.

Definition at line 86 of file tls_cbc.cpp.

                                                                {
   return Key_Length_Specification(m_cipher_keylen + m_mac_keylen);
}

mac()

MessageAuthenticationCode & Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::mac ( ) const

inlineprotected

Definition at line 70 of file tls_cbc.h.

{ return *m_mac; }

Referenced by clear(), has_keying_material(), Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption::TLS_CBC_HMAC_AEAD_Decryption(), Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::TLS_CBC_HMAC_AEAD_Encryption(), and TLS_CBC_HMAC_AEAD_Mode().

mac_keylen()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::mac_keylen ( ) const

inlineprotected

Definition at line 58 of file tls_cbc.h.

{ return m_mac_keylen; }

Referenced by Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption::TLS_CBC_HMAC_AEAD_Decryption(), Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::TLS_CBC_HMAC_AEAD_Encryption(), and TLS_CBC_HMAC_AEAD_Mode().

maximum_associated_data_inputs()

virtual size_t Botan::AEAD_Mode::maximum_associated_data_inputs ( ) const

inlinevirtualinherited

Returns the maximum supported number of associated data inputs which can be provided to set_associated_data_n

If returns 0, then no associated data is supported.

Reimplemented in Botan::SIV_Mode.

Definition at line 91 of file aead.h.

{ return 1; }

maximum_keylength()

size_t Botan::SymmetricAlgorithm::maximum_keylength ( ) const

inlineinherited

Returns

maximum allowed key length

Definition at line 97 of file sym_algo.h.

{ return key_spec().maximum_keylength(); }

References key_spec().

minimum_final_size()

virtual size_t Botan::Cipher_Mode::minimum_final_size ( ) const

pure virtualinherited

Returns

required minimium size to finalize() - may be any length larger than this.

Implemented in Botan::CBC_Decryption, Botan::CBC_Encryption, Botan::CCM_Decryption, Botan::CCM_Encryption, Botan::CFB_Mode, Botan::ChaCha20Poly1305_Decryption, Botan::ChaCha20Poly1305_Encryption, Botan::CTS_Decryption, Botan::CTS_Encryption, Botan::EAX_Decryption, Botan::EAX_Encryption, Botan::GCM_Decryption, Botan::GCM_Encryption, Botan::OCB_Decryption, Botan::OCB_Encryption, Botan::SIV_Decryption, Botan::SIV_Encryption, Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption, Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption, and Botan::XTS_Mode.

minimum_keylength()

size_t Botan::SymmetricAlgorithm::minimum_keylength ( ) const

inlineinherited

Returns

minimum allowed key length

Definition at line 102 of file sym_algo.h.

{ return key_spec().minimum_keylength(); }

References key_spec().

msg()

secure_vector< uint8_t > & Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::msg ( )

inlineprotected

Definition at line 76 of file tls_cbc.h.

{ return m_msg; }

name()

std::string Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::name ( ) const

finalvirtual

Returns

the algorithm name

Implements Botan::SymmetricAlgorithm.

Definition at line 67 of file tls_cbc.cpp.

                                             {
   return "TLS_CBC(" + m_cipher_name + "," + m_mac_name + ")";
}

Referenced by TLS_CBC_HMAC_AEAD_Mode().

output_length()

virtual size_t Botan::Cipher_Mode::output_length ( size_t input_length ) const

pure virtualinherited

Returns the size of the output if this transform is used to process a message with input_length bytes. In most cases the answer is precise. If it is not possible to precise (namely for CBC decryption) instead an upper bound is returned.

Implemented in Botan::CBC_Decryption, Botan::CBC_Encryption, Botan::CCM_Decryption, Botan::CCM_Encryption, Botan::CFB_Mode, Botan::ChaCha20Poly1305_Decryption, Botan::ChaCha20Poly1305_Encryption, Botan::CTS_Encryption, Botan::EAX_Decryption, Botan::EAX_Encryption, Botan::GCM_Decryption, Botan::GCM_Encryption, Botan::OCB_Decryption, Botan::OCB_Encryption, Botan::SIV_Decryption, Botan::SIV_Encryption, Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption, Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption, Botan::XTS_Decryption, and Botan::XTS_Encryption.

Referenced by Botan::TLS::write_record().

process() [1/2]

size_t Botan::Cipher_Mode::process ( std::span< uint8_t > msg )

inlineinherited

Process message blocks

Input must be a multiple of update_granularity

Processes msg in place and returns bytes written. Normally this will be either msg_len (indicating the entire message was processed) or for certain AEAD modes zero (indicating that the mode requires the entire message be processed in one pass).

Parameters

msg	the message to be processed

Returns

bytes written in-place

Definition at line 132 of file cipher_mode.h.

{ return this->process_msg(msg.data(), msg.size()); }

References process_msg().

Referenced by botan_cipher_update(), and update().

process() [2/2]

size_t Botan::Cipher_Mode::process ( uint8_t msg[], size_t msg_len )

inlineinherited

Definition at line 134 of file cipher_mode.h.

{ return this->process_msg(msg, msg_len); }

References process_msg().

provider()

virtual std::string Botan::Cipher_Mode::provider ( ) const

inlinevirtualinherited

Returns

provider information about this implementation. Default is "base", might also return "sse2", "avx2", "openssl", or some other arbitrary string.

Reimplemented in Botan::GCM_Mode.

Definition at line 274 of file cipher_mode.h.

{ return "base"; }

Referenced by Botan::AEAD_Mode::create(), create(), Botan::AEAD_Mode::create_or_throw(), and create_or_throw().

providers()

std::vector< std::string > Botan::Cipher_Mode::providers ( std::string_view algo_spec )

staticinherited

Returns

list of available providers for this algorithm, empty if not available

Parameters

algo_spec

algorithm name

Definition at line 168 of file cipher_mode.cpp.

                                                                    {
   const std::vector<std::string>& possible = {"base", "commoncrypto"};
   std::vector<std::string> providers;
   for(auto&& prov : possible) {
      auto mode = Cipher_Mode::create(algo_spec, Cipher_Dir::Encryption, prov);
      if(mode) {
         providers.push_back(prov);  // available
      }
   }
   return providers;
}

References create(), Botan::Encryption, and providers().

Referenced by providers().

requires_entire_message()

virtual bool Botan::Cipher_Mode::requires_entire_message ( ) const

inlinevirtualinherited

Certain modes require the entire message be available before any processing can occur. For such modes, input will be consumed but not returned, until finish is called, which returns the entire message.

This function returns true if this mode has this style of operation.

Reimplemented in Botan::CCM_Mode, and Botan::SIV_Mode.

Definition at line 233 of file cipher_mode.h.

{ return false; }

Referenced by botan_cipher_update().

reset()

void Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::reset ( )

finalvirtual

Resets just the message specific state and allows encrypting again under the existing key

Implements Botan::Cipher_Mode.

Definition at line 61 of file tls_cbc.cpp.

                                   {
   cbc_state().clear();
   m_ad.clear();
   m_msg.clear();
}

References cbc_state().

Referenced by clear().

set_ad()

void Botan::AEAD_Mode::set_ad ( std::span< const uint8_t > ad )

inlineinherited

Set associated data that is not included in the ciphertext but that should be authenticated. Must be called after set_key() and before start().

See set_associated_data().

Parameters

ad	the associated data

Definition at line 124 of file aead.h.

{ set_associated_data(ad); }

References set_ad(), and set_associated_data().

Referenced by set_ad().

set_associated_data() [1/2]

void Botan::AEAD_Mode::set_associated_data ( const uint8_t ad[], size_t ad_len )

inlineinherited

Definition at line 61 of file aead.h.

{ set_associated_data(std::span(ad, ad_len)); }

References set_associated_data().

Referenced by set_associated_data().

set_associated_data() [2/2]

void Botan::AEAD_Mode::set_associated_data ( std::span< const uint8_t > ad )

inlineinherited

Set associated data that is not included in the ciphertext but that should be authenticated. Must be called after set_key() and before start().

Unless reset by another call, the associated data is kept between messages. Thus, if the AD does not change, calling once (after set_key()) is the optimum.

Parameters

ad	the associated data

Definition at line 59 of file aead.h.

{ set_associated_data_n(0, ad); }

References set_associated_data_n().

Referenced by set_ad(), set_associated_data_vec(), and Botan::TLS::write_record().

set_associated_data_n()

void Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::set_associated_data_n ( size_t idx, std::span< const uint8_t > ad )

overridevirtual

Set associated data that is not included in the ciphertext but that should be authenticated. Must be called after set_key() and before start().

Unless reset by another call, the associated data is kept between messages. Thus, if the AD does not change, calling once (after set_key()) is the optimum.

Some AEADs (namely SIV) support multiple AD inputs. For all other modes only nominal AD input 0 is supported; all other values of idx will cause an exception.

Derived AEADs must implement this. For AEADs where maximum_associated_data_inputs() returns 1 (the default), the idx must simply be ignored.

Parameters

idx	which associated data to set
ad	the associated data

Implements Botan::AEAD_Mode.

Definition at line 130 of file tls_cbc.cpp.

                                                                                        {
   BOTAN_ARG_CHECK(idx == 0, "TLS 1.2 CBC/HMAC: cannot handle non-zero index in set_associated_data_n");
   if(ad.size() != 13) {
      throw Invalid_Argument("Invalid TLS AEAD associated data length");
   }
   m_ad.assign(ad.begin(), ad.end());
}

References BOTAN_ARG_CHECK.

Referenced by Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::set_associated_data_n().

set_associated_data_vec()

template<typename Alloc>

void Botan::AEAD_Mode::set_associated_data_vec ( const std::vector< uint8_t, Alloc > & ad )

inlineinherited

Set associated data that is not included in the ciphertext but that should be authenticated. Must be called after set_key() and before start().

See set_associated_data().

Parameters

ad	the associated data

Definition at line 111 of file aead.h.

                                                                        {
         set_associated_data(ad);
      }

References set_associated_data(), and set_associated_data_vec().

Referenced by set_associated_data_vec().

set_key() [1/3]

void Botan::SymmetricAlgorithm::set_key ( const OctetString & key )

inherited

Set the symmetric key of this object.

Parameters

key	the SymmetricKey to be set.

Definition at line 14 of file sym_algo.cpp.

                                                       {
   set_key(std::span{key.begin(), key.length()});
}

References Botan::OctetString::begin(), Botan::OctetString::length(), and set_key().

Referenced by Botan::create_aes_row_generator(), Botan::Sodium::crypto_stream_salsa20(), Botan::Sodium::crypto_stream_salsa20_xor_ic(), Botan::Sodium::crypto_stream_xsalsa20(), Botan::Sodium::crypto_stream_xsalsa20_xor_ic(), Botan::FPE::fe1_decrypt(), Botan::FPE::fe1_encrypt(), Botan::Sphincs_Hash_Functions_Sha2::PRF_msg(), Botan::Sodium::randombytes_buf_deterministic(), and set_key().

set_key() [2/3]

void Botan::SymmetricAlgorithm::set_key ( const uint8_t key[], size_t length )

inlineinherited

Set the symmetric key of this object.

Parameters

key	the to be set as a byte array.
length	in bytes of key param

Definition at line 128 of file sym_algo.h.

{ set_key(std::span{key, length}); }

References set_key().

Referenced by set_key().

set_key() [3/3]

void Botan::SymmetricAlgorithm::set_key ( std::span< const uint8_t > key )

inherited

Set the symmetric key of this object.

Parameters

key	the contiguous byte range to be set.

Definition at line 22 of file sym_algo.cpp.

                                                           {
   if(!valid_keylength(key.size())) {
      throw Invalid_Key_Length(name(), key.size());
   }
   key_schedule(key);
}

References name(), and valid_keylength().

start() [1/3]

void Botan::Cipher_Mode::start ( )

inlineinherited

Begin processing a message.

The exact semantics of this depend on the mode. For many modes, the call will fail since a nonce must be provided.

For certain modes such as CBC this will instead cause the last ciphertext block to be used as the nonce of the new message; doing this isn't a good idea, but some (mostly older) protocols do this.

Definition at line 117 of file cipher_mode.h.

{ return start_msg(nullptr, 0); }

References start_msg().

start() [2/3]

void Botan::Cipher_Mode::start ( const uint8_t nonce[], size_t nonce_len )

inlineinherited

Begin processing a message with a fresh nonce.

Parameters

nonce	the per message nonce
nonce_len	length of nonce

Definition at line 105 of file cipher_mode.h.

{ start_msg(nonce, nonce_len); }

References start_msg().

start() [3/3]

void Botan::Cipher_Mode::start ( std::span< const uint8_t > nonce )

inlineinherited

Begin processing a message with a fresh nonce.

Warning

Typically one must not reuse the same nonce for more than one message under the same key. For most cipher modes this would mean total loss of security and/or authenticity guarantees.

Note

If reliably generating unique nonces is difficult in your environment, use SIV which retains security even if nonces are repeated.

Parameters

nonce

the per message nonce

Definition at line 98 of file cipher_mode.h.

{ start_msg(nonce.data(), nonce.size()); }

References start_msg().

Referenced by botan_cipher_start(), and Botan::TLS::write_record().

tag_size()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::tag_size ( ) const

inlinefinalvirtual

Returns

the size of the authentication tag used (in bytes)

Reimplemented from Botan::Cipher_Mode.

Definition at line 37 of file tls_cbc.h.

{ return m_tag_size; }

Referenced by Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption::minimum_final_size(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::output_length().

update()

template<concepts::resizable_byte_buffer T>

void Botan::Cipher_Mode::update ( T & buffer, size_t offset = 0 )

inlineinherited

Process some data. Input must be in size update_granularity() uint8_t blocks. The buffer is an in/out parameter and may be resized. In particular, some modes require that all input be consumed before any output is produced; with these modes, buffer will be returned empty.

The first offset bytes of buffer will be ignored (this allows in place processing of a buffer that contains an initial plaintext header).

Parameters

buffer	in/out parameter which will possibly be resized
offset	an offset into blocks to begin processing

Definition at line 149 of file cipher_mode.h.

                                                {
         const size_t written = process(std::span(buffer).subspan(offset));
         buffer.resize(offset + written);
      }

References process().

update_granularity()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::update_granularity ( ) const

finalvirtual

The :cpp:class:Cipher_Mode interface requires message processing in multiples of the block size. This returns size of required blocks to update. If the mode implementation does not require buffering it will return 1.

Returns

size of required blocks to update

Implements Botan::Cipher_Mode.

Definition at line 71 of file tls_cbc.cpp.

                                                        {
   return 1;  // just buffers anyway
}

use_encrypt_then_mac()

bool Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::use_encrypt_then_mac ( ) const

inlineprotected

Definition at line 64 of file tls_cbc.h.

{ return m_use_encrypt_then_mac; }

Referenced by Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::output_length(), Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::set_associated_data_n(), Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption::TLS_CBC_HMAC_AEAD_Decryption(), Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::TLS_CBC_HMAC_AEAD_Encryption(), and TLS_CBC_HMAC_AEAD_Mode().

valid_keylength()

bool Botan::SymmetricAlgorithm::valid_keylength ( size_t length ) const

inlineinherited

Check whether a given key length is valid for this algorithm.

Parameters

length

the key length to be checked.

Returns

true if the key length is valid.

Definition at line 109 of file sym_algo.h.

{ return key_spec().valid_keylength(length); }

References key_spec().

Referenced by set_key().

valid_nonce_length()

bool Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::valid_nonce_length ( size_t nonce_len ) const

finalvirtual

Returns

true iff nonce_len is a valid length for the nonce

Implements Botan::Cipher_Mode.

Definition at line 79 of file tls_cbc.cpp.

                                                               {
   if(m_cbc_state.empty()) {
      return nl == block_size();
   }
   return nl == iv_size();
}

References block_size(), and iv_size().

---

The documentation for this class was generated from the following files:

• src/lib/tls/tls12/tls_cbc/tls_cbc.h
• src/lib/tls/tls12/tls_cbc/tls_cbc.cpp