Botan  2.4.0
Crypto and TLS for C++11
Public Member Functions | Static Public Member Functions | Protected Member Functions | List of all members
Botan::TLS::TLS_CBC_HMAC_AEAD_Mode Class Referenceabstract

#include <tls_cbc.h>

Inheritance diagram for Botan::TLS::TLS_CBC_HMAC_AEAD_Mode:
Botan::AEAD_Mode Botan::Cipher_Mode Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption

Public Member Functions

bool authenticated () const override
 
void clear () override final
 
size_t default_nonce_length () const override final
 
virtual void finish (secure_vector< uint8_t > &final_block, size_t offset=0)=0
 
Key_Length_Specification key_spec () const override final
 
virtual size_t minimum_final_size () const =0
 
std::string name () const override final
 
virtual size_t output_length (size_t input_length) const =0
 
size_t process (uint8_t buf[], size_t sz) override final
 
virtual std::string provider () const
 
void reset () override final
 
template<typename Alloc >
void set_ad (const std::vector< uint8_t, Alloc > &ad)
 
void set_associated_data (const uint8_t ad[], size_t ad_len) override
 
template<typename Alloc >
void set_associated_data_vec (const std::vector< uint8_t, Alloc > &ad)
 
template<typename Alloc >
void set_key (const std::vector< uint8_t, Alloc > &key)
 
void set_key (const SymmetricKey &key)
 
void set_key (const uint8_t key[], size_t length)
 
template<typename Alloc >
void start (const std::vector< uint8_t, Alloc > &nonce)
 
void start (const uint8_t nonce[], size_t nonce_len)
 
void start ()
 
size_t tag_size () const override final
 
void update (secure_vector< uint8_t > &buffer, size_t offset=0)
 
size_t update_granularity () const override final
 
bool valid_keylength (size_t length) const
 
bool valid_nonce_length (size_t nl) const override final
 

Static Public Member Functions

static std::vector< std::string > providers (const std::string &algo_spec)
 

Protected Member Functions

std::vector< uint8_t > & assoc_data ()
 
std::vector< uint8_t > assoc_data_with_len (uint16_t len)
 
size_t block_size () const
 
Cipher_Modecbc () const
 
secure_vector< uint8_t > & cbc_state ()
 
size_t cipher_keylen () const
 
size_t iv_size () const
 
MessageAuthenticationCodemac () const
 
size_t mac_keylen () const
 
secure_vector< uint8_t > & msg ()
 
 TLS_CBC_HMAC_AEAD_Mode (Cipher_Dir direction, const std::string &cipher_name, size_t cipher_keylen, const std::string &mac_name, size_t mac_keylen, bool use_explicit_iv, bool use_encrypt_then_mac)
 
bool use_encrypt_then_mac () const
 

Detailed Description

TLS CBC+HMAC AEAD base class (GenericBlockCipher in TLS spec) This is the weird TLS-specific mode, not for general consumption.

Definition at line 24 of file tls_cbc.h.

Constructor & Destructor Documentation

◆ TLS_CBC_HMAC_AEAD_Mode()

Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::TLS_CBC_HMAC_AEAD_Mode ( Cipher_Dir  direction,
const std::string &  cipher_name,
size_t  cipher_keylen,
const std::string &  mac_name,
size_t  mac_keylen,
bool  use_explicit_iv,
bool  use_encrypt_then_mac 
)
protected

Definition at line 26 of file tls_cbc.cpp.

References Botan::BlockCipher::create_or_throw(), Botan::MessageAuthenticationCode::create_or_throw(), and Botan::ENCRYPTION.

32  :
33  m_cipher_name(cipher_name),
34  m_mac_name(mac_name),
35  m_cipher_keylen(cipher_keylen),
36  m_mac_keylen(mac_keylen),
37  m_use_encrypt_then_mac(use_encrypt_then_mac)
38  {
39  m_mac = MessageAuthenticationCode::create_or_throw("HMAC(" + m_mac_name + ")");
40  std::unique_ptr<BlockCipher> cipher = BlockCipher::create_or_throw(m_cipher_name);
41 
42  m_tag_size = m_mac->output_length();
43  m_block_size = cipher->block_size();
44 
45  m_iv_size = use_explicit_iv ? m_block_size : 0;
46 
47  if(dir == ENCRYPTION)
48  m_cbc.reset(new CBC_Encryption(cipher.release(), new Null_Padding));
49  else
50  m_cbc.reset(new CBC_Decryption(cipher.release(), new Null_Padding));
51  }
std::string m_cipher_name
static std::unique_ptr< BlockCipher > create_or_throw(const std::string &algo_spec, const std::string &provider="")
static std::unique_ptr< MessageAuthenticationCode > create_or_throw(const std::string &algo_spec, const std::string &provider="")
Definition: mac.cpp:140

Member Function Documentation

◆ assoc_data()

std::vector<uint8_t>& Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::assoc_data ( )
inlineprotected

◆ assoc_data_with_len()

std::vector< uint8_t > Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::assoc_data_with_len ( uint16_t  len)
protected

Definition at line 121 of file tls_cbc.cpp.

References BOTAN_ASSERT, and Botan::get_byte().

Referenced by Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption::finish().

122  {
123  std::vector<uint8_t> ad = m_ad;
124  BOTAN_ASSERT(ad.size() == 13, "Expected AAD size");
125  ad[11] = get_byte(0, len);
126  ad[12] = get_byte(1, len);
127  return ad;
128  }
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:29
uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:39

◆ authenticated()

bool Botan::AEAD_Mode::authenticated ( ) const
inlineoverridevirtualinherited
Returns
true iff this mode provides authentication as well as confidentiality.

Reimplemented from Botan::Cipher_Mode.

Definition at line 25 of file aead.h.

25 { return true; }

◆ block_size()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::block_size ( ) const
inlineprotected

◆ cbc()

Cipher_Mode& Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::cbc ( ) const
inlineprotected

◆ cbc_state()

secure_vector<uint8_t>& Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::cbc_state ( )
inlineprotected

◆ cipher_keylen()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::cipher_keylen ( ) const
inlineprotected

Definition at line 56 of file tls_cbc.h.

56 { return m_cipher_keylen; }

◆ clear()

void Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::clear ( )
finaloverridevirtual

Zeroise all state See also reset_msg()

Implements Botan::Cipher_Mode.

Definition at line 53 of file tls_cbc.cpp.

References cbc(), Botan::SymmetricAlgorithm::clear(), Botan::Cipher_Mode::clear(), mac(), and reset().

54  {
55  cbc().clear();
56  mac().clear();
57  reset();
58  }
virtual void clear()=0
Cipher_Mode & cbc() const
Definition: tls_cbc.h:63
MessageAuthenticationCode & mac() const
Definition: tls_cbc.h:65
virtual void clear()=0
void reset() override final
Definition: tls_cbc.cpp:60

◆ default_nonce_length()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::default_nonce_length ( ) const
inlinefinaloverridevirtual
Returns
default AEAD nonce size (a commonly supported value among AEAD modes, and large enough that random collisions are unlikely)

Reimplemented from Botan::AEAD_Mode.

Definition at line 41 of file tls_cbc.h.

41 { return m_iv_size; }

◆ finish()

virtual void Botan::Cipher_Mode::finish ( secure_vector< uint8_t > &  final_block,
size_t  offset = 0 
)
pure virtualinherited

◆ iv_size()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::iv_size ( ) const
inlineprotected

◆ key_spec()

Key_Length_Specification Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::key_spec ( ) const
finaloverridevirtual
Returns
object describing limits on key size

Implements Botan::Cipher_Mode.

Definition at line 84 of file tls_cbc.cpp.

References cbc(), mac(), name(), Botan::SymmetricAlgorithm::set_key(), Botan::Cipher_Mode::set_key(), and valid_nonce_length().

85  {
86  return Key_Length_Specification(m_cipher_keylen + m_mac_keylen);
87  }

◆ mac()

MessageAuthenticationCode& Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::mac ( ) const
inlineprotected

◆ mac_keylen()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::mac_keylen ( ) const
inlineprotected

Definition at line 57 of file tls_cbc.h.

57 { return m_mac_keylen; }

◆ minimum_final_size()

virtual size_t Botan::Cipher_Mode::minimum_final_size ( ) const
pure virtualinherited

◆ msg()

secure_vector<uint8_t>& Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::msg ( )
inlineprotected

Definition at line 73 of file tls_cbc.h.

Referenced by Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::finish(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption::finish().

73 { return m_msg; }

◆ name()

std::string Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::name ( ) const
finaloverridevirtual

Implements Botan::Cipher_Mode.

Definition at line 67 of file tls_cbc.cpp.

Referenced by key_spec(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption::output_length().

68  {
69  return "TLS_CBC(" + m_cipher_name + "," + m_mac_name + ")";
70  }
std::string m_cipher_name

◆ output_length()

virtual size_t Botan::Cipher_Mode::output_length ( size_t  input_length) const
pure virtualinherited

◆ process()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::process ( uint8_t  msg[],
size_t  msg_len 
)
finaloverridevirtual

Process message blocks

Input must be a multiple of update_granularity

Processes msg in place and returns bytes written. Normally this will be either msg_len (indicating the entire message was processed) or for certain AEAD modes zero (indicating that the mode requires the entire message be processed in one pass).

Parameters
msgthe message to be processed
msg_lenlength of the message in bytes

Implements Botan::Cipher_Mode.

Definition at line 115 of file tls_cbc.cpp.

116  {
117  m_msg.insert(m_msg.end(), buf, buf + sz);
118  return 0;
119  }

◆ provider()

virtual std::string Botan::Cipher_Mode::provider ( ) const
inlinevirtualinherited
Returns
provider information about this implementation. Default is "base", might also return "sse2", "avx2", "openssl", or some other arbitrary string.

Reimplemented in Botan::GCM_Mode.

Definition at line 208 of file cipher_mode.h.

208 { return "base"; }

◆ providers()

std::vector< std::string > Botan::Cipher_Mode::providers ( const std::string &  algo_spec)
staticinherited
Returns
list of available providers for this algorithm, empty if not available
Parameters
algo_specalgorithm name

Definition at line 158 of file cipher_mode.cpp.

References Botan::ENCRYPTION, and Botan::get_cipher_mode().

159  {
160  const std::vector<std::string>& possible = { "base", "openssl" };
161  std::vector<std::string> providers;
162  for(auto&& prov : possible)
163  {
164  std::unique_ptr<Cipher_Mode> mode(get_cipher_mode(algo_spec, ENCRYPTION, prov));
165  if(mode)
166  {
167  providers.push_back(prov); // available
168  }
169  }
170  return providers;
171  }
Cipher_Mode * get_cipher_mode(const std::string &algo, Cipher_Dir direction, const std::string &provider)
Definition: cipher_mode.cpp:40
static std::vector< std::string > providers(const std::string &algo_spec)

◆ reset()

void Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::reset ( )
finaloverridevirtual

Resets just the message specific state and allows encrypting again under the existing key

Implements Botan::Cipher_Mode.

Definition at line 60 of file tls_cbc.cpp.

References cbc_state().

Referenced by clear().

61  {
62  cbc_state().clear();
63  m_ad.clear();
64  m_msg.clear();
65  }
secure_vector< uint8_t > & cbc_state()
Definition: tls_cbc.h:71

◆ set_ad()

template<typename Alloc >
void Botan::AEAD_Mode::set_ad ( const std::vector< uint8_t, Alloc > &  ad)
inlineinherited

Set associated data that is not included in the ciphertext but that should be authenticated. Must be called after set_key and before start.

See set_associated_data().

Parameters
adthe associated data

Definition at line 66 of file aead.h.

Referenced by Botan::TLS::write_record().

67  {
68  set_associated_data(ad.data(), ad.size());
69  }
virtual void set_associated_data(const uint8_t ad[], size_t ad_len)=0

◆ set_associated_data()

void Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::set_associated_data ( const uint8_t  ad[],
size_t  ad_len 
)
overridevirtual

Set associated data that is not included in the ciphertext but that should be authenticated. Must be called after set_key and before start.

Unless reset by another call, the associated data is kept between messages. Thus, if the AD does not change, calling once (after set_key) is the optimum.

Parameters
adthe associated data
ad_lenlength of add in bytes

Implements Botan::AEAD_Mode.

Reimplemented in Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption.

Definition at line 130 of file tls_cbc.cpp.

Referenced by Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::set_associated_data().

131  {
132  if(ad_len != 13)
133  throw Exception("Invalid TLS AEAD associated data length");
134  m_ad.assign(ad, ad + ad_len);
135  }

◆ set_associated_data_vec()

template<typename Alloc >
void Botan::AEAD_Mode::set_associated_data_vec ( const std::vector< uint8_t, Alloc > &  ad)
inlineinherited

Set associated data that is not included in the ciphertext but that should be authenticated. Must be called after set_key and before start.

See set_associated_data().

Parameters
adthe associated data

Definition at line 51 of file aead.h.

Referenced by Botan::TLS::write_record().

52  {
53  set_associated_data(ad.data(), ad.size());
54  }
virtual void set_associated_data(const uint8_t ad[], size_t ad_len)=0

◆ set_key() [1/3]

template<typename Alloc >
void Botan::Cipher_Mode::set_key ( const std::vector< uint8_t, Alloc > &  key)
inlineinherited

Set the symmetric key of this transform

Parameters
keycontains the key material

Definition at line 178 of file cipher_mode.h.

Referenced by botan_cipher_set_key(), and key_spec().

179  {
180  set_key(key.data(), key.size());
181  }
void set_key(const std::vector< uint8_t, Alloc > &key)
Definition: cipher_mode.h:178

◆ set_key() [2/3]

void Botan::Cipher_Mode::set_key ( const SymmetricKey key)
inlineinherited

Set the symmetric key of this transform

Parameters
keycontains the key material

Definition at line 187 of file cipher_mode.h.

References Botan::OctetString::begin(), and Botan::OctetString::length().

188  {
189  set_key(key.begin(), key.length());
190  }
void set_key(const std::vector< uint8_t, Alloc > &key)
Definition: cipher_mode.h:178

◆ set_key() [3/3]

void Botan::Cipher_Mode::set_key ( const uint8_t  key[],
size_t  length 
)
inlineinherited

Set the symmetric key of this transform

Parameters
keycontains the key material
lengthin bytes of key param

Definition at line 197 of file cipher_mode.h.

198  {
199  if(!valid_keylength(length))
200  throw Invalid_Key_Length(name(), length);
201  key_schedule(key, length);
202  }
virtual std::string name() const =0
bool valid_keylength(size_t length) const
Definition: cipher_mode.h:168

◆ start() [1/3]

template<typename Alloc >
void Botan::Cipher_Mode::start ( const std::vector< uint8_t, Alloc > &  nonce)
inlineinherited

Begin processing a message.

Parameters
noncethe per message nonce

Definition at line 44 of file cipher_mode.h.

Referenced by botan_cipher_start(), Botan::TLS::check_tls_cbc_padding(), Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::set_associated_data(), and Botan::TLS::write_record().

45  {
46  start_msg(nonce.data(), nonce.size());
47  }
virtual void start_msg(const uint8_t nonce[], size_t nonce_len)=0

◆ start() [2/3]

void Botan::Cipher_Mode::start ( const uint8_t  nonce[],
size_t  nonce_len 
)
inlineinherited

Begin processing a message.

Parameters
noncethe per message nonce
nonce_lenlength of nonce

Definition at line 54 of file cipher_mode.h.

55  {
56  start_msg(nonce, nonce_len);
57  }
virtual void start_msg(const uint8_t nonce[], size_t nonce_len)=0

◆ start() [3/3]

void Botan::Cipher_Mode::start ( )
inlineinherited

Begin processing a message.

Definition at line 62 of file cipher_mode.h.

63  {
64  return start_msg(nullptr, 0);
65  }
virtual void start_msg(const uint8_t nonce[], size_t nonce_len)=0

◆ tag_size()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::tag_size ( ) const
inlinefinaloverridevirtual
Returns
the size of the authentication tag used (in bytes)

Reimplemented from Botan::Cipher_Mode.

Definition at line 39 of file tls_cbc.h.

Referenced by Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::finish(), Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption::finish(), Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::output_length(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption::output_length().

39 { return m_tag_size; }

◆ update()

void Botan::Cipher_Mode::update ( secure_vector< uint8_t > &  buffer,
size_t  offset = 0 
)
inlineinherited

Process some data. Input must be in size update_granularity() uint8_t blocks.

Parameters
bufferin/out parameter which will possibly be resized
offsetan offset into blocks to begin processing

Definition at line 87 of file cipher_mode.h.

References BOTAN_ASSERT.

Referenced by botan_cipher_update(), Botan::XTS_Encryption::finish(), Botan::ChaCha20Poly1305_Encryption::finish(), Botan::CFB_Encryption::finish(), Botan::CBC_Encryption::finish(), Botan::EAX_Encryption::finish(), Botan::XTS_Decryption::finish(), Botan::CFB_Decryption::finish(), Botan::CTS_Encryption::finish(), Botan::CBC_Decryption::finish(), Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::finish(), Botan::CTS_Decryption::finish(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption::finish().

88  {
89  BOTAN_ASSERT(buffer.size() >= offset, "Offset ok");
90  uint8_t* buf = buffer.data() + offset;
91  const size_t buf_size = buffer.size() - offset;
92 
93  const size_t written = process(buf, buf_size);
94  buffer.resize(offset + written);
95  }
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:29
virtual size_t process(uint8_t msg[], size_t msg_len)=0

◆ update_granularity()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::update_granularity ( ) const
finaloverridevirtual
Returns
size of required blocks to update

Implements Botan::Cipher_Mode.

Definition at line 72 of file tls_cbc.cpp.

73  {
74  return 1; // just buffers anyway
75  }

◆ use_encrypt_then_mac()

bool Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::use_encrypt_then_mac ( ) const
inlineprotected

◆ valid_keylength()

bool Botan::Cipher_Mode::valid_keylength ( size_t  length) const
inlineinherited

Check whether a given key length is valid for this algorithm.

Parameters
lengththe key length to be checked.
Returns
true if the key length is valid.

Definition at line 168 of file cipher_mode.h.

169  {
170  return key_spec().valid_keylength(length);
171  }
virtual Key_Length_Specification key_spec() const =0
bool valid_keylength(size_t length) const
Definition: key_spec.h:51

◆ valid_nonce_length()

bool Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::valid_nonce_length ( size_t  nonce_len) const
finaloverridevirtual
Returns
true iff nonce_len is a valid length for the nonce

Implements Botan::Cipher_Mode.

Definition at line 77 of file tls_cbc.cpp.

References block_size(), and iv_size().

Referenced by key_spec().

78  {
79  if(m_cbc_state.empty())
80  return nl == block_size();
81  return nl == iv_size();
82  }

The documentation for this class was generated from the following files: