Botan 3.0.0
Crypto and TLS for C&
Public Member Functions | Static Public Member Functions | Protected Member Functions | List of all members
Botan::TLS::TLS_CBC_HMAC_AEAD_Mode Class Referenceabstract

#include <tls_cbc.h>

Inheritance diagram for Botan::TLS::TLS_CBC_HMAC_AEAD_Mode:
Botan::AEAD_Mode Botan::Cipher_Mode Botan::SymmetricAlgorithm Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption

Public Member Functions

virtual bool associated_data_requires_key () const
 
bool authenticated () const
 
void clear () override final
 
size_t default_nonce_length () const override final
 
void finish (secure_vector< uint8_t > &final_block, size_t offset=0)
 
template<concepts::resizable_byte_buffer T>
void finish (T &final_block, size_t offset=0)
 
bool has_keying_material () const override final
 
size_t ideal_granularity () const override final
 
Key_Length_Specification key_spec () const override final
 
virtual size_t maximum_associated_data_inputs () const
 
size_t maximum_keylength () const
 
virtual size_t minimum_final_size () const =0
 
size_t minimum_keylength () const
 
std::string name () const override final
 
virtual size_t output_length (size_t input_length) const =0
 
size_t process (std::span< uint8_t > msg)
 
size_t process (uint8_t msg[], size_t msg_len)
 
virtual std::string provider () const
 
virtual bool requires_entire_message () const
 
void reset () override final
 
void set_ad (std::span< const uint8_t > ad)
 
void set_associated_data (const uint8_t ad[], size_t ad_len)
 
void set_associated_data (std::span< const uint8_t > ad)
 
void set_associated_data_n (size_t idx, std::span< const uint8_t > ad) override
 
template<typename Alloc >
void set_associated_data_vec (const std::vector< uint8_t, Alloc > &ad)
 
void set_key (const SymmetricKey &key)
 
void set_key (const uint8_t key[], size_t length)
 
void set_key (std::span< const uint8_t > key)
 
void start ()
 
void start (const uint8_t nonce[], size_t nonce_len)
 
void start (std::span< const uint8_t > nonce)
 
size_t tag_size () const override final
 
template<concepts::resizable_byte_buffer T>
void update (T &buffer, size_t offset=0)
 
size_t update_granularity () const override final
 
bool valid_keylength (size_t length) const
 
bool valid_nonce_length (size_t nl) const override final
 

Static Public Member Functions

static std::unique_ptr< AEAD_Modecreate (std::string_view algo, Cipher_Dir direction, std::string_view provider="")
 
static std::unique_ptr< AEAD_Modecreate_or_throw (std::string_view algo, Cipher_Dir direction, std::string_view provider="")
 
static std::vector< std::string > providers (std::string_view algo_spec)
 

Protected Member Functions

void assert_key_material_set () const
 
void assert_key_material_set (bool predicate) const
 
std::vector< uint8_t > & assoc_data ()
 
std::vector< uint8_t > assoc_data_with_len (uint16_t len)
 
size_t block_size () const
 
Cipher_Modecbc () const
 
secure_vector< uint8_t > & cbc_state ()
 
size_t cipher_keylen () const
 
virtual void finish_msg (secure_vector< uint8_t > &final_block, size_t offset=0)=0
 
bool is_datagram_protocol () const
 
size_t iv_size () const
 
MessageAuthenticationCodemac () const
 
size_t mac_keylen () const
 
secure_vector< uint8_t > & msg ()
 
 TLS_CBC_HMAC_AEAD_Mode (Cipher_Dir direction, std::unique_ptr< BlockCipher > cipher, std::unique_ptr< MessageAuthenticationCode > mac, size_t cipher_keylen, size_t mac_keylen, Protocol_Version version, bool use_encrypt_then_mac)
 
bool use_encrypt_then_mac () const
 

Detailed Description

TLS CBC+HMAC AEAD base class (GenericBlockCipher in TLS spec) This is the weird TLS-specific mode, not for general consumption.

Definition at line 25 of file tls_cbc.h.

Constructor & Destructor Documentation

◆ TLS_CBC_HMAC_AEAD_Mode()

Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::TLS_CBC_HMAC_AEAD_Mode ( Cipher_Dir  direction,
std::unique_ptr< BlockCipher cipher,
std::unique_ptr< MessageAuthenticationCode mac,
size_t  cipher_keylen,
size_t  mac_keylen,
Protocol_Version  version,
bool  use_encrypt_then_mac 
)
protected

Definition at line 25 of file tls_cbc.cpp.

31 :
32 m_cipher_name(cipher->name()),
33 m_mac_name(mac->name()),
34 m_cipher_keylen(cipher_keylen),
35 m_mac_keylen(mac_keylen),
36 m_use_encrypt_then_mac(use_encrypt_then_mac)
37 {
38 m_tag_size = mac->output_length();
39 m_block_size = cipher->block_size();
40
41 m_iv_size = m_block_size;
42
43 m_is_datagram = version.is_datagram_protocol();
44
45 m_mac = std::move(mac);
46
47 auto null_padding = std::make_unique<Null_Padding>();
48 if(dir == Cipher_Dir::Encryption)
49 m_cbc = std::make_unique<CBC_Encryption>(std::move(cipher), std::move(null_padding));
50 else
51 m_cbc = std::make_unique<CBC_Decryption>(std::move(cipher), std::move(null_padding));
52 }
Botan::Buffered_Computation::output_length
virtual size_t output_length() const =0
Botan::SymmetricAlgorithm::name
virtual std::string name() const =0
Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::mac_keylen
size_t mac_keylen() const
Definition: tls_cbc.h:59
Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::use_encrypt_then_mac
bool use_encrypt_then_mac() const
Definition: tls_cbc.h:63
Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::cipher_keylen
size_t cipher_keylen() const
Definition: tls_cbc.h:58
Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::mac
MessageAuthenticationCode & mac() const
Definition: tls_cbc.h:69

References Botan::Encryption, Botan::TLS::Protocol_Version::is_datagram_protocol(), mac(), and Botan::Buffered_Computation::output_length().

Member Function Documentation

◆ assert_key_material_set() [1/2]

void Botan::SymmetricAlgorithm::assert_key_material_set ( ) const
inlineprotectedinherited

Definition at line 182 of file sym_algo.h.

183 {
184 assert_key_material_set(has_keying_material());
185 }
Botan::SymmetricAlgorithm::has_keying_material
virtual bool has_keying_material() const =0
Botan::SymmetricAlgorithm::assert_key_material_set
void assert_key_material_set() const
Definition: sym_algo.h:182

Referenced by Botan::Salsa20::cipher_bytes(), Botan::AES_128::decrypt_n(), Botan::AES_192::decrypt_n(), Botan::AES_256::decrypt_n(), Botan::ARIA_128::decrypt_n(), Botan::ARIA_192::decrypt_n(), Botan::ARIA_256::decrypt_n(), Botan::Blowfish::decrypt_n(), Botan::Camellia_128::decrypt_n(), Botan::Camellia_192::decrypt_n(), Botan::Camellia_256::decrypt_n(), Botan::CAST_128::decrypt_n(), Botan::DES::decrypt_n(), Botan::TripleDES::decrypt_n(), Botan::GOST_28147_89::decrypt_n(), Botan::IDEA::decrypt_n(), Botan::Lion::decrypt_n(), Botan::Noekeon::decrypt_n(), Botan::SEED::decrypt_n(), Botan::Serpent::decrypt_n(), Botan::SHACAL2::decrypt_n(), Botan::SM4::decrypt_n(), Botan::Threefish_512::decrypt_n(), Botan::Twofish::decrypt_n(), Botan::AES_128::encrypt_n(), Botan::AES_192::encrypt_n(), Botan::AES_256::encrypt_n(), Botan::ARIA_128::encrypt_n(), Botan::ARIA_192::encrypt_n(), Botan::ARIA_256::encrypt_n(), Botan::Blowfish::encrypt_n(), Botan::Camellia_128::encrypt_n(), Botan::Camellia_192::encrypt_n(), Botan::Camellia_256::encrypt_n(), Botan::CAST_128::encrypt_n(), Botan::DES::encrypt_n(), Botan::TripleDES::encrypt_n(), Botan::GOST_28147_89::encrypt_n(), Botan::IDEA::encrypt_n(), Botan::Lion::encrypt_n(), Botan::Noekeon::encrypt_n(), Botan::SEED::encrypt_n(), Botan::Serpent::encrypt_n(), Botan::SHACAL2::encrypt_n(), Botan::SM4::encrypt_n(), Botan::Threefish_512::encrypt_n(), Botan::Twofish::encrypt_n(), Botan::GHASH::final(), Botan::GHASH::ghash_update(), Botan::ChaCha::seek(), Botan::CTR_BE::seek(), Botan::Salsa20::seek(), Botan::OCB_Mode::set_associated_data_n(), Botan::Salsa20::set_iv_bytes(), Botan::GHASH::update(), and Botan::GHASH::update_associated_data().

◆ assert_key_material_set() [2/2]

void Botan::SymmetricAlgorithm::assert_key_material_set ( bool  predicate) const
inlineprotectedinherited

Definition at line 187 of file sym_algo.h.

188 {
189 if(!predicate)
190 throw_key_not_set_error();
191 }

◆ assoc_data()

std::vector< uint8_t > & Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::assoc_data ( )
inlineprotected

Definition at line 76 of file tls_cbc.h.

76{ return m_ad; }

Referenced by Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::set_associated_data_n().

◆ assoc_data_with_len()

std::vector< uint8_t > Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::assoc_data_with_len ( uint16_t  len)
protected

Definition at line 132 of file tls_cbc.cpp.

133 {
134 std::vector<uint8_t> ad = m_ad;
135 BOTAN_ASSERT(ad.size() == 13, "Expected AAD size");
136 ad[11] = get_byte<0>(len);
137 ad[12] = get_byte<1>(len);
138 return ad;
139 }
BOTAN_ASSERT
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:54

References BOTAN_ASSERT.

◆ associated_data_requires_key()

virtual bool Botan::AEAD_Mode::associated_data_requires_key ( ) const
inlinevirtualinherited

Most AEADs require the key to be set prior to setting the AD A few allow the AD to be set even before the cipher is keyed. Such ciphers would return false from this function.

Reimplemented in Botan::ChaCha20Poly1305_Mode, and Botan::CCM_Mode.

Definition at line 100 of file aead.h.

100{ return true; }

◆ authenticated()

bool Botan::Cipher_Mode::authenticated ( ) const
inlineinherited
Returns
true iff this mode provides authentication as well as confidentiality.

Definition at line 239 of file cipher_mode.h.

239{ return this->tag_size() > 0; }
Botan::Cipher_Mode::tag_size
virtual size_t tag_size() const
Definition: cipher_mode.h:244

◆ block_size()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::block_size ( ) const
inlineprotected

Definition at line 61 of file tls_cbc.h.

61{ return m_block_size; }

Referenced by Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::output_length(), Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::set_associated_data_n(), and valid_nonce_length().

◆ cbc()

Cipher_Mode & Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::cbc ( ) const
inlineprotected

Definition at line 67 of file tls_cbc.h.

67{ return *m_cbc; }

Referenced by clear(), and has_keying_material().

◆ cbc_state()

secure_vector< uint8_t > & Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::cbc_state ( )
inlineprotected

Definition at line 75 of file tls_cbc.h.

75{ return m_cbc_state; }

Referenced by reset().

◆ cipher_keylen()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::cipher_keylen ( ) const
inlineprotected

Definition at line 58 of file tls_cbc.h.

58{ return m_cipher_keylen; }

◆ clear()

void Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::clear ( )
finaloverridevirtual

Reset the internal state. This includes not just the key, but any partial message that may have been in process.

Implements Botan::SymmetricAlgorithm.

Definition at line 54 of file tls_cbc.cpp.

55 {
56 cbc().clear();
57 mac().clear();
58 reset();
59 }
Botan::SymmetricAlgorithm::clear
virtual void clear()=0
Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::reset
void reset() override final
Definition: tls_cbc.cpp:61
Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::cbc
Cipher_Mode & cbc() const
Definition: tls_cbc.h:67

References cbc(), Botan::SymmetricAlgorithm::clear(), mac(), and reset().

◆ create()

std::unique_ptr< AEAD_Mode > Botan::AEAD_Mode::create ( std::string_view  algo,
Cipher_Dir  direction,
std::string_view  provider = "" 
)
staticinherited

Create an AEAD mode

Parameters
algothe algorithm to create
directionspecify if this should be an encryption or decryption AEAD
provideroptional specification for provider to use
Returns
an AEAD mode or a null pointer if not available

Definition at line 52 of file aead.cpp.

55 {
56 BOTAN_UNUSED(provider);
57#if defined(BOTAN_HAS_AEAD_CHACHA20_POLY1305)
58 if(algo == "ChaCha20Poly1305")
59 {
60 if(dir == Cipher_Dir::Encryption)
61 return std::make_unique<ChaCha20Poly1305_Encryption>();
62 else
63 return std::make_unique<ChaCha20Poly1305_Decryption>();
64
65 }
66#endif
67
68 if(algo.find('/') != std::string::npos)
69 {
70 const std::vector<std::string> algo_parts = split_on(algo, '/');
71 std::string_view cipher_name = algo_parts[0];
72 const std::vector<std::string> mode_info = parse_algorithm_name(algo_parts[1]);
73
74 if(mode_info.empty())
75 return std::unique_ptr<AEAD_Mode>();
76
77 std::ostringstream mode_name;
78
79 mode_name << mode_info[0] << '(' << cipher_name;
80 for(size_t i = 1; i < mode_info.size(); ++i)
81 mode_name << ',' << mode_info[i];
82 for(size_t i = 2; i < algo_parts.size(); ++i)
83 mode_name << ',' << algo_parts[i];
84 mode_name << ')';
85
86 return AEAD_Mode::create(mode_name.str(), dir);
87 }
88
89#if defined(BOTAN_HAS_BLOCK_CIPHER)
90
91 SCAN_Name req(algo);
92
93 if(req.arg_count() == 0)
94 {
95 return std::unique_ptr<AEAD_Mode>();
96 }
97
98 auto bc = BlockCipher::create(req.arg(0), provider);
99
100 if(!bc)
101 {
102 return std::unique_ptr<AEAD_Mode>();
103 }
104
105#if defined(BOTAN_HAS_AEAD_CCM)
106 if(req.algo_name() == "CCM")
107 {
108 size_t tag_len = req.arg_as_integer(1, 16);
109 size_t L_len = req.arg_as_integer(2, 3);
110 if(dir == Cipher_Dir::Encryption)
111 return std::make_unique<CCM_Encryption>(std::move(bc), tag_len, L_len);
112 else
113 return std::make_unique<CCM_Decryption>(std::move(bc), tag_len, L_len);
114 }
115#endif
116
117#if defined(BOTAN_HAS_AEAD_GCM)
118 if(req.algo_name() == "GCM")
119 {
120 size_t tag_len = req.arg_as_integer(1, 16);
121 if(dir == Cipher_Dir::Encryption)
122 return std::make_unique<GCM_Encryption>(std::move(bc), tag_len);
123 else
124 return std::make_unique<GCM_Decryption>(std::move(bc), tag_len);
125 }
126#endif
127
128#if defined(BOTAN_HAS_AEAD_OCB)
129 if(req.algo_name() == "OCB")
130 {
131 size_t tag_len = req.arg_as_integer(1, 16);
132 if(dir == Cipher_Dir::Encryption)
133 return std::make_unique<OCB_Encryption>(std::move(bc), tag_len);
134 else
135 return std::make_unique<OCB_Decryption>(std::move(bc), tag_len);
136 }
137#endif
138
139#if defined(BOTAN_HAS_AEAD_EAX)
140 if(req.algo_name() == "EAX")
141 {
142 size_t tag_len = req.arg_as_integer(1, bc->block_size());
143 if(dir == Cipher_Dir::Encryption)
144 return std::make_unique<EAX_Encryption>(std::move(bc), tag_len);
145 else
146 return std::make_unique<EAX_Decryption>(std::move(bc), tag_len);
147 }
148#endif
149
150#if defined(BOTAN_HAS_AEAD_SIV)
151 if(req.algo_name() == "SIV")
152 {
153 if(dir == Cipher_Dir::Encryption)
154 return std::make_unique<SIV_Encryption>(std::move(bc));
155 else
156 return std::make_unique<SIV_Decryption>(std::move(bc));
157 }
158#endif
159
160#endif
161
162 return std::unique_ptr<AEAD_Mode>();
163 }
BOTAN_UNUSED
#define BOTAN_UNUSED(...)
Definition: assert.h:141
Botan::AEAD_Mode::create
static std::unique_ptr< AEAD_Mode > create(std::string_view algo, Cipher_Dir direction, std::string_view provider="")
Definition: aead.cpp:52
Botan::BlockCipher::create
static std::unique_ptr< BlockCipher > create(std::string_view algo_spec, std::string_view provider="")
Definition: block_cipher.cpp:87
Botan::Cipher_Mode::provider
virtual std::string provider() const
Definition: cipher_mode.h:250
Botan::split_on
std::vector< std::string > split_on(std::string_view str, char delim)
Definition: parsing.cpp:117
Botan::parse_algorithm_name
std::vector< std::string > parse_algorithm_name(std::string_view namex)
Definition: parsing.cpp:61

References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_as_integer(), Botan::SCAN_Name::arg_count(), BOTAN_UNUSED, Botan::AEAD_Mode::create(), Botan::BlockCipher::create(), Botan::Encryption, Botan::parse_algorithm_name(), Botan::Cipher_Mode::provider(), and Botan::split_on().

Referenced by Botan::AEAD_Mode::create(), Botan::Cipher_Mode::create(), Botan::AEAD_Mode::create_or_throw(), and Botan::get_aead().

◆ create_or_throw()

std::unique_ptr< AEAD_Mode > Botan::AEAD_Mode::create_or_throw ( std::string_view  algo,
Cipher_Dir  direction,
std::string_view  provider = "" 
)
staticinherited

Create an AEAD mode, or throw

Parameters
algothe algorithm to create
directionspecify if this should be an encryption or decryption AEAD
provideroptional specification for provider to use
Returns
an AEAD mode, or throw an exception

Definition at line 42 of file aead.cpp.

45 {
46 if(auto aead = AEAD_Mode::create(algo, dir, provider))
47 return aead;
48
49 throw Lookup_Error("AEAD", algo, provider);
50 }

References Botan::AEAD_Mode::create(), and Botan::Cipher_Mode::provider().

Referenced by Botan::TLS::Cipher_State::advance_with_server_hello(), Botan::TLS::Connection_Cipher_State::Connection_Cipher_State(), Botan::TLS::Session::decrypt(), and Botan::TLS::Session::encrypt().

◆ default_nonce_length()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::default_nonce_length ( ) const
inlinefinaloverridevirtual
Returns
default AEAD nonce size (a commonly supported value among AEAD modes, and large enough that random collisions are unlikely)

Reimplemented from Botan::AEAD_Mode.

Definition at line 42 of file tls_cbc.h.

42{ return m_iv_size; }

◆ finish() [1/2]

void Botan::Cipher_Mode::finish ( secure_vector< uint8_t > &  final_block,
size_t  offset = 0 
)
inlineinherited

Complete processing of a message.

Parameters
final_blockin/out parameter which must be at least minimum_final_size() bytes, and will be set to any final output
offsetan offset into final_block to begin processing

Definition at line 158 of file cipher_mode.h.

159 {
160 finish_msg(final_block, offset);
161 }
Botan::Cipher_Mode::finish_msg
virtual void finish_msg(secure_vector< uint8_t > &final_block, size_t offset=0)=0

Referenced by botan_cipher_update(), and Botan::TLS::write_record().

◆ finish() [2/2]

template<concepts::resizable_byte_buffer T>
void Botan::Cipher_Mode::finish ( T final_block,
size_t  offset = 0 
)
inlineinherited

Complete procession of a message.

Note: Using this overload with anything but a Botan::secure_vector<> is copying the bytes in the in/out buffer.

Parameters
final_blockin/out parameter which must be at least minimum_final_size() bytes, and will be set to any final output
offsetan offset into final_block to begin processing

Definition at line 174 of file cipher_mode.h.

175 {
176 Botan::secure_vector<uint8_t> tmp(final_block.begin(), final_block.end());
177 finish_msg(tmp, offset);
178 final_block.resize(tmp.size());
179 std::copy(tmp.begin(), tmp.end(), final_block.begin());
180 }
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:64

◆ finish_msg()

virtual void Botan::Cipher_Mode::finish_msg ( secure_vector< uint8_t > &  final_block,
size_t  offset = 0 
)
protectedpure virtualinherited

◆ has_keying_material()

bool Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::has_keying_material ( ) const
finaloverridevirtual
Returns
true if a key has been set on this object

Implements Botan::SymmetricAlgorithm.

Definition at line 95 of file tls_cbc.cpp.

96 {
97 return mac().has_keying_material() && cbc().has_keying_material();
98 }

References cbc(), Botan::SymmetricAlgorithm::has_keying_material(), and mac().

◆ ideal_granularity()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::ideal_granularity ( ) const
finaloverridevirtual

Return an ideal granularity. This will be a multiple of the result of update_granularity but may be larger. If so it indicates that better performance may be achieved by providing buffers that are at least that size.

Implements Botan::Cipher_Mode.

Definition at line 78 of file tls_cbc.cpp.

79 {
80 return 1; // just buffers anyway
81 }

◆ is_datagram_protocol()

bool Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::is_datagram_protocol ( ) const
inlineprotected

Definition at line 65 of file tls_cbc.h.

65{ return m_is_datagram; }

◆ iv_size()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::iv_size ( ) const
inlineprotected

Definition at line 60 of file tls_cbc.h.

60{ return m_iv_size; }

Referenced by Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::set_associated_data_n(), and valid_nonce_length().

◆ key_spec()

Key_Length_Specification Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::key_spec ( ) const
finaloverridevirtual
Returns
object describing limits on key size

Implements Botan::SymmetricAlgorithm.

Definition at line 90 of file tls_cbc.cpp.

91 {
92 return Key_Length_Specification(m_cipher_keylen + m_mac_keylen);
93 }

◆ mac()

MessageAuthenticationCode & Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::mac ( ) const
inlineprotected

Definition at line 69 of file tls_cbc.h.

70 {
71 BOTAN_ASSERT_NONNULL(m_mac);
72 return *m_mac;
73 }
BOTAN_ASSERT_NONNULL
#define BOTAN_ASSERT_NONNULL(ptr)
Definition: assert.h:106

References BOTAN_ASSERT_NONNULL.

Referenced by clear(), has_keying_material(), and TLS_CBC_HMAC_AEAD_Mode().

◆ mac_keylen()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::mac_keylen ( ) const
inlineprotected

Definition at line 59 of file tls_cbc.h.

59{ return m_mac_keylen; }

◆ maximum_associated_data_inputs()

virtual size_t Botan::AEAD_Mode::maximum_associated_data_inputs ( ) const
inlinevirtualinherited

Returns the maximum supported number of associated data inputs which can be provided to set_associated_data_n

If returns 0, then no associated data is supported.

Reimplemented in Botan::SIV_Mode.

Definition at line 93 of file aead.h.

93{ return 1; }

◆ maximum_keylength()

size_t Botan::SymmetricAlgorithm::maximum_keylength ( ) const
inlineinherited
Returns
maximum allowed key length

Definition at line 123 of file sym_algo.h.

124 {
125 return key_spec().maximum_keylength();
126 }
Botan::Key_Length_Specification::maximum_keylength
size_t maximum_keylength() const
Definition: sym_algo.h:72
Botan::SymmetricAlgorithm::key_spec
virtual Key_Length_Specification key_spec() const =0

◆ minimum_final_size()

virtual size_t Botan::Cipher_Mode::minimum_final_size ( ) const
pure virtualinherited
Returns
required minimium size to finalize() - may be any length larger than this.

Implemented in Botan::CCM_Encryption, Botan::CCM_Decryption, Botan::ChaCha20Poly1305_Encryption, Botan::ChaCha20Poly1305_Decryption, Botan::EAX_Encryption, Botan::EAX_Decryption, Botan::GCM_Encryption, Botan::GCM_Decryption, Botan::OCB_Encryption, Botan::OCB_Decryption, Botan::SIV_Encryption, Botan::SIV_Decryption, Botan::CBC_Encryption, Botan::CTS_Encryption, Botan::CBC_Decryption, Botan::CTS_Decryption, Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption, Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption, Botan::CFB_Mode, and Botan::XTS_Mode.

◆ minimum_keylength()

size_t Botan::SymmetricAlgorithm::minimum_keylength ( ) const
inlineinherited
Returns
minimum allowed key length

Definition at line 131 of file sym_algo.h.

132 {
133 return key_spec().minimum_keylength();
134 }
Botan::Key_Length_Specification::minimum_keylength
size_t minimum_keylength() const
Definition: sym_algo.h:64

◆ msg()

secure_vector< uint8_t > & Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::msg ( )
inlineprotected

Definition at line 77 of file tls_cbc.h.

77{ return m_msg; }

◆ name()

std::string Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::name ( ) const
finaloverridevirtual
Returns
the algorithm name

Implements Botan::SymmetricAlgorithm.

Definition at line 68 of file tls_cbc.cpp.

69 {
70 return "TLS_CBC(" + m_cipher_name + "," + m_mac_name + ")";
71 }

◆ output_length()

virtual size_t Botan::Cipher_Mode::output_length ( size_t  input_length) const
pure virtualinherited

Returns the size of the output if this transform is used to process a message with input_length bytes. In most cases the answer is precise. If it is not possible to precise (namely for CBC decryption) instead an upper bound is returned.

Implemented in Botan::CCM_Encryption, Botan::CCM_Decryption, Botan::ChaCha20Poly1305_Encryption, Botan::ChaCha20Poly1305_Decryption, Botan::EAX_Encryption, Botan::EAX_Decryption, Botan::GCM_Encryption, Botan::GCM_Decryption, Botan::OCB_Encryption, Botan::OCB_Decryption, Botan::SIV_Encryption, Botan::SIV_Decryption, Botan::CBC_Encryption, Botan::CTS_Encryption, Botan::CBC_Decryption, Botan::XTS_Encryption, Botan::XTS_Decryption, Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption, Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption, and Botan::CFB_Mode.

Referenced by Botan::TLS::write_record().

◆ process() [1/2]

size_t Botan::Cipher_Mode::process ( std::span< uint8_t >  msg)
inlineinherited

Process message blocks

Input must be a multiple of update_granularity

Processes msg in place and returns bytes written. Normally this will be either msg_len (indicating the entire message was processed) or for certain AEAD modes zero (indicating that the mode requires the entire message be processed in one pass).

Parameters
msgthe message to be processed
Returns
bytes written in-place

Definition at line 133 of file cipher_mode.h.

134 { return this->process_msg(msg.data(), msg.size()); }
Botan::Cipher_Mode::process_msg
virtual size_t process_msg(uint8_t msg[], size_t msg_len)=0

◆ process() [2/2]

size_t Botan::Cipher_Mode::process ( uint8_t  msg[],
size_t  msg_len 
)
inlineinherited

Definition at line 135 of file cipher_mode.h.

136 { return this->process_msg(msg, msg_len); }

◆ provider()

virtual std::string Botan::Cipher_Mode::provider ( ) const
inlinevirtualinherited
Returns
provider information about this implementation. Default is "base", might also return "sse2", "avx2", "openssl", or some other arbitrary string.

Reimplemented in Botan::GCM_Mode.

Definition at line 250 of file cipher_mode.h.

250{ return "base"; }

Referenced by Botan::AEAD_Mode::create(), Botan::Cipher_Mode::create(), Botan::AEAD_Mode::create_or_throw(), and Botan::Cipher_Mode::create_or_throw().

◆ providers()

std::vector< std::string > Botan::Cipher_Mode::providers ( std::string_view  algo_spec)
staticinherited
Returns
list of available providers for this algorithm, empty if not available
Parameters
algo_specalgorithm name

Definition at line 172 of file cipher_mode.cpp.

173 {
174 const std::vector<std::string>& possible = { "base", "commoncrypto" };
175 std::vector<std::string> providers;
176 for(auto&& prov : possible)
177 {
178 auto mode = Cipher_Mode::create(algo_spec, Cipher_Dir::Encryption, prov);
179 if(mode)
180 {
181 providers.push_back(prov); // available
182 }
183 }
184 return providers;
185 }
Botan::Cipher_Mode::create
static std::unique_ptr< Cipher_Mode > create(std::string_view algo, Cipher_Dir direction, std::string_view provider="")
Definition: cipher_mode.cpp:50
Botan::Cipher_Mode::providers
static std::vector< std::string > providers(std::string_view algo_spec)
Definition: cipher_mode.cpp:172

References Botan::Cipher_Mode::create(), Botan::Encryption, and Botan::Cipher_Mode::providers().

Referenced by Botan::Cipher_Mode::providers().

◆ requires_entire_message()

virtual bool Botan::Cipher_Mode::requires_entire_message ( ) const
inlinevirtualinherited

Certain modes require the entire message be available before any processing can occur. For such modes, input will be consumed but not returned, until finish is called, which returns the entire message.

This function returns true if this mode has this style of operation.

Reimplemented in Botan::CCM_Mode, and Botan::SIV_Mode.

Definition at line 212 of file cipher_mode.h.

212{ return false; }

◆ reset()

void Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::reset ( )
finaloverridevirtual

Resets just the message specific state and allows encrypting again under the existing key

Implements Botan::Cipher_Mode.

Definition at line 61 of file tls_cbc.cpp.

62 {
63 cbc_state().clear();
64 m_ad.clear();
65 m_msg.clear();
66 }
Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::cbc_state
secure_vector< uint8_t > & cbc_state()
Definition: tls_cbc.h:75

References cbc_state().

Referenced by clear().

◆ set_ad()

void Botan::AEAD_Mode::set_ad ( std::span< const uint8_t >  ad)
inlineinherited

Set associated data that is not included in the ciphertext but that should be authenticated. Must be called after set_key and before start.

See set_associated_data().

Parameters
adthe associated data

Definition at line 128 of file aead.h.

129 {
130 set_associated_data(ad);
131 }
Botan::AEAD_Mode::set_associated_data
void set_associated_data(std::span< const uint8_t > ad)
Definition: aead.h:60

◆ set_associated_data() [1/2]

void Botan::AEAD_Mode::set_associated_data ( const uint8_t  ad[],
size_t  ad_len 
)
inlineinherited

Definition at line 62 of file aead.h.

63 { set_associated_data(std::span(ad, ad_len)); }

◆ set_associated_data() [2/2]

void Botan::AEAD_Mode::set_associated_data ( std::span< const uint8_t >  ad)
inlineinherited

Set associated data that is not included in the ciphertext but that should be authenticated. Must be called after set_key and before start.

Unless reset by another call, the associated data is kept between messages. Thus, if the AD does not change, calling once (after set_key) is the optimum.

Parameters
adthe associated data

Definition at line 60 of file aead.h.

61 { set_associated_data_n(0, ad); }
Botan::AEAD_Mode::set_associated_data_n
virtual void set_associated_data_n(size_t idx, std::span< const uint8_t > ad)=0

Referenced by Botan::TLS::write_record().

◆ set_associated_data_n()

void Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::set_associated_data_n ( size_t  idx,
std::span< const uint8_t >  ad 
)
overridevirtual

Set associated data that is not included in the ciphertext but that should be authenticated. Must be called after set_key and before start.

Unless reset by another call, the associated data is kept between messages. Thus, if the AD does not change, calling once (after set_key) is the optimum.

Some AEADs (namely SIV) support multiple AD inputs. For all other modes only nominal AD input 0 is supported; all other values of idx will cause an exception.

Derived AEADs must implement this. For AEADs where maximum_associated_data_inputs() returns 1 (the default), the idx must simply be ignored.

Parameters
idxwhich associated data to set
adthe associated data

Implements Botan::AEAD_Mode.

Reimplemented in Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption.

Definition at line 141 of file tls_cbc.cpp.

142 {
143 BOTAN_ARG_CHECK(idx == 0, "TLS 1.2 CBC/HMAC: cannot handle non-zero index in set_associated_data_n");
144 if(ad.size() != 13)
145 throw Invalid_Argument("Invalid TLS AEAD associated data length");
146 m_ad.assign(ad.begin(), ad.end());
147 }
BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition: assert.h:36

References BOTAN_ARG_CHECK.

Referenced by Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::set_associated_data_n().

◆ set_associated_data_vec()

template<typename Alloc >
void Botan::AEAD_Mode::set_associated_data_vec ( const std::vector< uint8_t, Alloc > &  ad)
inlineinherited

Set associated data that is not included in the ciphertext but that should be authenticated. Must be called after set_key and before start.

See set_associated_data().

Parameters
adthe associated data

Definition at line 113 of file aead.h.

114 {
115 set_associated_data(ad);
116 }

◆ set_key() [1/3]

void Botan::SymmetricAlgorithm::set_key ( const SymmetricKey key)
inlineinherited

Set the symmetric key of this object.

Parameters
keythe SymmetricKey to be set.

Definition at line 150 of file sym_algo.h.

151 {
152 set_key(key.begin(), key.length());
153 }
Botan::SymmetricAlgorithm::set_key
void set_key(const SymmetricKey &key)
Definition: sym_algo.h:150

References Botan::OctetString::begin(), and Botan::OctetString::length().

Referenced by Botan::Sodium::crypto_stream_salsa20(), Botan::Sodium::crypto_stream_salsa20_xor_ic(), Botan::Sodium::crypto_stream_xsalsa20(), Botan::Sodium::crypto_stream_xsalsa20_xor_ic(), Botan::FPE::fe1_decrypt(), Botan::FPE::fe1_encrypt(), and Botan::Sodium::randombytes_buf_deterministic().

◆ set_key() [2/3]

void Botan::SymmetricAlgorithm::set_key ( const uint8_t  key[],
size_t  length 
)
inherited

Set the symmetric key of this object.

Parameters
keythe to be set as a byte array.
lengthin bytes of key param

Definition at line 17 of file sym_algo.cpp.

18 {
19 if(!valid_keylength(length))
20 throw Invalid_Key_Length(name(), length);
21 key_schedule(key, length);
22 }
Botan::SymmetricAlgorithm::valid_keylength
bool valid_keylength(size_t length) const
Definition: sym_algo.h:141

References Botan::SymmetricAlgorithm::name(), and Botan::SymmetricAlgorithm::valid_keylength().

◆ set_key() [3/3]

void Botan::SymmetricAlgorithm::set_key ( std::span< const uint8_t >  key)
inlineinherited

Set the symmetric key of this object.

Parameters
keythe contiguous byte range to be set.

Definition at line 159 of file sym_algo.h.

160 {
161 set_key(key.data(), key.size());
162 }

◆ start() [1/3]

void Botan::Cipher_Mode::start ( )
inlineinherited

Begin processing a message.

The exact semantics of this depend on the mode. For many modes, the call will fail since a nonce must be provided.

For certain modes such as CBC this will instead cause the last ciphertext block to be used as the nonce of the new message; doing this isn't a good idea, but some (mostly older) protocols do this.

Definition at line 115 of file cipher_mode.h.

116 {
117 return start_msg(nullptr, 0);
118 }
Botan::Cipher_Mode::start_msg
virtual void start_msg(const uint8_t nonce[], size_t nonce_len)=0

◆ start() [2/3]

void Botan::Cipher_Mode::start ( const uint8_t  nonce[],
size_t  nonce_len 
)
inlineinherited

Begin processing a message with a fresh nonce.

Parameters
noncethe per message nonce
nonce_lenlength of nonce

Definition at line 100 of file cipher_mode.h.

101 {
102 start_msg(nonce, nonce_len);
103 }

◆ start() [3/3]

void Botan::Cipher_Mode::start ( std::span< const uint8_t >  nonce)
inlineinherited

Begin processing a message with a fresh nonce.

Parameters
noncethe per message nonce

Definition at line 90 of file cipher_mode.h.

91 {
92 start_msg(nonce.data(), nonce.size());
93 }

Referenced by botan_cipher_start(), and Botan::TLS::write_record().

◆ tag_size()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::tag_size ( ) const
inlinefinaloverridevirtual
Returns
the size of the authentication tag used (in bytes)

Reimplemented from Botan::Cipher_Mode.

Definition at line 40 of file tls_cbc.h.

40{ return m_tag_size; }

Referenced by Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::output_length().

◆ update()

template<concepts::resizable_byte_buffer T>
void Botan::Cipher_Mode::update ( T buffer,
size_t  offset = 0 
)
inlineinherited

Process some data. Input must be in size update_granularity() uint8_t blocks.

Parameters
bufferin/out parameter which will possibly be resized
offsetan offset into blocks to begin processing

Definition at line 144 of file cipher_mode.h.

145 {
146 BOTAN_ASSERT(buffer.size() >= offset, "Offset ok");
147 const size_t written = process(std::span(buffer).subspan(offset));
148 buffer.resize(offset + written);
149 }
Botan::Cipher_Mode::process
size_t process(std::span< uint8_t > msg)
Definition: cipher_mode.h:133

References BOTAN_ASSERT.

Referenced by botan_cipher_update().

◆ update_granularity()

size_t Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::update_granularity ( ) const
finaloverridevirtual
Returns
size of required blocks to update

Implements Botan::Cipher_Mode.

Definition at line 73 of file tls_cbc.cpp.

74 {
75 return 1; // just buffers anyway
76 }

◆ use_encrypt_then_mac()

bool Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::use_encrypt_then_mac ( ) const
inlineprotected

Definition at line 63 of file tls_cbc.h.

63{ return m_use_encrypt_then_mac; }

Referenced by Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::output_length(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::set_associated_data_n().

◆ valid_keylength()

bool Botan::SymmetricAlgorithm::valid_keylength ( size_t  length) const
inlineinherited

Check whether a given key length is valid for this algorithm.

Parameters
lengththe key length to be checked.
Returns
true if the key length is valid.

Definition at line 141 of file sym_algo.h.

142 {
143 return key_spec().valid_keylength(length);
144 }
Botan::Key_Length_Specification::valid_keylength
bool valid_keylength(size_t length) const
Definition: sym_algo.h:54

Referenced by Botan::SymmetricAlgorithm::set_key().

◆ valid_nonce_length()

bool Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::valid_nonce_length ( size_t  nonce_len) const
finaloverridevirtual
Returns
true iff nonce_len is a valid length for the nonce

Implements Botan::Cipher_Mode.

Definition at line 83 of file tls_cbc.cpp.

84 {
85 if(m_cbc_state.empty())
86 return nl == block_size();
87 return nl == iv_size();
88 }
Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::block_size
size_t block_size() const
Definition: tls_cbc.h:61
Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::iv_size
size_t iv_size() const
Definition: tls_cbc.h:60

References block_size(), and iv_size().

The documentation for this class was generated from the following files:
Generated by doxygen 1.9.6