Botan  1.11.32
Public Types | Public Member Functions | Protected Member Functions | List of all members
Botan::XTS_Encryption Class Referencefinal

#include <xts.h>

Inheritance diagram for Botan::XTS_Encryption:
Botan::XTS_Mode Botan::Cipher_Mode

Public Types

typedef SCAN_Name Spec
 

Public Member Functions

virtual bool authenticated () const
 
void clear () override
 
size_t default_nonce_length () const override
 
void finish (secure_vector< byte > &final_block, size_t offset=0) override
 
Key_Length_Specification key_spec () const override
 
size_t minimum_final_size () const override
 
std::string name () const override
 
size_t output_length (size_t input_length) const override
 
size_t process (uint8_t buf[], size_t size) override
 
virtual std::string provider () const
 
template<typename Alloc >
void set_key (const std::vector< byte, Alloc > &key)
 
void set_key (const SymmetricKey &key)
 
void set_key (const byte key[], size_t length)
 
template<typename Alloc >
void start (const std::vector< byte, Alloc > &nonce)
 
void start (const byte nonce[], size_t nonce_len)
 
void start ()
 
virtual size_t tag_size () const
 
void update (secure_vector< byte > &buffer, size_t offset=0)
 
size_t update_granularity () const override
 
bool valid_keylength (size_t length) const
 
bool valid_nonce_length (size_t n) const override
 
 XTS_Encryption (BlockCipher *cipher)
 

Protected Member Functions

const BlockCiphercipher () const
 
const bytetweak () const
 
void update_tweak (size_t last_used)
 

Detailed Description

IEEE P1619 XTS Encryption

Definition at line 55 of file xts.h.

Member Typedef Documentation

§ Spec

Definition at line 27 of file cipher_mode.h.

Constructor & Destructor Documentation

§ XTS_Encryption()

Botan::XTS_Encryption::XTS_Encryption ( BlockCipher cipher)
inlineexplicit

Definition at line 58 of file xts.h.

58 : XTS_Mode(cipher) {}
const BlockCipher & cipher() const
Definition: xts.h:40
XTS_Mode(BlockCipher *cipher)
Definition: xts.cpp:51

Member Function Documentation

§ authenticated()

virtual bool Botan::Cipher_Mode::authenticated ( ) const
inlinevirtualinherited

Returns true iff this mode provides authentication as well as confidentiality.

Reimplemented in Botan::AEAD_Mode.

Definition at line 136 of file cipher_mode.h.

136 { return false; }

§ cipher()

const BlockCipher& Botan::XTS_Mode::cipher ( ) const
inlineprotectedinherited

§ clear()

void Botan::XTS_Mode::clear ( )
overridevirtualinherited

Implements Botan::Cipher_Mode.

Definition at line 60 of file xts.cpp.

References Botan::zeroise().

61  {
62  m_cipher->clear();
63  m_tweak_cipher->clear();
64  zeroise(m_tweak);
65  }
void zeroise(std::vector< T, Alloc > &vec)
Definition: secmem.h:194

§ default_nonce_length()

size_t Botan::XTS_Mode::default_nonce_length ( ) const
overridevirtualinherited

Return the default size for a nonce

Implements Botan::Cipher_Mode.

Definition at line 87 of file xts.cpp.

References Botan::BlockCipher::block_size(), and Botan::XTS_Mode::cipher().

88  {
89  return cipher().block_size();
90  }
const BlockCipher & cipher() const
Definition: xts.h:40
virtual size_t block_size() const =0

§ finish()

void Botan::XTS_Encryption::finish ( secure_vector< byte > &  final_block,
size_t  offset = 0 
)
overridevirtual

Complete processing of a message.

Parameters
final_blockin/out parameter which must be at least minimum_final_size() bytes, and will be set to any final output
offsetan offset into final_block to begin processing

Implements Botan::Cipher_Mode.

Definition at line 164 of file xts.cpp.

References Botan::BlockCipher::block_size(), BOTAN_ASSERT, Botan::XTS_Mode::cipher(), Botan::BlockCipher::encrypt(), Botan::XTS_Mode::minimum_final_size(), Botan::XTS_Mode::tweak(), Botan::Cipher_Mode::update(), and Botan::xor_buf().

165  {
166  BOTAN_ASSERT(buffer.size() >= offset, "Offset is sane");
167  const size_t sz = buffer.size() - offset;
168  byte* buf = buffer.data() + offset;
169 
170  BOTAN_ASSERT(sz >= minimum_final_size(), "Have sufficient final input");
171 
172  const size_t BS = cipher().block_size();
173 
174  if(sz % BS == 0)
175  {
176  update(buffer, offset);
177  }
178  else
179  {
180  // steal ciphertext
181  const size_t full_blocks = ((sz / BS) - 1) * BS;
182  const size_t final_bytes = sz - full_blocks;
183  BOTAN_ASSERT(final_bytes > BS && final_bytes < 2*BS, "Left over size in expected range");
184 
185  secure_vector<byte> last(buf + full_blocks, buf + full_blocks + final_bytes);
186  buffer.resize(full_blocks + offset);
187  update(buffer, offset);
188 
189  xor_buf(last, tweak(), BS);
190  cipher().encrypt(last);
191  xor_buf(last, tweak(), BS);
192 
193  for(size_t i = 0; i != final_bytes - BS; ++i)
194  {
195  last[i] ^= last[i + BS];
196  last[i + BS] ^= last[i];
197  last[i] ^= last[i + BS];
198  }
199 
200  xor_buf(last, tweak() + BS, BS);
201  cipher().encrypt(last);
202  xor_buf(last, tweak() + BS, BS);
203 
204  buffer += last;
205  }
206  }
void xor_buf(T out[], const T in[], size_t length)
Definition: mem_ops.h:90
void update(secure_vector< byte > &buffer, size_t offset=0)
Definition: cipher_mode.h:81
const BlockCipher & cipher() const
Definition: xts.h:40
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
const byte * tweak() const
Definition: xts.h:38
void encrypt(const byte in[], byte out[]) const
Definition: block_cipher.h:69
size_t minimum_final_size() const override
Definition: xts.cpp:77
virtual size_t block_size() const =0
std::uint8_t byte
Definition: types.h:31

§ key_spec()

Key_Length_Specification Botan::XTS_Mode::key_spec ( ) const
overridevirtualinherited
Returns
object describing limits on key size

Implements Botan::Cipher_Mode.

Definition at line 82 of file xts.cpp.

References Botan::XTS_Mode::cipher(), Botan::SymmetricAlgorithm::key_spec(), and Botan::Key_Length_Specification::multiple().

83  {
84  return cipher().key_spec().multiple(2);
85  }
const BlockCipher & cipher() const
Definition: xts.h:40
virtual Key_Length_Specification key_spec() const =0
Key_Length_Specification multiple(size_t n) const
Definition: key_spec.h:82

§ minimum_final_size()

size_t Botan::XTS_Mode::minimum_final_size ( ) const
overridevirtualinherited
Returns
required minimium size to finalize() - may be any length larger than this.

Implements Botan::Cipher_Mode.

Definition at line 77 of file xts.cpp.

References Botan::BlockCipher::block_size(), and Botan::XTS_Mode::cipher().

Referenced by finish(), and Botan::XTS_Decryption::finish().

78  {
79  return cipher().block_size() + 1;
80  }
const BlockCipher & cipher() const
Definition: xts.h:40
virtual size_t block_size() const =0

§ name()

std::string Botan::XTS_Mode::name ( ) const
overridevirtualinherited

Implements Botan::Cipher_Mode.

Definition at line 67 of file xts.cpp.

References Botan::XTS_Mode::cipher(), and Botan::SymmetricAlgorithm::name().

Referenced by Botan::XTS_Mode::valid_nonce_length().

68  {
69  return cipher().name() + "/XTS";
70  }
const BlockCipher & cipher() const
Definition: xts.h:40
virtual std::string name() const =0

§ output_length()

size_t Botan::XTS_Encryption::output_length ( size_t  input_length) const
overridevirtual

Returns the size of the output if this transform is used to process a message with input_length bytes. Will throw if unable to give a precise answer.

Implements Botan::Cipher_Mode.

Definition at line 132 of file xts.cpp.

133  {
134  return input_length;
135  }

§ process()

size_t Botan::XTS_Encryption::process ( uint8_t  msg[],
size_t  msg_len 
)
overridevirtual

Process message blocks

Input must be a multiple of update_granularity

Processes msg in place and returns bytes written. Normally this will be either msg_len (indicating the entire message was processes) or for certain AEAD modes zero (indicating that the mode requires the entire message be processed in one pass.

Implements Botan::Cipher_Mode.

Definition at line 137 of file xts.cpp.

References Botan::BlockCipher::block_size(), BOTAN_ASSERT, Botan::XTS_Mode::cipher(), Botan::BlockCipher::encrypt_n(), Botan::CT::min(), Botan::XTS_Mode::tweak(), Botan::XTS_Mode::update_granularity(), Botan::XTS_Mode::update_tweak(), and Botan::xor_buf().

138  {
139  const size_t BS = cipher().block_size();
140 
141  BOTAN_ASSERT(sz % BS == 0, "Input is full blocks");
142  size_t blocks = sz / BS;
143 
144  const size_t blocks_in_tweak = update_granularity() / BS;
145 
146  while(blocks)
147  {
148  const size_t to_proc = std::min(blocks, blocks_in_tweak);
149  const size_t to_proc_bytes = to_proc * BS;
150 
151  xor_buf(buf, tweak(), to_proc_bytes);
152  cipher().encrypt_n(buf, buf, to_proc);
153  xor_buf(buf, tweak(), to_proc_bytes);
154 
155  buf += to_proc * BS;
156  blocks -= to_proc;
157 
158  update_tweak(to_proc);
159  }
160 
161  return sz;
162  }
void xor_buf(T out[], const T in[], size_t length)
Definition: mem_ops.h:90
void update_tweak(size_t last_used)
Definition: xts.cpp:119
const BlockCipher & cipher() const
Definition: xts.h:40
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
const byte * tweak() const
Definition: xts.h:38
T min(T a, T b)
Definition: ct_utils.h:180
virtual void encrypt_n(const byte in[], byte out[], size_t blocks) const =0
size_t update_granularity() const override
Definition: xts.cpp:72
virtual size_t block_size() const =0

§ provider()

virtual std::string Botan::Cipher_Mode::provider ( ) const
inlinevirtualinherited
Returns
provider information about this implementation. Default is "base", might also return "sse2", "avx2", "openssl", or some other arbitrary string.

Reimplemented in Botan::GCM_Mode.

Definition at line 185 of file cipher_mode.h.

185 { return "base"; }

§ set_key() [1/3]

template<typename Alloc >
void Botan::Cipher_Mode::set_key ( const std::vector< byte, Alloc > &  key)
inlineinherited

Definition at line 159 of file cipher_mode.h.

Referenced by botan_cipher_set_key().

160  {
161  set_key(key.data(), key.size());
162  }
void set_key(const std::vector< byte, Alloc > &key)
Definition: cipher_mode.h:159

§ set_key() [2/3]

void Botan::Cipher_Mode::set_key ( const SymmetricKey key)
inlineinherited

Definition at line 164 of file cipher_mode.h.

References Botan::OctetString::begin(), and Botan::OctetString::length().

165  {
166  set_key(key.begin(), key.length());
167  }
void set_key(const std::vector< byte, Alloc > &key)
Definition: cipher_mode.h:159

§ set_key() [3/3]

void Botan::Cipher_Mode::set_key ( const byte  key[],
size_t  length 
)
inlineinherited

Set the symmetric key of this transform

Parameters
keycontains the key material
lengthin bytes of key param

Definition at line 174 of file cipher_mode.h.

175  {
176  if(!valid_keylength(length))
177  throw Invalid_Key_Length(name(), length);
178  key_schedule(key, length);
179  }
virtual std::string name() const =0
bool valid_keylength(size_t length) const
Definition: cipher_mode.h:153

§ start() [1/3]

template<typename Alloc >
void Botan::Cipher_Mode::start ( const std::vector< byte, Alloc > &  nonce)
inlineinherited

Begin processing a message.

Parameters
noncethe per message nonce

Definition at line 41 of file cipher_mode.h.

Referenced by botan_cipher_start(), and Botan::TLS::write_record().

42  {
43  start_msg(nonce.data(), nonce.size());
44  }
virtual void start_msg(const byte nonce[], size_t nonce_len)=0

§ start() [2/3]

void Botan::Cipher_Mode::start ( const byte  nonce[],
size_t  nonce_len 
)
inlineinherited

Begin processing a message.

Parameters
noncethe per message nonce
nonce_lenlength of nonce

Definition at line 51 of file cipher_mode.h.

52  {
53  start_msg(nonce, nonce_len);
54  }
virtual void start_msg(const byte nonce[], size_t nonce_len)=0

§ start() [3/3]

void Botan::Cipher_Mode::start ( )
inlineinherited

Begin processing a message.

Definition at line 59 of file cipher_mode.h.

60  {
61  return start_msg(nullptr, 0);
62  }
virtual void start_msg(const byte nonce[], size_t nonce_len)=0

§ tag_size()

virtual size_t Botan::Cipher_Mode::tag_size ( ) const
inlinevirtualinherited

Return the size of the authentication tag used (in bytes)

Reimplemented in Botan::SIV_Mode, Botan::CCM_Mode, Botan::OCB_Mode, Botan::ChaCha20Poly1305_Mode, Botan::GCM_Mode, and Botan::EAX_Mode.

Definition at line 141 of file cipher_mode.h.

Referenced by botan_cipher_get_tag_length().

141 { return 0; }

§ tweak()

const byte* Botan::XTS_Mode::tweak ( ) const
inlineprotectedinherited

Definition at line 38 of file xts.h.

Referenced by finish(), Botan::XTS_Decryption::finish(), process(), and Botan::XTS_Decryption::process().

38 { return m_tweak.data(); }

§ update()

void Botan::Cipher_Mode::update ( secure_vector< byte > &  buffer,
size_t  offset = 0 
)
inlineinherited

Process some data. Input must be in size update_granularity() byte blocks.

Parameters
blocksin/out parameter which will possibly be resized
offsetan offset into blocks to begin processing

Definition at line 81 of file cipher_mode.h.

References BOTAN_ASSERT.

Referenced by botan_cipher_update(), Botan::ECB_Encryption::finish(), finish(), Botan::CFB_Encryption::finish(), Botan::CBC_Encryption::finish(), Botan::ChaCha20Poly1305_Encryption::finish(), Botan::XTS_Decryption::finish(), Botan::ECB_Decryption::finish(), Botan::EAX_Encryption::finish(), Botan::CFB_Decryption::finish(), Botan::CTS_Encryption::finish(), Botan::CBC_Decryption::finish(), and Botan::CTS_Decryption::finish().

82  {
83  BOTAN_ASSERT(buffer.size() >= offset, "Offset ok");
84  byte* buf = buffer.data() + offset;
85  const size_t buf_size = buffer.size() - offset;
86 
87  const size_t written = process(buf, buf_size);
88  buffer.resize(offset + written);
89  }
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
virtual size_t process(uint8_t msg[], size_t msg_len)=0
std::uint8_t byte
Definition: types.h:31

§ update_granularity()

size_t Botan::XTS_Mode::update_granularity ( ) const
overridevirtualinherited
Returns
size of required blocks to update

Implements Botan::Cipher_Mode.

Definition at line 72 of file xts.cpp.

References Botan::XTS_Mode::cipher(), and Botan::BlockCipher::parallel_bytes().

Referenced by process(), Botan::XTS_Decryption::process(), Botan::XTS_Mode::update_tweak(), and Botan::XTS_Mode::XTS_Mode().

73  {
74  return cipher().parallel_bytes();
75  }
size_t parallel_bytes() const
Definition: block_cipher.h:51
const BlockCipher & cipher() const
Definition: xts.h:40

§ update_tweak()

void Botan::XTS_Mode::update_tweak ( size_t  last_used)
protectedinherited

Definition at line 119 of file xts.cpp.

References Botan::XTS_Mode::update_granularity().

Referenced by process(), Botan::XTS_Decryption::process(), and Botan::XTS_Mode::valid_nonce_length().

120  {
121  const size_t BS = m_tweak_cipher->block_size();
122 
123  if(which > 0)
124  poly_double(m_tweak.data(), &m_tweak[(which-1)*BS], BS);
125 
126  const size_t blocks_in_tweak = update_granularity() / BS;
127 
128  for(size_t i = 1; i < blocks_in_tweak; ++i)
129  poly_double(&m_tweak[i*BS], &m_tweak[(i-1)*BS], BS);
130  }
size_t update_granularity() const override
Definition: xts.cpp:72

§ valid_keylength()

bool Botan::Cipher_Mode::valid_keylength ( size_t  length) const
inlineinherited

Check whether a given key length is valid for this algorithm.

Parameters
lengththe key length to be checked.
Returns
true if the key length is valid.

Definition at line 153 of file cipher_mode.h.

154  {
155  return key_spec().valid_keylength(length);
156  }
virtual Key_Length_Specification key_spec() const =0
bool valid_keylength(size_t length) const
Definition: key_spec.h:51

§ valid_nonce_length()

bool Botan::XTS_Mode::valid_nonce_length ( size_t  nonce_len) const
overridevirtualinherited

Return true iff nonce_len is a valid length for the nonce

Implements Botan::Cipher_Mode.

Definition at line 92 of file xts.cpp.

References Botan::BlockCipher::block_size(), Botan::XTS_Mode::cipher(), Botan::copy_mem(), Botan::XTS_Mode::name(), and Botan::XTS_Mode::update_tweak().

93  {
94  return cipher().block_size() == n;
95  }
const BlockCipher & cipher() const
Definition: xts.h:40
virtual size_t block_size() const =0

The documentation for this class was generated from the following files: