Botan 3.11.0
Crypto and TLS for C&
Functions
ffi_cipher.cpp File Reference
Foreign Function Interface
#include <botan/ffi.h>
#include <botan/aead.h>
#include <botan/mem_ops.h>
#include <botan/internal/bit_ops.h>
#include <botan/internal/buffer_slicer.h>
#include <botan/internal/buffer_stuffer.h>
#include <botan/internal/ffi_util.h>
#include <botan/internal/scoped_cleanup.h>
#include <limits>

Go to the source code of this file.

Functions

int botan_cipher_clear (botan_cipher_t cipher)
int botan_cipher_destroy (botan_cipher_t cipher)
int botan_cipher_get_default_nonce_length (botan_cipher_t cipher, size_t *nl)
int botan_cipher_get_ideal_update_granularity (botan_cipher_t cipher, size_t *ug)
int botan_cipher_get_keyspec (botan_cipher_t cipher, size_t *out_minimum_keylength, size_t *out_maximum_keylength, size_t *out_keylength_modulo)
int botan_cipher_get_tag_length (botan_cipher_t cipher, size_t *tl)
int botan_cipher_get_update_granularity (botan_cipher_t cipher, size_t *ug)
int botan_cipher_init (botan_cipher_t *cipher, const char *cipher_name, uint32_t flags)
int botan_cipher_is_authenticated (botan_cipher_t cipher)
int botan_cipher_name (botan_cipher_t cipher, char *name, size_t *name_len)
int botan_cipher_output_length (botan_cipher_t cipher, size_t in_len, size_t *out_len)
int botan_cipher_query_keylen (botan_cipher_t cipher, size_t *out_minimum_keylength, size_t *out_maximum_keylength)
int botan_cipher_requires_entire_message (botan_cipher_t cipher)
int botan_cipher_reset (botan_cipher_t cipher)
int botan_cipher_set_associated_data (botan_cipher_t cipher, const uint8_t *ad, size_t ad_len)
int botan_cipher_set_key (botan_cipher_t cipher, const uint8_t *key, size_t key_len)
int botan_cipher_start (botan_cipher_t cipher_obj, const uint8_t *nonce, size_t nonce_len)
int botan_cipher_update (botan_cipher_t cipher_obj, uint32_t flags, uint8_t output[], size_t output_size, size_t *output_written, const uint8_t input[], size_t input_size, size_t *input_consumed)
 Encrypt/Decrypt some data and/or finalize the encryption/decryption.
int botan_cipher_valid_nonce_length (botan_cipher_t cipher, size_t nl)

Function Documentation

◆ botan_cipher_clear()

int botan_cipher_clear ( botan_cipher_t hash)

Reset the key, nonce, AD and all other state on this cipher object

Definition at line 120 of file ffi_cipher.cpp.

120 {
121 return BOTAN_FFI_VISIT(cipher, [](auto& c) { c.clear(); });
122}
BOTAN_FFI_VISIT
#define BOTAN_FFI_VISIT(obj, lambda)
Definition ffi_util.h:158

References BOTAN_FFI_VISIT.

◆ botan_cipher_destroy()

int botan_cipher_destroy ( botan_cipher_t cipher)

Destroy the cipher object

Returns
0 if success, error if invalid object handle

Definition at line 116 of file ffi_cipher.cpp.

116 {
117 return BOTAN_FFI_CHECKED_DELETE(cipher);
118}
BOTAN_FFI_CHECKED_DELETE
#define BOTAN_FFI_CHECKED_DELETE(o)
Definition ffi_util.h:185

References BOTAN_FFI_CHECKED_DELETE.

◆ botan_cipher_get_default_nonce_length()

int botan_cipher_get_default_nonce_length ( botan_cipher_t cipher,
size_t * nl )

Get the default nonce length of this cipher

Definition at line 304 of file ffi_cipher.cpp.

304 {
305 return BOTAN_FFI_VISIT(cipher, [=](const auto& c) { *nl = c.default_nonce_length(); });
306}

References BOTAN_FFI_VISIT.

◆ botan_cipher_get_ideal_update_granularity()

int botan_cipher_get_ideal_update_granularity ( botan_cipher_t cipher,
size_t * ug )

Return the ideal update granularity of the cipher. This is some multiple of the update granularity, reflecting possibilities for optimization.

Definition at line 312 of file ffi_cipher.cpp.

312 {
313 return BOTAN_FFI_VISIT(cipher, [=](const auto& c) { *ug = c.ideal_granularity(); });
314}

References BOTAN_FFI_VISIT.

◆ botan_cipher_get_keyspec()

int botan_cipher_get_keyspec ( botan_cipher_t cipher,
size_t * min_keylen,
size_t * max_keylen,
size_t * mod_keylen )

Get information about the supported key lengths.

Definition at line 143 of file ffi_cipher.cpp.

146 {
147 return BOTAN_FFI_VISIT(cipher, [=](const auto& c) {
148 if(out_minimum_keylength) {
149 *out_minimum_keylength = c.key_spec().minimum_keylength();
150 }
151 if(out_maximum_keylength) {
152 *out_maximum_keylength = c.key_spec().maximum_keylength();
153 }
154 if(out_keylength_modulo) {
155 *out_keylength_modulo = c.key_spec().keylength_multiple();
156 }
157 });
158}

References BOTAN_FFI_VISIT.

◆ botan_cipher_get_tag_length()

int botan_cipher_get_tag_length ( botan_cipher_t cipher,
size_t * tag_size )

Get the tag length of the cipher (0 for non-AEAD modes)

Definition at line 316 of file ffi_cipher.cpp.

316 {
317 return BOTAN_FFI_VISIT(cipher, [=](const auto& c) { *tl = c.tag_size(); });
318}

References BOTAN_FFI_VISIT.

◆ botan_cipher_get_update_granularity()

int botan_cipher_get_update_granularity ( botan_cipher_t cipher,
size_t * ug )

Return the update granularity of the cipher; botan_cipher_update must be called with blocks of this size, except for the final.

Definition at line 308 of file ffi_cipher.cpp.

308 {
309 return BOTAN_FFI_VISIT(cipher, [=](const auto& /*c*/) { *ug = cipher->update_size(); });
310}

References BOTAN_FFI_VISIT.

◆ botan_cipher_init()

int botan_cipher_init ( botan_cipher_t * cipher,
const char * name,
uint32_t flags )

Initialize a cipher object

Definition at line 99 of file ffi_cipher.cpp.

99 {
100 return ffi_guard_thunk(__func__, [=]() -> int {
101 const bool encrypt_p = ((flags & BOTAN_CIPHER_INIT_FLAG_MASK_DIRECTION) == BOTAN_CIPHER_INIT_FLAG_ENCRYPT);
102 const Botan::Cipher_Dir dir = encrypt_p ? Botan::Cipher_Dir::Encryption : Botan::Cipher_Dir::Decryption;
103
104 std::unique_ptr<Botan::Cipher_Mode> mode(Botan::Cipher_Mode::create(cipher_name, dir));
105 if(!mode) {
106 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
107 }
108
109 const size_t update_size = ffi_choose_update_size(*mode);
110 const size_t ideal_update_size = std::max(mode->ideal_granularity(), update_size);
111
112 return ffi_new_object(cipher, std::move(mode), update_size, ideal_update_size);
113 });
114}
Botan::Cipher_Mode::create
static std::unique_ptr< Cipher_Mode > create(std::string_view algo, Cipher_Dir direction, std::string_view provider="")
Definition cipher_mode.cpp:54
BOTAN_CIPHER_INIT_FLAG_ENCRYPT
#define BOTAN_CIPHER_INIT_FLAG_ENCRYPT
Definition ffi.h:640
BOTAN_CIPHER_INIT_FLAG_MASK_DIRECTION
#define BOTAN_CIPHER_INIT_FLAG_MASK_DIRECTION
Definition ffi.h:639
BOTAN_FFI_ERROR_NOT_IMPLEMENTED
@ BOTAN_FFI_ERROR_NOT_IMPLEMENTED
Definition ffi.h:140
Botan::PKCS11::flags
Flags flags(Flag flags)
Definition p11.h:1227
Botan_FFI::ffi_new_object
BOTAN_FFI_ERROR ffi_new_object(T *obj, Args &&... args)
Definition ffi_util.h:178
Botan_FFI::ffi_guard_thunk
int ffi_guard_thunk(const char *func_name, T thunk)
Definition ffi_util.h:95

References BOTAN_CIPHER_INIT_FLAG_ENCRYPT, BOTAN_CIPHER_INIT_FLAG_MASK_DIRECTION, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, Botan::Cipher_Mode::create(), Botan::Decryption, Botan::Encryption, Botan_FFI::ffi_guard_thunk(), and Botan_FFI::ffi_new_object().

◆ botan_cipher_is_authenticated()

int botan_cipher_is_authenticated ( botan_cipher_t cipher)

Returns 1 iff the cipher provides authentication as well as confidentiality.

Definition at line 320 of file ffi_cipher.cpp.

320 {
321 return BOTAN_FFI_VISIT(cipher, [=](const auto& c) { return c.authenticated() ? 1 : 0; });
322}

References BOTAN_FFI_VISIT.

◆ botan_cipher_name()

int botan_cipher_name ( botan_cipher_t cipher,
char * name,
size_t * name_len )

Return the name of the cipher object

Definition at line 328 of file ffi_cipher.cpp.

328 {
329 return BOTAN_FFI_VISIT(cipher, [=](const auto& c) { return write_str_output(name, name_len, c.name()); });
330}
Botan_FFI::write_str_output
int write_str_output(char out[], size_t *out_len, const std::string &str)
Definition ffi_util.h:265

References BOTAN_FFI_VISIT, and Botan_FFI::write_str_output().

◆ botan_cipher_output_length()

int botan_cipher_output_length ( botan_cipher_t cipher,
size_t in_len,
size_t * out_len )

Return the output length of this cipher, for a particular input length.

Definition at line 128 of file ffi_cipher.cpp.

128 {
129 if(out_len == nullptr) {
130 return BOTAN_FFI_ERROR_NULL_POINTER;
131 }
132
133 return BOTAN_FFI_VISIT(cipher, [=](const auto& c) { *out_len = c.output_length(in_len); });
134}
BOTAN_FFI_ERROR_NULL_POINTER
@ BOTAN_FFI_ERROR_NULL_POINTER
Definition ffi.h:133

References BOTAN_FFI_ERROR_NULL_POINTER, and BOTAN_FFI_VISIT.

◆ botan_cipher_query_keylen()

int botan_cipher_query_keylen ( botan_cipher_t cipher,
size_t * out_minimum_keylength,
size_t * out_maximum_keylength )

Get information about the key lengths. Prefer botan_cipher_get_keyspec

Definition at line 136 of file ffi_cipher.cpp.

136 {
137 return BOTAN_FFI_VISIT(cipher, [=](const auto& c) {
138 *out_minimum_keylength = c.key_spec().minimum_keylength();
139 *out_maximum_keylength = c.key_spec().maximum_keylength();
140 });
141}

References BOTAN_FFI_VISIT.

◆ botan_cipher_requires_entire_message()

int botan_cipher_requires_entire_message ( botan_cipher_t cipher)

Returns 1 iff the cipher requires the entire message before any encryption or decryption can be performed. No output data will be produced in botan_cipher_update() until the final flag is set.

Definition at line 324 of file ffi_cipher.cpp.

324 {
325 return BOTAN_FFI_VISIT(cipher, [=](const auto& c) { return c.requires_entire_message() ? 1 : 0; });
326}

References BOTAN_FFI_VISIT.

◆ botan_cipher_reset()

int botan_cipher_reset ( botan_cipher_t cipher)

Reset the message specific state for this cipher. Without resetting the keys, this resets the nonce, and any state associated with any message bits that have been processed so far.

It is conceptually equivalent to calling botan_cipher_clear followed by botan_cipher_set_key with the original key.

Definition at line 124 of file ffi_cipher.cpp.

124 {
125 return BOTAN_FFI_VISIT(cipher, [](auto& c) { c.reset(); });
126}

References BOTAN_FFI_VISIT.

◆ botan_cipher_set_associated_data()

int botan_cipher_set_associated_data ( botan_cipher_t cipher,
const uint8_t * ad,
size_t ad_len )

Set the associated data. Will fail if cipher is not an AEAD

Definition at line 290 of file ffi_cipher.cpp.

290 {
291 return BOTAN_FFI_VISIT(cipher, [=](auto& c) {
292 if(Botan::AEAD_Mode* aead = dynamic_cast<Botan::AEAD_Mode*>(&c)) {
293 aead->set_associated_data(ad, ad_len);
294 return BOTAN_FFI_SUCCESS;
295 }
296 return BOTAN_FFI_ERROR_BAD_PARAMETER;
297 });
298}
Botan::AEAD_Mode
Definition aead.h:24
BOTAN_FFI_SUCCESS
@ BOTAN_FFI_SUCCESS
Definition ffi.h:116
BOTAN_FFI_ERROR_BAD_PARAMETER
@ BOTAN_FFI_ERROR_BAD_PARAMETER
Definition ffi.h:134

References BOTAN_FFI_ERROR_BAD_PARAMETER, BOTAN_FFI_SUCCESS, and BOTAN_FFI_VISIT.

◆ botan_cipher_set_key()

int botan_cipher_set_key ( botan_cipher_t cipher,
const uint8_t * key,
size_t key_len )

Set the key for this cipher object

Definition at line 160 of file ffi_cipher.cpp.

160 {
161 return BOTAN_FFI_VISIT(cipher, [=](auto& c) { c.set_key(key, key_len); });
162}

References BOTAN_FFI_VISIT.

◆ botan_cipher_start()

int botan_cipher_start ( botan_cipher_t cipher,
const uint8_t * nonce,
size_t nonce_len )

Begin processing a new message using the provided nonce

Definition at line 164 of file ffi_cipher.cpp.

164 {
165 return ffi_guard_thunk(__func__, [=]() -> int {
166 Botan::Cipher_Mode& cipher = safe_get(cipher_obj);
167 cipher.start(nonce, nonce_len);
168 return BOTAN_FFI_SUCCESS;
169 });
170}
Botan::Cipher_Mode
Definition cipher_mode.h:36
Botan::Cipher_Mode::start
void start(std::span< const uint8_t > nonce)
Definition cipher_mode.h:97
Botan_FFI::safe_get
T & safe_get(botan_struct< T, M > *p)
Definition ffi_util.h:79

References BOTAN_FFI_SUCCESS, Botan_FFI::ffi_guard_thunk(), Botan_FFI::safe_get(), and Botan::Cipher_Mode::start().

◆ botan_cipher_update()

int botan_cipher_update ( botan_cipher_t cipher,
uint32_t flags,
uint8_t output[],
size_t output_size,
size_t * output_written,
const uint8_t input_bytes[],
size_t input_size,
size_t * input_consumed )

Encrypt/Decrypt some data and/or finalize the encryption/decryption.

This encrypts as many bytes from input_bytes into output_bytes as possible. Unless BOTAN_CIPHER_UPDATE_FLAG_FINAL is set, this function will consume bytes in multiples of botan_cipher_get_update_granularity(). input_consumed and output_written will be set accordingly and it is the caller's responsibility to adapt their buffers accordingly before calling this function again. Note that, unless BOTAN_CIPHER_UPDATE_FLAG_FINAL is set, the cipher will at most generate input_size output bytes.

Eventually, the caller must set the BOTAN_CIPHER_UPDATE_FLAG_FINAL flag to indicate that no more input will be provided. This will cause the cipher to consume all given input bytes and produce the final output; or return a BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE error if the given output buffer was too small. In the latter case, output_written will be set to the required buffer size. Calling again with BOTAN_CIPHER_UPDATE_FLAG_FINAL, a big enough buffer and no further input will then produce the final output.

Note that some ciphers require the entire message to be provided before any output is produced.

See also
botan_cipher_requires_entire_message().

Definition at line 172 of file ffi_cipher.cpp.

179 {
180 return ffi_guard_thunk(__func__, [=]() -> int {
181 using namespace Botan;
182 Cipher_Mode& cipher = safe_get(cipher_obj);
183 secure_vector<uint8_t>& mbuf = cipher_obj->buf();
184
185 // If the cipher object's internal buffer contains residual data from
186 // a previous invocation, we can be sure that botan_cipher_update() was
187 // called with the final flag set but not enough buffer space was provided
188 // to accommodate the final output.
189 const bool was_finished_before = !mbuf.empty();
190 const bool final_input = (flags & BOTAN_CIPHER_UPDATE_FLAG_FINAL) != 0;
191
192 // Bring the output variables into a defined state.
193 *output_written = 0;
194 *input_consumed = 0;
195
196 // Once the final flag was set once, it must always be set for
197 // consecutive invocations.
198 if(was_finished_before && !final_input) {
199 return BOTAN_FFI_ERROR_INVALID_OBJECT_STATE;
200 }
201
202 // If the final flag was set in a previous invocation, no more input
203 // data can be processed.
204 if(was_finished_before && input_size > 0) {
205 return BOTAN_FFI_ERROR_BAD_PARAMETER;
206 }
207
208 // Make sure that we always clear the internal buffer before returning
209 // or aborting this invocation due to an exception.
210 auto clean_buffer = scoped_cleanup([&mbuf] { mbuf.clear(); });
211
212 if(final_input) {
213 // If the final flag is set for the first time, we need to process the
214 // remaining input data and then finalize the cipher object.
215 if(!was_finished_before) {
216 *input_consumed = input_size;
217 mbuf.resize(input_size);
218 copy_mem(mbuf, std::span(input, input_size));
219
220 try {
221 cipher.finish(mbuf);
222 } catch(Invalid_Authentication_Tag&) {
223 return BOTAN_FFI_ERROR_BAD_MAC;
224 }
225 }
226
227 // At this point, the cipher object is finalized (potentially in a
228 // previous invocation) and we can copy the final output to the caller.
229 *output_written = mbuf.size();
230
231 // Not enough space to copy the final output out to the caller.
232 // Inform them how much space we need for a successful operation.
233 if(output_size < mbuf.size()) {
234 // This is the only place where mbuf is not cleared before returning.
235 clean_buffer.disengage();
236 return BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE;
237 }
238
239 // Copy the final output to the caller, mbuf is cleared afterwards.
240 copy_mem(std::span(output, mbuf.size()), mbuf);
241 } else {
242 // Process data in a streamed fashion without finalizing. No data is
243 // ever retained in the cipher object's internal buffer. If we run out
244 // of either input data or output capacity, we stop and report that not
245 // all bytes were processed via *output_written and *input_consumed.
246
247 BufferSlicer in({input, input_size});
248 BufferStuffer out({output, output_size});
249
250 // Helper function to do blockwise processing of data.
251 auto blockwise_update = [&](const size_t granularity) {
252 if(granularity == 0) {
253 return;
254 }
255
256 const size_t expected_output_per_iteration = cipher.requires_entire_message() ? 0 : granularity;
257 mbuf.resize(granularity);
258
259 while(in.remaining() >= granularity && out.remaining_capacity() >= expected_output_per_iteration) {
260 copy_mem(mbuf, in.take(granularity));
261 const auto written_bytes = cipher.process(mbuf);
262 BOTAN_DEBUG_ASSERT(written_bytes == expected_output_per_iteration);
263 if(written_bytes > 0) {
264 BOTAN_ASSERT_NOMSG(written_bytes <= granularity);
265 copy_mem(out.next(written_bytes), std::span(mbuf).first(written_bytes));
266 }
267 }
268 };
269
270 // First, process as much data as possible in chunks of ideal granularity
271 blockwise_update(cipher_obj->ideal_update_size());
272
273 // Then process the remaining bytes in chunks of update_size() or, in one go
274 // if update_size() is equal to 1 --> i.e. likely a stream cipher.
275 const bool is_stream_cipher = (cipher_obj->update_size() == 1);
276 const size_t tail_granularity =
277 is_stream_cipher ? std::min(in.remaining(), out.remaining_capacity()) : cipher_obj->update_size();
278 BOTAN_DEBUG_ASSERT(tail_granularity < cipher_obj->ideal_update_size());
279 blockwise_update(tail_granularity);
280
281 // Inform the caller about the amount of data processed.
282 *output_written = output_size - out.remaining_capacity();
283 *input_consumed = input_size - in.remaining();
284 }
285
286 return BOTAN_FFI_SUCCESS;
287 });
288}
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:75
BOTAN_DEBUG_ASSERT
#define BOTAN_DEBUG_ASSERT(expr)
Definition assert.h:129
Botan::BufferStuffer
Helper class to ease in-place marshalling of concatenated fixed-length values.
Definition buffer_stuffer.h:24
Botan::Cipher_Mode::finish
void finish(secure_vector< uint8_t > &final_block, size_t offset=0)
Definition cipher_mode.h:178
Botan::Cipher_Mode::requires_entire_message
virtual bool requires_entire_message() const
Definition cipher_mode.h:232
Botan::Cipher_Mode::process
size_t process(std::span< uint8_t > msg)
Definition cipher_mode.h:131
Botan::Invalid_Authentication_Tag
Definition exceptn.h:274
Botan::scoped_cleanup
Helper class to create a RAII-style cleanup callback.
Definition scoped_cleanup.h:24
BOTAN_CIPHER_UPDATE_FLAG_FINAL
#define BOTAN_CIPHER_UPDATE_FLAG_FINAL
Definition ffi.h:734
BOTAN_FFI_ERROR_INVALID_OBJECT_STATE
@ BOTAN_FFI_ERROR_INVALID_OBJECT_STATE
Definition ffi.h:137
BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE
@ BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE
Definition ffi.h:124
BOTAN_FFI_ERROR_BAD_MAC
@ BOTAN_FFI_ERROR_BAD_MAC
Definition ffi.h:121
Botan::copy_mem
constexpr void copy_mem(T *out, const T *in, size_t n)
Definition mem_ops.h:144
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:68

References BOTAN_ASSERT_NOMSG, BOTAN_CIPHER_UPDATE_FLAG_FINAL, BOTAN_DEBUG_ASSERT, BOTAN_FFI_ERROR_BAD_MAC, BOTAN_FFI_ERROR_BAD_PARAMETER, BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE, BOTAN_FFI_ERROR_INVALID_OBJECT_STATE, BOTAN_FFI_SUCCESS, Botan::copy_mem(), Botan_FFI::ffi_guard_thunk(), Botan::Cipher_Mode::finish(), Botan::Cipher_Mode::process(), Botan::Cipher_Mode::requires_entire_message(), and Botan_FFI::safe_get().

◆ botan_cipher_valid_nonce_length()

int botan_cipher_valid_nonce_length ( botan_cipher_t cipher,
size_t nl )

Return if the specified nonce length is valid for this cipher

Definition at line 300 of file ffi_cipher.cpp.

300 {
301 return BOTAN_FFI_VISIT(cipher, [=](const auto& c) { return c.valid_nonce_length(nl) ? 1 : 0; });
302}

References BOTAN_FFI_VISIT.

Generated by doxygen 1.15.0