Botan 3.9.0
Crypto and TLS for C&
Botan::CryptoBox Namespace Reference

Namespaces

namespace  BOTAN_DIAGNOSTIC_IGNORE_DEPRECATED_DECLARATIONS

Functions

std::string decrypt (const uint8_t input[], size_t input_len, std::string_view passphrase)
std::string decrypt (std::string_view input, std::string_view passphrase)
secure_vector< uint8_t > decrypt_bin (const uint8_t input[], size_t input_len, std::string_view passphrase)
secure_vector< uint8_t > decrypt_bin (std::string_view input, std::string_view passphrase)
std::string encrypt (const uint8_t input[], size_t input_len, std::string_view passphrase, RandomNumberGenerator &rng)

Detailed Description

This namespace holds various high-level crypto functions

Function Documentation

◆ decrypt() [1/2]

std::string Botan::CryptoBox::decrypt ( const uint8_t input[],
size_t input_len,
std::string_view passphrase )

Decrypt a message encrypted with CryptoBox::encrypt

Parameters
inputthe input data
input_lenthe length of input in bytes
passphrasethe passphrase used to encrypt the message

Definition at line 168 of file cryptobox.cpp.

168 {
169 return bytes_to_string(decrypt_bin(input, input_len, passphrase));
170}
secure_vector< uint8_t > decrypt_bin(const uint8_t input[], size_t input_len, std::string_view passphrase)
Definition cryptobox.cpp:96
std::string bytes_to_string(std::span< const uint8_t > bytes)
Definition mem_utils.h:45

References Botan::bytes_to_string(), and decrypt_bin().

Referenced by Botan::CryptoBox::BOTAN_DIAGNOSTIC_IGNORE_DEPRECATED_DECLARATIONS::decrypt(), and decrypt().

◆ decrypt() [2/2]

std::string Botan::CryptoBox::decrypt ( std::string_view input,
std::string_view passphrase )

Decrypt a message encrypted with CryptoBox::encrypt

Parameters
inputthe input data
passphrasethe passphrase used to encrypt the message

Definition at line 172 of file cryptobox.cpp.

172 {
173 return decrypt(as_span_of_bytes(input), passphrase);
174}
std::string decrypt(const uint8_t input[], size_t input_len, std::string_view passphrase)
std::span< const uint8_t > as_span_of_bytes(const char *s, size_t len)
Definition mem_utils.h:28

References Botan::as_span_of_bytes(), and decrypt().

◆ decrypt_bin() [1/2]

secure_vector< uint8_t > Botan::CryptoBox::decrypt_bin ( const uint8_t input[],
size_t input_len,
std::string_view passphrase )

Decrypt a message encrypted with CryptoBox::encrypt

Parameters
inputthe input data
input_lenthe length of input in bytes
passphrasethe passphrase used to encrypt the message

Definition at line 96 of file cryptobox.cpp.

96 {
97 DataSource_Memory input_src(input, input_len);
98 secure_vector<uint8_t> ciphertext = PEM_Code::decode_check_label(input_src, "BOTAN CRYPTOBOX MESSAGE");
99
100 if(ciphertext.size() < CRYPTOBOX_HEADER_LEN) {
101 throw Decoding_Error("Invalid CryptoBox input");
102 }
103
104 for(size_t i = 0; i != VERSION_CODE_LEN; ++i) {
105 uint32_t version = load_be<uint32_t>(ciphertext.data(), 0);
106 if(version != CRYPTOBOX_VERSION_CODE) {
107 throw Decoding_Error("Bad CryptoBox version");
108 }
109 }
110
111 const uint8_t* pbkdf_salt = &ciphertext[VERSION_CODE_LEN];
112 const uint8_t* box_mac = &ciphertext[VERSION_CODE_LEN + PBKDF_SALT_LEN];
113
114 auto pbkdf_fam = PasswordHashFamily::create_or_throw("PBKDF2(HMAC(SHA-512))");
115 auto pbkdf = pbkdf_fam->from_params(PBKDF_ITERATIONS);
116
117 secure_vector<uint8_t> master_key(CIPHER_KEY_LEN + MAC_KEY_LEN + CIPHER_IV_LEN);
118
119 pbkdf->derive_key(
120 master_key.data(), master_key.size(), passphrase.data(), passphrase.size(), pbkdf_salt, PBKDF_SALT_LEN);
121
122 const uint8_t* mk = master_key.data();
123 const uint8_t* cipher_key = mk;
124 const uint8_t* mac_key = mk + CIPHER_KEY_LEN;
125 const uint8_t* iv = mk + CIPHER_KEY_LEN + MAC_KEY_LEN;
126
127 // Now authenticate and decrypt
128 std::unique_ptr<MessageAuthenticationCode> hmac = MessageAuthenticationCode::create_or_throw("HMAC(SHA-512)");
129 hmac->set_key(mac_key, MAC_KEY_LEN);
130
131 if(ciphertext.size() > CRYPTOBOX_HEADER_LEN) {
132 hmac->update(&ciphertext[CRYPTOBOX_HEADER_LEN], ciphertext.size() - CRYPTOBOX_HEADER_LEN);
133 }
134 secure_vector<uint8_t> computed_mac = hmac->final();
135
136 if(!CT::is_equal(computed_mac.data(), box_mac, MAC_OUTPUT_LEN).as_bool()) {
137 throw Decoding_Error("CryptoBox integrity failure");
138 }
139
140 auto ctr = Cipher_Mode::create_or_throw("Serpent/CTR-BE", Cipher_Dir::Decryption);
141 ctr->set_key(cipher_key, CIPHER_KEY_LEN);
142 ctr->start(iv, CIPHER_IV_LEN);
143 ctr->finish(ciphertext, CRYPTOBOX_HEADER_LEN);
144
145 ciphertext.erase(ciphertext.begin(), ciphertext.begin() + CRYPTOBOX_HEADER_LEN);
146 return ciphertext;
147}
static std::unique_ptr< Cipher_Mode > create_or_throw(std::string_view algo, Cipher_Dir direction, std::string_view provider="")
static std::unique_ptr< MessageAuthenticationCode > create_or_throw(std::string_view algo_spec, std::string_view provider="")
Definition mac.cpp:148
static std::unique_ptr< PasswordHashFamily > create_or_throw(std::string_view algo_spec, std::string_view provider="")
Definition pwdhash.cpp:110
constexpr CT::Mask< T > is_equal(const T x[], const T y[], size_t len)
Definition ct_utils.h:826
secure_vector< uint8_t > decode_check_label(DataSource &source, std::string_view label_want)
Definition pem.cpp:49
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:69
constexpr auto load_be(ParamTs &&... params)
Definition loadstor.h:504

References Botan::Cipher_Mode::create_or_throw(), Botan::MessageAuthenticationCode::create_or_throw(), Botan::PasswordHashFamily::create_or_throw(), Botan::PEM_Code::decode_check_label(), Botan::Decryption, Botan::CT::is_equal(), and Botan::load_be().

Referenced by decrypt(), Botan::CryptoBox::BOTAN_DIAGNOSTIC_IGNORE_DEPRECATED_DECLARATIONS::decrypt_bin(), and decrypt_bin().

◆ decrypt_bin() [2/2]

secure_vector< uint8_t > Botan::CryptoBox::decrypt_bin ( std::string_view input,
std::string_view passphrase )

Decrypt a message encrypted with CryptoBox::encrypt

Parameters
inputthe input data
passphrasethe passphrase used to encrypt the message

Definition at line 164 of file cryptobox.cpp.

164 {
165 return decrypt_bin(as_span_of_bytes(input), passphrase);
166}

References Botan::as_span_of_bytes(), and decrypt_bin().

◆ encrypt()

std::string Botan::CryptoBox::encrypt ( const uint8_t input[],
size_t input_len,
std::string_view passphrase,
RandomNumberGenerator & rng )

Encrypt a message using a passphrase

Parameters
inputthe input data
input_lenthe length of input in bytes
passphrasethe passphrase used to encrypt the message
rnga ref to a random number generator, such as AutoSeeded_RNG

Definition at line 42 of file cryptobox.cpp.

42 {
43 /*
44 Output format is:
45 version # (4 bytes)
46 salt (10 bytes)
47 mac (20 bytes)
48 ciphertext
49 */
50 secure_vector<uint8_t> out_buf(CRYPTOBOX_HEADER_LEN + input_len);
51 store_be(CRYPTOBOX_VERSION_CODE, out_buf.data());
52 rng.randomize(&out_buf[VERSION_CODE_LEN], PBKDF_SALT_LEN);
53 // space left for MAC here
54 if(input_len > 0) {
55 copy_mem(&out_buf[CRYPTOBOX_HEADER_LEN], input, input_len);
56 }
57
58 // Generate the keys and IV
59
60 auto pbkdf_fam = PasswordHashFamily::create_or_throw("PBKDF2(HMAC(SHA-512))");
61 auto pbkdf = pbkdf_fam->from_params(PBKDF_ITERATIONS);
62
63 secure_vector<uint8_t> master_key(CIPHER_KEY_LEN + MAC_KEY_LEN + CIPHER_IV_LEN);
64
65 pbkdf->derive_key(master_key.data(),
66 master_key.size(),
67 passphrase.data(),
68 passphrase.size(),
69 &out_buf[VERSION_CODE_LEN],
70 PBKDF_SALT_LEN);
71
72 const uint8_t* mk = master_key.data();
73 const uint8_t* cipher_key = mk;
74 const uint8_t* mac_key = mk + CIPHER_KEY_LEN;
75 const uint8_t* iv = mk + CIPHER_KEY_LEN + MAC_KEY_LEN;
76
77 // Now encrypt and authenticate
78 auto ctr = Cipher_Mode::create_or_throw("Serpent/CTR-BE", Cipher_Dir::Encryption);
79 ctr->set_key(cipher_key, CIPHER_KEY_LEN);
80 ctr->start(iv, CIPHER_IV_LEN);
81 ctr->finish(out_buf, CRYPTOBOX_HEADER_LEN);
82
83 std::unique_ptr<MessageAuthenticationCode> hmac = MessageAuthenticationCode::create_or_throw("HMAC(SHA-512)");
84 hmac->set_key(mac_key, MAC_KEY_LEN);
85 if(input_len > 0) {
86 hmac->update(&out_buf[CRYPTOBOX_HEADER_LEN], input_len);
87 }
88
89 // Can't write directly because of MAC truncation
90 secure_vector<uint8_t> mac = hmac->final();
91 copy_mem(&out_buf[VERSION_CODE_LEN + PBKDF_SALT_LEN], mac.data(), MAC_OUTPUT_LEN);
92
93 return PEM_Code::encode(out_buf, "BOTAN CRYPTOBOX MESSAGE");
94}
void randomize(std::span< uint8_t > output)
Definition rng.h:71
std::string encode(const uint8_t der[], size_t length, std::string_view label, size_t width)
Definition pem.cpp:39
constexpr void copy_mem(T *out, const T *in, size_t n)
Definition mem_ops.h:145
constexpr auto store_be(ParamTs &&... params)
Definition loadstor.h:745

References Botan::copy_mem(), Botan::Cipher_Mode::create_or_throw(), Botan::MessageAuthenticationCode::create_or_throw(), Botan::PasswordHashFamily::create_or_throw(), Botan::PEM_Code::encode(), Botan::Encryption, Botan::RandomNumberGenerator::randomize(), and Botan::store_be().