Botan  2.18.1
Crypto and TLS for C++11
ocb.h
Go to the documentation of this file.
1 /*
2 * OCB Mode
3 * (C) 2013,2014 Jack Lloyd
4 * (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #ifndef BOTAN_AEAD_OCB_H_
10 #define BOTAN_AEAD_OCB_H_
11 
12 #include <botan/aead.h>
13 
15 
16 namespace Botan {
17 
18 class BlockCipher;
19 class L_computer;
20 
21 /**
22 * OCB Mode (base class for OCB_Encryption and OCB_Decryption). Note
23 * that OCB is patented, but is freely licensed in some circumstances.
24 *
25 * @see "The OCB Authenticated-Encryption Algorithm" RFC 7253
26 * https://tools.ietf.org/html/rfc7253
27 * @see "OCB For Block Ciphers Without 128-Bit Blocks"
28 * (draft-krovetz-ocb-wide-d3) for the extension of OCB to
29 * block ciphers with larger block sizes.
30 * @see Free Licenses http://www.cs.ucdavis.edu/~rogaway/ocb/license.htm
31 * @see OCB home page http://www.cs.ucdavis.edu/~rogaway/ocb
32 */
33 class BOTAN_PUBLIC_API(2,0) OCB_Mode : public AEAD_Mode
34  {
35  public:
36  void set_associated_data(const uint8_t ad[], size_t ad_len) override;
37 
38  std::string name() const override;
39 
40  size_t update_granularity() const override;
41 
42  Key_Length_Specification key_spec() const override;
43 
44  bool valid_nonce_length(size_t) const override;
45 
46  size_t tag_size() const override { return m_tag_size; }
47 
48  void clear() override;
49 
50  void reset() override;
51 
52  ~OCB_Mode();
53  protected:
54  /**
55  * @param cipher the block cipher to use
56  * @param tag_size is how big the auth tag will be
57  */
58  OCB_Mode(BlockCipher* cipher, size_t tag_size);
59 
60  size_t block_size() const { return m_block_size; }
61  size_t par_blocks() const { return m_par_blocks; }
62  size_t par_bytes() const { return m_checksum.size(); }
63 
64  // fixme make these private
65  std::unique_ptr<BlockCipher> m_cipher;
66  std::unique_ptr<L_computer> m_L;
67 
68  size_t m_block_index = 0;
69 
72  private:
73  void start_msg(const uint8_t nonce[], size_t nonce_len) override;
74 
75  void key_schedule(const uint8_t key[], size_t length) override;
76 
77  const secure_vector<uint8_t>& update_nonce(const uint8_t nonce[], size_t nonce_len);
78 
79  const size_t m_tag_size;
80  const size_t m_block_size;
81  const size_t m_par_blocks;
82  secure_vector<uint8_t> m_last_nonce;
83  secure_vector<uint8_t> m_stretch;
84  secure_vector<uint8_t> m_nonce_buf;
85  secure_vector<uint8_t> m_offset;
86  };
87 
89  {
90  public:
91  /**
92  * @param cipher the block cipher to use
93  * @param tag_size is how big the auth tag will be
94  */
95  OCB_Encryption(BlockCipher* cipher, size_t tag_size = 16) :
96  OCB_Mode(cipher, tag_size) {}
97 
98  size_t output_length(size_t input_length) const override
99  { return input_length + tag_size(); }
100 
101  size_t minimum_final_size() const override { return 0; }
102 
103  size_t process(uint8_t buf[], size_t size) override;
104 
105  void finish(secure_vector<uint8_t>& final_block, size_t offset = 0) override;
106  private:
107  void encrypt(uint8_t input[], size_t blocks);
108  };
109 
111  {
112  public:
113  /**
114  * @param cipher the block cipher to use
115  * @param tag_size is how big the auth tag will be
116  */
117  OCB_Decryption(BlockCipher* cipher, size_t tag_size = 16) :
118  OCB_Mode(cipher, tag_size) {}
119 
120  size_t output_length(size_t input_length) const override
121  {
122  BOTAN_ASSERT(input_length >= tag_size(), "Sufficient input");
123  return input_length - tag_size();
124  }
125 
126  size_t minimum_final_size() const override { return tag_size(); }
127 
128  size_t process(uint8_t buf[], size_t size) override;
129 
130  void finish(secure_vector<uint8_t>& final_block, size_t offset = 0) override;
131  private:
132  void decrypt(uint8_t input[], size_t blocks);
133  };
134 
135 }
136 
137 #endif
std::unique_ptr< BlockCipher > m_cipher
Definition: ocb.h:65
size_t output_length(size_t input_length) const override
Definition: ocb.h:120
int(* final)(unsigned char *, CTX *)
virtual size_t update_granularity() const =0
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
size_t tag_size() const override
Definition: ocb.h:46
virtual void start_msg(const uint8_t nonce[], size_t nonce_len)=0
size_t par_blocks() const
Definition: ocb.h:61
virtual void reset()=0
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:55
OCB_Decryption(BlockCipher *cipher, size_t tag_size=16)
Definition: ocb.h:117
virtual std::string name() const =0
std::string decrypt(const uint8_t input[], size_t input_len, const std::string &passphrase)
Definition: cryptobox.cpp:162
OCB_Encryption(BlockCipher *cipher, size_t tag_size=16)
Definition: ocb.h:95
virtual void clear()=0
Definition: alg_id.cpp:13
std::unique_ptr< L_computer > m_L
Definition: ocb.h:66
size_t output_length(size_t input_length) const override
Definition: ocb.h:98
virtual Key_Length_Specification key_spec() const =0
virtual size_t process(uint8_t msg[], size_t msg_len)=0
size_t block_size() const
Definition: ocb.h:60
secure_vector< uint8_t > m_ad_hash
Definition: ocb.h:71
size_t minimum_final_size() const override
Definition: ocb.h:126
secure_vector< uint8_t > m_checksum
Definition: ocb.h:70
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:65
virtual void set_associated_data(const uint8_t ad[], size_t ad_len)=0
size_t minimum_final_size() const override
Definition: ocb.h:101
#define BOTAN_FUTURE_INTERNAL_HEADER(hdr)
Definition: compiler.h:136
std::string encrypt(const uint8_t input[], size_t input_len, const std::string &passphrase, RandomNumberGenerator &rng)
Definition: cryptobox.cpp:43
virtual bool valid_nonce_length(size_t nonce_len) const =0
virtual void finish(secure_vector< uint8_t > &final_block, size_t offset=0)=0
size_t par_bytes() const
Definition: ocb.h:62