Botan 3.6.1
Crypto and TLS for C&
ocb.h
Go to the documentation of this file.
1/*
2* OCB Mode
3* (C) 2013,2014 Jack Lloyd
4* (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#ifndef BOTAN_AEAD_OCB_H_
10#define BOTAN_AEAD_OCB_H_
11
12#include <botan/aead.h>
13#include <botan/block_cipher.h>
14
15namespace Botan {
16
17class L_computer;
18
19/**
20* OCB Mode (base class for OCB_Encryption and OCB_Decryption).
21* OCB was previously patented in the United States but the patent
22* has now been allowed to lapse.
23*
24* @see "The OCB Authenticated-Encryption Algorithm" RFC 7253
25* https://tools.ietf.org/html/rfc7253
26* @see "OCB For Block Ciphers Without 128-Bit Blocks"
27* (draft-krovetz-ocb-wide-d3) for the extension of OCB to
28* block ciphers with larger block sizes.
29* @see https://mailarchive.ietf.org/arch/msg/cfrg/qLTveWOdTJcLn4HP3ev-vrj05Vg/
30*/
31class BOTAN_TEST_API OCB_Mode : public AEAD_Mode {
32 public:
33 void set_associated_data_n(size_t idx, std::span<const uint8_t> ad) override final;
34
35 std::string name() const override final;
36
37 size_t update_granularity() const override final;
38
39 size_t ideal_granularity() const override final;
40
41 Key_Length_Specification key_spec() const override final;
42
43 bool valid_nonce_length(size_t) const override final;
44
45 size_t tag_size() const override final { return m_tag_size; }
46
47 void clear() override final;
48
49 void reset() override final;
50
51 bool has_keying_material() const override final;
52
53 ~OCB_Mode();
54
55 protected:
56 /**
57 * @param cipher the block cipher to use
58 * @param tag_size is how big the auth tag will be
59 */
60 OCB_Mode(std::unique_ptr<BlockCipher> cipher, size_t tag_size);
61
62 size_t block_size() const { return m_block_size; }
63
64 size_t par_blocks() const { return m_par_blocks; }
65
66 size_t par_bytes() const { return m_checksum.size(); }
67
68 // fixme make these private
69 std::unique_ptr<BlockCipher> m_cipher;
70 std::unique_ptr<L_computer> m_L;
71
72 size_t m_block_index = 0;
73
74 secure_vector<uint8_t> m_checksum;
75 secure_vector<uint8_t> m_ad_hash;
76
77 private:
78 void start_msg(const uint8_t nonce[], size_t nonce_len) override final;
79
80 void key_schedule(std::span<const uint8_t> key) override final;
81
82 const secure_vector<uint8_t>& update_nonce(const uint8_t nonce[], size_t nonce_len);
83
84 const size_t m_tag_size;
85 const size_t m_block_size;
86 const size_t m_par_blocks;
87 secure_vector<uint8_t> m_last_nonce;
88 secure_vector<uint8_t> m_stretch;
89 secure_vector<uint8_t> m_nonce_buf;
90 secure_vector<uint8_t> m_offset;
91};
92
93class BOTAN_TEST_API OCB_Encryption final : public OCB_Mode {
94 public:
95 /**
96 * @param cipher the block cipher to use
97 * @param tag_size is how big the auth tag will be
98 */
99 OCB_Encryption(std::unique_ptr<BlockCipher> cipher, size_t tag_size = 16) :
100 OCB_Mode(std::move(cipher), tag_size) {}
101
102 size_t output_length(size_t input_length) const override { return input_length + tag_size(); }
103
104 size_t minimum_final_size() const override { return 0; }
105
106 private:
107 void encrypt(uint8_t input[], size_t blocks);
108 size_t process_msg(uint8_t buf[], size_t size) override;
109 void finish_msg(secure_vector<uint8_t>& final_block, size_t offset = 0) override;
110};
111
112class BOTAN_TEST_API OCB_Decryption final : public OCB_Mode {
113 public:
114 /**
115 * @param cipher the block cipher to use
116 * @param tag_size is how big the auth tag will be
117 */
118 OCB_Decryption(std::unique_ptr<BlockCipher> cipher, size_t tag_size = 16) :
119 OCB_Mode(std::move(cipher), tag_size) {}
120
121 size_t output_length(size_t input_length) const override {
122 BOTAN_ASSERT(input_length >= tag_size(), "Sufficient input");
123 return input_length - tag_size();
124 }
125
126 size_t minimum_final_size() const override { return tag_size(); }
127
128 private:
129 void decrypt(uint8_t input[], size_t blocks);
130 size_t process_msg(uint8_t buf[], size_t size) override;
131 void finish_msg(secure_vector<uint8_t>& final_block, size_t offset = 0) override;
132};
133
134} // namespace Botan
135
136#endif
BOTAN_ASSERT
#define BOTAN_ASSERT(expr, assertion_made)
Definition assert.h:50
Botan::AEAD_Mode
Definition aead.h:24
Botan::Key_Length_Specification
Definition sym_algo.h:21
Botan::OCB_Decryption
Definition ocb.h:112
Botan::OCB_Decryption::output_length
size_t output_length(size_t input_length) const override
Definition ocb.h:121
Botan::OCB_Decryption::minimum_final_size
size_t minimum_final_size() const override
Definition ocb.h:126
Botan::OCB_Decryption::OCB_Decryption
OCB_Decryption(std::unique_ptr< BlockCipher > cipher, size_t tag_size=16)
Definition ocb.h:118
Botan::OCB_Encryption
Definition ocb.h:93
Botan::OCB_Encryption::OCB_Encryption
OCB_Encryption(std::unique_ptr< BlockCipher > cipher, size_t tag_size=16)
Definition ocb.h:99
Botan::OCB_Encryption::minimum_final_size
size_t minimum_final_size() const override
Definition ocb.h:104
Botan::OCB_Encryption::output_length
size_t output_length(size_t input_length) const override
Definition ocb.h:102
Botan::OCB_Mode
Definition ocb.h:31
Botan::OCB_Mode::par_bytes
size_t par_bytes() const
Definition ocb.h:66
Botan::OCB_Mode::par_blocks
size_t par_blocks() const
Definition ocb.h:64
Botan::OCB_Mode::tag_size
size_t tag_size() const override final
Definition ocb.h:45
Botan::OCB_Mode::m_checksum
secure_vector< uint8_t > m_checksum
Definition ocb.h:74
Botan::OCB_Mode::m_cipher
std::unique_ptr< BlockCipher > m_cipher
Definition ocb.h:69
Botan::OCB_Mode::m_ad_hash
secure_vector< uint8_t > m_ad_hash
Definition ocb.h:75
Botan::OCB_Mode::m_L
std::unique_ptr< L_computer > m_L
Definition ocb.h:70
name
std::string name
Definition commoncrypto_hash.cpp:24
final
int(* final)(unsigned char *, CTX *)
Definition commoncrypto_hash.cpp:29
BOTAN_TEST_API
#define BOTAN_TEST_API
Definition compiler.h:51
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61
Generated by doxygen 1.12.0