Botan 3.8.1
Crypto and TLS for C&
ocb.h
Go to the documentation of this file.
1/*
2* OCB Mode
3* (C) 2013,2014 Jack Lloyd
4* (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#ifndef BOTAN_AEAD_OCB_H_
10#define BOTAN_AEAD_OCB_H_
11
12#include <botan/aead.h>
13
14#include <botan/assert.h>
15#include <botan/block_cipher.h>
16
17namespace Botan {
18
19class L_computer;
20
21/**
22* OCB Mode (base class for OCB_Encryption and OCB_Decryption).
23* OCB was previously patented in the United States but the patent
24* has now been allowed to lapse.
25*
26* @see "The OCB Authenticated-Encryption Algorithm" RFC 7253
27* https://tools.ietf.org/html/rfc7253
28* @see "OCB For Block Ciphers Without 128-Bit Blocks"
29* (draft-krovetz-ocb-wide-d3) for the extension of OCB to
30* block ciphers with larger block sizes.
31* @see https://mailarchive.ietf.org/arch/msg/cfrg/qLTveWOdTJcLn4HP3ev-vrj05Vg/
32*/
34 public:
35 void set_associated_data_n(size_t idx, std::span<const uint8_t> ad) override final;
36
37 std::string name() const override final;
38
39 size_t update_granularity() const override final;
40
41 size_t ideal_granularity() const override final;
42
43 Key_Length_Specification key_spec() const override final;
44
45 bool valid_nonce_length(size_t) const override final;
46
47 size_t tag_size() const override final { return m_tag_size; }
48
49 void clear() override final;
50
51 void reset() override final;
52
53 bool has_keying_material() const override final;
54
56
57 protected:
58 /**
59 * @param cipher the block cipher to use
60 * @param tag_size is how big the auth tag will be
61 */
62 OCB_Mode(std::unique_ptr<BlockCipher> cipher, size_t tag_size);
63
64 size_t block_size() const { return m_block_size; }
65
66 size_t par_blocks() const { return m_par_blocks; }
67
68 size_t par_bytes() const { return m_checksum.size(); }
69
70 // fixme make these private
71 std::unique_ptr<BlockCipher> m_cipher;
72 std::unique_ptr<L_computer> m_L;
73
74 size_t m_block_index = 0;
75
78
79 private:
80 void start_msg(const uint8_t nonce[], size_t nonce_len) override final;
81
82 void key_schedule(std::span<const uint8_t> key) override final;
83
84 const secure_vector<uint8_t>& update_nonce(const uint8_t nonce[], size_t nonce_len);
85
86 const size_t m_tag_size;
87 const size_t m_block_size;
88 const size_t m_par_blocks;
89 secure_vector<uint8_t> m_last_nonce;
90 secure_vector<uint8_t> m_stretch;
91 secure_vector<uint8_t> m_nonce_buf;
93};
94
96 public:
97 /**
98 * @param cipher the block cipher to use
99 * @param tag_size is how big the auth tag will be
100 */
101 OCB_Encryption(std::unique_ptr<BlockCipher> cipher, size_t tag_size = 16) :
102 OCB_Mode(std::move(cipher), tag_size) {}
103
104 size_t output_length(size_t input_length) const override { return input_length + tag_size(); }
105
106 size_t minimum_final_size() const override { return 0; }
107
108 private:
109 void encrypt(uint8_t input[], size_t blocks);
110 size_t process_msg(uint8_t buf[], size_t size) override;
111 void finish_msg(secure_vector<uint8_t>& final_block, size_t offset = 0) override;
112};
113
115 public:
116 /**
117 * @param cipher the block cipher to use
118 * @param tag_size is how big the auth tag will be
119 */
120 OCB_Decryption(std::unique_ptr<BlockCipher> cipher, size_t tag_size = 16) :
121 OCB_Mode(std::move(cipher), tag_size) {}
122
123 size_t output_length(size_t input_length) const override {
124 BOTAN_ASSERT(input_length >= tag_size(), "Sufficient input");
125 return input_length - tag_size();
126 }
127
128 size_t minimum_final_size() const override { return tag_size(); }
129
130 private:
131 void decrypt(uint8_t input[], size_t blocks);
132 size_t process_msg(uint8_t buf[], size_t size) override;
133 void finish_msg(secure_vector<uint8_t>& final_block, size_t offset = 0) override;
134};
135
136} // namespace Botan
137
138#endif
#define BOTAN_TEST_API
Definition api.h:39
#define BOTAN_ASSERT(expr, assertion_made)
Definition assert.h:52
size_t output_length(size_t input_length) const override
Definition ocb.h:123
size_t minimum_final_size() const override
Definition ocb.h:128
OCB_Decryption(std::unique_ptr< BlockCipher > cipher, size_t tag_size=16)
Definition ocb.h:120
OCB_Encryption(std::unique_ptr< BlockCipher > cipher, size_t tag_size=16)
Definition ocb.h:101
size_t minimum_final_size() const override
Definition ocb.h:106
size_t output_length(size_t input_length) const override
Definition ocb.h:104
std::string name() const override final
Definition ocb.cpp:208
size_t par_bytes() const
Definition ocb.h:68
size_t block_size() const
Definition ocb.h:64
size_t par_blocks() const
Definition ocb.h:66
size_t tag_size() const override final
Definition ocb.h:47
size_t ideal_granularity() const override final
Definition ocb.cpp:216
bool valid_nonce_length(size_t) const override final
Definition ocb.cpp:197
secure_vector< uint8_t > m_checksum
Definition ocb.h:76
std::unique_ptr< BlockCipher > m_cipher
Definition ocb.h:71
secure_vector< uint8_t > m_ad_hash
Definition ocb.h:77
void set_associated_data_n(size_t idx, std::span< const uint8_t > ad) override final
Definition ocb.cpp:233
size_t update_granularity() const override final
Definition ocb.cpp:212
size_t m_block_index
Definition ocb.h:74
Key_Length_Specification key_spec() const override final
Definition ocb.cpp:220
OCB_Mode(std::unique_ptr< BlockCipher > cipher, size_t tag_size)
Definition ocb.cpp:161
std::unique_ptr< L_computer > m_L
Definition ocb.h:72
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:65