Botan  2.7.0
Crypto and TLS for C++11
tls_cbc.h
Go to the documentation of this file.
1 /*
2 * TLS CBC+HMAC AEAD
3 * (C) 2016 Jack Lloyd
4 * (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #ifndef BOTAN_TLS_CBC_HMAC_AEAD_H_
10 #define BOTAN_TLS_CBC_HMAC_AEAD_H_
11 
12 #include <botan/aead.h>
13 #include <botan/block_cipher.h>
14 #include <botan/mac.h>
15 
16 namespace Botan {
17 
18 namespace TLS {
19 
20 /**
21 * TLS CBC+HMAC AEAD base class (GenericBlockCipher in TLS spec)
22 * This is the weird TLS-specific mode, not for general consumption.
23 */
25  {
26  public:
27  size_t process(uint8_t buf[], size_t sz) override final;
28 
29  std::string name() const override final;
30 
31  void set_associated_data(const uint8_t ad[], size_t ad_len) override;
32 
33  size_t update_granularity() const override final;
34 
35  Key_Length_Specification key_spec() const override final;
36 
37  bool valid_nonce_length(size_t nl) const override final;
38 
39  size_t tag_size() const override final { return m_tag_size; }
40 
41  size_t default_nonce_length() const override final { return m_iv_size; }
42 
43  void clear() override final;
44 
45  void reset() override final;
46 
47  protected:
49  std::unique_ptr<BlockCipher> cipher,
50  std::unique_ptr<MessageAuthenticationCode> mac,
51  size_t cipher_keylen,
52  size_t mac_keylen,
53  bool use_explicit_iv,
54  bool use_encrypt_then_mac);
55 
56  size_t cipher_keylen() const { return m_cipher_keylen; }
57  size_t mac_keylen() const { return m_mac_keylen; }
58  size_t iv_size() const { return m_iv_size; }
59  size_t block_size() const { return m_block_size; }
60 
61  bool use_encrypt_then_mac() const { return m_use_encrypt_then_mac; }
62 
63  Cipher_Mode& cbc() const { return *m_cbc; }
64 
66  {
67  BOTAN_ASSERT_NONNULL(m_mac);
68  return *m_mac;
69  }
70 
71  secure_vector<uint8_t>& cbc_state() { return m_cbc_state; }
72  std::vector<uint8_t>& assoc_data() { return m_ad; }
73  secure_vector<uint8_t>& msg() { return m_msg; }
74 
75  std::vector<uint8_t> assoc_data_with_len(uint16_t len);
76 
77  private:
78  void start_msg(const uint8_t nonce[], size_t nonce_len) override final;
79 
80  void key_schedule(const uint8_t key[], size_t length) override final;
81 
82  const std::string m_cipher_name;
83  const std::string m_mac_name;
84  size_t m_cipher_keylen;
85  size_t m_mac_keylen;
86  size_t m_iv_size;
87  size_t m_tag_size;
88  size_t m_block_size;
89  bool m_use_encrypt_then_mac;
90 
91  std::unique_ptr<Cipher_Mode> m_cbc;
92  std::unique_ptr<MessageAuthenticationCode> m_mac;
93 
94  secure_vector<uint8_t> m_cbc_state;
95  std::vector<uint8_t> m_ad;
97  };
98 
99 /**
100 * TLS_CBC_HMAC_AEAD Encryption
101 */
103  {
104  public:
105  /**
106  */
108  std::unique_ptr<BlockCipher> cipher,
109  std::unique_ptr<MessageAuthenticationCode> mac,
110  const size_t cipher_keylen,
111  const size_t mac_keylen,
112  bool use_explicit_iv,
113  bool use_encrypt_then_mac) :
115  std::move(cipher),
116  std::move(mac),
117  cipher_keylen,
118  mac_keylen,
119  use_explicit_iv,
120  use_encrypt_then_mac)
121  {}
122 
123  void set_associated_data(const uint8_t ad[], size_t ad_len) override;
124 
125  size_t output_length(size_t input_length) const override;
126 
127  size_t minimum_final_size() const override { return 0; }
128 
129  void finish(secure_vector<uint8_t>& final_block, size_t offset = 0) override;
130  private:
131  void cbc_encrypt_record(uint8_t record_contents[], size_t record_len);
132  };
133 
134 /**
135 * TLS_CBC_HMAC_AEAD Decryption
136 */
138  {
139  public:
140  /**
141  */
142  TLS_CBC_HMAC_AEAD_Decryption(std::unique_ptr<BlockCipher> cipher,
143  std::unique_ptr<MessageAuthenticationCode> mac,
144  const size_t cipher_keylen,
145  const size_t mac_keylen,
146  bool use_explicit_iv,
147  bool use_encrypt_then_mac) :
149  std::move(cipher),
150  std::move(mac),
151  cipher_keylen,
152  mac_keylen,
153  use_explicit_iv,
154  use_encrypt_then_mac)
155  {}
156 
157  size_t output_length(size_t input_length) const override;
158 
159  size_t minimum_final_size() const override { return tag_size(); }
160 
161  void finish(secure_vector<uint8_t>& final_block, size_t offset = 0) override;
162 
163  private:
164  void cbc_decrypt_record(uint8_t record_contents[], size_t record_len);
165 
166  void perform_additional_compressions(size_t plen, size_t padlen);
167  };
168 
169 /**
170 * Check the TLS padding of a record
171 * @param record the record bits
172 * @param record_len length of record
173 * @return 0 if padding is invalid, otherwise padding_bytes + 1
174 */
175 BOTAN_TEST_API uint16_t check_tls_cbc_padding(const uint8_t record[], size_t record_len);
176 
177 }
178 
179 }
180 
181 #endif
std::string m_cipher_name
TLS_CBC_HMAC_AEAD_Encryption(std::unique_ptr< BlockCipher > cipher, std::unique_ptr< MessageAuthenticationCode > mac, const size_t cipher_keylen, const size_t mac_keylen, bool use_explicit_iv, bool use_encrypt_then_mac)
Definition: tls_cbc.h:107
Cipher_Mode & cbc() const
Definition: tls_cbc.h:63
Definition: bigint.h:796
MessageAuthenticationCode & mac() const
Definition: tls_cbc.h:65
#define BOTAN_TEST_API
Definition: compiler.h:41
size_t default_nonce_length() const override final
Definition: tls_cbc.h:41
secure_vector< uint8_t > & cbc_state()
Definition: tls_cbc.h:71
size_t minimum_final_size() const override
Definition: tls_cbc.h:159
#define BOTAN_ASSERT_NONNULL(ptr)
Definition: assert.h:95
size_t tag_size() const override final
Definition: tls_cbc.h:39
std::vector< uint8_t > & assoc_data()
Definition: tls_cbc.h:72
Definition: alg_id.cpp:13
size_t minimum_final_size() const override
Definition: tls_cbc.h:127
Cipher_Dir
Definition: cipher_mode.h:24
uint16_t check_tls_cbc_padding(const uint8_t record[], size_t record_len)
Definition: tls_cbc.cpp:222
secure_vector< uint8_t > & msg()
Definition: tls_cbc.h:73
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:88
TLS_CBC_HMAC_AEAD_Decryption(std::unique_ptr< BlockCipher > cipher, std::unique_ptr< MessageAuthenticationCode > mac, const size_t cipher_keylen, const size_t mac_keylen, bool use_explicit_iv, bool use_encrypt_then_mac)
Definition: tls_cbc.h:142