Botan  2.11.0
Crypto and TLS for C++11
tls_cbc.h
Go to the documentation of this file.
1 /*
2 * TLS CBC+HMAC AEAD
3 * (C) 2016 Jack Lloyd
4 * (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #ifndef BOTAN_TLS_CBC_HMAC_AEAD_H_
10 #define BOTAN_TLS_CBC_HMAC_AEAD_H_
11 
12 #include <botan/aead.h>
13 #include <botan/block_cipher.h>
14 #include <botan/mac.h>
15 #include <botan/tls_version.h>
16 
17 namespace Botan {
18 
19 namespace TLS {
20 
21 /**
22 * TLS CBC+HMAC AEAD base class (GenericBlockCipher in TLS spec)
23 * This is the weird TLS-specific mode, not for general consumption.
24 */
25 class BOTAN_TEST_API TLS_CBC_HMAC_AEAD_Mode : public AEAD_Mode
26  {
27  public:
28  size_t process(uint8_t buf[], size_t sz) override final;
29 
30  std::string name() const override final;
31 
32  void set_associated_data(const uint8_t ad[], size_t ad_len) override;
33 
34  size_t update_granularity() const override final;
35 
36  Key_Length_Specification key_spec() const override final;
37 
38  bool valid_nonce_length(size_t nl) const override final;
39 
40  size_t tag_size() const override final { return m_tag_size; }
41 
42  size_t default_nonce_length() const override final { return m_iv_size; }
43 
44  void clear() override final;
45 
46  void reset() override final;
47 
48  protected:
50  std::unique_ptr<BlockCipher> cipher,
51  std::unique_ptr<MessageAuthenticationCode> mac,
52  size_t cipher_keylen,
53  size_t mac_keylen,
54  Protocol_Version version,
55  bool use_encrypt_then_mac);
56 
57  size_t cipher_keylen() const { return m_cipher_keylen; }
58  size_t mac_keylen() const { return m_mac_keylen; }
59  size_t iv_size() const { return m_iv_size; }
60  size_t block_size() const { return m_block_size; }
61 
62  bool use_encrypt_then_mac() const { return m_use_encrypt_then_mac; }
63 
64  bool is_datagram_protocol() const { return m_is_datagram; }
65 
66  Cipher_Mode& cbc() const { return *m_cbc; }
67 
68  MessageAuthenticationCode& mac() const
69  {
70  BOTAN_ASSERT_NONNULL(m_mac);
71  return *m_mac;
72  }
73 
74  secure_vector<uint8_t>& cbc_state() { return m_cbc_state; }
75  std::vector<uint8_t>& assoc_data() { return m_ad; }
76  secure_vector<uint8_t>& msg() { return m_msg; }
77 
78  std::vector<uint8_t> assoc_data_with_len(uint16_t len);
79 
80  private:
81  void start_msg(const uint8_t nonce[], size_t nonce_len) override final;
82 
83  void key_schedule(const uint8_t key[], size_t length) override final;
84 
85  const std::string m_cipher_name;
86  const std::string m_mac_name;
87  size_t m_cipher_keylen;
88  size_t m_mac_keylen;
89  size_t m_iv_size;
90  size_t m_tag_size;
91  size_t m_block_size;
92  bool m_use_encrypt_then_mac;
93  bool m_is_datagram;
94 
95  std::unique_ptr<Cipher_Mode> m_cbc;
96  std::unique_ptr<MessageAuthenticationCode> m_mac;
97 
98  secure_vector<uint8_t> m_cbc_state;
99  std::vector<uint8_t> m_ad;
101  };
102 
103 /**
104 * TLS_CBC_HMAC_AEAD Encryption
105 */
107  {
108  public:
109  /**
110  */
112  std::unique_ptr<BlockCipher> cipher,
113  std::unique_ptr<MessageAuthenticationCode> mac,
114  const size_t cipher_keylen,
115  const size_t mac_keylen,
116  const Protocol_Version version,
117  bool use_encrypt_then_mac) :
119  std::move(cipher),
120  std::move(mac),
121  cipher_keylen,
122  mac_keylen,
123  version,
124  use_encrypt_then_mac)
125  {}
126 
127  void set_associated_data(const uint8_t ad[], size_t ad_len) override;
128 
129  size_t output_length(size_t input_length) const override;
130 
131  size_t minimum_final_size() const override { return 0; }
132 
133  void finish(secure_vector<uint8_t>& final_block, size_t offset = 0) override;
134  private:
135  void cbc_encrypt_record(uint8_t record_contents[], size_t record_len);
136  };
137 
138 /**
139 * TLS_CBC_HMAC_AEAD Decryption
140 */
142  {
143  public:
144  /**
145  */
146  TLS_CBC_HMAC_AEAD_Decryption(std::unique_ptr<BlockCipher> cipher,
147  std::unique_ptr<MessageAuthenticationCode> mac,
148  const size_t cipher_keylen,
149  const size_t mac_keylen,
150  const Protocol_Version version,
151  bool use_encrypt_then_mac) :
153  std::move(cipher),
154  std::move(mac),
155  cipher_keylen,
156  mac_keylen,
157  version,
158  use_encrypt_then_mac)
159  {}
160 
161  size_t output_length(size_t input_length) const override;
162 
163  size_t minimum_final_size() const override { return tag_size(); }
164 
165  void finish(secure_vector<uint8_t>& final_block, size_t offset = 0) override;
166 
167  private:
168  void cbc_decrypt_record(uint8_t record_contents[], size_t record_len);
169 
170  void perform_additional_compressions(size_t plen, size_t padlen);
171  };
172 
173 /**
174 * Check the TLS padding of a record
175 * @param record the record bits
176 * @param record_len length of record
177 * @return 0 if padding is invalid, otherwise padding_bytes + 1
178 */
179 BOTAN_TEST_API uint16_t check_tls_cbc_padding(const uint8_t record[], size_t record_len);
180 
181 }
182 
183 }
184 
185 #endif
size_t * tag_size
Definition: ffi.h:450
std::string size_t len
Definition: pk_keys.h:305
TLS_CBC_HMAC_AEAD_Decryption(std::unique_ptr< BlockCipher > cipher, std::unique_ptr< MessageAuthenticationCode > mac, const size_t cipher_keylen, const size_t mac_keylen, const Protocol_Version version, bool use_encrypt_then_mac)
Definition: tls_cbc.h:146
bool BigInt BigInt size_t size_t const std::vector< uint8_t > size_t offset
Definition: numthry.h:271
size_t const uint8_t size_t input_length
Definition: base32.h:30
const uint8_t size_t nonce_len
Definition: ffi.h:504
const uint8_t * buf
Definition: ffi.h:371
size_t * output_length
Definition: ffi.h:280
int(* final)(unsigned char *, CTX *)
Cipher_Mode & cbc() const
Definition: tls_cbc.h:66
Definition: bigint.h:1136
char * name
Definition: ffi.h:330
MessageAuthenticationCode & mac() const
Definition: tls_cbc.h:68
#define BOTAN_TEST_API
Definition: compiler.h:45
class BOTAN_PUBLIC_API(2, 11) Argon2 final class BOTAN_PUBLIC_API(2, 11) Argon2_Family final void size_t const char size_t const uint8_t size_t const uint8_t size_t const uint8_t size_t ad_len
Definition: argon2.h:87
std::string m_cipher_name
size_t default_nonce_length() const override final
Definition: tls_cbc.h:42
secure_vector< uint8_t > & cbc_state()
Definition: tls_cbc.h:74
size_t minimum_final_size() const override
Definition: tls_cbc.h:163
class BOTAN_PUBLIC_API(2, 11) Argon2 final class BOTAN_PUBLIC_API(2, 11) Argon2_Family final void size_t const char size_t const uint8_t size_t const uint8_t size_t const uint8_t ad[]
Definition: argon2.h:87
TLS_CBC_HMAC_AEAD_Encryption(std::unique_ptr< BlockCipher > cipher, std::unique_ptr< MessageAuthenticationCode > mac, const size_t cipher_keylen, const size_t mac_keylen, const Protocol_Version version, bool use_encrypt_then_mac)
Definition: tls_cbc.h:111
#define BOTAN_ASSERT_NONNULL(ptr)
Definition: assert.h:107
void BlockCipher * cipher
Definition: package.h:29
size_t nl
Definition: ffi.h:445
size_t tag_size() const override final
Definition: tls_cbc.h:40
class BOTAN_PUBLIC_API(2, 11) Argon2 final class BOTAN_PUBLIC_API(2, 11) Argon2_Family final void size_t const char size_t const uint8_t size_t const uint8_t key[]
Definition: argon2.h:87
std::vector< uint8_t > & assoc_data()
Definition: tls_cbc.h:75
Definition: alg_id.cpp:13
size_t minimum_final_size() const override
Definition: tls_cbc.h:131
Cipher_Dir
Definition: cipher_mode.h:23
uint16_t check_tls_cbc_padding(const uint8_t record[], size_t record_len)
Definition: tls_cbc.cpp:224
const uint8_t * nonce
Definition: ffi.h:504
secure_vector< uint8_t > & msg()
Definition: tls_cbc.h:76
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:65