Botan 3.8.1
Crypto and TLS for C&
tls_cbc.h
Go to the documentation of this file.
1/*
2* TLS CBC+HMAC AEAD
3* (C) 2016 Jack Lloyd
4* (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#ifndef BOTAN_TLS_CBC_HMAC_AEAD_H_
10#define BOTAN_TLS_CBC_HMAC_AEAD_H_
11
12#include <botan/aead.h>
13#include <botan/block_cipher.h>
14#include <botan/mac.h>
15#include <botan/tls_version.h>
16
17namespace Botan::TLS {
18
19/**
20* TLS CBC+HMAC AEAD base class (GenericBlockCipher in TLS spec)
21* This is the weird TLS-specific mode, not for general consumption.
22*/
23class BOTAN_TEST_API TLS_CBC_HMAC_AEAD_Mode : public AEAD_Mode {
24 public:
25 std::string name() const final;
26
27 void set_associated_data_n(size_t idx, std::span<const uint8_t> ad) override;
28
29 size_t update_granularity() const final;
30
31 size_t ideal_granularity() const final;
32
33 Key_Length_Specification key_spec() const final;
34
35 bool valid_nonce_length(size_t nl) const final;
36
37 size_t tag_size() const final { return m_tag_size; }
38
39 size_t default_nonce_length() const final { return m_iv_size; }
40
41 void clear() final;
42
43 void reset() final;
44
45 bool has_keying_material() const final;
46
47 protected:
48 TLS_CBC_HMAC_AEAD_Mode(Cipher_Dir direction,
49 std::unique_ptr<BlockCipher> cipher,
50 std::unique_ptr<MessageAuthenticationCode> mac,
51 size_t cipher_keylen,
52 size_t mac_keylen,
53 Protocol_Version version,
54 bool use_encrypt_then_mac);
55
56 size_t cipher_keylen() const { return m_cipher_keylen; }
57
58 size_t mac_keylen() const { return m_mac_keylen; }
59
60 size_t iv_size() const { return m_iv_size; }
61
62 size_t block_size() const { return m_block_size; }
63
64 bool use_encrypt_then_mac() const { return m_use_encrypt_then_mac; }
65
66 bool is_datagram_protocol() const { return m_is_datagram; }
67
68 Cipher_Mode& cbc() const { return *m_cbc; }
69
70 MessageAuthenticationCode& mac() const { return *m_mac; }
71
72 secure_vector<uint8_t>& cbc_state() { return m_cbc_state; }
73
74 std::vector<uint8_t>& assoc_data() { return m_ad; }
75
76 secure_vector<uint8_t>& msg() { return m_msg; }
77
78 std::vector<uint8_t> assoc_data_with_len(uint16_t len);
79
80 private:
81 void start_msg(const uint8_t nonce[], size_t nonce_len) final;
82 size_t process_msg(uint8_t buf[], size_t sz) final;
83
84 void key_schedule(std::span<const uint8_t> key) final;
85
86 const std::string m_cipher_name;
87 const std::string m_mac_name;
88 size_t m_cipher_keylen;
89 size_t m_mac_keylen;
90 size_t m_iv_size;
91 size_t m_tag_size;
92 size_t m_block_size;
93 bool m_use_encrypt_then_mac;
94 bool m_is_datagram;
95
96 std::unique_ptr<Cipher_Mode> m_cbc;
97 std::unique_ptr<MessageAuthenticationCode> m_mac;
98
99 secure_vector<uint8_t> m_cbc_state;
100 std::vector<uint8_t> m_ad;
101 secure_vector<uint8_t> m_msg;
102};
103
104/**
105* TLS_CBC_HMAC_AEAD Encryption
106*/
107class BOTAN_TEST_API TLS_CBC_HMAC_AEAD_Encryption final : public TLS_CBC_HMAC_AEAD_Mode {
108 public:
109 /**
110 */
111 TLS_CBC_HMAC_AEAD_Encryption(std::unique_ptr<BlockCipher> cipher,
112 std::unique_ptr<MessageAuthenticationCode> mac,
113 const size_t cipher_keylen,
114 const size_t mac_keylen,
115 const Protocol_Version version,
116 bool use_encrypt_then_mac) :
117 TLS_CBC_HMAC_AEAD_Mode(Cipher_Dir::Encryption,
118 std::move(cipher),
119 std::move(mac),
120 cipher_keylen,
121 mac_keylen,
122 version,
123 use_encrypt_then_mac) {}
124
125 void set_associated_data_n(size_t idx, std::span<const uint8_t> ad) override;
126
127 size_t output_length(size_t input_length) const override;
128
129 size_t minimum_final_size() const override { return 0; }
130
131 private:
132 void finish_msg(secure_vector<uint8_t>& final_block, size_t offset = 0) override;
133 void cbc_encrypt_record(secure_vector<uint8_t>& buffer, size_t offset, size_t padding_length);
134};
135
136/**
137* TLS_CBC_HMAC_AEAD Decryption
138*/
139class BOTAN_TEST_API TLS_CBC_HMAC_AEAD_Decryption final : public TLS_CBC_HMAC_AEAD_Mode {
140 public:
141 /**
142 */
143 TLS_CBC_HMAC_AEAD_Decryption(std::unique_ptr<BlockCipher> cipher,
144 std::unique_ptr<MessageAuthenticationCode> mac,
145 const size_t cipher_keylen,
146 const size_t mac_keylen,
147 const Protocol_Version version,
148 bool use_encrypt_then_mac) :
149 TLS_CBC_HMAC_AEAD_Mode(Cipher_Dir::Decryption,
150 std::move(cipher),
151 std::move(mac),
152 cipher_keylen,
153 mac_keylen,
154 version,
155 use_encrypt_then_mac) {}
156
157 size_t output_length(size_t input_length) const override;
158
159 size_t minimum_final_size() const override { return tag_size(); }
160
161 private:
162 void finish_msg(secure_vector<uint8_t>& final_block, size_t offset = 0) override;
163
164 void cbc_decrypt_record(uint8_t record_contents[], size_t record_len);
165
166 void perform_additional_compressions(size_t plen, size_t padlen);
167};
168
169/**
170* Check the TLS padding of a record
171* @param record the record bits
172* @param record_len length of record
173* @return 0 if padding is invalid, otherwise padding_bytes + 1
174*/
175BOTAN_TEST_API uint16_t check_tls_cbc_padding(const uint8_t record[], size_t record_len);
176
177} // namespace Botan::TLS
178
179#endif
BOTAN_TEST_API
#define BOTAN_TEST_API
Definition api.h:39
Botan::AEAD_Mode
Definition aead.h:24
Botan::Cipher_Mode
Definition cipher_mode.h:37
Botan::Key_Length_Specification
Definition sym_algo.h:23
Botan::TLS::Protocol_Version
Definition tls_version.h:34
Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption::TLS_CBC_HMAC_AEAD_Decryption
TLS_CBC_HMAC_AEAD_Decryption(std::unique_ptr< BlockCipher > cipher, std::unique_ptr< MessageAuthenticationCode > mac, const size_t cipher_keylen, const size_t mac_keylen, const Protocol_Version version, bool use_encrypt_then_mac)
Definition tls_cbc.h:143
Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption::minimum_final_size
size_t minimum_final_size() const override
Definition tls_cbc.h:159
Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::TLS_CBC_HMAC_AEAD_Encryption
TLS_CBC_HMAC_AEAD_Encryption(std::unique_ptr< BlockCipher > cipher, std::unique_ptr< MessageAuthenticationCode > mac, const size_t cipher_keylen, const size_t mac_keylen, const Protocol_Version version, bool use_encrypt_then_mac)
Definition tls_cbc.h:111
Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::minimum_final_size
size_t minimum_final_size() const override
Definition tls_cbc.h:129
Botan::TLS::TLS_CBC_HMAC_AEAD_Mode
Definition tls_cbc.h:23
Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::update_granularity
size_t update_granularity() const final
Definition tls_cbc.cpp:71
Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::set_associated_data_n
void set_associated_data_n(size_t idx, std::span< const uint8_t > ad) override
Definition tls_cbc.cpp:130
Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::block_size
size_t block_size() const
Definition tls_cbc.h:62
Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::cbc_state
secure_vector< uint8_t > & cbc_state()
Definition tls_cbc.h:72
Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::mac_keylen
size_t mac_keylen() const
Definition tls_cbc.h:58
Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::key_spec
Key_Length_Specification key_spec() const final
Definition tls_cbc.cpp:86
Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::default_nonce_length
size_t default_nonce_length() const final
Definition tls_cbc.h:39
Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::ideal_granularity
size_t ideal_granularity() const final
Definition tls_cbc.cpp:75
Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::name
std::string name() const final
Definition tls_cbc.cpp:67
Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::use_encrypt_then_mac
bool use_encrypt_then_mac() const
Definition tls_cbc.h:64
Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::is_datagram_protocol
bool is_datagram_protocol() const
Definition tls_cbc.h:66
Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::assoc_data
std::vector< uint8_t > & assoc_data()
Definition tls_cbc.h:74
Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::msg
secure_vector< uint8_t > & msg()
Definition tls_cbc.h:76
Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::TLS_CBC_HMAC_AEAD_Mode
TLS_CBC_HMAC_AEAD_Mode(Cipher_Dir direction, std::unique_ptr< BlockCipher > cipher, std::unique_ptr< MessageAuthenticationCode > mac, size_t cipher_keylen, size_t mac_keylen, Protocol_Version version, bool use_encrypt_then_mac)
Definition tls_cbc.cpp:26
Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::cipher_keylen
size_t cipher_keylen() const
Definition tls_cbc.h:56
Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::mac
MessageAuthenticationCode & mac() const
Definition tls_cbc.h:70
Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::cbc
Cipher_Mode & cbc() const
Definition tls_cbc.h:68
Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::iv_size
size_t iv_size() const
Definition tls_cbc.h:60
Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::tag_size
size_t tag_size() const final
Definition tls_cbc.h:37
Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::valid_nonce_length
bool valid_nonce_length(size_t nl) const final
Definition tls_cbc.cpp:79
Botan::TLS::check_tls_cbc_padding
uint16_t check_tls_cbc_padding(const uint8_t record[], size_t record_len)
Definition tls_cbc.cpp:237
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:65
Generated by doxygen 1.13.2