Botan 3.0.0
Crypto and TLS for C&
tls_cbc.h
Go to the documentation of this file.
1/*
2* TLS CBC+HMAC AEAD
3* (C) 2016 Jack Lloyd
4* (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#ifndef BOTAN_TLS_CBC_HMAC_AEAD_H_
10#define BOTAN_TLS_CBC_HMAC_AEAD_H_
11
12#include <botan/aead.h>
13#include <botan/block_cipher.h>
14#include <botan/mac.h>
15#include <botan/tls_version.h>
16
17namespace Botan {
18
19namespace TLS {
20
21/**
22* TLS CBC+HMAC AEAD base class (GenericBlockCipher in TLS spec)
23* This is the weird TLS-specific mode, not for general consumption.
24*/
26 {
27 public:
28 std::string name() const override final;
29
30 void set_associated_data_n(size_t idx, std::span<const uint8_t> ad) override;
31
32 size_t update_granularity() const override final;
33
34 size_t ideal_granularity() const override final;
35
36 Key_Length_Specification key_spec() const override final;
37
38 bool valid_nonce_length(size_t nl) const override final;
39
40 size_t tag_size() const override final { return m_tag_size; }
41
42 size_t default_nonce_length() const override final { return m_iv_size; }
43
44 void clear() override final;
45
46 void reset() override final;
47
48 bool has_keying_material() const override final;
49 protected:
51 std::unique_ptr<BlockCipher> cipher,
52 std::unique_ptr<MessageAuthenticationCode> mac,
53 size_t cipher_keylen,
54 size_t mac_keylen,
55 Protocol_Version version,
56 bool use_encrypt_then_mac);
57
58 size_t cipher_keylen() const { return m_cipher_keylen; }
59 size_t mac_keylen() const { return m_mac_keylen; }
60 size_t iv_size() const { return m_iv_size; }
61 size_t block_size() const { return m_block_size; }
62
63 bool use_encrypt_then_mac() const { return m_use_encrypt_then_mac; }
64
65 bool is_datagram_protocol() const { return m_is_datagram; }
66
67 Cipher_Mode& cbc() const { return *m_cbc; }
68
70 {
72 return *m_mac;
73 }
74
75 secure_vector<uint8_t>& cbc_state() { return m_cbc_state; }
76 std::vector<uint8_t>& assoc_data() { return m_ad; }
77 secure_vector<uint8_t>& msg() { return m_msg; }
78
79 std::vector<uint8_t> assoc_data_with_len(uint16_t len);
80
81 private:
82 void start_msg(const uint8_t nonce[], size_t nonce_len) override final;
83 size_t process_msg(uint8_t buf[], size_t sz) override final;
84
85 void key_schedule(const uint8_t key[], size_t length) override final;
86
87 const std::string m_cipher_name;
88 const std::string m_mac_name;
89 size_t m_cipher_keylen;
90 size_t m_mac_keylen;
91 size_t m_iv_size;
92 size_t m_tag_size;
93 size_t m_block_size;
94 bool m_use_encrypt_then_mac;
95 bool m_is_datagram;
96
97 std::unique_ptr<Cipher_Mode> m_cbc;
98 std::unique_ptr<MessageAuthenticationCode> m_mac;
99
100 secure_vector<uint8_t> m_cbc_state;
101 std::vector<uint8_t> m_ad;
103 };
104
105/**
106* TLS_CBC_HMAC_AEAD Encryption
107*/
109 {
110 public:
111 /**
112 */
114 std::unique_ptr<BlockCipher> cipher,
115 std::unique_ptr<MessageAuthenticationCode> mac,
116 const size_t cipher_keylen,
117 const size_t mac_keylen,
118 const Protocol_Version version,
119 bool use_encrypt_then_mac) :
121 std::move(cipher),
122 std::move(mac),
123 cipher_keylen,
124 mac_keylen,
125 version,
126 use_encrypt_then_mac)
127 {}
128
129 void set_associated_data_n(size_t idx, std::span<const uint8_t> ad) override;
130
131 size_t output_length(size_t input_length) const override;
132
133 size_t minimum_final_size() const override { return 0; }
134
135 private:
136 void finish_msg(secure_vector<uint8_t>& final_block, size_t offset = 0) override;
137 void cbc_encrypt_record(secure_vector<uint8_t>& buffer, size_t offset,
138 size_t padding_length);
139 };
140
141/**
142* TLS_CBC_HMAC_AEAD Decryption
143*/
145 {
146 public:
147 /**
148 */
149 TLS_CBC_HMAC_AEAD_Decryption(std::unique_ptr<BlockCipher> cipher,
150 std::unique_ptr<MessageAuthenticationCode> mac,
151 const size_t cipher_keylen,
152 const size_t mac_keylen,
153 const Protocol_Version version,
154 bool use_encrypt_then_mac) :
156 std::move(cipher),
157 std::move(mac),
158 cipher_keylen,
159 mac_keylen,
160 version,
161 use_encrypt_then_mac)
162 {}
163
164 size_t output_length(size_t input_length) const override;
165
166 size_t minimum_final_size() const override { return tag_size(); }
167
168 private:
169 void finish_msg(secure_vector<uint8_t>& final_block, size_t offset = 0) override;
170
171 void cbc_decrypt_record(uint8_t record_contents[], size_t record_len);
172
173 void perform_additional_compressions(size_t plen, size_t padlen);
174 };
175
176/**
177* Check the TLS padding of a record
178* @param record the record bits
179* @param record_len length of record
180* @return 0 if padding is invalid, otherwise padding_bytes + 1
181*/
182BOTAN_TEST_API uint16_t check_tls_cbc_padding(const uint8_t record[], size_t record_len);
183
184}
185
186}
187
188#endif
#define BOTAN_ASSERT_NONNULL(ptr)
Definition: assert.h:106
TLS_CBC_HMAC_AEAD_Decryption(std::unique_ptr< BlockCipher > cipher, std::unique_ptr< MessageAuthenticationCode > mac, const size_t cipher_keylen, const size_t mac_keylen, const Protocol_Version version, bool use_encrypt_then_mac)
Definition: tls_cbc.h:149
size_t minimum_final_size() const override
Definition: tls_cbc.h:166
TLS_CBC_HMAC_AEAD_Encryption(std::unique_ptr< BlockCipher > cipher, std::unique_ptr< MessageAuthenticationCode > mac, const size_t cipher_keylen, const size_t mac_keylen, const Protocol_Version version, bool use_encrypt_then_mac)
Definition: tls_cbc.h:113
size_t minimum_final_size() const override
Definition: tls_cbc.h:133
secure_vector< uint8_t > & cbc_state()
Definition: tls_cbc.h:75
std::vector< uint8_t > & assoc_data()
Definition: tls_cbc.h:76
secure_vector< uint8_t > & msg()
Definition: tls_cbc.h:77
size_t tag_size() const override final
Definition: tls_cbc.h:40
MessageAuthenticationCode & mac() const
Definition: tls_cbc.h:69
Cipher_Mode & cbc() const
Definition: tls_cbc.h:67
size_t default_nonce_length() const override final
Definition: tls_cbc.h:42
std::string m_cipher_name
std::string name
int(* final)(unsigned char *, CTX *)
#define BOTAN_TEST_API
Definition: compiler.h:51
uint16_t check_tls_cbc_padding(const uint8_t record[], size_t record_len)
Definition: tls_cbc.cpp:253
Definition: alg_id.cpp:12
Cipher_Dir
Definition: cipher_mode.h:26
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:64
Definition: bigint.h:1092