doxygen/tls__cbc_8h_source.html

/*

* TLS CBC+HMAC AEAD

* (C) 2016 Jack Lloyd

* (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity

*

* Botan is released under the Simplified BSD License (see license.txt)

*/


#ifndef BOTAN_TLS_CBC_HMAC_AEAD_H_

#define BOTAN_TLS_CBC_HMAC_AEAD_H_


#include <botan/aead.h>


namespace Botan {


class BlockCipher;

class MessageAuthenticationCode;


}  // namespace Botan


namespace Botan::TLS {


class Protocol_Version;


/**

* TLS CBC+HMAC AEAD base class (GenericBlockCipher in TLS spec)

* This is the weird TLS-specific mode, not for general consumption.

*/


class BOTAN_TEST_API TLS_CBC_HMAC_AEAD_Mode : public AEAD_Mode {

   public:

      std::string name() const final;


      void set_associated_data_n(size_t idx, std::span<const uint8_t> ad) override;


      size_t update_granularity() const final;


      size_t ideal_granularity() const final;


      Key_Length_Specification key_spec() const final;


      bool valid_nonce_length(size_t nl) const final;


      size_t tag_size() const final { return m_tag_size; }


      size_t default_nonce_length() const final { return m_iv_size; }


      void clear() final;


      void reset() final;


      bool has_keying_material() const final;


      ~TLS_CBC_HMAC_AEAD_Mode() override;


      TLS_CBC_HMAC_AEAD_Mode(const TLS_CBC_HMAC_AEAD_Mode& other) = delete;

      TLS_CBC_HMAC_AEAD_Mode(TLS_CBC_HMAC_AEAD_Mode&& other) = delete;


      TLS_CBC_HMAC_AEAD_Mode& operator=(const TLS_CBC_HMAC_AEAD_Mode& other) = delete;

      TLS_CBC_HMAC_AEAD_Mode& operator=(TLS_CBC_HMAC_AEAD_Mode&& other) = delete;


   protected:

      TLS_CBC_HMAC_AEAD_Mode(Cipher_Dir direction,

                             std::unique_ptr<BlockCipher> cipher,

                             std::unique_ptr<MessageAuthenticationCode> mac,

                             size_t cipher_keylen,

                             size_t mac_keylen,

                             const Protocol_Version& version,

                             bool use_encrypt_then_mac);


      size_t cipher_keylen() const { return m_cipher_keylen; }


      size_t mac_keylen() const { return m_mac_keylen; }


      size_t iv_size() const { return m_iv_size; }


      size_t block_size() const { return m_block_size; }


      bool use_encrypt_then_mac() const { return m_use_encrypt_then_mac; }


      bool is_datagram_protocol() const { return m_is_datagram; }


      Cipher_Mode& cbc() const { return *m_cbc; }


      MessageAuthenticationCode& mac() const { return *m_mac; }


      secure_vector<uint8_t>& cbc_state() { return m_cbc_state; }


      std::vector<uint8_t>& assoc_data() { return m_ad; }


      secure_vector<uint8_t>& msg() { return m_msg; }


      std::vector<uint8_t> assoc_data_with_len(uint16_t len);


   private:

      void start_msg(const uint8_t nonce[], size_t nonce_len) final;

      size_t process_msg(uint8_t buf[], size_t sz) final;


      void key_schedule(std::span<const uint8_t> key) final;


      std::unique_ptr<Cipher_Mode> m_cbc;

      std::unique_ptr<MessageAuthenticationCode> m_mac;


      const std::string m_cipher_name;

      const std::string m_mac_name;

      size_t m_cipher_keylen;

      size_t m_block_size;

      size_t m_iv_size;

      size_t m_mac_keylen;

      size_t m_tag_size;

      bool m_use_encrypt_then_mac;

      bool m_is_datagram;


      secure_vector<uint8_t> m_cbc_state;

      std::vector<uint8_t> m_ad;

      secure_vector<uint8_t> m_msg;

};


/**

* TLS_CBC_HMAC_AEAD Encryption

*/


class BOTAN_TEST_API TLS_CBC_HMAC_AEAD_Encryption final : public TLS_CBC_HMAC_AEAD_Mode {

   public:

      /**

      */

      TLS_CBC_HMAC_AEAD_Encryption(std::unique_ptr<BlockCipher> cipher,

                                   std::unique_ptr<MessageAuthenticationCode> mac,

                                   size_t cipher_keylen,

                                   size_t mac_keylen,

                                   const Protocol_Version& version,

                                   bool use_encrypt_then_mac);


      void set_associated_data_n(size_t idx, std::span<const uint8_t> ad) override;


      size_t output_length(size_t input_length) const override;


      size_t minimum_final_size() const override { return 0; }


   private:

      void finish_msg(secure_vector<uint8_t>& final_block, size_t offset = 0) override;

      void cbc_encrypt_record(secure_vector<uint8_t>& buffer, size_t offset, size_t padding_length);

};


/**

* TLS_CBC_HMAC_AEAD Decryption

*/


class BOTAN_TEST_API TLS_CBC_HMAC_AEAD_Decryption final : public TLS_CBC_HMAC_AEAD_Mode {

   public:

      /**

      */

      TLS_CBC_HMAC_AEAD_Decryption(std::unique_ptr<BlockCipher> cipher,

                                   std::unique_ptr<MessageAuthenticationCode> mac,

                                   size_t cipher_keylen,

                                   size_t mac_keylen,

                                   const Protocol_Version& version,

                                   bool use_encrypt_then_mac);


      size_t output_length(size_t input_length) const override;


      size_t minimum_final_size() const override { return tag_size(); }


   private:

      void finish_msg(secure_vector<uint8_t>& final_block, size_t offset = 0) override;


      void cbc_decrypt_record(uint8_t record_contents[], size_t record_len);


      void perform_additional_compressions(size_t plen, size_t padlen);

};


/**

* Check the TLS padding of a record

* @param record the record bits

* @param record_len length of record

* @return 0 if padding is invalid, otherwise padding_bytes + 1

*/

BOTAN_TEST_API uint16_t check_tls_cbc_padding(const uint8_t record[], size_t record_len);


}  // namespace Botan::TLS


#endif

BOTAN_TEST_API
#define BOTAN_TEST_API
Definition api.h:41

Botan::AEAD_Mode
Definition aead.h:24

Botan::BlockCipher
Definition block_cipher.h:22

Botan::Cipher_Mode
Definition cipher_mode.h:36

Botan::Key_Length_Specification
Definition sym_algo.h:22

Botan::MessageAuthenticationCode
Definition mac.h:23

Botan::TLS::Protocol_Version
Definition tls_version.h:34

Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption::TLS_CBC_HMAC_AEAD_Decryption
TLS_CBC_HMAC_AEAD_Decryption(std::unique_ptr< BlockCipher > cipher, std::unique_ptr< MessageAuthenticationCode > mac, size_t cipher_keylen, size_t mac_keylen, const Protocol_Version &version, bool use_encrypt_then_mac)
Definition tls_cbc.cpp:282

Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption::minimum_final_size
size_t minimum_final_size() const override
Definition tls_cbc.h:159

Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption::output_length
size_t output_length(size_t input_length) const override
Definition tls_cbc.cpp:307

Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::set_associated_data_n
void set_associated_data_n(size_t idx, std::span< const uint8_t > ad) override
Definition tls_cbc.cpp:155

Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::minimum_final_size
size_t minimum_final_size() const override
Definition tls_cbc.h:136

Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::output_length
size_t output_length(size_t input_length) const override
Definition tls_cbc.cpp:199

Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::TLS_CBC_HMAC_AEAD_Encryption
TLS_CBC_HMAC_AEAD_Encryption(std::unique_ptr< BlockCipher > cipher, std::unique_ptr< MessageAuthenticationCode > mac, size_t cipher_keylen, size_t mac_keylen, const Protocol_Version &version, bool use_encrypt_then_mac)
Definition tls_cbc.cpp:141

Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::update_granularity
size_t update_granularity() const final
Definition tls_cbc.cpp:74

Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::set_associated_data_n
void set_associated_data_n(size_t idx, std::span< const uint8_t > ad) override
Definition tls_cbc.cpp:133

Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::block_size
size_t block_size() const
Definition tls_cbc.h:76

Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::cbc_state
secure_vector< uint8_t > & cbc_state()
Definition tls_cbc.h:86

Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::mac_keylen
size_t mac_keylen() const
Definition tls_cbc.h:72

Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::key_spec
Key_Length_Specification key_spec() const final
Definition tls_cbc.cpp:89

Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::default_nonce_length
size_t default_nonce_length() const final
Definition tls_cbc.h:45

Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::ideal_granularity
size_t ideal_granularity() const final
Definition tls_cbc.cpp:78

Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::name
std::string name() const final
Definition tls_cbc.cpp:70

Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::use_encrypt_then_mac
bool use_encrypt_then_mac() const
Definition tls_cbc.h:78

Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::is_datagram_protocol
bool is_datagram_protocol() const
Definition tls_cbc.h:80

Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::assoc_data
std::vector< uint8_t > & assoc_data()
Definition tls_cbc.h:88

Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::msg
secure_vector< uint8_t > & msg()
Definition tls_cbc.h:90

Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::cipher_keylen
size_t cipher_keylen() const
Definition tls_cbc.h:70

Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::TLS_CBC_HMAC_AEAD_Mode
TLS_CBC_HMAC_AEAD_Mode(const TLS_CBC_HMAC_AEAD_Mode &other)=delete

Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::mac
MessageAuthenticationCode & mac() const
Definition tls_cbc.h:84

Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::cbc
Cipher_Mode & cbc() const
Definition tls_cbc.h:82

Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::iv_size
size_t iv_size() const
Definition tls_cbc.h:74

Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::tag_size
size_t tag_size() const final
Definition tls_cbc.h:43

Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::valid_nonce_length
bool valid_nonce_length(size_t nl) const final
Definition tls_cbc.cpp:82

Botan::TLS
Definition asio_context.cpp:18

Botan::TLS::check_tls_cbc_padding
uint16_t check_tls_cbc_padding(const uint8_t record[], size_t record_len)
Definition tls_cbc.cpp:254

Botan
Definition alg_id.cpp:13

Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:68

Botan::Cipher_Dir
Cipher_Dir
Definition cipher_mode.h:25