Botan  2.1.0
Crypto and TLS for C++11
Public Member Functions | Protected Attributes | List of all members
Botan::OCB_Decryption Class Referencefinal

#include <ocb.h>

Inheritance diagram for Botan::OCB_Decryption:
Botan::OCB_Mode Botan::AEAD_Mode Botan::Cipher_Mode

Public Member Functions

bool authenticated () const override
 
void clear () override
 
size_t default_nonce_length () const override
 
void finish (secure_vector< uint8_t > &final_block, size_t offset=0) override
 
Key_Length_Specification key_spec () const override
 
size_t minimum_final_size () const override
 
std::string name () const override
 
 OCB_Decryption (BlockCipher *cipher, size_t tag_size=16)
 
size_t output_length (size_t input_length) const override
 
size_t process (uint8_t buf[], size_t size) override
 
virtual std::string provider () const
 
void reset () override
 
template<typename Alloc >
void set_ad (const std::vector< uint8_t, Alloc > &ad)
 
void set_associated_data (const uint8_t ad[], size_t ad_len) override
 
template<typename Alloc >
void set_associated_data_vec (const std::vector< uint8_t, Alloc > &ad)
 
template<typename Alloc >
void set_key (const std::vector< uint8_t, Alloc > &key)
 
void set_key (const SymmetricKey &key)
 
void set_key (const uint8_t key[], size_t length)
 
template<typename Alloc >
void start (const std::vector< uint8_t, Alloc > &nonce)
 
void start (const uint8_t nonce[], size_t nonce_len)
 
void start ()
 
size_t tag_size () const override
 
void update (secure_vector< uint8_t > &buffer, size_t offset=0)
 
size_t update_granularity () const override
 
bool valid_keylength (size_t length) const
 
bool valid_nonce_length (size_t) const override
 

Protected Attributes

secure_vector< uint8_t > m_ad_hash
 
size_t m_block_index = 0
 
secure_vector< uint8_t > m_checksum
 
std::unique_ptr< BlockCipherm_cipher
 
std::unique_ptr< L_computer > m_L
 
secure_vector< uint8_t > m_offset
 

Detailed Description

Definition at line 98 of file ocb.h.

Constructor & Destructor Documentation

Botan::OCB_Decryption::OCB_Decryption ( BlockCipher cipher,
size_t  tag_size = 16 
)
inline
Parameters
cipherthe 128-bit block cipher to use
tag_sizeis how big the auth tag will be

Definition at line 105 of file ocb.h.

105  :
106  OCB_Mode(cipher, tag_size) {}
size_t tag_size() const override
Definition: ocb.h:41
OCB_Mode(BlockCipher *cipher, size_t tag_size)
Definition: ocb.cpp:115

Member Function Documentation

bool Botan::AEAD_Mode::authenticated ( ) const
inlineoverridevirtualinherited
Returns
true iff this mode provides authentication as well as confidentiality.

Reimplemented from Botan::Cipher_Mode.

Definition at line 25 of file aead.h.

25 { return true; }
void Botan::OCB_Mode::clear ( )
overridevirtualinherited

Zeroise all state See also reset_msg()

Implements Botan::Cipher_Mode.

Definition at line 131 of file ocb.cpp.

References Botan::OCB_Mode::m_cipher, Botan::OCB_Mode::m_L, and Botan::OCB_Mode::reset().

132  {
133  m_cipher->clear();
134  m_L.reset(); // add clear here?
135  reset();
136  }
std::unique_ptr< BlockCipher > m_cipher
Definition: ocb.h:56
void reset() override
Definition: ocb.cpp:138
std::unique_ptr< L_computer > m_L
Definition: ocb.h:57
size_t Botan::AEAD_Mode::default_nonce_length ( ) const
inlineoverridevirtualinherited
Returns
default AEAD nonce size (a commonly supported value among AEAD modes, and large enough that random collisions are unlikely)

Implements Botan::Cipher_Mode.

Reimplemented in Botan::TLS::TLS_CBC_HMAC_AEAD_Mode, and Botan::CCM_Mode.

Definition at line 75 of file aead.h.

75 { return 12; }
void Botan::OCB_Decryption::finish ( secure_vector< uint8_t > &  final_block,
size_t  offset = 0 
)
overridevirtual

Complete processing of a message.

Parameters
final_blockin/out parameter which must be at least minimum_final_size() bytes, and will be set to any final output
offsetan offset into final_block to begin processing

Implements Botan::Cipher_Mode.

Definition at line 350 of file ocb.cpp.

References BOTAN_ASSERT, Botan::OCB_Mode::m_ad_hash, Botan::OCB_Mode::m_block_index, Botan::OCB_Mode::m_checksum, Botan::OCB_Mode::m_cipher, Botan::OCB_Mode::m_L, Botan::OCB_Mode::m_offset, Botan::same_mem(), Botan::OCB_Mode::tag_size(), Botan::xor_buf(), and Botan::zeroise().

351  {
352  BOTAN_ASSERT(buffer.size() >= offset, "Offset is sane");
353  const size_t sz = buffer.size() - offset;
354  uint8_t* buf = buffer.data() + offset;
355 
356  BOTAN_ASSERT(sz >= tag_size(), "We have the tag");
357 
358  const size_t remaining = sz - tag_size();
359 
360  if(remaining)
361  {
362  const size_t final_full_blocks = remaining / 16;
363  const size_t final_bytes = remaining - (final_full_blocks * 16);
364 
365  decrypt(buf, final_full_blocks);
366 
367  if(final_bytes)
368  {
369  BOTAN_ASSERT(final_bytes < 16, "Only a partial block left");
370 
371  uint8_t* remainder = &buf[remaining - final_bytes];
372 
373  m_offset ^= m_L->star(); // Offset_*
374 
375  secure_vector<uint8_t> pad(16);
376  m_cipher->encrypt(m_offset, pad); // P_*
377 
378  xor_buf(remainder, pad.data(), final_bytes);
379 
380  xor_buf(m_checksum.data(), remainder, final_bytes);
381  m_checksum[final_bytes] ^= 0x80;
382  }
383  }
384 
385  secure_vector<uint8_t> checksum(16);
386 
387  // fold checksum
388  for(size_t i = 0; i != m_checksum.size(); ++i)
389  checksum[i % checksum.size()] ^= m_checksum[i];
390 
391  // compute the mac
392  secure_vector<uint8_t> mac = m_offset;
393  mac ^= checksum;
394  mac ^= m_L->dollar();
395 
396  m_cipher->encrypt(mac);
397 
398  mac ^= m_ad_hash;
399 
400  // reset state
402  zeroise(m_offset);
403  m_block_index = 0;
404 
405  // compare mac
406  const uint8_t* included_tag = &buf[remaining];
407 
408  if(!same_mem(mac.data(), included_tag, tag_size()))
409  throw Integrity_Failure("OCB tag check failed");
410 
411  // remove tag from end of message
412  buffer.resize(remaining + offset);
413  }
void xor_buf(T out[], const T in[], size_t length)
Definition: mem_ops.h:115
std::unique_ptr< BlockCipher > m_cipher
Definition: ocb.h:56
bool same_mem(const T *p1, const T *p2, size_t n)
Definition: mem_ops.h:98
size_t tag_size() const override
Definition: ocb.h:41
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
std::unique_ptr< L_computer > m_L
Definition: ocb.h:57
secure_vector< uint8_t > m_ad_hash
Definition: ocb.h:63
secure_vector< uint8_t > m_checksum
Definition: ocb.h:61
size_t m_block_index
Definition: ocb.h:59
secure_vector< uint8_t > m_offset
Definition: ocb.h:62
void zeroise(std::vector< T, Alloc > &vec)
Definition: secmem.h:211
Key_Length_Specification Botan::OCB_Mode::key_spec ( ) const
overridevirtualinherited
Returns
object describing limits on key size

Implements Botan::Cipher_Mode.

Definition at line 163 of file ocb.cpp.

References Botan::OCB_Mode::m_cipher.

164  {
165  return m_cipher->key_spec();
166  }
std::unique_ptr< BlockCipher > m_cipher
Definition: ocb.h:56
size_t Botan::OCB_Decryption::minimum_final_size ( ) const
inlineoverridevirtual
Returns
required minimium size to finalize() - may be any length larger than this.

Implements Botan::Cipher_Mode.

Definition at line 114 of file ocb.h.

114 { return tag_size(); }
size_t tag_size() const override
Definition: ocb.h:41
std::string Botan::OCB_Mode::name ( ) const
overridevirtualinherited

Implements Botan::Cipher_Mode.

Definition at line 153 of file ocb.cpp.

References Botan::OCB_Mode::m_cipher.

154  {
155  return m_cipher->name() + "/OCB"; // include tag size
156  }
std::unique_ptr< BlockCipher > m_cipher
Definition: ocb.h:56
size_t Botan::OCB_Decryption::output_length ( size_t  input_length) const
inlineoverridevirtual

Returns the size of the output if this transform is used to process a message with input_length bytes. Will throw if unable to give a precise answer.

Implements Botan::Cipher_Mode.

Definition at line 108 of file ocb.h.

References BOTAN_ASSERT.

109  {
110  BOTAN_ASSERT(input_length >= tag_size(), "Sufficient input");
111  return input_length - tag_size();
112  }
size_t tag_size() const override
Definition: ocb.h:41
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
size_t Botan::OCB_Decryption::process ( uint8_t  msg[],
size_t  msg_len 
)
overridevirtual

Process message blocks

Input must be a multiple of update_granularity

Processes msg in place and returns bytes written. Normally this will be either msg_len (indicating the entire message was processed) or for certain AEAD modes zero (indicating that the mode requires the entire message be processed in one pass).

Parameters
msgthe message to be processed
msg_lenlength of the message in bytes

Implements Botan::Cipher_Mode.

Definition at line 343 of file ocb.cpp.

References BOTAN_ASSERT.

344  {
345  BOTAN_ASSERT(sz % 16 == 0, "Invalid OCB input size");
346  decrypt(buf, sz / 16);
347  return sz;
348  }
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
virtual std::string Botan::Cipher_Mode::provider ( ) const
inlinevirtualinherited
Returns
provider information about this implementation. Default is "base", might also return "sse2", "avx2", "openssl", or some other arbitrary string.

Reimplemented in Botan::GCM_Mode.

Definition at line 202 of file cipher_mode.h.

202 { return "base"; }
void Botan::OCB_Mode::reset ( )
overridevirtualinherited

Resets just the message specific state and allows encrypting again under the existing key

Implements Botan::Cipher_Mode.

Definition at line 138 of file ocb.cpp.

References Botan::OCB_Mode::m_ad_hash, Botan::OCB_Mode::m_block_index, Botan::OCB_Mode::m_checksum, Botan::OCB_Mode::m_offset, and Botan::zeroise().

Referenced by Botan::OCB_Mode::clear().

139  {
140  m_block_index = 0;
142  zeroise(m_offset);
144  m_last_nonce.clear();
145  m_stretch.clear();
146  }
secure_vector< uint8_t > m_ad_hash
Definition: ocb.h:63
secure_vector< uint8_t > m_checksum
Definition: ocb.h:61
size_t m_block_index
Definition: ocb.h:59
secure_vector< uint8_t > m_offset
Definition: ocb.h:62
void zeroise(std::vector< T, Alloc > &vec)
Definition: secmem.h:211
template<typename Alloc >
void Botan::AEAD_Mode::set_ad ( const std::vector< uint8_t, Alloc > &  ad)
inlineinherited

Set associated data that is not included in the ciphertext but that should be authenticated. Must be called after set_key and before start.

See set_associated_data().

Parameters
adthe associated data

Definition at line 66 of file aead.h.

Referenced by Botan::TLS::write_record().

67  {
68  set_associated_data(ad.data(), ad.size());
69  }
virtual void set_associated_data(const uint8_t ad[], size_t ad_len)=0
void Botan::OCB_Mode::set_associated_data ( const uint8_t  ad[],
size_t  ad_len 
)
overridevirtualinherited

Set associated data that is not included in the ciphertext but that should be authenticated. Must be called after set_key and before start.

Unless reset by another call, the associated data is kept between messages. Thus, if the AD does not change, calling once (after set_key) is the optimum.

Parameters
adthe associated data
ad_lenlength of add in bytes

Implements Botan::AEAD_Mode.

Definition at line 174 of file ocb.cpp.

References BOTAN_ASSERT, Botan::OCB_Mode::m_ad_hash, Botan::OCB_Mode::m_cipher, and Botan::OCB_Mode::m_L.

175  {
176  BOTAN_ASSERT(m_L, "A key was set");
177  m_ad_hash = ocb_hash(*m_L, *m_cipher, ad, ad_len);
178  }
std::unique_ptr< BlockCipher > m_cipher
Definition: ocb.h:56
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
std::unique_ptr< L_computer > m_L
Definition: ocb.h:57
secure_vector< uint8_t > m_ad_hash
Definition: ocb.h:63
template<typename Alloc >
void Botan::AEAD_Mode::set_associated_data_vec ( const std::vector< uint8_t, Alloc > &  ad)
inlineinherited

Set associated data that is not included in the ciphertext but that should be authenticated. Must be called after set_key and before start.

See set_associated_data().

Parameters
adthe associated data

Definition at line 51 of file aead.h.

52  {
53  set_associated_data(ad.data(), ad.size());
54  }
virtual void set_associated_data(const uint8_t ad[], size_t ad_len)=0
template<typename Alloc >
void Botan::Cipher_Mode::set_key ( const std::vector< uint8_t, Alloc > &  key)
inlineinherited

Set the symmetric key of this transform

Parameters
keycontains the key material

Definition at line 172 of file cipher_mode.h.

Referenced by botan_cipher_set_key().

173  {
174  set_key(key.data(), key.size());
175  }
void set_key(const std::vector< uint8_t, Alloc > &key)
Definition: cipher_mode.h:172
void Botan::Cipher_Mode::set_key ( const SymmetricKey key)
inlineinherited

Set the symmetric key of this transform

Parameters
keycontains the key material

Definition at line 181 of file cipher_mode.h.

References Botan::OctetString::begin(), and Botan::OctetString::length().

182  {
183  set_key(key.begin(), key.length());
184  }
void set_key(const std::vector< uint8_t, Alloc > &key)
Definition: cipher_mode.h:172
void Botan::Cipher_Mode::set_key ( const uint8_t  key[],
size_t  length 
)
inlineinherited

Set the symmetric key of this transform

Parameters
keycontains the key material
lengthin bytes of key param

Definition at line 191 of file cipher_mode.h.

192  {
193  if(!valid_keylength(length))
194  throw Invalid_Key_Length(name(), length);
195  key_schedule(key, length);
196  }
virtual std::string name() const =0
bool valid_keylength(size_t length) const
Definition: cipher_mode.h:162
template<typename Alloc >
void Botan::Cipher_Mode::start ( const std::vector< uint8_t, Alloc > &  nonce)
inlineinherited

Begin processing a message.

Parameters
noncethe per message nonce

Definition at line 38 of file cipher_mode.h.

Referenced by botan_cipher_start(), and Botan::TLS::write_record().

39  {
40  start_msg(nonce.data(), nonce.size());
41  }
virtual void start_msg(const uint8_t nonce[], size_t nonce_len)=0
void Botan::Cipher_Mode::start ( const uint8_t  nonce[],
size_t  nonce_len 
)
inlineinherited

Begin processing a message.

Parameters
noncethe per message nonce
nonce_lenlength of nonce

Definition at line 48 of file cipher_mode.h.

49  {
50  start_msg(nonce, nonce_len);
51  }
virtual void start_msg(const uint8_t nonce[], size_t nonce_len)=0
void Botan::Cipher_Mode::start ( )
inlineinherited

Begin processing a message.

Definition at line 56 of file cipher_mode.h.

57  {
58  return start_msg(nullptr, 0);
59  }
virtual void start_msg(const uint8_t nonce[], size_t nonce_len)=0
size_t Botan::OCB_Mode::tag_size ( ) const
inlineoverridevirtualinherited
Returns
the size of the authentication tag used (in bytes)

Reimplemented from Botan::Cipher_Mode.

Definition at line 41 of file ocb.h.

Referenced by Botan::OCB_Encryption::finish(), and finish().

41 { return m_tag_size; }
void Botan::Cipher_Mode::update ( secure_vector< uint8_t > &  buffer,
size_t  offset = 0 
)
inlineinherited

Process some data. Input must be in size update_granularity() uint8_t blocks.

Parameters
bufferin/out parameter which will possibly be resized
offsetan offset into blocks to begin processing

Definition at line 81 of file cipher_mode.h.

References BOTAN_ASSERT.

Referenced by botan_cipher_update(), Botan::XTS_Encryption::finish(), Botan::ChaCha20Poly1305_Encryption::finish(), Botan::CBC_Encryption::finish(), Botan::CFB_Encryption::finish(), Botan::EAX_Encryption::finish(), Botan::XTS_Decryption::finish(), Botan::CFB_Decryption::finish(), Botan::CTS_Encryption::finish(), Botan::CBC_Decryption::finish(), Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::finish(), Botan::CTS_Decryption::finish(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption::finish().

82  {
83  BOTAN_ASSERT(buffer.size() >= offset, "Offset ok");
84  uint8_t* buf = buffer.data() + offset;
85  const size_t buf_size = buffer.size() - offset;
86 
87  const size_t written = process(buf, buf_size);
88  buffer.resize(offset + written);
89  }
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
virtual size_t process(uint8_t msg[], size_t msg_len)=0
size_t Botan::OCB_Mode::update_granularity ( ) const
overridevirtualinherited
Returns
size of required blocks to update

Implements Botan::Cipher_Mode.

Definition at line 158 of file ocb.cpp.

References Botan::OCB_Mode::m_cipher.

159  {
160  return m_cipher->parallel_bytes();
161  }
std::unique_ptr< BlockCipher > m_cipher
Definition: ocb.h:56
bool Botan::Cipher_Mode::valid_keylength ( size_t  length) const
inlineinherited

Check whether a given key length is valid for this algorithm.

Parameters
lengththe key length to be checked.
Returns
true if the key length is valid.

Definition at line 162 of file cipher_mode.h.

163  {
164  return key_spec().valid_keylength(length);
165  }
bool valid_keylength(size_t length) const
Definition: key_spec.h:51
virtual Key_Length_Specification key_spec() const =0
bool Botan::OCB_Mode::valid_nonce_length ( size_t  nonce_len) const
overridevirtualinherited
Returns
true iff nonce_len is a valid length for the nonce

Implements Botan::Cipher_Mode.

Definition at line 148 of file ocb.cpp.

149  {
150  return (length > 0 && length < m_cipher->block_size());
151  }

Member Data Documentation

secure_vector<uint8_t> Botan::OCB_Mode::m_ad_hash
protectedinherited
size_t Botan::OCB_Mode::m_block_index = 0
protectedinherited

Definition at line 59 of file ocb.h.

Referenced by Botan::OCB_Encryption::finish(), finish(), and Botan::OCB_Mode::reset().

secure_vector<uint8_t> Botan::OCB_Mode::m_checksum
protectedinherited

Definition at line 61 of file ocb.h.

Referenced by Botan::OCB_Encryption::finish(), finish(), and Botan::OCB_Mode::reset().

std::unique_ptr<BlockCipher> Botan::OCB_Mode::m_cipher
protectedinherited
std::unique_ptr<L_computer> Botan::OCB_Mode::m_L
protectedinherited
secure_vector<uint8_t> Botan::OCB_Mode::m_offset
protectedinherited

Definition at line 62 of file ocb.h.

Referenced by Botan::OCB_Encryption::finish(), finish(), and Botan::OCB_Mode::reset().


The documentation for this class was generated from the following files: