9 #include <botan/dlies.h>
10 #include <botan/internal/ct_utils.h>
18 size_t mac_key_length) :
19 DLIES_Encryptor(own_priv_key, rng, kdf, nullptr, 0, mac, mac_key_length)
27 size_t cipher_key_len,
29 size_t mac_key_length) :
31 m_own_pub_key(own_priv_key.public_value()),
32 m_ka(own_priv_key, rng,
"Raw"),
35 m_cipher_key_len(cipher_key_len),
37 m_mac_keylen(mac_key_length),
44 std::vector<uint8_t> DLIES_Encryptor::enc(
const uint8_t in[],
size_t length,
47 if(m_other_pub_key.empty())
56 const size_t required_key_length = m_cipher ? m_cipher_key_len + m_mac_keylen : length + m_mac_keylen;
57 const secure_vector<uint8_t> secret_keys = m_kdf->derive_key(required_key_length, secret_value.bits_of());
59 if(secret_keys.size() != required_key_length)
61 throw Encoding_Error(
"DLIES: KDF did not provide sufficient output");
64 secure_vector<uint8_t> ciphertext(in, in + length);
65 const size_t cipher_key_len = m_cipher ? m_cipher_key_len : length;
69 SymmetricKey enc_key(secret_keys.data(), cipher_key_len);
70 m_cipher->set_key(enc_key);
74 m_cipher->start(m_iv.
bits_of());
77 m_cipher->finish(ciphertext);
81 xor_buf(ciphertext, secret_keys, cipher_key_len);
85 m_mac->set_key(secret_keys.data() + cipher_key_len, m_mac_keylen);
86 secure_vector<uint8_t> tag = m_mac->process(ciphertext);
89 secure_vector<uint8_t> out(m_own_pub_key.size() + ciphertext.size() + tag.size());
92 buffer_insert(out, 0 + m_own_pub_key.size() + ciphertext.size(), tag);
101 size_t DLIES_Encryptor::maximum_input_size()
const
111 throw Not_Implemented(
"Not implemented for XOR encryption mode");
119 size_t cipher_key_len,
121 size_t mac_key_length) :
122 m_pub_key_size(own_priv_key.public_value().size()),
123 m_ka(own_priv_key, rng,
"Raw"),
126 m_cipher_key_len(cipher_key_len),
128 m_mac_keylen(mac_key_length),
139 size_t mac_key_length) :
140 DLIES_Decryptor(own_priv_key, rng, kdf, nullptr, 0, mac, mac_key_length)
144 const uint8_t msg[],
size_t length)
const
146 if(length < m_pub_key_size + m_mac->output_length())
148 throw Decoding_Error(
"DLIES decryption: ciphertext is too short");
152 std::vector<uint8_t> other_pub_key(msg, msg + m_pub_key_size);
155 const size_t ciphertext_len = length - m_pub_key_size - m_mac->output_length();
156 size_t cipher_key_len = m_cipher ? m_cipher_key_len : ciphertext_len;
159 const size_t required_key_length = cipher_key_len + m_mac_keylen;
160 secure_vector<uint8_t> secret_keys = m_kdf->derive_key(required_key_length, secret_value.bits_of());
162 if(secret_keys.size() != required_key_length)
164 throw Encoding_Error(
"DLIES: KDF did not provide sufficient output");
167 secure_vector<uint8_t> ciphertext(msg + m_pub_key_size, msg + m_pub_key_size + ciphertext_len);
170 m_mac->set_key(secret_keys.data() + cipher_key_len, m_mac_keylen);
171 secure_vector<uint8_t> calculated_tag = m_mac->process(ciphertext);
174 secure_vector<uint8_t> tag(msg + m_pub_key_size + ciphertext_len,
175 msg + m_pub_key_size + ciphertext_len + m_mac->output_length());
177 valid_mask = CT::expand_mask<uint8_t>(
same_mem(tag.data(), calculated_tag.data(), tag.size()));
184 SymmetricKey dec_key(secret_keys.data(), cipher_key_len);
185 m_cipher->set_key(dec_key);
194 m_cipher->start(m_iv.
bits_of());
197 m_cipher->finish(ciphertext);
207 return secure_vector<uint8_t>();
212 xor_buf(ciphertext, secret_keys.data(), cipher_key_len);
void xor_buf(T out[], const T in[], size_t length)
secure_vector< uint8_t > bits_of() const
bool same_mem(const T *p1, const T *p2, size_t n)
std::unique_ptr< MessageAuthenticationCode > m_mac
SymmetricKey derive_key(size_t key_len, const uint8_t in[], size_t in_len, const uint8_t params[], size_t params_len) const
DLIES_Decryptor(const DH_PrivateKey &own_priv_key, RandomNumberGenerator &rng, KDF *kdf, MessageAuthenticationCode *mac, size_t mac_key_len=20)
std::vector< T, secure_allocator< T >> secure_vector
#define BOTAN_ASSERT_NONNULL(ptr)
std::vector< T > unlock(const secure_vector< T > &in)
size_t buffer_insert(std::vector< T, Alloc > &buf, size_t buf_offset, const T input[], size_t input_length)
DLIES_Encryptor(const DH_PrivateKey &own_priv_key, RandomNumberGenerator &rng, KDF *kdf, MessageAuthenticationCode *mac, size_t mac_key_len=20)