Botan 2.19.3
Crypto and TLS for C&
tls_cbc.h
Go to the documentation of this file.
1/*
2* TLS CBC+HMAC AEAD
3* (C) 2016 Jack Lloyd
4* (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#ifndef BOTAN_TLS_CBC_HMAC_AEAD_H_
10#define BOTAN_TLS_CBC_HMAC_AEAD_H_
11
12#include <botan/aead.h>
13#include <botan/block_cipher.h>
14#include <botan/mac.h>
15#include <botan/tls_version.h>
16
17namespace Botan {
18
19namespace TLS {
20
21/**
22* TLS CBC+HMAC AEAD base class (GenericBlockCipher in TLS spec)
23* This is the weird TLS-specific mode, not for general consumption.
24*/
26 {
27 public:
28 size_t process(uint8_t buf[], size_t sz) override final;
29
30 std::string name() const override final;
31
32 void set_associated_data(const uint8_t ad[], size_t ad_len) override;
33
34 size_t update_granularity() const override final;
35
36 Key_Length_Specification key_spec() const override final;
37
38 bool valid_nonce_length(size_t nl) const override final;
39
40 size_t tag_size() const override final { return m_tag_size; }
41
42 size_t default_nonce_length() const override final { return m_iv_size; }
43
44 void clear() override final;
45
46 void reset() override final;
47
48 protected:
50 std::unique_ptr<BlockCipher> cipher,
51 std::unique_ptr<MessageAuthenticationCode> mac,
52 size_t cipher_keylen,
53 size_t mac_keylen,
54 Protocol_Version version,
55 bool use_encrypt_then_mac);
56
57 size_t cipher_keylen() const { return m_cipher_keylen; }
58 size_t mac_keylen() const { return m_mac_keylen; }
59 size_t iv_size() const { return m_iv_size; }
60 size_t block_size() const { return m_block_size; }
61
62 bool use_encrypt_then_mac() const { return m_use_encrypt_then_mac; }
63
64 bool is_datagram_protocol() const { return m_is_datagram; }
65
66 Cipher_Mode& cbc() const { return *m_cbc; }
67
69 {
71 return *m_mac;
72 }
73
74 secure_vector<uint8_t>& cbc_state() { return m_cbc_state; }
75 std::vector<uint8_t>& assoc_data() { return m_ad; }
76 secure_vector<uint8_t>& msg() { return m_msg; }
77
78 std::vector<uint8_t> assoc_data_with_len(uint16_t len);
79
80 private:
81 void start_msg(const uint8_t nonce[], size_t nonce_len) override final;
82
83 void key_schedule(const uint8_t key[], size_t length) override final;
84
85 const std::string m_cipher_name;
86 const std::string m_mac_name;
87 size_t m_cipher_keylen;
88 size_t m_mac_keylen;
89 size_t m_iv_size;
90 size_t m_tag_size;
91 size_t m_block_size;
92 bool m_use_encrypt_then_mac;
93 bool m_is_datagram;
94
95 std::unique_ptr<Cipher_Mode> m_cbc;
96 std::unique_ptr<MessageAuthenticationCode> m_mac;
97
98 secure_vector<uint8_t> m_cbc_state;
99 std::vector<uint8_t> m_ad;
101 };
102
103/**
104* TLS_CBC_HMAC_AEAD Encryption
105*/
107 {
108 public:
109 /**
110 */
112 std::unique_ptr<BlockCipher> cipher,
113 std::unique_ptr<MessageAuthenticationCode> mac,
114 const size_t cipher_keylen,
115 const size_t mac_keylen,
116 const Protocol_Version version,
117 bool use_encrypt_then_mac) :
119 std::move(cipher),
120 std::move(mac),
121 cipher_keylen,
122 mac_keylen,
123 version,
124 use_encrypt_then_mac)
125 {}
126
127 void set_associated_data(const uint8_t ad[], size_t ad_len) override;
128
129 size_t output_length(size_t input_length) const override;
130
131 size_t minimum_final_size() const override { return 0; }
132
133 void finish(secure_vector<uint8_t>& final_block, size_t offset = 0) override;
134 private:
135 void cbc_encrypt_record(secure_vector<uint8_t>& buffer, size_t offset,
136 size_t padding_length);
137 };
138
139/**
140* TLS_CBC_HMAC_AEAD Decryption
141*/
143 {
144 public:
145 /**
146 */
147 TLS_CBC_HMAC_AEAD_Decryption(std::unique_ptr<BlockCipher> cipher,
148 std::unique_ptr<MessageAuthenticationCode> mac,
149 const size_t cipher_keylen,
150 const size_t mac_keylen,
151 const Protocol_Version version,
152 bool use_encrypt_then_mac) :
154 std::move(cipher),
155 std::move(mac),
156 cipher_keylen,
157 mac_keylen,
158 version,
159 use_encrypt_then_mac)
160 {}
161
162 size_t output_length(size_t input_length) const override;
163
164 size_t minimum_final_size() const override { return tag_size(); }
165
166 void finish(secure_vector<uint8_t>& final_block, size_t offset = 0) override;
167
168 private:
169 void cbc_decrypt_record(uint8_t record_contents[], size_t record_len);
170
171 void perform_additional_compressions(size_t plen, size_t padlen);
172 };
173
174/**
175* Check the TLS padding of a record
176* @param record the record bits
177* @param record_len length of record
178* @return 0 if padding is invalid, otherwise padding_bytes + 1
179*/
180BOTAN_TEST_API uint16_t check_tls_cbc_padding(const uint8_t record[], size_t record_len);
181
182}
183
184}
185
186#endif
#define BOTAN_ASSERT_NONNULL(ptr)
Definition assert.h:107
TLS_CBC_HMAC_AEAD_Decryption(std::unique_ptr< BlockCipher > cipher, std::unique_ptr< MessageAuthenticationCode > mac, const size_t cipher_keylen, const size_t mac_keylen, const Protocol_Version version, bool use_encrypt_then_mac)
Definition tls_cbc.h:147
size_t minimum_final_size() const override
Definition tls_cbc.h:164
TLS_CBC_HMAC_AEAD_Encryption(std::unique_ptr< BlockCipher > cipher, std::unique_ptr< MessageAuthenticationCode > mac, const size_t cipher_keylen, const size_t mac_keylen, const Protocol_Version version, bool use_encrypt_then_mac)
Definition tls_cbc.h:111
size_t minimum_final_size() const override
Definition tls_cbc.h:131
secure_vector< uint8_t > & cbc_state()
Definition tls_cbc.h:74
std::vector< uint8_t > & assoc_data()
Definition tls_cbc.h:75
secure_vector< uint8_t > & msg()
Definition tls_cbc.h:76
size_t tag_size() const override final
Definition tls_cbc.h:40
MessageAuthenticationCode & mac() const
Definition tls_cbc.h:68
Cipher_Mode & cbc() const
Definition tls_cbc.h:66
size_t default_nonce_length() const override final
Definition tls_cbc.h:42
std::string m_cipher_name
std::string name
int(* final)(unsigned char *, CTX *)
#define BOTAN_TEST_API
Definition compiler.h:51
uint16_t check_tls_cbc_padding(const uint8_t record[], size_t record_len)
Definition tls_cbc.cpp:243
@ DECRYPTION
Definition cipher_mode.h:23
@ ENCRYPTION
Definition cipher_mode.h:23
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:65
Definition bigint.h:1143