9#include <botan/dlies.h>
18 size_t mac_key_length) :
19 DLIES_Encryptor(own_priv_key, rng, kdf, nullptr, 0, mac, mac_key_length)
27 size_t cipher_key_len,
29 size_t mac_key_length) :
31 m_own_pub_key(own_priv_key.public_value()),
32 m_ka(own_priv_key, rng,
"Raw"),
35 m_cipher_key_len(cipher_key_len),
37 m_mac_keylen(mac_key_length),
44std::vector<uint8_t> DLIES_Encryptor::enc(
const uint8_t in[],
size_t length,
47 if(m_other_pub_key.empty())
56 const size_t required_key_length = m_cipher ? m_cipher_key_len + m_mac_keylen : length + m_mac_keylen;
57 const secure_vector<uint8_t> secret_keys = m_kdf->derive_key(required_key_length, secret_value.bits_of());
59 if(secret_keys.size() != required_key_length)
61 throw Encoding_Error(
"DLIES: KDF did not provide sufficient output");
64 secure_vector<uint8_t> ciphertext(in, in + length);
65 const size_t cipher_key_len = m_cipher ? m_cipher_key_len : length;
69 SymmetricKey enc_key(secret_keys.data(), cipher_key_len);
70 m_cipher->set_key(enc_key);
72 if(m_iv.
size() == 0 && !m_cipher->valid_nonce_length(m_iv.
size()))
73 throw Invalid_Argument(
"DLIES with " + m_cipher->name() +
" requires an IV be set");
74 m_cipher->start(m_iv.
bits_of());
75 m_cipher->finish(ciphertext);
79 xor_buf(ciphertext, secret_keys, cipher_key_len);
83 m_mac->set_key(secret_keys.data() + cipher_key_len, m_mac_keylen);
84 secure_vector<uint8_t> tag = m_mac->process(ciphertext);
87 secure_vector<uint8_t> out(m_own_pub_key.size() + ciphertext.size() + tag.size());
90 buffer_insert(out, 0 + m_own_pub_key.size() + ciphertext.size(), tag);
100size_t DLIES_Encryptor::maximum_input_size()
const
105size_t DLIES_Encryptor::ciphertext_length(
size_t ptext_len)
const
107 return m_own_pub_key.size() + m_mac->output_length() + m_cipher->output_length(ptext_len);
114 size_t cipher_key_len,
116 size_t mac_key_length) :
117 m_pub_key_size(own_priv_key.public_value().size()),
118 m_ka(own_priv_key, rng,
"Raw"),
121 m_cipher_key_len(cipher_key_len),
123 m_mac_keylen(mac_key_length),
134 size_t mac_key_length) :
135 DLIES_Decryptor(own_priv_key, rng, kdf, nullptr, 0, mac, mac_key_length)
138size_t DLIES_Decryptor::plaintext_length(
size_t ctext_len)
const
140 if(ctext_len < m_pub_key_size + m_mac->output_length())
143 return ctext_len - (m_pub_key_size + m_mac->output_length());
146secure_vector<uint8_t> DLIES_Decryptor::do_decrypt(uint8_t& valid_mask,
147 const uint8_t msg[],
size_t length)
const
149 if(length < m_pub_key_size + m_mac->output_length())
151 throw Decoding_Error(
"DLIES decryption: ciphertext is too short");
155 std::vector<uint8_t> other_pub_key(msg, msg + m_pub_key_size);
158 const size_t ciphertext_len = length - m_pub_key_size - m_mac->output_length();
159 size_t cipher_key_len = m_cipher ? m_cipher_key_len : ciphertext_len;
162 const size_t required_key_length = cipher_key_len + m_mac_keylen;
163 secure_vector<uint8_t> secret_keys = m_kdf->derive_key(required_key_length, secret_value.bits_of());
165 if(secret_keys.size() != required_key_length)
167 throw Encoding_Error(
"DLIES: KDF did not provide sufficient output");
170 secure_vector<uint8_t> ciphertext(msg + m_pub_key_size, msg + m_pub_key_size + ciphertext_len);
173 m_mac->set_key(secret_keys.data() + cipher_key_len, m_mac_keylen);
174 secure_vector<uint8_t> calculated_tag = m_mac->process(ciphertext);
177 secure_vector<uint8_t> tag(msg + m_pub_key_size + ciphertext_len,
178 msg + m_pub_key_size + ciphertext_len + m_mac->output_length());
180 valid_mask =
ct_compare_u8(tag.data(), calculated_tag.data(), tag.size());
187 SymmetricKey dec_key(secret_keys.data(), cipher_key_len);
188 m_cipher->set_key(dec_key);
195 if(m_iv.
size() == 0 && !m_cipher->valid_nonce_length(m_iv.
size()))
196 throw Invalid_Argument(
"DLIES with " + m_cipher->name() +
" requires an IV be set");
197 m_cipher->start(m_iv.
bits_of());
198 m_cipher->finish(ciphertext);
208 return secure_vector<uint8_t>();
213 xor_buf(ciphertext, secret_keys.data(), cipher_key_len);
#define BOTAN_ASSERT_NONNULL(ptr)
DLIES_Decryptor(const DH_PrivateKey &own_priv_key, RandomNumberGenerator &rng, KDF *kdf, MessageAuthenticationCode *mac, size_t mac_key_len=20)
DLIES_Encryptor(const DH_PrivateKey &own_priv_key, RandomNumberGenerator &rng, KDF *kdf, MessageAuthenticationCode *mac, size_t mac_key_len=20)
secure_vector< uint8_t > bits_of() const
SymmetricKey derive_key(size_t key_len, const uint8_t in[], size_t in_len, const uint8_t params[], size_t params_len) const
size_t buffer_insert(std::vector< T, Alloc > &buf, size_t buf_offset, const T input[], size_t input_length)
std::vector< T > unlock(const secure_vector< T > &in)
uint8_t ct_compare_u8(const uint8_t x[], const uint8_t y[], size_t len)
void xor_buf(uint8_t out[], const uint8_t in[], size_t length)