/src/botan/build/include/botan/cipher_mode.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Cipher Modes |
3 | | * (C) 2013,2016 Jack Lloyd |
4 | | * |
5 | | * Botan is released under the Simplified BSD License (see license.txt) |
6 | | */ |
7 | | |
8 | | #ifndef BOTAN_CIPHER_MODE_H_ |
9 | | #define BOTAN_CIPHER_MODE_H_ |
10 | | |
11 | | #include <botan/secmem.h> |
12 | | #include <botan/sym_algo.h> |
13 | | #include <botan/exceptn.h> |
14 | | #include <string> |
15 | | #include <vector> |
16 | | |
17 | | namespace Botan { |
18 | | |
19 | | /** |
20 | | * The two possible directions for cipher filters, determining whether they |
21 | | * actually perform encryption or decryption. |
22 | | */ |
23 | | enum Cipher_Dir : int { ENCRYPTION, DECRYPTION }; |
24 | | |
25 | | /** |
26 | | * Interface for cipher modes |
27 | | */ |
28 | | class BOTAN_PUBLIC_API(2,0) Cipher_Mode : public SymmetricAlgorithm |
29 | | { |
30 | | public: |
31 | | /** |
32 | | * @return list of available providers for this algorithm, empty if not available |
33 | | * @param algo_spec algorithm name |
34 | | */ |
35 | | static std::vector<std::string> providers(const std::string& algo_spec); |
36 | | |
37 | | /** |
38 | | * Create an AEAD mode |
39 | | * @param algo the algorithm to create |
40 | | * @param direction specify if this should be an encryption or decryption AEAD |
41 | | * @param provider optional specification for provider to use |
42 | | * @return an AEAD mode or a null pointer if not available |
43 | | */ |
44 | | static std::unique_ptr<Cipher_Mode> create(const std::string& algo, |
45 | | Cipher_Dir direction, |
46 | | const std::string& provider = ""); |
47 | | |
48 | | /** |
49 | | * Create an AEAD mode, or throw |
50 | | * @param algo the algorithm to create |
51 | | * @param direction specify if this should be an encryption or decryption AEAD |
52 | | * @param provider optional specification for provider to use |
53 | | * @return an AEAD mode, or throw an exception |
54 | | */ |
55 | | static std::unique_ptr<Cipher_Mode> create_or_throw(const std::string& algo, |
56 | | Cipher_Dir direction, |
57 | | const std::string& provider = ""); |
58 | | |
59 | | /* |
60 | | * Prepare for processing a message under the specified nonce |
61 | | */ |
62 | | virtual void start_msg(const uint8_t nonce[], size_t nonce_len) = 0; |
63 | | |
64 | | /** |
65 | | * Begin processing a message with a fresh nonce. |
66 | | * @param nonce the per message nonce |
67 | | */ |
68 | | template<typename Alloc> |
69 | | void start(const std::vector<uint8_t, Alloc>& nonce) |
70 | 1.26k | { |
71 | 1.26k | start_msg(nonce.data(), nonce.size()); |
72 | 1.26k | } void Botan::Cipher_Mode::start<std::__1::allocator<unsigned char> >(std::__1::vector<unsigned char, std::__1::allocator<unsigned char> > const&) Line | Count | Source | 70 | 1.02k | { | 71 | 1.02k | start_msg(nonce.data(), nonce.size()); | 72 | 1.02k | } |
void Botan::Cipher_Mode::start<Botan::secure_allocator<unsigned char> >(std::__1::vector<unsigned char, Botan::secure_allocator<unsigned char> > const&) Line | Count | Source | 70 | 242 | { | 71 | 242 | start_msg(nonce.data(), nonce.size()); | 72 | 242 | } |
|
73 | | |
74 | | /** |
75 | | * Begin processing a message with a fresh nonce. |
76 | | * @param nonce the per message nonce |
77 | | * @param nonce_len length of nonce |
78 | | */ |
79 | | void start(const uint8_t nonce[], size_t nonce_len) |
80 | 0 | { |
81 | 0 | start_msg(nonce, nonce_len); |
82 | 0 | } |
83 | | |
84 | | /** |
85 | | * Begin processing a message. |
86 | | * |
87 | | * The exact semantics of this depend on the mode. For many modes, the call |
88 | | * will fail since a nonce must be provided. |
89 | | * |
90 | | * For certain modes such as CBC this will instead cause the last |
91 | | * ciphertext block to be used as the nonce of the new message; doing this |
92 | | * isn't a good idea, but some (mostly older) protocols do this. |
93 | | */ |
94 | | void start() |
95 | 0 | { |
96 | 0 | return start_msg(nullptr, 0); |
97 | 0 | } |
98 | | |
99 | | /** |
100 | | * Process message blocks |
101 | | * |
102 | | * Input must be a multiple of update_granularity |
103 | | * |
104 | | * Processes msg in place and returns bytes written. Normally |
105 | | * this will be either msg_len (indicating the entire message was |
106 | | * processed) or for certain AEAD modes zero (indicating that the |
107 | | * mode requires the entire message be processed in one pass). |
108 | | * |
109 | | * @param msg the message to be processed |
110 | | * @param msg_len length of the message in bytes |
111 | | */ |
112 | | virtual size_t process(uint8_t msg[], size_t msg_len) = 0; |
113 | | |
114 | | /** |
115 | | * Process some data. Input must be in size update_granularity() uint8_t blocks. |
116 | | * @param buffer in/out parameter which will possibly be resized |
117 | | * @param offset an offset into blocks to begin processing |
118 | | */ |
119 | | void update(secure_vector<uint8_t>& buffer, size_t offset = 0) |
120 | 321 | { |
121 | 321 | BOTAN_ASSERT(buffer.size() >= offset, "Offset ok"); |
122 | 321 | uint8_t* buf = buffer.data() + offset; |
123 | 321 | const size_t buf_size = buffer.size() - offset; |
124 | | |
125 | 321 | const size_t written = process(buf, buf_size); |
126 | 321 | buffer.resize(offset + written); |
127 | 321 | } |
128 | | |
129 | | /** |
130 | | * Complete processing of a message. |
131 | | * |
132 | | * @param final_block in/out parameter which must be at least |
133 | | * minimum_final_size() bytes, and will be set to any final output |
134 | | * @param offset an offset into final_block to begin processing |
135 | | */ |
136 | | virtual void finish(secure_vector<uint8_t>& final_block, size_t offset = 0) = 0; |
137 | | |
138 | | /** |
139 | | * Returns the size of the output if this transform is used to process a |
140 | | * message with input_length bytes. In most cases the answer is precise. |
141 | | * If it is not possible to precise (namely for CBC decryption) instead an |
142 | | * upper bound is returned. |
143 | | */ |
144 | | virtual size_t output_length(size_t input_length) const = 0; |
145 | | |
146 | | /** |
147 | | * @return size of required blocks to update |
148 | | */ |
149 | | virtual size_t update_granularity() const = 0; |
150 | | |
151 | | /** |
152 | | * Return an ideal granularity. This will be a multiple of the result of |
153 | | * update_granularity but may be larger. If so it indicates that better |
154 | | * performance may be achieved by providing buffers that are at least that |
155 | | * size. |
156 | | */ |
157 | | virtual size_t ideal_granularity() const = 0; |
158 | | |
159 | | /** |
160 | | * Certain modes require the entire message be available before |
161 | | * any processing can occur. For such modes, input will be consumed |
162 | | * but not returned, until `finish` is called, which returns the |
163 | | * entire message. |
164 | | * |
165 | | * This function returns true if this mode has this style of |
166 | | * operation. |
167 | | */ |
168 | 0 | virtual bool requires_entire_message() const { return false; } |
169 | | |
170 | | /** |
171 | | * @return required minimium size to finalize() - may be any |
172 | | * length larger than this. |
173 | | */ |
174 | | virtual size_t minimum_final_size() const = 0; |
175 | | |
176 | | /** |
177 | | * @return the default size for a nonce |
178 | | */ |
179 | | virtual size_t default_nonce_length() const = 0; |
180 | | |
181 | | /** |
182 | | * @return true iff nonce_len is a valid length for the nonce |
183 | | */ |
184 | | virtual bool valid_nonce_length(size_t nonce_len) const = 0; |
185 | | |
186 | | /** |
187 | | * Resets just the message specific state and allows encrypting again under the existing key |
188 | | */ |
189 | | virtual void reset() = 0; |
190 | | |
191 | | /** |
192 | | * @return true iff this mode provides authentication as well as |
193 | | * confidentiality. |
194 | | */ |
195 | 0 | bool authenticated() const { return this->tag_size() > 0; } |
196 | | |
197 | | /** |
198 | | * @return the size of the authentication tag used (in bytes) |
199 | | */ |
200 | 0 | virtual size_t tag_size() const { return 0; } |
201 | | |
202 | | /** |
203 | | * @return provider information about this implementation. Default is "base", |
204 | | * might also return "sse2", "avx2", "openssl", or some other arbitrary string. |
205 | | */ |
206 | 0 | virtual std::string provider() const { return "base"; } |
207 | | }; |
208 | | |
209 | | /** |
210 | | * Get a cipher mode by name (eg "AES-128/CBC" or "Serpent/XTS") |
211 | | * @param algo_spec cipher name |
212 | | * @param direction ENCRYPTION or DECRYPTION |
213 | | * @param provider provider implementation to choose |
214 | | */ |
215 | | BOTAN_DEPRECATED("Use Cipher_Mode::create") |
216 | | inline Cipher_Mode* get_cipher_mode(const std::string& algo_spec, |
217 | | Cipher_Dir direction, |
218 | | const std::string& provider = "") |
219 | 0 | { |
220 | 0 | return Cipher_Mode::create(algo_spec, direction, provider).release(); |
221 | 0 | } |
222 | | |
223 | | } |
224 | | |
225 | | #endif |