/src/botan/build/include/botan/internal/ccm.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * CCM Mode |
3 | | * (C) 2013 Jack Lloyd |
4 | | * (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity |
5 | | * |
6 | | * Botan is released under the Simplified BSD License (see license.txt) |
7 | | */ |
8 | | |
9 | | #ifndef BOTAN_AEAD_CCM_H_ |
10 | | #define BOTAN_AEAD_CCM_H_ |
11 | | |
12 | | #include <botan/aead.h> |
13 | | #include <botan/block_cipher.h> |
14 | | |
15 | | namespace Botan { |
16 | | |
17 | | /** |
18 | | * Base class for CCM encryption and decryption |
19 | | * @see RFC 3610 |
20 | | */ |
21 | | class CCM_Mode : public AEAD_Mode |
22 | | { |
23 | | public: |
24 | | size_t process(uint8_t buf[], size_t sz) override final; |
25 | | |
26 | | void set_associated_data(const uint8_t ad[], size_t ad_len) override final; |
27 | | |
28 | 0 | bool associated_data_requires_key() const override final { return false; } |
29 | | |
30 | | std::string name() const override final; |
31 | | |
32 | | size_t update_granularity() const override final; |
33 | | |
34 | | size_t ideal_granularity() const override final; |
35 | | |
36 | | bool requires_entire_message() const override final; |
37 | | |
38 | | Key_Length_Specification key_spec() const override final; |
39 | | |
40 | | bool valid_nonce_length(size_t) const override final; |
41 | | |
42 | | size_t default_nonce_length() const override final; |
43 | | |
44 | | void clear() override final; |
45 | | |
46 | | void reset() override final; |
47 | | |
48 | 0 | size_t tag_size() const override final { return m_tag_size; } |
49 | | |
50 | | bool has_keying_material() const override final; |
51 | | protected: |
52 | | CCM_Mode(std::unique_ptr<BlockCipher> cipher, size_t tag_size, size_t L); |
53 | | |
54 | 0 | size_t L() const { return m_L; } |
55 | | |
56 | 0 | const BlockCipher& cipher() const { return *m_cipher; } |
57 | | |
58 | | void encode_length(uint64_t len, uint8_t out[]); |
59 | | |
60 | | static void inc(secure_vector<uint8_t>& C); |
61 | | |
62 | 0 | const secure_vector<uint8_t>& ad_buf() const { return m_ad_buf; } |
63 | | |
64 | 0 | secure_vector<uint8_t>& msg_buf() { return m_msg_buf; } |
65 | | |
66 | | secure_vector<uint8_t> format_b0(size_t msg_size); |
67 | | secure_vector<uint8_t> format_c0(); |
68 | | private: |
69 | | void start_msg(const uint8_t nonce[], size_t nonce_len) override final; |
70 | | |
71 | | void key_schedule(const uint8_t key[], size_t length) override final; |
72 | | |
73 | | const size_t m_tag_size; |
74 | | const size_t m_L; |
75 | | |
76 | | std::unique_ptr<BlockCipher> m_cipher; |
77 | | secure_vector<uint8_t> m_nonce, m_msg_buf, m_ad_buf; |
78 | | }; |
79 | | |
80 | | /** |
81 | | * CCM Encryption |
82 | | */ |
83 | | class CCM_Encryption final : public CCM_Mode |
84 | | { |
85 | | public: |
86 | | /** |
87 | | * @param cipher a 128-bit block cipher |
88 | | * @param tag_size is how big the auth tag will be (even values |
89 | | * between 4 and 16 are accepted) |
90 | | * @param L length of L parameter. The total message length |
91 | | * must be less than 2**L bytes, and the nonce is 15-L bytes. |
92 | | */ |
93 | | CCM_Encryption(std::unique_ptr<BlockCipher> cipher, size_t tag_size = 16, size_t L = 3) : |
94 | 0 | CCM_Mode(std::move(cipher), tag_size, L) {} |
95 | | |
96 | | void finish(secure_vector<uint8_t>& final_block, size_t offset = 0) override; |
97 | | |
98 | | size_t output_length(size_t input_length) const override |
99 | 0 | { return input_length + tag_size(); } |
100 | | |
101 | 0 | size_t minimum_final_size() const override { return 0; } |
102 | | }; |
103 | | |
104 | | /** |
105 | | * CCM Decryption |
106 | | */ |
107 | | class CCM_Decryption final : public CCM_Mode |
108 | | { |
109 | | public: |
110 | | /** |
111 | | * @param cipher a 128-bit block cipher |
112 | | * @param tag_size is how big the auth tag will be (even values |
113 | | * between 4 and 16 are accepted) |
114 | | * @param L length of L parameter. The total message length |
115 | | * must be less than 2**L bytes, and the nonce is 15-L bytes. |
116 | | */ |
117 | | CCM_Decryption(std::unique_ptr<BlockCipher> cipher, size_t tag_size = 16, size_t L = 3) : |
118 | 0 | CCM_Mode(std::move(cipher), tag_size, L) {} |
119 | | |
120 | | void finish(secure_vector<uint8_t>& final_block, size_t offset = 0) override; |
121 | | |
122 | | size_t output_length(size_t input_length) const override |
123 | 0 | { |
124 | 0 | BOTAN_ARG_CHECK(input_length >= tag_size(), "Sufficient input"); |
125 | 0 | return input_length - tag_size(); |
126 | 0 | } |
127 | | |
128 | 0 | size_t minimum_final_size() const override { return tag_size(); } |
129 | | }; |
130 | | |
131 | | } |
132 | | |
133 | | #endif |