diff options
| author | Daniel Neus <[email protected]> | 2016-07-20 22:26:26 +0200 |
|---|---|---|
| committer | Daniel Neus <[email protected]> | 2016-11-08 22:16:09 +0100 |
| commit | 06b44d8ed339b3a467f10a326fd209b0b9496060 (patch) | |
| tree | 24c3bf3f20ba697a658d6d009d0cdb7be8a3e41f /src/lib/modes/cbc | |
| parent | 523b2a4ca48fa5cf04ea371aabe7167ce2e5cd13 (diff) | |
Cipher_Mode and AEAD_Mode improvements
See PR #552
- Add Cipher_Mode::reset() which resets just the message specific state and allows encrypting again under the existing key
- In Cipher_Mode::clear() (at some planes) use cipher->clear() instead of resetting the pointer which would make the cipher object unusable
- EAX_Decryption::output_length() bugfix?! Now its possible to decrypt an empty ciphertext (just a tag)
- Bugfix for GCM_Decryption::finish()
- set tag length in GCM_Mode::name()
- Cipher_Mode tests: add tests for reset()and process()
- AEAD_Mode tests: add tests for reset(), clear(), update() and process()
Diffstat (limited to 'src/lib/modes/cbc')
| -rw-r--r-- | src/lib/modes/cbc/cbc.cpp | 14 | ||||
| -rw-r--r-- | src/lib/modes/cbc/cbc.h | 7 |
2 files changed, 20 insertions, 1 deletions
diff --git a/src/lib/modes/cbc/cbc.cpp b/src/lib/modes/cbc/cbc.cpp index 7e1fe4d0f..592ff95e9 100644 --- a/src/lib/modes/cbc/cbc.cpp +++ b/src/lib/modes/cbc/cbc.cpp @@ -1,6 +1,7 @@ /* * CBC Mode * (C) 1999-2007,2013 Jack Lloyd +* (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -25,7 +26,12 @@ CBC_Mode::CBC_Mode(BlockCipher* cipher, BlockCipherModePaddingMethod* padding) : void CBC_Mode::clear() { m_cipher->clear(); - m_state.clear(); + reset(); + } + +void CBC_Mode::reset() + { + zeroise(m_state); } std::string CBC_Mode::name() const @@ -239,6 +245,12 @@ void CBC_Decryption::finish(secure_vector<byte>& buffer, size_t offset) buffer.resize(buffer.size() - pad_bytes); // remove padding } +void CBC_Decryption::reset() + { + zeroise(state()); + zeroise(m_tempbuf); + } + bool CTS_Decryption::valid_nonce_length(size_t n) const { return (n == cipher().block_size()); diff --git a/src/lib/modes/cbc/cbc.h b/src/lib/modes/cbc/cbc.h index c6b6e4e4b..1b7cbd323 100644 --- a/src/lib/modes/cbc/cbc.h +++ b/src/lib/modes/cbc/cbc.h @@ -1,6 +1,7 @@ /* * CBC mode * (C) 1999-2007,2013 Jack Lloyd +* (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -31,6 +32,9 @@ class BOTAN_DLL CBC_Mode : public Cipher_Mode bool valid_nonce_length(size_t n) const override; void clear() override; + + void reset() override; + protected: CBC_Mode(BlockCipher* cipher, BlockCipherModePaddingMethod* padding); @@ -118,6 +122,9 @@ class BOTAN_DLL CBC_Decryption : public CBC_Mode size_t output_length(size_t input_length) const override; size_t minimum_final_size() const override; + + void reset() override; + private: secure_vector<byte> m_tempbuf; }; |