diff options
| -rw-r--r-- | doc/aead.rst | 4 | ||||
| -rw-r--r-- | src/aead/aead.cpp | 75 | ||||
| -rw-r--r-- | src/aead/aead.h | 9 | ||||
| -rw-r--r-- | src/aead/eax/eax.cpp | 4 | ||||
| -rw-r--r-- | src/aead/eax/eax.h | 2 | ||||
| -rw-r--r-- | src/aead/gcm/gcm.cpp | 4 | ||||
| -rw-r--r-- | src/aead/gcm/gcm.h | 2 | ||||
| -rw-r--r-- | src/aead/ocb/ocb.cpp | 4 | ||||
| -rw-r--r-- | src/aead/ocb/ocb.h | 2 | ||||
| -rw-r--r-- | src/filters/aead_filt/aead_filt.cpp | 2 | ||||
| -rw-r--r-- | src/libstate/info.txt | 1 | ||||
| -rw-r--r-- | src/libstate/lookup.cpp | 14 | ||||
| -rw-r--r-- | src/libstate/lookup.h | 12 |
13 files changed, 90 insertions, 45 deletions
diff --git a/doc/aead.rst b/doc/aead.rst index 9b21108ee..e34b00706 100644 --- a/doc/aead.rst +++ b/doc/aead.rst @@ -37,13 +37,11 @@ use a 128-bit block cipher such as AES. call this function more than once, even across multiple calls to :cpp:func:`start` and :cpp:func:`finish`. - .. cpp:function:: secure_vector<byte> start(const byte nonce[], size_t nonce_len) + .. cpp:function:: void start(const byte nonce[], size_t nonce_len) Start processing a message, using *nonce* as the unique per-message value. - Returns any initial data that should be emitted (such as a header). - .. cpp:function:: void update(secure_vector<byte>& buffer) Continue processing a message. The *buffer* is an in/out diff --git a/src/aead/aead.cpp b/src/aead/aead.cpp new file mode 100644 index 000000000..62d6d5f44 --- /dev/null +++ b/src/aead/aead.cpp @@ -0,0 +1,75 @@ +/* +* Interface for AEAD modes +* (C) 2013 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/aead.h> +#include <botan/libstate.h> + +#if defined(BOTAN_HAS_AEAD_EAX) + #include <botan/eax.h> +#endif + +#if defined(BOTAN_HAS_AEAD_GCM) + #include <botan/gcm.h> +#endif + +#if defined(BOTAN_HAS_AEAD_OCB) + #include <botan/ocb.h> +#endif + +namespace Botan { + +AEAD_Mode* get_aead(const std::string& algo_spec, Cipher_Dir direction) + { + Algorithm_Factory& af = global_state().algorithm_factory(); + + const std::vector<std::string> algo_parts = split_on(algo_spec, '/'); + if(algo_parts.empty()) + throw Invalid_Algorithm_Name(algo_spec); + + const std::string cipher_name = algo_parts[0]; + const std::string mode_name = algo_parts[1]; + + const size_t tag_size = 16; // default for all current AEAD + + const BlockCipher* cipher = af.prototype_block_cipher(cipher_name); + if(!cipher) + return nullptr; + +#if defined(BOTAN_HAS_AEAD_EAX) + if(mode_name == "EAX") + { + if(direction == ENCRYPTION) + return new EAX_Encryption(cipher->clone(), tag_size); + else + return new EAX_Decryption(cipher->clone(), tag_size); + } +#endif + +#if defined(BOTAN_HAS_AEAD_GCM) + if(mode_name == "GCM") + { + if(direction == ENCRYPTION) + return new GCM_Encryption(cipher->clone(), tag_size); + else + return new GCM_Decryption(cipher->clone(), tag_size); + } +#endif + +#if defined(BOTAN_HAS_AEAD_OCB) + if(mode_name == "OCB") + { + if(direction == ENCRYPTION) + return new OCB_Encryption(cipher->clone(), tag_size); + else + return new OCB_Decryption(cipher->clone(), tag_size); + } +#endif + + return nullptr; + } + +} diff --git a/src/aead/aead.h b/src/aead/aead.h index e0e07e8ab..c4de71857 100644 --- a/src/aead/aead.h +++ b/src/aead/aead.h @@ -66,10 +66,10 @@ class AEAD_Mode : public SymmetricAlgorithm * @param nonce the per message nonce * @param nonce_len length of nonce */ - virtual secure_vector<byte> start(const byte nonce[], size_t nonce_len) = 0; + virtual void start(const byte nonce[], size_t nonce_len) = 0; template<typename Alloc> - secure_vector<byte> start_vec(const std::vector<byte, Alloc>& nonce) + void start_vec(const std::vector<byte, Alloc>& nonce) { return start(&nonce[0], nonce.size()); } @@ -94,6 +94,11 @@ class AEAD_Mode : public SymmetricAlgorithm virtual ~AEAD_Mode() {} }; +/** +* Get an AEAD mode by name (eg "AES-128/GCM" or "Serpent/EAX") +*/ +BOTAN_DLL AEAD_Mode* get_aead(const std::string& name, Cipher_Dir direction); + } #endif diff --git a/src/aead/eax/eax.cpp b/src/aead/eax/eax.cpp index c6aaa9e85..a0e00b6d6 100644 --- a/src/aead/eax/eax.cpp +++ b/src/aead/eax/eax.cpp @@ -92,7 +92,7 @@ void EAX_Mode::set_associated_data(const byte ad[], size_t length) m_ad_mac = eax_prf(1, block_size(), *m_cmac, ad, length); } -secure_vector<byte> EAX_Mode::start(const byte nonce[], size_t nonce_len) +void EAX_Mode::start(const byte nonce[], size_t nonce_len) { if(!valid_nonce_length(nonce_len)) throw Invalid_IV_Length(name(), nonce_len); @@ -104,8 +104,6 @@ secure_vector<byte> EAX_Mode::start(const byte nonce[], size_t nonce_len) for(size_t i = 0; i != block_size() - 1; ++i) m_cmac->update(0); m_cmac->update(2); - - return secure_vector<byte>(); } void EAX_Encryption::update(secure_vector<byte>& buffer, size_t offset) diff --git a/src/aead/eax/eax.h b/src/aead/eax/eax.h index 6720bdca4..790f24513 100644 --- a/src/aead/eax/eax.h +++ b/src/aead/eax/eax.h @@ -22,7 +22,7 @@ namespace Botan { class BOTAN_DLL EAX_Mode : public AEAD_Mode { public: - secure_vector<byte> start(const byte nonce[], size_t nonce_len) override; + void start(const byte nonce[], size_t nonce_len) override; void set_associated_data(const byte ad[], size_t ad_len) override; diff --git a/src/aead/gcm/gcm.cpp b/src/aead/gcm/gcm.cpp index 665fc4472..fbef36fee 100644 --- a/src/aead/gcm/gcm.cpp +++ b/src/aead/gcm/gcm.cpp @@ -153,7 +153,7 @@ void GCM_Mode::set_associated_data(const byte ad[], size_t ad_len) m_ad_len = ad_len; } -secure_vector<byte> GCM_Mode::start(const byte nonce[], size_t nonce_len) +void GCM_Mode::start(const byte nonce[], size_t nonce_len) { if(!valid_nonce_length(nonce_len)) throw Invalid_IV_Length(name(), nonce_len); @@ -178,8 +178,6 @@ secure_vector<byte> GCM_Mode::start(const byte nonce[], size_t nonce_len) m_text_len = 0; m_mac = m_H_ad; - - return secure_vector<byte>(); } void GCM_Encryption::update(secure_vector<byte>& buffer, size_t offset) diff --git a/src/aead/gcm/gcm.h b/src/aead/gcm/gcm.h index bc7eaae20..10a4a3497 100644 --- a/src/aead/gcm/gcm.h +++ b/src/aead/gcm/gcm.h @@ -21,7 +21,7 @@ namespace Botan { class BOTAN_DLL GCM_Mode : public AEAD_Mode { public: - secure_vector<byte> start(const byte nonce[], size_t nonce_len) override; + void start(const byte nonce[], size_t nonce_len) override; void set_associated_data(const byte ad[], size_t ad_len) override; diff --git a/src/aead/ocb/ocb.cpp b/src/aead/ocb/ocb.cpp index 4cbd8bde8..20f54dca7 100644 --- a/src/aead/ocb/ocb.cpp +++ b/src/aead/ocb/ocb.cpp @@ -215,7 +215,7 @@ void OCB_Mode::set_associated_data(const byte ad[], size_t ad_len) m_ad_hash = ocb_hash(*m_L, *m_cipher, &ad[0], ad_len); } -secure_vector<byte> OCB_Mode::start(const byte nonce[], size_t nonce_len) +void OCB_Mode::start(const byte nonce[], size_t nonce_len) { if(!valid_nonce_length(nonce_len)) throw Invalid_IV_Length(name(), nonce_len); @@ -225,8 +225,6 @@ secure_vector<byte> OCB_Mode::start(const byte nonce[], size_t nonce_len) m_offset = m_nonce_state->update_nonce(nonce, nonce_len); zeroise(m_checksum); m_block_index = 0; - - return secure_vector<byte>(); } void OCB_Encryption::encrypt(byte buffer[], size_t blocks) diff --git a/src/aead/ocb/ocb.h b/src/aead/ocb/ocb.h index d50710a79..597cd9c52 100644 --- a/src/aead/ocb/ocb.h +++ b/src/aead/ocb/ocb.h @@ -30,7 +30,7 @@ class Nonce_State; class BOTAN_DLL OCB_Mode : public AEAD_Mode { public: - secure_vector<byte> start(const byte nonce[], size_t nonce_len) override; + void start(const byte nonce[], size_t nonce_len) override; void set_associated_data(const byte ad[], size_t ad_len) override; diff --git a/src/filters/aead_filt/aead_filt.cpp b/src/filters/aead_filt/aead_filt.cpp index f70b8eafe..3588c3980 100644 --- a/src/filters/aead_filt/aead_filt.cpp +++ b/src/filters/aead_filt/aead_filt.cpp @@ -72,7 +72,7 @@ void AEAD_Filter::end_msg() void AEAD_Filter::start_msg() { - send(m_aead->start_vec(m_nonce.get())); + m_aead->start_vec(m_nonce.get()); } void AEAD_Filter::buffered_block(const byte input[], size_t input_length) diff --git a/src/libstate/info.txt b/src/libstate/info.txt index 9f36d7be8..b0704cd96 100644 --- a/src/libstate/info.txt +++ b/src/libstate/info.txt @@ -24,7 +24,6 @@ scan_name.cpp <requires> aes -aead algo_factory alloc bigint diff --git a/src/libstate/lookup.cpp b/src/libstate/lookup.cpp index 5c5f038ee..24a46e3e9 100644 --- a/src/libstate/lookup.cpp +++ b/src/libstate/lookup.cpp @@ -108,18 +108,4 @@ Keyed_Filter* get_cipher(const std::string& algo_spec, key, InitializationVector(), direction); } -AEAD_Filter* get_aead(const std::string& algo_spec, - Cipher_Dir direction) - { - std::unique_ptr<Keyed_Filter> c(get_cipher(algo_spec, direction)); - - if(AEAD_Filter* aead = dynamic_cast<AEAD_Filter*>(c.get())) - { - c.release(); - return aead; - } - - return nullptr; - } - } diff --git a/src/libstate/lookup.h b/src/libstate/lookup.h index c9d1ee707..7387a3471 100644 --- a/src/libstate/lookup.h +++ b/src/libstate/lookup.h @@ -11,7 +11,6 @@ #include <botan/libstate.h> #include <botan/engine.h> #include <botan/filters.h> -#include <botan/aead_filt.h> #include <botan/mode_pad.h> #include <botan/kdf.h> #include <botan/eme.h> @@ -220,17 +219,6 @@ BOTAN_DLL Keyed_Filter* get_cipher(const std::string& algo_spec, Cipher_Dir direction); /** -* Factory method for AEAD filters. No key will be set in the filter. -* -* @param algo_spec the name of the desired AEAD mode (eg "AES-128/OCB") -* @param direction determines whether the filter will be an encrypting or -* decrypting filter -* @return pointer to the encryption or decryption filter -*/ -BOTAN_DLL AEAD_Filter* get_aead(const std::string& algo_spec, - Cipher_Dir direction); - -/** * Check if an algorithm exists. * @param algo_spec the name of the algorithm to check for * @return true if the algorithm exists, false otherwise |