diff options
27 files changed, 72 insertions, 52 deletions
diff --git a/doc/manual/aead.rst b/doc/manual/aead.rst index dbd06bbe1..a5c60c14b 100644 --- a/doc/manual/aead.rst +++ b/doc/manual/aead.rst @@ -35,7 +35,7 @@ AEAD modes currently available include GCM, OCB, and EAX. All three use a function more than once, even across multiple calls to :cpp:func:`start` and :cpp:func:`finish`. - .. cpp:function:: secure_vector<byte> start(const byte nonce[], size_t nonce_len) + .. cpp:function:: void start(const byte nonce[], size_t nonce_len) Start processing a message, using *nonce* as the unique per-message value. diff --git a/src/cmd/speed/speed.cpp b/src/cmd/speed/speed.cpp index 381cc9d83..e7e3e5ff7 100644 --- a/src/cmd/speed/speed.cpp +++ b/src/cmd/speed/speed.cpp @@ -134,7 +134,7 @@ void time_transform(std::unique_ptr<Transformation> tf, std::chrono::nanoseconds time_used(0); - tf->start_vec(rng.random_vec(tf->default_nonce_length())); + tf->start(rng.random_vec(tf->default_nonce_length())); auto start = std::chrono::high_resolution_clock::now(); diff --git a/src/lib/algo_base/transform.h b/src/lib/algo_base/transform.h index 229425efd..4fe958632 100644 --- a/src/lib/algo_base/transform.h +++ b/src/lib/algo_base/transform.h @@ -28,6 +28,17 @@ class BOTAN_DLL Transformation * @param nonce the per message nonce */ template<typename Alloc> + secure_vector<byte> start(const std::vector<byte, Alloc>& nonce) + { + return start(&nonce[0], nonce.size()); + } + + /** + * Begin processing a message. + * @param nonce the per message nonce + */ + template<typename Alloc> + BOTAN_DEPRECATED("Use Transformation::start") secure_vector<byte> start_vec(const std::vector<byte, Alloc>& nonce) { return start(&nonce[0], nonce.size()); @@ -38,7 +49,20 @@ class BOTAN_DLL Transformation * @param nonce the per message nonce * @param nonce_len length of nonce */ - virtual secure_vector<byte> start(const byte nonce[], size_t nonce_len) = 0; + secure_vector<byte> start(const byte nonce[], size_t nonce_len) + { + return start_raw(nonce, nonce_len); + } + + /** + * Begin processing a message. + */ + secure_vector<byte> start() + { + return start_raw(nullptr, 0); + } + + virtual secure_vector<byte> start_raw(const byte nonce[], size_t nonce_len) = 0; /** * Process some data. Input must be in size update_granularity() byte blocks. diff --git a/src/lib/filters/transform_filter.cpp b/src/lib/filters/transform_filter.cpp index 19c8bda60..e3a8202ce 100644 --- a/src/lib/filters/transform_filter.cpp +++ b/src/lib/filters/transform_filter.cpp @@ -90,7 +90,7 @@ void Transformation_Filter::end_msg() void Transformation_Filter::start_msg() { - send(m_transform->start_vec(m_nonce.get())); + send(m_transform->start(m_nonce.get())); } void Transformation_Filter::buffered_block(const byte input[], size_t input_length) diff --git a/src/lib/mac/cmac/cmac.cpp b/src/lib/mac/cmac/cmac.cpp index b4c9cb129..daa320a36 100644 --- a/src/lib/mac/cmac/cmac.cpp +++ b/src/lib/mac/cmac/cmac.cpp @@ -46,6 +46,8 @@ secure_vector<byte> CMAC::poly_double(const secure_vector<byte>& in) out[out.size()-2] ^= 0x1; out[out.size()-1] ^= 0x25; break; + default: + throw std::runtime_error("Unsupported CMAC size " + std::to_string(in.size())); } } diff --git a/src/lib/modes/aead/ccm/ccm.cpp b/src/lib/modes/aead/ccm/ccm.cpp index 7fd92e149..2ae58c990 100644 --- a/src/lib/modes/aead/ccm/ccm.cpp +++ b/src/lib/modes/aead/ccm/ccm.cpp @@ -90,7 +90,7 @@ void CCM_Mode::set_associated_data(const byte ad[], size_t length) } } -secure_vector<byte> CCM_Mode::start(const byte nonce[], size_t nonce_len) +secure_vector<byte> CCM_Mode::start_raw(const byte nonce[], size_t nonce_len) { if(!valid_nonce_length(nonce_len)) throw Invalid_IV_Length(name(), nonce_len); diff --git a/src/lib/modes/aead/ccm/ccm.h b/src/lib/modes/aead/ccm/ccm.h index bf0f35e66..9db377827 100644 --- a/src/lib/modes/aead/ccm/ccm.h +++ b/src/lib/modes/aead/ccm/ccm.h @@ -22,8 +22,6 @@ namespace Botan { class BOTAN_DLL CCM_Mode : public AEAD_Mode { public: - secure_vector<byte> start(const byte nonce[], size_t nonce_len) override; - void update(secure_vector<byte>& blocks, size_t offset = 0) override; void set_associated_data(const byte ad[], size_t ad_len) override; @@ -62,6 +60,8 @@ class BOTAN_DLL CCM_Mode : public AEAD_Mode secure_vector<byte> format_b0(size_t msg_size); secure_vector<byte> format_c0(); private: + secure_vector<byte> start_raw(const byte nonce[], size_t nonce_len) override; + void key_schedule(const byte key[], size_t length) override; const size_t m_tag_size; diff --git a/src/lib/modes/aead/eax/eax.cpp b/src/lib/modes/aead/eax/eax.cpp index 249bf5f7e..c1d55d0e4 100644 --- a/src/lib/modes/aead/eax/eax.cpp +++ b/src/lib/modes/aead/eax/eax.cpp @@ -92,7 +92,7 @@ void EAX_Mode::set_associated_data(const byte ad[], size_t length) m_ad_mac = eax_prf(1, block_size(), *m_cmac, ad, length); } -secure_vector<byte> EAX_Mode::start(const byte nonce[], size_t nonce_len) +secure_vector<byte> EAX_Mode::start_raw(const byte nonce[], size_t nonce_len) { if(!valid_nonce_length(nonce_len)) throw Invalid_IV_Length(name(), nonce_len); diff --git a/src/lib/modes/aead/eax/eax.h b/src/lib/modes/aead/eax/eax.h index c27c83ed0..9e721c303 100644 --- a/src/lib/modes/aead/eax/eax.h +++ b/src/lib/modes/aead/eax/eax.h @@ -21,8 +21,6 @@ namespace Botan { class BOTAN_DLL EAX_Mode : public AEAD_Mode { public: - secure_vector<byte> start(const byte nonce[], size_t nonce_len) override; - void set_associated_data(const byte ad[], size_t ad_len) override; std::string name() const override; @@ -38,8 +36,6 @@ class BOTAN_DLL EAX_Mode : public AEAD_Mode void clear() override; protected: - void key_schedule(const byte key[], size_t length) override; - /** * @param cipher the cipher to use * @param tag_size is how big the auth tag will be @@ -57,6 +53,10 @@ class BOTAN_DLL EAX_Mode : public AEAD_Mode secure_vector<byte> m_ad_mac; secure_vector<byte> m_nonce_mac; + private: + secure_vector<byte> start_raw(const byte nonce[], size_t nonce_len) override; + + void key_schedule(const byte key[], size_t length) override; }; /** diff --git a/src/lib/modes/aead/gcm/gcm.cpp b/src/lib/modes/aead/gcm/gcm.cpp index b39e6ac92..2b60f332e 100644 --- a/src/lib/modes/aead/gcm/gcm.cpp +++ b/src/lib/modes/aead/gcm/gcm.cpp @@ -206,7 +206,7 @@ void GCM_Mode::set_associated_data(const byte ad[], size_t ad_len) m_ghash->set_associated_data(ad, ad_len); } -secure_vector<byte> GCM_Mode::start(const byte nonce[], size_t nonce_len) +secure_vector<byte> GCM_Mode::start_raw(const byte nonce[], size_t nonce_len) { if(!valid_nonce_length(nonce_len)) throw Invalid_IV_Length(name(), nonce_len); diff --git a/src/lib/modes/aead/gcm/gcm.h b/src/lib/modes/aead/gcm/gcm.h index 41cb189d9..918f3c7c7 100644 --- a/src/lib/modes/aead/gcm/gcm.h +++ b/src/lib/modes/aead/gcm/gcm.h @@ -22,8 +22,6 @@ class GHASH; class BOTAN_DLL GCM_Mode : public AEAD_Mode { public: - secure_vector<byte> start(const byte nonce[], size_t nonce_len) override; - void set_associated_data(const byte ad[], size_t ad_len) override; std::string name() const override; @@ -39,8 +37,6 @@ class BOTAN_DLL GCM_Mode : public AEAD_Mode void clear() override; protected: - void key_schedule(const byte key[], size_t length) override; - GCM_Mode(BlockCipher* cipher, size_t tag_size); const size_t BS = 16; @@ -50,6 +46,10 @@ class BOTAN_DLL GCM_Mode : public AEAD_Mode std::unique_ptr<StreamCipher> m_ctr; std::unique_ptr<GHASH> m_ghash; + private: + secure_vector<byte> start_raw(const byte nonce[], size_t nonce_len) override; + + void key_schedule(const byte key[], size_t length) override; }; /** diff --git a/src/lib/modes/aead/ocb/ocb.cpp b/src/lib/modes/aead/ocb/ocb.cpp index 5909e0c12..8bb45f217 100644 --- a/src/lib/modes/aead/ocb/ocb.cpp +++ b/src/lib/modes/aead/ocb/ocb.cpp @@ -223,7 +223,7 @@ OCB_Mode::update_nonce(const byte nonce[], size_t nonce_len) return offset; } -secure_vector<byte> OCB_Mode::start(const byte nonce[], size_t nonce_len) +secure_vector<byte> OCB_Mode::start_raw(const byte nonce[], size_t nonce_len) { if(!valid_nonce_length(nonce_len)) throw Invalid_IV_Length(name(), nonce_len); diff --git a/src/lib/modes/aead/ocb/ocb.h b/src/lib/modes/aead/ocb/ocb.h index 24a6c474f..a7293ffcb 100644 --- a/src/lib/modes/aead/ocb/ocb.h +++ b/src/lib/modes/aead/ocb/ocb.h @@ -28,8 +28,6 @@ class L_computer; class BOTAN_DLL OCB_Mode : public AEAD_Mode { public: - secure_vector<byte> start(const byte nonce[], size_t nonce_len) override; - void set_associated_data(const byte ad[], size_t ad_len) override; std::string name() const override; @@ -64,6 +62,8 @@ class BOTAN_DLL OCB_Mode : public AEAD_Mode secure_vector<byte> m_offset; secure_vector<byte> m_ad_hash; private: + secure_vector<byte> start_raw(const byte nonce[], size_t nonce_len) override; + secure_vector<byte> update_nonce(const byte nonce[], size_t nonce_len); size_t m_tag_size = 0; diff --git a/src/lib/modes/aead/siv/siv.cpp b/src/lib/modes/aead/siv/siv.cpp index be998cdb0..827be1ef7 100644 --- a/src/lib/modes/aead/siv/siv.cpp +++ b/src/lib/modes/aead/siv/siv.cpp @@ -71,7 +71,7 @@ void SIV_Mode::set_associated_data_n(size_t n, const byte ad[], size_t length) m_ad_macs[n] = m_cmac->process(ad, length); } -secure_vector<byte> SIV_Mode::start(const byte nonce[], size_t nonce_len) +secure_vector<byte> SIV_Mode::start_raw(const byte nonce[], size_t nonce_len) { if(!valid_nonce_length(nonce_len)) throw Invalid_IV_Length(name(), nonce_len); @@ -100,7 +100,7 @@ secure_vector<byte> SIV_Mode::S2V(const byte* text, size_t text_len) { const byte zero[16] = { 0 }; - secure_vector<byte> V = cmac().process(zero, 16); + secure_vector<byte> V = m_cmac->process(zero, 16); for(size_t i = 0; i != m_ad_macs.size(); ++i) { @@ -119,14 +119,14 @@ secure_vector<byte> SIV_Mode::S2V(const byte* text, size_t text_len) V = CMAC::poly_double(V); xor_buf(&V[0], text, text_len); V[text_len] ^= 0x80; - return cmac().process(V); + return m_cmac->process(V); } - cmac().update(text, text_len - 16); + m_cmac->update(text, text_len - 16); xor_buf(&V[0], &text[text_len - 16], 16); - cmac().update(V); + m_cmac->update(V); - return cmac().final(); + return m_cmac->final(); } void SIV_Mode::set_ctr_iv(secure_vector<byte> V) diff --git a/src/lib/modes/aead/siv/siv.h b/src/lib/modes/aead/siv/siv.h index bca8831b8..433771696 100644 --- a/src/lib/modes/aead/siv/siv.h +++ b/src/lib/modes/aead/siv/siv.h @@ -21,8 +21,6 @@ namespace Botan { class BOTAN_DLL SIV_Mode : public AEAD_Mode { public: - secure_vector<byte> start(const byte nonce[], size_t nonce_len) override; - void update(secure_vector<byte>& blocks, size_t offset = 0) override; void set_associated_data_n(size_t n, const byte ad[], size_t ad_len); @@ -55,12 +53,11 @@ class BOTAN_DLL SIV_Mode : public AEAD_Mode secure_vector<byte> S2V(const byte text[], size_t text_len); private: - MessageAuthenticationCode& cmac() { return *m_cmac; } + secure_vector<byte> start_raw(const byte nonce[], size_t nonce_len) override; void key_schedule(const byte key[], size_t length) override; const std::string m_name; - std::unique_ptr<StreamCipher> m_ctr; std::unique_ptr<MessageAuthenticationCode> m_cmac; secure_vector<byte> m_nonce, m_msg_buf; diff --git a/src/lib/modes/cbc/cbc.cpp b/src/lib/modes/cbc/cbc.cpp index 5fe5c8b17..c527014f4 100644 --- a/src/lib/modes/cbc/cbc.cpp +++ b/src/lib/modes/cbc/cbc.cpp @@ -62,7 +62,7 @@ void CBC_Mode::key_schedule(const byte key[], size_t length) m_cipher->set_key(key, length); } -secure_vector<byte> CBC_Mode::start(const byte nonce[], size_t nonce_len) +secure_vector<byte> CBC_Mode::start_raw(const byte nonce[], size_t nonce_len) { if(!valid_nonce_length(nonce_len)) throw Invalid_IV_Length(name(), nonce_len); diff --git a/src/lib/modes/cbc/cbc.h b/src/lib/modes/cbc/cbc.h index 88542d476..833cceb7c 100644 --- a/src/lib/modes/cbc/cbc.h +++ b/src/lib/modes/cbc/cbc.h @@ -20,8 +20,6 @@ namespace Botan { class BOTAN_DLL CBC_Mode : public Cipher_Mode { public: - secure_vector<byte> start(const byte nonce[], size_t nonce_len) override; - std::string name() const override; size_t update_granularity() const override; @@ -49,6 +47,8 @@ class BOTAN_DLL CBC_Mode : public Cipher_Mode byte* state_ptr() { return &m_state[0]; } private: + secure_vector<byte> start_raw(const byte nonce[], size_t nonce_len) override; + void key_schedule(const byte key[], size_t length) override; std::unique_ptr<BlockCipher> m_cipher; diff --git a/src/lib/modes/cfb/cfb.cpp b/src/lib/modes/cfb/cfb.cpp index 7b4aed3f0..4b0c210f9 100644 --- a/src/lib/modes/cfb/cfb.cpp +++ b/src/lib/modes/cfb/cfb.cpp @@ -69,7 +69,7 @@ void CFB_Mode::key_schedule(const byte key[], size_t length) m_cipher->set_key(key, length); } -secure_vector<byte> CFB_Mode::start(const byte nonce[], size_t nonce_len) +secure_vector<byte> CFB_Mode::start_raw(const byte nonce[], size_t nonce_len) { if(!valid_nonce_length(nonce_len)) throw Invalid_IV_Length(name(), nonce_len); diff --git a/src/lib/modes/cfb/cfb.h b/src/lib/modes/cfb/cfb.h index 56d2fd8e2..7e616f94e 100644 --- a/src/lib/modes/cfb/cfb.h +++ b/src/lib/modes/cfb/cfb.h @@ -20,8 +20,6 @@ namespace Botan { class BOTAN_DLL CFB_Mode : public Cipher_Mode { public: - secure_vector<byte> start(const byte nonce[], size_t nonce_len) override; - std::string name() const override; size_t update_granularity() const override; @@ -49,6 +47,7 @@ class BOTAN_DLL CFB_Mode : public Cipher_Mode secure_vector<byte>& keystream_buf() { return m_keystream_buf; } private: + secure_vector<byte> start_raw(const byte nonce[], size_t nonce_len) override; void key_schedule(const byte key[], size_t length) override; std::unique_ptr<BlockCipher> m_cipher; diff --git a/src/lib/modes/ecb/ecb.cpp b/src/lib/modes/ecb/ecb.cpp index f026eb035..93e70cf49 100644 --- a/src/lib/modes/ecb/ecb.cpp +++ b/src/lib/modes/ecb/ecb.cpp @@ -57,7 +57,7 @@ void ECB_Mode::key_schedule(const byte key[], size_t length) m_cipher->set_key(key, length); } -secure_vector<byte> ECB_Mode::start(const byte[], size_t nonce_len) +secure_vector<byte> ECB_Mode::start_raw(const byte[], size_t nonce_len) { if(!valid_nonce_length(nonce_len)) throw Invalid_IV_Length(name(), nonce_len); diff --git a/src/lib/modes/ecb/ecb.h b/src/lib/modes/ecb/ecb.h index e0d66eb46..1e95e00a8 100644 --- a/src/lib/modes/ecb/ecb.h +++ b/src/lib/modes/ecb/ecb.h @@ -20,8 +20,6 @@ namespace Botan { class BOTAN_DLL ECB_Mode : public Cipher_Mode { public: - secure_vector<byte> start(const byte nonce[], size_t nonce_len) override; - std::string name() const override; size_t update_granularity() const override; @@ -41,6 +39,7 @@ class BOTAN_DLL ECB_Mode : public Cipher_Mode const BlockCipherModePaddingMethod& padding() const { return *m_padding; } private: + secure_vector<byte> start_raw(const byte nonce[], size_t nonce_len) override; void key_schedule(const byte key[], size_t length) override; std::unique_ptr<BlockCipher> m_cipher; diff --git a/src/lib/modes/xts/xts.cpp b/src/lib/modes/xts/xts.cpp index 1b41a5a5d..d0680d4d9 100644 --- a/src/lib/modes/xts/xts.cpp +++ b/src/lib/modes/xts/xts.cpp @@ -107,7 +107,7 @@ void XTS_Mode::key_schedule(const byte key[], size_t length) m_tweak_cipher->set_key(&key[key_half], key_half); } -secure_vector<byte> XTS_Mode::start(const byte nonce[], size_t nonce_len) +secure_vector<byte> XTS_Mode::start_raw(const byte nonce[], size_t nonce_len) { if(!valid_nonce_length(nonce_len)) throw Invalid_IV_Length(name(), nonce_len); diff --git a/src/lib/modes/xts/xts.h b/src/lib/modes/xts/xts.h index c9cff2f1d..bdc52b79e 100644 --- a/src/lib/modes/xts/xts.h +++ b/src/lib/modes/xts/xts.h @@ -21,8 +21,6 @@ class BOTAN_DLL XTS_Mode : public Cipher_Mode public: std::string name() const override; - secure_vector<byte> start(const byte nonce[], size_t nonce_len) override; - size_t update_granularity() const override; size_t minimum_final_size() const override; @@ -44,6 +42,7 @@ class BOTAN_DLL XTS_Mode : public Cipher_Mode void update_tweak(size_t last_used); private: + secure_vector<byte> start_raw(const byte nonce[], size_t nonce_len) override; void key_schedule(const byte key[], size_t length) override; std::unique_ptr<BlockCipher> m_cipher, m_tweak_cipher; diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp index 67bf9933d..925961764 100644 --- a/src/lib/tls/tls_record.cpp +++ b/src/lib/tls/tls_record.cpp @@ -164,7 +164,7 @@ void write_record(secure_vector<byte>& output, BOTAN_ASSERT(nonce.size() == implicit_nonce_bytes + explicit_nonce_bytes, "Expected nonce size"); - // wrong if start_vec returns something + // wrong if start returns something const size_t rec_size = ctext_size + implicit_nonce_bytes; BOTAN_ASSERT(rec_size <= 0xFFFF, "Ciphertext length fits in field"); @@ -177,7 +177,7 @@ void write_record(secure_vector<byte>& output, ); output += std::make_pair(&nonce[explicit_nonce_bytes], implicit_nonce_bytes); - BOTAN_ASSERT(aead->start_vec(nonce).empty(), "AEAD doesn't return anything from start"); + BOTAN_ASSERT(aead->start(nonce).empty(), "AEAD doesn't return anything from start"); const size_t offset = output.size(); output += std::make_pair(&msg[0], msg_length); @@ -398,7 +398,7 @@ void decrypt_record(secure_vector<byte>& output, cipherstate.format_ad(record_sequence, record_type, record_version, ptext_size) ); - output += aead->start_vec(nonce); + output += aead->start(nonce); const size_t offset = output.size(); output += std::make_pair(&msg[0], msg_length); diff --git a/src/tests/test_aead.cpp b/src/tests/test_aead.cpp index f716c0554..2cc7a0c50 100644 --- a/src/tests/test_aead.cpp +++ b/src/tests/test_aead.cpp @@ -41,7 +41,7 @@ size_t aead_test(const std::string& algo, const auto expected_ct = hex_decode_locked(expected); auto vec = pt; - enc->start_vec(nonce); + enc->start(nonce); // should first update if possible enc->finish(vec); @@ -54,7 +54,7 @@ size_t aead_test(const std::string& algo, vec = expected_ct; - dec->start_vec(nonce); + dec->start(nonce); dec->finish(vec); if(vec != pt) @@ -67,7 +67,7 @@ size_t aead_test(const std::string& algo, { vec = expected_ct; vec[0] ^= 1; - dec->start_vec(nonce); + dec->start(nonce); try { dec->finish(vec); @@ -82,7 +82,7 @@ size_t aead_test(const std::string& algo, bad_nonce[0] ^= 1; vec = expected_ct; - dec->start_vec(bad_nonce); + dec->start(bad_nonce); try { @@ -105,7 +105,7 @@ size_t aead_test(const std::string& algo, aead_dec->set_associated_data_vec(bad_ad); vec = expected_ct; - dec->start_vec(nonce); + dec->start(nonce); try { diff --git a/src/tests/test_modes.cpp b/src/tests/test_modes.cpp index 1c3dad934..018efd3bd 100644 --- a/src/tests/test_modes.cpp +++ b/src/tests/test_modes.cpp @@ -22,7 +22,7 @@ secure_vector<byte> run_mode(const std::string& algo, std::unique_ptr<Cipher_Mode> cipher(get_cipher(algo, dir)); cipher->set_key(key); - cipher->start_vec(nonce); + cipher->start(nonce); secure_vector<byte> ct = pt; cipher->finish(ct); diff --git a/src/tests/test_transform.cpp b/src/tests/test_transform.cpp index 737eb2f33..aba0e32c9 100644 --- a/src/tests/test_transform.cpp +++ b/src/tests/test_transform.cpp @@ -22,7 +22,7 @@ secure_vector<byte> transform_test(const std::string& algo, std::unique_ptr<Transformation> transform(get_transform(algo)); //transform->set_key(key); - transform->start_vec(nonce); + transform->start(nonce); secure_vector<byte> out = in; transform->update(out, 0); |