diff options
-rw-r--r-- | doc/manual/stream_ciphers.rst | 10 | ||||
-rw-r--r-- | src/lib/stream/chacha/chacha.cpp | 2 | ||||
-rw-r--r-- | src/lib/stream/chacha/chacha.h | 6 | ||||
-rw-r--r-- | src/lib/stream/ctr/ctr.h | 2 | ||||
-rw-r--r-- | src/lib/stream/ofb/ofb.h | 2 | ||||
-rw-r--r-- | src/lib/stream/salsa20/salsa20.cpp | 15 | ||||
-rw-r--r-- | src/lib/stream/salsa20/salsa20.h | 2 | ||||
-rw-r--r-- | src/lib/stream/shake_cipher/shake_cipher.h | 2 | ||||
-rw-r--r-- | src/lib/stream/stream_cipher.h | 6 | ||||
-rw-r--r-- | src/tests/test_stream.cpp | 7 |
10 files changed, 43 insertions, 11 deletions
diff --git a/doc/manual/stream_ciphers.rst b/doc/manual/stream_ciphers.rst index 1d3b1b8f2..2fdfb9bb7 100644 --- a/doc/manual/stream_ciphers.rst +++ b/doc/manual/stream_ciphers.rst @@ -50,11 +50,21 @@ vector. the stream cipher. Some ciphers do not support IVs at all, and will return false for any value except zero. + .. cpp:function:: size_t valid_iv_length() const + + Returns some default IV size, normally the largest IV supported by the + cipher. If this function returns zero, then IVs are not supported any any + call to ``set_iv`` will fail. + .. cpp:function:: void set_iv(const uint8_t*, size_t len) Load IV into the stream cipher state. This should happen after the key is set and before any operation (encrypt/decrypt/seek) is called. + If the cipher does not support IVs, then a call with ``len`` equal to zero + will be accepted and any other length will cause a ``Invalid_IV_Length`` + exception. + .. cpp:function:: void seek(uint64_t offset) Sets the state of the stream cipher and keystream according to the passed diff --git a/src/lib/stream/chacha/chacha.cpp b/src/lib/stream/chacha/chacha.cpp index 7ccc4293b..fac9a5a36 100644 --- a/src/lib/stream/chacha/chacha.cpp +++ b/src/lib/stream/chacha/chacha.cpp @@ -310,7 +310,7 @@ void ChaCha::seek(uint64_t offset) verify_key_set(m_state.empty() == false); // Find the block offset - uint64_t counter = offset / 64; + const uint64_t counter = offset / 64; uint8_t out[8]; diff --git a/src/lib/stream/chacha/chacha.h b/src/lib/stream/chacha/chacha.h index a4f3e3b75..d0e131315 100644 --- a/src/lib/stream/chacha/chacha.h +++ b/src/lib/stream/chacha/chacha.h @@ -34,11 +34,15 @@ class BOTAN_PUBLIC_API(2,0) ChaCha final : public StreamCipher void set_iv(const uint8_t iv[], size_t iv_len) override; /* - * ChaCha accepts 0, 8, or 12 byte IVs. The default IV is a 8 zero bytes. + * ChaCha accepts 0, 8, 12 or 24 byte IVs. + * The default IV is a 8 zero bytes. * An IV of length 0 is treated the same as the default zero IV. + * An IV of length 24 selects XChaCha mode */ bool valid_iv_length(size_t iv_len) const override; + size_t default_iv_length() const override { return 24; } + Key_Length_Specification key_spec() const override { return Key_Length_Specification(16, 32, 16); diff --git a/src/lib/stream/ctr/ctr.h b/src/lib/stream/ctr/ctr.h index c4c598161..3e0208363 100644 --- a/src/lib/stream/ctr/ctr.h +++ b/src/lib/stream/ctr/ctr.h @@ -23,6 +23,8 @@ class BOTAN_PUBLIC_API(2,0) CTR_BE final : public StreamCipher void set_iv(const uint8_t iv[], size_t iv_len) override; + size_t default_iv_length() const override { return m_cipher->block_size(); } + bool valid_iv_length(size_t iv_len) const override { return (iv_len <= m_cipher->block_size()); } diff --git a/src/lib/stream/ofb/ofb.h b/src/lib/stream/ofb/ofb.h index e1f538984..afba43753 100644 --- a/src/lib/stream/ofb/ofb.h +++ b/src/lib/stream/ofb/ofb.h @@ -23,6 +23,8 @@ class BOTAN_PUBLIC_API(2,0) OFB final : public StreamCipher void set_iv(const uint8_t iv[], size_t iv_len) override; + size_t default_iv_length() const override { return m_cipher->block_size(); } + bool valid_iv_length(size_t iv_len) const override { return (iv_len <= m_cipher->block_size()); } diff --git a/src/lib/stream/salsa20/salsa20.cpp b/src/lib/stream/salsa20/salsa20.cpp index 3ee6cf37e..ff24995ee 100644 --- a/src/lib/stream/salsa20/salsa20.cpp +++ b/src/lib/stream/salsa20/salsa20.cpp @@ -136,13 +136,6 @@ void Salsa20::initialize_state() static const uint32_t SIGMA[] = { 0x61707865, 0x3320646e, 0x79622d32, 0x6b206574 }; - const uint32_t* CONSTANTS = (m_key.size() == 4) ? TAU : SIGMA; - - m_state[0] = CONSTANTS[0]; - m_state[5] = CONSTANTS[1]; - m_state[10] = CONSTANTS[2]; - m_state[15] = CONSTANTS[3]; - m_state[1] = m_key[0]; m_state[2] = m_key[1]; m_state[3] = m_key[2]; @@ -150,6 +143,10 @@ void Salsa20::initialize_state() if(m_key.size() == 4) { + m_state[0] = TAU[0]; + m_state[5] = TAU[1]; + m_state[10] = TAU[2]; + m_state[15] = TAU[3]; m_state[11] = m_key[0]; m_state[12] = m_key[1]; m_state[13] = m_key[2]; @@ -157,6 +154,10 @@ void Salsa20::initialize_state() } else { + m_state[0] = SIGMA[0]; + m_state[5] = SIGMA[1]; + m_state[10] = SIGMA[2]; + m_state[15] = SIGMA[3]; m_state[11] = m_key[4]; m_state[12] = m_key[5]; m_state[13] = m_key[6]; diff --git a/src/lib/stream/salsa20/salsa20.h b/src/lib/stream/salsa20/salsa20.h index 090f9b18d..ea193273c 100644 --- a/src/lib/stream/salsa20/salsa20.h +++ b/src/lib/stream/salsa20/salsa20.h @@ -25,6 +25,8 @@ class BOTAN_PUBLIC_API(2,0) Salsa20 final : public StreamCipher bool valid_iv_length(size_t iv_len) const override { return (iv_len == 0 || iv_len == 8 || iv_len == 24); } + size_t default_iv_length() const override { return 24; } + Key_Length_Specification key_spec() const override { return Key_Length_Specification(16, 32, 16); diff --git a/src/lib/stream/shake_cipher/shake_cipher.h b/src/lib/stream/shake_cipher/shake_cipher.h index 12f2e780b..344ac965b 100644 --- a/src/lib/stream/shake_cipher/shake_cipher.h +++ b/src/lib/stream/shake_cipher/shake_cipher.h @@ -36,8 +36,6 @@ class BOTAN_PUBLIC_API(2,0) SHAKE_128_Cipher final : public StreamCipher */ void set_iv(const uint8_t iv[], size_t iv_len) override; - bool valid_iv_length(size_t iv_len) const override { return (iv_len == 0); } - /** * In principle SHAKE can accept arbitrary length inputs, but this * does not seem required for a stream cipher. diff --git a/src/lib/stream/stream_cipher.h b/src/lib/stream/stream_cipher.h index 03ffcadd0..fee37f4e4 100644 --- a/src/lib/stream/stream_cipher.h +++ b/src/lib/stream/stream_cipher.h @@ -101,6 +101,12 @@ class BOTAN_PUBLIC_API(2,0) StreamCipher : public SymmetricAlgorithm virtual void set_iv(const uint8_t iv[], size_t iv_len) = 0; /** + * Return the default (preferred) nonce length + * If this function returns 0, then this cipher does not support nonces + */ + virtual size_t default_iv_length() const { return 0; } + + /** * @param iv_len the length of the IV in bytes * @return if the length is valid for this algorithm */ diff --git a/src/tests/test_stream.cpp b/src/tests/test_stream.cpp index 5b61518f5..a77db5d39 100644 --- a/src/tests/test_stream.cpp +++ b/src/tests/test_stream.cpp @@ -57,6 +57,13 @@ class Stream_Cipher_Tests final : public Text_Based_Test result.test_is_nonempty("provider", provider); result.test_eq(provider, cipher->name(), algo); + result.confirm("default iv length is valid", cipher->valid_iv_length(cipher->default_iv_length())); + + if(cipher->default_iv_length() == 0) + { + result.confirm("if default iv length is zero, no iv supported", nonce.size() == 0); + } + try { std::vector<uint8_t> buf(128); |