aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/modes/cbc
Commit message (Collapse)AuthorAgeFilesLines
* Make exceptions easier to translate to error codesJack Lloyd2018-11-231-1/+1
| | | | | | | | | | | Avoid throwing base Botan::Exception type, as it is difficult to determine what the error is in that case. Add Exception::error_code and Exception::error_type which allows (for error code) more information about the error and (for error type) allows knowing the error type without requiring a sequence of catches. See GH #1742
* Use more informative error message for invalid CBC paddingJack Lloyd2018-10-231-1/+1
| | | | GH #1714
* Refactor mode tests, and correct bugs foundJack Lloyd2018-09-291-1/+7
| | | | | | | | | | | | | | | | | | | Several problems in CBC found by adding tests - If you set a key, then set a nonce, then set a new key, you could encrypt without setting a new nonce. - It was possible to call CBC finish without setting a nonce, which would crash. - If you had an CBC decryption object, set a key, set a nonce, then reset message state, it should throw because no nonce is set. Instead it would carry on using an all-zero nonce. Disable CommonCrypto with PKCS7 padding as it seems to have some problem that I cannot figure out from the build logs. This work sponsored by Ribose Inc
* Have cipher modes also verify that the nonce is set prior to useJack Lloyd2018-08-172-5/+12
|
* Make stream, block, hash and cipher mode base classes optionalJack Lloyd2018-01-121-0/+1
|
* Change header guard format to BOTAN_FOO_H_Jack Lloyd2017-09-201-2/+2
| | | | | | ISO C++ reserves names with double underscores in them Closes #512
* Add API stability annotations.Jack Lloyd2017-09-191-5/+5
| | | | | Defined in build.h, all equal to BOTAN_DLL so ties into existing system for exporting symbols.
* Small cleanup in CBC modeJack Lloyd2017-09-162-21/+23
|
* Handle IV carryover in CBC, CFB, and stream ciphersJack Lloyd2017-05-131-1/+1
| | | | | | Allow an empty nonce to mean "continue using the current cipher state". GH #864
* Remove "Dirty hack" for multiple defines in lex_me_harder()Simon Warta2017-04-021-1/+3
|
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-182-21/+21
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* Rewrote bc unpad functions as const time operations.Never2016-12-091-2/+6
| | | | | | The unpad functions return the blocksize as padding position, if the padding is invalid. .
* Cipher_Mode and AEAD_Mode improvementsDaniel Neus2016-11-082-1/+20
| | | | | | | | | | | | See PR #552 - Add Cipher_Mode::reset() which resets just the message specific state and allows encrypting again under the existing key - In Cipher_Mode::clear() (at some planes) use cipher->clear() instead of resetting the pointer which would make the cipher object unusable - EAX_Decryption::output_length() bugfix?! Now its possible to decrypt an empty ciphertext (just a tag) - Bugfix for GCM_Decryption::finish() - set tag length in GCM_Mode::name() - Cipher_Mode tests: add tests for reset()and process() - AEAD_Mode tests: add tests for reset(), clear(), update() and process()
* Remove Algo_RegistryJack Lloyd2016-10-211-1/+1
| | | | | | | I repent my use of global constructors. I repent my use of global locks. Hopefully I will never touch this code again. :)
* Improve modes doxygen [ci skip]René Korthaus2016-10-191-0/+14
|
* Cipher_Mode API improvementsJack Lloyd2016-09-012-16/+10
| | | | | | | | | | | | | | | | | | | | The Cipher_Mode::update API is more general than needed to just support ciphers (this is due to it previously being an API of Transform which before 8b85b780515 was Cipher_Mode's base class) Define a less general interface `process` which either processes the blocks in-place, producing exactly as much output as there was input, or (SIV/CCM case) saves the entire message for processing in `finish`. These two uses cover all current or anticipated cipher modes. Leaves `update` for compatability with existing callers; all that is needed is an inline function forwarding to `process`. Removes the return type from `start` - in all cipher implementations, this always returned an empty vector. Adds BOTAN_ARG_CHECK macro; right now BOTAN_ASSERT is being used for argument checking in some places, which is not right at all.
* cppcheck fixes: Class 'X' has a constructor with 1 argument that is not ↵Daniel Neus2016-03-051-2/+2
| | | | explicit.
* Add final attribute to many classesJack Lloyd2016-01-101-2/+2
| | | | | | | In some cases this can offer better optimization, via devirtualization. And it lets the user know the class is not intended for derivation. Some discussion in GH #402
* Reroot the exception hierarchy into a toplevel Exception classJack Lloyd2015-12-111-2/+2
| | | | | | | | As the alternatives are unfortunate for applications trying to catch all library errors, and it seems deriving from std::runtime_error causes problems with MSVC DLLs (GH #340) Effectively reverts 2837e915d82e43
* Same treatment for cipher modesJack Lloyd2015-09-101-21/+0
|
* For CBC, ECB, and XTS the output length of a zero length input is wellJack Lloyd2015-08-041-2/+4
| | | | | | defined, so don't fail. Fix XTS, as XTS always uses ciphertext stealing the value of output_length had been incorrect in rounding up to the block size.
* modes: Add missing overridesDaniel Seither2015-07-301-2/+2
|
* Fix round_upSimon Warta2015-07-151-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1. src/lib/codec/base64/base64.cpp: : (round_up<size_t>(input_length, 3) / 3) * 4; 2. src/lib/codec/base64/base64.cpp: : (round_up<size_t>(input_length, 4) * 3) / 4; 3. src/lib/filters/transform_filter.cpp: return round_up(target_size, update_granularity); 4. src/lib/math/bigint/bigint.cpp: m_reg.resize(round_up<size_t>(size, 8)); 5. src/lib/math/bigint/bigint.cpp: m_reg.resize(round_up<size_t>((length / WORD_BYTES) + 1, 8)); 6. src/lib/math/numbertheory/mp_numth.cpp: BigInt z(BigInt::Positive, round_up<size_t>(2*x_sw, 16)); 7. src/lib/modes/cbc/cbc.cpp: return round_up(input_length, cipher().block_size()); 8. src/lib/modes/ecb/ecb.cpp: return round_up(input_length, cipher().block_size()); 9. src/lib/modes/xts/xts.cpp: return round_up(input_length, cipher().block_size()); 10. src/lib/pbkdf/pbkdf2/pbkdf2.cpp: const size_t blocks_needed = round_up(out_len, prf_sz) / prf_sz; 11. src/lib/tls/tls_record.cpp: const size_t buf_size = round_up( 12. src/lib/utils/rounding.h:inline T round_up(T n, T align_to) 1. Reason for change 2. Reason for change 3. first argument cannot be 0 (`target_size = 1024`) 4. Is a bug in the current implementation iff `size = 0` 5. first argument cannot be 0 6. round_up should return 0 if `x_sw = 0` 7. ? 8. ? 9. ? 10. first argument cannot be 0 (`if(out_len == 0) return 0;`) 11. first argument is unlikely to be 0 (`iv_size + msg_length + mac_size + (block_size ? 1 : 0)`) 12. Implementation
* lib/modes: Convert &vec[0] to vec.data()Simon Warta2015-06-242-15/+15
|
* Hide Algorithm_Factory and use the functions in lookup.h internally.lloyd2015-03-041-1/+1
| | | | | | Fix two memory leaks (in TLS and modes) caused by calling get_foo and then cloning the result before saving it (leaking the original object), a holdover from the conversion between construction techniques in 1.11.14
* Use registry for streams and MACs. Start updating callers.lloyd2015-01-311-4/+3
|
* Add a runtime map of string->func() which when called returnlloyd2015-01-281-3/+24
| | | | | | | | | | | | | | | | | Transforms and BlockCiphers. Registration for all types is done at startup but is very cheap as just a std::function and a std::map entry are created, no actual objects are created until needed. This is a huge improvement over Algorithm_Factory which used T::clone() as the function and thus kept a prototype object of each type in memory. Replace existing lookup mechanisms for ciphers, AEADs, and compression to use the transform lookup. The existing Engine framework remains in place for BlockCipher, but the engines now just call to the registry instead of having hardcoded lookups. s/Transformation/Transform/ with typedefs for compatability. Remove lib/selftest code (for runtime selftesting): not the right approach.
* Ensure all files have copyright and license info.lloyd2015-01-102-2/+2
| | | | | Update license header line to specify the terms and refer to the file, neither of which it included before.
* Replace Transformatio::nstart with start_raw so we can do a full setlloyd2014-11-052-3/+3
| | | | of overloads in the base class with the same name.
* Erroring on strict-overflow is a little too strict, GCC 4.9 is smartlloyd2014-05-261-11/+8
|
* Avoid strict overflow warnings in GCC 4.8lloyd2014-01-241-2/+6
|
* Guess I won't be needing theselloyd2014-01-181-1/+0
|
* Split off the keyed interfaces of transform to Keyed_Transformlloyd2014-01-181-1/+1
| | | | | Remove the unhelpful 'Algorithm' base class which had previously acted more or less as a global base.
* Move lib into srclloyd2014-01-103-0/+436
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-03 22:47:15 +0000