Botan  1.11.15
src/lib/modes/aead/ccm/ccm.h
Go to the documentation of this file.
00001 /*
00002 * CCM Mode
00003 * (C) 2013 Jack Lloyd
00004 *
00005 * Botan is released under the Simplified BSD License (see license.txt)
00006 */
00007 
00008 #ifndef BOTAN_AEAD_CCM_H__
00009 #define BOTAN_AEAD_CCM_H__
00010 
00011 #include <botan/aead.h>
00012 #include <botan/block_cipher.h>
00013 #include <botan/stream_cipher.h>
00014 #include <botan/mac.h>
00015 
00016 namespace Botan {
00017 
00018 /**
00019 * Base class for CCM encryption and decryption
00020 * @see RFC 3610
00021 */
00022 class BOTAN_DLL CCM_Mode : public AEAD_Mode
00023    {
00024    public:
00025       void update(secure_vector<byte>& blocks, size_t offset = 0) override;
00026 
00027       void set_associated_data(const byte ad[], size_t ad_len) override;
00028 
00029       std::string name() const override;
00030 
00031       size_t update_granularity() const;
00032 
00033       Key_Length_Specification key_spec() const override;
00034 
00035       bool valid_nonce_length(size_t) const override;
00036 
00037       size_t default_nonce_length() const override;
00038 
00039       void clear() override;
00040 
00041       size_t tag_size() const { return m_tag_size; }
00042 
00043    protected:
00044       const size_t BS = 16; // intrinsic to CCM definition
00045 
00046       CCM_Mode(BlockCipher* cipher, size_t tag_size, size_t L);
00047 
00048       size_t L() const { return m_L; }
00049 
00050       const BlockCipher& cipher() const { return *m_cipher; }
00051 
00052       void encode_length(size_t len, byte out[]);
00053 
00054       void inc(secure_vector<byte>& C);
00055 
00056       const secure_vector<byte>& ad_buf() const { return m_ad_buf; }
00057 
00058       secure_vector<byte>& msg_buf() { return m_msg_buf; }
00059 
00060       secure_vector<byte> format_b0(size_t msg_size);
00061       secure_vector<byte> format_c0();
00062    private:
00063       secure_vector<byte> start_raw(const byte nonce[], size_t nonce_len) override;
00064 
00065       void key_schedule(const byte key[], size_t length) override;
00066 
00067       const size_t m_tag_size;
00068       const size_t m_L;
00069 
00070       std::unique_ptr<BlockCipher> m_cipher;
00071       secure_vector<byte> m_nonce, m_msg_buf, m_ad_buf;
00072    };
00073 
00074 /**
00075 * CCM Encryption
00076 */
00077 class BOTAN_DLL CCM_Encryption : public CCM_Mode
00078    {
00079    public:
00080       /**
00081       * @param cipher a 128-bit block cipher
00082       * @param tag_size is how big the auth tag will be (even values
00083       *                 between 4 and 16 are accepted)
00084       * @param L length of L parameter. The total message length
00085       *           must be less than 2**L bytes, and the nonce is 15-L bytes.
00086       */
00087       CCM_Encryption(BlockCipher* cipher, size_t tag_size = 16, size_t L = 3) :
00088          CCM_Mode(cipher, tag_size, L) {}
00089 
00090       void finish(secure_vector<byte>& final_block, size_t offset = 0) override;
00091 
00092       size_t output_length(size_t input_length) const override
00093          { return input_length + tag_size(); }
00094 
00095       size_t minimum_final_size() const override { return 0; }
00096    };
00097 
00098 /**
00099 * CCM Decryption
00100 */
00101 class BOTAN_DLL CCM_Decryption : public CCM_Mode
00102    {
00103    public:
00104       /**
00105       * @param cipher a 128-bit block cipher
00106       * @param tag_size is how big the auth tag will be (even values
00107       *                 between 4 and 16 are accepted)
00108       * @param L length of L parameter. The total message length
00109       *           must be less than 2**L bytes, and the nonce is 15-L bytes.
00110       */
00111       CCM_Decryption(BlockCipher* cipher, size_t tag_size = 16, size_t L = 3) :
00112          CCM_Mode(cipher, tag_size, L) {}
00113 
00114       void finish(secure_vector<byte>& final_block, size_t offset = 0) override;
00115 
00116       size_t output_length(size_t input_length) const override
00117          {
00118          BOTAN_ASSERT(input_length > tag_size(), "Sufficient input");
00119          return input_length - tag_size();
00120          }
00121 
00122       size_t minimum_final_size() const override { return tag_size(); }
00123    };
00124 
00125 }
00126 
00127 #endif