Botan  1.10.9
eax.cpp
Go to the documentation of this file.
1 /*
2 * EAX Mode Encryption
3 * (C) 1999-2007 Jack Lloyd
4 *
5 * Distributed under the terms of the Botan license
6 */
7 
8 #include <botan/eax.h>
9 #include <botan/cmac.h>
10 #include <botan/ctr.h>
11 #include <botan/parsing.h>
12 #include <botan/internal/xor_buf.h>
13 #include <algorithm>
14 
15 namespace Botan {
16 
17 namespace {
18 
19 /*
20 * EAX MAC-based PRF
21 */
22 SecureVector<byte> eax_prf(byte tag, size_t BLOCK_SIZE,
23  MessageAuthenticationCode* mac,
24  const byte in[], size_t length)
25  {
26  for(size_t i = 0; i != BLOCK_SIZE - 1; ++i)
27  mac->update(0);
28  mac->update(tag);
29  mac->update(in, length);
30  return mac->final();
31  }
32 
33 }
34 
35 /*
36 * EAX_Base Constructor
37 */
38 EAX_Base::EAX_Base(BlockCipher* cipher, size_t tag_size) :
39  BLOCK_SIZE(cipher->block_size()),
40  TAG_SIZE(tag_size ? tag_size / 8 : BLOCK_SIZE),
41  cipher_name(cipher->name()),
42  ctr_buf(DEFAULT_BUFFERSIZE)
43  {
44  cmac = new CMAC(cipher->clone());
45  ctr = new CTR_BE(cipher); // takes ownership
46 
47  if(tag_size % 8 != 0 || TAG_SIZE == 0 || TAG_SIZE > cmac->output_length())
48  throw Invalid_Argument(name() + ": Bad tag size " + to_string(tag_size));
49  }
50 
51 /*
52 * Check if a keylength is valid for EAX
53 */
54 bool EAX_Base::valid_keylength(size_t n) const
55  {
56  if(!ctr->valid_keylength(n))
57  return false;
58  return true;
59  }
60 
61 /*
62 * Set the EAX key
63 */
65  {
66  /*
67  * These could share the key schedule, which is one nice part of EAX,
68  * but it's much easier to ignore that here...
69  */
70  ctr->set_key(key);
71  cmac->set_key(key);
72 
73  header_mac = eax_prf(1, BLOCK_SIZE, cmac, 0, 0);
74  }
75 
76 /*
77 * Do setup at the start of each message
78 */
80  {
81  for(size_t i = 0; i != BLOCK_SIZE - 1; ++i)
82  cmac->update(0);
83  cmac->update(2);
84  }
85 
86 /*
87 * Set the EAX nonce
88 */
90  {
91  nonce_mac = eax_prf(0, BLOCK_SIZE, cmac, iv.begin(), iv.length());
93  }
94 
95 /*
96 * Set the EAX header
97 */
98 void EAX_Base::set_header(const byte header[], size_t length)
99  {
100  header_mac = eax_prf(1, BLOCK_SIZE, cmac, header, length);
101  }
102 
103 /*
104 * Return the name of this cipher mode
105 */
106 std::string EAX_Base::name() const
107  {
108  return (cipher_name + "/EAX");
109  }
110 
111 /*
112 * Encrypt in EAX mode
113 */
114 void EAX_Encryption::write(const byte input[], size_t length)
115  {
116  while(length)
117  {
118  size_t copied = std::min<size_t>(length, ctr_buf.size());
119 
120  ctr->cipher(input, &ctr_buf[0], copied);
121  cmac->update(&ctr_buf[0], copied);
122 
123  send(ctr_buf, copied);
124  input += copied;
125  length -= copied;
126  }
127  }
128 
129 /*
130 * Finish encrypting in EAX mode
131 */
132 void EAX_Encryption::end_msg()
133  {
134  SecureVector<byte> data_mac = cmac->final();
135  xor_buf(data_mac, nonce_mac, data_mac.size());
136  xor_buf(data_mac, header_mac, data_mac.size());
137 
138  send(data_mac, TAG_SIZE);
139  }
140 
141 }
void set_iv(const InitializationVector &iv)
Definition: eax.cpp:89
virtual void set_iv(const byte iv[], size_t iv_len)
std::string name() const
Definition: eax.cpp:106
StreamCipher * ctr
Definition: eax.h:74
bool valid_keylength(size_t key_len) const
Definition: eax.cpp:54
EAX_Base(BlockCipher *cipher, size_t tag_size)
Definition: eax.cpp:38
BigInt n
Definition: numthry.cpp:26
SecureVector< byte > ctr_buf
Definition: eax.h:94
SecureVector< byte > header_mac
Definition: eax.h:89
const size_t TAG_SIZE
Definition: eax.h:64
size_t block_size
Definition: ossl_md.cpp:41
MessageAuthenticationCode * cmac
Definition: eax.h:79
virtual BlockCipher * clone() const =0
std::string cipher_name
Definition: eax.h:69
std::invalid_argument Invalid_Argument
Definition: exceptn.h:20
void start_msg()
Definition: eax.cpp:79
size_t length() const
Definition: symkey.h:25
unsigned char byte
Definition: types.h:22
bool valid_keylength(size_t length) const
Definition: sym_algo.h:51
void send(const byte in[], size_t length)
Definition: filter.cpp:28
void set_key(const SymmetricKey &key)
Definition: sym_algo.h:60
const byte * begin() const
Definition: symkey.h:35
MessageAuthenticationCode * mac
Definition: fpe_fe1.cpp:94
void update(const byte in[], size_t length)
Definition: buf_comp.h:33
virtual void cipher(const byte in[], byte out[], size_t len)=0
size_t size() const
Definition: secmem.h:29
void final(byte out[])
Definition: buf_comp.h:80
void set_header(const byte header[], size_t header_len)
Definition: eax.cpp:98
std::string cipher_name
Definition: ossl_bc.cpp:42
std::string to_string(u64bit n, size_t min_len)
Definition: parsing.cpp:42
void set_key(const SymmetricKey &key)
Definition: eax.cpp:64
void xor_buf(byte out[], const byte in[], size_t length)
Definition: xor_buf.h:21
SecureVector< byte > nonce_mac
Definition: eax.h:84
virtual size_t output_length() const =0