1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
|
/*
* Common Filters
* (C) 1999-2007,2015 Jack Lloyd
* (C) 2013 Joel Low
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
#ifndef BOTAN_FILTERS_H_
#define BOTAN_FILTERS_H_
#include <botan/secmem.h>
#include <botan/data_snk.h>
#include <botan/pipe.h>
#include <botan/symkey.h>
#include <botan/cipher_mode.h>
#if defined(BOTAN_TARGET_OS_HAS_THREADS)
#include <thread>
#endif
#if defined(BOTAN_HAS_STREAM_CIPHER)
#include <botan/stream_cipher.h>
#endif
#if defined(BOTAN_HAS_HASH)
#include <botan/hash.h>
#endif
#if defined(BOTAN_HAS_MAC)
#include <botan/mac.h>
#endif
namespace Botan {
/**
* Filter mixin that breaks input into blocks, useful for
* cipher modes
*/
class BOTAN_PUBLIC_API(2,0) Buffered_Filter
{
public:
/**
* Write bytes into the buffered filter, which will them emit them
* in calls to buffered_block in the subclass
* @param in the input bytes
* @param length of in in bytes
*/
void write(const uint8_t in[], size_t length);
template<typename Alloc>
void write(const std::vector<uint8_t, Alloc>& in, size_t length)
{
write(in.data(), length);
}
/**
* Finish a message, emitting to buffered_block and buffered_final
* Will throw an exception if less than final_minimum bytes were
* written into the filter.
*/
void end_msg();
/**
* Initialize a Buffered_Filter
* @param block_size the function buffered_block will be called
* with inputs which are a multiple of this size
* @param final_minimum the function buffered_final will be called
* with at least this many bytes.
*/
Buffered_Filter(size_t block_size, size_t final_minimum);
virtual ~Buffered_Filter() = default;
protected:
/**
* The block processor, implemented by subclasses
* @param input some input bytes
* @param length the size of input, guaranteed to be a multiple
* of block_size
*/
virtual void buffered_block(const uint8_t input[], size_t length) = 0;
/**
* The final block, implemented by subclasses
* @param input some input bytes
* @param length the size of input, guaranteed to be at least
* final_minimum bytes
*/
virtual void buffered_final(const uint8_t input[], size_t length) = 0;
/**
* @return block size of inputs
*/
size_t buffered_block_size() const { return m_main_block_mod; }
/**
* @return current position in the buffer
*/
size_t current_position() const { return m_buffer_pos; }
/**
* Reset the buffer position
*/
void buffer_reset() { m_buffer_pos = 0; }
private:
size_t m_main_block_mod, m_final_minimum;
secure_vector<uint8_t> m_buffer;
size_t m_buffer_pos;
};
/**
* This class represents keyed filters, i.e. filters that have to be
* fed with a key in order to function.
*/
class BOTAN_PUBLIC_API(2,0) Keyed_Filter : public Filter
{
public:
/**
* Set the key of this filter
* @param key the key to use
*/
virtual void set_key(const SymmetricKey& key) = 0;
/**
* Set the initialization vector of this filter. Note: you should
* call set_iv() only after you have called set_key()
* @param iv the initialization vector to use
*/
virtual void set_iv(const InitializationVector& iv)
{
if(iv.length() != 0)
throw Invalid_IV_Length(name(), iv.length());
}
/**
* Check whether a key length is valid for this filter
* @param length the key length to be checked for validity
* @return true if the key length is valid, false otherwise
*/
bool valid_keylength(size_t length) const
{
return key_spec().valid_keylength(length);
}
/**
* @return object describing limits on key size
*/
virtual Key_Length_Specification key_spec() const = 0;
/**
* Check whether an IV length is valid for this filter
* @param length the IV length to be checked for validity
* @return true if the IV length is valid, false otherwise
*/
virtual bool valid_iv_length(size_t length) const
{ return (length == 0); }
};
/**
* Filter interface for cipher modes
*/
class BOTAN_PUBLIC_API(2,0) Cipher_Mode_Filter final : public Keyed_Filter,
private Buffered_Filter
{
public:
explicit Cipher_Mode_Filter(Cipher_Mode* t);
explicit Cipher_Mode_Filter(std::unique_ptr<Cipher_Mode> t) :
Cipher_Mode_Filter(t.release()) {}
void set_iv(const InitializationVector& iv) override;
void set_key(const SymmetricKey& key) override;
Key_Length_Specification key_spec() const override;
bool valid_iv_length(size_t length) const override;
std::string name() const override;
private:
void write(const uint8_t input[], size_t input_length) override;
void start_msg() override;
void end_msg() override;
void buffered_block(const uint8_t input[], size_t input_length) override;
void buffered_final(const uint8_t input[], size_t input_length) override;
std::unique_ptr<Cipher_Mode> m_mode;
std::vector<uint8_t> m_nonce;
secure_vector<uint8_t> m_buffer;
};
// deprecated aliases, will be removed in a future major release
typedef Cipher_Mode_Filter Transform_Filter;
typedef Transform_Filter Transformation_Filter;
/*
* Get a cipher object
*/
/**
* Factory method for general symmetric cipher filters. No key will be
* set in the filter.
*
* @param algo_spec the name of the desired cipher
* @param direction determines whether the filter will be an encrypting or
* decrypting filter
* @return pointer to the encryption or decryption filter
*/
inline Keyed_Filter* get_cipher(const std::string& algo_spec,
Cipher_Dir direction)
{
std::unique_ptr<Cipher_Mode> c(Cipher_Mode::create_or_throw(algo_spec, direction));
return new Cipher_Mode_Filter(c.release());
}
/**
* Factory method for general symmetric cipher filters.
* @param algo_spec the name of the desired cipher
* @param key the key to be used for encryption/decryption performed by
* the filter
* @param direction determines whether the filter will be an encrypting
* or decrypting filter
* @return pointer to the encryption or decryption filter
*/
inline Keyed_Filter* get_cipher(const std::string& algo_spec,
const SymmetricKey& key,
Cipher_Dir direction)
{
Keyed_Filter* cipher = get_cipher(algo_spec, direction);
cipher->set_key(key);
return cipher;
}
/**
* Factory method for general symmetric cipher filters.
* @param algo_spec the name of the desired cipher
* @param key the key to be used for encryption/decryption performed by
* the filter
* @param iv the initialization vector to be used
* @param direction determines whether the filter will be an encrypting
* or decrypting filter
* @return pointer to newly allocated encryption or decryption filter
*/
inline Keyed_Filter* get_cipher(const std::string& algo_spec,
const SymmetricKey& key,
const InitializationVector& iv,
Cipher_Dir direction)
{
Keyed_Filter* cipher = get_cipher(algo_spec, key, direction);
if(iv.length())
cipher->set_iv(iv);
return cipher;
}
#if defined(BOTAN_HAS_STREAM_CIPHER)
/**
* Stream Cipher Filter
*/
class BOTAN_PUBLIC_API(2,0) StreamCipher_Filter final : public Keyed_Filter
{
public:
std::string name() const override { return m_cipher->name(); }
/**
* Write input data
* @param input data
* @param input_len length of input in bytes
*/
void write(const uint8_t input[], size_t input_len) override;
bool valid_iv_length(size_t iv_len) const override
{ return m_cipher->valid_iv_length(iv_len); }
/**
* Set the initialization vector for this filter.
* @param iv the initialization vector to set
*/
void set_iv(const InitializationVector& iv) override
{
m_cipher->set_iv(iv.begin(), iv.length());
}
/**
* Set the key of this filter.
* @param key the key to set
*/
void set_key(const SymmetricKey& key) override { m_cipher->set_key(key); }
Key_Length_Specification key_spec() const override { return m_cipher->key_spec(); }
/**
* Construct a stream cipher filter.
* @param cipher a cipher object to use
*/
explicit StreamCipher_Filter(StreamCipher* cipher);
/**
* Construct a stream cipher filter.
* @param cipher a cipher object to use
* @param key the key to use inside this filter
*/
StreamCipher_Filter(StreamCipher* cipher, const SymmetricKey& key);
/**
* Construct a stream cipher filter.
* @param cipher the name of the desired cipher
*/
explicit StreamCipher_Filter(const std::string& cipher);
/**
* Construct a stream cipher filter.
* @param cipher the name of the desired cipher
* @param key the key to use inside this filter
*/
StreamCipher_Filter(const std::string& cipher, const SymmetricKey& key);
private:
secure_vector<uint8_t> m_buffer;
std::unique_ptr<StreamCipher> m_cipher;
};
#endif
#if defined(BOTAN_HAS_HASH)
/**
* Hash Filter.
*/
class BOTAN_PUBLIC_API(2,0) Hash_Filter final : public Filter
{
public:
void write(const uint8_t input[], size_t len) override { m_hash->update(input, len); }
void end_msg() override;
std::string name() const override { return m_hash->name(); }
/**
* Construct a hash filter.
* @param hash the hash function to use
* @param len the output length of this filter. Leave the default
* value 0 if you want to use the full output of the hashfunction
* hash. Otherwise, specify a smaller value here so that the
* output of the hash algorithm will be cut off.
*/
Hash_Filter(HashFunction* hash, size_t len = 0) :
m_hash(hash), m_out_len(len) {}
/**
* Construct a hash filter.
* @param request the name of the hash algorithm to use
* @param len the output length of this filter. Leave the default
* value 0 if you want to use the full output of the hashfunction
* hash. Otherwise, specify a smaller value here so that the
* output of the hash algorithm will be cut off.
*/
Hash_Filter(const std::string& request, size_t len = 0);
private:
std::unique_ptr<HashFunction> m_hash;
const size_t m_out_len;
};
#endif
#if defined(BOTAN_HAS_MAC)
/**
* MessageAuthenticationCode Filter.
*/
class BOTAN_PUBLIC_API(2,0) MAC_Filter final : public Keyed_Filter
{
public:
void write(const uint8_t input[], size_t len) override { m_mac->update(input, len); }
void end_msg() override;
std::string name() const override { return m_mac->name(); }
/**
* Set the key of this filter.
* @param key the key to set
*/
void set_key(const SymmetricKey& key) override { m_mac->set_key(key); }
Key_Length_Specification key_spec() const override { return m_mac->key_spec(); }
/**
* Construct a MAC filter. The MAC key will be left empty.
* @param mac the MAC to use
* @param out_len the output length of this filter. Leave the default
* value 0 if you want to use the full output of the
* MAC. Otherwise, specify a smaller value here so that the
* output of the MAC will be cut off.
*/
MAC_Filter(MessageAuthenticationCode* mac,
size_t out_len = 0) :
m_mac(mac),
m_out_len(out_len)
{
}
/**
* Construct a MAC filter.
* @param mac the MAC to use
* @param key the MAC key to use
* @param out_len the output length of this filter. Leave the default
* value 0 if you want to use the full output of the
* MAC. Otherwise, specify a smaller value here so that the
* output of the MAC will be cut off.
*/
MAC_Filter(MessageAuthenticationCode* mac,
const SymmetricKey& key,
size_t out_len = 0) :
m_mac(mac),
m_out_len(out_len)
{
m_mac->set_key(key);
}
/**
* Construct a MAC filter. The MAC key will be left empty.
* @param mac the name of the MAC to use
* @param len the output length of this filter. Leave the default
* value 0 if you want to use the full output of the
* MAC. Otherwise, specify a smaller value here so that the
* output of the MAC will be cut off.
*/
MAC_Filter(const std::string& mac, size_t len = 0);
/**
* Construct a MAC filter.
* @param mac the name of the MAC to use
* @param key the MAC key to use
* @param len the output length of this filter. Leave the default
* value 0 if you want to use the full output of the
* MAC. Otherwise, specify a smaller value here so that the
* output of the MAC will be cut off.
*/
MAC_Filter(const std::string& mac, const SymmetricKey& key,
size_t len = 0);
private:
std::unique_ptr<MessageAuthenticationCode> m_mac;
const size_t m_out_len;
};
#endif
#if defined(BOTAN_HAS_COMPRESSION)
class Compression_Algorithm;
class Decompression_Algorithm;
/**
* Filter interface for compression
*/
class BOTAN_PUBLIC_API(2,0) Compression_Filter final : public Filter
{
public:
void start_msg() override;
void write(const uint8_t input[], size_t input_length) override;
void end_msg() override;
void flush();
std::string name() const override;
Compression_Filter(const std::string& type,
size_t compression_level,
size_t buffer_size = 4096);
~Compression_Filter();
private:
std::unique_ptr<Compression_Algorithm> m_comp;
size_t m_buffersize, m_level;
secure_vector<uint8_t> m_buffer;
};
/**
* Filter interface for decompression
*/
class BOTAN_PUBLIC_API(2,0) Decompression_Filter final : public Filter
{
public:
void start_msg() override;
void write(const uint8_t input[], size_t input_length) override;
void end_msg() override;
std::string name() const override;
Decompression_Filter(const std::string& type,
size_t buffer_size = 4096);
~Decompression_Filter();
private:
std::unique_ptr<Decompression_Algorithm> m_comp;
std::size_t m_buffersize;
secure_vector<uint8_t> m_buffer;
};
#endif
/**
* This class represents a Base64 encoder.
*/
class BOTAN_PUBLIC_API(2,0) Base64_Encoder final : public Filter
{
public:
std::string name() const override { return "Base64_Encoder"; }
/**
* Input a part of a message to the encoder.
* @param input the message to input as a byte array
* @param length the length of the byte array input
*/
void write(const uint8_t input[], size_t length) override;
/**
* Inform the Encoder that the current message shall be closed.
*/
void end_msg() override;
/**
* Create a base64 encoder.
* @param breaks whether to use line breaks in the output
* @param length the length of the lines of the output
* @param t_n whether to use a trailing newline
*/
Base64_Encoder(bool breaks = false, size_t length = 72,
bool t_n = false);
private:
void encode_and_send(const uint8_t input[], size_t length,
bool final_inputs = false);
void do_output(const uint8_t output[], size_t length);
const size_t m_line_length;
const bool m_trailing_newline;
std::vector<uint8_t> m_in, m_out;
size_t m_position, m_out_position;
};
/**
* This object represents a Base64 decoder.
*/
class BOTAN_PUBLIC_API(2,0) Base64_Decoder final : public Filter
{
public:
std::string name() const override { return "Base64_Decoder"; }
/**
* Input a part of a message to the decoder.
* @param input the message to input as a byte array
* @param length the length of the byte array input
*/
void write(const uint8_t input[], size_t length) override;
/**
* Finish up the current message
*/
void end_msg() override;
/**
* Create a base64 decoder.
* @param checking the type of checking that shall be performed by
* the decoder
*/
explicit Base64_Decoder(Decoder_Checking checking = NONE);
private:
const Decoder_Checking m_checking;
std::vector<uint8_t> m_in, m_out;
size_t m_position;
};
/**
* Converts arbitrary binary data to hex strings, optionally with
* newlines inserted
*/
class BOTAN_PUBLIC_API(2,0) Hex_Encoder final : public Filter
{
public:
/**
* Whether to use uppercase or lowercase letters for the encoded string.
*/
enum Case { Uppercase, Lowercase };
std::string name() const override { return "Hex_Encoder"; }
void write(const uint8_t in[], size_t length) override;
void end_msg() override;
/**
* Create a hex encoder.
* @param the_case the case to use in the encoded strings.
*/
explicit Hex_Encoder(Case the_case);
/**
* Create a hex encoder.
* @param newlines should newlines be used
* @param line_length if newlines are used, how long are lines
* @param the_case the case to use in the encoded strings
*/
Hex_Encoder(bool newlines = false,
size_t line_length = 72,
Case the_case = Uppercase);
private:
void encode_and_send(const uint8_t[], size_t);
const Case m_casing;
const size_t m_line_length;
std::vector<uint8_t> m_in, m_out;
size_t m_position, m_counter;
};
/**
* Converts hex strings to bytes
*/
class BOTAN_PUBLIC_API(2,0) Hex_Decoder final : public Filter
{
public:
std::string name() const override { return "Hex_Decoder"; }
void write(const uint8_t[], size_t) override;
void end_msg() override;
/**
* Construct a Hex Decoder using the specified
* character checking.
* @param checking the checking to use during decoding.
*/
explicit Hex_Decoder(Decoder_Checking checking = NONE);
private:
const Decoder_Checking m_checking;
std::vector<uint8_t> m_in, m_out;
size_t m_position;
};
/**
* BitBucket is a filter which simply discards all inputs
*/
class BOTAN_PUBLIC_API(2,0) BitBucket final : public Filter
{
public:
void write(const uint8_t[], size_t) override { /* discard */ }
std::string name() const override { return "BitBucket"; }
};
/**
* This class represents Filter chains. A Filter chain is an ordered
* concatenation of Filters, the input to a Chain sequentially passes
* through all the Filters contained in the Chain.
*/
class BOTAN_PUBLIC_API(2,0) Chain final : public Fanout_Filter
{
public:
void write(const uint8_t input[], size_t length) override { send(input, length); }
std::string name() const override { return "Chain"; }
/**
* Construct a chain of up to four filters. The filters are set
* up in the same order as the arguments.
*/
Chain(Filter* = nullptr, Filter* = nullptr,
Filter* = nullptr, Filter* = nullptr);
/**
* Construct a chain from range of filters
* @param filter_arr the list of filters
* @param length how many filters
*/
Chain(Filter* filter_arr[], size_t length);
};
/**
* This class represents a fork filter, whose purpose is to fork the
* flow of data. It causes an input message to result in n messages at
* the end of the filter, where n is the number of forks.
*/
class BOTAN_PUBLIC_API(2,0) Fork : public Fanout_Filter
{
public:
void write(const uint8_t input[], size_t length) override { send(input, length); }
void set_port(size_t n) { Fanout_Filter::set_port(n); }
std::string name() const override { return "Fork"; }
/**
* Construct a Fork filter with up to four forks.
*/
Fork(Filter*, Filter*, Filter* = nullptr, Filter* = nullptr);
/**
* Construct a Fork from range of filters
* @param filter_arr the list of filters
* @param length how many filters
*/
Fork(Filter* filter_arr[], size_t length);
};
#if defined(BOTAN_HAS_THREAD_UTILS)
/**
* This class is a threaded version of the Fork filter. While this uses
* threads, the class itself is NOT thread-safe. This is meant as a drop-
* in replacement for Fork where performance gains are possible.
*/
class BOTAN_PUBLIC_API(2,0) Threaded_Fork final : public Fork
{
public:
std::string name() const override;
/**
* Construct a Threaded_Fork filter with up to four forks.
*/
Threaded_Fork(Filter*, Filter*, Filter* = nullptr, Filter* = nullptr);
/**
* Construct a Threaded_Fork from range of filters
* @param filter_arr the list of filters
* @param length how many filters
*/
Threaded_Fork(Filter* filter_arr[], size_t length);
~Threaded_Fork();
private:
void set_next(Filter* f[], size_t n);
void send(const uint8_t in[], size_t length) override;
void thread_delegate_work(const uint8_t input[], size_t length);
void thread_entry(Filter* filter);
std::vector<std::shared_ptr<std::thread>> m_threads;
std::unique_ptr<struct Threaded_Fork_Data> m_thread_data;
};
#endif
}
#endif
|
