21753596263

Committed 06 Feb 2026 02:13PM UTC coverage: 90.063% (-0.01%) from 90.073%

Build # 21753596263

Build Type

Pull #5289

github

Committed by

web-flow

Commit Message

Merge 587099284 into 8ea0ca252

Pull Request Pull Request #5289: Further misc header reductions, forward declarations, etc

Run Details

102237 of 113517 relevant lines covered (90.06%)

11402137.11 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

98.57

/src/lib/misc/cryptobox/cryptobox.cpp

/*
* Cryptobox Message Routines
* (C) 2009 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/cryptobox.h>

#include <botan/cipher_mode.h>
#include <botan/data_src.h>
#include <botan/exceptn.h>
#include <botan/mac.h>
#include <botan/pem.h>
#include <botan/pwdhash.h>
#include <botan/rng.h>
#include <botan/internal/ct_utils.h>
#include <botan/internal/loadstor.h>
#include <botan/internal/mem_utils.h>

namespace Botan::CryptoBox {

namespace {

/*
First 24 bits of SHA-256("Botan Cryptobox"), followed by 8 0 bits
for later use as flags, etc if needed
*/
const uint32_t CRYPTOBOX_VERSION_CODE = 0xEFC22400;

const size_t VERSION_CODE_LEN = 4;
const size_t CIPHER_KEY_LEN = 32;
const size_t CIPHER_IV_LEN = 16;
const size_t MAC_KEY_LEN = 32;
const size_t MAC_OUTPUT_LEN = 20;
const size_t PBKDF_SALT_LEN = 10;
const size_t PBKDF_ITERATIONS = 8 * 1024;

const size_t CRYPTOBOX_HEADER_LEN = VERSION_CODE_LEN + PBKDF_SALT_LEN + MAC_OUTPUT_LEN;

}  // namespace

std::string encrypt(const uint8_t input[], size_t input_len, std::string_view passphrase, RandomNumberGenerator& rng) {
   /*
   Output format is:
      version # (4 bytes)
      salt (10 bytes)
      mac (20 bytes)
      ciphertext
   */
   secure_vector<uint8_t> out_buf(CRYPTOBOX_HEADER_LEN + input_len);
   store_be(CRYPTOBOX_VERSION_CODE, out_buf.data());
   rng.randomize(&out_buf[VERSION_CODE_LEN], PBKDF_SALT_LEN);
   // space left for MAC here
   if(input_len > 0) {
      copy_mem(&out_buf[CRYPTOBOX_HEADER_LEN], input, input_len);
   }

   // Generate the keys and IV

   auto pbkdf_fam = PasswordHashFamily::create_or_throw("PBKDF2(HMAC(SHA-512))");
   auto pbkdf = pbkdf_fam->from_params(PBKDF_ITERATIONS);

   secure_vector<uint8_t> master_key(CIPHER_KEY_LEN + MAC_KEY_LEN + CIPHER_IV_LEN);

   pbkdf->derive_key(master_key.data(),
                     master_key.size(),
                     passphrase.data(),
                     passphrase.size(),
                     &out_buf[VERSION_CODE_LEN],
                     PBKDF_SALT_LEN);

   const uint8_t* mk = master_key.data();
   const uint8_t* cipher_key = mk;
   const uint8_t* mac_key = mk + CIPHER_KEY_LEN;
   const uint8_t* iv = mk + CIPHER_KEY_LEN + MAC_KEY_LEN;

   // Now encrypt and authenticate
   auto ctr = Cipher_Mode::create_or_throw("Serpent/CTR-BE", Cipher_Dir::Encryption);
   ctr->set_key(cipher_key, CIPHER_KEY_LEN);
   ctr->start(iv, CIPHER_IV_LEN);
   ctr->finish(out_buf, CRYPTOBOX_HEADER_LEN);

   std::unique_ptr<MessageAuthenticationCode> hmac = MessageAuthenticationCode::create_or_throw("HMAC(SHA-512)");
   hmac->set_key(mac_key, MAC_KEY_LEN);
   if(input_len > 0) {
      hmac->update(&out_buf[CRYPTOBOX_HEADER_LEN], input_len);
   }

   // Can't write directly because of MAC truncation
   secure_vector<uint8_t> mac = hmac->final();
   copy_mem(&out_buf[VERSION_CODE_LEN + PBKDF_SALT_LEN], mac.data(), MAC_OUTPUT_LEN);

   return PEM_Code::encode(out_buf, "BOTAN CRYPTOBOX MESSAGE");
}

secure_vector<uint8_t> decrypt_bin(const uint8_t input[], size_t input_len, std::string_view passphrase) {
   DataSource_Memory input_src(input, input_len);
   secure_vector<uint8_t> ciphertext = PEM_Code::decode_check_label(input_src, "BOTAN CRYPTOBOX MESSAGE");

   if(ciphertext.size() < CRYPTOBOX_HEADER_LEN) {
      throw Decoding_Error("Invalid CryptoBox input");
   }

   for(size_t i = 0; i != VERSION_CODE_LEN; ++i) {
      const uint32_t version = load_be<uint32_t>(ciphertext.data(), 0);
      if(version != CRYPTOBOX_VERSION_CODE) {
         throw Decoding_Error("Bad CryptoBox version");
      }
   }

   const uint8_t* pbkdf_salt = &ciphertext[VERSION_CODE_LEN];
   const uint8_t* box_mac = &ciphertext[VERSION_CODE_LEN + PBKDF_SALT_LEN];

   auto pbkdf_fam = PasswordHashFamily::create_or_throw("PBKDF2(HMAC(SHA-512))");
   auto pbkdf = pbkdf_fam->from_params(PBKDF_ITERATIONS);

   secure_vector<uint8_t> master_key(CIPHER_KEY_LEN + MAC_KEY_LEN + CIPHER_IV_LEN);

   pbkdf->derive_key(
      master_key.data(), master_key.size(), passphrase.data(), passphrase.size(), pbkdf_salt, PBKDF_SALT_LEN);

   const uint8_t* mk = master_key.data();
   const uint8_t* cipher_key = mk;
   const uint8_t* mac_key = mk + CIPHER_KEY_LEN;
   const uint8_t* iv = mk + CIPHER_KEY_LEN + MAC_KEY_LEN;

   // Now authenticate and decrypt
   std::unique_ptr<MessageAuthenticationCode> hmac = MessageAuthenticationCode::create_or_throw("HMAC(SHA-512)");
   hmac->set_key(mac_key, MAC_KEY_LEN);

   if(ciphertext.size() > CRYPTOBOX_HEADER_LEN) {
      hmac->update(&ciphertext[CRYPTOBOX_HEADER_LEN], ciphertext.size() - CRYPTOBOX_HEADER_LEN);
   }
   secure_vector<uint8_t> computed_mac = hmac->final();

   if(!CT::is_equal(computed_mac.data(), box_mac, MAC_OUTPUT_LEN).as_bool()) {
      throw Decoding_Error("CryptoBox integrity failure");
   }

   auto ctr = Cipher_Mode::create_or_throw("Serpent/CTR-BE", Cipher_Dir::Decryption);
   ctr->set_key(cipher_key, CIPHER_KEY_LEN);
   ctr->start(iv, CIPHER_IV_LEN);
   ctr->finish(ciphertext, CRYPTOBOX_HEADER_LEN);

   ciphertext.erase(ciphertext.begin(), ciphertext.begin() + CRYPTOBOX_HEADER_LEN);
   return ciphertext;
}

BOTAN_DIAGNOSTIC_PUSH
BOTAN_DIAGNOSTIC_IGNORE_DEPRECATED_DECLARATIONS

namespace {

secure_vector<uint8_t> decrypt_bin(std::span<const uint8_t> input, std::string_view passphrase) {
   return CryptoBox::decrypt_bin(input.data(), input.size(), passphrase);
}

std::string decrypt(std::span<const uint8_t> input, std::string_view passphrase) {
   return CryptoBox::decrypt(input.data(), input.size(), passphrase);
}

}  // namespace

secure_vector<uint8_t> decrypt_bin(std::string_view input, std::string_view passphrase) {
   return decrypt_bin(as_span_of_bytes(input), passphrase);
}

std::string decrypt(const uint8_t input[], size_t input_len, std::string_view passphrase) {
   return bytes_to_string(decrypt_bin(input, input_len, passphrase));
}

std::string decrypt(std::string_view input, std::string_view passphrase) {
   return decrypt(as_span_of_bytes(input), passphrase);
}

BOTAN_DIAGNOSTIC_POP

}  // namespace Botan::CryptoBox

1	/*
2	* Cryptobox Message Routines
3	* (C) 2009 Jack Lloyd
4	*
5	* Botan is released under the Simplified BSD License (see license.txt)
6	*/
7
8	#include <botan/cryptobox.h>
9
10	#include <botan/cipher_mode.h>
11	#include <botan/data_src.h>
12	#include <botan/exceptn.h>
13	#include <botan/mac.h>
14	#include <botan/pem.h>
15	#include <botan/pwdhash.h>
16	#include <botan/rng.h>
17	#include <botan/internal/ct_utils.h>
18	#include <botan/internal/loadstor.h>
19	#include <botan/internal/mem_utils.h>
20
21	namespace Botan::CryptoBox {
22
23	namespace {
24
25	/*
26	First 24 bits of SHA-256("Botan Cryptobox"), followed by 8 0 bits
27	for later use as flags, etc if needed
28	*/
29	const uint32_t CRYPTOBOX_VERSION_CODE = 0xEFC22400;
30
31	const size_t VERSION_CODE_LEN = 4;
32	const size_t CIPHER_KEY_LEN = 32;
33	const size_t CIPHER_IV_LEN = 16;
34	const size_t MAC_KEY_LEN = 32;
35	const size_t MAC_OUTPUT_LEN = 20;
36	const size_t PBKDF_SALT_LEN = 10;
37	const size_t PBKDF_ITERATIONS = 8 * 1024;
38
39	const size_t CRYPTOBOX_HEADER_LEN = VERSION_CODE_LEN + PBKDF_SALT_LEN + MAC_OUTPUT_LEN;
40
41	} // namespace
42
43	std::string encrypt(const uint8_t input[], size_t input_len, std::string_view passphrase, RandomNumberGenerator& rng) {	18✔
44	/*
45	Output format is:
46	version # (4 bytes)
47	salt (10 bytes)
48	mac (20 bytes)
49	ciphertext
50	*/
51	secure_vector<uint8_t> out_buf(CRYPTOBOX_HEADER_LEN + input_len);	18✔
52	store_be(CRYPTOBOX_VERSION_CODE, out_buf.data());	18✔
53	rng.randomize(&out_buf[VERSION_CODE_LEN], PBKDF_SALT_LEN);	18✔
54	// space left for MAC here
55	if(input_len > 0) {	18✔
56	copy_mem(&out_buf[CRYPTOBOX_HEADER_LEN], input, input_len);	17✔
57	}
58
59	// Generate the keys and IV
60
61	auto pbkdf_fam = PasswordHashFamily::create_or_throw("PBKDF2(HMAC(SHA-512))");	18✔
62	auto pbkdf = pbkdf_fam->from_params(PBKDF_ITERATIONS);	18✔
63
64	secure_vector<uint8_t> master_key(CIPHER_KEY_LEN + MAC_KEY_LEN + CIPHER_IV_LEN);	18✔
65
66	pbkdf->derive_key(master_key.data(),	18✔
67	master_key.size(),
68	passphrase.data(),
69	passphrase.size(),
70	&out_buf[VERSION_CODE_LEN],	18✔
71	PBKDF_SALT_LEN);
72
73	const uint8_t* mk = master_key.data();	18✔
74	const uint8_t* cipher_key = mk;	18✔
75	const uint8_t* mac_key = mk + CIPHER_KEY_LEN;	18✔
76	const uint8_t* iv = mk + CIPHER_KEY_LEN + MAC_KEY_LEN;	18✔
77
78	// Now encrypt and authenticate
79	auto ctr = Cipher_Mode::create_or_throw("Serpent/CTR-BE", Cipher_Dir::Encryption);	18✔
80	ctr->set_key(cipher_key, CIPHER_KEY_LEN);	18✔
81	ctr->start(iv, CIPHER_IV_LEN);	18✔
82	ctr->finish(out_buf, CRYPTOBOX_HEADER_LEN);	18✔
83
84	std::unique_ptr<MessageAuthenticationCode> hmac = MessageAuthenticationCode::create_or_throw("HMAC(SHA-512)");	18✔
85	hmac->set_key(mac_key, MAC_KEY_LEN);	18✔
86	if(input_len > 0) {	18✔
87	hmac->update(&out_buf[CRYPTOBOX_HEADER_LEN], input_len);	17✔
88	}
89
90	// Can't write directly because of MAC truncation
91	secure_vector<uint8_t> mac = hmac->final();	18✔
92	copy_mem(&out_buf[VERSION_CODE_LEN + PBKDF_SALT_LEN], mac.data(), MAC_OUTPUT_LEN);	18✔
93
94	return PEM_Code::encode(out_buf, "BOTAN CRYPTOBOX MESSAGE");	18✔
95	}	126✔
96
97	secure_vector<uint8_t> decrypt_bin(const uint8_t input[], size_t input_len, std::string_view passphrase) {	36✔
98	DataSource_Memory input_src(input, input_len);	36✔
99	secure_vector<uint8_t> ciphertext = PEM_Code::decode_check_label(input_src, "BOTAN CRYPTOBOX MESSAGE");	54✔
100
101	if(ciphertext.size() < CRYPTOBOX_HEADER_LEN) {	36✔
102	throw Decoding_Error("Invalid CryptoBox input");	×
103	}
104
105	for(size_t i = 0; i != VERSION_CODE_LEN; ++i) {	164✔
106	const uint32_t version = load_be<uint32_t>(ciphertext.data(), 0);	132✔
107	if(version != CRYPTOBOX_VERSION_CODE) {	132✔
108	throw Decoding_Error("Bad CryptoBox version");	4✔
109	}
110	}
111
112	const uint8_t* pbkdf_salt = &ciphertext[VERSION_CODE_LEN];	32✔
113	const uint8_t* box_mac = &ciphertext[VERSION_CODE_LEN + PBKDF_SALT_LEN];	32✔
114
115	auto pbkdf_fam = PasswordHashFamily::create_or_throw("PBKDF2(HMAC(SHA-512))");	50✔
116	auto pbkdf = pbkdf_fam->from_params(PBKDF_ITERATIONS);	32✔
117
118	secure_vector<uint8_t> master_key(CIPHER_KEY_LEN + MAC_KEY_LEN + CIPHER_IV_LEN);	46✔
119
120	pbkdf->derive_key(	32✔
121	master_key.data(), master_key.size(), passphrase.data(), passphrase.size(), pbkdf_salt, PBKDF_SALT_LEN);
122
123	const uint8_t* mk = master_key.data();	32✔
124	const uint8_t* cipher_key = mk;	32✔
125	const uint8_t* mac_key = mk + CIPHER_KEY_LEN;	32✔
126	const uint8_t* iv = mk + CIPHER_KEY_LEN + MAC_KEY_LEN;	32✔
127
128	// Now authenticate and decrypt
129	std::unique_ptr<MessageAuthenticationCode> hmac = MessageAuthenticationCode::create_or_throw("HMAC(SHA-512)");	46✔
130	hmac->set_key(mac_key, MAC_KEY_LEN);	32✔
131
132	if(ciphertext.size() > CRYPTOBOX_HEADER_LEN) {	32✔
133	hmac->update(&ciphertext[CRYPTOBOX_HEADER_LEN], ciphertext.size() - CRYPTOBOX_HEADER_LEN);	30✔
134	}
135	secure_vector<uint8_t> computed_mac = hmac->final();	32✔
136
137	if(!CT::is_equal(computed_mac.data(), box_mac, MAC_OUTPUT_LEN).as_bool()) {	32✔
138	throw Decoding_Error("CryptoBox integrity failure");	14✔
139	}
140
141	auto ctr = Cipher_Mode::create_or_throw("Serpent/CTR-BE", Cipher_Dir::Decryption);	32✔
142	ctr->set_key(cipher_key, CIPHER_KEY_LEN);	18✔
143	ctr->start(iv, CIPHER_IV_LEN);	18✔
144	ctr->finish(ciphertext, CRYPTOBOX_HEADER_LEN);	18✔
145
146	ciphertext.erase(ciphertext.begin(), ciphertext.begin() + CRYPTOBOX_HEADER_LEN);	18✔
147	return ciphertext;	18✔
148	}	214✔
149
150	BOTAN_DIAGNOSTIC_PUSH
151	BOTAN_DIAGNOSTIC_IGNORE_DEPRECATED_DECLARATIONS
152
153	namespace {
154
155	secure_vector<uint8_t> decrypt_bin(std::span<const uint8_t> input, std::string_view passphrase) {	18✔
156	return CryptoBox::decrypt_bin(input.data(), input.size(), passphrase);	18✔
157	}
158
159	std::string decrypt(std::span<const uint8_t> input, std::string_view passphrase) {	18✔
160	return CryptoBox::decrypt(input.data(), input.size(), passphrase);	18✔
161	}
162
163	} // namespace
164
165	secure_vector<uint8_t> decrypt_bin(std::string_view input, std::string_view passphrase) {	18✔
166	return decrypt_bin(as_span_of_bytes(input), passphrase);	18✔
167	}
168
169	std::string decrypt(const uint8_t input[], size_t input_len, std::string_view passphrase) {	18✔
170	return bytes_to_string(decrypt_bin(input, input_len, passphrase));	18✔
171	}
172
173	std::string decrypt(std::string_view input, std::string_view passphrase) {	18✔
174	return decrypt(as_span_of_bytes(input), passphrase);	18✔
175	}
176
177	BOTAN_DIAGNOSTIC_POP
178
179	} // namespace Botan::CryptoBox

randombit / botan / 21753596263

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous