randombit / botan / 21768358452

CTR_DRBG_AES256::~CTR_DRBG_AES256() = default;

void CTR_DRBG_AES256::clear() {

   const uint8_t zeros[32] = {0};

   m_V0 = 0;

   m_V1 = 0;

void CTR_DRBG_AES256::fill_bytes_with_input(std::span<uint8_t> output, std::span<const uint8_t> input) {

   if(!input.empty()) {

      if(input.size() != 48) {

      clear();

      update(input);

   if(!output.empty()) {

      const size_t full_blocks = output.size() / 16;

      const size_t leftover_bytes = output.size() % 16;

      for(size_t i = 0; i != full_blocks; ++i) {

         incr_V_into(output.subspan(i * 16, 16));

      m_cipher->encrypt_n(output.data(), output.data(), full_blocks);

      if(leftover_bytes > 0) {

         uint8_t block[16];

         incr_V_into(block);

         m_cipher->encrypt(block);

         Botan::copy_mem(output.subspan(full_blocks * 16).data(), block, leftover_bytes);

      update({});

}

CTR_DRBG_AES256::CTR_DRBG_AES256(std::span<const uint8_t> seed) :

      m_cipher(Botan::BlockCipher::create_or_throw("AES-256")) {

   add_entropy(seed);

}

void CTR_DRBG_AES256::incr_V_into(std::span<uint8_t> output) {

   BOTAN_ASSERT_NOMSG(output.size() == 16);

   m_V1 += 1;

   if(m_V1 == 0) {

   Botan::store_be<uint64_t>(output.data(), m_V0, m_V1);

}

void CTR_DRBG_AES256::update(std::span<const uint8_t> provided_data) {

   std::array<uint8_t, 3 * 16> temp = {0};

   const std::span<uint8_t> t(temp);

   for(size_t i = 0; i != 3; ++i) {

      incr_V_into(t.subspan(16 * i, 16));

   m_cipher->encrypt_n(temp.data(), temp.data(), 3);

   if(!provided_data.empty()) {

      BOTAN_ASSERT_NOMSG(provided_data.size() == temp.size());

      for(size_t i = 0; i != provided_data.size(); i++) {

         temp[i] ^= provided_data[i];

   m_cipher->set_key(std::span(temp).first(32));

   m_V0 = Botan::load_be<uint64_t>(temp.data() + 32, 0);

   m_V1 = Botan::load_be<uint64_t>(temp.data() + 32, 1);

}