10 #include <botan/cmac.h>
11 #include <botan/ctr.h>
12 #include <botan/parsing.h>
17 m_name(cipher->name() +
"/SIV"),
18 m_ctr(new
CTR_BE(cipher->clone())),
19 m_cmac(new
CMAC(cipher))
62 return m_cmac->key_spec().multiple(2);
65 void SIV_Mode::key_schedule(
const uint8_t key[],
size_t length)
67 const size_t keylen = length / 2;
68 m_cmac->set_key(key, keylen);
69 m_ctr->set_key(key + keylen, keylen);
75 if(n >= m_ad_macs.size())
76 m_ad_macs.resize(n+1);
78 m_ad_macs[n] = m_cmac->process(ad, length);
81 void SIV_Mode::start_msg(
const uint8_t nonce[],
size_t nonce_len)
87 m_nonce = m_cmac->process(nonce, nonce_len);
97 m_msg_buf.insert(m_msg_buf.end(), buf, buf + sz);
103 const uint8_t zero[16] = { 0 };
107 for(
size_t i = 0; i != m_ad_macs.size(); ++i)
122 xor_buf(V.data(), text, text_len);
124 return m_cmac->process(V);
127 m_cmac->update(text, text_len - 16);
128 xor_buf(V.data(), &text[text_len - 16], 16);
131 return m_cmac->final();
144 BOTAN_ASSERT(buffer.size() >= offset,
"Offset is sane");
146 buffer.insert(buffer.begin() + offset,
msg_buf().begin(),
msg_buf().end());
150 buffer.insert(buffer.begin() + offset, V.begin(), V.end());
153 ctr().
cipher1(&buffer[offset + V.size()], buffer.size() - offset - V.size());
158 BOTAN_ASSERT(buffer.size() >= offset,
"Offset is sane");
160 buffer.insert(buffer.begin() + offset,
msg_buf().begin(),
msg_buf().end());
162 const size_t sz = buffer.size() - offset;
170 ctr().
cipher(buffer.data() + offset + V.size(),
171 buffer.data() + offset,
172 buffer.size() - offset - V.size());
179 buffer.resize(buffer.size() -
tag_size());
void xor_buf(T out[], const T in[], size_t length)
secure_vector< uint8_t > & msg_buf()
void cipher1(uint8_t buf[], size_t len)
Key_Length_Specification key_spec() const override
virtual void cipher(const uint8_t in[], uint8_t out[], size_t len)=0
size_t process(uint8_t buf[], size_t size) override
std::string name() const override
#define BOTAN_ASSERT(expr, assertion_made)
std::vector< T, secure_allocator< T >> secure_vector
size_t update_granularity() const override
bool valid_nonce_length(size_t) const override
void finish(secure_vector< uint8_t > &final_block, size_t offset=0) override
void set_associated_data_n(size_t n, const uint8_t ad[], size_t ad_len)
static secure_vector< uint8_t > poly_double(const secure_vector< uint8_t > &in)
size_t tag_size() const override
secure_vector< uint8_t > S2V(const uint8_t text[], size_t text_len)
SIV_Mode(BlockCipher *cipher)
virtual void set_iv(const uint8_t iv[], size_t iv_len)=0
void set_ctr_iv(secure_vector< uint8_t > V)
virtual size_t block_size() const =0
void finish(secure_vector< uint8_t > &final_block, size_t offset=0) override