10 #include <botan/loadstor.h>
16 void poly_double_128(uint8_t out[],
const uint8_t in[])
21 const bool carry =
static_cast<bool>((X1 >> 63) != 0);
23 X1 = (X1 << 1) | (X0 >> 63);
32 void poly_double_64(uint8_t out[],
const uint8_t in[])
35 const bool carry =
static_cast<bool>((X >> 63) != 0);
42 inline void poly_double(uint8_t out[],
const uint8_t in[],
size_t size)
45 poly_double_64(out, in);
47 poly_double_128(out, in);
54 if(m_cipher->block_size() != 8 && m_cipher->block_size() != 16)
57 m_tweak_cipher.reset(m_cipher->clone());
64 m_tweak_cipher->clear();
103 void XTS_Mode::key_schedule(
const uint8_t key[],
size_t length)
105 const size_t key_half = length / 2;
107 if(length % 2 == 1 || !m_cipher->valid_keylength(key_half))
110 m_cipher->set_key(key, key_half);
111 m_tweak_cipher->set_key(&key[key_half], key_half);
114 void XTS_Mode::start_msg(
const uint8_t nonce[],
size_t nonce_len)
117 throw Invalid_IV_Length(
name(), nonce_len);
119 copy_mem(m_tweak.data(), nonce, nonce_len);
120 m_tweak_cipher->encrypt(m_tweak.data());
127 const size_t BS = m_tweak_cipher->block_size();
130 poly_double(m_tweak.data(), &m_tweak[(which-1)*BS], BS);
134 for(
size_t i = 1; i < blocks_in_tweak; ++i)
135 poly_double(&m_tweak[i*BS], &m_tweak[(i-1)*BS], BS);
148 size_t blocks = sz / BS;
154 const size_t to_proc =
std::min(blocks, blocks_in_tweak);
155 const size_t to_proc_bytes = to_proc * BS;
172 BOTAN_ASSERT(buffer.size() >= offset,
"Offset is sane");
173 const size_t sz = buffer.size() - offset;
174 uint8_t* buf = buffer.data() + offset;
187 const size_t full_blocks = ((sz / BS) - 1) * BS;
188 const size_t final_bytes = sz - full_blocks;
189 BOTAN_ASSERT(final_bytes > BS && final_bytes < 2*BS,
"Left over size in expected range");
192 buffer.resize(full_blocks + offset);
199 for(
size_t i = 0; i != final_bytes - BS; ++i)
201 last[i] ^= last[i + BS];
202 last[i + BS] ^= last[i];
203 last[i] ^= last[i + BS];
224 size_t blocks = sz / BS;
230 const size_t to_proc =
std::min(blocks, blocks_in_tweak);
231 const size_t to_proc_bytes = to_proc * BS;
248 BOTAN_ASSERT(buffer.size() >= offset,
"Offset is sane");
249 const size_t sz = buffer.size() - offset;
250 uint8_t* buf = buffer.data() + offset;
263 const size_t full_blocks = ((sz / BS) - 1) * BS;
264 const size_t final_bytes = sz - full_blocks;
265 BOTAN_ASSERT(final_bytes > BS && final_bytes < 2*BS,
"Left over size in expected range");
268 buffer.resize(full_blocks + offset);
275 for(
size_t i = 0; i != final_bytes - BS; ++i)
277 last[i] ^= last[i + BS];
278 last[i + BS] ^= last[i];
279 last[i] ^= last[i + BS];
void xor_buf(T out[], const T in[], size_t length)
size_t process(uint8_t buf[], size_t size) override
void encrypt(const uint8_t in[], uint8_t out[]) const
void decrypt(const uint8_t in[], uint8_t out[]) const
void update_tweak(size_t last_used)
size_t default_nonce_length() const override
virtual void decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const =0
void update(secure_vector< uint8_t > &buffer, size_t offset=0)
size_t output_length(size_t input_length) const override
std::string name() const override
#define BOTAN_ASSERT(expr, assertion_made)
void finish(secure_vector< uint8_t > &final_block, size_t offset=0) override
size_t output_length(size_t input_length) const override
bool valid_nonce_length(size_t n) const override
std::vector< T, secure_allocator< T >> secure_vector
XTS_Mode(BlockCipher *cipher)
virtual std::string name() const =0
void finish(secure_vector< uint8_t > &final_block, size_t offset=0) override
Key_Length_Specification multiple(size_t n) const
uint64_t load_le< uint64_t >(const uint8_t in[], size_t off)
size_t parallel_bytes() const
void copy_mem(T *out, const T *in, size_t n)
Key_Length_Specification key_spec() const override
const BlockCipher & cipher() const
virtual void encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const =0
virtual Key_Length_Specification key_spec() const =0
size_t minimum_final_size() const override
size_t update_granularity() const override
size_t process(uint8_t buf[], size_t size) override
virtual size_t block_size() const =0
const uint8_t * tweak() const
void store_le(uint16_t in, uint8_t out[2])
void zeroise(std::vector< T, Alloc > &vec)