Botan  2.1.0
Crypto and TLS for C++11
Public Member Functions | Protected Member Functions | Protected Attributes | List of all members
Botan::GCM_Mode Class Referenceabstract

#include <gcm.h>

Inheritance diagram for Botan::GCM_Mode:
Botan::AEAD_Mode Botan::Cipher_Mode Botan::GCM_Decryption Botan::GCM_Encryption

Public Member Functions

bool authenticated () const override
 
void clear () override
 
size_t default_nonce_length () const override
 
virtual void finish (secure_vector< uint8_t > &final_block, size_t offset=0)=0
 
Key_Length_Specification key_spec () const override
 
virtual size_t minimum_final_size () const =0
 
std::string name () const override
 
virtual size_t output_length (size_t input_length) const =0
 
virtual size_t process (uint8_t msg[], size_t msg_len)=0
 
std::string provider () const override
 
void reset () override
 
template<typename Alloc >
void set_ad (const std::vector< uint8_t, Alloc > &ad)
 
void set_associated_data (const uint8_t ad[], size_t ad_len) override
 
template<typename Alloc >
void set_associated_data_vec (const std::vector< uint8_t, Alloc > &ad)
 
template<typename Alloc >
void set_key (const std::vector< uint8_t, Alloc > &key)
 
void set_key (const SymmetricKey &key)
 
void set_key (const uint8_t key[], size_t length)
 
template<typename Alloc >
void start (const std::vector< uint8_t, Alloc > &nonce)
 
void start (const uint8_t nonce[], size_t nonce_len)
 
void start ()
 
size_t tag_size () const override
 
void update (secure_vector< uint8_t > &buffer, size_t offset=0)
 
size_t update_granularity () const override
 
bool valid_keylength (size_t length) const
 
bool valid_nonce_length (size_t) const override
 

Protected Member Functions

 GCM_Mode (BlockCipher *cipher, size_t tag_size)
 

Protected Attributes

const size_t m_BS = 16
 
const std::string m_cipher_name
 
std::unique_ptr< StreamCipherm_ctr
 
std::unique_ptr< GHASHm_ghash
 
const size_t m_tag_size
 

Detailed Description

GCM Mode

Definition at line 23 of file gcm.h.

Constructor & Destructor Documentation

Botan::GCM_Mode::GCM_Mode ( BlockCipher cipher,
size_t  tag_size 
)
protected

Definition at line 168 of file gcm.cpp.

References Botan::BlockCipher::block_size(), m_ctr, m_ghash, m_tag_size, name(), and Botan::ASN1::to_string().

168  :
170  m_cipher_name(cipher->name())
171  {
172  if(cipher->block_size() != GCM_BS)
173  throw Invalid_Argument("Invalid block cipher for GCM");
174 
175  m_ghash.reset(new GHASH);
176 
177  m_ctr.reset(new CTR_BE(cipher, 4)); // CTR_BE takes ownership of cipher
178 
179  if(m_tag_size != 8 && m_tag_size != GCM_BS)
180  throw Invalid_Argument(name() + ": Bad tag size " + std::to_string(m_tag_size));
181  }
std::string name() const override
Definition: gcm.cpp:195
std::unique_ptr< StreamCipher > m_ctr
Definition: gcm.h:52
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:47
const size_t m_tag_size
Definition: gcm.h:49
const std::string m_cipher_name
Definition: gcm.h:50
size_t tag_size() const override
Definition: gcm.h:37
std::unique_ptr< GHASH > m_ghash
Definition: gcm.h:53

Member Function Documentation

bool Botan::AEAD_Mode::authenticated ( ) const
inlineoverridevirtualinherited
Returns
true iff this mode provides authentication as well as confidentiality.

Reimplemented from Botan::Cipher_Mode.

Definition at line 25 of file aead.h.

25 { return true; }
void Botan::GCM_Mode::clear ( )
overridevirtual

Zeroise all state See also reset_msg()

Implements Botan::Cipher_Mode.

Definition at line 183 of file gcm.cpp.

References m_ctr, m_ghash, and reset().

184  {
185  m_ctr->clear();
186  m_ghash->clear();
187  reset();
188  }
std::unique_ptr< StreamCipher > m_ctr
Definition: gcm.h:52
void reset() override
Definition: gcm.cpp:190
std::unique_ptr< GHASH > m_ghash
Definition: gcm.h:53
size_t Botan::AEAD_Mode::default_nonce_length ( ) const
inlineoverridevirtualinherited
Returns
default AEAD nonce size (a commonly supported value among AEAD modes, and large enough that random collisions are unlikely)

Implements Botan::Cipher_Mode.

Reimplemented in Botan::TLS::TLS_CBC_HMAC_AEAD_Mode, and Botan::CCM_Mode.

Definition at line 75 of file aead.h.

75 { return 12; }
virtual void Botan::Cipher_Mode::finish ( secure_vector< uint8_t > &  final_block,
size_t  offset = 0 
)
pure virtualinherited
Key_Length_Specification Botan::GCM_Mode::key_spec ( ) const
overridevirtual
Returns
object describing limits on key size

Implements Botan::Cipher_Mode.

Definition at line 215 of file gcm.cpp.

References m_ctr.

216  {
217  return m_ctr->key_spec();
218  }
std::unique_ptr< StreamCipher > m_ctr
Definition: gcm.h:52
virtual size_t Botan::Cipher_Mode::minimum_final_size ( ) const
pure virtualinherited
std::string Botan::GCM_Mode::name ( ) const
overridevirtual

Implements Botan::Cipher_Mode.

Definition at line 195 of file gcm.cpp.

References m_cipher_name, tag_size(), and Botan::ASN1::to_string().

Referenced by GCM_Mode().

196  {
197  return (m_cipher_name + "/GCM(" + std::to_string(tag_size()) + ")");
198  }
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:47
const std::string m_cipher_name
Definition: gcm.h:50
size_t tag_size() const override
Definition: gcm.h:37
virtual size_t Botan::Cipher_Mode::output_length ( size_t  input_length) const
pure virtualinherited
virtual size_t Botan::Cipher_Mode::process ( uint8_t  msg[],
size_t  msg_len 
)
pure virtualinherited

Process message blocks

Input must be a multiple of update_granularity

Processes msg in place and returns bytes written. Normally this will be either msg_len (indicating the entire message was processed) or for certain AEAD modes zero (indicating that the mode requires the entire message be processed in one pass).

Parameters
msgthe message to be processed
msg_lenlength of the message in bytes

Implemented in Botan::CBC_Decryption, Botan::OCB_Decryption, Botan::EAX_Decryption, Botan::GCM_Decryption, Botan::CFB_Decryption, Botan::ChaCha20Poly1305_Decryption, Botan::OCB_Encryption, Botan::XTS_Decryption, Botan::EAX_Encryption, Botan::GCM_Encryption, Botan::CBC_Encryption, Botan::CFB_Encryption, Botan::ChaCha20Poly1305_Encryption, Botan::XTS_Encryption, Botan::TLS::TLS_CBC_HMAC_AEAD_Mode, Botan::CCM_Mode, Botan::SIV_Mode, and Botan::Stream_Cipher_Mode.

std::string Botan::GCM_Mode::provider ( ) const
overridevirtual
Returns
provider information about this implementation. Default is "base", might also return "sse2", "avx2", "openssl", or some other arbitrary string.

Reimplemented from Botan::Cipher_Mode.

Definition at line 200 of file gcm.cpp.

201  {
202 #if defined(BOTAN_HAS_GCM_CLMUL)
203  if(CPUID::has_clmul())
204  return "clmul";
205 #endif
206 
207  return "base";
208  }
void Botan::GCM_Mode::reset ( )
overridevirtual

Resets just the message specific state and allows encrypting again under the existing key

Implements Botan::Cipher_Mode.

Definition at line 190 of file gcm.cpp.

References m_ghash.

Referenced by clear().

191  {
192  m_ghash->reset();
193  }
std::unique_ptr< GHASH > m_ghash
Definition: gcm.h:53
template<typename Alloc >
void Botan::AEAD_Mode::set_ad ( const std::vector< uint8_t, Alloc > &  ad)
inlineinherited

Set associated data that is not included in the ciphertext but that should be authenticated. Must be called after set_key and before start.

See set_associated_data().

Parameters
adthe associated data

Definition at line 66 of file aead.h.

Referenced by Botan::TLS::write_record().

67  {
68  set_associated_data(ad.data(), ad.size());
69  }
virtual void set_associated_data(const uint8_t ad[], size_t ad_len)=0
void Botan::GCM_Mode::set_associated_data ( const uint8_t  ad[],
size_t  ad_len 
)
overridevirtual

Set associated data that is not included in the ciphertext but that should be authenticated. Must be called after set_key and before start.

Unless reset by another call, the associated data is kept between messages. Thus, if the AD does not change, calling once (after set_key) is the optimum.

Parameters
adthe associated data
ad_lenlength of add in bytes

Implements Botan::AEAD_Mode.

Definition at line 232 of file gcm.cpp.

References m_ghash.

233  {
234  m_ghash->set_associated_data(ad, ad_len);
235  }
std::unique_ptr< GHASH > m_ghash
Definition: gcm.h:53
template<typename Alloc >
void Botan::AEAD_Mode::set_associated_data_vec ( const std::vector< uint8_t, Alloc > &  ad)
inlineinherited

Set associated data that is not included in the ciphertext but that should be authenticated. Must be called after set_key and before start.

See set_associated_data().

Parameters
adthe associated data

Definition at line 51 of file aead.h.

52  {
53  set_associated_data(ad.data(), ad.size());
54  }
virtual void set_associated_data(const uint8_t ad[], size_t ad_len)=0
template<typename Alloc >
void Botan::Cipher_Mode::set_key ( const std::vector< uint8_t, Alloc > &  key)
inlineinherited

Set the symmetric key of this transform

Parameters
keycontains the key material

Definition at line 172 of file cipher_mode.h.

Referenced by botan_cipher_set_key().

173  {
174  set_key(key.data(), key.size());
175  }
void set_key(const std::vector< uint8_t, Alloc > &key)
Definition: cipher_mode.h:172
void Botan::Cipher_Mode::set_key ( const SymmetricKey key)
inlineinherited

Set the symmetric key of this transform

Parameters
keycontains the key material

Definition at line 181 of file cipher_mode.h.

References Botan::OctetString::begin(), and Botan::OctetString::length().

182  {
183  set_key(key.begin(), key.length());
184  }
void set_key(const std::vector< uint8_t, Alloc > &key)
Definition: cipher_mode.h:172
void Botan::Cipher_Mode::set_key ( const uint8_t  key[],
size_t  length 
)
inlineinherited

Set the symmetric key of this transform

Parameters
keycontains the key material
lengthin bytes of key param

Definition at line 191 of file cipher_mode.h.

192  {
193  if(!valid_keylength(length))
194  throw Invalid_Key_Length(name(), length);
195  key_schedule(key, length);
196  }
virtual std::string name() const =0
bool valid_keylength(size_t length) const
Definition: cipher_mode.h:162
template<typename Alloc >
void Botan::Cipher_Mode::start ( const std::vector< uint8_t, Alloc > &  nonce)
inlineinherited

Begin processing a message.

Parameters
noncethe per message nonce

Definition at line 38 of file cipher_mode.h.

Referenced by botan_cipher_start(), and Botan::TLS::write_record().

39  {
40  start_msg(nonce.data(), nonce.size());
41  }
virtual void start_msg(const uint8_t nonce[], size_t nonce_len)=0
void Botan::Cipher_Mode::start ( const uint8_t  nonce[],
size_t  nonce_len 
)
inlineinherited

Begin processing a message.

Parameters
noncethe per message nonce
nonce_lenlength of nonce

Definition at line 48 of file cipher_mode.h.

49  {
50  start_msg(nonce, nonce_len);
51  }
virtual void start_msg(const uint8_t nonce[], size_t nonce_len)=0
void Botan::Cipher_Mode::start ( )
inlineinherited

Begin processing a message.

Definition at line 56 of file cipher_mode.h.

57  {
58  return start_msg(nullptr, 0);
59  }
virtual void start_msg(const uint8_t nonce[], size_t nonce_len)=0
size_t Botan::GCM_Mode::tag_size ( ) const
inlineoverridevirtual
Returns
the size of the authentication tag used (in bytes)

Reimplemented from Botan::Cipher_Mode.

Definition at line 37 of file gcm.h.

Referenced by Botan::GCM_Encryption::finish(), Botan::GCM_Decryption::finish(), and name().

37 { return m_tag_size; }
const size_t m_tag_size
Definition: gcm.h:49
void Botan::Cipher_Mode::update ( secure_vector< uint8_t > &  buffer,
size_t  offset = 0 
)
inlineinherited

Process some data. Input must be in size update_granularity() uint8_t blocks.

Parameters
bufferin/out parameter which will possibly be resized
offsetan offset into blocks to begin processing

Definition at line 81 of file cipher_mode.h.

References BOTAN_ASSERT.

Referenced by botan_cipher_update(), Botan::XTS_Encryption::finish(), Botan::ChaCha20Poly1305_Encryption::finish(), Botan::CBC_Encryption::finish(), Botan::CFB_Encryption::finish(), Botan::EAX_Encryption::finish(), Botan::XTS_Decryption::finish(), Botan::CFB_Decryption::finish(), Botan::CTS_Encryption::finish(), Botan::CBC_Decryption::finish(), Botan::TLS::TLS_CBC_HMAC_AEAD_Encryption::finish(), Botan::CTS_Decryption::finish(), and Botan::TLS::TLS_CBC_HMAC_AEAD_Decryption::finish().

82  {
83  BOTAN_ASSERT(buffer.size() >= offset, "Offset ok");
84  uint8_t* buf = buffer.data() + offset;
85  const size_t buf_size = buffer.size() - offset;
86 
87  const size_t written = process(buf, buf_size);
88  buffer.resize(offset + written);
89  }
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
virtual size_t process(uint8_t msg[], size_t msg_len)=0
size_t Botan::GCM_Mode::update_granularity ( ) const
overridevirtual
Returns
size of required blocks to update

Implements Botan::Cipher_Mode.

Definition at line 210 of file gcm.cpp.

Referenced by Botan::GCM_Encryption::process(), and Botan::GCM_Decryption::process().

211  {
212  return GCM_BS;
213  }
bool Botan::Cipher_Mode::valid_keylength ( size_t  length) const
inlineinherited

Check whether a given key length is valid for this algorithm.

Parameters
lengththe key length to be checked.
Returns
true if the key length is valid.

Definition at line 162 of file cipher_mode.h.

163  {
164  return key_spec().valid_keylength(length);
165  }
bool valid_keylength(size_t length) const
Definition: key_spec.h:51
virtual Key_Length_Specification key_spec() const =0
bool Botan::GCM_Mode::valid_nonce_length ( size_t  nonce_len) const
inlineoverridevirtual
Returns
true iff nonce_len is a valid length for the nonce

Implements Botan::Cipher_Mode.

Definition at line 35 of file gcm.h.

35 { return true; }

Member Data Documentation

const size_t Botan::GCM_Mode::m_BS = 16
protected

Definition at line 47 of file gcm.h.

const std::string Botan::GCM_Mode::m_cipher_name
protected

Definition at line 50 of file gcm.h.

Referenced by name().

std::unique_ptr<StreamCipher> Botan::GCM_Mode::m_ctr
protected
std::unique_ptr<GHASH> Botan::GCM_Mode::m_ghash
protected
const size_t Botan::GCM_Mode::m_tag_size
protected

Definition at line 49 of file gcm.h.

Referenced by GCM_Mode().


The documentation for this class was generated from the following files: