Botan  2.1.0
Crypto and TLS for C++11
gcm.h
Go to the documentation of this file.
1 /*
2 * GCM Mode
3 * (C) 2013 Jack Lloyd
4 * (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #ifndef BOTAN_AEAD_GCM_H__
10 #define BOTAN_AEAD_GCM_H__
11 
12 #include <botan/aead.h>
13 #include <botan/block_cipher.h>
14 #include <botan/stream_cipher.h>
15 
16 namespace Botan {
17 
18 class GHASH;
19 
20 /**
21 * GCM Mode
22 */
23 class BOTAN_DLL GCM_Mode : public AEAD_Mode
24  {
25  public:
26  void set_associated_data(const uint8_t ad[], size_t ad_len) override;
27 
28  std::string name() const override;
29 
30  size_t update_granularity() const override;
31 
32  Key_Length_Specification key_spec() const override;
33 
34  // GCM supports arbitrary nonce lengths
35  bool valid_nonce_length(size_t) const override { return true; }
36 
37  size_t tag_size() const override { return m_tag_size; }
38 
39  void clear() override;
40 
41  void reset() override;
42 
43  std::string provider() const override;
44  protected:
45  GCM_Mode(BlockCipher* cipher, size_t tag_size);
46 
47  const size_t m_BS = 16;
48 
49  const size_t m_tag_size;
50  const std::string m_cipher_name;
51 
52  std::unique_ptr<StreamCipher> m_ctr;
53  std::unique_ptr<GHASH> m_ghash;
54  private:
55  void start_msg(const uint8_t nonce[], size_t nonce_len) override;
56 
57  void key_schedule(const uint8_t key[], size_t length) override;
58  };
59 
60 /**
61 * GCM Encryption
62 */
63 class BOTAN_DLL GCM_Encryption final : public GCM_Mode
64  {
65  public:
66  /**
67  * @param cipher the 128 bit block cipher to use
68  * @param tag_size is how big the auth tag will be
69  */
70  GCM_Encryption(BlockCipher* cipher, size_t tag_size = 16) :
71  GCM_Mode(cipher, tag_size) {}
72 
73  size_t output_length(size_t input_length) const override
74  { return input_length + tag_size(); }
75 
76  size_t minimum_final_size() const override { return 0; }
77 
78  size_t process(uint8_t buf[], size_t size) override;
79 
80  void finish(secure_vector<uint8_t>& final_block, size_t offset = 0) override;
81  };
82 
83 /**
84 * GCM Decryption
85 */
86 class BOTAN_DLL GCM_Decryption final : public GCM_Mode
87  {
88  public:
89  /**
90  * @param cipher the 128 bit block cipher to use
91  * @param tag_size is how big the auth tag will be
92  */
93  GCM_Decryption(BlockCipher* cipher, size_t tag_size = 16) :
94  GCM_Mode(cipher, tag_size) {}
95 
96  size_t output_length(size_t input_length) const override
97  {
98  BOTAN_ASSERT(input_length >= tag_size(), "Sufficient input");
99  return input_length - tag_size();
100  }
101 
102  size_t minimum_final_size() const override { return tag_size(); }
103 
104  size_t process(uint8_t buf[], size_t size) override;
105 
106  void finish(secure_vector<uint8_t>& final_block, size_t offset = 0) override;
107  };
108 
109 /**
110 * GCM's GHASH
111 * Maybe a Transform?
112 */
113 class BOTAN_DLL GHASH : public SymmetricAlgorithm
114  {
115  public:
116  void set_associated_data(const uint8_t ad[], size_t ad_len);
117 
118  secure_vector<uint8_t> nonce_hash(const uint8_t nonce[], size_t len);
119 
120  void start(const uint8_t nonce[], size_t len);
121 
122  /*
123  * Assumes input len is multiple of 16
124  */
125  void update(const uint8_t in[], size_t len);
126 
127  secure_vector<uint8_t> final();
128 
130  { return Key_Length_Specification(16); }
131 
132  void clear() override;
133 
134  void reset();
135 
136  std::string name() const override { return "GHASH"; }
137  protected:
138  void ghash_update(secure_vector<uint8_t>& x,
139  const uint8_t input[], size_t input_len);
140 
141  void add_final_block(secure_vector<uint8_t>& x,
142  size_t ad_len, size_t pt_len);
143 
147  size_t m_ad_len = 0;
148 
149  private:
150  void key_schedule(const uint8_t key[], size_t key_len) override;
151 
152  void gcm_multiply(secure_vector<uint8_t>& x) const;
153 
154  secure_vector<uint8_t> m_nonce;
155  size_t m_text_len = 0;
156  };
157 
158 }
159 
160 #endif
secure_vector< uint8_t > m_H
Definition: gcm.h:144
secure_vector< uint8_t > m_ghash
Definition: gcm.h:146
std::unique_ptr< StreamCipher > m_ctr
Definition: gcm.h:52
Key_Length_Specification key_spec() const override
Definition: gcm.h:129
GCM_Decryption(BlockCipher *cipher, size_t tag_size=16)
Definition: gcm.h:93
const size_t m_tag_size
Definition: gcm.h:49
size_t minimum_final_size() const override
Definition: gcm.h:76
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:27
std::vector< T, secure_allocator< T >> secure_vector
Definition: secmem.h:121
size_t output_length(size_t input_length) const override
Definition: gcm.h:73
GCM_Encryption(BlockCipher *cipher, size_t tag_size=16)
Definition: gcm.h:70
const std::string m_cipher_name
Definition: gcm.h:50
secure_vector< uint8_t > m_H_ad
Definition: gcm.h:145
Definition: alg_id.cpp:13
size_t tag_size() const override
Definition: gcm.h:37
std::unique_ptr< GHASH > m_ghash
Definition: gcm.h:53
size_t minimum_final_size() const override
Definition: gcm.h:102
std::string name() const override
Definition: gcm.h:136
size_t output_length(size_t input_length) const override
Definition: gcm.h:96
bool valid_nonce_length(size_t) const override
Definition: gcm.h:35