aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/modes/aead/gcm
diff options
context:
space:
mode:
authorMatthias Gierlings <[email protected]>2016-10-27 19:00:23 +0200
committerMatthias Gierlings <[email protected]>2016-10-28 10:49:38 +0200
commit9ad816a5d8d74105558640b2f37baec50d8b920f (patch)
tree8400746b4ce9915244c91aa4dcaa1cfb05b508ff /src/lib/modes/aead/gcm
parent425a2c2497387b7b5804738a77c757b93e630322 (diff)
Implements GMAC with GHASH.
Adds support for Galois Message Authentication Code calculation based on GHASH, rather than GCM_Mode.
Diffstat (limited to 'src/lib/modes/aead/gcm')
-rw-r--r--src/lib/modes/aead/gcm/gcm.cpp4
-rw-r--r--src/lib/modes/aead/gcm/gcm.h102
2 files changed, 52 insertions, 54 deletions
diff --git a/src/lib/modes/aead/gcm/gcm.cpp b/src/lib/modes/aead/gcm/gcm.cpp
index 6e1bd82f7..a73e5ee5b 100644
--- a/src/lib/modes/aead/gcm/gcm.cpp
+++ b/src/lib/modes/aead/gcm/gcm.cpp
@@ -93,9 +93,9 @@ void GHASH::key_schedule(const byte key[], size_t length)
m_text_len = 0;
}
-void GHASH::start(const secure_vector<byte>& nonce)
+void GHASH::start(const byte nonce[], size_t len)
{
- m_nonce = nonce;
+ m_nonce.assign(nonce, nonce + len);
m_ghash = m_H_ad;
}
diff --git a/src/lib/modes/aead/gcm/gcm.h b/src/lib/modes/aead/gcm/gcm.h
index 964bd5062..6468cbd9c 100644
--- a/src/lib/modes/aead/gcm/gcm.h
+++ b/src/lib/modes/aead/gcm/gcm.h
@@ -14,52 +14,7 @@
namespace Botan {
-/**
-* GCM's GHASH
-* Maybe a Transform?
-*/
-class BOTAN_DLL GHASH : public SymmetricAlgorithm
- {
- public:
- void set_associated_data(const byte ad[], size_t ad_len);
-
- secure_vector<byte> nonce_hash(const byte nonce[], size_t len);
-
- void start(const secure_vector<byte>& nonce);
-
- /*
- * Assumes input len is multiple of 16
- */
- void update(const byte in[], size_t len);
-
- secure_vector<byte> final();
-
- Key_Length_Specification key_spec() const override
- { return Key_Length_Specification(16); }
-
- size_t input_size() const { return m_text_len; }
-
- void clear() override;
-
- std::string name() const override { return "GHASH"; }
- private:
- void key_schedule(const byte key[], size_t key_len) override;
-
- void gcm_multiply(secure_vector<byte>& x) const;
-
- void ghash_update(secure_vector<byte>& x,
- const byte input[], size_t input_len);
-
- void add_final_block(secure_vector<byte>& x,
- size_t ad_len, size_t pt_len);
-
- secure_vector<byte> m_H;
- secure_vector<byte> m_H_ad;
- secure_vector<byte> m_nonce;
- secure_vector<byte> m_ghash;
- size_t m_ad_len = 0, m_text_len = 0;
- };
-
+class GHASH;
/**
* GCM Mode
@@ -73,8 +28,6 @@ class BOTAN_DLL GCM_Mode : public AEAD_Mode
size_t update_granularity() const override;
- void update(secure_vector<byte>& blocks, size_t offset = 0) override = 0;
-
Key_Length_Specification key_spec() const override;
// GCM supports arbitrary nonce lengths
@@ -82,8 +35,6 @@ class BOTAN_DLL GCM_Mode : public AEAD_Mode
size_t tag_size() const override { return m_tag_size; }
- size_t input_size() const { return m_ghash->input_size(); }
-
void clear() override;
std::string provider() const override;
@@ -100,9 +51,7 @@ class BOTAN_DLL GCM_Mode : public AEAD_Mode
private:
void start_msg(const byte nonce[], size_t nonce_len) override;
- private:
void key_schedule(const byte key[], size_t length) override;
- secure_vector<byte> start_raw(const byte nonce[], size_t nonce_len) override;
};
/**
@@ -153,5 +102,54 @@ class BOTAN_DLL GCM_Decryption final : public GCM_Mode
void finish(secure_vector<byte>& final_block, size_t offset = 0) override;
};
+
+/**
+* GCM's GHASH
+* Maybe a Transform?
+*/
+class BOTAN_DLL GHASH : public SymmetricAlgorithm
+ {
+ public:
+ void set_associated_data(const byte ad[], size_t ad_len);
+
+ secure_vector<byte> nonce_hash(const byte nonce[], size_t len);
+
+ void start(const byte nonce[], size_t len);
+
+ /*
+ * Assumes input len is multiple of 16
+ */
+ void update(const byte in[], size_t len);
+
+ secure_vector<byte> final();
+
+ Key_Length_Specification key_spec() const override
+ { return Key_Length_Specification(16); }
+
+ void clear() override;
+
+ std::string name() const override { return "GHASH"; }
+ protected:
+ void ghash_update(secure_vector<byte>& x,
+ const byte input[], size_t input_len);
+
+ void add_final_block(secure_vector<byte>& x,
+ size_t ad_len, size_t pt_len);
+
+ secure_vector<byte> m_H;
+ secure_vector<byte> m_H_ad;
+ secure_vector<byte> m_ghash;
+ size_t m_ad_len = 0;
+
+ private:
+ void key_schedule(const byte key[], size_t key_len) override;
+
+ void gcm_multiply(secure_vector<byte>& x) const;
+
+ secure_vector<byte> m_nonce;
+ size_t m_text_len = 0;
+ };
+
}
+
#endif