diff options
author | Matthias Gierlings <[email protected]> | 2016-10-27 19:00:23 +0200 |
---|---|---|
committer | Matthias Gierlings <[email protected]> | 2016-10-28 10:49:38 +0200 |
commit | 9ad816a5d8d74105558640b2f37baec50d8b920f (patch) | |
tree | 8400746b4ce9915244c91aa4dcaa1cfb05b508ff /src/lib/modes/aead/gcm | |
parent | 425a2c2497387b7b5804738a77c757b93e630322 (diff) |
Implements GMAC with GHASH.
Adds support for Galois Message Authentication Code calculation based on
GHASH, rather than GCM_Mode.
Diffstat (limited to 'src/lib/modes/aead/gcm')
-rw-r--r-- | src/lib/modes/aead/gcm/gcm.cpp | 4 | ||||
-rw-r--r-- | src/lib/modes/aead/gcm/gcm.h | 102 |
2 files changed, 52 insertions, 54 deletions
diff --git a/src/lib/modes/aead/gcm/gcm.cpp b/src/lib/modes/aead/gcm/gcm.cpp index 6e1bd82f7..a73e5ee5b 100644 --- a/src/lib/modes/aead/gcm/gcm.cpp +++ b/src/lib/modes/aead/gcm/gcm.cpp @@ -93,9 +93,9 @@ void GHASH::key_schedule(const byte key[], size_t length) m_text_len = 0; } -void GHASH::start(const secure_vector<byte>& nonce) +void GHASH::start(const byte nonce[], size_t len) { - m_nonce = nonce; + m_nonce.assign(nonce, nonce + len); m_ghash = m_H_ad; } diff --git a/src/lib/modes/aead/gcm/gcm.h b/src/lib/modes/aead/gcm/gcm.h index 964bd5062..6468cbd9c 100644 --- a/src/lib/modes/aead/gcm/gcm.h +++ b/src/lib/modes/aead/gcm/gcm.h @@ -14,52 +14,7 @@ namespace Botan { -/** -* GCM's GHASH -* Maybe a Transform? -*/ -class BOTAN_DLL GHASH : public SymmetricAlgorithm - { - public: - void set_associated_data(const byte ad[], size_t ad_len); - - secure_vector<byte> nonce_hash(const byte nonce[], size_t len); - - void start(const secure_vector<byte>& nonce); - - /* - * Assumes input len is multiple of 16 - */ - void update(const byte in[], size_t len); - - secure_vector<byte> final(); - - Key_Length_Specification key_spec() const override - { return Key_Length_Specification(16); } - - size_t input_size() const { return m_text_len; } - - void clear() override; - - std::string name() const override { return "GHASH"; } - private: - void key_schedule(const byte key[], size_t key_len) override; - - void gcm_multiply(secure_vector<byte>& x) const; - - void ghash_update(secure_vector<byte>& x, - const byte input[], size_t input_len); - - void add_final_block(secure_vector<byte>& x, - size_t ad_len, size_t pt_len); - - secure_vector<byte> m_H; - secure_vector<byte> m_H_ad; - secure_vector<byte> m_nonce; - secure_vector<byte> m_ghash; - size_t m_ad_len = 0, m_text_len = 0; - }; - +class GHASH; /** * GCM Mode @@ -73,8 +28,6 @@ class BOTAN_DLL GCM_Mode : public AEAD_Mode size_t update_granularity() const override; - void update(secure_vector<byte>& blocks, size_t offset = 0) override = 0; - Key_Length_Specification key_spec() const override; // GCM supports arbitrary nonce lengths @@ -82,8 +35,6 @@ class BOTAN_DLL GCM_Mode : public AEAD_Mode size_t tag_size() const override { return m_tag_size; } - size_t input_size() const { return m_ghash->input_size(); } - void clear() override; std::string provider() const override; @@ -100,9 +51,7 @@ class BOTAN_DLL GCM_Mode : public AEAD_Mode private: void start_msg(const byte nonce[], size_t nonce_len) override; - private: void key_schedule(const byte key[], size_t length) override; - secure_vector<byte> start_raw(const byte nonce[], size_t nonce_len) override; }; /** @@ -153,5 +102,54 @@ class BOTAN_DLL GCM_Decryption final : public GCM_Mode void finish(secure_vector<byte>& final_block, size_t offset = 0) override; }; + +/** +* GCM's GHASH +* Maybe a Transform? +*/ +class BOTAN_DLL GHASH : public SymmetricAlgorithm + { + public: + void set_associated_data(const byte ad[], size_t ad_len); + + secure_vector<byte> nonce_hash(const byte nonce[], size_t len); + + void start(const byte nonce[], size_t len); + + /* + * Assumes input len is multiple of 16 + */ + void update(const byte in[], size_t len); + + secure_vector<byte> final(); + + Key_Length_Specification key_spec() const override + { return Key_Length_Specification(16); } + + void clear() override; + + std::string name() const override { return "GHASH"; } + protected: + void ghash_update(secure_vector<byte>& x, + const byte input[], size_t input_len); + + void add_final_block(secure_vector<byte>& x, + size_t ad_len, size_t pt_len); + + secure_vector<byte> m_H; + secure_vector<byte> m_H_ad; + secure_vector<byte> m_ghash; + size_t m_ad_len = 0; + + private: + void key_schedule(const byte key[], size_t key_len) override; + + void gcm_multiply(secure_vector<byte>& x) const; + + secure_vector<byte> m_nonce; + size_t m_text_len = 0; + }; + } + #endif |