Implements GMAC with GHASH.

Adds support for Galois Message Authentication Code calculation based on GHASH, rather than GCM_Mode.
author: Matthias Gierlings <[email protected]> 2016-10-27 19:00:23 +0200
committer: Matthias Gierlings <[email protected]> 2016-10-28 10:49:38 +0200
commit: 9ad816a5d8d74105558640b2f37baec50d8b920f (patch)
tree: 8400746b4ce9915244c91aa4dcaa1cfb05b508ff /src/lib/modes
parent: 425a2c2497387b7b5804738a77c757b93e630322 (diff)
2 files changed, 52 insertions, 54 deletions
diff --git a/src/lib/modes/aead/gcm/gcm.cpp b/src/lib/modes/aead/gcm/gcm.cpp
index 6e1bd82f7..a73e5ee5b 100644
--- a/src/lib/modes/aead/gcm/gcm.cpp
+++ b/src/lib/modes/aead/gcm/gcm.cpp
@@ -93,9 +93,9 @@ void GHASH::key_schedule(const byte key[], size_t length)
    m_text_len = 0;
    }
 
-void GHASH::start(const secure_vector<byte>& nonce)
+void GHASH::start(const byte nonce[], size_t len)
    {
-   m_nonce = nonce;
+   m_nonce.assign(nonce, nonce + len);
    m_ghash = m_H_ad;
    }
 
diff --git a/src/lib/modes/aead/gcm/gcm.h b/src/lib/modes/aead/gcm/gcm.h
index 964bd5062..6468cbd9c 100644
--- a/src/lib/modes/aead/gcm/gcm.h
+++ b/src/lib/modes/aead/gcm/gcm.h
@@ -14,52 +14,7 @@
 
 namespace Botan {
 
-/**
-* GCM's GHASH
-* Maybe a Transform?
-*/
-class BOTAN_DLL GHASH : public SymmetricAlgorithm
-   {
-   public:
-      void set_associated_data(const byte ad[], size_t ad_len);
-
-      secure_vector<byte> nonce_hash(const byte nonce[], size_t len);
-
-      void start(const secure_vector<byte>& nonce);
-
-      /*
-      * Assumes input len is multiple of 16
-      */
-      void update(const byte in[], size_t len);
-
-      secure_vector<byte> final();
-
-      Key_Length_Specification key_spec() const override
-         { return Key_Length_Specification(16); }
-
-      size_t input_size() const { return m_text_len; }
-
-      void clear() override;
-
-      std::string name() const override { return "GHASH"; }
-   private:
-      void key_schedule(const byte key[], size_t key_len) override;
-
-      void gcm_multiply(secure_vector<byte>& x) const;
-
-      void ghash_update(secure_vector<byte>& x,
-                        const byte input[], size_t input_len);
-
-      void add_final_block(secure_vector<byte>& x,
-                           size_t ad_len, size_t pt_len);
-
-      secure_vector<byte> m_H;
-      secure_vector<byte> m_H_ad;
-      secure_vector<byte> m_nonce;
-      secure_vector<byte> m_ghash;
-      size_t m_ad_len = 0, m_text_len = 0;
-   };
-
+class GHASH;
 
 /**
 * GCM Mode
@@ -73,8 +28,6 @@ class BOTAN_DLL GCM_Mode : public AEAD_Mode
 
       size_t update_granularity() const override;
 
-      void update(secure_vector<byte>& blocks, size_t offset = 0) override = 0;
-
       Key_Length_Specification key_spec() const override;
 
       // GCM supports arbitrary nonce lengths
@@ -82,8 +35,6 @@ class BOTAN_DLL GCM_Mode : public AEAD_Mode
 
       size_t tag_size() const override { return m_tag_size; }
 
-      size_t input_size() const { return m_ghash->input_size(); }
-
       void clear() override;
 
       std::string provider() const override;
@@ -100,9 +51,7 @@ class BOTAN_DLL GCM_Mode : public AEAD_Mode
    private:
       void start_msg(const byte nonce[], size_t nonce_len) override;
 
-   private:
       void key_schedule(const byte key[], size_t length) override;
-      secure_vector<byte> start_raw(const byte nonce[], size_t nonce_len) override;
    };
 
 /**
@@ -153,5 +102,54 @@ class BOTAN_DLL GCM_Decryption final : public GCM_Mode
 
       void finish(secure_vector<byte>& final_block, size_t offset = 0) override;
    };
+
+/**
+* GCM's GHASH
+* Maybe a Transform?
+*/
+class BOTAN_DLL GHASH : public SymmetricAlgorithm
+   {
+   public:
+      void set_associated_data(const byte ad[], size_t ad_len);
+
+      secure_vector<byte> nonce_hash(const byte nonce[], size_t len);
+
+      void start(const byte nonce[], size_t len);
+
+      /*
+      * Assumes input len is multiple of 16
+      */
+      void update(const byte in[], size_t len);
+
+      secure_vector<byte> final();
+
+      Key_Length_Specification key_spec() const override
+         { return Key_Length_Specification(16); }
+
+      void clear() override;
+
+      std::string name() const override { return "GHASH"; }
+   protected:
+      void ghash_update(secure_vector<byte>& x,
+                        const byte input[], size_t input_len);
+
+      void add_final_block(secure_vector<byte>& x,
+                           size_t ad_len, size_t pt_len);
+
+      secure_vector<byte> m_H;
+      secure_vector<byte> m_H_ad;
+      secure_vector<byte> m_ghash;
+      size_t m_ad_len = 0;
+
+   private:
+      void key_schedule(const byte key[], size_t key_len) override;
+
+      void gcm_multiply(secure_vector<byte>& x) const;
+
+      secure_vector<byte> m_nonce;
+      size_t m_text_len = 0;
+   };
+
 }
+
 #endif
author	Matthias Gierlings <[email protected]>	2016-10-27 19:00:23 +0200
committer	Matthias Gierlings <[email protected]>	2016-10-28 10:49:38 +0200
commit	9ad816a5d8d74105558640b2f37baec50d8b920f (patch)
tree	8400746b4ce9915244c91aa4dcaa1cfb05b508ff /src/lib/modes
parent	425a2c2497387b7b5804738a77c757b93e630322 (diff)