blob: 736de85e1b18516dea97c8a0d656d10b15cd2c6f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
/*
* Interface for AEAD modes
* (C) 2013 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
#ifndef BOTAN_AEAD_MODE_H__
#define BOTAN_AEAD_MODE_H__
#include <botan/sym_algo.h>
namespace Botan {
/**
* Interface for AEAD (Authenticated Encryption with Associated Data)
* modes. These modes provide both encryption and message
* authentication, and can authenticate additional per-message data
* which is not included in the ciphertext (for instance a sequence
* number).
*/
class AEAD_Mode : public SymmetricAlgorithm
{
public:
/**
* @return size of required blocks to update
*/
virtual size_t update_granularity() const = 0;
/**
* @return required minimium size to finalize() - may be any
* length larger than this.
*/
virtual size_t minimum_final_size() const = 0;
/**
* Set associated data that is not included in the ciphertext but
* that should be authenticated. Must be called after set_key
* and before end_msg.
*
* Unless reset by another call, the associated data is kept
* between messages. Thus, if the AD does not change, calling
* once (after set_key) is the optimum.
*
* @param ad the associated data
* @param ad_len length of add in bytes
*/
virtual void set_associated_data(const byte ad[], size_t ad_len) = 0;
virtual bool valid_nonce_length(size_t) const = 0;
/**
* Begin processing a message.
*
* @param nonce the per message nonce
* @param nonce_len length of nonce
*/
virtual secure_vector<byte> start(const byte nonce[], size_t nonce_len) = 0;
template<typename Alloc>
secure_vector<byte> start_vec(const std::vector<byte, Alloc>& nonce)
{
return start(&nonce[0], nonce.size());
}
/**
* Update (encrypt or decrypt) some data. Input must be in size
* update_granularity() byte blocks.
* @param blocks in/out paramter which will possibly be resized
*/
virtual void update(secure_vector<byte>& blocks) = 0;
/**
* Complete processing of a message. For decryption, may throw an exception
* due to authentication failure.
*
* @param final_block in/out parameter which must be at least
* minimum_final_size() bytes, and will be set to any final output
*/
virtual void finish(secure_vector<byte>& final_block) = 0;
virtual ~AEAD_Mode() {}
};
}
#endif
|