Botan
1.11.15
|
00001 /* 00002 * SIV Mode 00003 * (C) 2013 Jack Lloyd 00004 * 00005 * Botan is released under the Simplified BSD License (see license.txt) 00006 */ 00007 00008 #ifndef BOTAN_AEAD_SIV_H__ 00009 #define BOTAN_AEAD_SIV_H__ 00010 00011 #include <botan/aead.h> 00012 #include <botan/block_cipher.h> 00013 #include <botan/stream_cipher.h> 00014 #include <botan/mac.h> 00015 00016 namespace Botan { 00017 00018 /** 00019 * Base class for SIV encryption and decryption (@see RFC 5297) 00020 */ 00021 class BOTAN_DLL SIV_Mode : public AEAD_Mode 00022 { 00023 public: 00024 void update(secure_vector<byte>& blocks, size_t offset = 0) override; 00025 00026 void set_associated_data_n(size_t n, const byte ad[], size_t ad_len); 00027 00028 void set_associated_data(const byte ad[], size_t ad_len) override 00029 { 00030 set_associated_data_n(0, ad, ad_len); 00031 } 00032 00033 std::string name() const override; 00034 00035 size_t update_granularity() const override; 00036 00037 Key_Length_Specification key_spec() const override; 00038 00039 bool valid_nonce_length(size_t) const override; 00040 00041 void clear() override; 00042 00043 size_t tag_size() const override { return 16; } 00044 00045 protected: 00046 SIV_Mode(BlockCipher* cipher); 00047 00048 StreamCipher& ctr() { return *m_ctr; } 00049 00050 void set_ctr_iv(secure_vector<byte> V); 00051 00052 secure_vector<byte>& msg_buf() { return m_msg_buf; } 00053 00054 secure_vector<byte> S2V(const byte text[], size_t text_len); 00055 private: 00056 secure_vector<byte> start_raw(const byte nonce[], size_t nonce_len) override; 00057 00058 void key_schedule(const byte key[], size_t length) override; 00059 00060 const std::string m_name; 00061 std::unique_ptr<StreamCipher> m_ctr; 00062 std::unique_ptr<MessageAuthenticationCode> m_cmac; 00063 secure_vector<byte> m_nonce, m_msg_buf; 00064 std::vector<secure_vector<byte>> m_ad_macs; 00065 }; 00066 00067 /** 00068 * SIV Encryption 00069 */ 00070 class BOTAN_DLL SIV_Encryption : public SIV_Mode 00071 { 00072 public: 00073 /** 00074 * @param cipher a block cipher 00075 */ 00076 SIV_Encryption(BlockCipher* cipher) : SIV_Mode(cipher) {} 00077 00078 void finish(secure_vector<byte>& final_block, size_t offset = 0) override; 00079 00080 size_t output_length(size_t input_length) const override 00081 { return input_length + tag_size(); } 00082 00083 size_t minimum_final_size() const override { return 0; } 00084 }; 00085 00086 /** 00087 * SIV Decryption 00088 */ 00089 class BOTAN_DLL SIV_Decryption : public SIV_Mode 00090 { 00091 public: 00092 /** 00093 * @param cipher a 128-bit block cipher 00094 */ 00095 SIV_Decryption(BlockCipher* cipher) : SIV_Mode(cipher) {} 00096 00097 void finish(secure_vector<byte>& final_block, size_t offset = 0) override; 00098 00099 size_t output_length(size_t input_length) const override 00100 { 00101 BOTAN_ASSERT(input_length > tag_size(), "Sufficient input"); 00102 return input_length - tag_size(); 00103 } 00104 00105 size_t minimum_final_size() const override { return tag_size(); } 00106 }; 00107 00108 } 00109 00110 #endif