Botan  1.11.15
src/lib/modes/aead/ocb/ocb.h
Go to the documentation of this file.
00001 /*
00002 * OCB Mode
00003 * (C) 2013,2014 Jack Lloyd
00004 *
00005 * Botan is released under the Simplified BSD License (see license.txt)
00006 */
00007 
00008 #ifndef BOTAN_AEAD_OCB_H__
00009 #define BOTAN_AEAD_OCB_H__
00010 
00011 #include <botan/aead.h>
00012 #include <botan/block_cipher.h>
00013 
00014 namespace Botan {
00015 
00016 class L_computer;
00017 
00018 /**
00019 * OCB Mode (base class for OCB_Encryption and OCB_Decryption). Note
00020 * that OCB is patented, but is freely licensed in some circumstances.
00021 *
00022 * @see "The OCB Authenticated-Encryption Algorithm" internet draft
00023         http://tools.ietf.org/html/draft-irtf-cfrg-ocb-03
00024 * @see Free Licenses http://www.cs.ucdavis.edu/~rogaway/ocb/license.htm
00025 * @see OCB home page http://www.cs.ucdavis.edu/~rogaway/ocb
00026 */
00027 class BOTAN_DLL OCB_Mode : public AEAD_Mode
00028    {
00029    public:
00030       void set_associated_data(const byte ad[], size_t ad_len) override;
00031 
00032       std::string name() const override;
00033 
00034       size_t update_granularity() const override;
00035 
00036       Key_Length_Specification key_spec() const override;
00037 
00038       bool valid_nonce_length(size_t) const override;
00039 
00040       size_t tag_size() const override { return m_tag_size; }
00041 
00042       void clear() override;
00043 
00044       ~OCB_Mode();
00045    protected:
00046       /**
00047       * @param cipher the 128-bit block cipher to use
00048       * @param tag_size is how big the auth tag will be
00049       */
00050       OCB_Mode(BlockCipher* cipher, size_t tag_size);
00051 
00052       size_t BS() const { return m_BS; }
00053 
00054       // fixme make these private
00055       std::unique_ptr<BlockCipher> m_cipher;
00056       std::unique_ptr<L_computer> m_L;
00057 
00058       size_t m_BS;
00059       size_t m_block_index = 0;
00060 
00061       secure_vector<byte> m_checksum;
00062       secure_vector<byte> m_offset;
00063       secure_vector<byte> m_ad_hash;
00064    private:
00065       secure_vector<byte> start_raw(const byte nonce[], size_t nonce_len) override;
00066 
00067       void key_schedule(const byte key[], size_t length) override;
00068 
00069       secure_vector<byte> update_nonce(const byte nonce[], size_t nonce_len);
00070 
00071       size_t m_tag_size = 0;
00072       secure_vector<byte> m_last_nonce;
00073       secure_vector<byte> m_stretch;
00074    };
00075 
00076 class BOTAN_DLL OCB_Encryption : public OCB_Mode
00077    {
00078    public:
00079       /**
00080       * @param cipher the 128-bit block cipher to use
00081       * @param tag_size is how big the auth tag will be
00082       */
00083       OCB_Encryption(BlockCipher* cipher, size_t tag_size = 16) :
00084          OCB_Mode(cipher, tag_size) {}
00085 
00086       size_t output_length(size_t input_length) const override
00087          { return input_length + tag_size(); }
00088 
00089       size_t minimum_final_size() const override { return 0; }
00090 
00091       void update(secure_vector<byte>& blocks, size_t offset = 0) override;
00092 
00093       void finish(secure_vector<byte>& final_block, size_t offset = 0) override;
00094    private:
00095       void encrypt(byte input[], size_t blocks);
00096    };
00097 
00098 class BOTAN_DLL OCB_Decryption : public OCB_Mode
00099    {
00100    public:
00101       /**
00102       * @param cipher the 128-bit block cipher to use
00103       * @param tag_size is how big the auth tag will be
00104       */
00105       OCB_Decryption(BlockCipher* cipher, size_t tag_size = 16) :
00106          OCB_Mode(cipher, tag_size) {}
00107 
00108       size_t output_length(size_t input_length) const override
00109          {
00110          BOTAN_ASSERT(input_length > tag_size(), "Sufficient input");
00111          return input_length - tag_size();
00112          }
00113 
00114       size_t minimum_final_size() const override { return tag_size(); }
00115 
00116       void update(secure_vector<byte>& blocks, size_t offset = 0) override;
00117 
00118       void finish(secure_vector<byte>& final_block, size_t offset = 0) override;
00119    private:
00120       void decrypt(byte input[], size_t blocks);
00121    };
00122 
00123 }
00124 
00125 #endif