Botan  1.11.15
src/lib/modes/aead/siv/siv.h
Go to the documentation of this file.
00001 /*
00002 * SIV Mode
00003 * (C) 2013 Jack Lloyd
00004 *
00005 * Botan is released under the Simplified BSD License (see license.txt)
00006 */
00007 
00008 #ifndef BOTAN_AEAD_SIV_H__
00009 #define BOTAN_AEAD_SIV_H__
00010 
00011 #include <botan/aead.h>
00012 #include <botan/block_cipher.h>
00013 #include <botan/stream_cipher.h>
00014 #include <botan/mac.h>
00015 
00016 namespace Botan {
00017 
00018 /**
00019 * Base class for SIV encryption and decryption (@see RFC 5297)
00020 */
00021 class BOTAN_DLL SIV_Mode : public AEAD_Mode
00022    {
00023    public:
00024       void update(secure_vector<byte>& blocks, size_t offset = 0) override;
00025 
00026       void set_associated_data_n(size_t n, const byte ad[], size_t ad_len);
00027 
00028       void set_associated_data(const byte ad[], size_t ad_len) override
00029          {
00030          set_associated_data_n(0, ad, ad_len);
00031          }
00032 
00033       std::string name() const override;
00034 
00035       size_t update_granularity() const override;
00036 
00037       Key_Length_Specification key_spec() const override;
00038 
00039       bool valid_nonce_length(size_t) const override;
00040 
00041       void clear() override;
00042 
00043       size_t tag_size() const override { return 16; }
00044 
00045    protected:
00046       SIV_Mode(BlockCipher* cipher);
00047 
00048       StreamCipher& ctr() { return *m_ctr; }
00049 
00050       void set_ctr_iv(secure_vector<byte> V);
00051 
00052       secure_vector<byte>& msg_buf() { return m_msg_buf; }
00053 
00054       secure_vector<byte> S2V(const byte text[], size_t text_len);
00055    private:
00056       secure_vector<byte> start_raw(const byte nonce[], size_t nonce_len) override;
00057 
00058       void key_schedule(const byte key[], size_t length) override;
00059 
00060       const std::string m_name;
00061       std::unique_ptr<StreamCipher> m_ctr;
00062       std::unique_ptr<MessageAuthenticationCode> m_cmac;
00063       secure_vector<byte> m_nonce, m_msg_buf;
00064       std::vector<secure_vector<byte>> m_ad_macs;
00065    };
00066 
00067 /**
00068 * SIV Encryption
00069 */
00070 class BOTAN_DLL SIV_Encryption : public SIV_Mode
00071    {
00072    public:
00073       /**
00074       * @param cipher a block cipher
00075       */
00076       SIV_Encryption(BlockCipher* cipher) : SIV_Mode(cipher) {}
00077 
00078       void finish(secure_vector<byte>& final_block, size_t offset = 0) override;
00079 
00080       size_t output_length(size_t input_length) const override
00081          { return input_length + tag_size(); }
00082 
00083       size_t minimum_final_size() const override { return 0; }
00084    };
00085 
00086 /**
00087 * SIV Decryption
00088 */
00089 class BOTAN_DLL SIV_Decryption : public SIV_Mode
00090    {
00091    public:
00092       /**
00093       * @param cipher a 128-bit block cipher
00094       */
00095       SIV_Decryption(BlockCipher* cipher) : SIV_Mode(cipher) {}
00096 
00097       void finish(secure_vector<byte>& final_block, size_t offset = 0) override;
00098 
00099       size_t output_length(size_t input_length) const override
00100          {
00101          BOTAN_ASSERT(input_length > tag_size(), "Sufficient input");
00102          return input_length - tag_size();
00103          }
00104 
00105       size_t minimum_final_size() const override { return tag_size(); }
00106    };
00107 
00108 }
00109 
00110 #endif