libcrypto++-dev/html/gcm_8h_source.html

// gcm.h - originally written and placed in the public domain by Wei Dai


/// \file gcm.h

/// \brief GCM block cipher mode of operation

/// \since Crypto++ 5.6.0


#ifndef CRYPTOPP_GCM_H

#define CRYPTOPP_GCM_H


#include "authenc.h"

#include "modes.h"


// Clang 3.3 integrated assembler crash on Linux. Clang 3.4 due to compiler

// error with .intel_syntax, http://llvm.org/bugs/show_bug.cgi?id=24232

#if CRYPTOPP_BOOL_X32 || defined(CRYPTOPP_DISABLE_MIXED_ASM)

# define CRYPTOPP_DISABLE_GCM_ASM 1

#endif


NAMESPACE_BEGIN(CryptoPP)


/// \enum GCM_TablesOption

/// \brief GCM table size options

enum GCM_TablesOption {

    /// \brief Use a table with 2K entries

    GCM_2K_Tables,

    /// \brief Use a table with 64K entries

    GCM_64K_Tables};


/// \brief GCM block cipher base implementation

/// \details Base implementation of the AuthenticatedSymmetricCipher interface

/// \since Crypto++ 5.6.0

class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE GCM_Base : public AuthenticatedSymmetricCipherBase

{

public:

    // AuthenticatedSymmetricCipher

    std::string AlgorithmName() const

        {return GetBlockCipher().AlgorithmName() + std::string("/GCM");}

    std::string AlgorithmProvider() const

        {return GetBlockCipher().AlgorithmProvider();}

    size_t MinKeyLength() const

        {return GetBlockCipher().MinKeyLength();}

    size_t MaxKeyLength() const

        {return GetBlockCipher().MaxKeyLength();}

    size_t DefaultKeyLength() const

        {return GetBlockCipher().DefaultKeyLength();}

    size_t GetValidKeyLength(size_t n) const

        {return GetBlockCipher().GetValidKeyLength(n);}

    bool IsValidKeyLength(size_t n) const

        {return GetBlockCipher().IsValidKeyLength(n);}

    unsigned int OptimalDataAlignment() const;

    IV_Requirement IVRequirement() const

        {return UNIQUE_IV;}

    unsigned int IVSize() const

        {return 12;}

    unsigned int MinIVLength() const

        {return 1;}

    unsigned int MaxIVLength() const

        {return UINT_MAX;}      // (W64LIT(1)<<61)-1 in the standard

    unsigned int DigestSize() const

        {return 16;}

    lword MaxHeaderLength() const

        {return (W64LIT(1)<<61)-1;}

    lword MaxMessageLength() const

        {return ((W64LIT(1)<<39)-256)/8;}


protected:

    // AuthenticatedSymmetricCipherBase

    bool AuthenticationIsOnPlaintext() const

        {return false;}

    unsigned int AuthenticationBlockSize() const

        {return HASH_BLOCKSIZE;}

    void SetKeyWithoutResync(const byte *userKey, size_t keylength, const NameValuePairs &params);

    void Resync(const byte *iv, size_t len);

    size_t AuthenticateBlocks(const byte *data, size_t len);

    void AuthenticateLastHeaderBlock();

    void AuthenticateLastConfidentialBlock();

    void AuthenticateLastFooterBlock(byte *mac, size_t macSize);

    SymmetricCipher & AccessSymmetricCipher() {return m_ctr;}


    virtual BlockCipher & AccessBlockCipher() =0;

    virtual GCM_TablesOption GetTablesOption() const =0;


    const BlockCipher & GetBlockCipher() const {return const_cast<GCM_Base *>(this)->AccessBlockCipher();}

    byte *HashBuffer() {return m_buffer+REQUIRED_BLOCKSIZE;}

    byte *HashKey() {return m_buffer+2*REQUIRED_BLOCKSIZE;}

    byte *MulTable() {return m_buffer+3*REQUIRED_BLOCKSIZE;}

    inline void ReverseHashBufferIfNeeded();


    class CRYPTOPP_DLL GCTR : public CTR_Mode_ExternalCipher::Encryption

    {

    protected:

        void IncrementCounterBy256();

    };


    GCTR m_ctr;

    static word16 s_reductionTable[256];

    static volatile bool s_reductionTableInitialized;

    enum {REQUIRED_BLOCKSIZE = 16, HASH_BLOCKSIZE = 16};

};


/// \brief GCM block cipher final implementation

/// \tparam T_BlockCipher block cipher

/// \tparam T_TablesOption table size, either \p GCM_2K_Tables or \p GCM_64K_Tables

/// \tparam T_IsEncryption direction in which to operate the cipher

/// \since Crypto++ 5.6.0

template <class T_BlockCipher, GCM_TablesOption T_TablesOption, bool T_IsEncryption>

class GCM_Final : public GCM_Base

{

public:

    static std::string StaticAlgorithmName()

        {return T_BlockCipher::StaticAlgorithmName() + std::string("/GCM");}

    bool IsForwardTransformation() const

        {return T_IsEncryption;}


private:

    GCM_TablesOption GetTablesOption() const {return T_TablesOption;}

    BlockCipher & AccessBlockCipher() {return m_cipher;}

    typename T_BlockCipher::Encryption m_cipher;

};


/// \brief GCM block cipher mode of operation

/// \tparam T_BlockCipher block cipher

/// \tparam T_TablesOption table size, either \p GCM_2K_Tables or \p GCM_64K_Tables

/// \details \p GCM provides the \p Encryption and \p Decryption typedef. See GCM_Base

///   and GCM_Final for the AuthenticatedSymmetricCipher implementation.

/// \sa <a href="http://www.cryptopp.com/wiki/GCM_Mode">GCM Mode</a> and

///   <A HREF="http://www.cryptopp.com/wiki/Modes_of_Operation">Modes of Operation</A>

///   on the Crypto++ wiki.

/// \since Crypto++ 5.6.0

template <class T_BlockCipher, GCM_TablesOption T_TablesOption=GCM_2K_Tables>

struct GCM : public AuthenticatedSymmetricCipherDocumentation

{

    typedef GCM_Final<T_BlockCipher, T_TablesOption, true> Encryption;

    typedef GCM_Final<T_BlockCipher, T_TablesOption, false> Decryption;

};


NAMESPACE_END


#endif

authenc.h
Classes for authenticated encryption modes of operation.

AuthenticatedSymmetricCipherBase
Base class for authenticated encryption modes of operation.
Definition: authenc.h:41

BlockCipher
Interface for one direction (encryption or decryption) of a block cipher.
Definition: cryptlib.h:1283

CipherModeFinalTemplate_ExternalCipher< ConcretePolicyHolder< Empty, AdditiveCipherTemplate< AbstractPolicyHolder< AdditiveCipherAbstractPolicy, CTR_ModePolicy > > > >

GCM_Base
GCM block cipher base implementation.
Definition: gcm.h:33

GCM_Base::OptimalDataAlignment
unsigned int OptimalDataAlignment() const
Provides input and output data alignment for optimal performance.

GCM_Base::MinKeyLength
size_t MinKeyLength() const
Returns smallest valid key length.
Definition: gcm.h:40

GCM_Base::AlgorithmName
std::string AlgorithmName() const
Provides the name of this algorithm.
Definition: gcm.h:36

GCM_Base::IVSize
unsigned int IVSize() const
Returns length of the IV accepted by this object.
Definition: gcm.h:53

GCM_Base::MaxMessageLength
lword MaxMessageLength() const
Provides the maximum length of encrypted data.
Definition: gcm.h:63

GCM_Base::MaxKeyLength
size_t MaxKeyLength() const
Returns largest valid key length.
Definition: gcm.h:42

GCM_Base::MaxHeaderLength
lword MaxHeaderLength() const
Provides the maximum length of AAD that can be input.
Definition: gcm.h:61

GCM_Base::IsValidKeyLength
bool IsValidKeyLength(size_t n) const
Returns whether keylength is a valid key length.
Definition: gcm.h:48

GCM_Base::DigestSize
unsigned int DigestSize() const
Provides the digest size of the hash.
Definition: gcm.h:59

GCM_Base::GetValidKeyLength
size_t GetValidKeyLength(size_t n) const
Returns a valid key length for the algorithm.
Definition: gcm.h:46

GCM_Base::DefaultKeyLength
size_t DefaultKeyLength() const
Returns default key length.
Definition: gcm.h:44

GCM_Base::IVRequirement
IV_Requirement IVRequirement() const
Minimal requirement for secure IVs.
Definition: gcm.h:51

GCM_Base::MaxIVLength
unsigned int MaxIVLength() const
Provides the maximum size of an IV.
Definition: gcm.h:57

GCM_Base::AlgorithmProvider
std::string AlgorithmProvider() const
Retrieve the provider of this algorithm.
Definition: gcm.h:38

GCM_Base::MinIVLength
unsigned int MinIVLength() const
Provides the minimum size of an IV.
Definition: gcm.h:55

GCM_Final
GCM block cipher final implementation.
Definition: gcm.h:108

GCM_Final::IsForwardTransformation
bool IsForwardTransformation() const
Determines if the cipher is being operated in its forward direction.
Definition: gcm.h:112

NameValuePairs
Interface for retrieving values given their names.
Definition: cryptlib.h:322

SimpleKeyingInterface::IV_Requirement
IV_Requirement
Secure IVs requirements as enumerated values.
Definition: cryptlib.h:719

SimpleKeyingInterface::UNIQUE_IV
@ UNIQUE_IV
The IV must be unique.
Definition: cryptlib.h:721

SymmetricCipher
Interface for one direction (encryption or decryption) of a stream cipher or cipher mode.
Definition: cryptlib.h:1291

W64LIT
#define W64LIT(x)
Declare an unsigned word64.
Definition: config_int.h:119

word16
unsigned short word16
16-bit unsigned datatype
Definition: config_int.h:59

lword
word64 lword
Large word type.
Definition: config_int.h:158

GCM_TablesOption
GCM_TablesOption
GCM table size options.
Definition: gcm.h:23

GCM_2K_Tables
@ GCM_2K_Tables
Use a table with 2K entries.
Definition: gcm.h:25

GCM_64K_Tables
@ GCM_64K_Tables
Use a table with 64K entries.
Definition: gcm.h:27

modes.h
Classes for block cipher modes of operation.

CryptoPP
Crypto++ library namespace.

AuthenticatedSymmetricCipherDocumentation
Provides Encryption and Decryption typedefs used by derived classes to implement an authenticated enc...
Definition: seckey.h:426

GCM
GCM block cipher mode of operation.
Definition: gcm.h:132