Crypto++  5.6.3
Free C++ class library of cryptographic schemes
Go to the documentation of this file.
1 // gcm.h - written and placed in the public domain by Wei Dai
3 //! \file
4 //! \headerfile gcm.h
5 //! \brief GCM block cipher mode of operation
7 #ifndef CRYPTOPP_GCM_H
8 #define CRYPTOPP_GCM_H
10 #include "authenc.h"
11 #include "modes.h"
15 //! \enum GCM_TablesOption
16 //! \brief Use either 2K or 64K size tables.
17 enum GCM_TablesOption {GCM_2K_Tables, GCM_64K_Tables};
19 //! \class GCM_Base
20 //! \brief CCM block cipher mode of operation.
21 //! \details Implementations and overrides in \p GCM_Base apply to both \p ENCRYPTION and \p DECRYPTION directions
22 class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE GCM_Base : public AuthenticatedSymmetricCipherBase
23 {
24 public:
25  // AuthenticatedSymmetricCipher
26  std::string AlgorithmName() const
27  {return GetBlockCipher().AlgorithmName() + std::string("/GCM");}
28  size_t MinKeyLength() const
29  {return GetBlockCipher().MinKeyLength();}
30  size_t MaxKeyLength() const
31  {return GetBlockCipher().MaxKeyLength();}
32  size_t DefaultKeyLength() const
33  {return GetBlockCipher().DefaultKeyLength();}
34  size_t GetValidKeyLength(size_t n) const
35  {return GetBlockCipher().GetValidKeyLength(n);}
36  bool IsValidKeyLength(size_t n) const
37  {return GetBlockCipher().IsValidKeyLength(n);}
38  unsigned int OptimalDataAlignment() const;
40  {return UNIQUE_IV;}
41  unsigned int IVSize() const
42  {return 12;}
43  unsigned int MinIVLength() const
44  {return 1;}
45  unsigned int MaxIVLength() const
46  {return UINT_MAX;} // (W64LIT(1)<<61)-1 in the standard
47  unsigned int DigestSize() const
48  {return 16;}
49  lword MaxHeaderLength() const
50  {return (W64LIT(1)<<61)-1;}
51  lword MaxMessageLength() const
52  {return ((W64LIT(1)<<39)-256)/8;}
54 protected:
55  // AuthenticatedSymmetricCipherBase
56  bool AuthenticationIsOnPlaintext() const
57  {return false;}
58  unsigned int AuthenticationBlockSize() const
59  {return HASH_BLOCKSIZE;}
60  void SetKeyWithoutResync(const byte *userKey, size_t keylength, const NameValuePairs &params);
61  void Resync(const byte *iv, size_t len);
62  size_t AuthenticateBlocks(const byte *data, size_t len);
63  void AuthenticateLastHeaderBlock();
64  void AuthenticateLastConfidentialBlock();
65  void AuthenticateLastFooterBlock(byte *mac, size_t macSize);
66  SymmetricCipher & AccessSymmetricCipher() {return m_ctr;}
68  virtual BlockCipher & AccessBlockCipher() =0;
69  virtual GCM_TablesOption GetTablesOption() const =0;
71  const BlockCipher & GetBlockCipher() const {return const_cast<GCM_Base *>(this)->AccessBlockCipher();};
72  byte *HashBuffer() {return m_buffer+REQUIRED_BLOCKSIZE;}
73  byte *HashKey() {return m_buffer+2*REQUIRED_BLOCKSIZE;}
74  byte *MulTable() {return m_buffer+3*REQUIRED_BLOCKSIZE;}
75  inline void ReverseHashBufferIfNeeded();
77  class CRYPTOPP_DLL GCTR : public CTR_Mode_ExternalCipher::Encryption
78  {
79  protected:
80  void IncrementCounterBy256();
81  };
83  GCTR m_ctr;
84  static word16 s_reductionTable[256];
85  static volatile bool s_reductionTableInitialized;
87 };
89 //! \class GCM_Final
90 //! \brief Class specific methods used to operate the cipher.
91 //! \tparam T_BlockCipher block cipher
92 //! \tparam T_TablesOption table size, either \p GCM_2K_Tables or \p GCM_64K_Tables
93 //! \tparam T_IsEncryption direction in which to operate the cipher
94 //! \details Implementations and overrides in \p GCM_Final apply to either
95 //! \p ENCRYPTION or \p DECRYPTION, depending on the template parameter \p T_IsEncryption.
96 //! \details \p GCM_Final does not use inner classes \p Enc and \p Dec.
97 template <class T_BlockCipher, GCM_TablesOption T_TablesOption, bool T_IsEncryption>
98 class GCM_Final : public GCM_Base
99 {
100 public:
101  static std::string StaticAlgorithmName()
102  {return T_BlockCipher::StaticAlgorithmName() + std::string("/GCM");}
104  {return T_IsEncryption;}
106 private:
107  GCM_TablesOption GetTablesOption() const {return T_TablesOption;}
108  BlockCipher & AccessBlockCipher() {return m_cipher;}
109  typename T_BlockCipher::Encryption m_cipher;
110 };
112 //! \class GCM
113 //! \brief The GCM mode of operation
114 //! \tparam T_BlockCipher block cipher
115 //! \tparam T_TablesOption table size, either \p GCM_2K_Tables or \p GCM_64K_Tables
116 //! \details \p GCM provides the \p Encryption and \p Decryption typedef.
117 //! \sa <a href="">GCM</a> at the Crypto Lounge
118 template <class T_BlockCipher, GCM_TablesOption T_TablesOption=GCM_2K_Tables>
120 {
123 };
127 #endif
CCM block cipher mode of operation.
Definition: gcm.h:22
unsigned int MaxIVLength() const
returns maximal length of IVs accepted by this object
Definition: gcm.h:45
unsigned int MinIVLength() const
returns minimal length of IVs accepted by this object
Definition: gcm.h:43
Class file for modes of operation.
virtual unsigned int OptimalDataAlignment() const
Provides input and output data alignment for optimal performance.
Definition: cryptlib.cpp:237
lword MaxHeaderLength() const
the maximum length of AAD that can be input before the encrypted data
Definition: gcm.h:49
size_t MinKeyLength() const
Returns smallest valid key length in bytes.
Definition: gcm.h:28
Provides Encryption and Decryption typedefs used by derived classes to implement an authenticated enc...
Definition: seckey.h:414
Interface for one direction (encryption or decryption) of a block cipher.
Definition: cryptlib.h:1001
unsigned int DigestSize() const
Provides the digest size of the hash.
Definition: gcm.h:47
Interface for one direction (encryption or decryption) of a stream cipher or cipher mode...
Definition: cryptlib.h:1008
The GCM mode of operation.
Definition: gcm.h:119
size_t MaxKeyLength() const
Returns largest valid key length in bytes.
Definition: gcm.h:30
size_t DefaultKeyLength() const
Returns default (recommended) key length in bytes.
Definition: gcm.h:32
bool IsForwardTransformation() const
Determines if the cipher is being operated in its forward direction.
Definition: gcm.h:103
lword MaxMessageLength() const
the maximum length of encrypted data
Definition: gcm.h:51
size_t GetValidKeyLength(size_t n) const
Definition: gcm.h:34
Provides IV requirements as an enumerated value.
Definition: cryptlib.h:549
Use either 2K or 64K size tables.
Definition: gcm.h:17
std::string AlgorithmName() const
Provides the name of this algorithm.
Definition: gcm.h:26
IV_Requirement IVRequirement() const
returns the minimal requirement for secure IVs
Definition: gcm.h:39
Crypto++ library namespace.
Class specific methods used to operate the cipher.
Definition: gcm.h:98
unsigned int IVSize() const
Returns length of the IV accepted by this object.
Definition: gcm.h:41
bool IsValidKeyLength(size_t n) const
Returns whether keylength is a valid key length.
Definition: gcm.h:36
Base classes for working with authenticated encryption modes of encryption.
The IV must be unique.
Definition: cryptlib.h:551
Interface for retrieving values given their names.
Definition: cryptlib.h:257