Crypto++  5.6.3
Free C++ class library of cryptographic schemes
gcm.h
Go to the documentation of this file.
1 // gcm.h - written and placed in the public domain by Wei Dai
2 
3 //! \file gcm.h
4 //! \brief GCM block cipher mode of operation
5 
6 #ifndef CRYPTOPP_GCM_H
7 #define CRYPTOPP_GCM_H
8 
9 #include "authenc.h"
10 #include "modes.h"
11 
12 NAMESPACE_BEGIN(CryptoPP)
13 
14 //! \enum GCM_TablesOption
15 //! \brief GCM table size options
17  //! \brief Use a table with 2K entries
19  //! \brief Use a table with 64K entries
21 
22 //! \class GCM_Base
23 //! \brief GCM block cipher base implementation
24 //! \details Base implementation of the AuthenticatedSymmetricCipher interface
25 class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE GCM_Base : public AuthenticatedSymmetricCipherBase
26 {
27 public:
28  // AuthenticatedSymmetricCipher
29  std::string AlgorithmName() const
30  {return GetBlockCipher().AlgorithmName() + std::string("/GCM");}
31  size_t MinKeyLength() const
32  {return GetBlockCipher().MinKeyLength();}
33  size_t MaxKeyLength() const
34  {return GetBlockCipher().MaxKeyLength();}
35  size_t DefaultKeyLength() const
36  {return GetBlockCipher().DefaultKeyLength();}
37  size_t GetValidKeyLength(size_t n) const
38  {return GetBlockCipher().GetValidKeyLength(n);}
39  bool IsValidKeyLength(size_t n) const
40  {return GetBlockCipher().IsValidKeyLength(n);}
41  unsigned int OptimalDataAlignment() const;
43  {return UNIQUE_IV;}
44  unsigned int IVSize() const
45  {return 12;}
46  unsigned int MinIVLength() const
47  {return 1;}
48  unsigned int MaxIVLength() const
49  {return UINT_MAX;} // (W64LIT(1)<<61)-1 in the standard
50  unsigned int DigestSize() const
51  {return 16;}
52  lword MaxHeaderLength() const
53  {return (W64LIT(1)<<61)-1;}
54  lword MaxMessageLength() const
55  {return ((W64LIT(1)<<39)-256)/8;}
56 
57 protected:
58  // AuthenticatedSymmetricCipherBase
59  bool AuthenticationIsOnPlaintext() const
60  {return false;}
61  unsigned int AuthenticationBlockSize() const
62  {return HASH_BLOCKSIZE;}
63  void SetKeyWithoutResync(const byte *userKey, size_t keylength, const NameValuePairs &params);
64  void Resync(const byte *iv, size_t len);
65  size_t AuthenticateBlocks(const byte *data, size_t len);
66  void AuthenticateLastHeaderBlock();
67  void AuthenticateLastConfidentialBlock();
68  void AuthenticateLastFooterBlock(byte *mac, size_t macSize);
69  SymmetricCipher & AccessSymmetricCipher() {return m_ctr;}
70 
71  virtual BlockCipher & AccessBlockCipher() =0;
72  virtual GCM_TablesOption GetTablesOption() const =0;
73 
74  const BlockCipher & GetBlockCipher() const {return const_cast<GCM_Base *>(this)->AccessBlockCipher();};
75  byte *HashBuffer() {return m_buffer+REQUIRED_BLOCKSIZE;}
76  byte *HashKey() {return m_buffer+2*REQUIRED_BLOCKSIZE;}
77  byte *MulTable() {return m_buffer+3*REQUIRED_BLOCKSIZE;}
78  inline void ReverseHashBufferIfNeeded();
79 
80  class CRYPTOPP_DLL GCTR : public CTR_Mode_ExternalCipher::Encryption
81  {
82  protected:
83  void IncrementCounterBy256();
84  };
85 
86  GCTR m_ctr;
87  static word16 s_reductionTable[256];
88  static volatile bool s_reductionTableInitialized;
89  enum {REQUIRED_BLOCKSIZE = 16, HASH_BLOCKSIZE = 16};
90 };
91 
92 //! \class GCM_Final
93 //! \brief GCM block cipher final implementation
94 //! \tparam T_BlockCipher block cipher
95 //! \tparam T_TablesOption table size, either \p GCM_2K_Tables or \p GCM_64K_Tables
96 //! \tparam T_IsEncryption direction in which to operate the cipher
97 template <class T_BlockCipher, GCM_TablesOption T_TablesOption, bool T_IsEncryption>
98 class GCM_Final : public GCM_Base
99 {
100 public:
101  static std::string StaticAlgorithmName()
102  {return T_BlockCipher::StaticAlgorithmName() + std::string("/GCM");}
104  {return T_IsEncryption;}
105 
106 private:
107  GCM_TablesOption GetTablesOption() const {return T_TablesOption;}
108  BlockCipher & AccessBlockCipher() {return m_cipher;}
109  typename T_BlockCipher::Encryption m_cipher;
110 };
111 
112 //! \class GCM
113 //! \brief GCM block cipher mode of operation
114 //! \tparam T_BlockCipher block cipher
115 //! \tparam T_TablesOption table size, either \p GCM_2K_Tables or \p GCM_64K_Tables
116 //! \details \p GCM provides the \p Encryption and \p Decryption typedef. See GCM_Base
117 //! and GCM_Final for the AuthenticatedSymmetricCipher implementation.
118 //! \sa <a href="http://www.cryptolounge.org/wiki/GCM">GCM</a> at the Crypto Lounge
119 template <class T_BlockCipher, GCM_TablesOption T_TablesOption=GCM_2K_Tables>
121 {
124 };
125 
126 NAMESPACE_END
127 
128 #endif
GCM block cipher base implementation.
Definition: gcm.h:25
unsigned int MaxIVLength() const
Provides the maximum size of an IV.
Definition: gcm.h:48
Use a table with 2K entries.
Definition: gcm.h:18
unsigned int MinIVLength() const
Provides the minimum size of an IV.
Definition: gcm.h:46
Class file for modes of operation.
virtual unsigned int OptimalDataAlignment() const
Provides input and output data alignment for optimal performance.
Definition: cryptlib.cpp:237
lword MaxHeaderLength() const
Provides the maximum length of AAD that can be input.
Definition: gcm.h:52
size_t MinKeyLength() const
Returns smallest valid key length in bytes.
Definition: gcm.h:31
Provides Encryption and Decryption typedefs used by derived classes to implement an authenticated enc...
Definition: seckey.h:425
Interface for one direction (encryption or decryption) of a block cipher.
Definition: cryptlib.h:1081
Use a table with 64K entries.
Definition: gcm.h:20
unsigned int DigestSize() const
Provides the digest size of the hash.
Definition: gcm.h:50
Interface for one direction (encryption or decryption) of a stream cipher or cipher mode...
Definition: cryptlib.h:1089
GCM block cipher mode of operation.
Definition: gcm.h:120
size_t MaxKeyLength() const
Returns largest valid key length in bytes.
Definition: gcm.h:33
size_t DefaultKeyLength() const
Returns default (recommended) key length in bytes.
Definition: gcm.h:35
bool IsForwardTransformation() const
Determines if the cipher is being operated in its forward direction.
Definition: gcm.h:103
lword MaxMessageLength() const
Provides the maximum length of encrypted data.
Definition: gcm.h:54
size_t GetValidKeyLength(size_t n) const
Definition: gcm.h:37
IV_Requirement
Secure IVs requirements as enumerated values.
Definition: cryptlib.h:580
GCM_TablesOption
GCM table size options.
Definition: gcm.h:16
std::string AlgorithmName() const
Provides the name of this algorithm.
Definition: gcm.h:29
IV_Requirement IVRequirement() const
Minimal requirement for secure IVs.
Definition: gcm.h:42
Crypto++ library namespace.
GCM block cipher final implementation.
Definition: gcm.h:98
unsigned int IVSize() const
Returns length of the IV accepted by this object.
Definition: gcm.h:44
bool IsValidKeyLength(size_t n) const
Returns whether keylength is a valid key length.
Definition: gcm.h:39
Base classes for working with authenticated encryption modes of encryption.
The IV must be unique.
Definition: cryptlib.h:582
Interface for retrieving values given their names.
Definition: cryptlib.h:277