Crypto++  6.0
Free C++ class library of cryptographic schemes
gcm.h
Go to the documentation of this file.
1 // gcm.h - originally written and placed in the public domain by Wei Dai
2 
3 /// \file gcm.h
4 /// \brief GCM block cipher mode of operation
5 /// \since Crypto++ 5.6.0
6 
7 #ifndef CRYPTOPP_GCM_H
8 #define CRYPTOPP_GCM_H
9 
10 #include "authenc.h"
11 #include "modes.h"
12 
13 NAMESPACE_BEGIN(CryptoPP)
14 
15 /// \enum GCM_TablesOption
16 /// \brief GCM table size options
18  /// \brief Use a table with 2K entries
20  /// \brief Use a table with 64K entries
22 
23 /// \brief GCM block cipher base implementation
24 /// \details Base implementation of the AuthenticatedSymmetricCipher interface
25 /// \since Crypto++ 5.6.0
26 class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE GCM_Base : public AuthenticatedSymmetricCipherBase
27 {
28 public:
29  // AuthenticatedSymmetricCipher
30  std::string AlgorithmName() const
31  {return GetBlockCipher().AlgorithmName() + std::string("/GCM");}
32  size_t MinKeyLength() const
33  {return GetBlockCipher().MinKeyLength();}
34  size_t MaxKeyLength() const
35  {return GetBlockCipher().MaxKeyLength();}
36  size_t DefaultKeyLength() const
37  {return GetBlockCipher().DefaultKeyLength();}
38  size_t GetValidKeyLength(size_t n) const
39  {return GetBlockCipher().GetValidKeyLength(n);}
40  bool IsValidKeyLength(size_t n) const
41  {return GetBlockCipher().IsValidKeyLength(n);}
42  unsigned int OptimalDataAlignment() const;
44  {return UNIQUE_IV;}
45  unsigned int IVSize() const
46  {return 12;}
47  unsigned int MinIVLength() const
48  {return 1;}
49  unsigned int MaxIVLength() const
50  {return UINT_MAX;} // (W64LIT(1)<<61)-1 in the standard
51  unsigned int DigestSize() const
52  {return 16;}
53  lword MaxHeaderLength() const
54  {return (W64LIT(1)<<61)-1;}
55  lword MaxMessageLength() const
56  {return ((W64LIT(1)<<39)-256)/8;}
57 
58 protected:
59  // AuthenticatedSymmetricCipherBase
60  bool AuthenticationIsOnPlaintext() const
61  {return false;}
62  unsigned int AuthenticationBlockSize() const
63  {return HASH_BLOCKSIZE;}
64  void SetKeyWithoutResync(const byte *userKey, size_t keylength, const NameValuePairs &params);
65  void Resync(const byte *iv, size_t len);
66  size_t AuthenticateBlocks(const byte *data, size_t len);
67  void AuthenticateLastHeaderBlock();
68  void AuthenticateLastConfidentialBlock();
69  void AuthenticateLastFooterBlock(byte *mac, size_t macSize);
70  SymmetricCipher & AccessSymmetricCipher() {return m_ctr;}
71 
72  virtual BlockCipher & AccessBlockCipher() =0;
73  virtual GCM_TablesOption GetTablesOption() const =0;
74 
75  const BlockCipher & GetBlockCipher() const {return const_cast<GCM_Base *>(this)->AccessBlockCipher();};
76  byte *HashBuffer() {return m_buffer+REQUIRED_BLOCKSIZE;}
77  byte *HashKey() {return m_buffer+2*REQUIRED_BLOCKSIZE;}
78  byte *MulTable() {return m_buffer+3*REQUIRED_BLOCKSIZE;}
79  inline void ReverseHashBufferIfNeeded();
80 
81  class CRYPTOPP_DLL GCTR : public CTR_Mode_ExternalCipher::Encryption
82  {
83  protected:
84  void IncrementCounterBy256();
85  };
86 
87  GCTR m_ctr;
88  static word16 s_reductionTable[256];
89  static volatile bool s_reductionTableInitialized;
90  enum {REQUIRED_BLOCKSIZE = 16, HASH_BLOCKSIZE = 16};
91 };
92 
93 /// \brief GCM block cipher final implementation
94 /// \tparam T_BlockCipher block cipher
95 /// \tparam T_TablesOption table size, either \p GCM_2K_Tables or \p GCM_64K_Tables
96 /// \tparam T_IsEncryption direction in which to operate the cipher
97 /// \since Crypto++ 5.6.0
98 template <class T_BlockCipher, GCM_TablesOption T_TablesOption, bool T_IsEncryption>
99 class GCM_Final : public GCM_Base
100 {
101 public:
102  static std::string StaticAlgorithmName()
103  {return T_BlockCipher::StaticAlgorithmName() + std::string("/GCM");}
105  {return T_IsEncryption;}
106 
107 private:
108  GCM_TablesOption GetTablesOption() const {return T_TablesOption;}
109  BlockCipher & AccessBlockCipher() {return m_cipher;}
110  typename T_BlockCipher::Encryption m_cipher;
111 };
112 
113 /// \brief GCM block cipher mode of operation
114 /// \tparam T_BlockCipher block cipher
115 /// \tparam T_TablesOption table size, either \p GCM_2K_Tables or \p GCM_64K_Tables
116 /// \details \p GCM provides the \p Encryption and \p Decryption typedef. See GCM_Base
117 /// and GCM_Final for the AuthenticatedSymmetricCipher implementation.
118 /// \sa <a href="http://www.cryptopp.com/wiki/GCM_Mode">GCM Mode</a> and
119 /// <A HREF="http://www.cryptopp.com/wiki/Modes_of_Operation">Modes of Operation</A>
120 /// on the Crypto++ wiki.
121 /// \since Crypto++ 5.6.0
122 template <class T_BlockCipher, GCM_TablesOption T_TablesOption=GCM_2K_Tables>
124 {
127 };
128 
129 NAMESPACE_END
130 
131 #endif
GCM block cipher base implementation.
Definition: gcm.h:26
size_t GetValidKeyLength(size_t n) const
Returns a valid key length for the algorithm.
Definition: gcm.h:38
Use a table with 2K entries.
Definition: gcm.h:19
Classes for block cipher modes of operation.
IV_Requirement IVRequirement() const
Minimal requirement for secure IVs.
Definition: gcm.h:43
Provides Encryption and Decryption typedefs used by derived classes to implement an authenticated enc...
Definition: seckey.h:446
lword MaxHeaderLength() const
Provides the maximum length of AAD that can be input.
Definition: gcm.h:53
Interface for one direction (encryption or decryption) of a block cipher.
Definition: cryptlib.h:1228
Use a table with 64K entries.
Definition: gcm.h:21
size_t MinKeyLength() const
Returns smallest valid key length.
Definition: gcm.h:32
size_t DefaultKeyLength() const
Returns default key length.
Definition: gcm.h:36
unsigned int MaxIVLength() const
Provides the maximum size of an IV.
Definition: gcm.h:49
Interface for one direction (encryption or decryption) of a stream cipher or cipher mode...
Definition: cryptlib.h:1236
GCM block cipher mode of operation.
Definition: gcm.h:123
size_t MaxKeyLength() const
Returns largest valid key length.
Definition: gcm.h:34
Base class for authenticated encryption modes of operation.
Definition: authenc.h:40
virtual unsigned int OptimalDataAlignment() const
Provides input and output data alignment for optimal performance.
Definition: cryptlib.cpp:199
std::string AlgorithmName() const
Provides the name of this algorithm.
Definition: gcm.h:30
bool IsForwardTransformation() const
Determines if the cipher is being operated in its forward direction.
Definition: gcm.h:104
IV_Requirement
Secure IVs requirements as enumerated values.
Definition: cryptlib.h:675
GCM_TablesOption
GCM table size options.
Definition: gcm.h:17
Crypto++ library namespace.
GCM block cipher final implementation.
Definition: gcm.h:99
unsigned int DigestSize() const
Provides the digest size of the hash.
Definition: gcm.h:51
Classes for authenticated encryption modes of operation.
unsigned int MinIVLength() const
Provides the minimum size of an IV.
Definition: gcm.h:47
lword MaxMessageLength() const
Provides the maximum length of encrypted data.
Definition: gcm.h:55
unsigned int IVSize() const
Returns length of the IV accepted by this object.
Definition: gcm.h:45
The IV must be unique.
Definition: cryptlib.h:677
bool IsValidKeyLength(size_t n) const
Returns whether keylength is a valid key length.
Definition: gcm.h:40
Interface for retrieving values given their names.
Definition: cryptlib.h:291