Crypto++  8.3
Free C++ class library of cryptographic schemes
gcm.h
Go to the documentation of this file.
1 // gcm.h - originally written and placed in the public domain by Wei Dai
2 
3 /// \file gcm.h
4 /// \brief GCM block cipher mode of operation
5 /// \since Crypto++ 5.6.0
6 
7 #ifndef CRYPTOPP_GCM_H
8 #define CRYPTOPP_GCM_H
9 
10 #include "authenc.h"
11 #include "modes.h"
12 
13 // Clang 3.3 integrated assembler crash on Linux. Clang 3.4 due to compiler
14 // error with .intel_syntax, http://llvm.org/bugs/show_bug.cgi?id=24232
15 #if CRYPTOPP_BOOL_X32 || defined(CRYPTOPP_DISABLE_MIXED_ASM)
16 # define CRYPTOPP_DISABLE_GCM_ASM 1
17 #endif
18 
19 NAMESPACE_BEGIN(CryptoPP)
20 
21 /// \enum GCM_TablesOption
22 /// \brief GCM table size options
24  /// \brief Use a table with 2K entries
26  /// \brief Use a table with 64K entries
28 
29 /// \brief GCM block cipher base implementation
30 /// \details Base implementation of the AuthenticatedSymmetricCipher interface
31 /// \since Crypto++ 5.6.0
32 class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE GCM_Base : public AuthenticatedSymmetricCipherBase
33 {
34 public:
35  // AuthenticatedSymmetricCipher
36  std::string AlgorithmName() const
37  {return GetBlockCipher().AlgorithmName() + std::string("/GCM");}
38  std::string AlgorithmProvider() const
39  {return GetBlockCipher().AlgorithmProvider();}
40  size_t MinKeyLength() const
41  {return GetBlockCipher().MinKeyLength();}
42  size_t MaxKeyLength() const
43  {return GetBlockCipher().MaxKeyLength();}
44  size_t DefaultKeyLength() const
45  {return GetBlockCipher().DefaultKeyLength();}
46  size_t GetValidKeyLength(size_t n) const
47  {return GetBlockCipher().GetValidKeyLength(n);}
48  bool IsValidKeyLength(size_t n) const
49  {return GetBlockCipher().IsValidKeyLength(n);}
50  unsigned int OptimalDataAlignment() const;
52  {return UNIQUE_IV;}
53  unsigned int IVSize() const
54  {return 12;}
55  unsigned int MinIVLength() const
56  {return 1;}
57  unsigned int MaxIVLength() const
58  {return UINT_MAX;} // (W64LIT(1)<<61)-1 in the standard
59  unsigned int DigestSize() const
60  {return 16;}
62  {return (W64LIT(1)<<61)-1;}
64  {return ((W64LIT(1)<<39)-256)/8;}
65 
66 protected:
67  // AuthenticatedSymmetricCipherBase
68  bool AuthenticationIsOnPlaintext() const
69  {return false;}
70  unsigned int AuthenticationBlockSize() const
71  {return HASH_BLOCKSIZE;}
72  void SetKeyWithoutResync(const byte *userKey, size_t keylength, const NameValuePairs &params);
73  void Resync(const byte *iv, size_t len);
74  size_t AuthenticateBlocks(const byte *data, size_t len);
75  void AuthenticateLastHeaderBlock();
76  void AuthenticateLastConfidentialBlock();
77  void AuthenticateLastFooterBlock(byte *mac, size_t macSize);
78  SymmetricCipher & AccessSymmetricCipher() {return m_ctr;}
79 
80  virtual BlockCipher & AccessBlockCipher() =0;
81  virtual GCM_TablesOption GetTablesOption() const =0;
82 
83  const BlockCipher & GetBlockCipher() const {return const_cast<GCM_Base *>(this)->AccessBlockCipher();}
84  byte *HashBuffer() {return m_buffer+REQUIRED_BLOCKSIZE;}
85  byte *HashKey() {return m_buffer+2*REQUIRED_BLOCKSIZE;}
86  byte *MulTable() {return m_buffer+3*REQUIRED_BLOCKSIZE;}
87  inline void ReverseHashBufferIfNeeded();
88 
89  class CRYPTOPP_DLL GCTR : public CTR_Mode_ExternalCipher::Encryption
90  {
91  protected:
92  void IncrementCounterBy256();
93  };
94 
95  GCTR m_ctr;
96  static word16 s_reductionTable[256];
97  static volatile bool s_reductionTableInitialized;
98  enum {REQUIRED_BLOCKSIZE = 16, HASH_BLOCKSIZE = 16};
99 };
100 
101 /// \brief GCM block cipher final implementation
102 /// \tparam T_BlockCipher block cipher
103 /// \tparam T_TablesOption table size, either \p GCM_2K_Tables or \p GCM_64K_Tables
104 /// \tparam T_IsEncryption direction in which to operate the cipher
105 /// \since Crypto++ 5.6.0
106 template <class T_BlockCipher, GCM_TablesOption T_TablesOption, bool T_IsEncryption>
107 class GCM_Final : public GCM_Base
108 {
109 public:
110  static std::string StaticAlgorithmName()
111  {return T_BlockCipher::StaticAlgorithmName() + std::string("/GCM");}
113  {return T_IsEncryption;}
114 
115 private:
116  GCM_TablesOption GetTablesOption() const {return T_TablesOption;}
117  BlockCipher & AccessBlockCipher() {return m_cipher;}
118  typename T_BlockCipher::Encryption m_cipher;
119 };
120 
121 /// \brief GCM block cipher mode of operation
122 /// \tparam T_BlockCipher block cipher
123 /// \tparam T_TablesOption table size, either \p GCM_2K_Tables or \p GCM_64K_Tables
124 /// \details \p GCM provides the \p Encryption and \p Decryption typedef. See GCM_Base
125 /// and GCM_Final for the AuthenticatedSymmetricCipher implementation.
126 /// \sa <a href="http://www.cryptopp.com/wiki/GCM_Mode">GCM Mode</a> and
127 /// <A HREF="http://www.cryptopp.com/wiki/Modes_of_Operation">Modes of Operation</A>
128 /// on the Crypto++ wiki.
129 /// \since Crypto++ 5.6.0
130 template <class T_BlockCipher, GCM_TablesOption T_TablesOption=GCM_2K_Tables>
132 {
135 };
136 
137 NAMESPACE_END
138 
139 #endif
GCM block cipher base implementation.
Definition: gcm.h:32
size_t GetValidKeyLength(size_t n) const
Returns a valid key length for the algorithm.
Definition: gcm.h:46
#define W64LIT(x)
Declare an unsigned word64.
Definition: config_int.h:119
Use a table with 2K entries.
Definition: gcm.h:25
Classes for block cipher modes of operation.
IV_Requirement IVRequirement() const
Minimal requirement for secure IVs.
Definition: gcm.h:51
Provides Encryption and Decryption typedefs used by derived classes to implement an authenticated enc...
Definition: seckey.h:425
lword MaxHeaderLength() const
Provides the maximum length of AAD that can be input.
Definition: gcm.h:61
Interface for one direction (encryption or decryption) of a block cipher.
Definition: cryptlib.h:1282
Use a table with 64K entries.
Definition: gcm.h:27
size_t MinKeyLength() const
Returns smallest valid key length.
Definition: gcm.h:40
size_t DefaultKeyLength() const
Returns default key length.
Definition: gcm.h:44
unsigned int MaxIVLength() const
Provides the maximum size of an IV.
Definition: gcm.h:57
Interface for one direction (encryption or decryption) of a stream cipher or cipher mode...
Definition: cryptlib.h:1290
GCM block cipher mode of operation.
Definition: gcm.h:131
size_t MaxKeyLength() const
Returns largest valid key length.
Definition: gcm.h:42
Base class for authenticated encryption modes of operation.
Definition: authenc.h:40
std::string AlgorithmName() const
Provides the name of this algorithm.
Definition: gcm.h:36
virtual unsigned int OptimalDataAlignment() const
Provides input and output data alignment for optimal performance.
bool IsForwardTransformation() const
Determines if the cipher is being operated in its forward direction.
Definition: gcm.h:112
unsigned short word16
16-bit unsigned datatype
Definition: config_int.h:59
word64 lword
Large word type.
Definition: config_int.h:158
unsigned char byte
8-bit unsigned datatype
Definition: config_int.h:56
IV_Requirement
Secure IVs requirements as enumerated values.
Definition: cryptlib.h:719
std::string AlgorithmProvider() const
Retrieve the provider of this algorithm.
Definition: gcm.h:38
GCM_TablesOption
GCM table size options.
Definition: gcm.h:23
Crypto++ library namespace.
GCM block cipher final implementation.
Definition: gcm.h:107
unsigned int DigestSize() const
Provides the digest size of the hash.
Definition: gcm.h:59
Classes for authenticated encryption modes of operation.
unsigned int MinIVLength() const
Provides the minimum size of an IV.
Definition: gcm.h:55
lword MaxMessageLength() const
Provides the maximum length of encrypted data.
Definition: gcm.h:63
unsigned int IVSize() const
Returns length of the IV accepted by this object.
Definition: gcm.h:53
The IV must be unique.
Definition: cryptlib.h:721
bool IsValidKeyLength(size_t n) const
Returns whether keylength is a valid key length.
Definition: gcm.h:48
Interface for retrieving values given their names.
Definition: cryptlib.h:321