25 #include "utility/EndianUtil.h"
49 state.dataStarted =
false;
80 if (!blockCipher->
setKey(key, len))
84 memset(state.nonce, 0, 16);
86 ghash.
reset(state.nonce);
99 memcpy(state.counter, iv, 12);
100 state.counter[12] = 0;
101 state.counter[13] = 0;
102 state.counter[14] = 0;
103 state.counter[15] = 1;
108 uint64_t sizes[2] = {0, htobe64(((uint64_t)len) * 8)};
109 ghash.
update(sizes,
sizeof(sizes));
112 ghash.
reset(state.nonce);
118 state.dataStarted =
false;
132 static inline void increment(uint8_t counter[16])
135 carry += counter[15];
136 counter[15] = (uint8_t)carry;
137 carry = (carry >> 8) + counter[14];
138 counter[14] = (uint8_t)carry;
139 carry = (carry >> 8) + counter[13];
140 counter[13] = (uint8_t)carry;
141 carry = (carry >> 8) + counter[12];
142 counter[12] = (uint8_t)carry;
148 if (!state.dataStarted) {
150 state.dataStarted =
true;
154 uint8_t *out = output;
158 if (state.posn >= 16) {
159 increment(state.counter);
165 uint8_t temp = 16 - state.posn;
168 uint8_t *stream = state.stream + state.posn;
172 *out++ = *input++ ^ *stream++;
178 ghash.
update(output, len);
179 state.dataSize += len;
185 if (!state.dataStarted) {
187 state.dataStarted =
true;
192 state.dataSize += len;
197 if (state.posn >= 16) {
198 increment(state.counter);
204 uint8_t temp = 16 - state.posn;
207 uint8_t *stream = state.stream + state.posn;
211 *output++ = *input++ ^ *stream++;
219 if (!state.dataStarted) {
221 state.authSize += len;
229 uint64_t sizes[2] = {
230 htobe64(state.authSize * 8),
231 htobe64(state.dataSize * 8)
233 ghash.
update(sizes,
sizeof(sizes));
238 for (uint8_t posn = 0; posn < 16; ++posn)
239 state.stream[posn] ^= state.nonce[posn];
242 memcpy(tag, state.stream, len);
253 return secure_compare(state.counter, tag, len);
258 blockCipher->
clear();
void computeTag(void *tag, size_t len)
Finalizes the encryption process and computes the authentication tag.
bool setKey(const uint8_t *key, size_t len)
Sets the key to use for future encryption and decryption operations.
size_t tagSize() const
Returns the size of the authentication tag.
void encrypt(uint8_t *output, const uint8_t *input, size_t len)
Encrypts an input buffer and writes the ciphertext to an output buffer.
void clear()
Clears all security-sensitive state from this cipher.
bool checkTag(const void *tag, size_t len)
Finalizes the decryption process and checks the authentication tag.
size_t ivSize() const
Size of the initialization vector for this cipher, in bytes.
void finalize(void *token, size_t len)
Finalizes the authentication process and returns the token.
void addAuthData(const void *data, size_t len)
Adds extra data that will be authenticated but not encrypted.
void update(const void *data, size_t len)
Updates the message authenticator with more data.
virtual void encryptBlock(uint8_t *output, const uint8_t *input)=0
Encrypts a single block using this cipher.
void decrypt(uint8_t *output, const uint8_t *input, size_t len)
Decrypts an input buffer and writes the plaintext to an output buffer.
virtual bool setKey(const uint8_t *key, size_t len)=0
Sets the key to use for future encryption and decryption operations.
GCMCommon()
Constructs a new cipher in GCM mode.
void pad()
Pads the input stream with zero bytes to a multiple of 16.
virtual void clear()=0
Clears all security-sensitive state from this block cipher.
void clear()
Clears the authenticator's state, removing all sensitive data.
virtual ~GCMCommon()
Destroys this cipher object after clearing sensitive information.
bool setIV(const uint8_t *iv, size_t len)
Sets the initialization vector to use for future encryption and decryption operations.
virtual size_t keySize() const =0
Default size of the key for this block cipher, in bytes.
size_t keySize() const
Default size of the key for this cipher, in bytes.
void reset(const void *key)
Resets the GHASH message authenticator for a new session.