9#include <botan/internal/xts.h>
11#include <botan/internal/fmt.h>
12#include <botan/internal/poly_dbl.h>
17 m_cipher(std::move(cipher)),
18 m_cipher_block_size(m_cipher->block_size()),
19 m_cipher_parallelism(m_cipher->parallel_bytes()),
20 m_tweak_blocks(m_cipher_parallelism / m_cipher_block_size) {
25 m_tweak_cipher = m_cipher->new_object();
30 m_tweak_cipher->clear();
35 return m_cipher_block_size;
39 return m_cipher_parallelism;
67 return m_cipher->has_keying_material() && m_tweak_cipher->has_keying_material();
70void XTS_Mode::key_schedule(std::span<const uint8_t> key) {
71 const size_t key_half = key.size() / 2;
73 if(key.size() % 2 == 1 || !m_cipher->valid_keylength(key_half)) {
77 m_cipher->set_key(key.first(key_half));
78 m_tweak_cipher->set_key(key.last(key_half));
81void XTS_Mode::start_msg(
const uint8_t nonce[],
size_t nonce_len) {
83 throw Invalid_IV_Length(
name(), nonce_len);
86 m_tweak.resize(m_cipher_parallelism);
87 clear_mem(m_tweak.data(), m_tweak.size());
88 copy_mem(m_tweak.data(), nonce, nonce_len);
89 m_tweak_cipher->encrypt(m_tweak.data());
95 const size_t BS = m_tweak_cipher->block_size();
103 for(
size_t i = 1; i < blocks_in_tweak; ++i) {
112size_t XTS_Encryption::process_msg(uint8_t buf[],
size_t sz) {
117 size_t blocks = sz / BS;
122 const size_t to_proc = std::min(blocks, blocks_in_tweak);
135void XTS_Encryption::finish_msg(secure_vector<uint8_t>& buffer,
size_t offset) {
137 const size_t sz = buffer.size() - offset;
138 uint8_t* buf = buffer.data() + offset;
148 const size_t full_blocks = ((sz / BS) - 1) * BS;
149 const size_t final_bytes = sz - full_blocks;
150 BOTAN_ASSERT(final_bytes > BS && final_bytes < 2 * BS,
"Left over size in expected range");
152 secure_vector<uint8_t> last(buf + full_blocks, buf + full_blocks + final_bytes);
153 buffer.resize(full_blocks + offset);
160 for(
size_t i = 0; i != final_bytes - BS; ++i) {
161 last[i] ^= last[i + BS];
162 last[i + BS] ^= last[i];
163 last[i] ^= last[i + BS];
178size_t XTS_Decryption::process_msg(uint8_t buf[],
size_t sz) {
183 size_t blocks = sz / BS;
188 const size_t to_proc = std::min(blocks, blocks_in_tweak);
201void XTS_Decryption::finish_msg(secure_vector<uint8_t>& buffer,
size_t offset) {
203 const size_t sz = buffer.size() - offset;
204 uint8_t* buf = buffer.data() + offset;
214 const size_t full_blocks = ((sz / BS) - 1) * BS;
215 const size_t final_bytes = sz - full_blocks;
216 BOTAN_ASSERT(final_bytes > BS && final_bytes < 2 * BS,
"Left over size in expected range");
218 secure_vector<uint8_t> last(buf + full_blocks, buf + full_blocks + final_bytes);
219 buffer.resize(full_blocks + offset);
226 for(
size_t i = 0; i != final_bytes - BS; ++i) {
227 last[i] ^= last[i + BS];
228 last[i + BS] ^= last[i];
229 last[i] ^= last[i + BS];
#define BOTAN_STATE_CHECK(expr)
#define BOTAN_ARG_CHECK(expr, msg)
#define BOTAN_ASSERT(expr, assertion_made)
void encrypt(const uint8_t in[], uint8_t out[]) const
void decrypt(const uint8_t in[], uint8_t out[]) const
virtual void encrypt_n_xex(uint8_t data[], const uint8_t mask[], size_t blocks) const
virtual void decrypt_n_xex(uint8_t data[], const uint8_t mask[], size_t blocks) const
Key_Length_Specification multiple(size_t n) const
virtual std::string name() const =0
virtual Key_Length_Specification key_spec() const =0
size_t output_length(size_t input_length) const override
size_t output_length(size_t input_length) const override
const uint8_t * tweak() const
size_t ideal_granularity() const final
std::string name() const final
size_t default_nonce_length() const final
size_t cipher_block_size() const
size_t update_granularity() const final
bool has_keying_material() const final
XTS_Mode(std::unique_ptr< BlockCipher > cipher)
const BlockCipher & cipher() const
size_t tweak_blocks() const
Key_Length_Specification key_spec() const final
void update_tweak(size_t last_used)
bool valid_nonce_length(size_t n) const final
size_t minimum_final_size() const final
int(* update)(CTX *, const void *, CC_LONG len)
std::string fmt(std::string_view format, const T &... args)
void poly_double_n_le(uint8_t out[], const uint8_t in[], size_t n)
constexpr void xor_buf(ranges::contiguous_output_range< uint8_t > auto &&out, ranges::contiguous_range< uint8_t > auto &&in)
bool poly_double_supported_size(size_t n)
constexpr void copy_mem(T *out, const T *in, size_t n)
constexpr void clear_mem(T *ptr, size_t n)