void ChaCha::set_iv(const byte iv[], size_t length) { if(!valid_iv_length(length)) throw Invalid_IV_Length(name(), length); m_state[12] = 0; m_state[13] = 0; if(length == 8) { m_state[14] = load_le<u32bit>(iv, 0); m_state[15] = load_le<u32bit>(iv, 1); } else if(length == 12) { m_state[13] = load_le<u32bit>(iv, 0); m_state[14] = load_le<u32bit>(iv, 1); m_state[15] = load_le<u32bit>(iv, 2); } chacha(m_buffer.data(), m_state.data()); ++m_state[12]; m_state[13] += (m_state[12] == 0); m_position = 0; }
secure_vector<byte> ECB_Mode::start_raw(const byte[], size_t nonce_len) { if(!valid_nonce_length(nonce_len)) throw Invalid_IV_Length(name(), nonce_len); return secure_vector<byte>(); }
void CCM_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) { if(!valid_nonce_length(nonce_len)) throw Invalid_IV_Length(name(), nonce_len); m_nonce.assign(nonce, nonce + nonce_len); m_msg_buf.clear(); }
secure_vector<byte> Stream_Compression::start_raw(const byte[], size_t nonce_len) { if(!valid_nonce_length(nonce_len)) throw Invalid_IV_Length(name(), nonce_len); m_stream.reset(make_stream()); return secure_vector<byte>(); }
/* * Set new tweak */ void XTS_Decryption::set_iv(const InitializationVector& iv) { if(iv.length() != tweak.size()) throw Invalid_IV_Length(name(), iv.length()); tweak = iv.bits_of(); cipher2->encrypt(tweak); }
void SHAKE_128_Cipher::set_iv(const uint8_t[], size_t length) { /* * This could be supported in some way (say, by treating iv as * a prefix or suffix of the key). */ if(length != 0) throw Invalid_IV_Length(name(), length); }
secure_vector<byte> CCM_Mode::start_raw(const byte nonce[], size_t nonce_len) { if(!valid_nonce_length(nonce_len)) throw Invalid_IV_Length(name(), nonce_len); m_nonce.assign(nonce, nonce + nonce_len); m_msg_buf.clear(); return secure_vector<byte>(); }
void OFB::set_iv(const byte iv[], size_t iv_len) { if(!valid_iv_length(iv_len)) throw Invalid_IV_Length(name(), iv_len); zeroise(m_buffer); buffer_insert(m_buffer, 0, iv, iv_len); m_cipher->encrypt(m_buffer); m_buf_pos = 0; }
void XTS_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) { if(!valid_nonce_length(nonce_len)) throw Invalid_IV_Length(name(), nonce_len); m_tweak.resize(update_granularity()); copy_mem(m_tweak.data(), nonce, nonce_len); m_tweak_cipher->encrypt(m_tweak.data()); update_tweak(0); }
void CBC_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) { if(!valid_nonce_length(nonce_len)) throw Invalid_IV_Length(name(), nonce_len); /* * A nonce of zero length means carry the last ciphertext value over * as the new IV, as unfortunately some protocols require this. If * this is the first message then we use an IV of all zeros. */ if(nonce_len) m_state.assign(nonce, nonce + nonce_len); }
/* * Set the Salsa IV */ void Salsa20::set_iv(const uint8_t iv[], size_t length) { if(!valid_iv_length(length)) throw Invalid_IV_Length(name(), length); if(length == 0) { // Salsa20 null IV m_state[6] = 0; m_state[7] = 0; } else if(length == 8) { // Salsa20 m_state[6] = load_le<uint32_t>(iv, 0); m_state[7] = load_le<uint32_t>(iv, 1); } else { // XSalsa20 m_state[6] = load_le<uint32_t>(iv, 0); m_state[7] = load_le<uint32_t>(iv, 1); m_state[8] = load_le<uint32_t>(iv, 2); m_state[9] = load_le<uint32_t>(iv, 3); secure_vector<uint32_t> hsalsa(8); hsalsa20(hsalsa.data(), m_state.data()); m_state[ 1] = hsalsa[0]; m_state[ 2] = hsalsa[1]; m_state[ 3] = hsalsa[2]; m_state[ 4] = hsalsa[3]; m_state[ 6] = load_le<uint32_t>(iv, 4); m_state[ 7] = load_le<uint32_t>(iv, 5); m_state[11] = hsalsa[4]; m_state[12] = hsalsa[5]; m_state[13] = hsalsa[6]; m_state[14] = hsalsa[7]; } m_state[8] = 0; m_state[9] = 0; salsa20(m_buffer.data(), m_state.data()); ++m_state[8]; m_state[9] += (m_state[8] == 0); m_position = 0; }
secure_vector<byte> EAX_Mode::start_raw(const byte nonce[], size_t nonce_len) { if(!valid_nonce_length(nonce_len)) throw Invalid_IV_Length(name(), nonce_len); m_nonce_mac = eax_prf(0, block_size(), *m_cmac, nonce, nonce_len); m_ctr->set_iv(m_nonce_mac.data(), m_nonce_mac.size()); for(size_t i = 0; i != block_size() - 1; ++i) m_cmac->update(0); m_cmac->update(2); return secure_vector<byte>(); }
void StreamCipher::set_iv(const byte[], size_t iv_len) { if(!valid_iv_length(iv_len)) throw Invalid_IV_Length(name(), iv_len); }
void Keyed_Filter::set_iv(const InitializationVector& iv) { if(iv.length() != 0) throw Invalid_IV_Length(name(), iv.length()); }