1 files changed, 172 insertions, 0 deletions
diff --git a/botan/src/modes/eax/eax.cpp b/botan/src/modes/eax/eax.cpp
new file mode 100644
index 0000000..67465a7
--- /dev/null
+++ b/botan/src/modes/eax/eax.cpp
@@ -0,0 +1,172 @@
+/*
+* EAX Mode Encryption
+* (C) 1999-2007 Jack Lloyd
+*
+* Distributed under the terms of the Botan license
+*/
+
+#include <botan/eax.h>
+#include <botan/cmac.h>
+#include <botan/xor_buf.h>
+#include <botan/parsing.h>
+#include <algorithm>
+
+namespace Botan {
+
+namespace {
+
+/*
+* EAX MAC-based PRF
+*/
+SecureVector<byte> eax_prf(byte tag, u32bit BLOCK_SIZE,
+                           MessageAuthenticationCode* mac,
+                           const byte in[], u32bit length)
+   {
+   for(u32bit j = 0; j != BLOCK_SIZE - 1; ++j)
+      mac->update(0);
+   mac->update(tag);
+   mac->update(in, length);
+   return mac->final();
+   }
+
+}
+
+/*
+* EAX_Base Constructor
+*/
+EAX_Base::EAX_Base(BlockCipher* ciph,
+                   u32bit tag_size) :
+   TAG_SIZE(tag_size ? tag_size / 8 : ciph->BLOCK_SIZE),
+   BLOCK_SIZE(ciph->BLOCK_SIZE)
+   {
+   cipher = ciph;
+   mac = new CMAC(cipher->clone());
+
+   if(tag_size % 8 != 0 || TAG_SIZE == 0 || TAG_SIZE > mac->OUTPUT_LENGTH)
+      throw Invalid_Argument(name() + ": Bad tag size " + to_string(tag_size));
+
+   state.create(BLOCK_SIZE);
+   buffer.create(BLOCK_SIZE);
+   position = 0;
+   }
+
+/*
+* Check if a keylength is valid for EAX
+*/
+bool EAX_Base::valid_keylength(u32bit n) const
+   {
+   if(!cipher->valid_keylength(n))
+      return false;
+   if(!mac->valid_keylength(n))
+      return false;
+   return true;
+   }
+
+/*
+* Set the EAX key
+*/
+void EAX_Base::set_key(const SymmetricKey& key)
+   {
+   cipher->set_key(key);
+   mac->set_key(key);
+   header_mac = eax_prf(1, BLOCK_SIZE, mac, 0, 0);
+   }
+
+/*
+* Do setup at the start of each message
+*/
+void EAX_Base::start_msg()
+   {
+   for(u32bit j = 0; j != BLOCK_SIZE - 1; ++j)
+      mac->update(0);
+   mac->update(2);
+   }
+
+/*
+* Set the EAX nonce
+*/
+void EAX_Base::set_iv(const InitializationVector& iv)
+   {
+   nonce_mac = eax_prf(0, BLOCK_SIZE, mac, iv.begin(), iv.length());
+   state = nonce_mac;
+   cipher->encrypt(state, buffer);
+   }
+
+/*
+* Set the EAX header
+*/
+void EAX_Base::set_header(const byte header[], u32bit length)
+   {
+   header_mac = eax_prf(1, BLOCK_SIZE, mac, header, length);
+   }
+
+/*
+* Return the name of this cipher mode
+*/
+std::string EAX_Base::name() const
+   {
+   return (cipher->name() + "/EAX");
+   }
+
+/*
+* Increment the counter and update the buffer
+*/
+void EAX_Base::increment_counter()
+   {
+   for(s32bit j = BLOCK_SIZE - 1; j >= 0; --j)
+      if(++state[j])
+         break;
+   cipher->encrypt(state, buffer);
+   position = 0;
+   }
+
+/*
+* Encrypt in EAX mode
+*/
+void EAX_Encryption::write(const byte input[], u32bit length)
+   {
+   u32bit copied = std::min(BLOCK_SIZE - position, length);
+   xor_buf(buffer + position, input, copied);
+   send(buffer + position, copied);
+   mac->update(buffer + position, copied);
+   input += copied;
+   length -= copied;
+   position += copied;
+
+   if(position == BLOCK_SIZE)
+      increment_counter();
+
+   while(length >= BLOCK_SIZE)
+      {
+      xor_buf(buffer, input, BLOCK_SIZE);
+      send(buffer, BLOCK_SIZE);
+      mac->update(buffer, BLOCK_SIZE);
+
+      input += BLOCK_SIZE;
+      length -= BLOCK_SIZE;
+      increment_counter();
+      }
+
+   xor_buf(buffer + position, input, length);
+   send(buffer + position, length);
+   mac->update(buffer + position, length);
+   position += length;
+   }
+
+/*
+* Finish encrypting in EAX mode
+*/
+void EAX_Encryption::end_msg()
+   {
+   SecureVector<byte> data_mac = mac->final();
+   xor_buf(data_mac, nonce_mac, data_mac.size());
+   xor_buf(data_mac, header_mac, data_mac.size());
+
+   send(data_mac, TAG_SIZE);
+
+   state.clear();
+   buffer.clear();
+   position = 0;
+   }
+
+}