Botan 3.11.0
Crypto and TLS for C&
Public Member Functions | Protected Member Functions | List of all members
Botan::GHASH Class Referencefinal

#include <ghash.h>

Inheritance diagram for Botan::GHASH:
Botan::SymmetricAlgorithm

Public Member Functions

void clear () override
void final (std::span< uint8_t > out)
bool has_keying_material () const override
Key_Length_Specification key_spec () const override
size_t maximum_keylength () const
size_t minimum_keylength () const
std::string name () const override
void nonce_hash (std::span< uint8_t, GCM_BS > y0, std::span< const uint8_t > nonce)
 Hashing of non-default length nonce values for both GCM and GMAC use-cases.
std::string provider () const
void reset_associated_data ()
 Reset the AAD state without resetting the key (used in GMAC::final_result).
void reset_state ()
void set_associated_data (std::span< const uint8_t > ad)
 Monolithic setting of associated data usid in the GCM use-case.
void set_key (const OctetString &key)
void set_key (const uint8_t key[], size_t length)
void set_key (std::span< const uint8_t > key)
void start (std::span< const uint8_t > nonce)
void update (std::span< const uint8_t > in)
void update_associated_data (std::span< const uint8_t > ad)
 Incremental update of associated data used in the GMAC use-case.
bool valid_keylength (size_t length) const

Protected Member Functions

void assert_key_material_set () const
void assert_key_material_set (bool predicate) const

Detailed Description

GCM's GHASH

Definition at line 19 of file ghash.h.

Member Function Documentation

◆ assert_key_material_set() [1/2]

void Botan::SymmetricAlgorithm::assert_key_material_set ( ) const
inlineprotectedinherited

Definition at line 145 of file sym_algo.h.

145{ assert_key_material_set(has_keying_material()); }
Botan::SymmetricAlgorithm::has_keying_material
virtual bool has_keying_material() const =0
Botan::SymmetricAlgorithm::assert_key_material_set
void assert_key_material_set() const
Definition sym_algo.h:145

References assert_key_material_set(), and has_keying_material().

Referenced by assert_key_material_set(), Botan::Salsa20::cipher_bytes(), Botan::Lion::decrypt_n(), Botan::Lion::encrypt_n(), Botan::GHASH::final(), Botan::GHASH::nonce_hash(), Botan::GHASH::reset_associated_data(), Botan::ChaCha::seek(), Botan::CTR_BE::seek(), Botan::Salsa20::seek(), Botan::GHASH::set_associated_data(), Botan::OCB_Mode::set_associated_data_n(), Botan::Salsa20::set_iv_bytes(), Botan::GHASH::update(), and Botan::GHASH::update_associated_data().

◆ assert_key_material_set() [2/2]

void Botan::SymmetricAlgorithm::assert_key_material_set ( bool predicate) const
inlineprotectedinherited

Definition at line 147 of file sym_algo.h.

147 {
148 if(!predicate) {
149 throw_key_not_set_error();
150 }
151 }

◆ clear()

void Botan::GHASH::clear ( )
overridevirtual

Reset the internal state. This includes not just the key, but any partial message that may have been in process.

Implements Botan::SymmetricAlgorithm.

Definition at line 218 of file ghash.cpp.

218 {
219 zap(m_HM);
220 zap(m_H_pow);
221 this->reset_state();
222}
Botan::GHASH::reset_state
void reset_state()
Definition ghash.cpp:224
Botan::zap
void zap(std::vector< T, Alloc > &vec)
Definition secmem.h:133

References reset_state(), and Botan::zap().

◆ final()

void Botan::GHASH::final ( std::span< uint8_t > out)

Definition at line 194 of file ghash.cpp.

194 {
195 BOTAN_ARG_CHECK(!mac.empty() && mac.size() <= GCM_BS, "GHASH output length");
196 BOTAN_STATE_CHECK(m_nonce);
197 assert_key_material_set();
198
199 ghash_zeropad(m_ghash);
200 ghash_final_block(m_ghash, m_ad_len, m_text_len);
201
202 xor_buf(mac, std::span{m_ghash}.first(mac.size()), std::span{*m_nonce}.first(mac.size()));
203
204 secure_scrub_memory(m_ghash);
205 m_text_len = 0;
206 m_nonce.reset();
207}
BOTAN_STATE_CHECK
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:49
BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:33
Botan::secure_scrub_memory
void secure_scrub_memory(void *ptr, size_t n)
Definition mem_utils.cpp:25
Botan::xor_buf
constexpr void xor_buf(ranges::contiguous_output_range< uint8_t > auto &&out, ranges::contiguous_range< uint8_t > auto &&in)
Definition mem_ops.h:341

References Botan::SymmetricAlgorithm::assert_key_material_set(), BOTAN_ARG_CHECK, BOTAN_STATE_CHECK, Botan::secure_scrub_memory(), and Botan::xor_buf().

◆ has_keying_material()

bool Botan::GHASH::has_keying_material ( ) const
overridevirtual
Returns
true if a key has been set on this object

Implements Botan::SymmetricAlgorithm.

Definition at line 99 of file ghash.cpp.

99 {
100 return !m_HM.empty() || !m_H_pow.empty();
101}

◆ key_spec()

Key_Length_Specification Botan::GHASH::key_spec ( ) const
inlineoverridevirtual
Returns
object describing limits on key size

Implements Botan::SymmetricAlgorithm.

Definition at line 42 of file ghash.h.

42{ return Key_Length_Specification(16); }

◆ maximum_keylength()

size_t Botan::SymmetricAlgorithm::maximum_keylength ( ) const
inlineinherited
Returns
maximum allowed key length

Definition at line 101 of file sym_algo.h.

101{ return key_spec().maximum_keylength(); }
Botan::Key_Length_Specification::maximum_keylength
size_t maximum_keylength() const
Definition sym_algo.h:55
Botan::SymmetricAlgorithm::key_spec
virtual Key_Length_Specification key_spec() const =0

References key_spec().

◆ minimum_keylength()

size_t Botan::SymmetricAlgorithm::minimum_keylength ( ) const
inlineinherited
Returns
minimum allowed key length

Definition at line 106 of file sym_algo.h.

106{ return key_spec().minimum_keylength(); }
Botan::Key_Length_Specification::minimum_keylength
size_t minimum_keylength() const
Definition sym_algo.h:50

References key_spec().

◆ name()

std::string Botan::GHASH::name ( ) const
inlineoverridevirtual
Returns
the algorithm name

Implements Botan::SymmetricAlgorithm.

Definition at line 50 of file ghash.h.

50{ return "GHASH"; }

◆ nonce_hash()

void Botan::GHASH::nonce_hash ( std::span< uint8_t, GCM_BS > y0,
std::span< const uint8_t > nonce )

Hashing of non-default length nonce values for both GCM and GMAC use-cases.

Definition at line 209 of file ghash.cpp.

209 {
210 assert_key_material_set();
211 BOTAN_STATE_CHECK(!m_nonce);
212
213 ghash_update(y0, nonce);
214 ghash_zeropad(y0);
215 ghash_final_block(y0, 0, nonce.size());
216}

References Botan::SymmetricAlgorithm::assert_key_material_set(), and BOTAN_STATE_CHECK.

◆ provider()

std::string Botan::GHASH::provider ( ) const

Definition at line 21 of file ghash.cpp.

21 {
22#if defined(BOTAN_HAS_GHASH_AVX512_CLMUL)
23 if(auto feat = CPUID::check(CPUID::Feature::AVX512_CLMUL)) {
24 return *feat;
25 }
26#endif
27
28#if defined(BOTAN_HAS_GHASH_CLMUL_CPU)
29 if(auto feat = CPUID::check(CPUID::Feature::HW_CLMUL)) {
30 return *feat;
31 }
32#endif
33
34#if defined(BOTAN_HAS_GHASH_CLMUL_VPERM)
35 if(auto feat = CPUID::check(CPUID::Feature::SIMD_4X32)) {
36 return *feat;
37 }
38#endif
39
40 return "base";
41}
Botan::CPUID::check
static std::optional< std::string > check(CPUID::Feature feat)
Definition cpuid.h:67

References Botan::CPUFeature::AVX512_CLMUL, Botan::CPUID::check(), Botan::CPUFeature::HW_CLMUL, and Botan::CPUFeature::SIMD_4X32.

◆ reset_associated_data()

void Botan::GHASH::reset_associated_data ( )

Reset the AAD state without resetting the key (used in GMAC::final_result).

Definition at line 173 of file ghash.cpp.

173 {
174 // This should only be called in GMAC context
175 BOTAN_STATE_CHECK(m_text_len == 0);
176 assert_key_material_set();
177 m_H_ad = {0};
178 m_ad_len = 0;
179}

References Botan::SymmetricAlgorithm::assert_key_material_set(), and BOTAN_STATE_CHECK.

◆ reset_state()

void Botan::GHASH::reset_state ( )

Definition at line 224 of file ghash.cpp.

224 {
225 m_H_ad = {0};
226 secure_scrub_memory(m_ghash);
227 if(m_nonce) {
228 secure_scrub_memory(m_nonce.value());
229 m_nonce.reset();
230 }
231 m_buffer.clear();
232 m_text_len = m_ad_len = 0;
233}

References Botan::secure_scrub_memory().

Referenced by clear().

◆ set_associated_data()

void Botan::GHASH::set_associated_data ( std::span< const uint8_t > ad)

Monolithic setting of associated data usid in the GCM use-case.

Definition at line 163 of file ghash.cpp.

163 {
164 BOTAN_STATE_CHECK(!m_nonce);
165
166 assert_key_material_set();
167 m_H_ad = {0};
168 ghash_update(m_H_ad, input);
169 ghash_zeropad(m_H_ad);
170 m_ad_len = input.size();
171}

References Botan::SymmetricAlgorithm::assert_key_material_set(), and BOTAN_STATE_CHECK.

◆ set_key() [1/3]

void Botan::SymmetricAlgorithm::set_key ( const OctetString & key)
inherited

Set the symmetric key of this object.

Parameters
keythe SymmetricKey to be set.

Definition at line 14 of file sym_algo.cpp.

14 {
15 set_key(std::span{key.begin(), key.length()});
16}
Botan::SymmetricAlgorithm::set_key
void set_key(const OctetString &key)
Definition sym_algo.cpp:14

References Botan::OctetString::begin(), Botan::OctetString::length(), and set_key().

Referenced by Botan::create_aes_row_generator(), Botan::Sodium::crypto_stream_salsa20(), Botan::Sodium::crypto_stream_salsa20_xor_ic(), Botan::Sodium::crypto_stream_xsalsa20(), Botan::Sodium::crypto_stream_xsalsa20_xor_ic(), Botan::FPE::fe1_decrypt(), Botan::FPE::fe1_encrypt(), Botan::Sphincs_Hash_Functions_Sha2::PRF_msg(), Botan::Sodium::randombytes_buf_deterministic(), Botan::TLS::TLS_NULL_HMAC_AEAD_Mode::reset(), and set_key().

◆ set_key() [2/3]

void Botan::SymmetricAlgorithm::set_key ( const uint8_t key[],
size_t length )
inlineinherited

Set the symmetric key of this object.

Parameters
keythe to be set as a byte array.
lengthin bytes of key param

Definition at line 132 of file sym_algo.h.

132{ set_key(std::span{key, length}); }

References set_key().

Referenced by set_key().

◆ set_key() [3/3]

void Botan::SymmetricAlgorithm::set_key ( std::span< const uint8_t > key)
inherited

Set the symmetric key of this object.

Parameters
keythe contiguous byte range to be set.

Definition at line 22 of file sym_algo.cpp.

22 {
23 if(!valid_keylength(key.size())) {
24 throw Invalid_Key_Length(name(), key.size());
25 }
26 key_schedule(key);
27}
Botan::SymmetricAlgorithm::valid_keylength
bool valid_keylength(size_t length) const
Definition sym_algo.h:113
Botan::SymmetricAlgorithm::name
virtual std::string name() const =0

References name(), and valid_keylength().

◆ start()

void Botan::GHASH::start ( std::span< const uint8_t > nonce)

Definition at line 156 of file ghash.cpp.

156 {
157 BOTAN_ARG_CHECK(nonce.size() == 16, "GHASH requires a 128-bit nonce");
158 auto& n = m_nonce.emplace();
159 copy_mem(n, nonce);
160 copy_mem(m_ghash, m_H_ad);
161}
Botan::copy_mem
constexpr void copy_mem(T *out, const T *in, size_t n)
Definition mem_ops.h:144

References BOTAN_ARG_CHECK, and Botan::copy_mem().

◆ update()

void Botan::GHASH::update ( std::span< const uint8_t > in)

Definition at line 187 of file ghash.cpp.

187 {
188 assert_key_material_set();
189 BOTAN_STATE_CHECK(m_nonce);
190 ghash_update(m_ghash, input);
191 m_text_len += input.size();
192}

References Botan::SymmetricAlgorithm::assert_key_material_set(), and BOTAN_STATE_CHECK.

◆ update_associated_data()

void Botan::GHASH::update_associated_data ( std::span< const uint8_t > ad)

Incremental update of associated data used in the GMAC use-case.

Definition at line 181 of file ghash.cpp.

181 {
182 assert_key_material_set();
183 ghash_update(m_ghash, ad);
184 m_ad_len += ad.size();
185}

References Botan::SymmetricAlgorithm::assert_key_material_set().

◆ valid_keylength()

bool Botan::SymmetricAlgorithm::valid_keylength ( size_t length) const
inlineinherited

Check whether a given key length is valid for this algorithm.

Parameters
lengththe key length to be checked.
Returns
true if the key length is valid.

Definition at line 113 of file sym_algo.h.

113{ return key_spec().valid_keylength(length); }
Botan::Key_Length_Specification::valid_keylength
bool valid_keylength(size_t length) const
Definition sym_algo.h:43

References key_spec().

Referenced by set_key().

The documentation for this class was generated from the following files:
Generated by doxygen 1.15.0