Botan::GHASH Class Reference

#include <ghash.h>

Inheritance diagram for Botan::GHASH:

Public Member Functions
void	add_final_block (secure_vector< uint8_t > &x, size_t ad_len, size_t pt_len)
void	clear () override
secure_vector< uint8_t >	final ()
void	final (uint8_t out[], size_t out_len)
void	ghash_update (secure_vector< uint8_t > &x, const uint8_t input[], size_t input_len)
Key_Length_Specification	key_spec () const override
size_t	maximum_keylength () const
size_t	minimum_keylength () const
std::string	name () const override
secure_vector< uint8_t >	nonce_hash (const uint8_t nonce[], size_t nonce_len)
void	nonce_hash (secure_vector< uint8_t > &y0, const uint8_t nonce[], size_t len)
std::string	provider () const
void	reset ()
void	set_associated_data (const uint8_t ad[], size_t ad_len)
void	set_key (const SymmetricKey &key)
template<typename Alloc >
void	set_key (const std::vector< uint8_t, Alloc > &key)
void	set_key (const uint8_t key[], size_t length)
void	start (const uint8_t nonce[], size_t len)
void	update (const uint8_t in[], size_t len)
void	update_associated_data (const uint8_t ad[], size_t len)
bool	valid_keylength (size_t length) const

Protected Member Functions
void	verify_key_set (bool cond) const

Detailed Description

GCM's GHASH This is not intended for general use, but is exposed to allow shared code between GCM and GMAC

Definition at line 22 of file ghash.h.

Member Function Documentation

add_final_block()

void Botan::GHASH::add_final_block	(	secure_vector< uint8_t > &	x,
		size_t	ad_len,
		size_t	pt_len
	)

Definition at line 197 of file ghash.cpp.

References ghash_update(), and hash.

Referenced by final(), and nonce_hash().

   {
   /*
   * stack buffer is fine here since the text len is public
   * and the length of the AD is probably not sensitive either.
   */
   uint8_t final_block[GCM_BS];
   store_be<uint64_t>(final_block, 8*ad_len, 8*text_len);
   ghash_update(hash, final_block, GCM_BS);
   }

clear()

void Botan::GHASH::clear ( )

overridevirtual

Reset the state.

Implements Botan::SymmetricAlgorithm.

Definition at line 229 of file ghash.cpp.

References reset(), and Botan::zap().

   {
   zap(m_H);
   zap(m_HM);
   reset();
   }

final() [1/2]

secure_vector<uint8_t> Botan::GHASH::final ( )

inline

Definition at line 49 of file ghash.h.

         {
         secure_vector<uint8_t> mac(GCM_BS);
         final(mac.data(), mac.size());
         return mac;
         }

final() [2/2]

void Botan::GHASH::final	(	uint8_t	out[],
		size_t	out_len
	)

Definition at line 209 of file ghash.cpp.

References add_final_block(), and BOTAN_ARG_CHECK.

   {
   BOTAN_ARG_CHECK(mac_len > 0 && mac_len <= 16, "GHASH output length");
   add_final_block(m_ghash, m_ad_len, m_text_len);

   for(size_t i = 0; i != mac_len; ++i)
      mac[i] = m_ghash[i] ^ m_nonce[i];

   m_ghash.clear();
   m_text_len = 0;
   }

ghash_update()

void Botan::GHASH::ghash_update	(	secure_vector< uint8_t > &	x,
		const uint8_t	input[],
		size_t	input_len
	)

Definition at line 96 of file ghash.cpp.

References Botan::copy_mem(), Botan::secure_scrub_memory(), and Botan::SymmetricAlgorithm::verify_key_set().

Referenced by add_final_block(), nonce_hash(), set_associated_data(), update(), and update_associated_data().

   {
   verify_key_set(!m_HM.empty());

   /*
   This assumes if less than block size input then we're just on the
   final block and should pad with zeros
   */

   const size_t full_blocks = length / GCM_BS;
   const size_t final_bytes = length - (full_blocks * GCM_BS);

   if(full_blocks > 0)
      {
      gcm_multiply(ghash, input, full_blocks);
      }

   if(final_bytes)
      {
      uint8_t last_block[GCM_BS] = { 0 };
      copy_mem(last_block, input + full_blocks * GCM_BS, final_bytes);
      gcm_multiply(ghash, last_block, 1);
      secure_scrub_memory(last_block, final_bytes);
      }
   }

key_spec()

Key_Length_Specification Botan::GHASH::key_spec ( ) const

inlineoverridevirtual

Returns

object describing limits on key size

Implements Botan::SymmetricAlgorithm.

Definition at line 58 of file ghash.h.

         { return Key_Length_Specification(16); }

maximum_keylength()

size_t Botan::SymmetricAlgorithm::maximum_keylength ( ) const

inlineinherited

Returns

minimum allowed key length

Definition at line 38 of file sym_algo.h.

         {
         return key_spec().maximum_keylength();
         }

minimum_keylength()

size_t Botan::SymmetricAlgorithm::minimum_keylength ( ) const

inlineinherited

Returns

maximum allowed key length

Definition at line 46 of file sym_algo.h.

Referenced by botan_block_cipher_get_keyspec(), and botan_mac_get_keyspec().

         {
         return key_spec().minimum_keylength();
         }

name()

std::string Botan::GHASH::name ( ) const

inlineoverridevirtual

Returns

the algorithm name

Implements Botan::SymmetricAlgorithm.

Definition at line 65 of file ghash.h.

{ return "GHASH"; }

nonce_hash() [1/2]

secure_vector<uint8_t> Botan::GHASH::nonce_hash ( const uint8_t  nonce[], size_t  nonce_len  )

inline

Definition at line 28 of file ghash.h.

         {
         secure_vector<uint8_t> y0(GCM_BS);
         nonce_hash(y0, nonce, nonce_len);
         return y0;
         }

nonce_hash() [2/2]

void Botan::GHASH::nonce_hash	(	secure_vector< uint8_t > &	y0,
		const uint8_t	nonce[],
		size_t	len
	)

Definition at line 221 of file ghash.cpp.

References add_final_block(), BOTAN_ASSERT, and ghash_update().

   {
   BOTAN_ASSERT(m_ghash.size() == 0, "nonce_hash called during wrong time");

   ghash_update(y0, nonce, nonce_len);
   add_final_block(y0, 0, nonce_len);
   }

provider()

std::string Botan::GHASH::provider

(

)

const

Definition at line 25 of file ghash.cpp.

References Botan::CPUID::has_carryless_multiply().

   {
#if defined(BOTAN_HAS_GCM_CLMUL_CPU)
   if(CPUID::has_carryless_multiply())
      return "clmul";
#endif

#if defined(BOTAN_HAS_GCM_CLMUL_SSSE3)
   if(CPUID::has_ssse3())
      return "ssse3";
#endif

   return "base";
   }

reset()

void Botan::GHASH::reset

(

)

Definition at line 236 of file ghash.cpp.

References Botan::zeroise().

Referenced by clear().

   {
   zeroise(m_H_ad);
   m_ghash.clear();
   m_nonce.clear();
   m_text_len = m_ad_len = 0;
   }

set_associated_data()

void Botan::GHASH::set_associated_data	(	const uint8_t	ad[],
		size_t	ad_len
	)

Definition at line 172 of file ghash.cpp.

References ghash_update(), and Botan::zeroise().

   {
   if(m_ghash.empty() == false)
      throw Invalid_State("Too late to set AD in GHASH");

   zeroise(m_H_ad);

   ghash_update(m_H_ad, input, length);
   m_ad_len = length;
   }

set_key() [1/3]

void Botan::SymmetricAlgorithm::set_key ( const SymmetricKey &  key )

inlineinherited

Set the symmetric key of this object.

Parameters

key	the SymmetricKey to be set.

Definition at line 65 of file sym_algo.h.

References Botan::OctetString::begin(), and Botan::OctetString::length().

Referenced by Botan::aont_package(), Botan::aont_unpackage(), botan_block_cipher_set_key(), botan_cipher_set_key(), botan_mac_set_key(), Botan::Sodium::crypto_stream_salsa20(), Botan::Sodium::crypto_stream_salsa20_xor_ic(), Botan::Sodium::crypto_stream_xsalsa20(), Botan::Sodium::crypto_stream_xsalsa20_xor_ic(), Botan::FPE::fe1_decrypt(), Botan::FPE::fe1_encrypt(), and Botan::Sodium::randombytes_buf_deterministic().

         {
         set_key(key.begin(), key.length());
         }

set_key() [2/3]

template<typename Alloc >

void Botan::SymmetricAlgorithm::set_key ( const std::vector< uint8_t, Alloc > &  key )

inlineinherited

Definition at line 71 of file sym_algo.h.

         {
         set_key(key.data(), key.size());
         }

set_key() [3/3]

void Botan::SymmetricAlgorithm::set_key ( const uint8_t  key[], size_t  length  )

inherited

Set the symmetric key of this object.

Parameters

key	the to be set as a byte array.
length	in bytes of key param

Definition at line 17 of file sym_algo.cpp.

References Botan::SymmetricAlgorithm::name(), and Botan::SymmetricAlgorithm::valid_keylength().

   {
   if(!valid_keylength(length))
      throw Invalid_Key_Length(name(), length);
   key_schedule(key, length);
   }

start()

void Botan::GHASH::start	(	const uint8_t	nonce[],
		size_t	len
	)

Definition at line 165 of file ghash.cpp.

References BOTAN_ARG_CHECK.

   {
   BOTAN_ARG_CHECK(len == 16, "GHASH requires a 128-bit nonce");
   m_nonce.assign(nonce, nonce + len);
   m_ghash = m_H_ad;
   }

update()

void Botan::GHASH::update	(	const uint8_t	in[],
		size_t	len
	)

Definition at line 190 of file ghash.cpp.

References ghash_update(), and Botan::SymmetricAlgorithm::verify_key_set().

   {
   verify_key_set(m_ghash.size() == GCM_BS);
   m_text_len += length;
   ghash_update(m_ghash, input, length);
   }

update_associated_data()

void Botan::GHASH::update_associated_data	(	const uint8_t	ad[],
		size_t	len
	)

Definition at line 183 of file ghash.cpp.

References ghash_update(), and Botan::SymmetricAlgorithm::verify_key_set().

   {
   verify_key_set(m_ghash.size() == GCM_BS);
   m_ad_len += length;
   ghash_update(m_ghash, ad, length);
   }

valid_keylength()

bool Botan::SymmetricAlgorithm::valid_keylength ( size_t  length ) const

inlineinherited

Check whether a given key length is valid for this algorithm.

Parameters

length

the key length to be checked.

Returns

true if the key length is valid.

Definition at line 56 of file sym_algo.h.

Referenced by Botan::aont_package(), Botan::aont_unpackage(), and Botan::SymmetricAlgorithm::set_key().

         {
         return key_spec().valid_keylength(length);
         }

verify_key_set()

void Botan::SymmetricAlgorithm::verify_key_set ( bool  cond ) const

inlineprotectedinherited

Definition at line 89 of file sym_algo.h.

Referenced by Botan::Salsa20::cipher(), Botan::CTR_BE::cipher(), Botan::RC4::cipher(), Botan::SHAKE_128_Cipher::cipher(), Botan::ChaCha::cipher(), Botan::SHACAL2::decrypt_n(), Botan::Twofish::decrypt_n(), Botan::AES_128::decrypt_n(), Botan::KASUMI::decrypt_n(), Botan::Noekeon::decrypt_n(), Botan::CAST_256::decrypt_n(), Botan::SM4::decrypt_n(), Botan::DES::decrypt_n(), Botan::DESX::decrypt_n(), Botan::XTEA::decrypt_n(), Botan::Camellia_128::decrypt_n(), Botan::IDEA::decrypt_n(), Botan::CAST_128::decrypt_n(), Botan::MISTY1::decrypt_n(), Botan::SEED::decrypt_n(), Botan::Blowfish::decrypt_n(), Botan::Serpent::decrypt_n(), Botan::Threefish_512::decrypt_n(), Botan::Lion::decrypt_n(), Botan::ARIA_128::decrypt_n(), Botan::Camellia_192::decrypt_n(), Botan::TripleDES::decrypt_n(), Botan::ARIA_192::decrypt_n(), Botan::Camellia_256::decrypt_n(), Botan::AES_192::decrypt_n(), Botan::GOST_28147_89::decrypt_n(), Botan::ARIA_256::decrypt_n(), Botan::AES_256::decrypt_n(), Botan::SEED::encrypt_n(), Botan::CAST_256::encrypt_n(), Botan::SHACAL2::encrypt_n(), Botan::SM4::encrypt_n(), Botan::IDEA::encrypt_n(), Botan::KASUMI::encrypt_n(), Botan::AES_128::encrypt_n(), Botan::MISTY1::encrypt_n(), Botan::Noekeon::encrypt_n(), Botan::CAST_128::encrypt_n(), Botan::DES::encrypt_n(), Botan::Blowfish::encrypt_n(), Botan::Twofish::encrypt_n(), Botan::Camellia_128::encrypt_n(), Botan::XTEA::encrypt_n(), Botan::DESX::encrypt_n(), Botan::Threefish_512::encrypt_n(), Botan::Serpent::encrypt_n(), Botan::Lion::encrypt_n(), Botan::ARIA_128::encrypt_n(), Botan::Camellia_192::encrypt_n(), Botan::TripleDES::encrypt_n(), Botan::ARIA_192::encrypt_n(), Botan::Camellia_256::encrypt_n(), Botan::AES_192::encrypt_n(), Botan::GOST_28147_89::encrypt_n(), Botan::ARIA_256::encrypt_n(), Botan::AES_256::encrypt_n(), Botan::OCB_Encryption::finish(), Botan::OCB_Decryption::finish(), ghash_update(), Botan::CFB_Encryption::process(), Botan::CFB_Decryption::process(), Botan::Salsa20::seek(), Botan::CTR_BE::seek(), Botan::ChaCha::seek(), Botan::OCB_Mode::set_associated_data(), Botan::Salsa20::set_iv(), Botan::ChaCha::set_iv(), update(), update_associated_data(), and Botan::ChaCha::write_keystream().

         {
         if(cond == false)
            throw_key_not_set_error();
         }

---

The documentation for this class was generated from the following files:

• src/lib/modes/aead/gcm/ghash.h
• src/lib/modes/aead/gcm/ghash.cpp