Botan 3.8.1
Crypto and TLS for C&
Botan::GHASH Class Referencefinal

#include <ghash.h>

Inheritance diagram for Botan::GHASH:
Botan::SymmetricAlgorithm

Public Member Functions

void clear () override
 
void final (std::span< uint8_t > out)
 
bool has_keying_material () const override
 
Key_Length_Specification key_spec () const override
 
size_t maximum_keylength () const
 
size_t minimum_keylength () const
 
std::string name () const override
 
void nonce_hash (std::span< uint8_t, GCM_BS > y0, std::span< const uint8_t > nonce)
 Hashing of non-default length nonce values for both GCM and GMAC use-cases.
 
std::string provider () const
 
void reset ()
 
void set_associated_data (std::span< const uint8_t > ad)
 Monolithic setting of associated data usid in the GCM use-case.
 
void set_key (const OctetString &key)
 
void set_key (const uint8_t key[], size_t length)
 
void set_key (std::span< const uint8_t > key)
 
void start (std::span< const uint8_t > nonce)
 
void update (std::span< const uint8_t > in)
 
void update_associated_data (std::span< const uint8_t > ad)
 Incremental update of associated data used in the GMAC use-case.
 
bool valid_keylength (size_t length) const
 

Protected Member Functions

void assert_key_material_set () const
 
void assert_key_material_set (bool predicate) const
 

Detailed Description

GCM's GHASH

Definition at line 19 of file ghash.h.

Member Function Documentation

◆ assert_key_material_set() [1/2]

◆ assert_key_material_set() [2/2]

void Botan::SymmetricAlgorithm::assert_key_material_set ( bool predicate) const
inlineprotectedinherited

Definition at line 143 of file sym_algo.h.

143 {
144 if(!predicate) {
145 throw_key_not_set_error();
146 }
147 }

◆ clear()

void Botan::GHASH::clear ( )
overridevirtual

Reset the internal state. This includes not just the key, but any partial message that may have been in process.

Implements Botan::SymmetricAlgorithm.

Definition at line 190 of file ghash.cpp.

190 {
191 zap(m_HM);
192 zap(m_H_pow);
193 reset();
194}
void reset()
Definition ghash.cpp:196
void zap(std::vector< T, Alloc > &vec)
Definition secmem.h:124

References reset(), and Botan::zap().

◆ final()

void Botan::GHASH::final ( std::span< uint8_t > out)

Definition at line 166 of file ghash.cpp.

166 {
167 BOTAN_ARG_CHECK(!mac.empty() && mac.size() <= GCM_BS, "GHASH output length");
168 BOTAN_STATE_CHECK(m_nonce);
170
171 ghash_zeropad(m_ghash);
172 ghash_final_block(m_ghash, m_ad_len, m_text_len);
173
174 xor_buf(mac, std::span{m_ghash}.first(mac.size()), std::span{*m_nonce}.first(mac.size()));
175
176 secure_scrub_memory(m_ghash);
177 m_text_len = 0;
178 m_nonce.reset();
179}
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:43
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:31
void secure_scrub_memory(void *ptr, size_t n)
Definition mem_utils.cpp:24
constexpr void xor_buf(ranges::contiguous_output_range< uint8_t > auto &&out, ranges::contiguous_range< uint8_t > auto &&in)
Definition mem_ops.h:344

References Botan::SymmetricAlgorithm::assert_key_material_set(), BOTAN_ARG_CHECK, BOTAN_STATE_CHECK, Botan::secure_scrub_memory(), and Botan::xor_buf().

◆ has_keying_material()

bool Botan::GHASH::has_keying_material ( ) const
overridevirtual
Returns
true if a key has been set on this object

Implements Botan::SymmetricAlgorithm.

Definition at line 88 of file ghash.cpp.

88 {
89 return !m_HM.empty() || !m_H_pow.empty();
90}

◆ key_spec()

Key_Length_Specification Botan::GHASH::key_spec ( ) const
inlineoverridevirtual
Returns
object describing limits on key size

Implements Botan::SymmetricAlgorithm.

Definition at line 39 of file ghash.h.

39{ return Key_Length_Specification(16); }

◆ maximum_keylength()

size_t Botan::SymmetricAlgorithm::maximum_keylength ( ) const
inlineinherited
Returns
maximum allowed key length

Definition at line 97 of file sym_algo.h.

97{ return key_spec().maximum_keylength(); }
size_t maximum_keylength() const
Definition sym_algo.h:56
virtual Key_Length_Specification key_spec() const =0

References key_spec().

◆ minimum_keylength()

size_t Botan::SymmetricAlgorithm::minimum_keylength ( ) const
inlineinherited
Returns
minimum allowed key length

Definition at line 102 of file sym_algo.h.

102{ return key_spec().minimum_keylength(); }
size_t minimum_keylength() const
Definition sym_algo.h:51

References key_spec().

◆ name()

std::string Botan::GHASH::name ( ) const
inlineoverridevirtual
Returns
the algorithm name

Implements Botan::SymmetricAlgorithm.

Definition at line 47 of file ghash.h.

47{ return "GHASH"; }

◆ nonce_hash()

void Botan::GHASH::nonce_hash ( std::span< uint8_t, GCM_BS > y0,
std::span< const uint8_t > nonce )

Hashing of non-default length nonce values for both GCM and GMAC use-cases.

Definition at line 181 of file ghash.cpp.

181 {
183 BOTAN_STATE_CHECK(!m_nonce);
184
185 ghash_update(y0, nonce);
186 ghash_zeropad(y0);
187 ghash_final_block(y0, 0, nonce.size());
188}

References Botan::SymmetricAlgorithm::assert_key_material_set(), and BOTAN_STATE_CHECK.

◆ provider()

std::string Botan::GHASH::provider ( ) const

Definition at line 23 of file ghash.cpp.

23 {
24#if defined(BOTAN_HAS_GHASH_CLMUL_CPU)
26 return "clmul";
27 }
28#endif
29
30#if defined(BOTAN_HAS_GHASH_CLMUL_VPERM)
32 return "vperm";
33 }
34#endif
35
36 return "base";
37}
static bool has(CPUID::Feature feat)
Definition cpuid.h:94

References Botan::CPUID::has(), Botan::CPUFeature::HW_CLMUL, and Botan::CPUFeature::SIMD_4X32.

◆ reset()

void Botan::GHASH::reset ( )

Definition at line 196 of file ghash.cpp.

196 {
197 m_H_ad = {0};
198 secure_scrub_memory(m_ghash);
199 if(m_nonce) {
200 secure_scrub_memory(m_nonce.value());
201 m_nonce.reset();
202 }
203 m_buffer.clear();
204 m_text_len = m_ad_len = 0;
205}

References Botan::secure_scrub_memory().

Referenced by clear().

◆ set_associated_data()

void Botan::GHASH::set_associated_data ( std::span< const uint8_t > ad)

Monolithic setting of associated data usid in the GCM use-case.

Definition at line 143 of file ghash.cpp.

143 {
144 BOTAN_STATE_CHECK(!m_nonce);
145
147 m_H_ad = {0};
148 ghash_update(m_H_ad, input);
149 ghash_zeropad(m_H_ad);
150 m_ad_len = input.size();
151}

References Botan::SymmetricAlgorithm::assert_key_material_set(), and BOTAN_STATE_CHECK.

◆ set_key() [1/3]

◆ set_key() [2/3]

void Botan::SymmetricAlgorithm::set_key ( const uint8_t key[],
size_t length )
inlineinherited

Set the symmetric key of this object.

Parameters
keythe to be set as a byte array.
lengthin bytes of key param

Definition at line 128 of file sym_algo.h.

128{ set_key(std::span{key, length}); }

References set_key().

Referenced by set_key().

◆ set_key() [3/3]

void Botan::SymmetricAlgorithm::set_key ( std::span< const uint8_t > key)
inherited

Set the symmetric key of this object.

Parameters
keythe contiguous byte range to be set.

Definition at line 22 of file sym_algo.cpp.

22 {
23 if(!valid_keylength(key.size())) {
24 throw Invalid_Key_Length(name(), key.size());
25 }
26 key_schedule(key);
27}
bool valid_keylength(size_t length) const
Definition sym_algo.h:109
virtual std::string name() const =0

References name(), and valid_keylength().

◆ start()

void Botan::GHASH::start ( std::span< const uint8_t > nonce)

Definition at line 136 of file ghash.cpp.

136 {
137 BOTAN_ARG_CHECK(nonce.size() == 16, "GHASH requires a 128-bit nonce");
138 auto& n = m_nonce.emplace();
139 copy_mem(n, nonce);
140 copy_mem(m_ghash, m_H_ad);
141}
constexpr void copy_mem(T *out, const T *in, size_t n)
Definition mem_ops.h:149

References BOTAN_ARG_CHECK, and Botan::copy_mem().

◆ update()

void Botan::GHASH::update ( std::span< const uint8_t > in)

Definition at line 159 of file ghash.cpp.

159 {
161 BOTAN_STATE_CHECK(m_nonce);
162 ghash_update(m_ghash, input);
163 m_text_len += input.size();
164}

References Botan::SymmetricAlgorithm::assert_key_material_set(), and BOTAN_STATE_CHECK.

◆ update_associated_data()

void Botan::GHASH::update_associated_data ( std::span< const uint8_t > ad)

Incremental update of associated data used in the GMAC use-case.

Definition at line 153 of file ghash.cpp.

153 {
155 ghash_update(m_ghash, ad);
156 m_ad_len += ad.size();
157}

References Botan::SymmetricAlgorithm::assert_key_material_set().

◆ valid_keylength()

bool Botan::SymmetricAlgorithm::valid_keylength ( size_t length) const
inlineinherited

Check whether a given key length is valid for this algorithm.

Parameters
lengththe key length to be checked.
Returns
true if the key length is valid.

Definition at line 109 of file sym_algo.h.

109{ return key_spec().valid_keylength(length); }
bool valid_keylength(size_t length) const
Definition sym_algo.h:44

References key_spec().

Referenced by set_key().


The documentation for this class was generated from the following files: