Botan  2.17.3
Crypto and TLS for C++11
Public Member Functions | Protected Member Functions | List of all members
Botan::GHASH Class Referencefinal

#include <ghash.h>

Inheritance diagram for Botan::GHASH:
Botan::SymmetricAlgorithm

Public Member Functions

void add_final_block (secure_vector< uint8_t > &x, size_t ad_len, size_t pt_len)
 
void clear () override
 
secure_vector< uint8_t > final ()
 
void final (uint8_t out[], size_t out_len)
 
void ghash_update (secure_vector< uint8_t > &x, const uint8_t input[], size_t input_len)
 
Key_Length_Specification key_spec () const override
 
size_t maximum_keylength () const
 
size_t minimum_keylength () const
 
std::string name () const override
 
secure_vector< uint8_t > nonce_hash (const uint8_t nonce[], size_t nonce_len)
 
void nonce_hash (secure_vector< uint8_t > &y0, const uint8_t nonce[], size_t len)
 
std::string provider () const
 
void reset ()
 
void set_associated_data (const uint8_t ad[], size_t ad_len)
 
void set_key (const SymmetricKey &key)
 
template<typename Alloc >
void set_key (const std::vector< uint8_t, Alloc > &key)
 
void set_key (const uint8_t key[], size_t length)
 
void start (const uint8_t nonce[], size_t len)
 
void update (const uint8_t in[], size_t len)
 
void update_associated_data (const uint8_t ad[], size_t len)
 
bool valid_keylength (size_t length) const
 

Protected Member Functions

void verify_key_set (bool cond) const
 

Detailed Description

GCM's GHASH This is not intended for general use, but is exposed to allow shared code between GCM and GMAC

Definition at line 22 of file ghash.h.

Member Function Documentation

◆ add_final_block()

void Botan::GHASH::add_final_block ( secure_vector< uint8_t > &  x,
size_t  ad_len,
size_t  pt_len 
)

Definition at line 189 of file ghash.cpp.

References ghash_update(), and hash.

Referenced by final(), and nonce_hash().

191  {
192  /*
193  * stack buffer is fine here since the text len is public
194  * and the length of the AD is probably not sensitive either.
195  */
196  uint8_t final_block[GCM_BS];
197  store_be<uint64_t>(final_block, 8*ad_len, 8*text_len);
198  ghash_update(hash, final_block, GCM_BS);
199  }
void ghash_update(secure_vector< uint8_t > &x, const uint8_t input[], size_t input_len)
Definition: ghash.cpp:88
MechanismType hash

◆ clear()

void Botan::GHASH::clear ( )
overridevirtual

Reset the state.

Implements Botan::SymmetricAlgorithm.

Definition at line 221 of file ghash.cpp.

References reset(), and Botan::zap().

222  {
223  zap(m_H);
224  zap(m_HM);
225  reset();
226  }
void reset()
Definition: ghash.cpp:228
void zap(std::vector< T, Alloc > &vec)
Definition: secmem.h:127

◆ final() [1/2]

secure_vector<uint8_t> Botan::GHASH::final ( )
inline

Definition at line 49 of file ghash.h.

50  {
51  secure_vector<uint8_t> mac(GCM_BS);
52  final(mac.data(), mac.size());
53  return mac;
54  }

◆ final() [2/2]

void Botan::GHASH::final ( uint8_t  out[],
size_t  out_len 
)

Definition at line 201 of file ghash.cpp.

References add_final_block(), and BOTAN_ARG_CHECK.

202  {
203  BOTAN_ARG_CHECK(mac_len > 0 && mac_len <= 16, "GHASH output length");
204  add_final_block(m_ghash, m_ad_len, m_text_len);
205 
206  for(size_t i = 0; i != mac_len; ++i)
207  mac[i] = m_ghash[i] ^ m_nonce[i];
208 
209  m_ghash.clear();
210  m_text_len = 0;
211  }
void add_final_block(secure_vector< uint8_t > &x, size_t ad_len, size_t pt_len)
Definition: ghash.cpp:189
#define BOTAN_ARG_CHECK(expr, msg)
Definition: assert.h:37

◆ ghash_update()

void Botan::GHASH::ghash_update ( secure_vector< uint8_t > &  x,
const uint8_t  input[],
size_t  input_len 
)

Definition at line 88 of file ghash.cpp.

References Botan::copy_mem(), Botan::secure_scrub_memory(), and Botan::SymmetricAlgorithm::verify_key_set().

Referenced by add_final_block(), nonce_hash(), set_associated_data(), update(), and update_associated_data().

90  {
91  verify_key_set(!m_HM.empty());
92 
93  /*
94  This assumes if less than block size input then we're just on the
95  final block and should pad with zeros
96  */
97 
98  const size_t full_blocks = length / GCM_BS;
99  const size_t final_bytes = length - (full_blocks * GCM_BS);
100 
101  if(full_blocks > 0)
102  {
103  ghash_multiply(ghash, input, full_blocks);
104  }
105 
106  if(final_bytes)
107  {
108  uint8_t last_block[GCM_BS] = { 0 };
109  copy_mem(last_block, input + full_blocks * GCM_BS, final_bytes);
110  ghash_multiply(ghash, last_block, 1);
111  secure_scrub_memory(last_block, final_bytes);
112  }
113  }
void verify_key_set(bool cond) const
Definition: sym_algo.h:171
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:133
void secure_scrub_memory(void *ptr, size_t n)
Definition: os_utils.cpp:66

◆ key_spec()

Key_Length_Specification Botan::GHASH::key_spec ( ) const
inlineoverridevirtual
Returns
object describing limits on key size

Implements Botan::SymmetricAlgorithm.

Definition at line 58 of file ghash.h.

59  { return Key_Length_Specification(16); }

◆ maximum_keylength()

size_t Botan::SymmetricAlgorithm::maximum_keylength ( ) const
inlineinherited
Returns
maximum allowed key length

Definition at line 120 of file sym_algo.h.

121  {
122  return key_spec().maximum_keylength();
123  }
size_t maximum_keylength() const
Definition: sym_algo.h:70
virtual Key_Length_Specification key_spec() const =0

◆ minimum_keylength()

size_t Botan::SymmetricAlgorithm::minimum_keylength ( ) const
inlineinherited
Returns
minimum allowed key length

Definition at line 128 of file sym_algo.h.

Referenced by botan_block_cipher_get_keyspec(), and botan_mac_get_keyspec().

129  {
130  return key_spec().minimum_keylength();
131  }
virtual Key_Length_Specification key_spec() const =0
size_t minimum_keylength() const
Definition: sym_algo.h:62

◆ name()

std::string Botan::GHASH::name ( ) const
inlineoverridevirtual
Returns
the algorithm name

Implements Botan::SymmetricAlgorithm.

Definition at line 65 of file ghash.h.

65 { return "GHASH"; }

◆ nonce_hash() [1/2]

secure_vector<uint8_t> Botan::GHASH::nonce_hash ( const uint8_t  nonce[],
size_t  nonce_len 
)
inline

Definition at line 28 of file ghash.h.

29  {
30  secure_vector<uint8_t> y0(GCM_BS);
31  nonce_hash(y0, nonce, nonce_len);
32  return y0;
33  }
secure_vector< uint8_t > nonce_hash(const uint8_t nonce[], size_t nonce_len)
Definition: ghash.h:28

◆ nonce_hash() [2/2]

void Botan::GHASH::nonce_hash ( secure_vector< uint8_t > &  y0,
const uint8_t  nonce[],
size_t  len 
)

Definition at line 213 of file ghash.cpp.

References add_final_block(), BOTAN_ASSERT, and ghash_update().

214  {
215  BOTAN_ASSERT(m_ghash.size() == 0, "nonce_hash called during wrong time");
216 
217  ghash_update(y0, nonce, nonce_len);
218  add_final_block(y0, 0, nonce_len);
219  }
void add_final_block(secure_vector< uint8_t > &x, size_t ad_len, size_t pt_len)
Definition: ghash.cpp:189
void ghash_update(secure_vector< uint8_t > &x, const uint8_t input[], size_t input_len)
Definition: ghash.cpp:88
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:55

◆ provider()

std::string Botan::GHASH::provider ( ) const

Definition at line 17 of file ghash.cpp.

References Botan::CPUID::has_carryless_multiply(), and Botan::CPUID::has_vperm().

18  {
19 #if defined(BOTAN_HAS_GHASH_CLMUL_CPU)
21  return "clmul";
22 #endif
23 
24 #if defined(BOTAN_HAS_GHASH_CLMUL_VPERM)
25  if(CPUID::has_vperm())
26  return "vperm";
27 #endif
28 
29  return "base";
30  }
static bool has_carryless_multiply()
Definition: cpuid.h:395
static bool has_vperm()
Definition: cpuid.h:362

◆ reset()

void Botan::GHASH::reset ( )

Definition at line 228 of file ghash.cpp.

References Botan::zeroise().

Referenced by clear().

229  {
230  zeroise(m_H_ad);
231  m_ghash.clear();
232  m_nonce.clear();
233  m_text_len = m_ad_len = 0;
234  }
void zeroise(std::vector< T, Alloc > &vec)
Definition: secmem.h:117

◆ set_associated_data()

void Botan::GHASH::set_associated_data ( const uint8_t  ad[],
size_t  ad_len 
)

Definition at line 164 of file ghash.cpp.

References ghash_update(), and Botan::zeroise().

165  {
166  if(m_ghash.empty() == false)
167  throw Invalid_State("Too late to set AD in GHASH");
168 
169  zeroise(m_H_ad);
170 
171  ghash_update(m_H_ad, input, length);
172  m_ad_len = length;
173  }
void ghash_update(secure_vector< uint8_t > &x, const uint8_t input[], size_t input_len)
Definition: ghash.cpp:88
void zeroise(std::vector< T, Alloc > &vec)
Definition: secmem.h:117

◆ set_key() [1/3]

void Botan::SymmetricAlgorithm::set_key ( const SymmetricKey key)
inlineinherited

◆ set_key() [2/3]

template<typename Alloc >
void Botan::SymmetricAlgorithm::set_key ( const std::vector< uint8_t, Alloc > &  key)
inlineinherited

Definition at line 153 of file sym_algo.h.

154  {
155  set_key(key.data(), key.size());
156  }
void set_key(const SymmetricKey &key)
Definition: sym_algo.h:147

◆ set_key() [3/3]

void Botan::SymmetricAlgorithm::set_key ( const uint8_t  key[],
size_t  length 
)
inherited

Set the symmetric key of this object.

Parameters
keythe to be set as a byte array.
lengthin bytes of key param

Definition at line 17 of file sym_algo.cpp.

References Botan::SymmetricAlgorithm::name(), and Botan::SymmetricAlgorithm::valid_keylength().

18  {
19  if(!valid_keylength(length))
20  throw Invalid_Key_Length(name(), length);
21  key_schedule(key, length);
22  }
bool valid_keylength(size_t length) const
Definition: sym_algo.h:138
virtual std::string name() const =0

◆ start()

void Botan::GHASH::start ( const uint8_t  nonce[],
size_t  len 
)

Definition at line 157 of file ghash.cpp.

References BOTAN_ARG_CHECK.

158  {
159  BOTAN_ARG_CHECK(len == 16, "GHASH requires a 128-bit nonce");
160  m_nonce.assign(nonce, nonce + len);
161  m_ghash = m_H_ad;
162  }
#define BOTAN_ARG_CHECK(expr, msg)
Definition: assert.h:37

◆ update()

void Botan::GHASH::update ( const uint8_t  in[],
size_t  len 
)

Definition at line 182 of file ghash.cpp.

References ghash_update(), and Botan::SymmetricAlgorithm::verify_key_set().

183  {
184  verify_key_set(m_ghash.size() == GCM_BS);
185  m_text_len += length;
186  ghash_update(m_ghash, input, length);
187  }
void verify_key_set(bool cond) const
Definition: sym_algo.h:171
void ghash_update(secure_vector< uint8_t > &x, const uint8_t input[], size_t input_len)
Definition: ghash.cpp:88

◆ update_associated_data()

void Botan::GHASH::update_associated_data ( const uint8_t  ad[],
size_t  len 
)

Definition at line 175 of file ghash.cpp.

References ghash_update(), and Botan::SymmetricAlgorithm::verify_key_set().

176  {
177  verify_key_set(m_ghash.size() == GCM_BS);
178  m_ad_len += length;
179  ghash_update(m_ghash, ad, length);
180  }
void verify_key_set(bool cond) const
Definition: sym_algo.h:171
void ghash_update(secure_vector< uint8_t > &x, const uint8_t input[], size_t input_len)
Definition: ghash.cpp:88

◆ valid_keylength()

bool Botan::SymmetricAlgorithm::valid_keylength ( size_t  length) const
inlineinherited

Check whether a given key length is valid for this algorithm.

Parameters
lengththe key length to be checked.
Returns
true if the key length is valid.

Definition at line 138 of file sym_algo.h.

Referenced by Botan::aont_package(), Botan::aont_unpackage(), and Botan::SymmetricAlgorithm::set_key().

139  {
140  return key_spec().valid_keylength(length);
141  }
bool valid_keylength(size_t length) const
Definition: sym_algo.h:52
virtual Key_Length_Specification key_spec() const =0

◆ verify_key_set()

void Botan::SymmetricAlgorithm::verify_key_set ( bool  cond) const
inlineprotectedinherited

Definition at line 171 of file sym_algo.h.

Referenced by Botan::Salsa20::cipher(), Botan::CTR_BE::cipher(), Botan::RC4::cipher(), Botan::SHAKE_128_Cipher::cipher(), Botan::ChaCha::cipher(), Botan::SM4::decrypt_n(), Botan::Blowfish::decrypt_n(), Botan::Camellia_128::decrypt_n(), Botan::CAST_128::decrypt_n(), Botan::SEED::decrypt_n(), Botan::SHACAL2::decrypt_n(), Botan::DES::decrypt_n(), Botan::Twofish::decrypt_n(), Botan::XTEA::decrypt_n(), Botan::DESX::decrypt_n(), Botan::IDEA::decrypt_n(), Botan::KASUMI::decrypt_n(), Botan::MISTY1::decrypt_n(), Botan::Noekeon::decrypt_n(), Botan::AES_128::decrypt_n(), Botan::CAST_256::decrypt_n(), Botan::Serpent::decrypt_n(), Botan::Threefish_512::decrypt_n(), Botan::Lion::decrypt_n(), Botan::ARIA_128::decrypt_n(), Botan::Camellia_192::decrypt_n(), Botan::TripleDES::decrypt_n(), Botan::ARIA_192::decrypt_n(), Botan::Camellia_256::decrypt_n(), Botan::AES_192::decrypt_n(), Botan::GOST_28147_89::decrypt_n(), Botan::ARIA_256::decrypt_n(), Botan::AES_256::decrypt_n(), Botan::SEED::encrypt_n(), Botan::CAST_256::encrypt_n(), Botan::SHACAL2::encrypt_n(), Botan::SM4::encrypt_n(), Botan::IDEA::encrypt_n(), Botan::KASUMI::encrypt_n(), Botan::AES_128::encrypt_n(), Botan::MISTY1::encrypt_n(), Botan::Noekeon::encrypt_n(), Botan::CAST_128::encrypt_n(), Botan::DES::encrypt_n(), Botan::Blowfish::encrypt_n(), Botan::Twofish::encrypt_n(), Botan::Camellia_128::encrypt_n(), Botan::XTEA::encrypt_n(), Botan::DESX::encrypt_n(), Botan::Threefish_512::encrypt_n(), Botan::Serpent::encrypt_n(), Botan::Lion::encrypt_n(), Botan::ARIA_128::encrypt_n(), Botan::Camellia_192::encrypt_n(), Botan::TripleDES::encrypt_n(), Botan::ARIA_192::encrypt_n(), Botan::Camellia_256::encrypt_n(), Botan::AES_192::encrypt_n(), Botan::GOST_28147_89::encrypt_n(), Botan::ARIA_256::encrypt_n(), Botan::AES_256::encrypt_n(), Botan::OCB_Encryption::finish(), Botan::OCB_Decryption::finish(), ghash_update(), Botan::CFB_Encryption::process(), Botan::CFB_Decryption::process(), Botan::Salsa20::seek(), Botan::CTR_BE::seek(), Botan::ChaCha::seek(), Botan::OCB_Mode::set_associated_data(), Botan::Salsa20::set_iv(), Botan::ChaCha::set_iv(), update(), update_associated_data(), and Botan::ChaCha::write_keystream().

172  {
173  if(cond == false)
174  throw_key_not_set_error();
175  }

The documentation for this class was generated from the following files: