Botan  2.4.0
Crypto and TLS for C++11
Public Member Functions | Protected Member Functions | List of all members
Botan::GHASH Class Referencefinal

#include <ghash.h>

Inheritance diagram for Botan::GHASH:
Botan::SymmetricAlgorithm

Public Member Functions

void add_final_block (secure_vector< uint8_t > &x, size_t ad_len, size_t pt_len)
 
void clear () override
 
secure_vector< uint8_t > final ()
 
void ghash_update (secure_vector< uint8_t > &x, const uint8_t input[], size_t input_len)
 
Key_Length_Specification key_spec () const override
 
size_t maximum_keylength () const
 
size_t minimum_keylength () const
 
std::string name () const override
 
secure_vector< uint8_t > nonce_hash (const uint8_t nonce[], size_t len)
 
std::string provider () const
 
void reset ()
 
void set_associated_data (const uint8_t ad[], size_t ad_len)
 
void set_key (const SymmetricKey &key)
 
template<typename Alloc >
void set_key (const std::vector< uint8_t, Alloc > &key)
 
void set_key (const uint8_t key[], size_t length)
 
void start (const uint8_t nonce[], size_t len)
 
void update (const uint8_t in[], size_t len)
 
void update_associated_data (const uint8_t ad[], size_t len)
 
bool valid_keylength (size_t length) const
 

Protected Member Functions

void verify_key_set (bool cond) const
 

Detailed Description

GCM's GHASH This is not intended for general use, but is exposed to allow shared code between GCM and GMAC

Definition at line 20 of file ghash.h.

Member Function Documentation

◆ add_final_block()

void Botan::GHASH::add_final_block ( secure_vector< uint8_t > &  x,
size_t  ad_len,
size_t  pt_len 
)

Definition at line 214 of file ghash.cpp.

References ghash_update().

Referenced by final(), and nonce_hash().

216  {
217  /*
218  * stack buffer is fine here since the text len is public
219  * and the length of the AD is probably not sensitive either.
220  */
221  uint8_t final_block[GCM_BS];
222  store_be<uint64_t>(final_block, 8*ad_len, 8*text_len);
223  ghash_update(hash, final_block, GCM_BS);
224  }
void ghash_update(secure_vector< uint8_t > &x, const uint8_t input[], size_t input_len)
Definition: ghash.cpp:111
MechanismType hash

◆ clear()

void Botan::GHASH::clear ( )
overridevirtual

Reset the state.

Implements Botan::SymmetricAlgorithm.

Definition at line 249 of file ghash.cpp.

References reset(), and Botan::zeroise().

250  {
251  zeroise(m_H);
252  zeroise(m_HM);
253  reset();
254  }
void reset()
Definition: ghash.cpp:256
void zeroise(std::vector< T, Alloc > &vec)
Definition: secmem.h:181

◆ final()

secure_vector< uint8_t > Botan::GHASH::final ( )

Definition at line 226 of file ghash.cpp.

References add_final_block().

227  {
228  add_final_block(m_ghash, m_ad_len, m_text_len);
229 
230  secure_vector<uint8_t> mac;
231  mac.swap(m_ghash);
232 
233  mac ^= m_nonce;
234  m_text_len = 0;
235  return mac;
236  }
void add_final_block(secure_vector< uint8_t > &x, size_t ad_len, size_t pt_len)
Definition: ghash.cpp:214

◆ ghash_update()

void Botan::GHASH::ghash_update ( secure_vector< uint8_t > &  x,
const uint8_t  input[],
size_t  input_len 
)

Definition at line 111 of file ghash.cpp.

References Botan::copy_mem(), Botan::gcm_clmul_precompute(), Botan::gcm_pmull_precompute(), and Botan::load_be< uint64_t >().

Referenced by add_final_block(), nonce_hash(), set_associated_data(), update(), and update_associated_data().

113  {
114  /*
115  This assumes if less than block size input then we're just on the
116  final block and should pad with zeros
117  */
118 
119  const size_t full_blocks = length / GCM_BS;
120  const size_t final_bytes = length - (full_blocks * GCM_BS);
121 
122  if(full_blocks > 0)
123  {
124  gcm_multiply(ghash, input, full_blocks);
125  }
126 
127  if(final_bytes)
128  {
129  secure_vector<uint8_t> last_block(GCM_BS);
130  copy_mem(last_block.data(), input + full_blocks * GCM_BS, final_bytes);
131  gcm_multiply(ghash, last_block.data(), 1);
132  }
133  }
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:97

◆ key_spec()

Key_Length_Specification Botan::GHASH::key_spec ( ) const
inlineoverridevirtual
Returns
object describing limits on key size

Implements Botan::SymmetricAlgorithm.

Definition at line 41 of file ghash.h.

42  { return Key_Length_Specification(16); }

◆ maximum_keylength()

size_t Botan::SymmetricAlgorithm::maximum_keylength ( ) const
inlineinherited
Returns
minimum allowed key length

Definition at line 39 of file sym_algo.h.

40  {
41  return key_spec().maximum_keylength();
42  }
size_t maximum_keylength() const
Definition: key_spec.h:69
virtual Key_Length_Specification key_spec() const =0

◆ minimum_keylength()

size_t Botan::SymmetricAlgorithm::minimum_keylength ( ) const
inlineinherited
Returns
maximum allowed key length

Definition at line 47 of file sym_algo.h.

48  {
49  return key_spec().minimum_keylength();
50  }
virtual Key_Length_Specification key_spec() const =0
size_t minimum_keylength() const
Definition: key_spec.h:61

◆ name()

std::string Botan::GHASH::name ( ) const
inlineoverridevirtual
Returns
the algorithm name

Implements Botan::SymmetricAlgorithm.

Definition at line 48 of file ghash.h.

48 { return "GHASH"; }

◆ nonce_hash()

secure_vector< uint8_t > Botan::GHASH::nonce_hash ( const uint8_t  nonce[],
size_t  len 
)

Definition at line 238 of file ghash.cpp.

References add_final_block(), BOTAN_ASSERT, and ghash_update().

239  {
240  BOTAN_ASSERT(m_ghash.size() == 0, "nonce_hash called during wrong time");
241  secure_vector<uint8_t> y0(GCM_BS);
242 
243  ghash_update(y0, nonce, nonce_len);
244  add_final_block(y0, 0, nonce_len);
245 
246  return y0;
247  }
void add_final_block(secure_vector< uint8_t > &x, size_t ad_len, size_t pt_len)
Definition: ghash.cpp:214
void ghash_update(secure_vector< uint8_t > &x, const uint8_t input[], size_t input_len)
Definition: ghash.cpp:111
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:29

◆ provider()

std::string Botan::GHASH::provider ( ) const

Definition at line 28 of file ghash.cpp.

References Botan::gcm_multiply_clmul(), Botan::gcm_multiply_pmull(), Botan::gcm_multiply_ssse3(), Botan::load_be< uint64_t >(), Botan::CT::poison(), Botan::CT::unpoison(), X, and Z.

29  {
30 #if defined(BOTAN_HAS_GCM_CLMUL)
31  if(CPUID::has_clmul())
32  return "clmul";
33 #endif
34 
35 #if defined(BOTAN_HAS_GCM_CLMUL_SSSE3)
36  if(CPUID::has_ssse3())
37  return "ssse3";
38 #endif
39 
40 #if defined(BOTAN_HAS_GCM_PMULL)
41  if(CPUID::has_arm_pmull())
42  return "pmull";
43 #endif
44 
45  return "base";
46  }

◆ reset()

void Botan::GHASH::reset ( )

Definition at line 256 of file ghash.cpp.

References Botan::zeroise().

Referenced by clear().

257  {
258  zeroise(m_H_ad);
259  m_ghash.clear();
260  m_nonce.clear();
261  m_text_len = m_ad_len = 0;
262  }
void zeroise(std::vector< T, Alloc > &vec)
Definition: secmem.h:181

◆ set_associated_data()

void Botan::GHASH::set_associated_data ( const uint8_t  ad[],
size_t  ad_len 
)

Definition at line 192 of file ghash.cpp.

References ghash_update(), and Botan::zeroise().

193  {
194  zeroise(m_H_ad);
195 
196  ghash_update(m_H_ad, input, length);
197  m_ad_len = length;
198  }
void ghash_update(secure_vector< uint8_t > &x, const uint8_t input[], size_t input_len)
Definition: ghash.cpp:111
void zeroise(std::vector< T, Alloc > &vec)
Definition: secmem.h:181

◆ set_key() [1/3]

void Botan::SymmetricAlgorithm::set_key ( const SymmetricKey key)
inlineinherited

Set the symmetric key of this object.

Parameters
keythe SymmetricKey to be set.

Definition at line 66 of file sym_algo.h.

References Botan::OctetString::begin(), and Botan::OctetString::length().

Referenced by Botan::aont_package(), Botan::aont_unpackage(), botan_block_cipher_set_key(), botan_mac_set_key(), Botan::GOST_34_11::copy_state(), Botan::DESX::decrypt_n(), Botan::TLS::TLS_CBC_HMAC_AEAD_Mode::key_spec(), Botan::pbkdf2(), and Botan::TLS_PRF::TLS_PRF().

67  {
68  set_key(key.begin(), key.length());
69  }
void set_key(const SymmetricKey &key)
Definition: sym_algo.h:66

◆ set_key() [2/3]

template<typename Alloc >
void Botan::SymmetricAlgorithm::set_key ( const std::vector< uint8_t, Alloc > &  key)
inlineinherited

Definition at line 72 of file sym_algo.h.

73  {
74  set_key(key.data(), key.size());
75  }
void set_key(const SymmetricKey &key)
Definition: sym_algo.h:66

◆ set_key() [3/3]

void Botan::SymmetricAlgorithm::set_key ( const uint8_t  key[],
size_t  length 
)
inlineinherited

Set the symmetric key of this object.

Parameters
keythe to be set as a byte array.
lengthin bytes of key param

Definition at line 82 of file sym_algo.h.

83  {
84  if(!valid_keylength(length))
85  throw Invalid_Key_Length(name(), length);
86  key_schedule(key, length);
87  }
bool valid_keylength(size_t length) const
Definition: sym_algo.h:57
virtual std::string name() const =0

◆ start()

void Botan::GHASH::start ( const uint8_t  nonce[],
size_t  len 
)

Definition at line 186 of file ghash.cpp.

187  {
188  m_nonce.assign(nonce, nonce + len);
189  m_ghash = m_H_ad;
190  }

◆ update()

void Botan::GHASH::update ( const uint8_t  in[],
size_t  len 
)

Definition at line 207 of file ghash.cpp.

References BOTAN_ASSERT, and ghash_update().

208  {
209  BOTAN_ASSERT(m_ghash.size() == GCM_BS, "Key was set");
210  m_text_len += length;
211  ghash_update(m_ghash, input, length);
212  }
void ghash_update(secure_vector< uint8_t > &x, const uint8_t input[], size_t input_len)
Definition: ghash.cpp:111
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:29

◆ update_associated_data()

void Botan::GHASH::update_associated_data ( const uint8_t  ad[],
size_t  len 
)

Definition at line 200 of file ghash.cpp.

References ghash_update(), and Botan::SymmetricAlgorithm::verify_key_set().

201  {
202  verify_key_set(m_ghash.size() == GCM_BS);
203  m_ad_len += length;
204  ghash_update(m_ghash, ad, length);
205  }
void verify_key_set(bool cond) const
Definition: sym_algo.h:95
void ghash_update(secure_vector< uint8_t > &x, const uint8_t input[], size_t input_len)
Definition: ghash.cpp:111

◆ valid_keylength()

bool Botan::SymmetricAlgorithm::valid_keylength ( size_t  length) const
inlineinherited

Check whether a given key length is valid for this algorithm.

Parameters
lengththe key length to be checked.
Returns
true if the key length is valid.

Definition at line 57 of file sym_algo.h.

Referenced by Botan::aont_package(), and Botan::aont_unpackage().

58  {
59  return key_spec().valid_keylength(length);
60  }
bool valid_keylength(size_t length) const
Definition: key_spec.h:51
virtual Key_Length_Specification key_spec() const =0

◆ verify_key_set()

void Botan::SymmetricAlgorithm::verify_key_set ( bool  cond) const
inlineprotectedinherited

Definition at line 95 of file sym_algo.h.

Referenced by Botan::Salsa20::cipher(), Botan::CTR_BE::cipher(), Botan::RC4::cipher(), Botan::SHAKE_128_Cipher::cipher(), Botan::ChaCha::cipher(), Botan::Poly1305::clear(), Botan::CAST_128::decrypt_n(), Botan::IDEA::decrypt_n(), Botan::SM4::decrypt_n(), Botan::Threefish_512::decrypt_n(), Botan::DES::decrypt_n(), Botan::Twofish::decrypt_n(), Botan::KASUMI::decrypt_n(), Botan::XTEA::decrypt_n(), Botan::Blowfish::decrypt_n(), Botan::MISTY1::decrypt_n(), Botan::CAST_256::decrypt_n(), Botan::DESX::decrypt_n(), Botan::Noekeon::decrypt_n(), Botan::SEED::decrypt_n(), Botan::SHACAL2::decrypt_n(), Botan::Serpent::decrypt_n(), Botan::Lion::decrypt_n(), Botan::TripleDES::decrypt_n(), Botan::GOST_28147_89::decrypt_n(), Botan::CAST_128::encrypt_n(), Botan::Noekeon::encrypt_n(), Botan::CAST_256::encrypt_n(), Botan::MISTY1::encrypt_n(), Botan::Twofish::encrypt_n(), Botan::SEED::encrypt_n(), Botan::SHACAL2::encrypt_n(), Botan::SM4::encrypt_n(), Botan::DES::encrypt_n(), Botan::XTEA::encrypt_n(), Botan::IDEA::encrypt_n(), Botan::DESX::encrypt_n(), Botan::Threefish_512::encrypt_n(), Botan::Blowfish::encrypt_n(), Botan::KASUMI::encrypt_n(), Botan::Serpent::encrypt_n(), Botan::Lion::encrypt_n(), Botan::TripleDES::encrypt_n(), Botan::GOST_28147_89::encrypt_n(), Botan::Salsa20::seek(), Botan::CTR_BE::seek(), Botan::ChaCha::seek(), and update_associated_data().

96  {
97  if(cond == false)
98  throw Key_Not_Set(name());
99  }
virtual std::string name() const =0

The documentation for this class was generated from the following files: