Botan 3.7.1
Crypto and TLS for C&
Botan::GHASH Class Referencefinal

#include <ghash.h>

Inheritance diagram for Botan::GHASH:
Botan::SymmetricAlgorithm

Public Member Functions

void clear () override
 
void final (std::span< uint8_t > out)
 
bool has_keying_material () const override
 
Key_Length_Specification key_spec () const override
 
size_t maximum_keylength () const
 
size_t minimum_keylength () const
 
std::string name () const override
 
void nonce_hash (secure_vector< uint8_t > &y0, std::span< const uint8_t > nonce)
 Hashing of non-default length nonce values for both GCM and GMAC use-cases.
 
std::string provider () const
 
void reset ()
 
void set_associated_data (std::span< const uint8_t > ad)
 Monolithic setting of associated data usid in the GCM use-case.
 
void set_key (const SymmetricKey &key)
 
void set_key (const uint8_t key[], size_t length)
 
void set_key (std::span< const uint8_t > key)
 
void start (std::span< const uint8_t > nonce)
 
void update (std::span< const uint8_t > in)
 
void update_associated_data (std::span< const uint8_t > ad)
 Incremental update of associated data used in the GMAC use-case.
 
bool valid_keylength (size_t length) const
 

Protected Member Functions

void assert_key_material_set () const
 
void assert_key_material_set (bool predicate) const
 

Detailed Description

GCM's GHASH

Definition at line 19 of file ghash.h.

Member Function Documentation

◆ assert_key_material_set() [1/2]

void Botan::SymmetricAlgorithm::assert_key_material_set ( ) const
inlineprotectedinherited

Definition at line 139 of file sym_algo.h.

virtual bool has_keying_material() const =0
void assert_key_material_set() const
Definition sym_algo.h:139

References Botan::SymmetricAlgorithm::assert_key_material_set().

Referenced by Botan::SymmetricAlgorithm::assert_key_material_set(), Botan::Salsa20::cipher_bytes(), Botan::AES_128::decrypt_n(), Botan::AES_192::decrypt_n(), Botan::AES_256::decrypt_n(), Botan::ARIA_128::decrypt_n(), Botan::ARIA_192::decrypt_n(), Botan::ARIA_256::decrypt_n(), Botan::Blowfish::decrypt_n(), Botan::Camellia_128::decrypt_n(), Botan::Camellia_192::decrypt_n(), Botan::Camellia_256::decrypt_n(), Botan::CAST_128::decrypt_n(), Botan::DES::decrypt_n(), Botan::GOST_28147_89::decrypt_n(), Botan::IDEA::decrypt_n(), Botan::Kuznyechik::decrypt_n(), Botan::Lion::decrypt_n(), Botan::Noekeon::decrypt_n(), Botan::SEED::decrypt_n(), Botan::Serpent::decrypt_n(), Botan::SHACAL2::decrypt_n(), Botan::SM4::decrypt_n(), Botan::Threefish_512::decrypt_n(), Botan::TripleDES::decrypt_n(), Botan::Twofish::decrypt_n(), Botan::AES_128::encrypt_n(), Botan::AES_192::encrypt_n(), Botan::AES_256::encrypt_n(), Botan::ARIA_128::encrypt_n(), Botan::ARIA_192::encrypt_n(), Botan::ARIA_256::encrypt_n(), Botan::Blowfish::encrypt_n(), Botan::Camellia_128::encrypt_n(), Botan::Camellia_192::encrypt_n(), Botan::Camellia_256::encrypt_n(), Botan::CAST_128::encrypt_n(), Botan::DES::encrypt_n(), Botan::GOST_28147_89::encrypt_n(), Botan::IDEA::encrypt_n(), Botan::Kuznyechik::encrypt_n(), Botan::Lion::encrypt_n(), Botan::Noekeon::encrypt_n(), Botan::SEED::encrypt_n(), Botan::Serpent::encrypt_n(), Botan::SHACAL2::encrypt_n(), Botan::SM4::encrypt_n(), Botan::Threefish_512::encrypt_n(), Botan::TripleDES::encrypt_n(), Botan::Twofish::encrypt_n(), final(), nonce_hash(), Botan::ChaCha::seek(), Botan::CTR_BE::seek(), Botan::Salsa20::seek(), set_associated_data(), Botan::OCB_Mode::set_associated_data_n(), Botan::Salsa20::set_iv_bytes(), update(), and update_associated_data().

◆ assert_key_material_set() [2/2]

void Botan::SymmetricAlgorithm::assert_key_material_set ( bool predicate) const
inlineprotectedinherited

Definition at line 141 of file sym_algo.h.

141 {
142 if(!predicate) {
143 throw_key_not_set_error();
144 }
145 }

◆ clear()

void Botan::GHASH::clear ( )
overridevirtual

Reset the internal state. This includes not just the key, but any partial message that may have been in process.

Implements Botan::SymmetricAlgorithm.

Definition at line 182 of file ghash.cpp.

182 {
183 zap(m_HM);
184 reset();
185}
void reset()
Definition ghash.cpp:187
void zap(std::vector< T, Alloc > &vec)
Definition secmem.h:117

References reset(), and Botan::zap().

◆ final()

void Botan::GHASH::final ( std::span< uint8_t > out)

Definition at line 156 of file ghash.cpp.

156 {
157 BOTAN_ARG_CHECK(!mac.empty() && mac.size() <= GCM_BS, "GHASH output length");
158 BOTAN_STATE_CHECK(m_nonce);
160
161 ghash_zeropad(m_ghash);
162 ghash_final_block(m_ghash, m_ad_len, m_text_len);
163
164 xor_buf(mac, std::span{m_ghash}.first(mac.size()), std::span{*m_nonce}.first(mac.size()));
165
166 secure_scrub_memory(m_ghash);
167 m_text_len = 0;
168 m_nonce.reset();
169}
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:41
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:29
void secure_scrub_memory(void *ptr, size_t n)
Definition mem_utils.cpp:19
constexpr void xor_buf(ranges::contiguous_output_range< uint8_t > auto &&out, ranges::contiguous_range< uint8_t > auto &&in)
Definition mem_ops.h:342

References Botan::SymmetricAlgorithm::assert_key_material_set(), BOTAN_ARG_CHECK, BOTAN_STATE_CHECK, Botan::secure_scrub_memory(), and Botan::xor_buf().

◆ has_keying_material()

bool Botan::GHASH::has_keying_material ( ) const
overridevirtual
Returns
true if a key has been set on this object

Implements Botan::SymmetricAlgorithm.

Definition at line 85 of file ghash.cpp.

85 {
86 return !m_HM.empty();
87}

◆ key_spec()

Key_Length_Specification Botan::GHASH::key_spec ( ) const
inlineoverridevirtual
Returns
object describing limits on key size

Implements Botan::SymmetricAlgorithm.

Definition at line 39 of file ghash.h.

39{ return Key_Length_Specification(16); }

◆ maximum_keylength()

size_t Botan::SymmetricAlgorithm::maximum_keylength ( ) const
inlineinherited
Returns
maximum allowed key length

Definition at line 95 of file sym_algo.h.

95{ return key_spec().maximum_keylength(); }
size_t maximum_keylength() const
Definition sym_algo.h:54
virtual Key_Length_Specification key_spec() const =0

◆ minimum_keylength()

size_t Botan::SymmetricAlgorithm::minimum_keylength ( ) const
inlineinherited
Returns
minimum allowed key length

Definition at line 100 of file sym_algo.h.

100{ return key_spec().minimum_keylength(); }
size_t minimum_keylength() const
Definition sym_algo.h:49

◆ name()

std::string Botan::GHASH::name ( ) const
inlineoverridevirtual
Returns
the algorithm name

Implements Botan::SymmetricAlgorithm.

Definition at line 47 of file ghash.h.

47{ return "GHASH"; }

◆ nonce_hash()

void Botan::GHASH::nonce_hash ( secure_vector< uint8_t > & y0,
std::span< const uint8_t > nonce )

Hashing of non-default length nonce values for both GCM and GMAC use-cases.

Definition at line 171 of file ghash.cpp.

171 {
173 BOTAN_STATE_CHECK(!m_nonce);
174 BOTAN_ARG_CHECK(y0.size() == GCM_BS, "ghash state must be 16 bytes");
175
176 auto sy0 = std::span<uint8_t, GCM_BS>{y0};
177 ghash_update(sy0, nonce);
178 ghash_zeropad(sy0);
179 ghash_final_block(sy0, 0, nonce.size());
180}

References Botan::SymmetricAlgorithm::assert_key_material_set(), BOTAN_ARG_CHECK, and BOTAN_STATE_CHECK.

◆ provider()

std::string Botan::GHASH::provider ( ) const

Definition at line 20 of file ghash.cpp.

20 {
21#if defined(BOTAN_HAS_GHASH_CLMUL_CPU)
23 return "clmul";
24 }
25#endif
26
27#if defined(BOTAN_HAS_GHASH_CLMUL_VPERM)
28 if(CPUID::has_vperm()) {
29 return "vperm";
30 }
31#endif
32
33 return "base";
34}
static bool has_vperm()
Definition cpuid.h:335
static bool has_carryless_multiply()
Definition cpuid.h:366

References Botan::CPUID::has_carryless_multiply(), and Botan::CPUID::has_vperm().

◆ reset()

void Botan::GHASH::reset ( )

Definition at line 187 of file ghash.cpp.

187 {
188 m_H_ad = {0};
189 secure_scrub_memory(m_ghash);
190 if(m_nonce) {
191 secure_scrub_memory(m_nonce.value());
192 m_nonce.reset();
193 }
194 m_buffer.clear();
195 m_text_len = m_ad_len = 0;
196}

References Botan::AlignmentBuffer< T, BLOCK_SIZE, FINAL_BLOCK_STRATEGY >::clear(), and Botan::secure_scrub_memory().

Referenced by clear().

◆ set_associated_data()

void Botan::GHASH::set_associated_data ( std::span< const uint8_t > ad)

Monolithic setting of associated data usid in the GCM use-case.

Definition at line 133 of file ghash.cpp.

133 {
134 BOTAN_STATE_CHECK(!m_nonce);
135
137 m_H_ad = {0};
138 ghash_update(m_H_ad, input);
139 ghash_zeropad(m_H_ad);
140 m_ad_len = input.size();
141}

References Botan::SymmetricAlgorithm::assert_key_material_set(), and BOTAN_STATE_CHECK.

◆ set_key() [1/3]

◆ set_key() [2/3]

void Botan::SymmetricAlgorithm::set_key ( const uint8_t key[],
size_t length )
inlineinherited

Set the symmetric key of this object.

Parameters
keythe to be set as a byte array.
lengthin bytes of key param

Definition at line 126 of file sym_algo.h.

126{ set_key(std::span{key, length}); }

References Botan::SymmetricAlgorithm::set_key().

Referenced by Botan::SymmetricAlgorithm::set_key().

◆ set_key() [3/3]

void Botan::SymmetricAlgorithm::set_key ( std::span< const uint8_t > key)
inherited

Set the symmetric key of this object.

Parameters
keythe contiguous byte range to be set.

Definition at line 17 of file sym_algo.cpp.

17 {
18 if(!valid_keylength(key.size())) {
19 throw Invalid_Key_Length(name(), key.size());
20 }
21 key_schedule(key);
22}
bool valid_keylength(size_t length) const
Definition sym_algo.h:107
virtual std::string name() const =0

References Botan::SymmetricAlgorithm::name(), and Botan::SymmetricAlgorithm::valid_keylength().

◆ start()

void Botan::GHASH::start ( std::span< const uint8_t > nonce)

Definition at line 126 of file ghash.cpp.

126 {
127 BOTAN_ARG_CHECK(nonce.size() == 16, "GHASH requires a 128-bit nonce");
128 auto& n = m_nonce.emplace();
129 copy_mem(n, nonce);
130 copy_mem(m_ghash, m_H_ad);
131}
constexpr void copy_mem(T *out, const T *in, size_t n)
Definition mem_ops.h:147

References BOTAN_ARG_CHECK, and Botan::copy_mem().

◆ update()

void Botan::GHASH::update ( std::span< const uint8_t > in)

Definition at line 149 of file ghash.cpp.

149 {
151 BOTAN_STATE_CHECK(m_nonce);
152 ghash_update(m_ghash, input);
153 m_text_len += input.size();
154}

References Botan::SymmetricAlgorithm::assert_key_material_set(), and BOTAN_STATE_CHECK.

◆ update_associated_data()

void Botan::GHASH::update_associated_data ( std::span< const uint8_t > ad)

Incremental update of associated data used in the GMAC use-case.

Definition at line 143 of file ghash.cpp.

143 {
145 ghash_update(m_ghash, ad);
146 m_ad_len += ad.size();
147}

References Botan::SymmetricAlgorithm::assert_key_material_set().

◆ valid_keylength()

bool Botan::SymmetricAlgorithm::valid_keylength ( size_t length) const
inlineinherited

Check whether a given key length is valid for this algorithm.

Parameters
lengththe key length to be checked.
Returns
true if the key length is valid.

Definition at line 107 of file sym_algo.h.

107{ return key_spec().valid_keylength(length); }
bool valid_keylength(size_t length) const
Definition sym_algo.h:42

Referenced by Botan::SymmetricAlgorithm::set_key().


The documentation for this class was generated from the following files: