Botan 2.19.1
Crypto and TLS for C&
Public Member Functions | Protected Member Functions | List of all members
Botan::GHASH Class Referencefinal

#include <ghash.h>

Inheritance diagram for Botan::GHASH:
Botan::SymmetricAlgorithm

Public Member Functions

void add_final_block (secure_vector< uint8_t > &x, size_t ad_len, size_t pt_len)
 
void clear () override
 
secure_vector< uint8_t > final ()
 
void final (uint8_t out[], size_t out_len)
 
void ghash_update (secure_vector< uint8_t > &x, const uint8_t input[], size_t input_len)
 
Key_Length_Specification key_spec () const override
 
size_t maximum_keylength () const
 
size_t minimum_keylength () const
 
std::string name () const override
 
secure_vector< uint8_t > nonce_hash (const uint8_t nonce[], size_t nonce_len)
 
void nonce_hash (secure_vector< uint8_t > &y0, const uint8_t nonce[], size_t len)
 
std::string provider () const
 
void reset ()
 
void set_associated_data (const uint8_t ad[], size_t ad_len)
 
template<typename Alloc >
void set_key (const std::vector< uint8_t, Alloc > &key)
 
void set_key (const SymmetricKey &key)
 
void set_key (const uint8_t key[], size_t length)
 
void start (const uint8_t nonce[], size_t len)
 
void update (const uint8_t in[], size_t len)
 
void update_associated_data (const uint8_t ad[], size_t len)
 
bool valid_keylength (size_t length) const
 

Protected Member Functions

void verify_key_set (bool cond) const
 

Detailed Description

GCM's GHASH This is not intended for general use, but is exposed to allow shared code between GCM and GMAC

Definition at line 22 of file ghash.h.

Member Function Documentation

◆ add_final_block()

void Botan::GHASH::add_final_block ( secure_vector< uint8_t > &  x,
size_t  ad_len,
size_t  pt_len 
)

Definition at line 189 of file ghash.cpp.

191 {
192 /*
193 * stack buffer is fine here since the text len is public
194 * and the length of the AD is probably not sensitive either.
195 */
196 uint8_t final_block[GCM_BS];
197 store_be<uint64_t>(final_block, 8*ad_len, 8*text_len);
198 ghash_update(hash, final_block, GCM_BS);
199 }
Botan::GHASH::ghash_update
void ghash_update(secure_vector< uint8_t > &x, const uint8_t input[], size_t input_len)
Definition: ghash.cpp:88
hash
MechanismType hash
Definition: p11_mechanism.cpp:64

References ghash_update(), and hash.

Referenced by final(), and nonce_hash().

◆ clear()

void Botan::GHASH::clear ( )
overridevirtual

Reset the state.

Implements Botan::SymmetricAlgorithm.

Definition at line 221 of file ghash.cpp.

222 {
223 zap(m_H);
224 zap(m_HM);
225 reset();
226 }
Botan::GHASH::reset
void reset()
Definition: ghash.cpp:228
Botan::zap
void zap(std::vector< T, Alloc > &vec)
Definition: secmem.h:127

References reset(), and Botan::zap().

◆ final() [1/2]

secure_vector< uint8_t > Botan::GHASH::final ( )
inline

Definition at line 49 of file ghash.h.

50 {
51 secure_vector<uint8_t> mac(GCM_BS);
52 final(mac.data(), mac.size());
53 return mac;
54 }

◆ final() [2/2]

void Botan::GHASH::final ( uint8_t  out[],
size_t  out_len 
)

Definition at line 201 of file ghash.cpp.

202 {
203 BOTAN_ARG_CHECK(mac_len > 0 && mac_len <= 16, "GHASH output length");
204 add_final_block(m_ghash, m_ad_len, m_text_len);
205
206 for(size_t i = 0; i != mac_len; ++i)
207 mac[i] = m_ghash[i] ^ m_nonce[i];
208
209 m_ghash.clear();
210 m_text_len = 0;
211 }
BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition: assert.h:37
Botan::GHASH::add_final_block
void add_final_block(secure_vector< uint8_t > &x, size_t ad_len, size_t pt_len)
Definition: ghash.cpp:189

References add_final_block(), and BOTAN_ARG_CHECK.

◆ ghash_update()

void Botan::GHASH::ghash_update ( secure_vector< uint8_t > &  x,
const uint8_t  input[],
size_t  input_len 
)

Definition at line 88 of file ghash.cpp.

90 {
91 verify_key_set(!m_HM.empty());
92
93 /*
94 This assumes if less than block size input then we're just on the
95 final block and should pad with zeros
96 */
97
98 const size_t full_blocks = length / GCM_BS;
99 const size_t final_bytes = length - (full_blocks * GCM_BS);
100
101 if(full_blocks > 0)
102 {
103 ghash_multiply(ghash, input, full_blocks);
104 }
105
106 if(final_bytes)
107 {
108 uint8_t last_block[GCM_BS] = { 0 };
109 copy_mem(last_block, input + full_blocks * GCM_BS, final_bytes);
110 ghash_multiply(ghash, last_block, 1);
111 secure_scrub_memory(last_block, final_bytes);
112 }
113 }
Botan::SymmetricAlgorithm::verify_key_set
void verify_key_set(bool cond) const
Definition: sym_algo.h:171
Botan::secure_scrub_memory
void secure_scrub_memory(void *ptr, size_t n)
Definition: os_utils.cpp:66
Botan::copy_mem
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:133

References Botan::copy_mem(), Botan::secure_scrub_memory(), and Botan::SymmetricAlgorithm::verify_key_set().

Referenced by add_final_block(), nonce_hash(), set_associated_data(), update(), and update_associated_data().

◆ key_spec()

Key_Length_Specification Botan::GHASH::key_spec ( ) const
inlineoverridevirtual
Returns
object describing limits on key size

Implements Botan::SymmetricAlgorithm.

Definition at line 58 of file ghash.h.

59 { return Key_Length_Specification(16); }

◆ maximum_keylength()

size_t Botan::SymmetricAlgorithm::maximum_keylength ( ) const
inlineinherited
Returns
maximum allowed key length

Definition at line 120 of file sym_algo.h.

121 {
122 return key_spec().maximum_keylength();
123 }
Botan::Key_Length_Specification::maximum_keylength
size_t maximum_keylength() const
Definition: sym_algo.h:70
Botan::SymmetricAlgorithm::key_spec
virtual Key_Length_Specification key_spec() const =0

◆ minimum_keylength()

size_t Botan::SymmetricAlgorithm::minimum_keylength ( ) const
inlineinherited
Returns
minimum allowed key length

Definition at line 128 of file sym_algo.h.

129 {
130 return key_spec().minimum_keylength();
131 }
Botan::Key_Length_Specification::minimum_keylength
size_t minimum_keylength() const
Definition: sym_algo.h:62

Referenced by botan_block_cipher_get_keyspec(), and botan_mac_get_keyspec().

◆ name()

std::string Botan::GHASH::name ( ) const
inlineoverridevirtual
Returns
the algorithm name

Implements Botan::SymmetricAlgorithm.

Definition at line 65 of file ghash.h.

65{ return "GHASH"; }

◆ nonce_hash() [1/2]

secure_vector< uint8_t > Botan::GHASH::nonce_hash ( const uint8_t  nonce[],
size_t  nonce_len 
)
inline

Definition at line 28 of file ghash.h.

29 {
30 secure_vector<uint8_t> y0(GCM_BS);
31 nonce_hash(y0, nonce, nonce_len);
32 return y0;
33 }
Botan::GHASH::nonce_hash
secure_vector< uint8_t > nonce_hash(const uint8_t nonce[], size_t nonce_len)
Definition: ghash.h:28

◆ nonce_hash() [2/2]

void Botan::GHASH::nonce_hash ( secure_vector< uint8_t > &  y0,
const uint8_t  nonce[],
size_t  len 
)

Definition at line 213 of file ghash.cpp.

214 {
215 BOTAN_ASSERT(m_ghash.size() == 0, "nonce_hash called during wrong time");
216
217 ghash_update(y0, nonce, nonce_len);
218 add_final_block(y0, 0, nonce_len);
219 }
BOTAN_ASSERT
#define BOTAN_ASSERT(expr, assertion_made)
Definition: assert.h:55

References add_final_block(), BOTAN_ASSERT, and ghash_update().

◆ provider()

std::string Botan::GHASH::provider ( ) const

Definition at line 17 of file ghash.cpp.

18 {
19#if defined(BOTAN_HAS_GHASH_CLMUL_CPU)
20 if(CPUID::has_carryless_multiply())
21 return "clmul";
22#endif
23
24#if defined(BOTAN_HAS_GHASH_CLMUL_VPERM)
25 if(CPUID::has_vperm())
26 return "vperm";
27#endif
28
29 return "base";
30 }
Botan::CPUID::has_vperm
static bool has_vperm()
Definition: cpuid.h:362
Botan::CPUID::has_carryless_multiply
static bool has_carryless_multiply()
Definition: cpuid.h:395

References Botan::CPUID::has_carryless_multiply(), and Botan::CPUID::has_vperm().

◆ reset()

void Botan::GHASH::reset ( )

Definition at line 228 of file ghash.cpp.

229 {
230 zeroise(m_H_ad);
231 m_ghash.clear();
232 m_nonce.clear();
233 m_text_len = m_ad_len = 0;
234 }
Botan::zeroise
void zeroise(std::vector< T, Alloc > &vec)
Definition: secmem.h:117

References Botan::zeroise().

Referenced by clear().

◆ set_associated_data()

void Botan::GHASH::set_associated_data ( const uint8_t  ad[],
size_t  ad_len 
)

Definition at line 164 of file ghash.cpp.

165 {
166 if(m_ghash.empty() == false)
167 throw Invalid_State("Too late to set AD in GHASH");
168
169 zeroise(m_H_ad);
170
171 ghash_update(m_H_ad, input, length);
172 m_ad_len = length;
173 }

References ghash_update(), and Botan::zeroise().

◆ set_key() [1/3]

template<typename Alloc >
void Botan::SymmetricAlgorithm::set_key ( const std::vector< uint8_t, Alloc > &  key)
inlineinherited

Definition at line 153 of file sym_algo.h.

154 {
155 set_key(key.data(), key.size());
156 }
Botan::SymmetricAlgorithm::set_key
void set_key(const SymmetricKey &key)
Definition: sym_algo.h:147

◆ set_key() [2/3]

void Botan::SymmetricAlgorithm::set_key ( const SymmetricKey key)
inlineinherited

Set the symmetric key of this object.

Parameters
keythe SymmetricKey to be set.

Definition at line 147 of file sym_algo.h.

148 {
149 set_key(key.begin(), key.length());
150 }

References Botan::OctetString::begin(), and Botan::OctetString::length().

Referenced by Botan::aont_package(), Botan::aont_unpackage(), botan_block_cipher_set_key(), botan_cipher_set_key(), botan_mac_set_key(), Botan::Sodium::crypto_stream_salsa20(), Botan::Sodium::crypto_stream_salsa20_xor_ic(), Botan::Sodium::crypto_stream_xsalsa20(), Botan::Sodium::crypto_stream_xsalsa20_xor_ic(), Botan::FPE::fe1_decrypt(), Botan::FPE::fe1_encrypt(), and Botan::Sodium::randombytes_buf_deterministic().

◆ set_key() [3/3]

void Botan::SymmetricAlgorithm::set_key ( const uint8_t  key[],
size_t  length 
)
inherited

Set the symmetric key of this object.

Parameters
keythe to be set as a byte array.
lengthin bytes of key param

Definition at line 17 of file sym_algo.cpp.

18 {
19 if(!valid_keylength(length))
20 throw Invalid_Key_Length(name(), length);
21 key_schedule(key, length);
22 }
Botan::SymmetricAlgorithm::valid_keylength
bool valid_keylength(size_t length) const
Definition: sym_algo.h:138
Botan::SymmetricAlgorithm::name
virtual std::string name() const =0

References Botan::SymmetricAlgorithm::name(), and Botan::SymmetricAlgorithm::valid_keylength().

◆ start()

void Botan::GHASH::start ( const uint8_t  nonce[],
size_t  len 
)

Definition at line 157 of file ghash.cpp.

158 {
159 BOTAN_ARG_CHECK(len == 16, "GHASH requires a 128-bit nonce");
160 m_nonce.assign(nonce, nonce + len);
161 m_ghash = m_H_ad;
162 }

References BOTAN_ARG_CHECK.

◆ update()

void Botan::GHASH::update ( const uint8_t  in[],
size_t  len 
)

Definition at line 182 of file ghash.cpp.

183 {
184 verify_key_set(m_ghash.size() == GCM_BS);
185 m_text_len += length;
186 ghash_update(m_ghash, input, length);
187 }

References ghash_update(), and Botan::SymmetricAlgorithm::verify_key_set().

◆ update_associated_data()

void Botan::GHASH::update_associated_data ( const uint8_t  ad[],
size_t  len 
)

Definition at line 175 of file ghash.cpp.

176 {
177 verify_key_set(m_ghash.size() == GCM_BS);
178 m_ad_len += length;
179 ghash_update(m_ghash, ad, length);
180 }

References ghash_update(), and Botan::SymmetricAlgorithm::verify_key_set().

◆ valid_keylength()

bool Botan::SymmetricAlgorithm::valid_keylength ( size_t  length) const
inlineinherited

Check whether a given key length is valid for this algorithm.

Parameters
lengththe key length to be checked.
Returns
true if the key length is valid.

Definition at line 138 of file sym_algo.h.

139 {
140 return key_spec().valid_keylength(length);
141 }
Botan::Key_Length_Specification::valid_keylength
bool valid_keylength(size_t length) const
Definition: sym_algo.h:52

Referenced by Botan::aont_package(), Botan::aont_unpackage(), and Botan::SymmetricAlgorithm::set_key().

◆ verify_key_set()

void Botan::SymmetricAlgorithm::verify_key_set ( bool  cond) const
inlineprotectedinherited

Definition at line 171 of file sym_algo.h.

172 {
173 if(cond == false)
174 throw_key_not_set_error();
175 }

Referenced by Botan::ChaCha::cipher(), Botan::CTR_BE::cipher(), Botan::RC4::cipher(), Botan::Salsa20::cipher(), Botan::SHAKE_128_Cipher::cipher(), Botan::AES_128::decrypt_n(), Botan::AES_192::decrypt_n(), Botan::AES_256::decrypt_n(), Botan::ARIA_128::decrypt_n(), Botan::ARIA_192::decrypt_n(), Botan::ARIA_256::decrypt_n(), Botan::Blowfish::decrypt_n(), Botan::Camellia_128::decrypt_n(), Botan::Camellia_192::decrypt_n(), Botan::Camellia_256::decrypt_n(), Botan::CAST_128::decrypt_n(), Botan::CAST_256::decrypt_n(), Botan::DES::decrypt_n(), Botan::TripleDES::decrypt_n(), Botan::DESX::decrypt_n(), Botan::GOST_28147_89::decrypt_n(), Botan::IDEA::decrypt_n(), Botan::KASUMI::decrypt_n(), Botan::Lion::decrypt_n(), Botan::MISTY1::decrypt_n(), Botan::Noekeon::decrypt_n(), Botan::SEED::decrypt_n(), Botan::Serpent::decrypt_n(), Botan::SHACAL2::decrypt_n(), Botan::SM4::decrypt_n(), Botan::Threefish_512::decrypt_n(), Botan::Twofish::decrypt_n(), Botan::XTEA::decrypt_n(), Botan::AES_128::encrypt_n(), Botan::AES_192::encrypt_n(), Botan::AES_256::encrypt_n(), Botan::ARIA_128::encrypt_n(), Botan::ARIA_192::encrypt_n(), Botan::ARIA_256::encrypt_n(), Botan::Blowfish::encrypt_n(), Botan::Camellia_128::encrypt_n(), Botan::Camellia_192::encrypt_n(), Botan::Camellia_256::encrypt_n(), Botan::CAST_128::encrypt_n(), Botan::CAST_256::encrypt_n(), Botan::DES::encrypt_n(), Botan::TripleDES::encrypt_n(), Botan::DESX::encrypt_n(), Botan::GOST_28147_89::encrypt_n(), Botan::IDEA::encrypt_n(), Botan::KASUMI::encrypt_n(), Botan::Lion::encrypt_n(), Botan::MISTY1::encrypt_n(), Botan::Noekeon::encrypt_n(), Botan::SEED::encrypt_n(), Botan::Serpent::encrypt_n(), Botan::SHACAL2::encrypt_n(), Botan::SM4::encrypt_n(), Botan::Threefish_512::encrypt_n(), Botan::Twofish::encrypt_n(), Botan::XTEA::encrypt_n(), Botan::OCB_Encryption::finish(), Botan::OCB_Decryption::finish(), ghash_update(), Botan::CFB_Encryption::process(), Botan::CFB_Decryption::process(), Botan::ChaCha::seek(), Botan::CTR_BE::seek(), Botan::Salsa20::seek(), Botan::OCB_Mode::set_associated_data(), Botan::ChaCha::set_iv(), Botan::Salsa20::set_iv(), update(), update_associated_data(), and Botan::ChaCha::write_keystream().

The documentation for this class was generated from the following files:
Generated by doxygen 1.9.3