9#include <botan/internal/gmac.h>
11#include <botan/block_cipher.h>
12#include <botan/exceptn.h>
13#include <botan/internal/fmt.h>
14#include <botan/internal/ghash.h>
19 m_cipher(std::move(cipher)), m_ghash(std::make_unique<
GHASH>()), m_H(GCM_BS), m_initialized(false) {}
25 m_initialized =
false;
31 return m_cipher->key_spec();
35 return fmt(
"GMAC({})", m_cipher->name());
42void GMAC::add_data(std::span<const uint8_t> input) {
43 m_ghash->update_associated_data(input);
47 return m_cipher->has_keying_material();
50void GMAC::key_schedule(std::span<const uint8_t> key) {
52 m_cipher->set_key(key);
54 m_cipher->encrypt(m_H);
55 m_ghash->set_key(m_H);
58void GMAC::start_msg(std::span<const uint8_t> nonce) {
61 if(nonce.size() == 12) {
62 copy_mem(y0.data(), nonce.data(), nonce.size());
65 m_ghash->nonce_hash(y0, nonce);
69 m_cipher->encrypt(y0.data(), m_enc_y0.data());
70 m_ghash->start(m_enc_y0);
74void GMAC::final_result(std::span<uint8_t> mac) {
78 if(m_initialized ==
false) {
79 throw Invalid_State(
"GMAC was not used with a fresh nonce");
83 m_ghash->set_key(m_H);
87 return std::make_unique<GMAC>(m_cipher->new_object());
std::string name() const override
GMAC(std::unique_ptr< BlockCipher > cipher)
std::unique_ptr< MessageAuthenticationCode > new_object() const override
Key_Length_Specification key_spec() const override
bool has_keying_material() const override
size_t output_length() const override
void zeroise(std::vector< T, Alloc > &vec)
std::string fmt(std::string_view format, const T &... args)
std::vector< T, secure_allocator< T > > secure_vector
constexpr void copy_mem(T *out, const T *in, size_t n)