doxygen/kmac_8cpp_source.html

/*

* KMAC

* (C) 2023 Jack Lloyd

* (C) 2023 Falko Strenzke

* (C) 2023 René Meusel - Rohde & Schwarz Cybersecurity

*

* Botan is released under the Simplified BSD License (see license.txt)

*/


#include <botan/internal/kmac.h>


#include <botan/internal/cshake_xof.h>

#include <botan/internal/fmt.h>

#include <botan/internal/keccak_helpers.h>


namespace Botan {


KMAC::KMAC(std::unique_ptr<cSHAKE_XOF> cshake, size_t output_bit_length) :

      m_output_bit_length(output_bit_length), m_message_started(false), m_cshake(std::move(cshake)) {

   BOTAN_ARG_CHECK(m_output_bit_length % 8 == 0, "KMAC output length must be full bytes");

   BOTAN_ARG_CHECK(m_output_bit_length > 0, "KMAC output length must be at least one byte");

   BOTAN_ASSERT_NONNULL(m_cshake);

}


KMAC::~KMAC() = default;


void KMAC::clear() {

   zap(m_encoded_key);

   m_message_started = false;

   m_cshake->clear();

}


size_t KMAC::output_length() const {

   return m_output_bit_length / 8;

}


Key_Length_Specification KMAC::key_spec() const {

   // KMAC supports key lengths from zero up to 2²⁰⁴⁰ (2^(2040)) bits:

   // https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-185.pdf#page=28

   //

   // However, we restrict the key length to 64 bytes in order to avoid allocation of overly

   // large memory stretches when client code works with the maximal key length.

   return Key_Length_Specification(0, 64);

}


bool KMAC::has_keying_material() const {

   return !m_encoded_key.empty();

}


std::string KMAC::provider() const {

   return m_cshake->provider();

}


void KMAC::start_msg(std::span<const uint8_t> nonce) {

   assert_key_material_set();

   m_cshake->start(nonce);

   m_cshake->update(m_encoded_key);

   m_message_started = true;

}


void KMAC::add_data(std::span<const uint8_t> data) {

   assert_key_material_set(!m_encoded_key.empty());

   if(!m_message_started) {

      start();

   }

   m_cshake->update(data);

}


void KMAC::final_result(std::span<uint8_t> output) {

   assert_key_material_set();

   std::array<uint8_t, keccak_max_int_encoding_size()> encoded_output_length_buffer;

   m_cshake->update(keccak_int_right_encode(encoded_output_length_buffer, m_output_bit_length));

   m_cshake->output(output.first(output_length()));

   m_cshake->clear();

   m_message_started = false;

}


void KMAC::key_schedule(std::span<const uint8_t> key) {

   clear();

   keccak_absorb_padded_strings_encoding(m_encoded_key, m_cshake->block_size(), key);

}


// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


KMAC128::KMAC128(size_t output_bit_length) : KMAC(std::make_unique<cSHAKE_128_XOF>("KMAC"), output_bit_length) {}


std::string KMAC128::name() const {

   return fmt("KMAC-128({})", output_length() * 8);

}


std::unique_ptr<MessageAuthenticationCode> KMAC128::new_object() const {

   return std::make_unique<KMAC128>(output_length() * 8);

}


KMAC256::KMAC256(size_t output_bit_length) : KMAC(std::make_unique<cSHAKE_256_XOF>("KMAC"), output_bit_length) {}


std::string KMAC256::name() const {

   return fmt("KMAC-256({})", output_length() * 8);

}


std::unique_ptr<MessageAuthenticationCode> KMAC256::new_object() const {

   return std::make_unique<KMAC256>(output_length() * 8);

}


}  // namespace Botan

BOTAN_ASSERT_NONNULL
#define BOTAN_ASSERT_NONNULL(ptr)
Definition assert.h:86

BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:29

Botan::KMAC128::name
std::string name() const override
Definition kmac.cpp:87

Botan::KMAC128::new_object
std::unique_ptr< MessageAuthenticationCode > new_object() const override
Definition kmac.cpp:91

Botan::KMAC128::KMAC128
KMAC128(size_t output_bit_length)
Definition kmac.cpp:85

Botan::KMAC256::name
std::string name() const override
Definition kmac.cpp:97

Botan::KMAC256::KMAC256
KMAC256(size_t output_bit_length)
Definition kmac.cpp:95

Botan::KMAC256::new_object
std::unique_ptr< MessageAuthenticationCode > new_object() const override
Definition kmac.cpp:101

Botan::KMAC
Definition kmac.h:19

Botan::KMAC::KMAC
KMAC(std::unique_ptr< cSHAKE_XOF > cshake, size_t output_bit_length)
Definition kmac.cpp:18

Botan::KMAC::~KMAC
virtual ~KMAC()

Botan::KMAC::has_keying_material
bool has_keying_material() const final
Definition kmac.cpp:46

Botan::KMAC::clear
void clear() final
Definition kmac.cpp:27

Botan::KMAC::output_length
size_t output_length() const final
Definition kmac.cpp:33

Botan::KMAC::key_spec
Key_Length_Specification key_spec() const final
Definition kmac.cpp:37

Botan::KMAC::provider
std::string provider() const final
Definition kmac.cpp:50

Botan::Key_Length_Specification
Definition sym_algo.h:21

Botan::MessageAuthenticationCode::start
void start()
Definition mac.h:77

Botan::SymmetricAlgorithm::assert_key_material_set
void assert_key_material_set() const
Definition sym_algo.h:139

Botan::cSHAKE_128_XOF
Definition cshake_xof.h:68

Botan::cSHAKE_256_XOF
Definition cshake_xof.h:87

Botan
Definition alg_id.cpp:13

Botan::zap
void zap(std::vector< T, Alloc > &vec)
Definition secmem.h:117

Botan::fmt
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53

Botan::keccak_absorb_padded_strings_encoding
size_t keccak_absorb_padded_strings_encoding(T &sink, size_t padding_mod, Ts... byte_strings)
Definition keccak_helpers.h:91

Botan::keccak_int_right_encode
std::span< const uint8_t > keccak_int_right_encode(std::span< uint8_t > out, size_t x)
Definition keccak_helpers.cpp:47

Botan::keccak_max_int_encoding_size
constexpr size_t keccak_max_int_encoding_size()
Definition keccak_helpers.h:65