Botan 3.0.0
Crypto and TLS for C&
mac.h
Go to the documentation of this file.
1/*
2* Base class for message authentiction codes
3* (C) 1999-2007 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#ifndef BOTAN_MESSAGE_AUTH_CODE_BASE_H_
9#define BOTAN_MESSAGE_AUTH_CODE_BASE_H_
10
11#include <botan/buf_comp.h>
12#include <botan/sym_algo.h>
13#include <string>
14#include <span>
15#include <memory>
16
17namespace Botan {
18
19/**
20* This class represents Message Authentication Code (MAC) objects.
21*/
22class BOTAN_PUBLIC_API(2,0) MessageAuthenticationCode : public Buffered_Computation,
23 public SymmetricAlgorithm
24 {
25 public:
26 /**
27 * Create an instance based on a name
28 * If provider is empty then best available is chosen.
29 * @param algo_spec algorithm name
30 * @param provider provider implementation to use
31 * @return a null pointer if the algo/provider combination cannot be found
32 */
33 static std::unique_ptr<MessageAuthenticationCode>
34 create(std::string_view algo_spec,
35 std::string_view provider = "");
36
37 /*
38 * Create an instance based on a name
39 * If provider is empty then best available is chosen.
40 * @param algo_spec algorithm name
41 * @param provider provider implementation to use
42 * Throws a Lookup_Error if algo/provider combination cannot be found
43 */
44 static std::unique_ptr<MessageAuthenticationCode>
45 create_or_throw(std::string_view algo_spec,
46 std::string_view provider = "");
47
48 /**
49 * @return list of available providers for this algorithm, empty if not available
50 */
51 static std::vector<std::string> providers(std::string_view algo_spec);
52
53 virtual ~MessageAuthenticationCode() = default;
54
55 /**
56 * Prepare for processing a message under the specified nonce
57 *
58 * Most MACs neither require nor support a nonce; for these algorithms
59 * calling `start_msg` is optional and calling it with anything other than
60 * an empty string is an error. One MAC which *requires* a per-message
61 * nonce be specified is GMAC.
62 *
63 * Default implementation simply rejects all non-empty nonces
64 * since most hash/MAC algorithms do not support randomization
65 *
66 * @param nonce the message nonce bytes
67 */
68 void start(std::span<const uint8_t> nonce)
69 {
70 start_msg(nonce.data(), nonce.size());
71 }
72
73 /**
74 * Begin processing a message.
75 * @param nonce the per message nonce
76 * @param nonce_len length of nonce
77 */
78 void start(const uint8_t nonce[], size_t nonce_len)
79 {
80 start_msg(nonce, nonce_len);
81 }
82
83 /**
84 * Begin processing a message.
85 */
86 void start()
87 {
88 return start_msg(nullptr, 0);
89 }
90
91 /**
92 * Verify a MAC.
93 * @param in the MAC to verify as a byte array
94 * @param length the length of param in
95 * @return true if the MAC is valid, false otherwise
96 */
97 bool verify_mac(const uint8_t in[], size_t length)
98 {
99 return verify_mac_result(in, length);
100 }
101
102 /**
103 * Verify a MAC.
104 * @param in the MAC to verify as a byte array
105 * @return true if the MAC is valid, false otherwise
106 */
107 bool verify_mac(std::span<const uint8_t> in)
108 {
109 return verify_mac_result(in.data(), in.size());
110 }
111
112 /**
113 * @return new object representing the same algorithm as *this
114 */
115 virtual std::unique_ptr<MessageAuthenticationCode> new_object() const = 0;
116
117 /**
118 * Get a new object representing the same algorithm as *this
119 */
120 MessageAuthenticationCode* clone() const
121 {
122 return this->new_object().release();
123 }
124
125 /**
126 * @return provider information about this implementation. Default is "base",
127 * might also return "sse2", "avx2", "openssl", or some other arbitrary string.
128 */
129 virtual std::string provider() const { return "base"; }
130
131 /**
132 * @return if a fresh key must be set for each message that is processed.
133 *
134 * This is required for certain polynomial-based MACs which are insecure
135 * if a key is ever reused for two different messages.
136 */
137 virtual bool fresh_key_required_per_message() const { return false; }
138
139 protected:
140 /**
141 * Prepare for processing a message under the specified nonce
142 *
143 * If the MAC does not support nonces, it should not override the default
144 * implementation.
145 */
146 virtual void start_msg(const uint8_t nonce[], size_t nonce_len);
147
148 /**
149 * Verify the MACs final result
150 */
151 virtual bool verify_mac_result(const uint8_t in[], size_t length);
152 };
153
154typedef MessageAuthenticationCode MAC;
155
156}
157
158#endif
Botan::Buffered_Computation
Definition: buf_comp.h:23
Botan::MessageAuthenticationCode::verify_mac
bool verify_mac(std::span< const uint8_t > in)
Definition: mac.h:107
Botan::MessageAuthenticationCode::fresh_key_required_per_message
virtual bool fresh_key_required_per_message() const
Definition: mac.h:137
Botan::MessageAuthenticationCode::new_object
virtual std::unique_ptr< MessageAuthenticationCode > new_object() const =0
Botan::MessageAuthenticationCode::provider
virtual std::string provider() const
Definition: mac.h:129
Botan::MessageAuthenticationCode::~MessageAuthenticationCode
virtual ~MessageAuthenticationCode()=default
Botan::MessageAuthenticationCode::verify_mac
bool verify_mac(const uint8_t in[], size_t length)
Definition: mac.h:97
Botan::MessageAuthenticationCode::start
void start(std::span< const uint8_t > nonce)
Definition: mac.h:68
Botan::MessageAuthenticationCode::clone
MessageAuthenticationCode * clone() const
Definition: mac.h:120
Botan::MessageAuthenticationCode::start
void start(const uint8_t nonce[], size_t nonce_len)
Definition: mac.h:78
BOTAN_PUBLIC_API
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
Botan
Definition: alg_id.cpp:12
Botan::MAC
MessageAuthenticationCode MAC
Definition: mac.h:154
Generated by doxygen 1.9.6