/src/botan/build/include/botan/ghash.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * (C) 2013 Jack Lloyd |
3 | | * (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity |
4 | | * |
5 | | * Botan is released under the Simplified BSD License (see license.txt) |
6 | | */ |
7 | | |
8 | | #ifndef BOTAN_GCM_GHASH_H_ |
9 | | #define BOTAN_GCM_GHASH_H_ |
10 | | |
11 | | #include <botan/sym_algo.h> |
12 | | |
13 | | BOTAN_FUTURE_INTERNAL_HEADER(ghash.h) |
14 | | |
15 | | namespace Botan { |
16 | | |
17 | | /** |
18 | | * GCM's GHASH |
19 | | * This is not intended for general use, but is exposed to allow |
20 | | * shared code between GCM and GMAC |
21 | | */ |
22 | | class BOTAN_PUBLIC_API(2,0) GHASH final : public SymmetricAlgorithm |
23 | | { |
24 | | public: |
25 | | void set_associated_data(const uint8_t ad[], size_t ad_len); |
26 | | |
27 | | secure_vector<uint8_t> BOTAN_DEPRECATED("Use other impl") |
28 | | nonce_hash(const uint8_t nonce[], size_t nonce_len) |
29 | 0 | { |
30 | 0 | secure_vector<uint8_t> y0(GCM_BS); |
31 | 0 | nonce_hash(y0, nonce, nonce_len); |
32 | 0 | return y0; |
33 | 0 | } |
34 | | |
35 | | void nonce_hash(secure_vector<uint8_t>& y0, const uint8_t nonce[], size_t len); |
36 | | |
37 | | void start(const uint8_t nonce[], size_t len); |
38 | | |
39 | | /* |
40 | | * Assumes input len is multiple of 16 |
41 | | */ |
42 | | void update(const uint8_t in[], size_t len); |
43 | | |
44 | | /* |
45 | | * Incremental update of associated data |
46 | | */ |
47 | | void update_associated_data(const uint8_t ad[], size_t len); |
48 | | |
49 | | secure_vector<uint8_t> BOTAN_DEPRECATED("Use version taking output params") final() |
50 | 0 | { |
51 | 0 | secure_vector<uint8_t> mac(GCM_BS); |
52 | 0 | final(mac.data(), mac.size()); |
53 | 0 | return mac; |
54 | 0 | } |
55 | | |
56 | | void final(uint8_t out[], size_t out_len); |
57 | | |
58 | | Key_Length_Specification key_spec() const override |
59 | 944 | { return Key_Length_Specification(16); } |
60 | | |
61 | | void clear() override; |
62 | | |
63 | | void reset(); |
64 | | |
65 | 0 | std::string name() const override { return "GHASH"; } |
66 | | |
67 | | std::string provider() const; |
68 | | |
69 | | void ghash_update(secure_vector<uint8_t>& x, |
70 | | const uint8_t input[], size_t input_len); |
71 | | |
72 | | void add_final_block(secure_vector<uint8_t>& x, |
73 | | size_t ad_len, size_t pt_len); |
74 | | private: |
75 | | |
76 | | #if defined(BOTAN_HAS_GHASH_CLMUL_CPU) |
77 | | static void ghash_precompute_cpu(const uint8_t H[16], uint64_t H_pow[4*2]); |
78 | | |
79 | | static void ghash_multiply_cpu(uint8_t x[16], |
80 | | const uint64_t H_pow[4*2], |
81 | | const uint8_t input[], size_t blocks); |
82 | | #endif |
83 | | |
84 | | #if defined(BOTAN_HAS_GHASH_CLMUL_VPERM) |
85 | | static void ghash_multiply_vperm(uint8_t x[16], |
86 | | const uint64_t HM[256], |
87 | | const uint8_t input[], size_t blocks); |
88 | | #endif |
89 | | |
90 | | void key_schedule(const uint8_t key[], size_t key_len) override; |
91 | | |
92 | | void ghash_multiply(secure_vector<uint8_t>& x, |
93 | | const uint8_t input[], |
94 | | size_t blocks); |
95 | | |
96 | | static const size_t GCM_BS = 16; |
97 | | |
98 | | secure_vector<uint8_t> m_H; |
99 | | secure_vector<uint8_t> m_H_ad; |
100 | | secure_vector<uint8_t> m_ghash; |
101 | | secure_vector<uint8_t> m_nonce; |
102 | | secure_vector<uint64_t> m_HM; |
103 | | secure_vector<uint64_t> m_H_pow; |
104 | | size_t m_ad_len = 0; |
105 | | size_t m_text_len = 0; |
106 | | }; |
107 | | |
108 | | } |
109 | | |
110 | | #endif |