/src/botan/build/include/botan/internal/ghash.h

Source (jump to first uncovered line)
/*
* (C) 2013 Jack Lloyd
* (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#ifndef BOTAN_GCM_GHASH_H_
#define BOTAN_GCM_GHASH_H_

#include <botan/sym_algo.h>

namespace Botan {

/**
* GCM's GHASH
* This is not intended for general use, but is exposed to allow
* shared code between GCM and GMAC
*/
class GHASH final : public SymmetricAlgorithm
   {
   public:
      void set_associated_data(const uint8_t ad[], size_t ad_len);

      void nonce_hash(secure_vector<uint8_t>& y0, const uint8_t nonce[], size_t len);

      void start(const uint8_t nonce[], size_t len);

      /*
      * Assumes input len is multiple of 16
      */
      void update(const uint8_t in[], size_t len);

      /*
      * Incremental update of associated data
      */
      void update_associated_data(const uint8_t ad[], size_t len);

      void final(uint8_t out[], size_t out_len);

      Key_Length_Specification key_spec() const override
         { return Key_Length_Specification(16); }

      void clear() override;

      void reset();

      std::string name() const override { return "GHASH"; }

      std::string provider() const;

      void ghash_update(secure_vector<uint8_t>& x,
                        const uint8_t input[], size_t input_len);

      void add_final_block(secure_vector<uint8_t>& x,
                           size_t ad_len, size_t pt_len);
   private:

#if defined(BOTAN_HAS_GHASH_CLMUL_CPU)
      static void ghash_precompute_cpu(const uint8_t H[16], uint64_t H_pow[4*2]);

      static void ghash_multiply_cpu(uint8_t x[16],
                                     const uint64_t H_pow[4*2],
                                     const uint8_t input[], size_t blocks);
#endif

#if defined(BOTAN_HAS_GHASH_CLMUL_VPERM)
      static void ghash_multiply_vperm(uint8_t x[16],
                                       const uint64_t HM[256],
                                       const uint8_t input[], size_t blocks);
#endif

      void key_schedule(const uint8_t key[], size_t key_len) override;

      void ghash_multiply(secure_vector<uint8_t>& x,
                          const uint8_t input[],
                          size_t blocks);

      static const size_t GCM_BS = 16;

      secure_vector<uint8_t> m_H;
      secure_vector<uint8_t> m_H_ad;
      secure_vector<uint8_t> m_ghash;
      secure_vector<uint8_t> m_nonce;
      secure_vector<uint64_t> m_HM;
      secure_vector<uint64_t> m_H_pow;
      size_t m_ad_len = 0;
      size_t m_text_len = 0;
   };

}

#endif

Line	Count	Source (jump to first uncovered line)
1		/*
2		* (C) 2013 Jack Lloyd
3		* (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity
4		*
5		* Botan is released under the Simplified BSD License (see license.txt)
6		*/
7
8		#ifndef BOTAN_GCM_GHASH_H_
9		#define BOTAN_GCM_GHASH_H_
10
11		#include <botan/sym_algo.h>
12
13		namespace Botan {
14
15		/**
16		* GCM's GHASH
17		* This is not intended for general use, but is exposed to allow
18		* shared code between GCM and GMAC
19		*/
20		class GHASH final : public SymmetricAlgorithm
21		{
22		public:
23		void set_associated_data(const uint8_t ad[], size_t ad_len);
24
25		void nonce_hash(secure_vector<uint8_t>& y0, const uint8_t nonce[], size_t len);
26
27		void start(const uint8_t nonce[], size_t len);
28
29		/*
30		* Assumes input len is multiple of 16
31		*/
32		void update(const uint8_t in[], size_t len);
33
34		/*
35		* Incremental update of associated data
36		*/
37		void update_associated_data(const uint8_t ad[], size_t len);
38
39		void final(uint8_t out[], size_t out_len);
40
41		Key_Length_Specification key_spec() const override
42	368	{ return Key_Length_Specification(16); }
43
44		void clear() override;
45
46		void reset();
47
48	0	std::string name() const override { return "GHASH"; }
49
50		std::string provider() const;
51
52		void ghash_update(secure_vector<uint8_t>& x,
53		const uint8_t input[], size_t input_len);
54
55		void add_final_block(secure_vector<uint8_t>& x,
56		size_t ad_len, size_t pt_len);
57		private:
58
59		#if defined(BOTAN_HAS_GHASH_CLMUL_CPU)
60		static void ghash_precompute_cpu(const uint8_t H[16], uint64_t H_pow[4*2]);
61
62		static void ghash_multiply_cpu(uint8_t x[16],
63		const uint64_t H_pow[4*2],
64		const uint8_t input[], size_t blocks);
65		#endif
66
67		#if defined(BOTAN_HAS_GHASH_CLMUL_VPERM)
68		static void ghash_multiply_vperm(uint8_t x[16],
69		const uint64_t HM[256],
70		const uint8_t input[], size_t blocks);
71		#endif
72
73		void key_schedule(const uint8_t key[], size_t key_len) override;
74
75		void ghash_multiply(secure_vector<uint8_t>& x,
76		const uint8_t input[],
77		size_t blocks);
78
79		static const size_t GCM_BS = 16;
80
81		secure_vector<uint8_t> m_H;
82		secure_vector<uint8_t> m_H_ad;
83		secure_vector<uint8_t> m_ghash;
84		secure_vector<uint8_t> m_nonce;
85		secure_vector<uint64_t> m_HM;
86		secure_vector<uint64_t> m_H_pow;
87		size_t m_ad_len = 0;
88		size_t m_text_len = 0;
89		};
90
91		}
92
93		#endif

Coverage Report

Created: 2022-01-14 08:07