/src/botan/build/include/botan/mac.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Base class for message authentiction codes |
3 | | * (C) 1999-2007 Jack Lloyd |
4 | | * |
5 | | * Botan is released under the Simplified BSD License (see license.txt) |
6 | | */ |
7 | | |
8 | | #ifndef BOTAN_MESSAGE_AUTH_CODE_BASE_H_ |
9 | | #define BOTAN_MESSAGE_AUTH_CODE_BASE_H_ |
10 | | |
11 | | #include <botan/buf_comp.h> |
12 | | #include <botan/sym_algo.h> |
13 | | #include <string> |
14 | | #include <memory> |
15 | | |
16 | | namespace Botan { |
17 | | |
18 | | /** |
19 | | * This class represents Message Authentication Code (MAC) objects. |
20 | | */ |
21 | | class BOTAN_PUBLIC_API(2,0) MessageAuthenticationCode : public Buffered_Computation, |
22 | | public SymmetricAlgorithm |
23 | | { |
24 | | public: |
25 | | /** |
26 | | * Create an instance based on a name |
27 | | * If provider is empty then best available is chosen. |
28 | | * @param algo_spec algorithm name |
29 | | * @param provider provider implementation to use |
30 | | * @return a null pointer if the algo/provider combination cannot be found |
31 | | */ |
32 | | static std::unique_ptr<MessageAuthenticationCode> |
33 | | create(const std::string& algo_spec, |
34 | | const std::string& provider = ""); |
35 | | |
36 | | /* |
37 | | * Create an instance based on a name |
38 | | * If provider is empty then best available is chosen. |
39 | | * @param algo_spec algorithm name |
40 | | * @param provider provider implementation to use |
41 | | * Throws a Lookup_Error if algo/provider combination cannot be found |
42 | | */ |
43 | | static std::unique_ptr<MessageAuthenticationCode> |
44 | | create_or_throw(const std::string& algo_spec, |
45 | | const std::string& provider = ""); |
46 | | |
47 | | /** |
48 | | * @return list of available providers for this algorithm, empty if not available |
49 | | */ |
50 | | static std::vector<std::string> providers(const std::string& algo_spec); |
51 | | |
52 | 16.9k | virtual ~MessageAuthenticationCode() = default; |
53 | | |
54 | | /** |
55 | | * Prepare for processing a message under the specified nonce |
56 | | * |
57 | | * Most MACs neither require nor support a nonce; for these algorithms |
58 | | * calling `start_msg` is optional and calling it with anything other than |
59 | | * an empty string is an error. One MAC which *requires* a per-message |
60 | | * nonce be specified is GMAC. |
61 | | * |
62 | | * @param nonce the message nonce bytes |
63 | | * @param nonce_len the size of len in bytes |
64 | | * Default implementation simply rejects all non-empty nonces |
65 | | * since most hash/MAC algorithms do not support randomization |
66 | | */ |
67 | | virtual void start_msg(const uint8_t nonce[], size_t nonce_len); |
68 | | |
69 | | /** |
70 | | * Begin processing a message with a nonce |
71 | | * |
72 | | * @param nonce the per message nonce |
73 | | */ |
74 | | template<typename Alloc> |
75 | | void start(const std::vector<uint8_t, Alloc>& nonce) |
76 | | { |
77 | | start_msg(nonce.data(), nonce.size()); |
78 | | } |
79 | | |
80 | | /** |
81 | | * Begin processing a message. |
82 | | * @param nonce the per message nonce |
83 | | * @param nonce_len length of nonce |
84 | | */ |
85 | | void start(const uint8_t nonce[], size_t nonce_len) |
86 | 0 | { |
87 | 0 | start_msg(nonce, nonce_len); |
88 | 0 | } |
89 | | |
90 | | /** |
91 | | * Begin processing a message. |
92 | | */ |
93 | | void start() |
94 | 0 | { |
95 | 0 | return start_msg(nullptr, 0); |
96 | 0 | } |
97 | | |
98 | | /** |
99 | | * Verify a MAC. |
100 | | * @param in the MAC to verify as a byte array |
101 | | * @param length the length of param in |
102 | | * @return true if the MAC is valid, false otherwise |
103 | | */ |
104 | | virtual bool verify_mac(const uint8_t in[], size_t length); |
105 | | |
106 | | /** |
107 | | * Verify a MAC. |
108 | | * @param in the MAC to verify as a byte array |
109 | | * @return true if the MAC is valid, false otherwise |
110 | | */ |
111 | | virtual bool verify_mac(const std::vector<uint8_t>& in) |
112 | 0 | { |
113 | 0 | return verify_mac(in.data(), in.size()); |
114 | 0 | } |
115 | | |
116 | | /** |
117 | | * Verify a MAC. |
118 | | * @param in the MAC to verify as a byte array |
119 | | * @return true if the MAC is valid, false otherwise |
120 | | */ |
121 | | virtual bool verify_mac(const secure_vector<uint8_t>& in) |
122 | 0 | { |
123 | 0 | return verify_mac(in.data(), in.size()); |
124 | 0 | } |
125 | | |
126 | | /** |
127 | | * @return new object representing the same algorithm as *this |
128 | | */ |
129 | | virtual std::unique_ptr<MessageAuthenticationCode> new_object() const = 0; |
130 | | |
131 | | /** |
132 | | * Get a new object representing the same algorithm as *this |
133 | | */ |
134 | | MessageAuthenticationCode* clone() const |
135 | 0 | { |
136 | 0 | return this->new_object().release(); |
137 | 0 | } |
138 | | |
139 | | /** |
140 | | * @return provider information about this implementation. Default is "base", |
141 | | * might also return "sse2", "avx2", "openssl", or some other arbitrary string. |
142 | | */ |
143 | 0 | virtual std::string provider() const { return "base"; } |
144 | | |
145 | | /** |
146 | | * @return if a fresh key must be set for each message that is processed. |
147 | | * |
148 | | * This is required for certain polynomial-based MACs which are insecure |
149 | | * if a key is ever reused for two different messages. |
150 | | */ |
151 | 0 | virtual bool fresh_key_required_per_message() const { return false; } |
152 | | }; |
153 | | |
154 | | typedef MessageAuthenticationCode MAC; |
155 | | |
156 | | } |
157 | | |
158 | | #endif |