Botan  2.19.1
Crypto and TLS for C++11
ghash.h
Go to the documentation of this file.
1 /*
2 * (C) 2013 Jack Lloyd
3 * (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #ifndef BOTAN_GCM_GHASH_H_
9 #define BOTAN_GCM_GHASH_H_
10 
11 #include <botan/sym_algo.h>
12 
14 
15 namespace Botan {
16 
17 /**
18 * GCM's GHASH
19 * This is not intended for general use, but is exposed to allow
20 * shared code between GCM and GMAC
21 */
23  {
24  public:
25  void set_associated_data(const uint8_t ad[], size_t ad_len);
26 
27  secure_vector<uint8_t> BOTAN_DEPRECATED("Use other impl")
28  nonce_hash(const uint8_t nonce[], size_t nonce_len)
29  {
30  secure_vector<uint8_t> y0(GCM_BS);
31  nonce_hash(y0, nonce, nonce_len);
32  return y0;
33  }
34 
35  void nonce_hash(secure_vector<uint8_t>& y0, const uint8_t nonce[], size_t len);
36 
37  void start(const uint8_t nonce[], size_t len);
38 
39  /*
40  * Assumes input len is multiple of 16
41  */
42  void update(const uint8_t in[], size_t len);
43 
44  /*
45  * Incremental update of associated data
46  */
47  void update_associated_data(const uint8_t ad[], size_t len);
48 
49  secure_vector<uint8_t> BOTAN_DEPRECATED("Use version taking output params") final()
50  {
51  secure_vector<uint8_t> mac(GCM_BS);
52  final(mac.data(), mac.size());
53  return mac;
54  }
55 
56  void final(uint8_t out[], size_t out_len);
57 
59  { return Key_Length_Specification(16); }
60 
61  void clear() override;
62 
63  void reset();
64 
65  std::string name() const override { return "GHASH"; }
66 
67  std::string provider() const;
68 
69  void ghash_update(secure_vector<uint8_t>& x,
70  const uint8_t input[], size_t input_len);
71 
72  void add_final_block(secure_vector<uint8_t>& x,
73  size_t ad_len, size_t pt_len);
74  private:
75 
76 #if defined(BOTAN_HAS_GHASH_CLMUL_CPU)
77  static void ghash_precompute_cpu(const uint8_t H[16], uint64_t H_pow[4*2]);
78 
79  static void ghash_multiply_cpu(uint8_t x[16],
80  const uint64_t H_pow[4*2],
81  const uint8_t input[], size_t blocks);
82 #endif
83 
84 #if defined(BOTAN_HAS_GHASH_CLMUL_VPERM)
85  static void ghash_multiply_vperm(uint8_t x[16],
86  const uint64_t HM[256],
87  const uint8_t input[], size_t blocks);
88 #endif
89 
90  void key_schedule(const uint8_t key[], size_t key_len) override;
91 
92  void ghash_multiply(secure_vector<uint8_t>& x,
93  const uint8_t input[],
94  size_t blocks);
95 
96  static const size_t GCM_BS = 16;
97 
100  secure_vector<uint8_t> m_ghash;
101  secure_vector<uint8_t> m_nonce;
103  secure_vector<uint64_t> m_H_pow;
104  size_t m_ad_len = 0;
105  size_t m_text_len = 0;
106  };
107 
108 }
109 
110 #endif
SIMD_8x32 H
Key_Length_Specification key_spec() const override
Definition: ghash.h:58
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
std::vector< T, secure_allocator< T >> secure_vector
Definition: secmem.h:65
virtual void clear()=0
Definition: alg_id.cpp:13
int(* update)(CTX *, const void *, CC_LONG len)
std::string name() const override
Definition: ghash.h:65
#define BOTAN_FUTURE_INTERNAL_HEADER(hdr)
Definition: compiler.h:136