/* * Base class for message authentiction codes * (C) 1999-2007 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ #ifndef BOTAN_MESSAGE_AUTH_CODE_BASE_H_ #define BOTAN_MESSAGE_AUTH_CODE_BASE_H_ #include #include #include namespace Botan { /** * This class represents Message Authentication Code (MAC) objects. */ class BOTAN_PUBLIC_API(2,0) MessageAuthenticationCode : public Buffered_Computation, public SymmetricAlgorithm { public: /** * Create an instance based on a name * If provider is empty then best available is chosen. * @param algo_spec algorithm name * @param provider provider implementation to use * @return a null pointer if the algo/provider combination cannot be found */ static std::unique_ptr create(const std::string& algo_spec, const std::string& provider = ""); /* * Create an instance based on a name * If provider is empty then best available is chosen. * @param algo_spec algorithm name * @param provider provider implementation to use * Throws a Lookup_Error if algo/provider combination cannot be found */ static std::unique_ptr create_or_throw(const std::string& algo_spec, const std::string& provider = ""); /** * @return list of available providers for this algorithm, empty if not available */ static std::vector providers(const std::string& algo_spec); virtual ~MessageAuthenticationCode() = default; /** * Prepare for processing a message under the specified nonce * * Most MACs neither require nor support a nonce; for these algorithms * calling `start_msg` is optional and calling it with anything other than * an empty string is an error. One MAC which *requires* a per-message * nonce be specified is GMAC. * * @param nonce the message nonce bytes * @param nonce_len the size of len in bytes * Default implementation simply rejects all non-empty nonces * since most hash/MAC algorithms do not support randomization */ virtual void start_msg(const uint8_t nonce[], size_t nonce_len) { BOTAN_UNUSED(nonce); if(nonce_len > 0) throw Invalid_IV_Length(name(), nonce_len); } /** * Begin processing a message with a nonce * * @param nonce the per message nonce */ template void start(const std::vector& nonce) { start_msg(nonce.data(), nonce.size()); } /** * Begin processing a message. * @param nonce the per message nonce * @param nonce_len length of nonce */ void start(const uint8_t nonce[], size_t nonce_len) { start_msg(nonce, nonce_len); } /** * Begin processing a message. */ void start() { return start_msg(nullptr, 0); } /** * Verify a MAC. * @param in the MAC to verify as a byte array * @param length the length of param in * @return true if the MAC is valid, false otherwise */ virtual bool verify_mac(const uint8_t in[], size_t length); /** * Verify a MAC. * @param in the MAC to verify as a byte array * @return true if the MAC is valid, false otherwise */ virtual bool verify_mac(const std::vector& in) { return verify_mac(in.data(), in.size()); } /** * Verify a MAC. * @param in the MAC to verify as a byte array * @return true if the MAC is valid, false otherwise */ virtual bool verify_mac(const secure_vector& in) { return verify_mac(in.data(), in.size()); } /** * Get a new object representing the same algorithm as *this */ virtual MessageAuthenticationCode* clone() const = 0; /** * @return provider information about this implementation. Default is "base", * might also return "sse2", "avx2", "openssl", or some other arbitrary string. */ virtual std::string provider() const { return "base"; } }; typedef MessageAuthenticationCode MAC; } #endif