CXI
Loading...
Searching...
No Matches
Public Member Functions | List of all members
MechParamGMAC Class Reference

Constructs a mechanism parameter for Galois Counter MAC (GMAC) creation or verification. More...

Inheritance diagram for MechParamGMAC:
[legend]
Collaboration diagram for MechParamGMAC:
[legend]

Public Member Functions

 MechParamGMAC (int mech, const ByteArray &iv_init, int iv_gen_func=CXI_MECH_PARAM_IV_NO_GENERATE)
 
MechanismParameter getEncoded (void)
 
- Public Member Functions inherited from MechParam
 MechParam (int mech)
 Constructs a mechanism parameter with the given mechanism specifier. More...
 
MechanismParameter getEncoded (void)
 

Detailed Description

Constructs a mechanism parameter for Galois Counter MAC (GMAC) creation or verification.

Note
The GMAC calculation utilizes the underlying AES GCM algorithm.

The following example illustrates the usage of the MechParamGMAC class:

// create AES GMAC
Key key = ...;
ByteArray iv;
ByteArray data = ...;
MechParamGMAC mechParam = MechParamGMAC();
// sign
ByteArray mac = cxi->sign(CXI_FLAG_CRYPT_FINAL, key, mechParam.getEncoded(), data, iv);
// IV has been randomly generated by the HSM, for the verify call we need to set it in the mechanism parameter
MechParamGMAC mpWithInternalIV = MechParamGMAC(CXI_MECH_CHAIN_GCM, iv);
// verify
bool result = cxi->verify(CXI_FLAG_CRYPT_FINAL, key, mpWithInternalIV.getEncoded(), data, mac, NULL);
if (result != true) throw Exception("<verify>", "GMAC verification failed");
cxi::ByteArray
Encapsulates an array of primitive type char in an object and provides methods to operate on binary d...
Definition: sw/cxi_api_c/def/bytearray.h:22
cxi::Exception
Constructs an exception object.
Definition: sw/cxi_api_c/def/exception.h:22
cxi::Key
Encapsulates key handles or key blobs of type 'Backup Blob', see Format of Key Blobs.
Definition: sw/cxi_api_c/def/key.h:19
cxi::MechParamGMAC
Constructs a mechanism parameter for Galois Counter MAC (GMAC) creation or verification.
Definition: sw/cxi_api_c/def/mechparam.h:144
cxi::MechParamGMAC::getEncoded
MechanismParameter getEncoded(void)
Definition: mechparam.cpp:919
CXI_FLAG_CRYPT_FINAL
#define CXI_FLAG_CRYPT_FINAL
Finalize En/Decryption Operation.
Definition: fw/cxi/def/cxi_defs.h:510
CXI_MECH_CHAIN_GCM
#define CXI_MECH_CHAIN_GCM
Galois Counter Mode (AES)
Definition: fw/cxi/def/cxi_defs.h:362
cxi
Definition: cxi.cpp:173

Constructor & Destructor Documentation

◆ MechParamGMAC()

MechParamGMAC ( int  mech,
const ByteArray iv_init,
int  iv_generate_func = CXI_MECH_PARAM_IV_NO_GENERATE 
)

Constructs mechanism parameter for Galois Counter Mode MAC creation (see NIST SP-800-38D).

Parameters
mechXOR combination of mechanism specifier:
  • chaining mode:
    • CXI_MECH_CHAIN_GCM (default)
iv_initInitialization Vector:
  • The length of the Initialization Vector has to be less than 2^16 - 1.
  • 96 bit (12 bytes) length is recommended by the NIST, but other values are allowed as well.
  • For verification, the IV must be given at least for the final call.
iv_gen_funcIV generation function:
  • For signing calls we recommend to use CXI_GCM_IV_GENERATE for this parameter. In this case the CryptoServer generates a random IV internally with l_iv_init Bytes. This IV is returned by the final signing call and must then be used as IV for the verification.

Member Function Documentation

◆ getEncoded()

MechanismParameter getEncoded ( void  )
Returns
Returns the encoded mechanism parameter.
Generated by doxygen 1.9.5