Crypto++
5.6.3
Free C++ class library of cryptographic schemes
|
EAX block cipher mode of operation. More...
Public Types | |
enum | IV_Requirement { UNIQUE_IV = 0, RANDOM_IV, UNPREDICTABLE_RANDOM_IV, INTERNALLY_GENERATED_IV, NOT_RESYNCHRONIZABLE } |
Provides IV requirements as an enumerated value. More... | |
Public Member Functions | |
std::string | AlgorithmName () const |
Provides the name of this algorithm. More... | |
size_t | MinKeyLength () const |
Returns smallest valid key length in bytes. | |
size_t | MaxKeyLength () const |
Returns largest valid key length in bytes. | |
size_t | DefaultKeyLength () const |
Returns default (recommended) key length in bytes. | |
size_t | GetValidKeyLength (size_t n) const |
bool | IsValidKeyLength (size_t n) const |
Returns whether keylength is a valid key length. More... | |
unsigned int | OptimalDataAlignment () const |
Provides input and output data alignment for optimal performance. More... | |
IV_Requirement | IVRequirement () const |
returns the minimal requirement for secure IVs | |
unsigned int | IVSize () const |
Returns length of the IV accepted by this object. More... | |
unsigned int | MinIVLength () const |
returns minimal length of IVs accepted by this object | |
unsigned int | MaxIVLength () const |
returns maximal length of IVs accepted by this object | |
unsigned int | DigestSize () const |
Provides the digest size of the hash. More... | |
lword | MaxHeaderLength () const |
the maximum length of AAD that can be input before the encrypted data | |
lword | MaxMessageLength () const |
the maximum length of encrypted data | |
bool | IsRandomAccess () const |
Determines whether the cipher supports random access. More... | |
bool | IsSelfInverting () const |
Determines whether the cipher is self-inverting. More... | |
void | UncheckedSetKey (const byte *, unsigned int, const ::NameValuePairs &) |
void | SetKey (const byte *userKey, size_t keylength, const NameValuePairs ¶ms) |
Sets or reset the key of this object. More... | |
void | Restart () |
Restart the hash. More... | |
void | Resynchronize (const byte *iv, int length=-1) |
resynchronize with an IV. ivLength=-1 means use IVSize() | |
void | Update (const byte *input, size_t length) |
Updates a hash with additional input. More... | |
void | ProcessData (byte *outString, const byte *inString, size_t length) |
Encrypt or decrypt an array of bytes. More... | |
void | TruncatedFinal (byte *mac, size_t macSize) |
Computes the hash of the current message. More... | |
virtual lword | MaxFooterLength () const |
the maximum length of AAD that can be input after the encrypted data | |
virtual bool | NeedsPrespecifiedDataLengths () const |
if this function returns true, SpecifyDataLengths() must be called before attempting to input data More... | |
void | SpecifyDataLengths (lword headerLength, lword messageLength, lword footerLength=0) |
this function only needs to be called if NeedsPrespecifiedDataLengths() returns true | |
virtual void | EncryptAndAuthenticate (byte *ciphertext, byte *mac, size_t macSize, const byte *iv, int ivLength, const byte *header, size_t headerLength, const byte *message, size_t messageLength) |
encrypt and generate MAC in one call. will truncate MAC if macSize < TagSize() | |
virtual bool | DecryptAndVerify (byte *message, const byte *mac, size_t macLength, const byte *iv, int ivLength, const byte *header, size_t headerLength, const byte *ciphertext, size_t ciphertextLength) |
decrypt and verify MAC in one call, returning true iff MAC is valid. will assume MAC is truncated if macLength < TagSize() | |
void | SetKeyWithRounds (const byte *key, size_t length, int rounds) |
Sets or reset the key of this object. More... | |
void | SetKeyWithIV (const byte *key, size_t length, const byte *iv, size_t ivLength) |
Sets or reset the key of this object. More... | |
void | SetKeyWithIV (const byte *key, size_t length, const byte *iv) |
Sets or reset the key of this object. More... | |
bool | IsResynchronizable () const |
returns whether the object can be resynchronized (i.e. supports initialization vectors) More... | |
bool | CanUseRandomIVs () const |
returns whether the object can use random IVs (in addition to ones returned by GetNextIV) | |
bool | CanUsePredictableIVs () const |
returns whether the object can use random but possibly predictable IVs (in addition to ones returned by GetNextIV) | |
bool | CanUseStructuredIVs () const |
returns whether the object can use structured IVs, for example a counter (in addition to ones returned by GetNextIV) | |
unsigned int | DefaultIVLength () const |
returns default length of IVs accepted by this object | |
virtual void | GetNextIV (RandomNumberGenerator &rng, byte *iv) |
Gets a secure IV for the next message. More... | |
HashTransformation & | Ref () |
Provides a reference to this object. More... | |
StreamTransformation & | Ref () |
Provides a reference to this object. More... | |
virtual byte * | CreateUpdateSpace (size_t &size) |
Request space which can be written into by the caller. More... | |
virtual void | Final (byte *digest) |
Computes the hash of the current message. More... | |
unsigned int | TagSize () const |
Provides the tag size of the hash. More... | |
virtual unsigned int | BlockSize () const |
Provides the block size of the compression function. More... | |
virtual unsigned int | OptimalBlockSize () const |
Provides the input block size most efficient for this hash. More... | |
virtual unsigned int | OptimalBlockSize () const |
Provides the input block size most efficient for this cipher. More... | |
virtual void | CalculateDigest (byte *digest, const byte *input, size_t length) |
Updates the hash with additional input and computes the hash of the current message. More... | |
virtual bool | Verify (const byte *digest) |
Verifies the hash of the current message. More... | |
virtual bool | VerifyDigest (const byte *digest, const byte *input, size_t length) |
Updates the hash with additional input and verifies the hash of the current message. More... | |
virtual void | CalculateTruncatedDigest (byte *digest, size_t digestSize, const byte *input, size_t length) |
Updates the hash with additional input and computes the hash of the current message. More... | |
virtual bool | TruncatedVerify (const byte *digest, size_t digestLength) |
Verifies the hash of the current message. More... | |
virtual bool | VerifyTruncatedDigest (const byte *digest, size_t digestLength, const byte *input, size_t length) |
Updates the hash with additional input and verifies the hash of the current message. More... | |
virtual Clonable * | Clone () const |
Copies this object. More... | |
virtual unsigned int | MandatoryBlockSize () const |
Provides the mandatory block size of the cipher. More... | |
virtual unsigned int | GetOptimalBlockSizeUsed () const |
Provides the number of bytes used in the current block when processing at optimal block size. More... | |
virtual void | ProcessLastBlock (byte *outString, const byte *inString, size_t length) |
Encrypt or decrypt the last block of data. More... | |
virtual unsigned int | MinLastBlockSize () const |
returns the minimum size of the last block, 0 indicating the last block is not special | |
void | ProcessString (byte *inoutString, size_t length) |
Encrypt or decrypt a string of bytes. More... | |
void | ProcessString (byte *outString, const byte *inString, size_t length) |
Encrypt or decrypt a string of bytes. More... | |
byte | ProcessByte (byte input) |
Encrypt or decrypt a byte. More... | |
virtual void | Seek (lword pos) |
Seek to an absolute position. More... | |
virtual bool | IsForwardTransformation () const =0 |
Determines if the cipher is being operated in its forward direction. More... | |
EAX block cipher mode of operation.
Implementations and overrides in EAX_Base
apply to both ENCRYPTION
and DECRYPTION
directions
|
inherited |
Provides IV requirements as an enumerated value.
Definition at line 555 of file cryptlib.h.
|
inlinevirtual |
Provides the name of this algorithm.
The standard algorithm name can be a name like AES or AES/GCM. Some algorithms do not have standard names yet. For example, there is no standard algorithm name for Shoup's ECIES.
Implements AuthenticatedSymmetricCipher.
|
inlinevirtual |
min(n, GetMaxKeyLength())
Implements SimpleKeyingInterface.
|
inlinevirtual |
Returns whether keylength is a valid key length.
Internally the function calls GetValidKeyLength()
Reimplemented from SimpleKeyingInterface.
|
inlinevirtual |
Provides input and output data alignment for optimal performance.
Reimplemented from StreamTransformation.
|
inlinevirtual |
Returns length of the IV accepted by this object.
The default implementation throws NotImplemented
Reimplemented from SimpleKeyingInterface.
|
inlinevirtual |
Provides the digest size of the hash.
Calls to Final() require a buffer that is equal to (or greater than) DigestSize().
Implements HashTransformation.
|
inlinevirtualinherited |
Determines whether the cipher supports random access.
Implements StreamTransformation.
|
inlinevirtualinherited |
Determines whether the cipher is self-inverting.
IsSelfInverting determines whether this transformation is self-inverting (e.g. xor with a keystream).
Implements StreamTransformation.
|
virtualinherited |
Sets or reset the key of this object.
key | the key to use when keying the object |
length | the size of the key, in bytes |
params | additional initialization parameters that cannot be passed directly through the constructor |
Reimplemented from SimpleKeyingInterface.
Definition at line 48 of file authenc.cpp.
References AuthenticatedSymmetricCipherBase::Resynchronize().
|
inlinevirtualinherited |
Restart the hash.
Discards the current state, and restart for a new message
Reimplemented from HashTransformation.
|
virtualinherited |
Updates a hash with additional input.
input | the additional input as a buffer |
length | the size of the buffer, in bytes |
Implements HashTransformation.
Definition at line 75 of file authenc.cpp.
References AuthenticatedSymmetricCipher::AlgorithmName().
|
virtualinherited |
Encrypt or decrypt an array of bytes.
outString | the output byte buffer |
inString | the input byte buffer |
length | the size of the input and output byte buffers, in bytes |
Either inString == outString
, or they must not overlap.
Implements StreamTransformation.
Definition at line 104 of file authenc.cpp.
References AuthenticatedSymmetricCipher::AlgorithmName(), StreamTransformation::IsForwardTransformation(), AuthenticatedSymmetricCipher::MaxMessageLength(), and StreamTransformation::ProcessData().
|
virtualinherited |
Computes the hash of the current message.
digest | a pointer to the buffer to receive the hash |
digestSize | the size of the truncated digest, in bytes |
TruncatedFinal() call Final() and then copies digestSize bytes to digest
TruncatedFinal() restarts the hash for the next nmessage.
Implements HashTransformation.
Definition at line 136 of file authenc.cpp.
References AuthenticatedSymmetricCipher::AlgorithmName(), IntToString(), AuthenticatedSymmetricCipher::MaxFooterLength(), and AuthenticatedSymmetricCipher::MaxHeaderLength().
|
inlinevirtualinherited |
if this function returns true, SpecifyDataLengths() must be called before attempting to input data
This is the case for some schemes, such as CCM.
Reimplemented in CCM_Base.
Definition at line 1055 of file cryptlib.h.
Referenced by TestDataNameValuePairs::GetVoidValue().
|
inherited |
Sets or reset the key of this object.
key | the key to use when keying the object |
length | the size of the key, in bytes |
rounds | the number of rounds to apply the transformation function, if applicable |
SetKeyWithRounds calls SetKey with an NameValuePairs object that just specifies rounds. rounds is an integer parameter, and -1
means use the default number of rounds.
Definition at line 106 of file cryptlib.cpp.
References MakeParameters(), and Name::Rounds().
|
inherited |
Sets or reset the key of this object.
key | the key to use when keying the object |
length | the size of the key, in bytes |
iv | the intiialization vector to use when keying the object |
ivLength | the size of the iv, in bytes |
SetKeyWithIV calls SetKey with an NameValuePairs object that just specifies iv. iv is a byte buffer with size ivLength.
Definition at line 111 of file cryptlib.cpp.
References NameValuePairs::GetValue(), IntToString(), Name::IV(), and MakeParameters().
|
inlineinherited |
Sets or reset the key of this object.
key | the key to use when keying the object |
length | the size of the key, in bytes |
iv | the intiialization vector to use when keying the object |
SetKeyWithIV calls SetKey with an NameValuePairs object that just specifies iv. iv is a byte buffer, and it must have a size IVSize.
Definition at line 551 of file cryptlib.h.
|
inlineinherited |
returns whether the object can be resynchronized (i.e. supports initialization vectors)
If this function returns true, and no IV is passed to SetKey() and CanUseStructuredIVs()==true, an IV of all 0's will be assumed.
Definition at line 573 of file cryptlib.h.
Referenced by CipherModeBase::IVSize(), and BlockOrientedCipherModeBase::UncheckedSetKey().
|
virtualinherited |
Gets a secure IV for the next message.
rng | a RandomNumberGenerator to produce keying material |
iv | a block of bytes to receive the IV |
This method should be called after you finish encrypting one message and are ready to start the next one. After calling it, you must call SetKey() or Resynchronize() before using this object again.
key must be at least IVSize() in length.
Reimplemented in VMAC_Base.
Definition at line 176 of file cryptlib.cpp.
References RandomNumberGenerator::GenerateBlock().
Referenced by VMAC_Base::GetNextIV(), and FilterTester::Put2().
|
inlineinherited |
Provides a reference to this object.
Useful for passing a temporary object to a function that takes a non-const reference
Definition at line 864 of file cryptlib.h.
|
inlineinherited |
Provides a reference to this object.
Useful for passing a temporary object to a function that takes a non-const reference
Definition at line 758 of file cryptlib.h.
|
inlinevirtualinherited |
Request space which can be written into by the caller.
size | the requested size of the buffer |
The purpose of this method is to help avoid extra memory allocations.
size is an IN and OUT parameter and used as a hint. When the call is made, size is the requested size of the buffer. When the call returns, size is the size of the array returned to the caller.
The base class implementation sets size to 0 and returns NULL.
Definition at line 879 of file cryptlib.h.
|
inlinevirtualinherited |
Computes the hash of the current message.
digest | a pointer to the buffer to receive the hash |
digest must be equal to (or greater than) DigestSize(). Final() restarts the hash for a new message.
Definition at line 885 of file cryptlib.h.
References Name::DigestSize().
Referenced by DefaultDecryptor::DefaultDecryptor(), DefaultEncryptor::DefaultEncryptor(), PKCS5_PBKDF2_HMAC< T >::DeriveKey(), RandomPool::IncorporateEntropy(), PKCS_EncryptionPaddingScheme::MaxUnpaddedLength(), and HMAC_Base::TruncatedFinal().
|
inlineinherited |
Provides the tag size of the hash.
Same as DigestSize().
Definition at line 901 of file cryptlib.h.
References Name::DigestSize().
|
inlinevirtualinherited |
Provides the block size of the compression function.
BlockSize() will return 0 if the hash is not block based. For example, SHA3 is a recursive hash (not an iterative hash), and it does not have a block size.
Reimplemented in VMAC_Base, and Weak::MD2.
Definition at line 907 of file cryptlib.h.
Referenced by CBC_MAC_Base::DigestSize(), HMAC_Base::DigestSize(), HMAC_Base::TruncatedFinal(), CBC_MAC_Base::TruncatedFinal(), and HMAC_Base::UncheckedSetKey().
|
inlinevirtualinherited |
Provides the input block size most efficient for this hash.
The base class implemnetation returns MandatoryBlockSize().
n * OptimalBlockSize() - GetOptimalBlockSizeUsed()
for any n > 0
. Reimplemented in CMAC_Base, and HMAC_Base.
Definition at line 914 of file cryptlib.h.
|
inlinevirtualinherited |
Provides the input block size most efficient for this cipher.
The base class implemnetation returns MandatoryBlockSize().
n * OptimalBlockSize() - GetOptimalBlockSizeUsed()
for any n > 0
. Reimplemented in ECB_OneWay.
Definition at line 769 of file cryptlib.h.
|
inlinevirtualinherited |
Updates the hash with additional input and computes the hash of the current message.
digest | a pointer to the buffer to receive the hash |
input | the additional input as a buffer |
length | the size of the buffer, in bytes |
Use this if your input is in one piece and you don't want to call Update() and Final() separately
CalculateDigest() restarts the hash for the next nmessage.
Definition at line 927 of file cryptlib.h.
Referenced by HKDF< T >::DeriveKey(), PKCS5_PBKDF2_HMAC< T >::DeriveKey(), and OAEP_Base::MaxUnpaddedLength().
|
inlinevirtualinherited |
Verifies the hash of the current message.
digest | a pointer to the buffer of an existing hash |
true
if the existing hash matches the computed hash, false
otherwise ThrowIfInvalidTruncatedSize() | if the existing hash's size exceeds DigestSize() |
Calls to Verify() require a buffer that is equal to (or greater than) DigestSize().
Verify() performs a bitwise compare on the buffers using VerifyBufsEqual(), which is a constant time comparison function. digestLength cannot exceed DigestSize().
Verify() restarts the hash for the next nmessage.
Definition at line 938 of file cryptlib.h.
References Name::DigestSize().
Referenced by Gunzip::Gunzip(), and ZlibDecompressor::ZlibDecompressor().
|
inlinevirtualinherited |
Updates the hash with additional input and verifies the hash of the current message.
digest | a pointer to the buffer of an existing hash |
input | the additional input as a buffer |
length | the size of the buffer, in bytes |
true
if the existing hash matches the computed hash, false
otherwise ThrowIfInvalidTruncatedSize() | if the existing hash's size exceeds DigestSize() |
Use this if your input is in one piece and you don't want to call Update() and Verify() separately
VerifyDigest() performs a bitwise compare on the buffers using VerifyBufsEqual(), which is a constant time comparison function. digestLength cannot exceed DigestSize().
VerifyDigest() restarts the hash for the next nmessage.
Definition at line 952 of file cryptlib.h.
Referenced by OAEP_Base::MaxUnpaddedLength().
|
inlinevirtualinherited |
Updates the hash with additional input and computes the hash of the current message.
digest | a pointer to the buffer to receive the hash |
digestSize | the length of the truncated hash, in bytes |
input | the additional input as a buffer |
length | the size of the buffer, in bytes |
Use this if your input is in one piece and you don't want to call Update() and CalculateDigest() separately.
CalculateTruncatedDigest() restarts the hash for the next nmessage.
Definition at line 970 of file cryptlib.h.
|
virtualinherited |
Verifies the hash of the current message.
digest | a pointer to the buffer of an existing hash |
digestLength | the size of the truncated hash, in bytes |
true
if the existing hash matches the computed hash, false
otherwise ThrowIfInvalidTruncatedSize() | if digestLength exceeds DigestSize() |
TruncatedVerify() is a truncated version of Verify(). It can operate on a buffer smaller than DigestSize(). However, digestLength cannot exceed DigestSize().
Verify() performs a bitwise compare on the buffers using VerifyBufsEqual(), which is a constant time comparison function. digestLength cannot exceed DigestSize().
TruncatedVerify() restarts the hash for the next nmessage.
Reimplemented in TruncatedHashTemplate< T >, and NullHash.
Definition at line 411 of file cryptlib.cpp.
References Name::DigestSize(), IntToString(), and VerifyBufsEqual().
|
inlinevirtualinherited |
Updates the hash with additional input and verifies the hash of the current message.
digest | a pointer to the buffer of an existing hash |
digestLength | the size of the truncated hash, in bytes |
input | the additional input as a buffer |
length | the size of the buffer, in bytes |
true
if the existing hash matches the computed hash, false
otherwise ThrowIfInvalidTruncatedSize() | if digestLength exceeds DigestSize() |
Use this if your input is in one piece and you don't want to call Update() and TruncatedVerify() separately.
VerifyTruncatedDigest() is a truncated version of VerifyDigest(). It can operate on a buffer smaller than DigestSize(). However, digestLength cannot exceed DigestSize().
VerifyTruncatedDigest() restarts the hash for the next nmessage.
Definition at line 997 of file cryptlib.h.
|
inlinevirtualinherited |
Copies this object.
NotImplemented |
Definition at line 464 of file cryptlib.h.
|
inlinevirtualinherited |
Provides the mandatory block size of the cipher.
Reimplemented in BlockOrientedCipherModeBase.
Definition at line 762 of file cryptlib.h.
Referenced by ArrayXorSink::Put2().
|
inlinevirtualinherited |
Provides the number of bytes used in the current block when processing at optimal block size.
Definition at line 773 of file cryptlib.h.
|
virtualinherited |
Encrypt or decrypt the last block of data.
outString | the output byte buffer |
inString | the input byte buffer |
length | the size of the input and output byte buffers, in bytes ProcessLastBlock is used when the last block of data is special. Currently the only use of this function is CBC-CTS mode. |
Reimplemented in CBC_CTS_Decryption, and CBC_CTS_Encryption.
Definition at line 247 of file cryptlib.cpp.
|
inlineinherited |
Encrypt or decrypt a string of bytes.
inoutString | the string to process |
length | the size of the inoutString, in bytes |
Internally, the base class implementation calls ProcessData().
Definition at line 801 of file cryptlib.h.
Referenced by TestDataNameValuePairs::GetVoidValue().
|
inlineinherited |
Encrypt or decrypt a string of bytes.
outString | the output string to process |
inString | the input string to process |
length | the size of the input and output strings, in bytes |
Internally, the base class implementation calls ProcessData().
Definition at line 809 of file cryptlib.h.
|
inlineinherited |
Encrypt or decrypt a byte.
input | the input byte to process |
Internally, the base class implementation calls ProcessData() with a size of 1.
Definition at line 815 of file cryptlib.h.
|
inlinevirtualinherited |
Seek to an absolute position.
pos | position to seek |
NotImplemented |
The base class implementation throws NotImplemented. The function asserts IsRandomAccess() in debug builds.
Reimplemented in BlumBlumShub.
Definition at line 827 of file cryptlib.h.
Referenced by TestDataNameValuePairs::GetVoidValue().
|
pure virtualinherited |
Determines if the cipher is being operated in its forward direction.
Implemented in BlockOrientedCipherModeBase, GCM_Final< T_BlockCipher, T_TablesOption, T_IsEncryption >, CCM_Final< T_BlockCipher, T_DefaultDigestSize, T_IsEncryption >, EAX_Final< T_BlockCipher, T_IsEncryption >, Weak::ARC4_Base, and PublicBlumBlumShub.
Referenced by AuthenticatedDecryptionFilter::AuthenticatedDecryptionFilter(), AuthenticatedEncryptionFilter::AuthenticatedEncryptionFilter(), AuthenticatedSymmetricCipherBase::ProcessData(), and ArrayXorSink::Put2().