Crypto++
|
interface for for one direction (encryption or decryption) of a stream cipher or block cipher mode with authentication More...
#include <cryptlib.h>
Classes | |
class | BadState |
this indicates that a member function was called in the wrong state, for example trying to encrypt a message before having set the key or IV More... | |
Public Types | |
enum | IV_Requirement { UNIQUE_IV = 0, RANDOM_IV, UNPREDICTABLE_RANDOM_IV, INTERNALLY_GENERATED_IV, NOT_RESYNCHRONIZABLE } |
Public Member Functions | |
virtual lword | MaxHeaderLength () const =0 |
the maximum length of AAD that can be input before the encrypted data | |
virtual lword | MaxMessageLength () const =0 |
the maximum length of encrypted data | |
virtual lword | MaxFooterLength () const |
the maximum length of AAD that can be input after the encrypted data | |
virtual bool | NeedsPrespecifiedDataLengths () const |
if this function returns true, SpecifyDataLengths() must be called before attempting to input data More... | |
void | SpecifyDataLengths (lword headerLength, lword messageLength, lword footerLength=0) |
this function only needs to be called if NeedsPrespecifiedDataLengths() returns true | |
virtual void | EncryptAndAuthenticate (byte *ciphertext, byte *mac, size_t macSize, const byte *iv, int ivLength, const byte *header, size_t headerLength, const byte *message, size_t messageLength) |
encrypt and generate MAC in one call. will truncate MAC if macSize < TagSize() | |
virtual bool | DecryptAndVerify (byte *message, const byte *mac, size_t macLength, const byte *iv, int ivLength, const byte *header, size_t headerLength, const byte *ciphertext, size_t ciphertextLength) |
decrypt and verify MAC in one call, returning true iff MAC is valid. will assume MAC is truncated if macLength < TagSize() | |
virtual std::string | AlgorithmName () const =0 |
returns name of this algorithm, not universally implemented yet | |
virtual size_t | MinKeyLength () const =0 |
returns smallest valid key length in bytes */ | |
virtual size_t | MaxKeyLength () const =0 |
returns largest valid key length in bytes */ | |
virtual size_t | DefaultKeyLength () const =0 |
returns default (recommended) key length in bytes */ | |
virtual size_t | GetValidKeyLength (size_t n) const =0 |
returns the smallest valid key length in bytes that is >= min(n, GetMaxKeyLength()) | |
virtual bool | IsValidKeyLength (size_t n) const |
returns whether n is a valid key length | |
virtual void | SetKey (const byte *key, size_t length, const NameValuePairs ¶ms=g_nullNameValuePairs) |
set or reset the key of this object More... | |
void | SetKeyWithRounds (const byte *key, size_t length, int rounds) |
calls SetKey() with an NameValuePairs object that just specifies "Rounds" | |
void | SetKeyWithIV (const byte *key, size_t length, const byte *iv, size_t ivLength) |
calls SetKey() with an NameValuePairs object that just specifies "IV" | |
void | SetKeyWithIV (const byte *key, size_t length, const byte *iv) |
calls SetKey() with an NameValuePairs object that just specifies "IV" | |
virtual IV_Requirement | IVRequirement () const =0 |
returns the minimal requirement for secure IVs | |
bool | IsResynchronizable () const |
returns whether this object can be resynchronized (i.e. supports initialization vectors) More... | |
bool | CanUseRandomIVs () const |
returns whether this object can use random IVs (in addition to ones returned by GetNextIV) | |
bool | CanUsePredictableIVs () const |
returns whether this object can use random but possibly predictable IVs (in addition to ones returned by GetNextIV) | |
bool | CanUseStructuredIVs () const |
returns whether this object can use structured IVs, for example a counter (in addition to ones returned by GetNextIV) | |
virtual unsigned int | IVSize () const |
unsigned int | DefaultIVLength () const |
returns default length of IVs accepted by this object | |
virtual unsigned int | MinIVLength () const |
returns minimal length of IVs accepted by this object | |
virtual unsigned int | MaxIVLength () const |
returns maximal length of IVs accepted by this object | |
virtual void | Resynchronize (const byte *iv, int ivLength=-1) |
resynchronize with an IV. ivLength=-1 means use IVSize() | |
virtual void | GetNextIV (RandomNumberGenerator &rng, byte *IV) |
get a secure IV for the next message More... | |
HashTransformation & | Ref () |
return a reference to this object, useful for passing a temporary object to a function that takes a non-const reference | |
virtual void | Update (const byte *input, size_t length)=0 |
process more input | |
virtual byte * | CreateUpdateSpace (size_t &size) |
request space to write input into | |
virtual void | Final (byte *digest) |
compute hash for current message, then restart for a new message More... | |
virtual void | Restart () |
discard the current state, and restart with a new message | |
virtual unsigned int | DigestSize () const =0 |
size of the hash/digest/MAC returned by Final() | |
unsigned int | TagSize () const |
same as DigestSize() | |
virtual unsigned int | BlockSize () const |
block size of underlying compression function, or 0 if not block based | |
virtual unsigned int | OptimalBlockSize () const |
input to Update() should have length a multiple of this for optimal speed | |
virtual unsigned int | OptimalDataAlignment () const |
returns how input should be aligned for optimal performance | |
virtual void | CalculateDigest (byte *digest, const byte *input, size_t length) |
use this if your input is in one piece and you don't want to call Update() and Final() separately | |
virtual bool | Verify (const byte *digest) |
verify that digest is a valid digest for the current message, then reinitialize the object More... | |
virtual bool | VerifyDigest (const byte *digest, const byte *input, size_t length) |
use this if your input is in one piece and you don't want to call Update() and Verify() separately | |
virtual void | TruncatedFinal (byte *digest, size_t digestSize)=0 |
truncated version of Final() | |
virtual void | CalculateTruncatedDigest (byte *digest, size_t digestSize, const byte *input, size_t length) |
truncated version of CalculateDigest() | |
virtual bool | TruncatedVerify (const byte *digest, size_t digestLength) |
truncated version of Verify() | |
virtual bool | VerifyTruncatedDigest (const byte *digest, size_t digestLength, const byte *input, size_t length) |
truncated version of VerifyDigest() | |
virtual Clonable * | Clone () const |
this is not implemented by most classes yet | |
StreamTransformation & | Ref () |
return a reference to this object, useful for passing a temporary object to a function that takes a non-const reference | |
virtual unsigned int | MandatoryBlockSize () const |
returns block size, if input must be processed in blocks, otherwise 1 | |
virtual unsigned int | OptimalBlockSize () const |
returns the input block size that is most efficient for this cipher More... | |
virtual unsigned int | GetOptimalBlockSizeUsed () const |
returns how much of the current block is used up | |
virtual unsigned int | OptimalDataAlignment () const |
returns how input should be aligned for optimal performance | |
virtual void | ProcessData (byte *outString, const byte *inString, size_t length)=0 |
encrypt or decrypt an array of bytes of specified length More... | |
virtual void | ProcessLastBlock (byte *outString, const byte *inString, size_t length) |
for ciphers where the last block of data is special, encrypt or decrypt the last block of data More... | |
virtual unsigned int | MinLastBlockSize () const |
returns the minimum size of the last block, 0 indicating the last block is not special | |
void | ProcessString (byte *inoutString, size_t length) |
same as ProcessData(inoutString, inoutString, length) | |
void | ProcessString (byte *outString, const byte *inString, size_t length) |
same as ProcessData(outString, inString, length) | |
byte | ProcessByte (byte input) |
implemented as {ProcessData(&input, &input, 1); return input;} | |
virtual bool | IsRandomAccess () const =0 |
returns whether this cipher supports random access | |
virtual void | Seek (lword n) |
for random access ciphers, seek to an absolute position | |
virtual bool | IsSelfInverting () const =0 |
returns whether this transformation is self-inverting (e.g. xor with a keystream) | |
virtual bool | IsForwardTransformation () const =0 |
returns whether this is an encryption object | |
Protected Member Functions | |
const Algorithm & | GetAlgorithm () const |
virtual void | UncheckedSpecifyDataLengths (lword headerLength, lword messageLength, lword footerLength) |
virtual void | UncheckedSetKey (const byte *key, unsigned int length, const NameValuePairs ¶ms)=0 |
void | ThrowIfInvalidKeyLength (size_t length) |
void | ThrowIfResynchronizable () |
void | ThrowIfInvalidIV (const byte *iv) |
size_t | ThrowIfInvalidIVLength (int size) |
const byte * | GetIVAndThrowIfInvalid (const NameValuePairs ¶ms, size_t &size) |
void | AssertValidKeyLength (size_t length) const |
void | ThrowIfInvalidTruncatedSize (size_t size) const |
interface for for one direction (encryption or decryption) of a stream cipher or block cipher mode with authentication
The StreamTransformation part of this interface is used to encrypt/decrypt the data, and the MessageAuthenticationCode part of this interface is used to input additional authenticated data (AAD, which is MAC'ed but not encrypted), and to generate/verify the MAC.
Definition at line 626 of file cryptlib.h.
|
inlinevirtual |
if this function returns true, SpecifyDataLengths() must be called before attempting to input data
This is the case for some schemes, such as CCM.
Reimplemented in CCM_Base.
Definition at line 645 of file cryptlib.h.
|
virtualinherited |
set or reset the key of this object
params | is used to specify Rounds, BlockSize, etc. |
Reimplemented in ECB_OneWay, and AuthenticatedSymmetricCipherBase.
|
inlineinherited |
returns whether this object can be resynchronized (i.e. supports initialization vectors)
If this function returns true, and no IV is passed to SetKey() and CanUseStructuredIVs()==true, an IV of all 0's will be assumed.
Definition at line 385 of file cryptlib.h.
|
virtualinherited |
get a secure IV for the next message
This method should be called after you finish encrypting one message and are ready to start the next one. After calling it, you must call SetKey() or Resynchronize() before using this object again. This method is not implemented on decryption objects.
Reimplemented in VMAC_Base.
|
inlinevirtualinherited |
compute hash for current message, then restart for a new message
Definition at line 544 of file cryptlib.h.
Referenced by PKCS5_PBKDF2_HMAC< T >::DeriveKey().
|
inlinevirtualinherited |
verify that digest is a valid digest for the current message, then reinitialize the object
Default implementation is to call Final() and do a bitwise comparison between its output and digest.
Definition at line 574 of file cryptlib.h.
|
inlinevirtualinherited |
returns the input block size that is most efficient for this cipher
Reimplemented in ECB_OneWay.
Definition at line 480 of file cryptlib.h.
|
pure virtualinherited |
encrypt or decrypt an array of bytes of specified length
Implemented in CBC_Decryption, CBC_Encryption, ECB_OneWay, AuthenticatedSymmetricCipherBase, Weak1::ARC4_Base, and PublicBlumBlumShub.
|
virtualinherited |
for ciphers where the last block of data is special, encrypt or decrypt the last block of data
For now the only use of this function is for CBC-CTS mode.
Reimplemented in CBC_CTS_Decryption, and CBC_CTS_Encryption.