Crypto++ 8.9
Free C++ class library of cryptographic schemes
Classes | Public Member Functions | List of all members
AuthenticatedSymmetricCipher Class Referenceabstract

Interface for authenticated encryption modes of operation. More...

#include <cryptlib.h>

+ Inheritance diagram for AuthenticatedSymmetricCipher:

Classes

class  BadState
 Exception thrown when the object is in the wrong state for the operation. More...
 

Public Member Functions

virtual lword MaxHeaderLength () const =0
 Provides the maximum length of AAD that can be input.
 
virtual lword MaxMessageLength () const =0
 Provides the maximum length of encrypted data.
 
virtual lword MaxFooterLength () const
 Provides the maximum length of AAD.
 
virtual bool NeedsPrespecifiedDataLengths () const
 Determines if data lengths must be specified prior to inputting data.
 
void SpecifyDataLengths (lword headerLength, lword messageLength, lword footerLength=0)
 Prescribes the data lengths.
 
virtual void EncryptAndAuthenticate (byte *ciphertext, byte *mac, size_t macSize, const byte *iv, int ivLength, const byte *header, size_t headerLength, const byte *message, size_t messageLength)
 Encrypts and calculates a MAC in one call.
 
virtual bool DecryptAndVerify (byte *message, const byte *mac, size_t macSize, const byte *iv, int ivLength, const byte *header, size_t headerLength, const byte *ciphertext, size_t ciphertextLength)
 Decrypts and verifies a MAC in one call.
 
virtual std::string AlgorithmName () const
 Provides the name of this algorithm.
 
virtual std::string AlgorithmProvider () const
 Retrieve the provider of this algorithm.
 
- Public Member Functions inherited from SimpleKeyingInterface
virtual size_t MinKeyLength () const =0
 Returns smallest valid key length.
 
virtual size_t MaxKeyLength () const =0
 Returns largest valid key length.
 
virtual size_t DefaultKeyLength () const =0
 Returns default key length.
 
virtual size_t GetValidKeyLength (size_t keylength) const =0
 Returns a valid key length for the algorithm.
 
virtual bool IsValidKeyLength (size_t keylength) const
 Returns whether keylength is a valid key length.
 
virtual void SetKey (const byte *key, size_t length, const NameValuePairs &params=g_nullNameValuePairs)
 Sets or reset the key of this object.
 
void SetKeyWithRounds (const byte *key, size_t length, int rounds)
 Sets or reset the key of this object.
 
void SetKeyWithIV (const byte *key, size_t length, const byte *iv, size_t ivLength)
 Sets or reset the key of this object.
 
void SetKeyWithIV (const byte *key, size_t length, const byte *iv)
 Sets or reset the key of this object.
 
virtual IV_Requirement IVRequirement () const =0
 Minimal requirement for secure IVs.
 
bool IsResynchronizable () const
 Determines if the object can be resynchronized.
 
bool CanUseRandomIVs () const
 Determines if the object can use random IVs.
 
bool CanUsePredictableIVs () const
 Determines if the object can use random but possibly predictable IVs.
 
bool CanUseStructuredIVs () const
 Determines if the object can use structured IVs.
 
virtual unsigned int IVSize () const
 Returns length of the IV accepted by this object.
 
unsigned int DefaultIVLength () const
 Provides the default size of an IV.
 
virtual unsigned int MinIVLength () const
 Provides the minimum size of an IV.
 
virtual unsigned int MaxIVLength () const
 Provides the maximum size of an IV.
 
virtual void Resynchronize (const byte *iv, int ivLength=-1)
 Resynchronize with an IV.
 
virtual void GetNextIV (RandomNumberGenerator &rng, byte *iv)
 Retrieves a secure IV for the next message.
 
- Public Member Functions inherited from HashTransformation
HashTransformationRef ()
 Provides a reference to this object.
 
virtual void Update (const byte *input, size_t length)=0
 Updates a hash with additional input.
 
virtual byteCreateUpdateSpace (size_t &size)
 Request space which can be written into by the caller.
 
virtual void Final (byte *digest)
 Computes the hash of the current message.
 
virtual void Restart ()
 Restart the hash.
 
virtual unsigned int DigestSize () const =0
 Provides the digest size of the hash.
 
unsigned int TagSize () const
 Provides the tag size of the hash.
 
virtual unsigned int BlockSize () const
 Provides the block size of the compression function.
 
virtual unsigned int OptimalBlockSize () const
 Provides the input block size most efficient for this hash.
 
virtual unsigned int OptimalDataAlignment () const
 Provides input and output data alignment for optimal performance.
 
virtual void CalculateDigest (byte *digest, const byte *input, size_t length)
 Updates the hash with additional input and computes the hash of the current message.
 
virtual bool Verify (const byte *digest)
 Verifies the hash of the current message.
 
virtual bool VerifyDigest (const byte *digest, const byte *input, size_t length)
 Updates the hash with additional input and verifies the hash of the current message.
 
virtual void TruncatedFinal (byte *digest, size_t digestSize)=0
 Computes the hash of the current message.
 
virtual void CalculateTruncatedDigest (byte *digest, size_t digestSize, const byte *input, size_t length)
 Updates the hash with additional input and computes the hash of the current message.
 
virtual bool TruncatedVerify (const byte *digest, size_t digestLength)
 Verifies the hash of the current message.
 
virtual bool VerifyTruncatedDigest (const byte *digest, size_t digestLength, const byte *input, size_t length)
 Updates the hash with additional input and verifies the hash of the current message.
 
- Public Member Functions inherited from Algorithm
 Algorithm (bool checkSelfTestStatus=true)
 Interface for all crypto algorithms.
 
- Public Member Functions inherited from Clonable
virtual ClonableClone () const
 Copies this object.
 
- Public Member Functions inherited from StreamTransformation
StreamTransformationRef ()
 Provides a reference to this object.
 
virtual unsigned int MandatoryBlockSize () const
 Provides the mandatory block size of the cipher.
 
virtual unsigned int OptimalBlockSize () const
 Provides the input block size most efficient for this cipher.
 
virtual unsigned int GetOptimalBlockSizeUsed () const
 Provides the number of bytes used in the current block when processing at optimal block size.
 
virtual unsigned int OptimalDataAlignment () const
 Provides input and output data alignment for optimal performance.
 
virtual void ProcessData (byte *outString, const byte *inString, size_t length)=0
 Encrypt or decrypt an array of bytes.
 
virtual size_t ProcessLastBlock (byte *outString, size_t outLength, const byte *inString, size_t inLength)
 Encrypt or decrypt the last block of data.
 
virtual unsigned int MinLastBlockSize () const
 Provides the size of the last block.
 
virtual bool IsLastBlockSpecial () const
 Determines if the last block receives special processing.
 
void ProcessString (byte *inoutString, size_t length)
 Encrypt or decrypt a string of bytes.
 
void ProcessString (byte *outString, const byte *inString, size_t length)
 Encrypt or decrypt a string of bytes.
 
byte ProcessByte (byte input)
 Encrypt or decrypt a byte.
 
virtual bool IsRandomAccess () const =0
 Determines whether the cipher supports random access.
 
virtual void Seek (lword pos)
 Seek to an absolute position.
 
virtual bool IsSelfInverting () const =0
 Determines whether the cipher is self-inverting.
 
virtual bool IsForwardTransformation () const =0
 Determines if the cipher is being operated in its forward direction.
 

Additional Inherited Members

- Public Types inherited from SimpleKeyingInterface
enum  IV_Requirement {
  UNIQUE_IV = 0 , RANDOM_IV , UNPREDICTABLE_RANDOM_IV , INTERNALLY_GENERATED_IV ,
  NOT_RESYNCHRONIZABLE
}
 Secure IVs requirements as enumerated values. More...
 

Detailed Description

Interface for authenticated encryption modes of operation.

AuthenticatedSymmetricCipher() provides the interface for one direction (encryption or decryption) of a stream cipher or block cipher mode with authentication. The StreamTransformation() part of this interface is used to encrypt or decrypt the data. The MessageAuthenticationCode() part of the interface is used to input additional authenticated data (AAD), which is MAC'ed but not encrypted. The MessageAuthenticationCode() part is also used to generate and verify the MAC.

Crypto++ provides four authenticated encryption modes of operation - CCM, EAX, GCM and OCB mode. All modes implement AuthenticatedSymmetricCipher() and the motivation for the API, like calling AAD a "header", can be found in Bellare, Rogaway and Wagner's The EAX Mode of Operation. The EAX paper suggested a basic API to help standardize AEAD schemes in software and promote adoption of the modes.

See also
Authenticated Encryption on the Crypto++ wiki.
Since
Crypto++ 5.6.0

Definition at line 1325 of file cryptlib.h.

Constructor & Destructor Documentation

◆ ~AuthenticatedSymmetricCipher()

virtual AuthenticatedSymmetricCipher::~AuthenticatedSymmetricCipher ( )
inlinevirtual

Definition at line 1328 of file cryptlib.h.

Member Function Documentation

◆ MaxHeaderLength()

virtual lword AuthenticatedSymmetricCipher::MaxHeaderLength ( ) const
pure virtual

Provides the maximum length of AAD that can be input.

Returns
the maximum length of AAD that can be input before the encrypted data

Implemented in CCM_Base, ChaCha20Poly1305_Base, XChaCha20Poly1305_Base, EAX_Base, and GCM_Base.

◆ MaxMessageLength()

virtual lword AuthenticatedSymmetricCipher::MaxMessageLength ( ) const
pure virtual

Provides the maximum length of encrypted data.

Returns
the maximum length of encrypted data

Implemented in CCM_Base, ChaCha20Poly1305_Base, XChaCha20Poly1305_Base, EAX_Base, and GCM_Base.

◆ MaxFooterLength()

virtual lword AuthenticatedSymmetricCipher::MaxFooterLength ( ) const
inlinevirtual

Provides the maximum length of AAD.

Returns
the maximum length of AAD that can be input after the encrypted data

Reimplemented in ChaCha20Poly1305_Base, and XChaCha20Poly1305_Base.

Definition at line 1350 of file cryptlib.h.

◆ NeedsPrespecifiedDataLengths()

virtual bool AuthenticatedSymmetricCipher::NeedsPrespecifiedDataLengths ( ) const
inlinevirtual

Determines if data lengths must be specified prior to inputting data.

Returns
true if the data lengths are required before inputting data, false otherwise

if this function returns true, SpecifyDataLengths() must be called before attempting to input data. This is the case for some schemes, such as CCM.

See also
SpecifyDataLengths()

Reimplemented in CCM_Base.

Definition at line 1357 of file cryptlib.h.

◆ SpecifyDataLengths()

void AuthenticatedSymmetricCipher::SpecifyDataLengths ( lword headerLength,
lword messageLength,
lword footerLength = 0 )

Prescribes the data lengths.

Parameters
headerLengthsize of data before message is input, in bytes
messageLengthsize of the message, in bytes
footerLengthsize of data after message is input, in bytes

SpecifyDataLengths() only needs to be called if NeedsPrespecifiedDataLengths() returns true. If true, then headerLength will be validated against MaxHeaderLength(), messageLength will be validated against MaxMessageLength(), and footerLength will be validated against MaxFooterLength().

See also
NeedsPrespecifiedDataLengths()

◆ EncryptAndAuthenticate()

virtual void AuthenticatedSymmetricCipher::EncryptAndAuthenticate ( byte * ciphertext,
byte * mac,
size_t macSize,
const byte * iv,
int ivLength,
const byte * header,
size_t headerLength,
const byte * message,
size_t messageLength )
virtual

Encrypts and calculates a MAC in one call.

Parameters
ciphertextthe encryption buffer
macthe mac buffer
macSizethe size of the MAC buffer, in bytes
ivthe iv buffer
ivLengththe size of the IV buffer, in bytes
headerthe AAD buffer
headerLengththe size of the AAD buffer, in bytes
messagethe message buffer
messageLengththe size of the messagetext buffer, in bytes

EncryptAndAuthenticate() encrypts and generates the MAC in one call. The function truncates the MAC if macSize < TagSize().

Reimplemented in ChaCha20Poly1305_Base, and XChaCha20Poly1305_Base.

◆ DecryptAndVerify()

virtual bool AuthenticatedSymmetricCipher::DecryptAndVerify ( byte * message,
const byte * mac,
size_t macSize,
const byte * iv,
int ivLength,
const byte * header,
size_t headerLength,
const byte * ciphertext,
size_t ciphertextLength )
virtual

Decrypts and verifies a MAC in one call.

Parameters
messagethe decryption buffer
macthe mac buffer
macSizethe size of the MAC buffer, in bytes
ivthe iv buffer
ivLengththe size of the IV buffer, in bytes
headerthe AAD buffer
headerLengththe size of the AAD buffer, in bytes
ciphertextthe ciphertext buffer
ciphertextLengththe size of the ciphertext buffer, in bytes
Returns
true if the MAC is valid and the decoding succeeded, false otherwise

DecryptAndVerify() decrypts and verifies the MAC in one call. message is a decryption buffer and should be at least as large as the ciphertext buffer.

The function returns true iff MAC is valid. DecryptAndVerify() assumes the MAC is truncated if macLength < TagSize().

Reimplemented in ChaCha20Poly1305_Base, and XChaCha20Poly1305_Base.

◆ AlgorithmName()

virtual std::string AuthenticatedSymmetricCipher::AlgorithmName ( ) const
virtual

Provides the name of this algorithm.

Returns
the standard algorithm name

The standard algorithm name can be a name like AES or AES/GCM. Some algorithms do not have standard names yet. For example, there is no standard algorithm name for Shoup's ECIES.

Reimplemented from Algorithm.

Reimplemented in CCM_Base, ChaCha20Poly1305_Base, XChaCha20Poly1305_Base, EAX_Base, and GCM_Base.

◆ AlgorithmProvider()

virtual std::string AuthenticatedSymmetricCipher::AlgorithmProvider ( ) const
inlinevirtual

Retrieve the provider of this algorithm.

Returns
the algorithm provider

The algorithm provider can be a name like "C++", "SSE", "NEON", "AESNI", "ARMv8" and "Power8". C++ is standard C++ code. Other labels, like SSE, usually indicate a specialized implementation using instructions from a higher instruction set architecture (ISA). Future labels may include external hardware like a hardware security module (HSM).

Generally speaking Wei Dai's original IA-32 ASM code falls under "SSE2". Labels like "SSSE3" and "SSE4.1" follow after Wei's code and use intrinsics instead of ASM.

Algorithms which combine different instructions or ISAs provide the dominant one. For example on x86 AES/GCM returns "AESNI" rather than "CLMUL" or "AES+SSE4.1" or "AES+CLMUL" or "AES+SSE4.1+CLMUL".

Note
Provider is not universally implemented yet.
Since
Crypto++ 8.0

Reimplemented from Algorithm.

Reimplemented in CCM_Base, ChaCha20Poly1305_Base, XChaCha20Poly1305_Base, EAX_Base, EAX_Final< T_BlockCipher, T_IsEncryption >, and GCM_Base.

Definition at line 1423 of file cryptlib.h.


The documentation for this class was generated from the following file: