AuthenticatedEncryptionFilter

From Crypto++ Wiki
Jump to: navigation, search
AuthenticatedEncryptionFilter
Documentation
#include <cryptopp/filter.h>

AuthenticatedEncryptionFilter is the concrete object for authenticated encryption (AE) and authenticated encryption with additional data (AEAD). The filter combines a block cipher operated in an appropriate mode with a HashFilter for authenticated encryption. Currently, the two modes of operation that can be utilized by this filter are CCM and GCM.

The filter allows input of both plain text data (PDATA) and additional authenticated data (ADATA). The plain text (PDATA), on the primary channel, has both encryption and authentication applied to its data. The additional authenticated data (ADATA), presented to the filter on the AAD channel, has only authentication assurances.

The output of the filter is a concatenation of both encrypted data (from the PADATA alone), and a tag attesting to the authenticity of both the ADATA and PDATA. In the case of GCM, the tag is a truncation of a 128-bit MAC. CCM uses the tag size as an input parameter to the formatting function. So a change in the CCM tag size results in a change in the CCM MAC value which results in a change to CCM's final tag value.

Unlike StreamTransformationFilter, the AuthenticatedEncryptionFilter requires a counterpart for the decrpytion and verfication process - the AuthenticatedDecryptionFilter.

Constructor

AuthenticatedEncryptionFilter(AuthenticatedSymmetricCipher &c,
    BufferedTransformation *attachment = NULL, bool putAAD=false,
    int truncatedDigestSize=-1, const std::string &macChannel=DEFAULT_CHANNEL,
    BlockPaddingScheme padding=DEFAULT_PADDING);

The AuthenticatedSymmetricCipher will be either a CCM mode or GCM mode object. As is customary with Crypto++, a BufferedTransformation is available for pipelining as the second parameter. The third parameter, putAAD, is passed directly to the HashFilter.

The fourth parameter, truncatedDigestSize, is used by the HashFilter to truncate the digest size. Only GCM mode should use this parameter, as a simple truncation works as expected. CCM, which uses a formatting function, requires the digest size to be known at compile time and declared as a template parameter. So CCM mode should not change the default value.

The final two parameters, macChannel and padding, should not be modified.

While the tag sizes are not always in the realm of construction (due to CCM's formatting function), it is appropriate to list their default values when discussing constructors. The default tag size for an AuthenticatedEncryptionFilter using both CCM and GCM is 16 bytes.

Crypto++ Demonstration

Crypto++ demonstrates the use of AuthenticatedEncryptionFilter in datatest.cpp, function TestAuthenticatedSymmetricCipher. Please see the discussion of the TestAuthenticatedSymmetricCipher.

Sample Program

The first sample demonstrates using the AuthenticatedEncryptionFilter with CCM mode. Recall that the tag size must be a template parameter when using CCM.

const int TAG_SIZE = 12 /*96 bits*/;

CCM< AES, TAG_SIZE >::Encryption e;
e.SetKeyWithIV( ... );
e.SpecifyDataLengths( ... );

AuthenticatedEncryptionFilter ef( e,
    new StringSink( cipher )
); // AuthenticatedEncryptionFilter

...

The second sample demonstrates using the AuthenticatedEncryptionFilter with GCM mode. Recall that the tag size is passed as a parameter to the AuthenticatedEncryptionFilter during construction.

const int TAG_SIZE = 12 /*96 bits*/;

GCM< AES >::Encryption e;
e.SetKeyWithIV( ... );

AuthenticatedEncryptionFilter ef( e,
    new StringSink( cipher ), false, TAG_SIZE
); // AuthenticatedEncryptionFilter

...

Downloads

CCM-AE-Test.zip - CCM Test using only PDATA - 5KB

CCM-AEAD-Test.zip - CCM Test using both ADATA and PDATA - 7KB

EAX-AE-Test.zip - EAX Test using only PDATA - 4KB

EAX-AEAD-Test.zip - EAX Test using both ADATA and PDATA - 7KB

GCM-AE-Test.zip - GCM Test using only PDATA - 5KB

GCM-AEAD-Test.zip - GCM Test using both ADATA and PDATA - 7KB