PDATA

From Crypto++ Wiki
Jump to: navigation, search

PDATA is a generic term to indicate the default or plaint text which is usually encountered in discussions of cipher modes such as CCM and GCM. When operating a cipher in an authenticated encryption mode, the construction affords both encryption and authentication assurances over the PDATA. The 'P' in PDATA stems from plain text of NIST documents; and payload or payload data of IPSec. Both terms refer to the data which is receiveing encryption and authentication. The compliment to PDATA is ADATA.

In the Crypto++, objects which derive from AuthenticatedEncryptionFilter offer the construction of authenticated encryption. The PDATA is accessible through the default channel ("") or NULL_CHANNEL (defined in BufferedTransformation). In the later case, data destined for the NULL_CHANNEL is not discarded to the bit bucket. It is unfortunate that BufferedTransformation does not offer DEFAULT_CHANNEL also.

GCM< AES >::Encryption e;
e.SetKeyWithIV( key, sizeof(key), iv, sizeof(iv) );
...

AuthenticatedEncryptionFilter ef( e,
    new StringSink( cipher )
); // AuthenticatedEncryptionFilter

// AuthenticatedEncryptionFilter::ChannelPut
//  defines two channels: "" (empty) and "AAD"
//   channel "" is encrypted and authenticated
//   channel "AAD" is authenticated

...

ef.ChannelPut( "", pdata.data(), pdata.size() );
ef.ChannelMessageEnd("");

// Alternately, we could perform:
// ef.ChannelPut( NULL_CHANNEL, pdata.data(), pdata.size() );
// ef.ChannelMessageEnd(NULL_CHANNEL);

Since the data is being pushed to the default channel, the following is an equivalent example.

GCM< AES >::Encryption e;
e.SetKeyWithIV( key, sizeof(key), iv, sizeof(iv) );
...

AuthenticatedEncryptionFilter ef( e,
    new StringSink( cipher )
); // AuthenticatedEncryptionFilter

...

ef.Put( pdata.data(), pdata.size() );
ef.MessageEnd();

Do not use a StreamTransformationFilter on a CCM or GCM object to recover the primary channel data (the plain text). The StreamTransformationFilter will throw an exception. An AuthenticatedDecryptionFilter must be used.