docs/ref/default_8cpp_source.html

 // default.cpp - originally written and placed in the public domain by Wei Dai


 #include "pch.h"

 #include "config.h"


 #if CRYPTOPP_MSC_VERSION

 # pragma warning(disable: 4127 4189)

 #endif


 #include "cryptlib.h"

 #include "filters.h"

 #include "smartptr.h"

 #include "default.h"

 #include "queue.h"


 #include <time.h>

 #include <memory>


 NAMESPACE_BEGIN(CryptoPP)


 // The purpose of this function Mash() is to take an arbitrary length input

 // string and *deterministically* produce an arbitrary length output string such

 // that (1) it looks random, (2) no information about the input is

 // deducible from it, and (3) it contains as much entropy as it can hold, or

 // the amount of entropy in the input string, whichever is smaller.


 template <class H>

 static void Mash(const byte *in, size_t inLen, byte *out, size_t outLen, int iterations)

 {

     if (BytePrecision(outLen) > 2)

         throw InvalidArgument("Mash: output length too large");


     size_t bufSize = RoundUpToMultipleOf(outLen, (size_t)H::DIGESTSIZE);

     byte b[2];

     SecByteBlock buf(bufSize);

     SecByteBlock outBuf(bufSize);

     H hash;


     unsigned int i;

     for(i=0; i<outLen; i+=H::DIGESTSIZE)

     {

         b[0] = (byte) (i >> 8);

         b[1] = (byte) i;

         hash.Update(b, 2);

         hash.Update(in, inLen);

         hash.Final(outBuf+i);

     }


     while (iterations-- > 1)

     {

         std::memcpy(buf, outBuf, bufSize);

         for (i=0; i<bufSize; i+=H::DIGESTSIZE)

         {

             b[0] = (byte) (i >> 8);

             b[1] = (byte) i;

             hash.Update(b, 2);

             hash.Update(buf, bufSize);

             hash.Final(outBuf+i);

         }

     }


     std::memcpy(out, outBuf, outLen);

 }


 template <class BC, class H, class Info>

 static void GenerateKeyIV(const byte *passphrase, size_t passphraseLength, const byte *salt, size_t saltLength, unsigned int iterations, byte *key, byte *IV)

 {

     // UBsan. User supplied params, may be NULL

     SecByteBlock temp(passphraseLength+saltLength);

     if (passphrase != NULLPTR)

         std::memcpy(temp, passphrase, passphraseLength);

     if (salt != NULLPTR)

         std::memcpy(temp+passphraseLength, salt, saltLength);


     // OK. Derived params, cannot be NULL

     SecByteBlock keyIV(EnumToInt(Info::KEYLENGTH)+EnumToInt(+Info::BLOCKSIZE));

     Mash<H>(temp, passphraseLength + saltLength, keyIV, EnumToInt(Info::KEYLENGTH)+EnumToInt(+Info::BLOCKSIZE), iterations);

     std::memcpy(key, keyIV, Info::KEYLENGTH);

     std::memcpy(IV, keyIV+Info::KEYLENGTH, Info::BLOCKSIZE);

 }


 // ********************************************************


 template <class BC, class H, class Info>

 DataEncryptor<BC,H,Info>::DataEncryptor(const char *passphrase, BufferedTransformation *attachment)

     : ProxyFilter(NULLPTR, 0, 0, attachment), m_passphrase((const byte *)passphrase, strlen(passphrase))

 {

     CRYPTOPP_COMPILE_ASSERT((int)SALTLENGTH <= DIGESTSIZE);

     CRYPTOPP_COMPILE_ASSERT((int)BLOCKSIZE <= (int)DIGESTSIZE);

 }


 template <class BC, class H, class Info>

 DataEncryptor<BC,H,Info>::DataEncryptor(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment)

     : ProxyFilter(NULLPTR, 0, 0, attachment), m_passphrase(passphrase, passphraseLength)

 {

     CRYPTOPP_COMPILE_ASSERT((int)SALTLENGTH <= (int)DIGESTSIZE);

     CRYPTOPP_COMPILE_ASSERT((int)BLOCKSIZE <= (int)DIGESTSIZE);

 }


 template <class BC, class H, class Info>

 void DataEncryptor<BC,H,Info>::FirstPut(const byte *)

 {

     SecByteBlock salt(DIGESTSIZE), keyCheck(DIGESTSIZE);

     H hash;


     // use hash(passphrase | time | clock) as salt

     hash.Update(m_passphrase, m_passphrase.size());

     time_t t=time(NULLPTR);

     hash.Update((byte *)&t, sizeof(t));

     clock_t c=clock();

     hash.Update((byte *)&c, sizeof(c));

     hash.Final(salt);


     // use hash(passphrase | salt) as key check

     hash.Update(m_passphrase, m_passphrase.size());

     hash.Update(salt, SALTLENGTH);

     hash.Final(keyCheck);


     AttachedTransformation()->Put(salt, SALTLENGTH);


     // mash passphrase and salt together into key and IV

     SecByteBlock key(KEYLENGTH);

     SecByteBlock IV(BLOCKSIZE);

     GenerateKeyIV<BC,H,Info>(m_passphrase, m_passphrase.size(), salt, SALTLENGTH, ITERATIONS, key, IV);


     m_cipher.SetKeyWithIV(key, key.size(), IV);

     SetFilter(new StreamTransformationFilter(m_cipher));


     m_filter->Put(keyCheck, BLOCKSIZE);

 }


 template <class BC, class H, class Info>

 void DataEncryptor<BC,H,Info>::LastPut(const byte *inString, size_t length)

 {

     CRYPTOPP_UNUSED(inString); CRYPTOPP_UNUSED(length);

     m_filter->MessageEnd();

 }


 // ********************************************************


 template <class BC, class H, class Info>

 DataDecryptor<BC,H,Info>::DataDecryptor(const char *p, BufferedTransformation *attachment, bool throwException)

     : ProxyFilter(NULLPTR, EnumToInt(SALTLENGTH)+EnumToInt(BLOCKSIZE), 0, attachment)

     , m_state(WAITING_FOR_KEYCHECK)

     , m_passphrase((const byte *)p, strlen(p))

     , m_throwException(throwException)

 {

     CRYPTOPP_COMPILE_ASSERT((int)SALTLENGTH <= (int)DIGESTSIZE);

     CRYPTOPP_COMPILE_ASSERT((int)BLOCKSIZE <= (int)DIGESTSIZE);

 }


 template <class BC, class H, class Info>

 DataDecryptor<BC,H,Info>::DataDecryptor(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment, bool throwException)

     : ProxyFilter(NULLPTR, EnumToInt(SALTLENGTH)+EnumToInt(BLOCKSIZE), 0, attachment)

     , m_state(WAITING_FOR_KEYCHECK)

     , m_passphrase(passphrase, passphraseLength)

     , m_throwException(throwException)

 {

     CRYPTOPP_COMPILE_ASSERT((int)SALTLENGTH <= (int)DIGESTSIZE);

     CRYPTOPP_COMPILE_ASSERT((int)BLOCKSIZE <= (int)DIGESTSIZE);

 }


 template <class BC, class H, class Info>

 void DataDecryptor<BC,H,Info>::FirstPut(const byte *inString)

 {

     CheckKey(inString, inString+SALTLENGTH);

 }


 template <class BC, class H, class Info>

 void DataDecryptor<BC,H,Info>::LastPut(const byte *inString, size_t length)

 {

     CRYPTOPP_UNUSED(inString); CRYPTOPP_UNUSED(length);

     if (m_filter.get() == NULLPTR)

     {

         m_state = KEY_BAD;

         if (m_throwException)

             throw KeyBadErr();

     }

     else

     {

         m_filter->MessageEnd();

         m_state = WAITING_FOR_KEYCHECK;

     }

 }


 template <class BC, class H, class Info>

 void DataDecryptor<BC,H,Info>::CheckKey(const byte *salt, const byte *keyCheck)

 {

     SecByteBlock check(STDMAX((unsigned int)2*BLOCKSIZE, (unsigned int)DIGESTSIZE));


     H hash;

     hash.Update(m_passphrase, m_passphrase.size());

     hash.Update(salt, SALTLENGTH);

     hash.Final(check);


     SecByteBlock key(KEYLENGTH);

     SecByteBlock IV(BLOCKSIZE);

     GenerateKeyIV<BC,H,Info>(m_passphrase, m_passphrase.size(), salt, SALTLENGTH, ITERATIONS, key, IV);


     m_cipher.SetKeyWithIV(key, key.size(), IV);

     member_ptr<StreamTransformationFilter> decryptor(new StreamTransformationFilter(m_cipher));


     decryptor->Put(keyCheck, BLOCKSIZE);

     decryptor->ForceNextPut();

     decryptor->Get(check+EnumToInt(BLOCKSIZE), BLOCKSIZE);


     SetFilter(decryptor.release());


     if (!VerifyBufsEqual(check, check+EnumToInt(BLOCKSIZE), BLOCKSIZE))

     {

         m_state = KEY_BAD;

         if (m_throwException)

             throw KeyBadErr();

     }

     else

         m_state = KEY_GOOD;

 }


 // ********************************************************


 template <class H, class MAC>

 static MAC* NewDataEncryptorMAC(const byte *passphrase, size_t passphraseLength)

 {

     size_t macKeyLength = MAC::StaticGetValidKeyLength(16);

     SecByteBlock macKey(macKeyLength);

     // since the MAC is encrypted there is no reason to mash the passphrase for many iterations

     Mash<H>(passphrase, passphraseLength, macKey, macKeyLength, 1);

     return new MAC(macKey, macKeyLength);

 }


 template <class BC, class H, class MAC, class Info>

 DataEncryptorWithMAC<BC,H,MAC,Info>::DataEncryptorWithMAC(const char *passphrase, BufferedTransformation *attachment)

     : ProxyFilter(NULLPTR, 0, 0, attachment)

     , m_mac(NewDataEncryptorMAC<H,MAC>((const byte *)passphrase, strlen(passphrase)))

 {

     SetFilter(new HashFilter(*m_mac, new DataEncryptor<BC,H,Info>(passphrase), true));

 }


 template <class BC, class H, class MAC, class Info>

 DataEncryptorWithMAC<BC,H,MAC,Info>::DataEncryptorWithMAC(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment)

     : ProxyFilter(NULLPTR, 0, 0, attachment)

     , m_mac(NewDataEncryptorMAC<H,MAC>(passphrase, passphraseLength))

 {

     SetFilter(new HashFilter(*m_mac, new DataEncryptor<BC,H,Info>(passphrase, passphraseLength), true));

 }


 template <class BC, class H, class MAC, class Info>

 void DataEncryptorWithMAC<BC,H,MAC,Info>::LastPut(const byte *inString, size_t length)

 {

     CRYPTOPP_UNUSED(inString); CRYPTOPP_UNUSED(length);

     m_filter->MessageEnd();

 }


 // ********************************************************


 template <class BC, class H, class MAC, class Info>

 DataDecryptorWithMAC<BC,H,MAC,Info>::DataDecryptorWithMAC(const char *passphrase, BufferedTransformation *attachment, bool throwException)

     : ProxyFilter(NULLPTR, 0, 0, attachment)

     , m_mac(NewDataEncryptorMAC<H,MAC>((const byte *)passphrase, strlen(passphrase)))

     , m_throwException(throwException)

 {

     SetFilter(new DataDecryptor<BC,H,Info>(passphrase, m_hashVerifier=new HashVerificationFilter(*m_mac, NULLPTR, HashVerificationFilter::PUT_MESSAGE), throwException));

 }


 template <class BC, class H, class MAC, class Info>

 DataDecryptorWithMAC<BC,H,MAC,Info>::DataDecryptorWithMAC(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment, bool throwException)

     : ProxyFilter(NULLPTR, 0, 0, attachment)

     , m_mac(NewDataEncryptorMAC<H,MAC>(passphrase, passphraseLength))

     , m_throwException(throwException)

 {

     SetFilter(new DataDecryptor<BC,H,Info>(passphrase, passphraseLength, m_hashVerifier=new HashVerificationFilter(*m_mac, NULLPTR, HashVerificationFilter::PUT_MESSAGE), throwException));

 }


 template <class BC, class H, class MAC, class Info>

 typename DataDecryptor<BC,H,Info>::State DataDecryptorWithMAC<BC,H,MAC,Info>::CurrentState() const

 {

     return static_cast<const DataDecryptor<BC,H,Info> *>(m_filter.get())->CurrentState();

 }


 template <class BC, class H, class MAC, class Info>

 bool DataDecryptorWithMAC<BC,H,MAC,Info>::CheckLastMAC() const

 {

     return m_hashVerifier->GetLastResult();

 }


 template <class BC, class H, class MAC, class Info>

 void DataDecryptorWithMAC<BC,H,MAC,Info>::LastPut(const byte *inString, size_t length)

 {

     CRYPTOPP_UNUSED(inString); CRYPTOPP_UNUSED(length);

     m_filter->MessageEnd();

     if (m_throwException && !CheckLastMAC())

         throw MACBadErr();

 }


 template struct DataParametersInfo<LegacyBlockCipher::BLOCKSIZE, LegacyBlockCipher::DEFAULT_KEYLENGTH, LegacyHashModule::DIGESTSIZE, 8, 200>;

 template struct DataParametersInfo<DefaultBlockCipher::BLOCKSIZE, DefaultBlockCipher::DEFAULT_KEYLENGTH, DefaultHashModule::DIGESTSIZE, 8, 2500>;


 template class DataEncryptor<LegacyBlockCipher,LegacyHashModule,LegacyParametersInfo>;

 template class DataDecryptor<LegacyBlockCipher,LegacyHashModule,LegacyParametersInfo>;

 template class DataEncryptor<DefaultBlockCipher,DefaultHashModule,DefaultParametersInfo>;

 template class DataDecryptor<DefaultBlockCipher,DefaultHashModule,DefaultParametersInfo>;

 template class DataEncryptorWithMAC<LegacyBlockCipher,LegacyHashModule,LegacyMAC,LegacyParametersInfo>;

 template class DataDecryptorWithMAC<LegacyBlockCipher,LegacyHashModule,LegacyMAC,LegacyParametersInfo>;

 template class DataEncryptorWithMAC<DefaultBlockCipher,DefaultHashModule,DefaultMAC,DefaultParametersInfo>;

 template class DataDecryptorWithMAC<DefaultBlockCipher,DefaultHashModule,DefaultMAC,DefaultParametersInfo>;


 NAMESPACE_END

BufferedTransformation
Interface for buffered transformations.
Definition: cryptlib.h:1657

DataDecryptor
Password-based Decryptor.
Definition: default.h:117

DataDecryptor::DataDecryptor
DataDecryptor(const char *passphrase, BufferedTransformation *attachment=NULL, bool throwException=true)
Constructs a DataDecryptor.
Definition: default.cpp:142

DataDecryptorWithMAC
Password-based decryptor with MAC.
Definition: default.h:219

DataDecryptorWithMAC::DataDecryptorWithMAC
DataDecryptorWithMAC(const char *passphrase, BufferedTransformation *attachment=NULL, bool throwException=true)
Constructs a DataDecryptor.
Definition: default.cpp:257

DataEncryptor
Password-based Encryptor.
Definition: default.h:79

DataEncryptor::DataEncryptor
DataEncryptor(const char *passphrase, BufferedTransformation *attachment=NULL)
Construct a DataEncryptor.
Definition: default.cpp:85

DataEncryptorWithMAC
Password-based encryptor with MAC.
Definition: default.h:174

DataEncryptorWithMAC::DataEncryptorWithMAC
DataEncryptorWithMAC(const char *passphrase, BufferedTransformation *attachment=NULL)
Constructs a DataEncryptorWithMAC.
Definition: default.cpp:232

HashFilter
Filter wrapper for HashTransformation.
Definition: filters.h:582

HashVerificationFilter
Filter wrapper for HashTransformation.
Definition: filters.h:611

HashVerificationFilter::PUT_MESSAGE
@ PUT_MESSAGE
The message should be passed to an attached transformation.
Definition: filters.h:632

InvalidArgument
An invalid argument was detected.
Definition: cryptlib.h:208

KeyBadErr
Exception thrown when a bad key is encountered in DefaultDecryptorWithMAC and LegacyDecryptorWithMAC.
Definition: default.h:43

MACBadErr
Exception thrown when an incorrect MAC is encountered in DefaultDecryptorWithMAC and LegacyDecryptorW...
Definition: default.h:50

ProxyFilter
Base class for Filter classes that are proxies for a chain of other filters.
Definition: filters.h:1039

ProxyFilter::SetFilter
void SetFilter(Filter *filter)
Sets the OutputProxy filter.

SecByteBlock
SecBlock<byte> typedef.
Definition: secblock.h:1226

StreamTransformationFilter
Filter wrapper for StreamTransformation.
Definition: filters.h:532

member_ptr
Pointer that overloads operator ->
Definition: smartptr.h:38

config.h
Library configuration file.

byte
unsigned char byte
8-bit unsigned datatype
Definition: config_int.h:66

cryptlib.h
Abstract base classes that provide a uniform interface to this library.

default.h
Classes for DefaultEncryptor, DefaultDecryptor, DefaultEncryptorWithMAC and DefaultDecryptorWithMAC.

filters.h
Implementation of BufferedTransformation's attachment interface.

BytePrecision
unsigned int BytePrecision(const T &value)
Returns the number of 8-bit bytes or octets required for a value.
Definition: misc.h:1024

RoundUpToMultipleOf
T1 RoundUpToMultipleOf(const T1 &n, const T2 &m)
Rounds a value up to a multiple of a second value.
Definition: misc.h:1384

CRYPTOPP_COMPILE_ASSERT
#define CRYPTOPP_COMPILE_ASSERT(expr)
Compile time assertion.
Definition: misc.h:153

EnumToInt
#define EnumToInt(v)
Integer value.
Definition: misc.h:504

STDMAX
const T & STDMAX(const T &a, const T &b)
Replacement function for std::max.
Definition: misc.h:668

VerifyBufsEqual
CRYPTOPP_DLL bool VerifyBufsEqual(const byte *buf1, const byte *buf2, size_t count)
Performs a near constant-time comparison of two equally sized buffers.

CryptoPP
Crypto++ library namespace.

Name::IV
const char * IV()
ConstByteArrayParameter, also accepts const byte * for backwards compatibility.
Definition: argnames.h:21

pch.h
Precompiled header file.

queue.h
Classes for an unlimited queue to store bytes.

smartptr.h
Classes for automatic resource management.

DataParametersInfo
Algorithm information for password-based encryptors and decryptors.
Definition: default.h:58