Add second ctor to StreamTransformationFilter for authenticated encryption modes

StreamTransformationFilter had a small hack to accomodate AuthenticatedEncryptionFilter and AuthenticatedDecryptionFilter. The hack was enough to support CCM, EAX and GCM modes, which looks a lot like a regular stream cipher from the filter framework point of view. OCB is slightly different. To the filter framework it looks like a block cipher with an unusual last block size and padding scheme. OCB uses MandatoryBlockSize() == BlockSize() and MinLastBlockSize() == 1 with custom padding of the last block (see the handling of P_* and A_* in the RFC). The unusual config causes the original StreamTransformationFilter assert to fire even though OCB is in a normal configuration. For the time being, we are trying to retain the assert becuase it is a useful diagnostic. Its possible another authenticated encryption mode, like AEZ or NORX, will cause the assert to incorrectly fire (yet again). We will cross that bridge when we come to it.
author: Jeffrey Walton <noloader@gmail.com> 2017-09-29 17:36:04 -0400
committer: Jeffrey Walton <noloader@gmail.com> 2017-09-29 17:36:04 -0400
commit: bebdc8b91723f9155c22e5e4543ea02f4870c954 (patch)
tree: 86a72a110a86e66828a9a8175e77b0ce24b42c69 /filters.h
parent: 8e67eb51532c20b647d86e7633c5672d39ad0834 (diff)
download: cryptopp-git-bebdc8b91723f9155c22e5e4543ea02f4870c954.tar.gz
1 files changed, 26 insertions, 3 deletions
diff --git a/filters.h b/filters.h
index 2e56f122..5fda823d 100644
--- a/filters.h
+++ b/filters.h
@@ -336,6 +336,7 @@ public:
 	{
 		return PutMaybeModifiable(const_cast<byte *>(inString), length, messageEnd, blocking, false);
 	}
+
 	size_t PutModifiable2(byte *inString, size_t length, int messageEnd, bool blocking)
 	{
 		return PutMaybeModifiable(inString, length, messageEnd, blocking, true);
@@ -499,7 +500,10 @@ struct BlockPaddingSchemeDef
 
 //! \class StreamTransformationFilter
 //! \brief Filter wrapper for StreamTransformation
-//! \details StreamTransformationFilter is a filter wrapper for StreamTransformation. The filter will optionally handle padding/unpadding when needed
+//! \details StreamTransformationFilter() is a filter wrapper for StreamTransformation(). It is used when
+//!   pipelining data for stream ciphers and confidentiality-only block ciphers. The filter will optionally
+//!   handle padding and unpadding when needed. If you are using an authenticated encryption mode of operation,
+//!   then use AuthenticatedEncryptionFilter() and AuthenticatedDecryptionFilter()
 //! \since Crypto++ 5.0
 class CRYPTOPP_DLL StreamTransformationFilter : public FilterWithBufferedInput, public BlockPaddingSchemeDef, private FilterPutSpaceHelper
 {
@@ -510,12 +514,29 @@ public:
 	//! \param c reference to a StreamTransformation
 	//! \param attachment an optional attached transformation
 	//! \param padding the \ref BlockPaddingSchemeDef "padding scheme"
-	//! \param allowAuthenticatedSymmetricCipher flag indicating whether the filter should allow authenticated encryption schemes
-	StreamTransformationFilter(StreamTransformation &c, BufferedTransformation *attachment = NULLPTR, BlockPaddingScheme padding = DEFAULT_PADDING, bool allowAuthenticatedSymmetricCipher = false);
+	//! \details This contructor creates a StreamTransformationFilter() for stream ciphers and
+	//!   confidentiality-only block cipher modes of operation. If you are using an authenticated
+	//!   encryption mode of operation, then use either AuthenticatedEncryptionFilter() or
+	//!   AuthenticatedDecryptionFilter().
+	//! \sa AuthenticatedEncryptionFilter() and AuthenticatedDecryptionFilter()
+	StreamTransformationFilter(StreamTransformation &c, BufferedTransformation *attachment = NULLPTR, BlockPaddingScheme padding = DEFAULT_PADDING);
 
 	std::string AlgorithmName() const {return m_cipher.AlgorithmName();}
 
 protected:
+
+	friend class AuthenticatedEncryptionFilter;
+	friend class AuthenticatedDecryptionFilter;
+
+	//! \brief Construct a StreamTransformationFilter
+	//! \param c reference to a StreamTransformation
+	//! \param attachment an optional attached transformation
+	//! \param padding the \ref BlockPaddingSchemeDef "padding scheme"
+	//! \param authenticated flag indicating whether the filter should allow authenticated encryption schemes
+	//! \details This constructor is used for authenticated encryption mode of operation and by
+	//!   AuthenticatedEncryptionFilter() and AuthenticatedDecryptionFilter().
+	StreamTransformationFilter(StreamTransformation &c, BufferedTransformation *attachment, BlockPaddingScheme padding, bool authenticated);
+
 	void InitializeDerivedAndReturnNewSizes(const NameValuePairs &parameters, size_t &firstSize, size_t &blockSize, size_t &lastSize);
 	void FirstPut(const byte *inString);
 	void NextPutMultiple(const byte *inString, size_t length);
@@ -527,6 +548,8 @@ protected:
 	StreamTransformation &m_cipher;
 	BlockPaddingScheme m_padding;
 	unsigned int m_optimalBufferSize;
+	// TODO: do we need this?
+	bool m_authenticated;
 };
 
 //! \class HashFilter
author	Jeffrey Walton <noloader@gmail.com>	2017-09-29 17:36:04 -0400
committer	Jeffrey Walton <noloader@gmail.com>	2017-09-29 17:36:04 -0400
commit	bebdc8b91723f9155c22e5e4543ea02f4870c954 (patch)
tree	86a72a110a86e66828a9a8175e77b0ce24b42c69 /filters.h
parent	8e67eb51532c20b647d86e7633c5672d39ad0834 (diff)
download	cryptopp-git-bebdc8b91723f9155c22e5e4543ea02f4870c954.tar.gz