// cryptlib.h - originally written and placed in the public domain by Wei Dai /// \file cryptlib.h /// \brief Abstract base classes that provide a uniform interface to this library. /*! \mainpage Crypto++ Library 8.1 API Reference
This reference manual is a work in progress. Some classes lack detailed descriptions.
Click here to download a zip archive containing this manual.
Thanks to Ryan Phillips for providing the Doxygen configuration file
and getting us started on the manual.
*/
#ifndef CRYPTOPP_CRYPTLIB_H
#define CRYPTOPP_CRYPTLIB_H
#include "config.h"
#include "stdcpp.h"
#include "trap.h"
#if CRYPTOPP_MSC_VERSION
# pragma warning(push)
# pragma warning(disable: 4127 4189 4505 4702)
#endif
NAMESPACE_BEGIN(CryptoPP)
// forward declarations
class Integer;
class RandomNumberGenerator;
class BufferedTransformation;
/// \brief Specifies a direction for a cipher to operate
/// \sa BlockTransformation::IsForwardTransformation(), BlockTransformation::IsPermutation(), BlockTransformation::GetCipherDirection()
enum CipherDir {
/// \brief the cipher is performing encryption
ENCRYPTION,
/// \brief the cipher is performing decryption
DECRYPTION};
/// \brief Represents infinite time
const unsigned long INFINITE_TIME = ULONG_MAX;
// VC60 workaround: using enums as template parameters causes problems
/// \brief Converts an enumeration to a type suitable for use as a template parameter
template
/// ThisObject:ClassName (ClassName, copy of this object or a subobject)
/// ThisPointer:ClassName (const ClassName *, pointer to this object or a subobject)
///
DOCUMENTED_NAMESPACE_BEGIN(Name)
// more names defined in argnames.h
DOCUMENTED_NAMESPACE_END
/// \brief Namespace containing weak and wounded algorithms.
/// \details Weak is part of the CryptoPP namespace. Schemes and algorithms are moved into Weak
/// when their security level is reduced to an unacceptable level by contemporary standards.
/// \details To use an algorithm in the Weak namespace, you must \c \#define
/// CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 before including a header for a weak or wounded
/// algorithm. For example:
///
/// \c \#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1
/// \c \#include
DOCUMENTED_NAMESPACE_BEGIN(Weak)
// weak and wounded algorithms
DOCUMENTED_NAMESPACE_END
#endif
/// \brief Namespace containing NaCl library functions
/// \details TweetNaCl is a compact and portable reimplementation of the NaCl library.
DOCUMENTED_NAMESPACE_BEGIN(NaCl)
// crypto_box, crypto_box_open, crypto_sign, and crypto_sign_open (and friends)
DOCUMENTED_NAMESPACE_END
/// \brief Namespace containing testing and benchmark classes.
/// \details Source files for classes in the Test namespaces include
/// test.cpp, validat#.cpp and bench#.cpp.
DOCUMENTED_NAMESPACE_BEGIN(Test)
// testing and benchmark classes
DOCUMENTED_NAMESPACE_END
// ********************************************************
/// \brief Interface for cloning objects
/// \note this is \a not implemented by most classes
/// \sa ClonableImpl, NotCopyable
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Clonable
{
public:
virtual ~Clonable() {}
/// \brief Copies this object
/// \return a copy of this object
/// \throws NotImplemented
/// \note this is \a not implemented by most classes
/// \sa NotCopyable
virtual Clonable* Clone() const {throw NotImplemented("Clone() is not implemented yet.");} // TODO: make this =0
};
/// \brief Interface for all crypto algorithms
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Algorithm : public Clonable
{
public:
virtual ~Algorithm() {}
/// \brief Interface for all crypto algorithms
/// \param checkSelfTestStatus determines whether the object can proceed if the self
/// tests have not been run or failed.
/// \details When FIPS 140-2 compliance is enabled and checkSelfTestStatus == true,
/// this constructor throws SelfTestFailure if the self test hasn't been run or fails.
/// \details FIPS 140-2 compliance is disabled by default. It is only used by certain
/// versions of the library when the library is built as a DLL on Windows. Also see
/// CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 in config.h.
Algorithm(bool checkSelfTestStatus = true);
/// \brief Provides the name of this algorithm
/// \return the standard algorithm name
/// \details The standard algorithm name can be a name like AES or AES/GCM.
/// Some algorithms do not have standard names yet. For example, there is no standard
/// algorithm name for Shoup's ECIES.
/// \note AlgorithmName is not universally implemented yet.
virtual std::string AlgorithmName() const {return "unknown";}
/// \brief Retrieve the provider of this algorithm
/// \return the algorithm provider
/// \details The algorithm provider can be a name like "C++", "SSE", "NEON", "AESNI",
/// "ARMv8" and "Power8". C++ is standard C++ code. Other labels, like SSE,
/// usually indicate a specialized implementation using instructions from a higher
/// instruction set architecture (ISA). Future labels may include external hardware
/// like a hardware security module (HSM).
/// \details Generally speaking Wei Dai's original IA-32 ASM code falls under "SSE2".
/// Labels like "SSSE3" and "SSE4.1" follow after Wei's code and use intrinsics
/// instead of ASM.
/// \details Algorithms which combine different instructions or ISAs provide the
/// dominant one. For example on x86 AES/GCM returns "AESNI" rather than
/// "CLMUL" or "AES+SSE4.1" or "AES+CLMUL" or "AES+SSE4.1+CLMUL".
/// \note Provider is not universally implemented yet.
/// \since Crypto++ 8.0
virtual std::string AlgorithmProvider() const {return "C++";}
};
/// \brief Interface for algorithms that take byte strings as keys
/// \sa FixedKeyLength(), VariableKeyLength(), SameKeyLengthAs(), SimpleKeyingInterfaceImpl()
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE SimpleKeyingInterface
{
public:
virtual ~SimpleKeyingInterface() {}
/// \brief Returns smallest valid key length
/// \returns the minimum key length, in bytes
virtual size_t MinKeyLength() const =0;
/// \brief Returns largest valid key length
/// \returns the maximum key length, in bytes
virtual size_t MaxKeyLength() const =0;
/// \brief Returns default key length
/// \returns the default key length, in bytes
virtual size_t DefaultKeyLength() const =0;
/// \brief Returns a valid key length for the algorithm
/// \param keylength the size of the key, in bytes
/// \returns the valid key length, in bytes
/// \details keylength is provided in bytes, not bits. If keylength is less than MIN_KEYLENGTH,
/// then the function returns MIN_KEYLENGTH. If keylength is greater than MAX_KEYLENGTH,
/// then the function returns MAX_KEYLENGTH. if If keylength is a multiple of KEYLENGTH_MULTIPLE,
/// then keylength is returned. Otherwise, the function returns a \a lower multiple of
/// KEYLENGTH_MULTIPLE.
virtual size_t GetValidKeyLength(size_t keylength) const =0;
/// \brief Returns whether keylength is a valid key length
/// \param keylength the requested keylength
/// \return true if keylength is valid, false otherwise
/// \details Internally the function calls GetValidKeyLength()
virtual bool IsValidKeyLength(size_t keylength) const
{return keylength == GetValidKeyLength(keylength);}
/// \brief Sets or reset the key of this object
/// \param key the key to use when keying the object
/// \param length the size of the key, in bytes
/// \param params additional initialization parameters to configure this object
virtual void SetKey(const byte *key, size_t length, const NameValuePairs ¶ms = g_nullNameValuePairs);
/// \brief Sets or reset the key of this object
/// \param key the key to use when keying the object
/// \param length the size of the key, in bytes
/// \param rounds the number of rounds to apply the transformation function,
/// if applicable
/// \details SetKeyWithRounds() calls SetKey() with a NameValuePairs
/// object that only specifies rounds. rounds is an integer parameter,
/// and -1 means use the default number of rounds.
void SetKeyWithRounds(const byte *key, size_t length, int rounds);
/// \brief Sets or reset the key of this object
/// \param key the key to use when keying the object
/// \param length the size of the key, in bytes
/// \param iv the initialization vector to use when keying the object
/// \param ivLength the size of the iv, in bytes
/// \details SetKeyWithIV() calls SetKey() with a NameValuePairs
/// that only specifies IV. The IV is a byte buffer with size ivLength.
/// ivLength is an integer parameter, and -1 means use IVSize().
void SetKeyWithIV(const byte *key, size_t length, const byte *iv, size_t ivLength);
/// \brief Sets or reset the key of this object
/// \param key the key to use when keying the object
/// \param length the size of the key, in bytes
/// \param iv the initialization vector to use when keying the object
/// \details SetKeyWithIV() calls SetKey() with a NameValuePairs() object
/// that only specifies iv. iv is a byte buffer, and it must have
/// a size IVSize().
void SetKeyWithIV(const byte *key, size_t length, const byte *iv)
{SetKeyWithIV(key, length, iv, IVSize());}
/// \brief Secure IVs requirements as enumerated values.
/// \details Provides secure IV requirements as a monotonically increasing enumerated values.
/// Requirements can be compared using less than (<) and greater than (>). For example,
/// UNIQUE_IV < RANDOM_IV and UNPREDICTABLE_RANDOM_IV > RANDOM_IV.
/// \details Objects that use SimpleKeyingInterface do not support an optional IV. That is,
/// an IV must be present or it must be absent. If you wish to support an optional IV then
/// provide two classes - one with an IV and one without an IV.
/// \sa IsResynchronizable(), CanUseRandomIVs(), CanUsePredictableIVs(), CanUseStructuredIVs()
enum IV_Requirement {
/// \brief The IV must be unique
UNIQUE_IV = 0,
/// \brief The IV must be random and possibly predictable
RANDOM_IV,
/// \brief The IV must be random and unpredictable
UNPREDICTABLE_RANDOM_IV,
/// \brief The IV is set by the object
INTERNALLY_GENERATED_IV,
/// \brief The object does not use an IV
NOT_RESYNCHRONIZABLE
};
/// \brief Minimal requirement for secure IVs
/// \return the secure IV requirement of the algorithm
virtual IV_Requirement IVRequirement() const =0;
/// \brief Determines if the object can be resynchronized
/// \return true if the object can be resynchronized (i.e. supports initialization vectors), false otherwise
/// \note If this function returns true, and no IV is passed to SetKey() and CanUseStructuredIVs()==true,
/// an IV of all 0's will be assumed.
bool IsResynchronizable() const {return IVRequirement() < NOT_RESYNCHRONIZABLE;}
/// \brief Determines if the object can use random IVs
/// \return true if the object can use random IVs (in addition to ones returned by GetNextIV), false otherwise
bool CanUseRandomIVs() const {return IVRequirement() <= UNPREDICTABLE_RANDOM_IV;}
/// \brief Determines if the object can use random but possibly predictable IVs
/// \return true if the object can use random but possibly predictable IVs (in addition to ones returned by
/// GetNextIV), false otherwise
bool CanUsePredictableIVs() const {return IVRequirement() <= RANDOM_IV;}
/// \brief Determines if the object can use structured IVs
/// \returns true if the object can use structured IVs, false otherwise
/// \details CanUseStructuredIVs() indicates whether the object can use structured IVs; for example a counter
/// (in addition to ones returned by GetNextIV).
bool CanUseStructuredIVs() const {return IVRequirement() <= UNIQUE_IV;}
/// \brief Returns length of the IV accepted by this object
/// \return the size of an IV, in bytes
/// \throws NotImplemented() if the object does not support resynchronization
/// \details The default implementation throws NotImplemented
virtual unsigned int IVSize() const
{throw NotImplemented(GetAlgorithm().AlgorithmName() + ": this object doesn't support resynchronization");}
/// \brief Provides the default size of an IV
/// \return default length of IVs accepted by this object, in bytes
unsigned int DefaultIVLength() const {return IVSize();}
/// \brief Provides the minimum size of an IV
/// \return minimal length of IVs accepted by this object, in bytes
/// \throws NotImplemented() if the object does not support resynchronization
virtual unsigned int MinIVLength() const {return IVSize();}
/// \brief Provides the maximum size of an IV
/// \return maximal length of IVs accepted by this object, in bytes
/// \throws NotImplemented() if the object does not support resynchronization
virtual unsigned int MaxIVLength() const {return IVSize();}
/// \brief Resynchronize with an IV
/// \param iv the initialization vector
/// \param ivLength the size of the initialization vector, in bytes
/// \details Resynchronize() resynchronizes with an IV provided by the caller. ivLength=-1 means use IVSize().
/// \throws NotImplemented() if the object does not support resynchronization
virtual void Resynchronize(const byte *iv, int ivLength=-1) {
CRYPTOPP_UNUSED(iv); CRYPTOPP_UNUSED(ivLength);
throw NotImplemented(GetAlgorithm().AlgorithmName() + ": this object doesn't support resynchronization");
}
/// \brief Retrieves a secure IV for the next message
/// \param rng a RandomNumberGenerator to produce keying material
/// \param iv a block of bytes to receive the IV
/// \details The IV must be at least IVSize() in length.
/// \details This method should be called after you finish encrypting one message and are ready
/// to start the next one. After calling it, you must call SetKey() or Resynchronize().
/// before using this object again.
/// \details Internally, the base class implementation calls RandomNumberGenerator's GenerateBlock()
/// \note This method is not implemented on decryption objects.
virtual void GetNextIV(RandomNumberGenerator &rng, byte *iv);
protected:
/// \brief Returns the base class Algorithm
/// \return the base class Algorithm
virtual const Algorithm & GetAlgorithm() const =0;
/// \brief Sets the key for this object without performing parameter validation
/// \param key a byte buffer used to key the cipher
/// \param length the length of the byte buffer
/// \param params additional parameters passed as NameValuePairs
/// \details key must be at least DEFAULT_KEYLENGTH in length.
virtual void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms) =0;
/// \brief Validates the key length
/// \param length the size of the keying material, in bytes
/// \throws InvalidKeyLength if the key length is invalid
void ThrowIfInvalidKeyLength(size_t length);
/// \brief Validates the object
/// \throws InvalidArgument if the IV is present
/// \details Internally, the default implementation calls IsResynchronizable() and throws
/// InvalidArgument if the function returns true.
/// \note called when no IV is passed
void ThrowIfResynchronizable();
/// \brief Validates the IV
/// \param iv the IV with a length of IVSize, in bytes
/// \throws InvalidArgument on failure
/// \details Internally, the default implementation checks the iv. If iv is not NULL or nullptr,
/// then the function succeeds. If iv is NULL, then IVRequirement is checked against
/// UNPREDICTABLE_RANDOM_IV. If IVRequirement is UNPREDICTABLE_RANDOM_IV, then
/// then the function succeeds. Otherwise, an exception is thrown.
void ThrowIfInvalidIV(const byte *iv);
/// \brief Validates the IV length
/// \param length the size of an IV, in bytes
/// \throws InvalidArgument if the IV length is invalid
size_t ThrowIfInvalidIVLength(int length);
/// \brief Retrieves and validates the IV
/// \param params NameValuePairs with the IV supplied as a ConstByteArrayParameter
/// \param size the length of the IV, in bytes
/// \return a pointer to the first byte of the IV
/// \throws InvalidArgument if the number of rounds are invalid
const byte * GetIVAndThrowIfInvalid(const NameValuePairs ¶ms, size_t &size);
/// \brief Validates the key length
/// \param length the size of the keying material, in bytes
inline void AssertValidKeyLength(size_t length) const
{CRYPTOPP_UNUSED(length); CRYPTOPP_ASSERT(IsValidKeyLength(length));}
};
/// \brief Interface for the data processing part of block ciphers
/// \details Classes derived from BlockTransformation are block ciphers
/// in ECB mode (for example the DES::Encryption class), which are stateless.
/// These classes should not be used directly, but only in combination with
/// a mode class (see CipherModeDocumentation in modes.h).
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE BlockTransformation : public Algorithm
{
public:
virtual ~BlockTransformation() {}
/// \brief Encrypt or decrypt a block
/// \param inBlock the input message before processing
/// \param outBlock the output message after processing
/// \param xorBlock an optional XOR mask
/// \details ProcessAndXorBlock encrypts or decrypts inBlock, xor with xorBlock, and write to outBlock.
/// \details The size of the block is determined by the block cipher and its documentation. Use
/// BLOCKSIZE at compile time, or BlockSize() at runtime.
/// \note The message can be transformed in-place, or the buffers must \a not overlap
/// \sa FixedBlockSize, BlockCipherFinal from seckey.h and BlockSize()
virtual void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const =0;
/// \brief Encrypt or decrypt a block
/// \param inBlock the input message before processing
/// \param outBlock the output message after processing
/// \details ProcessBlock encrypts or decrypts inBlock and write to outBlock.
/// \details The size of the block is determined by the block cipher and its documentation.
/// Use BLOCKSIZE at compile time, or BlockSize() at runtime.
/// \sa FixedBlockSize, BlockCipherFinal from seckey.h and BlockSize()
/// \note The message can be transformed in-place, or the buffers must \a not overlap
void ProcessBlock(const byte *inBlock, byte *outBlock) const
{ProcessAndXorBlock(inBlock, NULLPTR, outBlock);}
/// \brief Encrypt or decrypt a block in place
/// \param inoutBlock the input message before processing
/// \details ProcessBlock encrypts or decrypts inoutBlock in-place.
/// \details The size of the block is determined by the block cipher and its documentation.
/// Use BLOCKSIZE at compile time, or BlockSize() at runtime.
/// \sa FixedBlockSize, BlockCipherFinal from seckey.h and BlockSize()
void ProcessBlock(byte *inoutBlock) const
{ProcessAndXorBlock(inoutBlock, NULLPTR, inoutBlock);}
/// Provides the block size of the cipher
/// \return the block size of the cipher, in bytes
virtual unsigned int BlockSize() const =0;
/// \brief Provides input and output data alignment for optimal performance.
/// \return the input data alignment that provides optimal performance
/// \sa GetAlignment() and OptimalBlockSize()
virtual unsigned int OptimalDataAlignment() const;
/// \brief Determines if the transformation is a permutation
/// \returns true if this is a permutation (i.e. there is an inverse transformation)
virtual bool IsPermutation() const {return true;}
/// \brief Determines if the cipher is being operated in its forward direction
/// \returns true if DIR is ENCRYPTION, false otherwise
/// \sa IsForwardTransformation(), IsPermutation(), GetCipherDirection()
virtual bool IsForwardTransformation() const =0;
/// \brief Determines the number of blocks that can be processed in parallel
/// \return the number of blocks that can be processed in parallel, for bit-slicing implementations
/// \details Bit-slicing is often used to improve throughput and minimize timing attacks.
virtual unsigned int OptimalNumberOfParallelBlocks() const {return 1;}
/// \brief Bit flags that control AdvancedProcessBlocks() behavior
enum FlagsForAdvancedProcessBlocks {
/// \brief inBlock is a counter
BT_InBlockIsCounter=1,
/// \brief should not modify block pointers
BT_DontIncrementInOutPointers=2,
/// \brief Xor inputs before transformation
BT_XorInput=4,
/// \brief perform the transformation in reverse
BT_ReverseDirection=8,
/// \brief Allow parallel transformations
BT_AllowParallel=16};
/// \brief Encrypt and xor multiple blocks using additional flags
/// \param inBlocks the input message before processing
/// \param xorBlocks an optional XOR mask
/// \param outBlocks the output message after processing
/// \param length the size of the blocks, in bytes
/// \param flags additional flags to control processing
/// \details Encrypt and xor multiple blocks according to FlagsForAdvancedProcessBlocks flags.
/// \note If BT_InBlockIsCounter is set, then the last byte of inBlocks may be modified.
virtual size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const;
/// \brief Provides the direction of the cipher
/// \return ENCRYPTION if IsForwardTransformation() is true, DECRYPTION otherwise
/// \sa IsForwardTransformation(), IsPermutation()
inline CipherDir GetCipherDirection() const {return IsForwardTransformation() ? ENCRYPTION : DECRYPTION;}
};
/// \brief Interface for the data processing portion of stream ciphers
/// \sa StreamTransformationFilter()
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE StreamTransformation : public Algorithm
{
public:
virtual ~StreamTransformation() {}
/// \brief Provides a reference to this object
/// \return A reference to this object
/// \details Useful for passing a temporary object to a function that takes a non-const reference
StreamTransformation& Ref() {return *this;}
/// \brief Provides the mandatory block size of the cipher
/// \return The block size of the cipher if input must be processed in blocks, 1 otherwise
/// \details Stream ciphers and some block ciphers modes of operation return 1. Modes that
/// return 1 must be able to process a single byte at a time, like counter mode. If a
/// mode of operation or block cipher cannot stream then it must not return 1.
/// \details When filters operate the mode or cipher, ProcessData will be called with a
/// string of bytes that is determined by MandatoryBlockSize and OptimalBlockSize. When a
/// policy is set, like 16-byte strings for a 16-byte block cipher, the filter will buffer
/// bytes until the specified number of bytes is available to the object.
/// \sa ProcessData, ProcessLastBlock, MandatoryBlockSize, MinLastBlockSize, BlockPaddingSchemeDef, IsLastBlockSpecial
virtual unsigned int MandatoryBlockSize() const {return 1;}
/// \brief Provides the input block size most efficient for this cipher
/// \return The input block size that is most efficient for the cipher
/// \details The base class implementation returns MandatoryBlockSize().
/// \note Optimal input length is
/// n * OptimalBlockSize() - GetOptimalBlockSizeUsed() for any n \> 0.
virtual unsigned int OptimalBlockSize() const {return MandatoryBlockSize();}
/// \brief Provides the number of bytes used in the current block when processing at optimal block size.
/// \return the number of bytes used in the current block when processing at the optimal block size
virtual unsigned int GetOptimalBlockSizeUsed() const {return 0;}
/// \brief Provides input and output data alignment for optimal performance
/// \return the input data alignment that provides optimal performance
/// \sa GetAlignment() and OptimalBlockSize()
virtual unsigned int OptimalDataAlignment() const;
/// \brief Encrypt or decrypt an array of bytes
/// \param outString the output byte buffer
/// \param inString the input byte buffer
/// \param length the size of the input and output byte buffers, in bytes
/// \details ProcessData is called with a string of bytes whose size depends on MandatoryBlockSize.
/// Either inString == outString, or they must not overlap.
/// \sa ProcessData, ProcessLastBlock, MandatoryBlockSize, MinLastBlockSize, BlockPaddingSchemeDef, IsLastBlockSpecial
virtual void ProcessData(byte *outString, const byte *inString, size_t length) =0;
/// \brief Encrypt or decrypt the last block of data
/// \param outString the output byte buffer
/// \param outLength the size of the output byte buffer, in bytes
/// \param inString the input byte buffer
/// \param inLength the size of the input byte buffer, in bytes
/// \returns the number of bytes used in outString
/// \details ProcessLastBlock is used when the last block of data is special and requires handling
/// by the cipher. The current implementation provides an output buffer with a size
/// inLength+2*MandatoryBlockSize(). The return value allows the cipher to expand cipher
/// text during encryption or shrink plain text during decryption.
/// \details This member function is used by CBC-CTS and OCB modes.
/// \sa ProcessData, ProcessLastBlock, MandatoryBlockSize, MinLastBlockSize, BlockPaddingSchemeDef, IsLastBlockSpecial
virtual size_t ProcessLastBlock(byte *outString, size_t outLength, const byte *inString, size_t inLength);
/// \brief Provides the size of the last block
/// \returns the minimum size of the last block
/// \details MinLastBlockSize() returns the minimum size of the last block. 0 indicates the last
/// block is not special.
/// \details MandatoryBlockSize() enlists one of two behaviors. First, if MandatoryBlockSize()
/// returns 1, then the cipher can be streamed and ProcessData() is called with the tail bytes.
/// Second, if MandatoryBlockSize() returns non-0, then the string of bytes is padded to
/// MandatoryBlockSize() according to the padding mode. Then, ProcessData() is called with the
/// padded string of bytes.
/// \details Some authenticated encryption modes are not expressed well with MandatoryBlockSize()
/// and MinLastBlockSize(). For example, AES/OCB uses 16-byte blocks (MandatoryBlockSize = 16)
/// and the last block requires special processing (MinLastBlockSize = 0). However, 0 is a valid
/// last block size for OCB and the special processing is custom padding, and not standard PKCS
/// padding. In response an unambiguous IsLastBlockSpecial() was added.
/// \sa ProcessData, ProcessLastBlock, MandatoryBlockSize, MinLastBlockSize, BlockPaddingSchemeDef, IsLastBlockSpecial
virtual unsigned int MinLastBlockSize() const {return 0;}
/// \brief Determines if the last block receives special processing
/// \returns true if the last block reveives special processing, false otherwise.
/// \details Some authenticated encryption modes are not expressed well with
/// MandatoryBlockSize() and MinLastBlockSize(). For example, AES/OCB uses
/// 16-byte blocks (MandatoryBlockSize = 16) and the last block requires special processing
/// (MinLastBlockSize = 0). However, 0 is a valid last block size for OCB and the special
/// processing is custom padding, and not standard PKCS padding. In response an
/// unambiguous IsLastBlockSpecial() was added.
/// \details When IsLastBlockSpecial() returns false nothing special happens. All the former
/// rules and behaviors apply. This is the default behavior of IsLastBlockSpecial().
/// \details When IsLastBlockSpecial() returns true four things happen. First, MinLastBlockSize = 0
/// means 0 is a valid block size that should be processed. Second, standard block cipher padding is
/// \a not \a applied. Third, the caller supplies an outString is larger than inString by
/// 2*MandatoryBlockSize(). That is, there's a reserve available when processing the last block.
/// Fourth, the cipher is responsible for finalization like custom padding. The cipher will tell
/// the library how many bytes were processed or used by returning the appropriate value from
/// ProcessLastBlock().
/// \details The return value of ProcessLastBlock() indicates how many bytes were written to
/// outString. A filter pipelining data will send outString and up to outLength
/// to an AttachedTransformation() for additional processing. Below is an example of the code
/// used in StreamTransformationFilter::LastPut.
/// if (m_cipher.IsLastBlockSpecial())
/// {
/// size_t reserve = 2*m_cipher.MandatoryBlockSize();
/// space = HelpCreatePutSpace(*AttachedTransformation(), DEFAULT_CHANNEL, length+reserve);
/// length = m_cipher.ProcessLastBlock(space, length+reserve, inString, length);
/// AttachedTransformation()->Put(space, length);
/// return;
/// }
/// \sa ProcessData, ProcessLastBlock, MandatoryBlockSize, MinLastBlockSize, BlockPaddingSchemeDef, IsLastBlockSpecial
/// \since Crypto++ 6.0
virtual bool IsLastBlockSpecial() const {return false;}
/// \brief Encrypt or decrypt a string of bytes
/// \param inoutString the string to process
/// \param length the size of the inoutString, in bytes
/// \details Internally, the base class implementation calls ProcessData().
inline void ProcessString(byte *inoutString, size_t length)
{ProcessData(inoutString, inoutString, length);}
/// \brief Encrypt or decrypt a string of bytes
/// \param outString the output string to process
/// \param inString the input string to process
/// \param length the size of the input and output strings, in bytes
/// \details Internally, the base class implementation calls ProcessData().
inline void ProcessString(byte *outString, const byte *inString, size_t length)
{ProcessData(outString, inString, length);}
/// \brief Encrypt or decrypt a byte
/// \param input the input byte to process
/// \details Internally, the base class implementation calls ProcessData() with a size of 1.
inline byte ProcessByte(byte input)
{ProcessData(&input, &input, 1); return input;}
/// \brief Determines whether the cipher supports random access
/// \returns true if the cipher supports random access, false otherwise
virtual bool IsRandomAccess() const =0;
/// \brief Seek to an absolute position
/// \param pos position to seek
/// \throws NotImplemented
/// \details The base class implementation throws NotImplemented. The function
/// \ref CRYPTOPP_ASSERT "asserts" IsRandomAccess() in debug builds.
virtual void Seek(lword pos)
{
CRYPTOPP_UNUSED(pos);
CRYPTOPP_ASSERT(!IsRandomAccess());
throw NotImplemented("StreamTransformation: this object doesn't support random access");
}
/// \brief Determines whether the cipher is self-inverting
/// \returns true if the cipher is self-inverting, false otherwise
/// \details IsSelfInverting determines whether this transformation is
/// self-inverting (e.g. xor with a keystream).
virtual bool IsSelfInverting() const =0;
/// \brief Determines if the cipher is being operated in its forward direction
/// \returns true if DIR is ENCRYPTION, false otherwise
/// \sa IsForwardTransformation(), IsPermutation(), GetCipherDirection()
virtual bool IsForwardTransformation() const =0;
};
/// \brief Interface for hash functions and data processing part of MACs
/// \details HashTransformation objects are stateful. They are created in an initial state,
/// change state as Update() is called, and return to the initial
/// state when Final() is called. This interface allows a large message to
/// be hashed in pieces by calling Update() on each piece followed by
/// calling Final().
/// \sa HashFilter(), HashVerificationFilter()
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE HashTransformation : public Algorithm
{
public:
virtual ~HashTransformation() {}
/// \brief Provides a reference to this object
/// \return A reference to this object
/// \details Useful for passing a temporary object to a function that takes a non-const reference
HashTransformation& Ref() {return *this;}
/// \brief Updates a hash with additional input
/// \param input the additional input as a buffer
/// \param length the size of the buffer, in bytes
virtual void Update(const byte *input, size_t length) =0;
/// \brief Request space which can be written into by the caller
/// \param size the requested size of the buffer
/// \details The purpose of this method is to help avoid extra memory allocations.
/// \details size is an \a IN and \a OUT parameter and used as a hint. When the call is made,
/// size is the requested size of the buffer. When the call returns, size is the size of
/// the array returned to the caller.
/// \details The base class implementation sets size to 0 and returns NULL or nullptr.
/// \note Some objects, like ArraySink, cannot create a space because its fixed.
virtual byte * CreateUpdateSpace(size_t &size) {size=0; return NULLPTR;}
/// \brief Computes the hash of the current message
/// \param digest a pointer to the buffer to receive the hash
/// \details Final() restarts the hash for a new message.
/// \pre COUNTOF(digest) == DigestSize() or COUNTOF(digest) == HASH::DIGESTSIZE ensures
/// the output byte buffer is large enough for the digest.
virtual void Final(byte *digest)
{TruncatedFinal(digest, DigestSize());}
/// \brief Restart the hash
/// \details Discards the current state, and restart for a new message
virtual void Restart()
{TruncatedFinal(NULLPTR, 0);}
/// Provides the digest size of the hash
/// \return the digest size of the hash.
virtual unsigned int DigestSize() const =0;
/// Provides the tag size of the hash
/// \return the tag size of the hash.
/// \details Same as DigestSize().
unsigned int TagSize() const {return DigestSize();}
/// \brief Provides the block size of the compression function
/// \return the block size of the compression function, in bytes
/// \details BlockSize() will return 0 if the hash is not block based. For example,
/// SHA3 is a recursive hash (not an iterative hash), and it does not have a block size.
virtual unsigned int BlockSize() const {return 0;}
/// \brief Provides the input block size most efficient for this hash.
/// \return The input block size that is most efficient for the cipher
/// \details The base class implementation returns MandatoryBlockSize().
/// \details Optimal input length is
/// n * OptimalBlockSize() - GetOptimalBlockSizeUsed() for any n \> 0.
virtual unsigned int OptimalBlockSize() const {return 1;}
/// \brief Provides input and output data alignment for optimal performance
/// \return the input data alignment that provides optimal performance
/// \sa GetAlignment() and OptimalBlockSize()
virtual unsigned int OptimalDataAlignment() const;
/// \brief Updates the hash with additional input and computes the hash of the current message
/// \param digest a pointer to the buffer to receive the hash
/// \param input the additional input as a buffer
/// \param length the size of the buffer, in bytes
/// \details Use this if your input is in one piece and you don't want to call Update()
/// and Final() separately
/// \details CalculateDigest() restarts the hash for the next message.
/// \pre COUNTOF(digest) == DigestSize() or COUNTOF(digest) == HASH::DIGESTSIZE ensures
/// the output byte buffer is large enough for the digest.
virtual void CalculateDigest(byte *digest, const byte *input, size_t length)
{Update(input, length); Final(digest);}
/// \brief Verifies the hash of the current message
/// \param digest a pointer to the buffer of an \a existing hash
/// \return \p true if the existing hash matches the computed hash, \p false otherwise
/// \throws ThrowIfInvalidTruncatedSize() if the existing hash's size exceeds DigestSize()
/// \details Verify() performs a bitwise compare on the buffers using VerifyBufsEqual(), which is
/// a constant time comparison function. digestLength cannot exceed DigestSize().
/// \details Verify() restarts the hash for the next message.
/// \pre COUNTOF(digest) == DigestSize() or COUNTOF(digest) == HASH::DIGESTSIZE ensures
/// the output byte buffer is large enough for the digest.
virtual bool Verify(const byte *digest)
{return TruncatedVerify(digest, DigestSize());}
/// \brief Updates the hash with additional input and verifies the hash of the current message
/// \param digest a pointer to the buffer of an \a existing hash
/// \param input the additional input as a buffer
/// \param length the size of the buffer, in bytes
/// \return \p true if the existing hash matches the computed hash, \p false otherwise
/// \throws ThrowIfInvalidTruncatedSize() if the existing hash's size exceeds DigestSize()
/// \details Use this if your input is in one piece and you don't want to call Update()
/// and Verify() separately
/// \details VerifyDigest() performs a bitwise compare on the buffers using VerifyBufsEqual(),
/// which is a constant time comparison function. digestLength cannot exceed DigestSize().
/// \details VerifyDigest() restarts the hash for the next message.
/// \pre COUNTOF(digest) == DigestSize() or COUNTOF(digest) == HASH::DIGESTSIZE ensures
/// the output byte buffer is large enough for the digest.
virtual bool VerifyDigest(const byte *digest, const byte *input, size_t length)
{Update(input, length); return Verify(digest);}
/// \brief Computes the hash of the current message
/// \param digest a pointer to the buffer to receive the hash
/// \param digestSize the size of the truncated digest, in bytes
/// \details TruncatedFinal() call Final() and then copies digestSize bytes to digest.
/// The hash is restarted the hash for the next message.
virtual void TruncatedFinal(byte *digest, size_t digestSize) =0;
/// \brief Updates the hash with additional input and computes the hash of the current message
/// \param digest a pointer to the buffer to receive the hash
/// \param digestSize the length of the truncated hash, in bytes
/// \param input the additional input as a buffer
/// \param length the size of the buffer, in bytes
/// \details Use this if your input is in one piece and you don't want to call Update()
/// and CalculateDigest() separately.
/// \details CalculateTruncatedDigest() restarts the hash for the next message.
/// \pre COUNTOF(digest) == DigestSize() or COUNTOF(digest) == HASH::DIGESTSIZE ensures
/// the output byte buffer is large enough for the digest.
virtual void CalculateTruncatedDigest(byte *digest, size_t digestSize, const byte *input, size_t length)
{Update(input, length); TruncatedFinal(digest, digestSize);}
/// \brief Verifies the hash of the current message
/// \param digest a pointer to the buffer of an \a existing hash
/// \param digestLength the size of the truncated hash, in bytes
/// \return \p true if the existing hash matches the computed hash, \p false otherwise
/// \throws ThrowIfInvalidTruncatedSize() if digestLength exceeds DigestSize()
/// \details TruncatedVerify() is a truncated version of Verify(). It can operate on a
/// buffer smaller than DigestSize(). However, digestLength cannot exceed DigestSize().
/// \details Verify() performs a bitwise compare on the buffers using VerifyBufsEqual(), which is
/// a constant time comparison function. digestLength cannot exceed DigestSize().
/// \details TruncatedVerify() restarts the hash for the next message.
virtual bool TruncatedVerify(const byte *digest, size_t digestLength);
/// \brief Updates the hash with additional input and verifies the hash of the current message
/// \param digest a pointer to the buffer of an \a existing hash
/// \param digestLength the size of the truncated hash, in bytes
/// \param input the additional input as a buffer
/// \param length the size of the buffer, in bytes
/// \return \p true if the existing hash matches the computed hash, \p false otherwise
/// \throws ThrowIfInvalidTruncatedSize() if digestLength exceeds DigestSize()
/// \details Use this if your input is in one piece and you don't want to call Update()
/// and TruncatedVerify() separately.
/// \details VerifyTruncatedDigest() is a truncated version of VerifyDigest(). It can operate
/// on a buffer smaller than DigestSize(). However, digestLength cannot exceed DigestSize().
/// \details VerifyTruncatedDigest() restarts the hash for the next message.
/// \pre COUNTOF(digest) == DigestSize() or COUNTOF(digest) == HASH::DIGESTSIZE ensures
/// the output byte buffer is large enough for the digest.
virtual bool VerifyTruncatedDigest(const byte *digest, size_t digestLength, const byte *input, size_t length)
{Update(input, length); return TruncatedVerify(digest, digestLength);}
protected:
/// \brief Validates a truncated digest size
/// \param size the requested digest size
/// \throws InvalidArgument if the algorithm's digest size cannot be truncated to the requested size
/// \details Throws an exception when the truncated digest size is greater than DigestSize()
void ThrowIfInvalidTruncatedSize(size_t size) const;
};
/// \brief Interface for one direction (encryption or decryption) of a block cipher
/// \details These objects usually should not be used directly. See BlockTransformation for more details.
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE BlockCipher : public SimpleKeyingInterface, public BlockTransformation
{
protected:
const Algorithm & GetAlgorithm() const {return *this;}
};
/// \brief Interface for one direction (encryption or decryption) of a stream cipher or cipher mode
/// \details These objects usually should not be used directly. See StreamTransformation for more details.
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE SymmetricCipher : public SimpleKeyingInterface, public StreamTransformation
{
protected:
const Algorithm & GetAlgorithm() const {return *this;}
};
/// \brief Interface for message authentication codes
/// \details These objects usually should not be used directly. See HashTransformation for more details.
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE MessageAuthenticationCode : public SimpleKeyingInterface, public HashTransformation
{
protected:
const Algorithm & GetAlgorithm() const {return *this;}
};
/// \brief Interface for authenticated encryption modes of operation
/// \details AuthenticatedSymmetricCipher() provides the interface for one direction
/// (encryption or decryption) of a stream cipher or block cipher mode with authentication. The
/// StreamTransformation() part of this interface is used to encrypt or decrypt the data. The
/// MessageAuthenticationCode() part of the interface is used to input additional authenticated
/// data (AAD), which is MAC'ed but not encrypted. The MessageAuthenticationCode() part is also
/// used to generate and verify the MAC.
/// \details Crypto++ provides four authenticated encryption modes of operation - CCM, EAX, GCM
/// and OCB mode. All modes implement AuthenticatedSymmetricCipher() and the motivation for
/// the API, like calling AAD a "header", can be found in Bellare, Rogaway and
/// Wagner's The EAX Mode of
/// Operation. The EAX paper suggested a basic API to help standardize AEAD schemes in
/// software and promote adoption of the modes.
/// \sa Authenticated
/// Encryption on the Crypto++ wiki.
/// \since Crypto++ 5.6.0
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AuthenticatedSymmetricCipher : public MessageAuthenticationCode, public StreamTransformation
{
public:
virtual ~AuthenticatedSymmetricCipher() {}
/// \brief Exception thrown when the object is in the wrong state for the operation
/// \details this indicates that a member function was called in the wrong state, for example trying to encrypt
/// a message before having set the key or IV
class BadState : public Exception
{
public:
explicit BadState(const std::string &name, const char *message) : Exception(OTHER_ERROR, name + ": " + message) {}
explicit BadState(const std::string &name, const char *function, const char *state) : Exception(OTHER_ERROR, name + ": " + function + " was called before " + state) {}
};
/// \brief Provides the maximum length of AAD that can be input
/// \return the maximum length of AAD that can be input before the encrypted data
virtual lword MaxHeaderLength() const =0;
/// \brief Provides the maximum length of encrypted data
/// \return the maximum length of encrypted data
virtual lword MaxMessageLength() const =0;
/// \brief Provides the the maximum length of AAD
/// \return the maximum length of AAD that can be input after the encrypted data
virtual lword MaxFooterLength() const {return 0;}
/// \brief Determines if data lengths must be specified prior to inputting data
/// \return true if the data lengths are required before inputting data, false otherwise
/// \details if this function returns true, SpecifyDataLengths() must be called before attempting to input data.
/// This is the case for some schemes, such as CCM.
/// \sa SpecifyDataLengths()
virtual bool NeedsPrespecifiedDataLengths() const {return false;}
/// \brief Prescribes the data lengths
/// \param headerLength size of data before message is input, in bytes
/// \param messageLength size of the message, in bytes
/// \param footerLength size of data after message is input, in bytes
/// \details SpecifyDataLengths() only needs to be called if NeedsPrespecifiedDataLengths() returns true.
/// If true, then headerLength will be validated against MaxHeaderLength(),
/// messageLength will be validated against MaxMessageLength(), and
/// footerLength will be validated against MaxFooterLength().
/// \sa NeedsPrespecifiedDataLengths()
void SpecifyDataLengths(lword headerLength, lword messageLength, lword footerLength=0);
/// \brief Encrypts and calculates a MAC in one call
/// \param ciphertext the encryption buffer
/// \param mac the mac buffer
/// \param macSize the size of the MAC buffer, in bytes
/// \param iv the iv buffer
/// \param ivLength the size of the IV buffer, in bytes
/// \param header the AAD buffer
/// \param headerLength the size of the AAD buffer, in bytes
/// \param message the message buffer
/// \param messageLength the size of the messagetext buffer, in bytes
/// \details EncryptAndAuthenticate() encrypts and generates the MAC in one call. The function
/// truncates the MAC if macSize < TagSize().
virtual void EncryptAndAuthenticate(byte *ciphertext, byte *mac, size_t macSize, const byte *iv, int ivLength, const byte *header, size_t headerLength, const byte *message, size_t messageLength);
/// \brief Decrypts and verifies a MAC in one call
/// \param message the decryption buffer
/// \param mac the mac buffer
/// \param macSize the size of the MAC buffer, in bytes
/// \param iv the iv buffer
/// \param ivLength the size of the IV buffer, in bytes
/// \param header the AAD buffer
/// \param headerLength the size of the AAD buffer, in bytes
/// \param ciphertext the ciphertext buffer
/// \param ciphertextLength the size of the ciphertext buffer, in bytes
/// \return true if the MAC is valid and the decoding succeeded, false otherwise
/// \details DecryptAndVerify() decrypts and verifies the MAC in one call.
/// message is a decryption buffer and should be at least as large as the ciphertext buffer.
/// \details The function returns true iff MAC is valid. DecryptAndVerify() assumes the MAC
/// is truncated if macLength < TagSize().
virtual bool DecryptAndVerify(byte *message, const byte *mac, size_t macSize, const byte *iv, int ivLength, const byte *header, size_t headerLength, const byte *ciphertext, size_t ciphertextLength);
/// \brief Provides the name of this algorithm
/// \return the standard algorithm name
/// \details The standard algorithm name can be a name like \a AES or \a AES/GCM. Some algorithms
/// do not have standard names yet. For example, there is no standard algorithm name for
/// Shoup's ECIES.
virtual std::string AlgorithmName() const;
protected:
const Algorithm & GetAlgorithm() const
{return *static_cast
/// StringSource ss(str, false, new Redirector(TheBitBucket()));
/// ss.Pump(10); // Skip 10 bytes from Source
/// ss.Detach(new FilterChain(...));
/// ss.PumpAll();
///
virtual lword Skip(lword skipMax=LWORD_MAX);
/// copy copyMax bytes of the buffered output to target as input
/// \brief Copy bytes from this object to another BufferedTransformation
/// \param target the destination BufferedTransformation
/// \param copyMax the number of bytes to copy
/// \param channel the channel on which the transfer should occur
/// \return the number of bytes copied during the call.
/// \details CopyTo copies bytes from this object to the destination. The bytes are not removed from this object.
/// \details The function always returns copyMax. If an accurate count is needed, then use CopyRangeTo2().
lword CopyTo(BufferedTransformation &target, lword copyMax=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL) const
{return CopyRangeTo(target, 0, copyMax, channel);}
/// \brief Copy bytes from this object using an index to another BufferedTransformation
/// \param target the destination BufferedTransformation
/// \param position the 0-based index of the byte stream to begin the copying
/// \param copyMax the number of bytes to copy
/// \param channel the channel on which the transfer should occur
/// \return the number of bytes copied during the call.
/// \details CopyTo copies bytes from this object to the destination. The bytes remain in this
/// object. Copying begins at the index position in the current stream, and not from an absolute
/// position in the stream.
/// \details The function returns the new position in the stream after transferring the bytes starting at the index.
lword CopyRangeTo(BufferedTransformation &target, lword position, lword copyMax=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL) const
{lword i = position; CopyRangeTo2(target, i, i+copyMax, channel); return i-position;}
//@}
/// \name RETRIEVAL OF MULTIPLE MESSAGES
//@{
/// \brief Provides the number of bytes ready for retrieval
/// \return the number of bytes ready for retrieval
virtual lword TotalBytesRetrievable() const;
/// \brief Provides the number of meesages processed by this object
/// \return the number of meesages processed by this object
/// \details NumberOfMessages returns number of times MessageEnd() has been
/// received minus messages retrieved or skipped
virtual unsigned int NumberOfMessages() const;
/// \brief Determines if any messages are available for retrieval
/// \returns true if NumberOfMessages() > 0, false otherwise
/// \details AnyMessages returns true if NumberOfMessages() > 0
virtual bool AnyMessages() const;
/// \brief Start retrieving the next message
/// \return true if a message is ready for retrieval
/// \details GetNextMessage() returns true if a message is ready for retrieval; false
/// if no more messages exist or this message is not completely retrieved.
virtual bool GetNextMessage();
/// \brief Skip a number of meessages
/// \return 0 if the requested number of messages was skipped, non-0 otherwise
/// \details SkipMessages() skips count number of messages. If there is an AttachedTransformation()
/// then SkipMessages() is called on the attached transformation. If there is no attached
/// transformation, then count number of messages are sent to TheBitBucket() using TransferMessagesTo().
virtual unsigned int SkipMessages(unsigned int count=UINT_MAX);
/// \brief Transfer messages from this object to another BufferedTransformation
/// \param target the destination BufferedTransformation
/// \param count the number of messages to transfer
/// \param channel the channel on which the transfer should occur
/// \return the number of bytes that remain in the current transfer block (i.e., bytes not transferred)
/// \details TransferMessagesTo2() removes messages from this object and moves them to the destination.
/// If all bytes are not transferred for a message, then processing stops and the number of remaining
/// bytes is returned. TransferMessagesTo() does not proceed to the next message.
/// \details A return value of 0 indicates all messages were successfully transferred.
unsigned int TransferMessagesTo(BufferedTransformation &target, unsigned int count=UINT_MAX, const std::string &channel=DEFAULT_CHANNEL)
{TransferMessagesTo2(target, count, channel); return count;}
/// \brief Copy messages from this object to another BufferedTransformation
/// \param target the destination BufferedTransformation
/// \param count the number of messages to transfer
/// \param channel the channel on which the transfer should occur
/// \return the number of bytes that remain in the current transfer block (i.e., bytes not transferred)
/// \details CopyMessagesTo copies messages from this object and copies them to the destination.
/// If all bytes are not transferred for a message, then processing stops and the number of remaining
/// bytes is returned. CopyMessagesTo() does not proceed to the next message.
/// \details A return value of 0 indicates all messages were successfully copied.
unsigned int CopyMessagesTo(BufferedTransformation &target, unsigned int count=UINT_MAX, const std::string &channel=DEFAULT_CHANNEL) const;
/// \brief Skip all messages in the series
virtual void SkipAll();
/// \brief Transfer all bytes from this object to another BufferedTransformation
/// \param target the destination BufferedTransformation
/// \param channel the channel on which the transfer should occur
/// \details TransferMessagesTo2() removes messages from this object and moves them to the destination.
/// Internally TransferAllTo() calls TransferAllTo2().
void TransferAllTo(BufferedTransformation &target, const std::string &channel=DEFAULT_CHANNEL)
{TransferAllTo2(target, channel);}
/// \brief Copy messages from this object to another BufferedTransformation
/// \param target the destination BufferedTransformation
/// \param channel the channel on which the transfer should occur
/// \details CopyAllTo copies messages from this object and copies them to the destination.
void CopyAllTo(BufferedTransformation &target, const std::string &channel=DEFAULT_CHANNEL) const;
/// \brief Retrieve the next message in a series
/// \return true if a message was retreved, false otherwise
/// \details Internally, the base class implementation returns false.
virtual bool GetNextMessageSeries() {return false;}
/// \brief Provides the number of messages in a series
/// \return the number of messages in this series
virtual unsigned int NumberOfMessagesInThisSeries() const {return NumberOfMessages();}
/// \brief Provides the number of messages in a series
/// \return the number of messages in this series
virtual unsigned int NumberOfMessageSeries() const {return 0;}
//@}
/// \name NON-BLOCKING TRANSFER OF OUTPUT
//@{
// upon return, byteCount contains number of bytes that have finished being transferred,
// and returns the number of bytes left in the current transfer block
/// \brief Transfer bytes from this object to another BufferedTransformation
/// \param target the destination BufferedTransformation
/// \param byteCount the number of bytes to transfer
/// \param channel the channel on which the transfer should occur
/// \param blocking specifies whether the object should block when processing input
/// \return the number of bytes that remain in the transfer block (i.e., bytes not transferred)
/// \details TransferTo() removes bytes from this object and moves them to the destination.
/// Transfer begins at the index position in the current stream, and not from an absolute
/// position in the stream.
/// \details byteCount is an \a IN and \a OUT parameter. When the call is made,
/// byteCount is the requested size of the transfer. When the call returns, byteCount is
/// the number of bytes that were transferred.
virtual size_t TransferTo2(BufferedTransformation &target, lword &byteCount, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) =0;
// upon return, begin contains the start position of data yet to be finished copying,
// and returns the number of bytes left in the current transfer block
/// \brief Copy bytes from this object to another BufferedTransformation
/// \param target the destination BufferedTransformation
/// \param begin the 0-based index of the first byte to copy in the stream
/// \param end the 0-based index of the last byte to copy in the stream
/// \param channel the channel on which the transfer should occur
/// \param blocking specifies whether the object should block when processing input
/// \return the number of bytes that remain in the copy block (i.e., bytes not copied)
/// \details CopyRangeTo2 copies bytes from this object to the destination. The bytes are not
/// removed from this object. Copying begins at the index position in the current stream, and
/// not from an absolute position in the stream.
/// \details begin is an \a IN and \a OUT parameter. When the call is made, begin is the
/// starting position of the copy. When the call returns, begin is the position of the first
/// byte that was \a not copied (which may be different than end). begin can be used for
/// subsequent calls to CopyRangeTo2().
virtual size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const =0;
// upon return, messageCount contains number of messages that have finished being transferred,
// and returns the number of bytes left in the current transfer block
/// \brief Transfer messages from this object to another BufferedTransformation
/// \param target the destination BufferedTransformation
/// \param messageCount the number of messages to transfer
/// \param channel the channel on which the transfer should occur
/// \param blocking specifies whether the object should block when processing input
/// \return the number of bytes that remain in the current transfer block (i.e., bytes not transferred)
/// \details TransferMessagesTo2() removes messages from this object and moves them to the destination.
/// \details messageCount is an \a IN and \a OUT parameter. When the call is made, messageCount is the
/// the number of messages requested to be transferred. When the call returns, messageCount is the
/// number of messages actually transferred.
size_t TransferMessagesTo2(BufferedTransformation &target, unsigned int &messageCount, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true);
// returns the number of bytes left in the current transfer block
/// \brief Transfer all bytes from this object to another BufferedTransformation
/// \param target the destination BufferedTransformation
/// \param channel the channel on which the transfer should occur
/// \param blocking specifies whether the object should block when processing input
/// \return the number of bytes that remain in the current transfer block (i.e., bytes not transferred)
/// \details TransferMessagesTo2() removes messages from this object and moves them to the destination.
size_t TransferAllTo2(BufferedTransformation &target, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true);
//@}
/// \name CHANNELS
//@{
/// \brief Exception thrown when a filter does not support named channels
struct NoChannelSupport : public NotImplemented
{NoChannelSupport(const std::string &name) : NotImplemented(name + ": this object doesn't support multiple channels") {}};
/// \brief Exception thrown when a filter does not recognize a named channel
struct InvalidChannelName : public InvalidArgument
{InvalidChannelName(const std::string &name, const std::string &channel) : InvalidArgument(name + ": unexpected channel name \"" + channel + "\"") {}};
/// \brief Input a byte for processing on a channel
/// \param channel the channel to process the data.
/// \param inByte the 8-bit byte (octet) to be processed.
/// \param blocking specifies whether the object should block when processing input.
/// \return 0 indicates all bytes were processed during the call. Non-0 indicates the
/// number of bytes that were not processed.
size_t ChannelPut(const std::string &channel, byte inByte, bool blocking=true)
{return ChannelPut(channel, &inByte, 1, blocking);}
/// \brief Input a byte buffer for processing on a channel
/// \param channel the channel to process the data
/// \param inString the byte buffer to process
/// \param length the size of the string, in bytes
/// \param blocking specifies whether the object should block when processing input
/// \return 0 indicates all bytes were processed during the call. Non-0 indicates the
/// number of bytes that were not processed.
size_t ChannelPut(const std::string &channel, const byte *inString, size_t length, bool blocking=true)
{return ChannelPut2(channel, inString, length, 0, blocking);}
/// \brief Input multiple bytes that may be modified by callee on a channel
/// \param channel the channel to process the data.
/// \param inString the byte buffer to process
/// \param length the size of the string, in bytes
/// \param blocking specifies whether the object should block when processing input
/// \return 0 indicates all bytes were processed during the call. Non-0 indicates the
/// number of bytes that were not processed.
size_t ChannelPutModifiable(const std::string &channel, byte *inString, size_t length, bool blocking=true)
{return ChannelPutModifiable2(channel, inString, length, 0, blocking);}
/// \brief Input a 16-bit word for processing on a channel.
/// \param channel the channel to process the data.
/// \param value the 16-bit value to be processed.
/// \param order the ByteOrder of the value to be processed.
/// \param blocking specifies whether the object should block when processing input.
/// \return 0 indicates all bytes were processed during the call. Non-0 indicates the
/// number of bytes that were not processed.
size_t ChannelPutWord16(const std::string &channel, word16 value, ByteOrder order=BIG_ENDIAN_ORDER, bool blocking=true);
/// \brief Input a 32-bit word for processing on a channel.
/// \param channel the channel to process the data.
/// \param value the 32-bit value to be processed.
/// \param order the ByteOrder of the value to be processed.
/// \param blocking specifies whether the object should block when processing input.
/// \return 0 indicates all bytes were processed during the call. Non-0 indicates the
/// number of bytes that were not processed.
size_t ChannelPutWord32(const std::string &channel, word32 value, ByteOrder order=BIG_ENDIAN_ORDER, bool blocking=true);
/// \brief Signal the end of a message
/// \param channel the channel to process the data.
/// \param propagation the number of attached transformations the ChannelMessageEnd() signal should be passed
/// \param blocking specifies whether the object should block when processing input
/// \return 0 indicates all bytes were processed during the call. Non-0 indicates the
/// number of bytes that were not processed.
/// \details propagation count includes this object. Setting propagation to 1 means this
/// object only. Setting propagation to -1 means unlimited propagation.
bool ChannelMessageEnd(const std::string &channel, int propagation=-1, bool blocking=true)
{return !!ChannelPut2(channel, NULLPTR, 0, propagation < 0 ? -1 : propagation+1, blocking);}
/// \brief Input multiple bytes for processing and signal the end of a message
/// \param channel the channel to process the data.
/// \param inString the byte buffer to process
/// \param length the size of the string, in bytes
/// \param propagation the number of attached transformations the ChannelPutMessageEnd() signal should be passed
/// \param blocking specifies whether the object should block when processing input
/// \return the number of bytes that remain in the block (i.e., bytes not processed)
/// \details propagation count includes this object. Setting propagation to 1 means this
/// object only. Setting propagation to -1 means unlimited propagation.
size_t ChannelPutMessageEnd(const std::string &channel, const byte *inString, size_t length, int propagation=-1, bool blocking=true)
{return ChannelPut2(channel, inString, length, propagation < 0 ? -1 : propagation+1, blocking);}
/// \brief Request space which can be written into by the caller
/// \param channel the channel to process the data
/// \param size the requested size of the buffer
/// \return a pointer to a memory block with length size
/// \details The purpose of this method is to help avoid extra memory allocations.
/// \details size is an \a IN and \a OUT parameter and used as a hint. When the call is made,
/// size is the requested size of the buffer. When the call returns, size is the size of
/// the array returned to the caller.
/// \details The base class implementation sets size to 0 and returns NULL.
/// \note Some objects, like ArraySink(), cannot create a space because its fixed. In the case of
/// an ArraySink(), the pointer to the array is returned and the size is remaining size.
virtual byte * ChannelCreatePutSpace(const std::string &channel, size_t &size);
/// \brief Input multiple bytes for processing on a channel.
/// \param channel the channel to process the data.
/// \param inString the byte buffer to process.
/// \param length the size of the string, in bytes.
/// \param messageEnd means how many filters to signal MessageEnd() to, including this one.
/// \param blocking specifies whether the object should block when processing input.
/// \return the number of bytes that remain in the block (i.e., bytes not processed)
virtual size_t ChannelPut2(const std::string &channel, const byte *inString, size_t length, int messageEnd, bool blocking);
/// \brief Input multiple bytes that may be modified by callee on a channel
/// \param channel the channel to process the data
/// \param inString the byte buffer to process
/// \param length the size of the string, in bytes
/// \param messageEnd means how many filters to signal MessageEnd() to, including this one
/// \param blocking specifies whether the object should block when processing input
/// \return the number of bytes that remain in the block (i.e., bytes not processed)
virtual size_t ChannelPutModifiable2(const std::string &channel, byte *inString, size_t length, int messageEnd, bool blocking);
/// \brief Flush buffered input and/or output on a channel
/// \param channel the channel to flush the data
/// \param hardFlush is used to indicate whether all data should be flushed
/// \param propagation the number of attached transformations the ChannelFlush() signal should be passed
/// \param blocking specifies whether the object should block when processing input
/// \return true of the Flush was successful
/// \details propagation count includes this object. Setting propagation to 1 means this
/// object only. Setting propagation to -1 means unlimited propagation.
virtual bool ChannelFlush(const std::string &channel, bool hardFlush, int propagation=-1, bool blocking=true);
/// \brief Marks the end of a series of messages on a channel
/// \param channel the channel to signal the end of a series of messages
/// \param propagation the number of attached transformations the ChannelMessageSeriesEnd() signal should be passed
/// \param blocking specifies whether the object should block when processing input
/// \details Each object that receives the signal will perform its processing, decrement
/// propagation, and then pass the signal on to attached transformations if the value is not 0.
/// \details propagation count includes this object. Setting propagation to 1 means this
/// object only. Setting propagation to -1 means unlimited propagation.
/// \note There should be a MessageEnd() immediately before MessageSeriesEnd().
virtual bool ChannelMessageSeriesEnd(const std::string &channel, int propagation=-1, bool blocking=true);
/// \brief Sets the default retrieval channel
/// \param channel the channel to signal the end of a series of messages
/// \note this function may not be implemented in all objects that should support it.
virtual void SetRetrievalChannel(const std::string &channel);
//@}
/// \name ATTACHMENT
/// \details Some BufferedTransformation objects (e.g. Filter objects) allow other BufferedTransformation objects to be
/// attached. When this is done, the first object instead of buffering its output, sends that output to the attached
/// object as input. The entire attachment chain is deleted when the anchor object is destructed.
//@{
/// \brief Determines whether the object allows attachment
/// \return true if the object allows an attachment, false otherwise
/// \details Sources and Filters will returns true, while Sinks and other objects will return false.
virtual bool Attachable() {return false;}
/// \brief Returns the object immediately attached to this object
/// \return the attached transformation
/// \details AttachedTransformation() returns NULL if there is no attachment. The non-const
/// version of AttachedTransformation() always returns NULL.
virtual BufferedTransformation *AttachedTransformation() {CRYPTOPP_ASSERT(!Attachable()); return NULLPTR;}
/// \brief Returns the object immediately attached to this object
/// \return the attached transformation
/// \details AttachedTransformation() returns NULL if there is no attachment. The non-const
/// version of AttachedTransformation() always returns NULL.
virtual const BufferedTransformation *AttachedTransformation() const
{return const_cast
///
/// \details Level 0 does not require a RandomNumberGenerator. A NullRNG() can be used for level 0.
/// Level 1 may not check for weak keys and such. Levels 2 and 3 are recommended.
/// \sa ThrowIfInvalid()
virtual bool Validate(RandomNumberGenerator &rng, unsigned int level) const =0;
/// \brief Check this object for errors
/// \param rng a RandomNumberGenerator for objects which use randomized testing
/// \param level the level of thoroughness
/// \throws InvalidMaterial
/// \details Internally, ThrowIfInvalid() calls Validate() and throws InvalidMaterial() if validation fails.
/// \sa Validate()
virtual void ThrowIfInvalid(RandomNumberGenerator &rng, unsigned int level) const
{if (!Validate(rng, level)) throw InvalidMaterial("CryptoMaterial: this object contains invalid values");}
/// \brief Saves a key to a BufferedTransformation
/// \param bt the destination BufferedTransformation
/// \throws NotImplemented
/// \details Save() writes the material to a BufferedTransformation.
/// \details If the material is a key, then the key is written with ASN.1 DER encoding. The key
/// includes an object identifier with an algorthm id, like a subjectPublicKeyInfo.
/// \details A "raw" key without the "key info" can be saved using a key's DEREncode() method.
/// \details If a derived class does not override Save(), then the base class throws
/// NotImplemented().
virtual void Save(BufferedTransformation &bt) const
{CRYPTOPP_UNUSED(bt); throw NotImplemented("CryptoMaterial: this object does not support saving");}
/// \brief Loads a key from a BufferedTransformation
/// \param bt the source BufferedTransformation
/// \throws KeyingErr
/// \details Load() attempts to read material from a BufferedTransformation. If the
/// material is a key that was generated outside the library, then the following
/// usually applies:
///
///
/// \details "key info" means the key should have an object identifier with an algorthm id,
/// like a subjectPublicKeyInfo.
/// \details To read a "raw" key without the "key info", then call the key's BERDecode() method.
/// \note Load() generally does not check that the key is valid. Call Validate(), if needed.
virtual void Load(BufferedTransformation &bt)
{CRYPTOPP_UNUSED(bt); throw NotImplemented("CryptoMaterial: this object does not support loading");}
/// \brief Determines whether the object supports precomputation
/// \return true if the object supports precomputation, false otherwise
/// \sa Precompute()
virtual bool SupportsPrecomputation() const {return false;}
/// \brief Perform precomputation
/// \param precomputationStorage the suggested number of objects for the precompute table
/// \throws NotImplemented
/// \details The exact semantics of Precompute() varies, but it typically means calculate
/// a table of n objects that can be used later to speed up computation.
/// \details If a derived class does not override Precompute(), then the base class throws
/// NotImplemented.
/// \sa SupportsPrecomputation(), LoadPrecomputation(), SavePrecomputation()
virtual void Precompute(unsigned int precomputationStorage) {
CRYPTOPP_UNUSED(precomputationStorage); CRYPTOPP_ASSERT(!SupportsPrecomputation());
throw NotImplemented("CryptoMaterial: this object does not support precomputation");
}
/// \brief Retrieve previously saved precomputation
/// \param storedPrecomputation BufferedTransformation with the saved precomputation
/// \throws NotImplemented
/// \sa SupportsPrecomputation(), Precompute()
virtual void LoadPrecomputation(BufferedTransformation &storedPrecomputation)
{CRYPTOPP_UNUSED(storedPrecomputation); CRYPTOPP_ASSERT(!SupportsPrecomputation()); throw NotImplemented("CryptoMaterial: this object does not support precomputation");}
/// \brief Save precomputation for later use
/// \param storedPrecomputation BufferedTransformation to write the precomputation
/// \throws NotImplemented
/// \sa SupportsPrecomputation(), Precompute()
virtual void SavePrecomputation(BufferedTransformation &storedPrecomputation) const
{CRYPTOPP_UNUSED(storedPrecomputation); CRYPTOPP_ASSERT(!SupportsPrecomputation()); throw NotImplemented("CryptoMaterial: this object does not support precomputation");}
/// \brief Perform a quick sanity check
/// \details DoQuickSanityCheck() is for internal library use, and it should not be called by library users.
void DoQuickSanityCheck() const {ThrowIfInvalid(NullRNG(), 0);}
#if defined(__SUNPRO_CC)
// Sun Studio 11/CC 5.8 workaround: it generates incorrect code
// when casting to an empty virtual base class. JW, 2018: It is
// still a problem in Sun Studio 12.6/CC 5.15 on i386. Just enable
// it everywhere in case it affects SPARC (which we don't test).
char m_sunCCworkaround;
#endif
};
/// \brief Interface for generatable crypto material, such as private keys and crypto parameters
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE GeneratableCryptoMaterial : virtual public CryptoMaterial
{
public:
virtual ~GeneratableCryptoMaterial() {}
/// \brief Generate a random key or crypto parameters
/// \param rng a RandomNumberGenerator to produce keying material
/// \param params additional initialization parameters
/// \throws KeyingErr if a key can't be generated or algorithm parameters are invalid
/// \details If a derived class does not override GenerateRandom(), then the base class throws
/// NotImplemented.
virtual void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs ¶ms = g_nullNameValuePairs) {
CRYPTOPP_UNUSED(rng); CRYPTOPP_UNUSED(params);
throw NotImplemented("GeneratableCryptoMaterial: this object does not support key/parameter generation");
}
/// \brief Generate a random key or crypto parameters
/// \param rng a RandomNumberGenerator to produce keying material
/// \param keySize the size of the key, in bits
/// \throws KeyingErr if a key can't be generated or algorithm parameters are invalid
/// \details GenerateRandomWithKeySize calls GenerateRandom() with a NameValuePairs
/// object with only "KeySize"
void GenerateRandomWithKeySize(RandomNumberGenerator &rng, unsigned int keySize);
};
/// \brief Interface for public keys
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PublicKey : virtual public CryptoMaterial
{
};
/// \brief Interface for private keys
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PrivateKey : public GeneratableCryptoMaterial
{
};
/// \brief Interface for crypto prameters
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CryptoParameters : public GeneratableCryptoMaterial
{
};
/// \brief Interface for asymmetric algorithms
/// \details BERDecode() and DEREncode() were removed under Issue 569
/// and Commit 9b174e84de7a. Programs should use AccessMaterial().Load(bt)
/// or AccessMaterial().Save(bt) instead.
/// \sa Issue 569
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AsymmetricAlgorithm : public Algorithm
{
public:
virtual ~AsymmetricAlgorithm() {}
/// \brief Retrieves a reference to CryptoMaterial
/// \return a reference to the crypto material
virtual CryptoMaterial & AccessMaterial() =0;
/// \brief Retrieves a reference to CryptoMaterial
/// \return a const reference to the crypto material
virtual const CryptoMaterial & GetMaterial() const =0;
#if 0
/// \brief Loads this object from a BufferedTransformation
/// \param bt a BufferedTransformation object
/// \details Use of BERDecode() changed to Load() at Issue 569.
/// \deprecated for backwards compatibility, calls AccessMaterial().Load(bt)
void BERDecode(BufferedTransformation &bt)
{AccessMaterial().Load(bt);}
/// \brief Saves this object to a BufferedTransformation
/// \param bt a BufferedTransformation object
/// \details Use of DEREncode() changed to Save() at Issue 569.
/// \deprecated for backwards compatibility, calls GetMaterial().Save(bt)
void DEREncode(BufferedTransformation &bt) const
{GetMaterial().Save(bt);}
#endif
};
/// \brief Interface for asymmetric algorithms using public keys
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PublicKeyAlgorithm : public AsymmetricAlgorithm
{
public:
virtual ~PublicKeyAlgorithm() {}
// VC60 workaround: no co-variant return type
/// \brief Retrieves a reference to a Public Key
/// \return a reference to the public key
CryptoMaterial & AccessMaterial()
{return AccessPublicKey();}
/// \brief Retrieves a reference to a Public Key
/// \return a const reference the public key
const CryptoMaterial & GetMaterial() const
{return GetPublicKey();}
/// \brief Retrieves a reference to a Public Key
/// \return a reference to the public key
virtual PublicKey & AccessPublicKey() =0;
/// \brief Retrieves a reference to a Public Key
/// \return a const reference the public key
virtual const PublicKey & GetPublicKey() const
{return const_cast
/// if (LibraryVersion() != HeaderVersion())
/// {
/// cout << "Potential version mismatch" << endl;
///
/// const int lmaj = (LibraryVersion() / 100U) % 10;
/// const int lmin = (LibraryVersion() / 10U) % 10;
/// const int hmaj = (HeaderVersion() / 100U) % 10;
/// const int hmin = (HeaderVersion() / 10U) % 10;
///
/// if(lmaj != hmaj)
/// cout << "Major version mismatch" << endl;
/// else if(lmin != hmin)
/// cout << "Minor version mismatch" << endl;
/// }
///
/// \sa HeaderVersion(), GitHub Issue 371.
/// \since Crypto++ 6.0
extern "C" {
int LibraryVersion(CRYPTOPP_NOINLINE_DOTDOTDOT);
} // C linkage
/// \brief Specifies the runtime version of the library
/// \returns integer representing the runtime version
/// \details HeaderVersion() can help detect inadvertent mixing and matching of library
/// versions. When using Crypto++ distributed by a third party, HeaderVersion()
/// records the version of the headers used by the app when the app is compiled.
/// \details HeaderVersion() is declared with C linkage (extern "C") within the
/// CryptoPP namespace to help programs locate the symbol. If the symbol is present, then
/// the library version is 5.7 or above. If it is missing, then the library version is
/// 5.6.5 or below.
/// \details The function could be used as shown below.
///
/// if (LibraryVersion() != HeaderVersion())
/// {
/// cout << "Potential version mismatch" << endl;
///
/// const int lmaj = (LibraryVersion() / 100U) % 10;
/// const int lmin = (LibraryVersion() / 10U) % 10;
/// const int hmaj = (HeaderVersion() / 100U) % 10;
/// const int hmin = (HeaderVersion() / 10U) % 10;
///
/// if(lmaj != hmaj)
/// cout << "Major version mismatch" << endl;
/// else if(lmin != hmin)
/// cout << "Minor version mismatch" << endl;
/// }
///
/// \sa LibraryVersion(), GitHub Issue 371.
/// \since Crypto++ 6.0
extern "C" {
inline int HeaderVersion()
{
return CRYPTOPP_VERSION;
}
} // C linkage
NAMESPACE_END
#if CRYPTOPP_MSC_VERSION
# pragma warning(pop)
#endif
#endif