default_8cpp_source.html

 // default.cpp - written and placed in the public domain by Wei Dai

 #include "pch.h"
 #include "config.h"

 #if CRYPTOPP_MSC_VERSION
 # pragma warning(disable: 4127 4189)
 #endif

 #include "cryptlib.h"
 #include "filters.h"
 #include "smartptr.h"
 #include "default.h"
 #include "queue.h"

 #include <time.h>
 #include <memory>

 NAMESPACE_BEGIN(CryptoPP)

 // The purpose of this function Mash() is to take an arbitrary length input
 // string and *deterministicly* produce an arbitrary length output string such
 // that (1) it looks random, (2) no information about the input is
 // deducible from it, and (3) it contains as much entropy as it can hold, or
 // the amount of entropy in the input string, whichever is smaller.

 template <class H>
 static void Mash(const byte *in, size_t inLen, byte *out, size_t outLen, int iterations)
 {
         if (BytePrecision(outLen) > 2)
                 throw InvalidArgument("Mash: output legnth too large");

         size_t bufSize = RoundUpToMultipleOf(outLen, (size_t)H::DIGESTSIZE);
         byte b[2];
         SecByteBlock buf(bufSize);
         SecByteBlock outBuf(bufSize);
         H hash;

         unsigned int i;
         for(i=0; i<outLen; i+=H::DIGESTSIZE)
         {
                 b[0] = (byte) (i >> 8);
                 b[1] = (byte) i;
                 hash.Update(b, 2);
                 hash.Update(in, inLen);
                 hash.Final(outBuf+i);
         }

         while (iterations-- > 1)
         {
                 memcpy(buf, outBuf, bufSize);
                 for (i=0; i<bufSize; i+=H::DIGESTSIZE)
                 {
                         b[0] = (byte) (i >> 8);
                         b[1] = (byte) i;
                         hash.Update(b, 2);
                         hash.Update(buf, bufSize);
                         hash.Final(outBuf+i);
                 }
         }

         memcpy(out, outBuf, outLen);
 }

 template <class BC, class H, class Info>
 static void GenerateKeyIV(const byte *passphrase, size_t passphraseLength, const byte *salt, size_t saltLength, unsigned int iterations, byte *key, byte *IV)
 {
         SecByteBlock temp(passphraseLength+saltLength);
         memcpy(temp, passphrase, passphraseLength);
         memcpy(temp+passphraseLength, salt, saltLength);
         SecByteBlock keyIV(Info::KEYLENGTH+Info::BLOCKSIZE);
         Mash<H>(temp, passphraseLength + saltLength, keyIV, Info::KEYLENGTH+Info::BLOCKSIZE, iterations);
         memcpy(key, keyIV, Info::KEYLENGTH);
         memcpy(IV, keyIV+Info::KEYLENGTH, Info::BLOCKSIZE);
 }

 // ********************************************************

 template <class BC, class H, class Info>
 DataEncryptor<BC,H,Info>::DataEncryptor(const char *passphrase, BufferedTransformation *attachment)
         : ProxyFilter(NULL, 0, 0, attachment), m_passphrase((const byte *)passphrase, strlen(passphrase))
 {
         CRYPTOPP_COMPILE_ASSERT(SALTLENGTH <= DIGESTSIZE);
         CRYPTOPP_COMPILE_ASSERT(BLOCKSIZE <= DIGESTSIZE);
 }

 template <class BC, class H, class Info>
 DataEncryptor<BC,H,Info>::DataEncryptor(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment)
         : ProxyFilter(NULL, 0, 0, attachment), m_passphrase(passphrase, passphraseLength)
 {
         CRYPTOPP_COMPILE_ASSERT(SALTLENGTH <= DIGESTSIZE);
         CRYPTOPP_COMPILE_ASSERT(BLOCKSIZE <= DIGESTSIZE);
 }

 template <class BC, class H, class Info>
 void DataEncryptor<BC,H,Info>::FirstPut(const byte *)
 {
         SecByteBlock salt(DIGESTSIZE), keyCheck(DIGESTSIZE);
         H hash;

         // use hash(passphrase | time | clock) as salt
         hash.Update(m_passphrase, m_passphrase.size());
         time_t t=time(0);
         hash.Update((byte *)&t, sizeof(t));
         clock_t c=clock();
         hash.Update((byte *)&c, sizeof(c));
         hash.Final(salt);

         // use hash(passphrase | salt) as key check
         hash.Update(m_passphrase, m_passphrase.size());
         hash.Update(salt, SALTLENGTH);
         hash.Final(keyCheck);

         AttachedTransformation()->Put(salt, SALTLENGTH);

         // mash passphrase and salt together into key and IV
         SecByteBlock key(KEYLENGTH);
         SecByteBlock IV(BLOCKSIZE);
         GenerateKeyIV<BC,H,Info>(m_passphrase, m_passphrase.size(), salt, SALTLENGTH, ITERATIONS, key, IV);

         m_cipher.SetKeyWithIV(key, key.size(), IV);
         SetFilter(new StreamTransformationFilter(m_cipher));

         m_filter->Put(keyCheck, BLOCKSIZE);
 }

 template <class BC, class H, class Info>
 void DataEncryptor<BC,H,Info>::LastPut(const byte *inString, size_t length)
 {
         CRYPTOPP_UNUSED(inString); CRYPTOPP_UNUSED(length);
         m_filter->MessageEnd();
 }

 // ********************************************************

 template <class BC, class H, class Info>
 DataDecryptor<BC,H,Info>::DataDecryptor(const char *p, BufferedTransformation *attachment, bool throwException)
         : ProxyFilter(NULL, SALTLENGTH+BLOCKSIZE, 0, attachment)
         , m_state(WAITING_FOR_KEYCHECK)
         , m_passphrase((const byte *)p, strlen(p))
         , m_throwException(throwException)
 {
         CRYPTOPP_COMPILE_ASSERT(SALTLENGTH <= DIGESTSIZE);
         CRYPTOPP_COMPILE_ASSERT(BLOCKSIZE <= DIGESTSIZE);
 }

 template <class BC, class H, class Info>
 DataDecryptor<BC,H,Info>::DataDecryptor(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment, bool throwException)
         : ProxyFilter(NULL, SALTLENGTH+BLOCKSIZE, 0, attachment)
         , m_state(WAITING_FOR_KEYCHECK)
         , m_passphrase(passphrase, passphraseLength)
         , m_throwException(throwException)
 {
         CRYPTOPP_COMPILE_ASSERT(SALTLENGTH <= DIGESTSIZE);
         CRYPTOPP_COMPILE_ASSERT(BLOCKSIZE <= DIGESTSIZE);
 }

 template <class BC, class H, class Info>
 void DataDecryptor<BC,H,Info>::FirstPut(const byte *inString)
 {
         CheckKey(inString, inString+SALTLENGTH);
 }

 template <class BC, class H, class Info>
 void DataDecryptor<BC,H,Info>::LastPut(const byte *inString, size_t length)
 {
         CRYPTOPP_UNUSED(inString); CRYPTOPP_UNUSED(length);
         if (m_filter.get() == NULL)
         {
                 m_state = KEY_BAD;
                 if (m_throwException)
                         throw KeyBadErr();
         }
         else
         {
                 m_filter->MessageEnd();
                 m_state = WAITING_FOR_KEYCHECK;
         }
 }

 template <class BC, class H, class Info>
 void DataDecryptor<BC,H,Info>::CheckKey(const byte *salt, const byte *keyCheck)
 {
         SecByteBlock check(STDMAX((unsigned int)2*BLOCKSIZE, (unsigned int)DIGESTSIZE));

         H hash;
         hash.Update(m_passphrase, m_passphrase.size());
         hash.Update(salt, SALTLENGTH);
         hash.Final(check);

         SecByteBlock key(KEYLENGTH);
         SecByteBlock IV(BLOCKSIZE);
         GenerateKeyIV<BC,H,Info>(m_passphrase, m_passphrase.size(), salt, SALTLENGTH, ITERATIONS, key, IV);

         m_cipher.SetKeyWithIV(key, key.size(), IV);
         member_ptr<StreamTransformationFilter> decryptor(new StreamTransformationFilter(m_cipher));

         decryptor->Put(keyCheck, BLOCKSIZE);
         decryptor->ForceNextPut();
         decryptor->Get(check+BLOCKSIZE, BLOCKSIZE);

         SetFilter(decryptor.release());

         if (!VerifyBufsEqual(check, check+BLOCKSIZE, BLOCKSIZE))
         {
                 m_state = KEY_BAD;
                 if (m_throwException)
                         throw KeyBadErr();
         }
         else
                 m_state = KEY_GOOD;
 }

 // ********************************************************

 template <class H, class MAC>
 static MAC* NewDataEncryptorMAC(const byte *passphrase, size_t passphraseLength)
 {
         size_t macKeyLength = MAC::StaticGetValidKeyLength(16);
         SecByteBlock macKey(macKeyLength);
         // since the MAC is encrypted there is no reason to mash the passphrase for many iterations
         Mash<H>(passphrase, passphraseLength, macKey, macKeyLength, 1);
         return new MAC(macKey, macKeyLength);
 }

 template <class BC, class H, class MAC, class Info>
 DataEncryptorWithMAC<BC,H,MAC,Info>::DataEncryptorWithMAC(const char *passphrase, BufferedTransformation *attachment)
         : ProxyFilter(NULL, 0, 0, attachment)
         , m_mac(NewDataEncryptorMAC<H,MAC>((const byte *)passphrase, strlen(passphrase)))
 {
         SetFilter(new HashFilter(*m_mac, new DataEncryptor<BC,H,Info>(passphrase), true));
 }

 template <class BC, class H, class MAC, class Info>
 DataEncryptorWithMAC<BC,H,MAC,Info>::DataEncryptorWithMAC(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment)
         : ProxyFilter(NULL, 0, 0, attachment)
         , m_mac(NewDataEncryptorMAC<H,MAC>(passphrase, passphraseLength))
 {
         SetFilter(new HashFilter(*m_mac, new DataEncryptor<BC,H,Info>(passphrase, passphraseLength), true));
 }

 template <class BC, class H, class MAC, class Info>
 void DataEncryptorWithMAC<BC,H,MAC,Info>::LastPut(const byte *inString, size_t length)
 {
         CRYPTOPP_UNUSED(inString); CRYPTOPP_UNUSED(length);
         m_filter->MessageEnd();
 }

 // ********************************************************

 template <class BC, class H, class MAC, class Info>
 DataDecryptorWithMAC<BC,H,MAC,Info>::DataDecryptorWithMAC(const char *passphrase, BufferedTransformation *attachment, bool throwException)
         : ProxyFilter(NULL, 0, 0, attachment)
         , m_mac(NewDataEncryptorMAC<H,MAC>((const byte *)passphrase, strlen(passphrase)))
         , m_throwException(throwException)
 {
         SetFilter(new DataDecryptor<BC,H,Info>(passphrase, m_hashVerifier=new HashVerificationFilter(*m_mac, NULL, HashVerificationFilter::PUT_MESSAGE), throwException));
 }

 template <class BC, class H, class MAC, class Info>
 DataDecryptorWithMAC<BC,H,MAC,Info>::DataDecryptorWithMAC(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment, bool throwException)
         : ProxyFilter(NULL, 0, 0, attachment)
         , m_mac(NewDataEncryptorMAC<H,MAC>(passphrase, passphraseLength))
         , m_throwException(throwException)
 {
         SetFilter(new DataDecryptor<BC,H,Info>(passphrase, passphraseLength, m_hashVerifier=new HashVerificationFilter(*m_mac, NULL, HashVerificationFilter::PUT_MESSAGE), throwException));
 }

 template <class BC, class H, class MAC, class Info>
 typename DataDecryptor<BC,H,Info>::State DataDecryptorWithMAC<BC,H,MAC,Info>::CurrentState() const
 {
         return static_cast<const DataDecryptor<BC,H,Info> *>(m_filter.get())->CurrentState();
 }

 template <class BC, class H, class MAC, class Info>
 bool DataDecryptorWithMAC<BC,H,MAC,Info>::CheckLastMAC() const
 {
         return m_hashVerifier->GetLastResult();
 }

 template <class BC, class H, class MAC, class Info>
 void DataDecryptorWithMAC<BC,H,MAC,Info>::LastPut(const byte *inString, size_t length)
 {
         CRYPTOPP_UNUSED(inString); CRYPTOPP_UNUSED(length);
         m_filter->MessageEnd();
         if (m_throwException && !CheckLastMAC())
                 throw MACBadErr();
 }

 template struct DataParametersInfo<LegacyBlockCipher::BLOCKSIZE, LegacyBlockCipher::DEFAULT_KEYLENGTH, LegacyHashModule::DIGESTSIZE, 8, 200>;
 template struct DataParametersInfo<DefaultBlockCipher::BLOCKSIZE, DefaultBlockCipher::DEFAULT_KEYLENGTH, DefaultHashModule::DIGESTSIZE, 8, 2500>;

 template class DataEncryptor<LegacyBlockCipher,LegacyHashModule,LegacyParametersInfo>;
 template class DataDecryptor<LegacyBlockCipher,LegacyHashModule,LegacyParametersInfo>;
 template class DataEncryptor<DefaultBlockCipher,DefaultHashModule,DefaultParametersInfo>;
 template class DataDecryptor<DefaultBlockCipher,DefaultHashModule,DefaultParametersInfo>;
 template class DataEncryptorWithMAC<LegacyBlockCipher,LegacyHashModule,DefaultMAC,LegacyParametersInfo>;
 template class DataDecryptorWithMAC<LegacyBlockCipher,LegacyHashModule,DefaultMAC,LegacyParametersInfo>;
 template class DataEncryptorWithMAC<DefaultBlockCipher,DefaultHashModule,DefaultMAC,DefaultParametersInfo>;
 template class DataDecryptorWithMAC<DefaultBlockCipher,DefaultHashModule,DefaultMAC,DefaultParametersInfo>;

 NAMESPACE_END
DataEncryptorWithMAC::m_mac
member_ptr< MAC > m_mac
Definition: default.h:199

InvalidArgument
An invalid argument was detected.
Definition: cryptlib.h:184

KeyBadErr
Exception thrown when a bad key is encountered in DefaultDecryptorWithMAC and LegacyDecryptorWithMAC...
Definition: default.h:44

ProxyFilter
Base class for Filter classes that are proxies for a chain of other filters.
Definition: filters.h:951

byte
uint8_t byte
Definition: Common.h:57

ProxyFilter::m_filter
member_ptr< BufferedTransformation > m_filter
Definition: filters.h:972

DataDecryptorWithMAC::LastPut
void LastPut(const byte *inString, size_t length)
Input the last block of data.
Definition: default.cpp:282

DataDecryptorWithMAC::m_hashVerifier
HashVerificationFilter * m_hashVerifier
Definition: default.h:245

DataDecryptor::m_cipher
CBC_Mode< BC >::Decryption m_cipher
Definition: default.h:157

HashVerificationFilter::GetLastResult
bool GetLastResult() const
Definition: filters.h:593

BytePrecision
unsigned int BytePrecision(const T &value)
Returns the number of 8-bit bytes or octets required for a value.
Definition: misc.h:632

NAMESPACE_BEGIN
#define NAMESPACE_BEGIN(x)
Definition: config.h:200

DataDecryptorWithMAC::CurrentState
DataDecryptor< BC, H, Info >::State CurrentState() const
Definition: default.cpp:270

DataDecryptor::State
State
Definition: default.h:144

SecBlock< byte >

DataEncryptor
Password-based Encryptor.
Definition: default.h:83

cryptlib.h
Abstract base classes that provide a uniform interface to this library.

SecBlock::size
size_type size() const
Provides the count of elements in the SecBlock.
Definition: secblock.h:524

DataDecryptor
Password-based Decryptor.
Definition: default.h:122

smartptr.h
Classes for automatic resource management.

c
#define c(i)

default.h
Classes for DefaultEncryptor, DefaultDecryptor, DefaultEncryptorWithMAC and DefaultDecryptorWithMAC.

config.h
Library configuration file.

BufferedTransformation
Interface for buffered transformations.
Definition: cryptlib.h:1352

DataDecryptor::KEY_BAD
Definition: default.h:144

member_ptr
Pointer that overloads operator ->
Definition: smartptr.h:39

DataEncryptor::DataEncryptor
DataEncryptor(const char *passphrase, BufferedTransformation *attachment=NULL)
Construct a DataEncryptor.
Definition: default.cpp:80

benchmark::clock
best_clock::type clock
Definition: bench.h:48

DataEncryptorWithMAC::LastPut
void LastPut(const byte *inString, size_t length)
Input the last block of data.
Definition: default.cpp:243

BufferedTransformation::MessageEnd
bool MessageEnd(int propagation=-1, bool blocking=true)
Signals the end of messages to the object.
Definition: cryptlib.h:1434

DataDecryptor::FirstPut
void FirstPut(const byte *inString)
Definition: default.cpp:159

queue.h
Classes for an unlimited queue to store bytes.

CRYPTOPP_COMPILE_ASSERT
#define CRYPTOPP_COMPILE_ASSERT(assertion)
Definition: misc.h:139

HashVerificationFilter
Filter wrapper for HashTransformation.
Definition: filters.h:550

HashFilter
Filter wrapper for HashTransformation.
Definition: filters.h:521

DataEncryptorWithMAC
Password-based encryptor with MAC.
Definition: default.h:180

BufferedTransformation::Put
size_t Put(byte inByte, bool blocking=true)
Input a byte for processing.
Definition: cryptlib.h:1376

DataDecryptorWithMAC::CheckLastMAC
bool CheckLastMAC() const
Definition: default.cpp:276

DataEncryptorWithMAC::DataEncryptorWithMAC
DataEncryptorWithMAC(const char *passphrase, BufferedTransformation *attachment=NULL)
Constructs a DataEncryptorWithMAC.
Definition: default.cpp:227

Filter::AttachedTransformation
BufferedTransformation * AttachedTransformation()
Retrieve attached transformation.
Definition: filters.cpp:36

HashVerificationFilter::PUT_MESSAGE
Indicates the message should be passed to an attached transformation.
Definition: filters.h:573

H
#define H(x, y, z)
Definition: Hash.cpp:81

DataDecryptorWithMAC::m_throwException
bool m_throwException
Definition: default.h:246

DataDecryptor::m_passphrase
SecByteBlock m_passphrase
Definition: default.h:156

pch.h

DataDecryptor::m_throwException
bool m_throwException
Definition: default.h:159

member_ptr::get
const T * get() const
Definition: smartptr.h:52

DataParametersInfo
Algorithm information for password-based encryptors and decryptors.
Definition: default.h:61

b
#define b(i, j)

DataEncryptor::LastPut
void LastPut(const byte *inString, size_t length)
Input the last block of data.
Definition: default.cpp:128

DataEncryptor::m_cipher
CBC_Mode< BC >::Encryption m_cipher
Definition: default.h:109

filters.h
Implementation of BufferedTransformation&#39;s attachment interface.

StreamTransformationFilter
Filter wrapper for StreamTransformation.
Definition: filters.h:491

DataDecryptor::m_state
State m_state
Definition: default.h:151

member_ptr::release
T * release()
Definition: smartptr.h:55

DataDecryptor::KEY_GOOD
Definition: default.h:144

memcpy
void * memcpy(void *a, const void *b, size_t c)
Definition: glibc_compat.cpp:17

CRYPTOPP_UNUSED
#define CRYPTOPP_UNUSED(x)
Definition: config.h:741

DataEncryptor::m_passphrase
SecByteBlock m_passphrase
Definition: default.h:108

DataDecryptor::DataDecryptor
DataDecryptor(const char *passphrase, BufferedTransformation *attachment=NULL, bool throwException=true)
Constructs a DataDecryptor.
Definition: default.cpp:137

DataDecryptorWithMAC::DataDecryptorWithMAC
DataDecryptorWithMAC(const char *passphrase, BufferedTransformation *attachment=NULL, bool throwException=true)
Constructs a DataDecryptor.
Definition: default.cpp:252

FilterWithBufferedInput::ForceNextPut
void ForceNextPut()
Flushes data buffered by this object.
Definition: filters.cpp:441

dev::evmjit::byte
uint8_t byte
Definition: Common.h:10

DataDecryptorWithMAC
Password-based decryptor with MAC.
Definition: default.h:220

DataEncryptor::FirstPut
void FirstPut(const byte *)
Definition: default.cpp:96

DataDecryptor::LastPut
void LastPut(const byte *inString, size_t length)
Input the last block of data.
Definition: default.cpp:165

RoundUpToMultipleOf
T1 RoundUpToMultipleOf(const T1 &n, const T2 &m)
Rounds a value up to a multiple of a second value.
Definition: misc.h:905

STDMAX
const T & STDMAX(const T &a, const T &b)
Replacement function for std::max.
Definition: misc.h:487

NAMESPACE_END
#define NAMESPACE_END
Definition: config.h:201

DataDecryptorWithMAC::m_mac
member_ptr< MAC > m_mac
Definition: default.h:244

BufferedTransformation::Get
virtual size_t Get(byte &outByte)
Retrieve a 8-bit byte.
Definition: cryptlib.cpp:515

CryptoPP

DataDecryptor::CheckKey
void CheckKey(const byte *salt, const byte *keyCheck)
Definition: default.cpp:182

DataDecryptor::WAITING_FOR_KEYCHECK
Definition: default.h:144

ProxyFilter::SetFilter
void SetFilter(Filter *filter)
Sets the OutputProxy filter.
Definition: filters.cpp:496

MACBadErr
Exception thrown when an incorrect MAC is encountered in DefaultDecryptorWithMAC and LegacyDecryptorW...
Definition: default.h:52

VerifyBufsEqual
bool VerifyBufsEqual(const byte *buf, const byte *mask, size_t count)
Performs a near constant-time comparison of two equally sized buffers.
Definition: misc.cpp:96