Botan  1.11.10
package.cpp
Go to the documentation of this file.
1 /*
2 * Rivest's Package Tranform
3 *
4 * (C) 2009 Jack Lloyd
5 *
6 * Distributed under the terms of the Botan license
7 */
8 
9 #include <botan/package.h>
10 #include <botan/filters.h>
11 #include <botan/ctr.h>
12 #include <botan/get_byte.h>
13 #include <botan/internal/xor_buf.h>
14 
15 namespace Botan {
16 
18  BlockCipher* cipher,
19  const byte input[], size_t input_len,
20  byte output[])
21  {
22  const size_t BLOCK_SIZE = cipher->block_size();
23 
24  if(!cipher->valid_keylength(BLOCK_SIZE))
25  throw Invalid_Argument("AONT::package: Invalid cipher");
26 
27  // The all-zero string which is used both as the CTR IV and as K0
28  const std::string all_zeros(BLOCK_SIZE*2, '0');
29 
30  SymmetricKey package_key(rng, BLOCK_SIZE);
31 
32  Pipe pipe(new StreamCipher_Filter(new CTR_BE(cipher), package_key));
33 
34  pipe.process_msg(input, input_len);
35  pipe.read(output, pipe.remaining());
36 
37  // Set K0 (the all zero key)
38  cipher->set_key(SymmetricKey(all_zeros));
39 
40  secure_vector<byte> buf(BLOCK_SIZE);
41 
42  const size_t blocks =
43  (input_len + BLOCK_SIZE - 1) / BLOCK_SIZE;
44 
45  byte* final_block = output + input_len;
46  clear_mem(final_block, BLOCK_SIZE);
47 
48  // XOR the hash blocks into the final block
49  for(size_t i = 0; i != blocks; ++i)
50  {
51  const size_t left = std::min<size_t>(BLOCK_SIZE,
52  input_len - BLOCK_SIZE * i);
53 
54  zeroise(buf);
55  copy_mem(&buf[0], output + (BLOCK_SIZE * i), left);
56 
57  for(size_t j = 0; j != sizeof(i); ++j)
58  buf[BLOCK_SIZE - 1 - j] ^= get_byte(sizeof(i)-1-j, i);
59 
60  cipher->encrypt(&buf[0]);
61 
62  xor_buf(&final_block[0], &buf[0], BLOCK_SIZE);
63  }
64 
65  // XOR the random package key into the final block
66  xor_buf(&final_block[0], package_key.begin(), BLOCK_SIZE);
67  }
68 
70  const byte input[], size_t input_len,
71  byte output[])
72  {
73  const size_t BLOCK_SIZE = cipher->block_size();
74 
75  if(!cipher->valid_keylength(BLOCK_SIZE))
76  throw Invalid_Argument("AONT::unpackage: Invalid cipher");
77 
78  if(input_len < BLOCK_SIZE)
79  throw Invalid_Argument("AONT::unpackage: Input too short");
80 
81  // The all-zero string which is used both as the CTR IV and as K0
82  const std::string all_zeros(BLOCK_SIZE*2, '0');
83 
84  cipher->set_key(SymmetricKey(all_zeros));
85 
86  secure_vector<byte> package_key(BLOCK_SIZE);
87  secure_vector<byte> buf(BLOCK_SIZE);
88 
89  // Copy the package key (masked with the block hashes)
90  copy_mem(&package_key[0],
91  input + (input_len - BLOCK_SIZE),
92  BLOCK_SIZE);
93 
94  const size_t blocks = ((input_len - 1) / BLOCK_SIZE);
95 
96  // XOR the blocks into the package key bits
97  for(size_t i = 0; i != blocks; ++i)
98  {
99  const size_t left = std::min<size_t>(BLOCK_SIZE,
100  input_len - BLOCK_SIZE * (i+1));
101 
102  zeroise(buf);
103  copy_mem(&buf[0], input + (BLOCK_SIZE * i), left);
104 
105  for(size_t j = 0; j != sizeof(i); ++j)
106  buf[BLOCK_SIZE - 1 - j] ^= get_byte(sizeof(i)-1-j, i);
107 
108  cipher->encrypt(&buf[0]);
109 
110  xor_buf(&package_key[0], &buf[0], BLOCK_SIZE);
111  }
112 
113  Pipe pipe(new StreamCipher_Filter(new CTR_BE(cipher), package_key));
114 
115  pipe.process_msg(input, input_len - BLOCK_SIZE);
116 
117  pipe.read(output, pipe.remaining());
118  }
119 
120 }
void xor_buf(T out[], const T in[], size_t length)
Definition: xor_buf.h:23
size_t read(byte output[], size_t length)
Definition: pipe_rw.cpp:82
void clear_mem(T *ptr, size_t n)
Definition: mem_ops.h:28
std::invalid_argument Invalid_Argument
Definition: exceptn.h:20
byte get_byte(size_t byte_num, T input)
Definition: get_byte.h:21
size_t remaining(message_id msg=DEFAULT_MESSAGE) const
Definition: pipe_rw.cpp:131
bool valid_keylength(size_t length) const
Definition: sym_algo.h:54
OctetString SymmetricKey
Definition: symkey.h:134
std::vector< T, secure_allocator< T >> secure_vector
Definition: secmem.h:92
void set_key(const SymmetricKey &key)
Definition: sym_algo.h:63
const byte * begin() const
Definition: symkey.h:35
uint8_t byte
Definition: types.h:30
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:39
Definition: buf_comp.h:15
void aont_package(RandomNumberGenerator &rng, BlockCipher *cipher, const byte input[], size_t input_len, byte output[])
Definition: package.cpp:17
void aont_unpackage(BlockCipher *cipher, const byte input[], size_t input_len, byte output[])
Definition: package.cpp:69
void encrypt(const byte in[], byte out[]) const
Definition: block_cipher.h:47
virtual size_t block_size() const =0
void process_msg(const byte in[], size_t length)
Definition: pipe.cpp:117
void zeroise(std::vector< T, Alloc > &vec)
Definition: secmem.h:166