Botan  1.11.26
package.cpp
Go to the documentation of this file.
1 /*
2 * Rivest's Package Tranform
3 *
4 * (C) 2009 Jack Lloyd
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #include <botan/package.h>
10 #include <botan/filters.h>
11 #include <botan/ctr.h>
12 #include <botan/loadstor.h>
13 
14 namespace Botan {
15 
17  BlockCipher* cipher,
18  const byte input[], size_t input_len,
19  byte output[])
20  {
21  const size_t BLOCK_SIZE = cipher->block_size();
22 
23  if(!cipher->valid_keylength(BLOCK_SIZE))
24  throw Invalid_Argument("AONT::package: Invalid cipher");
25 
26  // The all-zero string which is used both as the CTR IV and as K0
27  const std::string all_zeros(BLOCK_SIZE*2, '0');
28 
29  SymmetricKey package_key(rng, BLOCK_SIZE);
30 
31  Pipe pipe(new StreamCipher_Filter(new CTR_BE(cipher), package_key));
32 
33  pipe.process_msg(input, input_len);
34  pipe.read(output, pipe.remaining());
35 
36  // Set K0 (the all zero key)
37  cipher->set_key(SymmetricKey(all_zeros));
38 
39  secure_vector<byte> buf(BLOCK_SIZE);
40 
41  const size_t blocks =
42  (input_len + BLOCK_SIZE - 1) / BLOCK_SIZE;
43 
44  byte* final_block = output + input_len;
45  clear_mem(final_block, BLOCK_SIZE);
46 
47  // XOR the hash blocks into the final block
48  for(size_t i = 0; i != blocks; ++i)
49  {
50  const size_t left = std::min<size_t>(BLOCK_SIZE,
51  input_len - BLOCK_SIZE * i);
52 
53  zeroise(buf);
54  copy_mem(buf.data(), output + (BLOCK_SIZE * i), left);
55 
56  for(size_t j = 0; j != sizeof(i); ++j)
57  buf[BLOCK_SIZE - 1 - j] ^= get_byte(sizeof(i)-1-j, i);
58 
59  cipher->encrypt(buf.data());
60 
61  xor_buf(final_block, buf.data(), BLOCK_SIZE);
62  }
63 
64  // XOR the random package key into the final block
65  xor_buf(final_block, package_key.begin(), BLOCK_SIZE);
66  }
67 
69  const byte input[], size_t input_len,
70  byte output[])
71  {
72  const size_t BLOCK_SIZE = cipher->block_size();
73 
74  if(!cipher->valid_keylength(BLOCK_SIZE))
75  throw Invalid_Argument("AONT::unpackage: Invalid cipher");
76 
77  if(input_len < BLOCK_SIZE)
78  throw Invalid_Argument("AONT::unpackage: Input too short");
79 
80  // The all-zero string which is used both as the CTR IV and as K0
81  const std::string all_zeros(BLOCK_SIZE*2, '0');
82 
83  cipher->set_key(SymmetricKey(all_zeros));
84 
85  secure_vector<byte> package_key(BLOCK_SIZE);
86  secure_vector<byte> buf(BLOCK_SIZE);
87 
88  // Copy the package key (masked with the block hashes)
89  copy_mem(package_key.data(),
90  input + (input_len - BLOCK_SIZE),
91  BLOCK_SIZE);
92 
93  const size_t blocks = ((input_len - 1) / BLOCK_SIZE);
94 
95  // XOR the blocks into the package key bits
96  for(size_t i = 0; i != blocks; ++i)
97  {
98  const size_t left = std::min<size_t>(BLOCK_SIZE,
99  input_len - BLOCK_SIZE * (i+1));
100 
101  zeroise(buf);
102  copy_mem(buf.data(), input + (BLOCK_SIZE * i), left);
103 
104  for(size_t j = 0; j != sizeof(i); ++j)
105  buf[BLOCK_SIZE - 1 - j] ^= get_byte(sizeof(i)-1-j, i);
106 
107  cipher->encrypt(buf.data());
108 
109  xor_buf(package_key.data(), buf.data(), BLOCK_SIZE);
110  }
111 
112  Pipe pipe(new StreamCipher_Filter(new CTR_BE(cipher), package_key));
113 
114  pipe.process_msg(input, input_len - BLOCK_SIZE);
115 
116  pipe.read(output, pipe.remaining());
117  }
118 
119 }
void xor_buf(T out[], const T in[], size_t length)
Definition: mem_ops.h:90
void clear_mem(T *ptr, size_t n)
Definition: mem_ops.h:29
byte get_byte(size_t byte_num, T input)
Definition: loadstor.h:47
size_t remaining(message_id msg=DEFAULT_MESSAGE) const
Definition: pipe_rw.cpp:131
bool valid_keylength(size_t length) const
Definition: sym_algo.h:54
size_t read(byte output[], size_t length) override
Definition: pipe_rw.cpp:82
std::vector< T, secure_allocator< T >> secure_vector
Definition: secmem.h:96
void set_key(const SymmetricKey &key)
Definition: sym_algo.h:63
const byte * begin() const
Definition: symkey.h:36
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:43
Definition: alg_id.cpp:13
OctetString SymmetricKey
Definition: symkey.h:136
void aont_package(RandomNumberGenerator &rng, BlockCipher *cipher, const byte input[], size_t input_len, byte output[])
Definition: package.cpp:16
void aont_unpackage(BlockCipher *cipher, const byte input[], size_t input_len, byte output[])
Definition: package.cpp:68
void encrypt(const byte in[], byte out[]) const
Definition: block_cipher.h:62
virtual size_t block_size() const =0
void process_msg(const byte in[], size_t length)
Definition: pipe.cpp:117
void zeroise(std::vector< T, Alloc > &vec)
Definition: secmem.h:186
std::uint8_t byte
Definition: types.h:31