Botan 3.9.0
Crypto and TLS for C&
Public Member Functions | Protected Member Functions | List of all members
Botan::FPE_FE1 Class Referencefinal

#include <fpe_fe1.h>

Inheritance diagram for Botan::FPE_FE1:
Botan::SymmetricAlgorithm

Public Member Functions

void clear () override
BigInt decrypt (const BigInt &x, const uint8_t tweak[], size_t tweak_len) const
BigInt decrypt (const BigInt &x, uint64_t tweak) const
BigInt encrypt (const BigInt &x, const uint8_t tweak[], size_t tweak_len) const
BigInt encrypt (const BigInt &x, uint64_t tweak) const
BOTAN_FUTURE_EXPLICIT FPE_FE1 (const BigInt &n, size_t rounds=5, bool compat_mode=false, std::string_view mac_algo="HMAC(SHA-256)")
 FPE_FE1 (const FPE_FE1 &other)=delete
 FPE_FE1 (FPE_FE1 &&other) noexcept
bool has_keying_material () const override
Key_Length_Specification key_spec () const override
size_t maximum_keylength () const
size_t minimum_keylength () const
std::string name () const override
FPE_FE1operator= (const FPE_FE1 &other)=delete
FPE_FE1operator= (FPE_FE1 &&other)=delete
void set_key (const OctetString &key)
void set_key (const uint8_t key[], size_t length)
void set_key (std::span< const uint8_t > key)
bool valid_keylength (size_t length) const
 ~FPE_FE1 () override

Protected Member Functions

void assert_key_material_set () const
void assert_key_material_set (bool predicate) const

Detailed Description

Format Preserving Encryption using the scheme FE1 from the paper "Format-Preserving Encryption" by Bellare, Rogaway, et al (https://eprint.iacr.org/2009/251)

Definition at line 25 of file fpe_fe1.h.

Constructor & Destructor Documentation

◆ FPE_FE1() [1/3]

Botan::FPE_FE1::FPE_FE1 ( const BigInt & n,
size_t rounds = 5,
bool compat_mode = false,
std::string_view mac_algo = "HMAC(SHA-256)" )
Parameters
nthe modulus. All plaintext and ciphertext values must be less than this.
roundsthe number of rounds to use. Must be at least 3.
compat_modeAn error in versions before 2.5.0 chose incorrect values for a and b. Set compat_mode to true to select this version.
mac_algothe PRF to use as the encryption function

Definition at line 71 of file fpe_fe1.cpp.

71 : m_rounds(rounds) {
72 if(m_rounds < 3) {
73 throw Invalid_Argument("FPE_FE1 rounds too small");
74 }
75
76 m_mac = MessageAuthenticationCode::create_or_throw(mac_algo);
77
78 m_n_bytes = n.serialize();
79
80 if(m_n_bytes.size() > MAX_N_BYTES) {
81 throw Invalid_Argument("N is too large for FPE encryption");
82 }
83
84 factor(n, m_a, m_b);
85
86 if(compat_mode) {
87 if(m_a < m_b) {
88 std::swap(m_a, m_b);
89 }
90 } else {
91 if(m_a > m_b) {
92 std::swap(m_a, m_b);
93 }
94 }
95}
Botan::MessageAuthenticationCode::create_or_throw
static std::unique_ptr< MessageAuthenticationCode > create_or_throw(std::string_view algo_spec, std::string_view provider="")
Definition mac.cpp:148

References Botan::MessageAuthenticationCode::create_or_throw(), and Botan::BigInt::serialize().

Referenced by FPE_FE1(), FPE_FE1(), operator=(), and operator=().

◆ ~FPE_FE1()

Botan::FPE_FE1::~FPE_FE1 ( )
overridedefault

References clear(), decrypt(), encrypt(), has_keying_material(), key_spec(), and name().

◆ FPE_FE1() [2/3]

Botan::FPE_FE1::FPE_FE1 ( const FPE_FE1 & other)
delete

References FPE_FE1().

◆ FPE_FE1() [3/3]

Botan::FPE_FE1::FPE_FE1 ( FPE_FE1 && other)
defaultnoexcept

References FPE_FE1().

Member Function Documentation

◆ assert_key_material_set() [1/2]

void Botan::SymmetricAlgorithm::assert_key_material_set ( ) const
inlineprotectedinherited

Definition at line 146 of file sym_algo.h.

146{ assert_key_material_set(has_keying_material()); }
Botan::SymmetricAlgorithm::has_keying_material
virtual bool has_keying_material() const =0
Botan::SymmetricAlgorithm::assert_key_material_set
void assert_key_material_set() const
Definition sym_algo.h:146

References assert_key_material_set(), and has_keying_material().

Referenced by assert_key_material_set(), Botan::Salsa20::cipher_bytes(), Botan::Lion::decrypt_n(), Botan::Lion::encrypt_n(), Botan::GHASH::final(), Botan::GHASH::nonce_hash(), Botan::ChaCha::seek(), Botan::CTR_BE::seek(), Botan::Salsa20::seek(), Botan::GHASH::set_associated_data(), Botan::OCB_Mode::set_associated_data_n(), Botan::Salsa20::set_iv_bytes(), Botan::GHASH::update(), and Botan::GHASH::update_associated_data().

◆ assert_key_material_set() [2/2]

void Botan::SymmetricAlgorithm::assert_key_material_set ( bool predicate) const
inlineprotectedinherited

Definition at line 148 of file sym_algo.h.

148 {
149 if(!predicate) {
150 throw_key_not_set_error();
151 }
152 }

◆ clear()

void Botan::FPE_FE1::clear ( )
overridevirtual

Reset the internal state. This includes not just the key, but any partial message that may have been in process.

Implements Botan::SymmetricAlgorithm.

Definition at line 101 of file fpe_fe1.cpp.

101 {
102 m_mac->clear();
103}

Referenced by ~FPE_FE1().

◆ decrypt() [1/2]

BigInt Botan::FPE_FE1::decrypt ( const BigInt & x,
const uint8_t tweak[],
size_t tweak_len ) const

Decrypt X from and onto the group Z_n using key and tweak

Parameters
xthe ciphertext to encrypt <= n
tweakmust match the value used to encrypt
tweak_lenlength of tweak

Definition at line 168 of file fpe_fe1.cpp.

168 {
169 const secure_vector<uint8_t> tweak_mac = compute_tweak_mac(tweak, tweak_len);
170
171 BigInt X = input;
172 secure_vector<uint8_t> tmp;
173
174 BigInt W;
175 BigInt R;
176 BigInt Fi;
177 for(size_t i = 0; i != m_rounds; ++i) {
178 ct_divide(X, m_a, R, W);
179
180 Fi = F(R, m_rounds - i - 1, tweak_mac, tmp);
181 X = m_b * ct_modulo(W - Fi, m_a) + R;
182 }
183
184 return X;
185}
Botan::ct_modulo
BigInt ct_modulo(const BigInt &x, const BigInt &y)
Definition divide.cpp:192
Botan::ct_divide
void ct_divide(const BigInt &x, const BigInt &y, BigInt &q_out, BigInt &r_out)
Definition divide.cpp:51
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:69

References Botan::ct_divide(), and Botan::ct_modulo().

Referenced by decrypt(), Botan::FPE::fe1_decrypt(), and ~FPE_FE1().

◆ decrypt() [2/2]

BigInt Botan::FPE_FE1::decrypt ( const BigInt & x,
uint64_t tweak ) const

Definition at line 193 of file fpe_fe1.cpp.

193 {
194 uint8_t tweak8[8];
195 store_be(tweak, tweak8);
196 return decrypt(x, tweak8, sizeof(tweak8));
197}
Botan::FPE_FE1::decrypt
BigInt decrypt(const BigInt &x, const uint8_t tweak[], size_t tweak_len) const
Definition fpe_fe1.cpp:168
Botan::store_be
constexpr auto store_be(ParamTs &&... params)
Definition loadstor.h:745

References decrypt(), and Botan::store_be().

◆ encrypt() [1/2]

BigInt Botan::FPE_FE1::encrypt ( const BigInt & x,
const uint8_t tweak[],
size_t tweak_len ) const

Encrypt X from and onto the group Z_n using key and tweak

Parameters
xthe plaintext to encrypt <= n
tweakwill modify the ciphertext
tweak_lenlength of tweak

Definition at line 149 of file fpe_fe1.cpp.

149 {
150 const secure_vector<uint8_t> tweak_mac = compute_tweak_mac(tweak, tweak_len);
151
152 BigInt X = input;
153
154 secure_vector<uint8_t> tmp;
155
156 BigInt L;
157 BigInt R;
158 BigInt Fi;
159 for(size_t i = 0; i != m_rounds; ++i) {
160 ct_divide(X, m_b, L, R);
161 Fi = F(R, i, tweak_mac, tmp);
162 X = m_a * R + ct_modulo(L + Fi, m_a);
163 }
164
165 return X;
166}

References Botan::ct_divide(), and Botan::ct_modulo().

Referenced by encrypt(), Botan::FPE::fe1_encrypt(), and ~FPE_FE1().

◆ encrypt() [2/2]

BigInt Botan::FPE_FE1::encrypt ( const BigInt & x,
uint64_t tweak ) const

Definition at line 187 of file fpe_fe1.cpp.

187 {
188 uint8_t tweak8[8];
189 store_be(tweak, tweak8);
190 return encrypt(x, tweak8, sizeof(tweak8));
191}
Botan::FPE_FE1::encrypt
BigInt encrypt(const BigInt &x, const uint8_t tweak[], size_t tweak_len) const
Definition fpe_fe1.cpp:149

References encrypt(), and Botan::store_be().

◆ has_keying_material()

bool Botan::FPE_FE1::has_keying_material ( ) const
overridevirtual
Returns
true if a key has been set on this object

Implements Botan::SymmetricAlgorithm.

Definition at line 113 of file fpe_fe1.cpp.

113 {
114 return m_mac->has_keying_material();
115}

Referenced by ~FPE_FE1().

◆ key_spec()

Key_Length_Specification Botan::FPE_FE1::key_spec ( ) const
overridevirtual
Returns
object describing limits on key size

Implements Botan::SymmetricAlgorithm.

Definition at line 109 of file fpe_fe1.cpp.

109 {
110 return m_mac->key_spec();
111}

Referenced by ~FPE_FE1().

◆ maximum_keylength()

size_t Botan::SymmetricAlgorithm::maximum_keylength ( ) const
inlineinherited
Returns
maximum allowed key length

Definition at line 102 of file sym_algo.h.

102{ return key_spec().maximum_keylength(); }
Botan::Key_Length_Specification::maximum_keylength
size_t maximum_keylength() const
Definition sym_algo.h:56
Botan::SymmetricAlgorithm::key_spec
virtual Key_Length_Specification key_spec() const =0

References key_spec().

◆ minimum_keylength()

size_t Botan::SymmetricAlgorithm::minimum_keylength ( ) const
inlineinherited
Returns
minimum allowed key length

Definition at line 107 of file sym_algo.h.

107{ return key_spec().minimum_keylength(); }
Botan::Key_Length_Specification::minimum_keylength
size_t minimum_keylength() const
Definition sym_algo.h:51

References key_spec().

◆ name()

std::string Botan::FPE_FE1::name ( ) const
overridevirtual
Returns
the algorithm name

Implements Botan::SymmetricAlgorithm.

Definition at line 105 of file fpe_fe1.cpp.

105 {
106 return fmt("FPE_FE1({},{})", m_mac->name(), m_rounds);
107}
Botan::fmt
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53

References Botan::fmt().

Referenced by ~FPE_FE1().

◆ operator=() [1/2]

FPE_FE1 & Botan::FPE_FE1::operator= ( const FPE_FE1 & other)
delete

References FPE_FE1().

◆ operator=() [2/2]

FPE_FE1 & Botan::FPE_FE1::operator= ( FPE_FE1 && other)
delete

References FPE_FE1().

◆ set_key() [1/3]

void Botan::SymmetricAlgorithm::set_key ( const OctetString & key)
inherited

Set the symmetric key of this object.

Parameters
keythe SymmetricKey to be set.

Definition at line 14 of file sym_algo.cpp.

14 {
15 set_key(std::span{key.begin(), key.length()});
16}
Botan::SymmetricAlgorithm::set_key
void set_key(const OctetString &key)
Definition sym_algo.cpp:14

References Botan::OctetString::begin(), Botan::OctetString::length(), and set_key().

Referenced by Botan::create_aes_row_generator(), Botan::Sodium::crypto_stream_salsa20(), Botan::Sodium::crypto_stream_salsa20_xor_ic(), Botan::Sodium::crypto_stream_xsalsa20(), Botan::Sodium::crypto_stream_xsalsa20_xor_ic(), Botan::FPE::fe1_decrypt(), Botan::FPE::fe1_encrypt(), Botan::Sphincs_Hash_Functions_Sha2::PRF_msg(), Botan::Sodium::randombytes_buf_deterministic(), Botan::TLS::TLS_NULL_HMAC_AEAD_Mode::reset(), and set_key().

◆ set_key() [2/3]

void Botan::SymmetricAlgorithm::set_key ( const uint8_t key[],
size_t length )
inlineinherited

Set the symmetric key of this object.

Parameters
keythe to be set as a byte array.
lengthin bytes of key param

Definition at line 133 of file sym_algo.h.

133{ set_key(std::span{key, length}); }

References set_key().

Referenced by set_key().

◆ set_key() [3/3]

void Botan::SymmetricAlgorithm::set_key ( std::span< const uint8_t > key)
inherited

Set the symmetric key of this object.

Parameters
keythe contiguous byte range to be set.

Definition at line 22 of file sym_algo.cpp.

22 {
23 if(!valid_keylength(key.size())) {
24 throw Invalid_Key_Length(name(), key.size());
25 }
26 key_schedule(key);
27}
Botan::SymmetricAlgorithm::valid_keylength
bool valid_keylength(size_t length) const
Definition sym_algo.h:114
Botan::SymmetricAlgorithm::name
virtual std::string name() const =0

References name(), and valid_keylength().

◆ valid_keylength()

bool Botan::SymmetricAlgorithm::valid_keylength ( size_t length) const
inlineinherited

Check whether a given key length is valid for this algorithm.

Parameters
lengththe key length to be checked.
Returns
true if the key length is valid.

Definition at line 114 of file sym_algo.h.

114{ return key_spec().valid_keylength(length); }
Botan::Key_Length_Specification::valid_keylength
bool valid_keylength(size_t length) const
Definition sym_algo.h:44

References key_spec().

Referenced by set_key().

The documentation for this class was generated from the following files:
Generated by doxygen 1.14.0