Botan 2.19.1
Crypto and TLS for C&
Public Member Functions | Protected Member Functions | List of all members
Botan::FPE_FE1 Class Referencefinal

#include <fpe_fe1.h>

Inheritance diagram for Botan::FPE_FE1:
Botan::SymmetricAlgorithm

Public Member Functions

void clear () override
 
BigInt decrypt (const BigInt &x, const uint8_t tweak[], size_t tweak_len) const
 
BigInt decrypt (const BigInt &x, uint64_t tweak) const
 
BigInt encrypt (const BigInt &x, const uint8_t tweak[], size_t tweak_len) const
 
BigInt encrypt (const BigInt &x, uint64_t tweak) const
 
 FPE_FE1 (const BigInt &n, size_t rounds=5, bool compat_mode=false, const std::string &mac_algo="HMAC(SHA-256)")
 
Key_Length_Specification key_spec () const override
 
size_t maximum_keylength () const
 
size_t minimum_keylength () const
 
std::string name () const override
 
template<typename Alloc >
void set_key (const std::vector< uint8_t, Alloc > &key)
 
void set_key (const SymmetricKey &key)
 
void set_key (const uint8_t key[], size_t length)
 
bool valid_keylength (size_t length) const
 
 ~FPE_FE1 ()
 

Protected Member Functions

void verify_key_set (bool cond) const
 

Detailed Description

Format Preserving Encryption using the scheme FE1 from the paper "Format-Preserving Encryption" by Bellare, Rogaway, et al (https://eprint.iacr.org/2009/251)

Definition at line 24 of file fpe_fe1.h.

Constructor & Destructor Documentation

◆ FPE_FE1()

Botan::FPE_FE1::FPE_FE1 ( const BigInt n,
size_t  rounds = 5,
bool  compat_mode = false,
const std::string &  mac_algo = "HMAC(SHA-256)" 
)
Parameters
nthe modulus. All plaintext and ciphertext values must be less than this.
roundsthe number of rounds to use. Must be at least 3.
compat_modeAn error in versions before 2.5.0 chose incorrect values for a and b. Set compat_mode to true to select this version.
mac_algothe PRF to use as the encryption function

Definition at line 59 of file fpe_fe1.cpp.

62 :
63 m_rounds(rounds)
64 {
65 if(m_rounds < 3)
66 throw Invalid_Argument("FPE_FE1 rounds too small");
67
68 m_mac = MessageAuthenticationCode::create_or_throw(mac_algo);
69
70 m_n_bytes = BigInt::encode(n);
71
72 if(m_n_bytes.size() > MAX_N_BYTES)
73 throw Invalid_Argument("N is too large for FPE encryption");
74
75 factor(n, m_a, m_b);
76
77 if(compat_mode)
78 {
79 if(m_a < m_b)
80 std::swap(m_a, m_b);
81 }
82 else
83 {
84 if(m_a > m_b)
85 std::swap(m_a, m_b);
86 }
87
88 mod_a.reset(new Modular_Reducer(m_a));
89 }
Botan::BigInt::encode
static std::vector< uint8_t > encode(const BigInt &n)
Definition: bigint.h:770
Botan::MessageAuthenticationCode::create_or_throw
static std::unique_ptr< MessageAuthenticationCode > create_or_throw(const std::string &algo_spec, const std::string &provider="")
Definition: mac.cpp:141

References Botan::MessageAuthenticationCode::create_or_throw(), and Botan::BigInt::encode().

◆ ~FPE_FE1()

Botan::FPE_FE1::~FPE_FE1 ( )

Definition at line 91 of file fpe_fe1.cpp.

92 {
93 // for ~unique_ptr
94 }

Member Function Documentation

◆ clear()

void Botan::FPE_FE1::clear ( )
overridevirtual

Reset the state.

Implements Botan::SymmetricAlgorithm.

Definition at line 96 of file fpe_fe1.cpp.

97 {
98 m_mac->clear();
99 }

◆ decrypt() [1/2]

BigInt Botan::FPE_FE1::decrypt ( const BigInt x,
const uint8_t  tweak[],
size_t  tweak_len 
) const

Decrypt X from and onto the group Z_n using key and tweak

Parameters
xthe ciphertext to encrypt <= n
tweakmust match the value used to encrypt
tweak_lenlength of tweak

Definition at line 163 of file fpe_fe1.cpp.

164 {
165 const secure_vector<uint8_t> tweak_mac = compute_tweak_mac(tweak, tweak_len);
166
167 BigInt X = input;
168 secure_vector<uint8_t> tmp;
169
170 BigInt W, R, Fi;
171 for(size_t i = 0; i != m_rounds; ++i)
172 {
173 ct_divide(X, m_a, R, W);
174
175 Fi = F(R, m_rounds-i-1, tweak_mac, tmp);
176 X = m_b * mod_a->reduce(W - Fi) + R;
177 }
178
179 return X;
180 }
X
fe X
Definition: ge.cpp:27
Botan::ct_divide
void ct_divide(const BigInt &x, const BigInt &y, BigInt &q_out, BigInt &r_out)
Definition: divide.cpp:52

References Botan::ct_divide(), and X.

Referenced by decrypt(), and Botan::FPE::fe1_decrypt().

◆ decrypt() [2/2]

BigInt Botan::FPE_FE1::decrypt ( const BigInt x,
uint64_t  tweak 
) const

Definition at line 189 of file fpe_fe1.cpp.

190 {
191 uint8_t tweak8[8];
192 store_be(tweak, tweak8);
193 return decrypt(x, tweak8, sizeof(tweak8));
194 }
Botan::FPE_FE1::decrypt
BigInt decrypt(const BigInt &x, const uint8_t tweak[], size_t tweak_len) const
Definition: fpe_fe1.cpp:163
Botan::store_be
void store_be(uint16_t in, uint8_t out[2])
Definition: loadstor.h:438

References decrypt(), and Botan::store_be().

◆ encrypt() [1/2]

BigInt Botan::FPE_FE1::encrypt ( const BigInt x,
const uint8_t  tweak[],
size_t  tweak_len 
) const

Encrypt X from and onto the group Z_n using key and tweak

Parameters
xthe plaintext to encrypt <= n
tweakwill modify the ciphertext
tweak_lenlength of tweak

Definition at line 144 of file fpe_fe1.cpp.

145 {
146 const secure_vector<uint8_t> tweak_mac = compute_tweak_mac(tweak, tweak_len);
147
148 BigInt X = input;
149
150 secure_vector<uint8_t> tmp;
151
152 BigInt L, R, Fi;
153 for(size_t i = 0; i != m_rounds; ++i)
154 {
155 ct_divide(X, m_b, L, R);
156 Fi = F(R, i, tweak_mac, tmp);
157 X = m_a * R + mod_a->reduce(L + Fi);
158 }
159
160 return X;
161 }

References Botan::ct_divide(), and X.

Referenced by encrypt(), and Botan::FPE::fe1_encrypt().

◆ encrypt() [2/2]

BigInt Botan::FPE_FE1::encrypt ( const BigInt x,
uint64_t  tweak 
) const

Definition at line 182 of file fpe_fe1.cpp.

183 {
184 uint8_t tweak8[8];
185 store_be(tweak, tweak8);
186 return encrypt(x, tweak8, sizeof(tweak8));
187 }
Botan::FPE_FE1::encrypt
BigInt encrypt(const BigInt &x, const uint8_t tweak[], size_t tweak_len) const
Definition: fpe_fe1.cpp:144

References encrypt(), and Botan::store_be().

◆ key_spec()

Key_Length_Specification Botan::FPE_FE1::key_spec ( ) const
overridevirtual
Returns
object describing limits on key size

Implements Botan::SymmetricAlgorithm.

Definition at line 106 of file fpe_fe1.cpp.

107 {
108 return m_mac->key_spec();
109 }

◆ maximum_keylength()

size_t Botan::SymmetricAlgorithm::maximum_keylength ( ) const
inlineinherited
Returns
maximum allowed key length

Definition at line 120 of file sym_algo.h.

121 {
122 return key_spec().maximum_keylength();
123 }
Botan::Key_Length_Specification::maximum_keylength
size_t maximum_keylength() const
Definition: sym_algo.h:70
Botan::SymmetricAlgorithm::key_spec
virtual Key_Length_Specification key_spec() const =0

◆ minimum_keylength()

size_t Botan::SymmetricAlgorithm::minimum_keylength ( ) const
inlineinherited
Returns
minimum allowed key length

Definition at line 128 of file sym_algo.h.

129 {
130 return key_spec().minimum_keylength();
131 }
Botan::Key_Length_Specification::minimum_keylength
size_t minimum_keylength() const
Definition: sym_algo.h:62

Referenced by botan_block_cipher_get_keyspec(), and botan_mac_get_keyspec().

◆ name()

std::string Botan::FPE_FE1::name ( ) const
overridevirtual
Returns
the algorithm name

Implements Botan::SymmetricAlgorithm.

Definition at line 101 of file fpe_fe1.cpp.

102 {
103 return "FPE_FE1(" + m_mac->name() + "," + std::to_string(m_rounds) + ")";
104 }
Botan::ASN1::to_string
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:213

References Botan::ASN1::to_string().

◆ set_key() [1/3]

template<typename Alloc >
void Botan::SymmetricAlgorithm::set_key ( const std::vector< uint8_t, Alloc > &  key)
inlineinherited

Definition at line 153 of file sym_algo.h.

154 {
155 set_key(key.data(), key.size());
156 }
Botan::SymmetricAlgorithm::set_key
void set_key(const SymmetricKey &key)
Definition: sym_algo.h:147

◆ set_key() [2/3]

void Botan::SymmetricAlgorithm::set_key ( const SymmetricKey key)
inlineinherited

Set the symmetric key of this object.

Parameters
keythe SymmetricKey to be set.

Definition at line 147 of file sym_algo.h.

148 {
149 set_key(key.begin(), key.length());
150 }

References Botan::OctetString::begin(), and Botan::OctetString::length().

Referenced by Botan::aont_package(), Botan::aont_unpackage(), botan_block_cipher_set_key(), botan_cipher_set_key(), botan_mac_set_key(), Botan::Sodium::crypto_stream_salsa20(), Botan::Sodium::crypto_stream_salsa20_xor_ic(), Botan::Sodium::crypto_stream_xsalsa20(), Botan::Sodium::crypto_stream_xsalsa20_xor_ic(), Botan::FPE::fe1_decrypt(), Botan::FPE::fe1_encrypt(), and Botan::Sodium::randombytes_buf_deterministic().

◆ set_key() [3/3]

void Botan::SymmetricAlgorithm::set_key ( const uint8_t  key[],
size_t  length 
)
inherited

Set the symmetric key of this object.

Parameters
keythe to be set as a byte array.
lengthin bytes of key param

Definition at line 17 of file sym_algo.cpp.

18 {
19 if(!valid_keylength(length))
20 throw Invalid_Key_Length(name(), length);
21 key_schedule(key, length);
22 }
Botan::SymmetricAlgorithm::valid_keylength
bool valid_keylength(size_t length) const
Definition: sym_algo.h:138
Botan::SymmetricAlgorithm::name
virtual std::string name() const =0

References Botan::SymmetricAlgorithm::name(), and Botan::SymmetricAlgorithm::valid_keylength().

◆ valid_keylength()

bool Botan::SymmetricAlgorithm::valid_keylength ( size_t  length) const
inlineinherited

Check whether a given key length is valid for this algorithm.

Parameters
lengththe key length to be checked.
Returns
true if the key length is valid.

Definition at line 138 of file sym_algo.h.

139 {
140 return key_spec().valid_keylength(length);
141 }
Botan::Key_Length_Specification::valid_keylength
bool valid_keylength(size_t length) const
Definition: sym_algo.h:52

Referenced by Botan::aont_package(), Botan::aont_unpackage(), and Botan::SymmetricAlgorithm::set_key().

◆ verify_key_set()

void Botan::SymmetricAlgorithm::verify_key_set ( bool  cond) const
inlineprotectedinherited

Definition at line 171 of file sym_algo.h.

172 {
173 if(cond == false)
174 throw_key_not_set_error();
175 }

Referenced by Botan::ChaCha::cipher(), Botan::CTR_BE::cipher(), Botan::RC4::cipher(), Botan::Salsa20::cipher(), Botan::SHAKE_128_Cipher::cipher(), Botan::AES_128::decrypt_n(), Botan::AES_192::decrypt_n(), Botan::AES_256::decrypt_n(), Botan::ARIA_128::decrypt_n(), Botan::ARIA_192::decrypt_n(), Botan::ARIA_256::decrypt_n(), Botan::Blowfish::decrypt_n(), Botan::Camellia_128::decrypt_n(), Botan::Camellia_192::decrypt_n(), Botan::Camellia_256::decrypt_n(), Botan::CAST_128::decrypt_n(), Botan::CAST_256::decrypt_n(), Botan::DES::decrypt_n(), Botan::TripleDES::decrypt_n(), Botan::DESX::decrypt_n(), Botan::GOST_28147_89::decrypt_n(), Botan::IDEA::decrypt_n(), Botan::KASUMI::decrypt_n(), Botan::Lion::decrypt_n(), Botan::MISTY1::decrypt_n(), Botan::Noekeon::decrypt_n(), Botan::SEED::decrypt_n(), Botan::Serpent::decrypt_n(), Botan::SHACAL2::decrypt_n(), Botan::SM4::decrypt_n(), Botan::Threefish_512::decrypt_n(), Botan::Twofish::decrypt_n(), Botan::XTEA::decrypt_n(), Botan::AES_128::encrypt_n(), Botan::AES_192::encrypt_n(), Botan::AES_256::encrypt_n(), Botan::ARIA_128::encrypt_n(), Botan::ARIA_192::encrypt_n(), Botan::ARIA_256::encrypt_n(), Botan::Blowfish::encrypt_n(), Botan::Camellia_128::encrypt_n(), Botan::Camellia_192::encrypt_n(), Botan::Camellia_256::encrypt_n(), Botan::CAST_128::encrypt_n(), Botan::CAST_256::encrypt_n(), Botan::DES::encrypt_n(), Botan::TripleDES::encrypt_n(), Botan::DESX::encrypt_n(), Botan::GOST_28147_89::encrypt_n(), Botan::IDEA::encrypt_n(), Botan::KASUMI::encrypt_n(), Botan::Lion::encrypt_n(), Botan::MISTY1::encrypt_n(), Botan::Noekeon::encrypt_n(), Botan::SEED::encrypt_n(), Botan::Serpent::encrypt_n(), Botan::SHACAL2::encrypt_n(), Botan::SM4::encrypt_n(), Botan::Threefish_512::encrypt_n(), Botan::Twofish::encrypt_n(), Botan::XTEA::encrypt_n(), Botan::OCB_Encryption::finish(), Botan::OCB_Decryption::finish(), Botan::GHASH::ghash_update(), Botan::CFB_Encryption::process(), Botan::CFB_Decryption::process(), Botan::ChaCha::seek(), Botan::CTR_BE::seek(), Botan::Salsa20::seek(), Botan::OCB_Mode::set_associated_data(), Botan::ChaCha::set_iv(), Botan::Salsa20::set_iv(), Botan::GHASH::update(), Botan::GHASH::update_associated_data(), and Botan::ChaCha::write_keystream().

The documentation for this class was generated from the following files:
Generated by doxygen 1.9.3