Botan  2.7.0
Crypto and TLS for C++11
fpe_fe1.h
Go to the documentation of this file.
1 /*
2 * Format Preserving Encryption (FE1 scheme)
3 * (C) 2009,2018 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #ifndef BOTAN_FPE_FE1_H_
9 #define BOTAN_FPE_FE1_H_
10 
11 #include <botan/sym_algo.h>
12 #include <botan/bigint.h>
13 
14 namespace Botan {
15 
16 class Modular_Reducer;
17 class MessageAuthenticationCode;
18 
19 /**
20 * Format Preserving Encryption using the scheme FE1 from the paper
21 * "Format-Preserving Encryption" by Bellare, Rogaway, et al
22 * (https://eprint.iacr.org/2009/251)
23 */
24 class BOTAN_PUBLIC_API(2,5) FPE_FE1 final : public SymmetricAlgorithm
25  {
26  public:
27 
28  /**
29  * @param n the modulus. All plaintext and ciphertext values must be
30  * less than this.
31  * @param rounds the number of rounds to use. Must be at least 3.
32  * @param compat_mode An error in versions before 2.5.0 chose incorrect
33  * values for a and b. Set compat_mode to true to select this version.
34  * @param mac_algo the PRF to use as the encryption function
35  */
36  FPE_FE1(const BigInt& n,
37  size_t rounds = 5,
38  bool compat_mode = false,
39  const std::string& mac_algo = "HMAC(SHA-256)");
40 
41  ~FPE_FE1();
42 
43  Key_Length_Specification key_spec() const override;
44 
45  std::string name() const override;
46 
47  void clear() override;
48 
49  /**
50  * Encrypt X from and onto the group Z_n using key and tweak
51  * @param x the plaintext to encrypt <= n
52  * @param tweak will modify the ciphertext
53  * @param tweak_len length of tweak
54  */
55  BigInt encrypt(const BigInt& x, const uint8_t tweak[], size_t tweak_len) const;
56 
57  /**
58  * Decrypt X from and onto the group Z_n using key and tweak
59  * @param x the ciphertext to encrypt <= n
60  * @param tweak must match the value used to encrypt
61  * @param tweak_len length of tweak
62  */
63  BigInt decrypt(const BigInt& x, const uint8_t tweak[], size_t tweak_len) const;
64 
65  BigInt encrypt(const BigInt& x, uint64_t tweak) const;
66 
67  BigInt decrypt(const BigInt& x, uint64_t tweak) const;
68  private:
69  void key_schedule(const uint8_t key[], size_t length) override;
70 
71  BigInt F(const BigInt& R, size_t round,
72  const secure_vector<uint8_t>& tweak,
73  secure_vector<uint8_t>& tmp) const;
74 
75  secure_vector<uint8_t> compute_tweak_mac(const uint8_t tweak[], size_t tweak_len) const;
76 
77  std::unique_ptr<MessageAuthenticationCode> m_mac;
78  std::unique_ptr<Modular_Reducer> mod_a;
79  std::vector<uint8_t> m_n_bytes;
80  BigInt m_a;
81  BigInt m_b;
82  size_t m_rounds;
83  };
84 
85 namespace FPE {
86 
87 /**
88 * Format Preserving Encryption using the scheme FE1 from the paper
89 * "Format-Preserving Encryption" by Bellare, Rogaway, et al
90 * (https://eprint.iacr.org/2009/251)
91 *
92 * Encrypt X from and onto the group Z_n using key and tweak
93 * @param n the modulus
94 * @param X the plaintext as a BigInt
95 * @param key a random key
96 * @param tweak will modify the ciphertext (think of as an IV)
97 *
98 * @warning This function is hardcoded to use only 3 rounds which
99 * may be insecure for some values of n. Prefer FPE_FE1 class
100 */
101 BigInt BOTAN_PUBLIC_API(2,0) fe1_encrypt(const BigInt& n, const BigInt& X,
102  const SymmetricKey& key,
103  const std::vector<uint8_t>& tweak);
104 
105 /**
106 * Decrypt X from and onto the group Z_n using key and tweak
107 * @param n the modulus
108 * @param X the ciphertext as a BigInt
109 * @param key is the key used for encryption
110 * @param tweak the same tweak used for encryption
111 *
112 * @warning This function is hardcoded to use only 3 rounds which
113 * may be insecure for some values of n. Prefer FPE_FE1 class
114 */
115 BigInt BOTAN_PUBLIC_API(2,0) fe1_decrypt(const BigInt& n, const BigInt& X,
116  const SymmetricKey& key,
117  const std::vector<uint8_t>& tweak);
118 
119 }
120 
121 }
122 
123 #endif
fe X
Definition: ge.cpp:27
BigInt fe1_encrypt(const BigInt &n, const BigInt &X, const SymmetricKey &key, const std::vector< uint8_t > &tweak)
Definition: fpe_fe1.cpp:196
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:27
Definition: bigint.h:796
std::string decrypt(const uint8_t input[], size_t input_len, const std::string &passphrase)
Definition: cryptobox.cpp:162
Definition: alg_id.cpp:13
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:88
std::string encrypt(const uint8_t input[], size_t input_len, const std::string &passphrase, RandomNumberGenerator &rng)
Definition: cryptobox.cpp:43
BigInt fe1_decrypt(const BigInt &n, const BigInt &X, const SymmetricKey &key, const std::vector< uint8_t > &tweak)
Definition: fpe_fe1.cpp:205