Botan 2.19.2
Crypto and TLS for C&
fpe_fe1.h
Go to the documentation of this file.
1/*
2* Format Preserving Encryption (FE1 scheme)
3* (C) 2009,2018 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#ifndef BOTAN_FPE_FE1_H_
9#define BOTAN_FPE_FE1_H_
10
11#include <botan/sym_algo.h>
12#include <botan/bigint.h>
13
14namespace Botan {
15
16class Modular_Reducer;
17class MessageAuthenticationCode;
18
19/**
20* Format Preserving Encryption using the scheme FE1 from the paper
21* "Format-Preserving Encryption" by Bellare, Rogaway, et al
22* (https://eprint.iacr.org/2009/251)
23*/
25 {
26 public:
27
28 /**
29 * @param n the modulus. All plaintext and ciphertext values must be
30 * less than this.
31 * @param rounds the number of rounds to use. Must be at least 3.
32 * @param compat_mode An error in versions before 2.5.0 chose incorrect
33 * values for a and b. Set compat_mode to true to select this version.
34 * @param mac_algo the PRF to use as the encryption function
35 */
36 FPE_FE1(const BigInt& n,
37 size_t rounds = 5,
38 bool compat_mode = false,
39 const std::string& mac_algo = "HMAC(SHA-256)");
40
41 ~FPE_FE1();
42
43 Key_Length_Specification key_spec() const override;
44
45 std::string name() const override;
46
47 void clear() override;
48
49 /**
50 * Encrypt X from and onto the group Z_n using key and tweak
51 * @param x the plaintext to encrypt <= n
52 * @param tweak will modify the ciphertext
53 * @param tweak_len length of tweak
54 */
55 BigInt encrypt(const BigInt& x, const uint8_t tweak[], size_t tweak_len) const;
56
57 /**
58 * Decrypt X from and onto the group Z_n using key and tweak
59 * @param x the ciphertext to encrypt <= n
60 * @param tweak must match the value used to encrypt
61 * @param tweak_len length of tweak
62 */
63 BigInt decrypt(const BigInt& x, const uint8_t tweak[], size_t tweak_len) const;
64
65 BigInt encrypt(const BigInt& x, uint64_t tweak) const;
66
67 BigInt decrypt(const BigInt& x, uint64_t tweak) const;
68 private:
69 void key_schedule(const uint8_t key[], size_t length) override;
70
71 BigInt F(const BigInt& R, size_t round,
72 const secure_vector<uint8_t>& tweak,
73 secure_vector<uint8_t>& tmp) const;
74
75 secure_vector<uint8_t> compute_tweak_mac(const uint8_t tweak[], size_t tweak_len) const;
76
77 std::unique_ptr<MessageAuthenticationCode> m_mac;
78 std::unique_ptr<Modular_Reducer> mod_a;
79 std::vector<uint8_t> m_n_bytes;
80 BigInt m_a;
81 BigInt m_b;
82 size_t m_rounds;
83 };
84
85namespace FPE {
86
87/**
88* Format Preserving Encryption using the scheme FE1 from the paper
89* "Format-Preserving Encryption" by Bellare, Rogaway, et al
90* (https://eprint.iacr.org/2009/251)
91*
92* Encrypt X from and onto the group Z_n using key and tweak
93* @param n the modulus
94* @param X the plaintext as a BigInt
95* @param key a random key
96* @param tweak will modify the ciphertext (think of as an IV)
97*
98* @warning This function is hardcoded to use only 3 rounds which
99* may be insecure for some values of n. Prefer FPE_FE1 class
100*/
101BigInt BOTAN_PUBLIC_API(2,0) fe1_encrypt(const BigInt& n, const BigInt& X,
102 const SymmetricKey& key,
103 const std::vector<uint8_t>& tweak);
104
105/**
106* Decrypt X from and onto the group Z_n using key and tweak
107* @param n the modulus
108* @param X the ciphertext as a BigInt
109* @param key is the key used for encryption
110* @param tweak the same tweak used for encryption
111*
112* @warning This function is hardcoded to use only 3 rounds which
113* may be insecure for some values of n. Prefer FPE_FE1 class
114*/
115BigInt BOTAN_PUBLIC_API(2,0) fe1_decrypt(const BigInt& n, const BigInt& X,
116 const SymmetricKey& key,
117 const std::vector<uint8_t>& tweak);
118
119}
120
121}
122
123#endif
std::string name
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
fe X
Definition: ge.cpp:27
std::string decrypt(const uint8_t input[], size_t input_len, const std::string &passphrase)
Definition: cryptobox.cpp:162
std::string encrypt(const uint8_t input[], size_t input_len, const std::string &passphrase, RandomNumberGenerator &rng)
Definition: cryptobox.cpp:43
BigInt fe1_decrypt(const BigInt &n, const BigInt &X, const SymmetricKey &key, const std::vector< uint8_t > &tweak)
Definition: fpe_fe1.cpp:207
BigInt fe1_encrypt(const BigInt &n, const BigInt &X, const SymmetricKey &key, const std::vector< uint8_t > &tweak)
Definition: fpe_fe1.cpp:198
Definition: alg_id.cpp:13
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:65
Definition: bigint.h:1143