Botan 3.0.0
Crypto and TLS for C&
fpe_fe1.h
Go to the documentation of this file.
1/*
2* Format Preserving Encryption (FE1 scheme)
3* (C) 2009,2018 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#ifndef BOTAN_FPE_FE1_H_
9#define BOTAN_FPE_FE1_H_
10
11#include <botan/sym_algo.h>
12#include <botan/bigint.h>
13
14namespace Botan {
15
16class Modular_Reducer;
17class MessageAuthenticationCode;
18
19/**
20* Format Preserving Encryption using the scheme FE1 from the paper
21* "Format-Preserving Encryption" by Bellare, Rogaway, et al
22* (https://eprint.iacr.org/2009/251)
23*/
25 {
26 public:
27
28 /**
29 * @param n the modulus. All plaintext and ciphertext values must be
30 * less than this.
31 * @param rounds the number of rounds to use. Must be at least 3.
32 * @param compat_mode An error in versions before 2.5.0 chose incorrect
33 * values for a and b. Set compat_mode to true to select this version.
34 * @param mac_algo the PRF to use as the encryption function
35 */
36 FPE_FE1(const BigInt& n,
37 size_t rounds = 5,
38 bool compat_mode = false,
39 std::string_view mac_algo = "HMAC(SHA-256)");
40
42
43 Key_Length_Specification key_spec() const override;
44
45 bool has_keying_material() const override;
46
47 std::string name() const override;
48
49 void clear() override;
50
51 /**
52 * Encrypt X from and onto the group Z_n using key and tweak
53 * @param x the plaintext to encrypt <= n
54 * @param tweak will modify the ciphertext
55 * @param tweak_len length of tweak
56 */
57 BigInt encrypt(const BigInt& x, const uint8_t tweak[], size_t tweak_len) const;
58
59 /**
60 * Decrypt X from and onto the group Z_n using key and tweak
61 * @param x the ciphertext to encrypt <= n
62 * @param tweak must match the value used to encrypt
63 * @param tweak_len length of tweak
64 */
65 BigInt decrypt(const BigInt& x, const uint8_t tweak[], size_t tweak_len) const;
66
67 BigInt encrypt(const BigInt& x, uint64_t tweak) const;
68
69 BigInt decrypt(const BigInt& x, uint64_t tweak) const;
70 private:
71 void key_schedule(const uint8_t key[], size_t length) override;
72
73 BigInt F(const BigInt& R, size_t round,
74 const secure_vector<uint8_t>& tweak,
75 secure_vector<uint8_t>& tmp) const;
76
77 secure_vector<uint8_t> compute_tweak_mac(const uint8_t tweak[], size_t tweak_len) const;
78
79 std::unique_ptr<MessageAuthenticationCode> m_mac;
80 std::unique_ptr<Modular_Reducer> mod_a;
81 std::vector<uint8_t> m_n_bytes;
82 BigInt m_a;
83 BigInt m_b;
84 size_t m_rounds;
85 };
86
87namespace FPE {
88
89/**
90* Format Preserving Encryption using the scheme FE1 from the paper
91* "Format-Preserving Encryption" by Bellare, Rogaway, et al
92* (https://eprint.iacr.org/2009/251)
93*
94* Encrypt X from and onto the group Z_n using key and tweak
95* @param n the modulus
96* @param X the plaintext as a BigInt
97* @param key a random key
98* @param tweak will modify the ciphertext (think of as an IV)
99*
100* @warning This function is hardcoded to use only 3 rounds which
101* may be insecure for some values of n. Prefer FPE_FE1 class
102*/
103BigInt BOTAN_PUBLIC_API(2,0) fe1_encrypt(const BigInt& n, const BigInt& X,
104 const SymmetricKey& key,
105 const std::vector<uint8_t>& tweak);
106
107/**
108* Decrypt X from and onto the group Z_n using key and tweak
109* @param n the modulus
110* @param X the ciphertext as a BigInt
111* @param key is the key used for encryption
112* @param tweak the same tweak used for encryption
113*
114* @warning This function is hardcoded to use only 3 rounds which
115* may be insecure for some values of n. Prefer FPE_FE1 class
116*/
117BigInt BOTAN_PUBLIC_API(2,0) fe1_decrypt(const BigInt& n, const BigInt& X,
118 const SymmetricKey& key,
119 const std::vector<uint8_t>& tweak);
120
121}
122
123}
124
125#endif
std::string name
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
FE_25519 X
Definition: ge.cpp:26
BigInt fe1_decrypt(const BigInt &n, const BigInt &X, const SymmetricKey &key, const std::vector< uint8_t > &tweak)
Definition: fpe_fe1.cpp:210
BigInt fe1_encrypt(const BigInt &n, const BigInt &X, const SymmetricKey &key, const std::vector< uint8_t > &tweak)
Definition: fpe_fe1.cpp:201
Definition: alg_id.cpp:12
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:64
Definition: bigint.h:1092