doxygen/package_8cpp_source.html

 /*
 * Rivest's Package Tranform
 *
 * (C) 2009 Jack Lloyd
 *
 * Botan is released under the Simplified BSD License (see license.txt)
 */

 #include <botan/package.h>
 #include <botan/filters.h>
 #include <botan/ctr.h>
 #include <botan/loadstor.h>

 namespace Botan {

 void aont_package(RandomNumberGenerator& rng,
                   BlockCipher* cipher,
                   const byte input[], size_t input_len,
                   byte output[])
    {
    const size_t BLOCK_SIZE = cipher->block_size();

    if(!cipher->valid_keylength(BLOCK_SIZE))
       throw Invalid_Argument("AONT::package: Invalid cipher");

    // The all-zero string which is used both as the CTR IV and as K0
    const std::string all_zeros(BLOCK_SIZE*2, '0');

    SymmetricKey package_key(rng, BLOCK_SIZE);

    Pipe pipe(new StreamCipher_Filter(new CTR_BE(cipher), package_key));

    pipe.process_msg(input, input_len);
    pipe.read(output, pipe.remaining());

    // Set K0 (the all zero key)
    cipher->set_key(SymmetricKey(all_zeros));

    secure_vector<byte> buf(BLOCK_SIZE);

    const size_t blocks =
       (input_len + BLOCK_SIZE - 1) / BLOCK_SIZE;

    byte* final_block = output + input_len;
    clear_mem(final_block, BLOCK_SIZE);

    // XOR the hash blocks into the final block
    for(size_t i = 0; i != blocks; ++i)
       {
       const size_t left = std::min<size_t>(BLOCK_SIZE,
                                            input_len - BLOCK_SIZE * i);

       zeroise(buf);
       copy_mem(buf.data(), output + (BLOCK_SIZE * i), left);

       for(size_t j = 0; j != sizeof(i); ++j)
          buf[BLOCK_SIZE - 1 - j] ^= get_byte(sizeof(i)-1-j, i);

       cipher->encrypt(buf.data());

       xor_buf(final_block, buf.data(), BLOCK_SIZE);
       }

    // XOR the random package key into the final block
    xor_buf(final_block, package_key.begin(), BLOCK_SIZE);
    }

 void aont_unpackage(BlockCipher* cipher,
                     const byte input[], size_t input_len,
                     byte output[])
    {
    const size_t BLOCK_SIZE = cipher->block_size();

    if(!cipher->valid_keylength(BLOCK_SIZE))
       throw Invalid_Argument("AONT::unpackage: Invalid cipher");

    if(input_len < BLOCK_SIZE)
       throw Invalid_Argument("AONT::unpackage: Input too short");

    // The all-zero string which is used both as the CTR IV and as K0
    const std::string all_zeros(BLOCK_SIZE*2, '0');

    cipher->set_key(SymmetricKey(all_zeros));

    secure_vector<byte> package_key(BLOCK_SIZE);
    secure_vector<byte> buf(BLOCK_SIZE);

    // Copy the package key (masked with the block hashes)
    copy_mem(package_key.data(),
             input + (input_len - BLOCK_SIZE),
             BLOCK_SIZE);

    const size_t blocks = ((input_len - 1) / BLOCK_SIZE);

    // XOR the blocks into the package key bits
    for(size_t i = 0; i != blocks; ++i)
       {
       const size_t left = std::min<size_t>(BLOCK_SIZE,
                                            input_len - BLOCK_SIZE * (i+1));

       zeroise(buf);
       copy_mem(buf.data(), input + (BLOCK_SIZE * i), left);

       for(size_t j = 0; j != sizeof(i); ++j)
          buf[BLOCK_SIZE - 1 - j] ^= get_byte(sizeof(i)-1-j, i);

       cipher->encrypt(buf.data());

       xor_buf(package_key.data(), buf.data(), BLOCK_SIZE);
       }

    Pipe pipe(new StreamCipher_Filter(new CTR_BE(cipher), package_key));

    pipe.process_msg(input, input_len - BLOCK_SIZE);

    pipe.read(output, pipe.remaining());
    }

 }
Botan::xor_buf
void xor_buf(T out[], const T in[], size_t length)
Definition: mem_ops.h:90

Botan::Invalid_Argument
Definition: exceptn.h:34

Botan::Pipe::remaining
size_t remaining(message_id msg=DEFAULT_MESSAGE) const
Definition: pipe_rw.cpp:130

Botan::StreamCipher_Filter
Definition: filters.h:33

Botan::OctetString
Definition: symkey.h:19

Botan::RandomNumberGenerator
Definition: rng.h:25

Botan::clear_mem
void clear_mem(T *ptr, size_t n)
Definition: mem_ops.h:29

Botan::CTR_BE
Definition: ctr.h:19

Botan::get_byte
byte get_byte(size_t byte_num, T input)
Definition: loadstor.h:47

Botan::OctetString::begin
const byte * begin() const
Definition: symkey.h:36

Botan::Pipe::read
size_t read(byte output[], size_t length) override
Definition: pipe_rw.cpp:81

Botan::SymmetricAlgorithm::valid_keylength
bool valid_keylength(size_t length) const
Definition: sym_algo.h:54

Botan::secure_vector
std::vector< T, secure_allocator< T >> secure_vector
Definition: secmem.h:104

Botan::BlockCipher::encrypt
void encrypt(const byte in[], byte out[]) const
Definition: block_cipher.h:69

Botan::SymmetricAlgorithm::set_key
void set_key(const SymmetricKey &key)
Definition: sym_algo.h:63

Botan::copy_mem
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:43

Botan
Definition: alg_id.cpp:13

Botan::SymmetricKey
OctetString SymmetricKey
Definition: symkey.h:136

Botan::aont_package
void aont_package(RandomNumberGenerator &rng, BlockCipher *cipher, const byte input[], size_t input_len, byte output[])
Definition: package.cpp:16

Botan::aont_unpackage
void aont_unpackage(BlockCipher *cipher, const byte input[], size_t input_len, byte output[])
Definition: package.cpp:68

Botan::Pipe
Definition: pipe.h:27

Botan::BlockCipher::block_size
virtual size_t block_size() const =0

Botan::Pipe::process_msg
void process_msg(const byte in[], size_t length)
Definition: pipe.cpp:117

Botan::BlockCipher
Definition: block_cipher.h:20

Botan::zeroise
void zeroise(std::vector< T, Alloc > &vec)
Definition: secmem.h:194

Botan::byte
std::uint8_t byte
Definition: types.h:31