Crypto++: authenc.cpp Source File

// authenc.cpp - originally written and placed in the public domain by Wei Dai


#include "pch.h"


#ifndef CRYPTOPP_IMPORTS


#include "authenc.h"


NAMESPACE_BEGIN(CryptoPP)


void AuthenticatedSymmetricCipherBase::AuthenticateData(const byte *input, size_t len)

{

    // UBsan finding with -std=c++03 using memcpy

    CRYPTOPP_ASSERT(input && len);

    if(!input || !len) return;


    unsigned int blockSize = AuthenticationBlockSize();

    unsigned int &num = m_bufferedDataLength;

    byte* data = m_buffer.begin();


    if (data && num)    // process left over data

    {

        if (num+len >= blockSize)

        {

            memcpy(data+num, input, blockSize-num);

            AuthenticateBlocks(data, blockSize);

            input += (blockSize-num);

            len -= (blockSize-num);

            num = 0;

            // drop through and do the rest

        }

        else

        {

            memcpy(data+num, input, len);

            num += (unsigned int)len;

            return;

        }

    }


    // now process the input data in blocks of blockSize bytes and save the leftovers to m_data

    if (len >= blockSize)

    {

        size_t leftOver = AuthenticateBlocks(input, len);

        input += (len - leftOver);

        len = leftOver;

    }


    if (data && len)

        memcpy(data, input, len);

    num = (unsigned int)len;

}


void AuthenticatedSymmetricCipherBase::SetKey(const byte *userKey, size_t keylength, const NameValuePairs &params)

{

    m_bufferedDataLength = 0;

    m_state = State_Start;


    this->SetKeyWithoutResync(userKey, keylength, params);

    m_state = State_KeySet;


    size_t length;

    const byte *iv = GetIVAndThrowIfInvalid(params, length);

    if (iv)

        Resynchronize(iv, (int)length);

}


void AuthenticatedSymmetricCipherBase::Resynchronize(const byte *iv, int length)

{

    if (m_state < State_KeySet)

        throw BadState(AlgorithmName(), "Resynchronize", "key is set");


    m_bufferedDataLength = 0;

    m_totalHeaderLength = m_totalMessageLength = m_totalFooterLength = 0;

    m_state = State_KeySet;


    Resync(iv, this->ThrowIfInvalidIVLength(length));

    m_state = State_IVSet;

}


void AuthenticatedSymmetricCipherBase::Update(const byte *input, size_t length)

{

    // Part of original authenc.cpp code. Don't remove it.

    if (length == 0) {return;}


    switch (m_state)

    {

    case State_Start:

    case State_KeySet:

        throw BadState(AlgorithmName(), "Update", "setting key and IV");

    case State_IVSet:

        AuthenticateData(input, length);

        m_totalHeaderLength += length;

        break;

    case State_AuthUntransformed:

    case State_AuthTransformed:

        AuthenticateLastConfidentialBlock();

        m_bufferedDataLength = 0;

        m_state = State_AuthFooter;

        // fall through

    case State_AuthFooter:

        AuthenticateData(input, length);

        m_totalFooterLength += length;

        break;

    default:

        CRYPTOPP_ASSERT(false);

    }

}


void AuthenticatedSymmetricCipherBase::ProcessData(byte *outString, const byte *inString, size_t length)

{

    if (m_state >= State_IVSet && length > MaxMessageLength()-m_totalMessageLength)

        throw InvalidArgument(AlgorithmName() + ": message length exceeds maximum");

    m_totalMessageLength += length;


reswitch:

    switch (m_state)

    {

    case State_Start:

    case State_KeySet:

        throw BadState(AlgorithmName(), "ProcessData", "setting key and IV");

    case State_AuthFooter:

        throw BadState(AlgorithmName(), "ProcessData was called after footer input has started");

    case State_IVSet:

        AuthenticateLastHeaderBlock();

        m_bufferedDataLength = 0;

        m_state = AuthenticationIsOnPlaintext()==IsForwardTransformation() ? State_AuthUntransformed : State_AuthTransformed;

        goto reswitch;

    case State_AuthUntransformed:

        AuthenticateData(inString, length);

        AccessSymmetricCipher().ProcessData(outString, inString, length);

        break;

    case State_AuthTransformed:

        AccessSymmetricCipher().ProcessData(outString, inString, length);

        AuthenticateData(outString, length);

        break;

    default:

        CRYPTOPP_ASSERT(false);

    }

}


void AuthenticatedSymmetricCipherBase::TruncatedFinal(byte *mac, size_t macSize)

{

    // https://github.com/weidai11/cryptopp/issues/954

    this->ThrowIfInvalidTruncatedSize(macSize);


    if (m_totalHeaderLength > MaxHeaderLength())

        throw InvalidArgument(AlgorithmName() + ": header length of " + IntToString(m_totalHeaderLength) + " exceeds the maximum of " + IntToString(MaxHeaderLength()));


    if (m_totalFooterLength > MaxFooterLength())

    {

        if (MaxFooterLength() == 0)

            throw InvalidArgument(AlgorithmName() + ": additional authenticated data (AAD) cannot be input after data to be encrypted or decrypted");

        else

            throw InvalidArgument(AlgorithmName() + ": footer length of " + IntToString(m_totalFooterLength) + " exceeds the maximum of " + IntToString(MaxFooterLength()));

    }


    switch (m_state)

    {

    case State_Start:

    case State_KeySet:

        throw BadState(AlgorithmName(), "TruncatedFinal", "setting key and IV");


    case State_IVSet:

        AuthenticateLastHeaderBlock();

        m_bufferedDataLength = 0;

        // fall through


    case State_AuthUntransformed:

    case State_AuthTransformed:

        AuthenticateLastConfidentialBlock();

        m_bufferedDataLength = 0;

        // fall through


    case State_AuthFooter:

        AuthenticateLastFooterBlock(mac, macSize);

        m_bufferedDataLength = 0;

        break;


    default:

        CRYPTOPP_ASSERT(false);

    }


    m_state = State_KeySet;

}


NAMESPACE_END


#endif

authenc.h
Classes for authenticated encryption modes of operation.

AuthenticatedSymmetricCipherBase::Resynchronize
void Resynchronize(const byte *iv, int length=-1)
Resynchronize with an IV.

AuthenticatedSymmetricCipherBase::ProcessData
void ProcessData(byte *outString, const byte *inString, size_t length)
Encrypt or decrypt an array of bytes.

AuthenticatedSymmetricCipherBase::Update
void Update(const byte *input, size_t length)
Updates a hash with additional input.

AuthenticatedSymmetricCipherBase::TruncatedFinal
void TruncatedFinal(byte *mac, size_t macSize)
Computes the hash of the current message.

AuthenticatedSymmetricCipherBase::SetKey
void SetKey(const byte *userKey, size_t keylength, const NameValuePairs &params)
Sets or reset the key of this object.

AuthenticatedSymmetricCipher::MaxHeaderLength
virtual lword MaxHeaderLength() const =0
Provides the maximum length of AAD that can be input.

AuthenticatedSymmetricCipher::MaxFooterLength
virtual lword MaxFooterLength() const
Provides the maximum length of AAD.
Definition: cryptlib.h:1345

AuthenticatedSymmetricCipher::MaxMessageLength
virtual lword MaxMessageLength() const =0
Provides the maximum length of encrypted data.

AuthenticatedSymmetricCipher::AlgorithmName
virtual std::string AlgorithmName() const
Provides the name of this algorithm.

InvalidArgument
An invalid argument was detected.
Definition: cryptlib.h:203

NameValuePairs
Interface for retrieving values given their names.
Definition: cryptlib.h:322

SecBlock::begin
iterator begin()
Provides an iterator pointing to the first element in the memory block.
Definition: secblock.h:836

StreamTransformation::ProcessData
virtual void ProcessData(byte *outString, const byte *inString, size_t length)=0
Encrypt or decrypt an array of bytes.

StreamTransformation::IsForwardTransformation
virtual bool IsForwardTransformation() const =0
Determines if the cipher is being operated in its forward direction.

IntToString
std::string IntToString(T value, unsigned int base=10)
Converts a value to a string.
Definition: misc.h:724

CryptoPP
Crypto++ library namespace.

pch.h
Precompiled header file.

CRYPTOPP_ASSERT
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
Definition: trap.h:68