-// cryptlib.h - written and placed in the public domain by Wei Dai\r
-/*! \file\r
- This file contains the declarations for the abstract base\r
- classes that provide a uniform interface to this library.\r
-*/\r
-\r
-/*! \mainpage Crypto++ Library 5.6.0 API Reference\r
-<dl>\r
-<dt>Abstract Base Classes<dd>\r
- cryptlib.h\r
-<dt>Authenticated Encryption<dd>\r
- AuthenticatedSymmetricCipherDocumentation\r
-<dt>Symmetric Ciphers<dd>\r
- SymmetricCipherDocumentation\r
-<dt>Hash Functions<dd>\r
- SHA1, SHA224, SHA256, SHA384, SHA512, Tiger, Whirlpool, RIPEMD160, RIPEMD320, RIPEMD128, RIPEMD256, Weak1::MD2, Weak1::MD4, Weak1::MD5\r
-<dt>Non-Cryptographic Checksums<dd>\r
- CRC32, Adler32\r
-<dt>Message Authentication Codes<dd>\r
- VMAC, HMAC, CBC_MAC, CMAC, DMAC, TTMAC, GCM (GMAC)\r
-<dt>Random Number Generators<dd>\r
- NullRNG(), LC_RNG, RandomPool, BlockingRng, NonblockingRng, AutoSeededRandomPool, AutoSeededX917RNG, DefaultAutoSeededRNG\r
-<dt>Password-based Cryptography<dd>\r
- PasswordBasedKeyDerivationFunction\r
-<dt>Public Key Cryptosystems<dd>\r
- DLIES, ECIES, LUCES, RSAES, RabinES, LUC_IES\r
-<dt>Public Key Signature Schemes<dd>\r
- DSA, GDSA, ECDSA, NR, ECNR, LUCSS, RSASS, RSASS_ISO, RabinSS, RWSS, ESIGN\r
-<dt>Key Agreement<dd>\r
- #DH, DH2, #MQV, ECDH, ECMQV, XTR_DH\r
-<dt>Algebraic Structures<dd>\r
- Integer, PolynomialMod2, PolynomialOver, RingOfPolynomialsOver,\r
- ModularArithmetic, MontgomeryRepresentation, GFP2_ONB,\r
- GF2NP, GF256, GF2_32, EC2N, ECP\r
-<dt>Secret Sharing and Information Dispersal<dd>\r
- SecretSharing, SecretRecovery, InformationDispersal, InformationRecovery\r
-<dt>Compression<dd>\r
- Deflator, Inflator, Gzip, Gunzip, ZlibCompressor, ZlibDecompressor\r
-<dt>Input Source Classes<dd>\r
- StringSource, ArraySource, FileSource, SocketSource, WindowsPipeSource, RandomNumberSource\r
-<dt>Output Sink Classes<dd>\r
- StringSinkTemplate, ArraySink, FileSink, SocketSink, WindowsPipeSink, RandomNumberSink\r
-<dt>Filter Wrappers<dd>\r
- StreamTransformationFilter, HashFilter, HashVerificationFilter, SignerFilter, SignatureVerificationFilter\r
-<dt>Binary to Text Encoders and Decoders<dd>\r
- HexEncoder, HexDecoder, Base64Encoder, Base64Decoder, Base32Encoder, Base32Decoder\r
-<dt>Wrappers for OS features<dd>\r
- Timer, Socket, WindowsHandle, ThreadLocalStorage, ThreadUserTimer\r
-<dt>FIPS 140 related<dd>\r
- fips140.h\r
-</dl>\r
-\r
-In the FIPS 140-2 validated DLL version of Crypto++, only the following implementation class are available.\r
-<dl>\r
-<dt>Block Ciphers<dd>\r
- AES, DES_EDE2, DES_EDE3, SKIPJACK\r
-<dt>Cipher Modes (replace template parameter BC with one of the block ciphers above)<dd>\r
- ECB_Mode\<BC\>, CTR_Mode\<BC\>, CBC_Mode\<BC\>, CFB_FIPS_Mode\<BC\>, OFB_Mode\<BC\>\r
-<dt>Hash Functions<dd>\r
- SHA1, SHA224, SHA256, SHA384, SHA512\r
-<dt>Public Key Signature Schemes (replace template parameter H with one of the hash functions above)<dd>\r
- RSASS\<PKCS1v15, H\>, RSASS\<PSS, H\>, RSASS_ISO\<H\>, RWSS\<P1363_EMSA2, H\>, DSA, ECDSA\<ECP, H\>, ECDSA\<EC2N, H\>\r
-<dt>Message Authentication Codes (replace template parameter H with one of the hash functions above)<dd>\r
- HMAC\<H\>, CBC_MAC\<DES_EDE2\>, CBC_MAC\<DES_EDE3\>\r
-<dt>Random Number Generators<dd>\r
- DefaultAutoSeededRNG (AutoSeededX917RNG\<AES\>)\r
-<dt>Key Agreement<dd>\r
- #DH\r
-<dt>Public Key Cryptosystems<dd>\r
- RSAES\<OAEP\<SHA1\> \>\r
-</dl>\r
-\r
-<p>This reference manual is a work in progress. Some classes are still lacking detailed descriptions.\r
-<p>Click <a href="CryptoPPRef.zip">here</a> to download a zip archive containing this manual.\r
-<p>Thanks to Ryan Phillips for providing the Doxygen configuration file\r
-and getting me started with this manual.\r
-*/\r
-\r
-#ifndef CRYPTOPP_CRYPTLIB_H\r
-#define CRYPTOPP_CRYPTLIB_H\r
-\r
-#include "config.h"\r
-#include "stdcpp.h"\r
-\r
-NAMESPACE_BEGIN(CryptoPP)\r
-\r
-// forward declarations\r
-class Integer;\r
-class RandomNumberGenerator;\r
-class BufferedTransformation;\r
-\r
-//! used to specify a direction for a cipher to operate in (encrypt or decrypt)\r
-enum CipherDir {ENCRYPTION, DECRYPTION};\r
-\r
-//! used to represent infinite time\r
-const unsigned long INFINITE_TIME = ULONG_MAX;\r
-\r
-// VC60 workaround: using enums as template parameters causes problems\r
-template <typename ENUM_TYPE, int VALUE>\r
-struct EnumToType\r
-{\r
- static ENUM_TYPE ToEnum() {return (ENUM_TYPE)VALUE;}\r
-};\r
-\r
-enum ByteOrder {LITTLE_ENDIAN_ORDER = 0, BIG_ENDIAN_ORDER = 1};\r
-typedef EnumToType<ByteOrder, LITTLE_ENDIAN_ORDER> LittleEndian;\r
-typedef EnumToType<ByteOrder, BIG_ENDIAN_ORDER> BigEndian;\r
-\r
-//! base class for all exceptions thrown by Crypto++\r
-class CRYPTOPP_DLL Exception : public std::exception\r
-{\r
-public:\r
- //! error types\r
- enum ErrorType {\r
- //! a method is not implemented\r
- NOT_IMPLEMENTED,\r
- //! invalid function argument\r
- INVALID_ARGUMENT,\r
- //! BufferedTransformation received a Flush(true) signal but can't flush buffers\r
- CANNOT_FLUSH,\r
- //! data integerity check (such as CRC or MAC) failed\r
- DATA_INTEGRITY_CHECK_FAILED,\r
- //! received input data that doesn't conform to expected format\r
- INVALID_DATA_FORMAT,\r
- //! error reading from input device or writing to output device\r
- IO_ERROR,\r
- //! some error not belong to any of the above categories\r
- OTHER_ERROR\r
- };\r
-\r
- explicit Exception(ErrorType errorType, const std::string &s) : m_errorType(errorType), m_what(s) {}\r
- virtual ~Exception() throw() {}\r
- const char *what() const throw() {return (m_what.c_str());}\r
- const std::string &GetWhat() const {return m_what;}\r
- void SetWhat(const std::string &s) {m_what = s;}\r
- ErrorType GetErrorType() const {return m_errorType;}\r
- void SetErrorType(ErrorType errorType) {m_errorType = errorType;}\r
-\r
-private:\r
- ErrorType m_errorType;\r
- std::string m_what;\r
-};\r
-\r
-//! exception thrown when an invalid argument is detected\r
-class CRYPTOPP_DLL InvalidArgument : public Exception\r
-{\r
-public:\r
- explicit InvalidArgument(const std::string &s) : Exception(INVALID_ARGUMENT, s) {}\r
-};\r
-\r
-//! exception thrown when input data is received that doesn't conform to expected format\r
-class CRYPTOPP_DLL InvalidDataFormat : public Exception\r
-{\r
-public:\r
- explicit InvalidDataFormat(const std::string &s) : Exception(INVALID_DATA_FORMAT, s) {}\r
-};\r
-\r
-//! exception thrown by decryption filters when trying to decrypt an invalid ciphertext\r
-class CRYPTOPP_DLL InvalidCiphertext : public InvalidDataFormat\r
-{\r
-public:\r
- explicit InvalidCiphertext(const std::string &s) : InvalidDataFormat(s) {}\r
-};\r
-\r
-//! exception thrown by a class if a non-implemented method is called\r
-class CRYPTOPP_DLL NotImplemented : public Exception\r
-{\r
-public:\r
- explicit NotImplemented(const std::string &s) : Exception(NOT_IMPLEMENTED, s) {}\r
-};\r
-\r
-//! exception thrown by a class when Flush(true) is called but it can't completely flush its buffers\r
-class CRYPTOPP_DLL CannotFlush : public Exception\r
-{\r
-public:\r
- explicit CannotFlush(const std::string &s) : Exception(CANNOT_FLUSH, s) {}\r
-};\r
-\r
-//! error reported by the operating system\r
-class CRYPTOPP_DLL OS_Error : public Exception\r
-{\r
-public:\r
- OS_Error(ErrorType errorType, const std::string &s, const std::string& operation, int errorCode)\r
- : Exception(errorType, s), m_operation(operation), m_errorCode(errorCode) {}\r
- ~OS_Error() throw() {}\r
-\r
- // the operating system API that reported the error\r
- const std::string & GetOperation() const {return m_operation;}\r
- // the error code return by the operating system\r
- int GetErrorCode() const {return m_errorCode;}\r
-\r
-protected:\r
- std::string m_operation;\r
- int m_errorCode;\r
-};\r
-\r
-//! used to return decoding results\r
-struct CRYPTOPP_DLL DecodingResult\r
-{\r
- explicit DecodingResult() : isValidCoding(false), messageLength(0) {}\r
- explicit DecodingResult(size_t len) : isValidCoding(true), messageLength(len) {}\r
-\r
- bool operator==(const DecodingResult &rhs) const {return isValidCoding == rhs.isValidCoding && messageLength == rhs.messageLength;}\r
- bool operator!=(const DecodingResult &rhs) const {return !operator==(rhs);}\r
-\r
- bool isValidCoding;\r
- size_t messageLength;\r
-\r
-#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY\r
- operator size_t() const {return isValidCoding ? messageLength : 0;}\r
-#endif\r
-};\r
-\r
-//! interface for retrieving values given their names\r
-/*! \note This class is used to safely pass a variable number of arbitrarily typed arguments to functions\r
- and to read values from keys and crypto parameters.\r
- \note To obtain an object that implements NameValuePairs for the purpose of parameter\r
- passing, use the MakeParameters() function.\r
- \note To get a value from NameValuePairs, you need to know the name and the type of the value. \r
- Call GetValueNames() on a NameValuePairs object to obtain a list of value names that it supports.\r
- Then look at the Name namespace documentation to see what the type of each value is, or\r
- alternatively, call GetIntValue() with the value name, and if the type is not int, a\r
- ValueTypeMismatch exception will be thrown and you can get the actual type from the exception object.\r
-*/\r
-class CRYPTOPP_NO_VTABLE NameValuePairs\r
-{\r
-public:\r
- virtual ~NameValuePairs() {}\r
-\r
- //! exception thrown when trying to retrieve a value using a different type than expected\r
- class CRYPTOPP_DLL ValueTypeMismatch : public InvalidArgument\r
- {\r
- public:\r
- ValueTypeMismatch(const std::string &name, const std::type_info &stored, const std::type_info &retrieving)\r
- : InvalidArgument("NameValuePairs: type mismatch for '" + name + "', stored '" + stored.name() + "', trying to retrieve '" + retrieving.name() + "'")\r
- , m_stored(stored), m_retrieving(retrieving) {}\r
-\r
- const std::type_info & GetStoredTypeInfo() const {return m_stored;}\r
- const std::type_info & GetRetrievingTypeInfo() const {return m_retrieving;}\r
-\r
- private:\r
- const std::type_info &m_stored;\r
- const std::type_info &m_retrieving;\r
- };\r
-\r
- //! get a copy of this object or a subobject of it\r
- template <class T>\r
- bool GetThisObject(T &object) const\r
- {\r
- return GetValue((std::string("ThisObject:")+typeid(T).name()).c_str(), object);\r
- }\r
-\r
- //! get a pointer to this object, as a pointer to T\r
- template <class T>\r
- bool GetThisPointer(T *&p) const\r
- {\r
- return GetValue((std::string("ThisPointer:")+typeid(T).name()).c_str(), p);\r
- }\r
-\r
- //! get a named value, returns true if the name exists\r
- template <class T>\r
- bool GetValue(const char *name, T &value) const\r
- {\r
- return GetVoidValue(name, typeid(T), &value);\r
- }\r
-\r
- //! get a named value, returns the default if the name doesn't exist\r
- template <class T>\r
- T GetValueWithDefault(const char *name, T defaultValue) const\r
- {\r
- GetValue(name, defaultValue);\r
- return defaultValue;\r
- }\r
-\r
- //! get a list of value names that can be retrieved\r
- CRYPTOPP_DLL std::string GetValueNames() const\r
- {std::string result; GetValue("ValueNames", result); return result;}\r
-\r
- //! get a named value with type int\r
- /*! used to ensure we don't accidentally try to get an unsigned int\r
- or some other type when we mean int (which is the most common case) */\r
- CRYPTOPP_DLL bool GetIntValue(const char *name, int &value) const\r
- {return GetValue(name, value);}\r
-\r
- //! get a named value with type int, with default\r
- CRYPTOPP_DLL int GetIntValueWithDefault(const char *name, int defaultValue) const\r
- {return GetValueWithDefault(name, defaultValue);}\r
-\r
- //! used by derived classes to check for type mismatch\r
- CRYPTOPP_DLL static void CRYPTOPP_API ThrowIfTypeMismatch(const char *name, const std::type_info &stored, const std::type_info &retrieving)\r
- {if (stored != retrieving) throw ValueTypeMismatch(name, stored, retrieving);}\r
-\r
- template <class T>\r
- void GetRequiredParameter(const char *className, const char *name, T &value) const\r
- {\r
- if (!GetValue(name, value))\r
- throw InvalidArgument(std::string(className) + ": missing required parameter '" + name + "'");\r
- }\r
-\r
- CRYPTOPP_DLL void GetRequiredIntParameter(const char *className, const char *name, int &value) const\r
- {\r
- if (!GetIntValue(name, value))\r
- throw InvalidArgument(std::string(className) + ": missing required parameter '" + name + "'");\r
- }\r
-\r
- //! to be implemented by derived classes, users should use one of the above functions instead\r
- CRYPTOPP_DLL virtual bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const =0;\r
-};\r
-\r
-//! namespace containing value name definitions\r
-/*! value names, types and semantics:\r
-\r
- ThisObject:ClassName (ClassName, copy of this object or a subobject)\r
- ThisPointer:ClassName (const ClassName *, pointer to this object or a subobject)\r
-*/\r
-DOCUMENTED_NAMESPACE_BEGIN(Name)\r
-// more names defined in argnames.h\r
-DOCUMENTED_NAMESPACE_END\r
-\r
-//! empty set of name-value pairs\r
-class CRYPTOPP_DLL NullNameValuePairs : public NameValuePairs\r
-{\r
-public:\r
- bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const {return false;}\r
-};\r
-\r
-//! _\r
-extern CRYPTOPP_DLL const NullNameValuePairs g_nullNameValuePairs;\r
-\r
-// ********************************************************\r
-\r
-//! interface for cloning objects, this is not implemented by most classes yet\r
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Clonable\r
-{\r
-public:\r
- virtual ~Clonable() {}\r
- //! this is not implemented by most classes yet\r
- virtual Clonable* Clone() const {throw NotImplemented("Clone() is not implemented yet.");} // TODO: make this =0\r
-};\r
-\r
-//! interface for all crypto algorithms\r
-\r
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Algorithm : public Clonable\r
-{\r
-public:\r
- /*! When FIPS 140-2 compliance is enabled and checkSelfTestStatus == true,\r
- this constructor throws SelfTestFailure if the self test hasn't been run or fails. */\r
- Algorithm(bool checkSelfTestStatus = true);\r
- //! returns name of this algorithm, not universally implemented yet\r
- virtual std::string AlgorithmName() const {return "unknown";}\r
-};\r
-\r
-//! keying interface for crypto algorithms that take byte strings as keys\r
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE SimpleKeyingInterface\r
-{\r
-public:\r
- virtual ~SimpleKeyingInterface() {}\r
-\r
- //! returns smallest valid key length in bytes */\r
- virtual size_t MinKeyLength() const =0;\r
- //! returns largest valid key length in bytes */\r
- virtual size_t MaxKeyLength() const =0;\r
- //! returns default (recommended) key length in bytes */\r
- virtual size_t DefaultKeyLength() const =0;\r
-\r
- //! returns the smallest valid key length in bytes that is >= min(n, GetMaxKeyLength())\r
- virtual size_t GetValidKeyLength(size_t n) const =0;\r
-\r
- //! returns whether n is a valid key length\r
- virtual bool IsValidKeyLength(size_t n) const\r
- {return n == GetValidKeyLength(n);}\r
-\r
- //! set or reset the key of this object\r
- /*! \param params is used to specify Rounds, BlockSize, etc. */\r
- virtual void SetKey(const byte *key, size_t length, const NameValuePairs ¶ms = g_nullNameValuePairs);\r
-\r
- //! calls SetKey() with an NameValuePairs object that just specifies "Rounds"\r
- void SetKeyWithRounds(const byte *key, size_t length, int rounds);\r
-\r
- //! calls SetKey() with an NameValuePairs object that just specifies "IV"\r
- void SetKeyWithIV(const byte *key, size_t length, const byte *iv, size_t ivLength);\r
-\r
- //! calls SetKey() with an NameValuePairs object that just specifies "IV"\r
- void SetKeyWithIV(const byte *key, size_t length, const byte *iv)\r
- {SetKeyWithIV(key, length, iv, IVSize());}\r
-\r
- enum IV_Requirement {UNIQUE_IV = 0, RANDOM_IV, UNPREDICTABLE_RANDOM_IV, INTERNALLY_GENERATED_IV, NOT_RESYNCHRONIZABLE};\r
- //! returns the minimal requirement for secure IVs\r
- virtual IV_Requirement IVRequirement() const =0;\r
-\r
- //! returns whether this object can be resynchronized (i.e. supports initialization vectors)\r
- /*! If this function returns true, and no IV is passed to SetKey() and CanUseStructuredIVs()==true, an IV of all 0's will be assumed. */\r
- bool IsResynchronizable() const {return IVRequirement() < NOT_RESYNCHRONIZABLE;}\r
- //! returns whether this object can use random IVs (in addition to ones returned by GetNextIV)\r
- bool CanUseRandomIVs() const {return IVRequirement() <= UNPREDICTABLE_RANDOM_IV;}\r
- //! returns whether this object can use random but possibly predictable IVs (in addition to ones returned by GetNextIV)\r
- bool CanUsePredictableIVs() const {return IVRequirement() <= RANDOM_IV;}\r
- //! returns whether this object can use structured IVs, for example a counter (in addition to ones returned by GetNextIV)\r
- bool CanUseStructuredIVs() const {return IVRequirement() <= UNIQUE_IV;}\r
-\r
- virtual unsigned int IVSize() const {throw NotImplemented(GetAlgorithm().AlgorithmName() + ": this object doesn't support resynchronization");}\r
- //! returns default length of IVs accepted by this object\r
- unsigned int DefaultIVLength() const {return IVSize();}\r
- //! returns minimal length of IVs accepted by this object\r
- virtual unsigned int MinIVLength() const {return IVSize();}\r
- //! returns maximal length of IVs accepted by this object\r
- virtual unsigned int MaxIVLength() const {return IVSize();}\r
- //! resynchronize with an IV. ivLength=-1 means use IVSize()\r
- virtual void Resynchronize(const byte *iv, int ivLength=-1) {throw NotImplemented(GetAlgorithm().AlgorithmName() + ": this object doesn't support resynchronization");}\r
- //! get a secure IV for the next message\r
- /*! This method should be called after you finish encrypting one message and are ready to start the next one.\r
- After calling it, you must call SetKey() or Resynchronize() before using this object again. \r
- This method is not implemented on decryption objects. */\r
- virtual void GetNextIV(RandomNumberGenerator &rng, byte *IV);\r
-\r
-protected:\r
- virtual const Algorithm & GetAlgorithm() const =0;\r
- virtual void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms) =0;\r
-\r
- void ThrowIfInvalidKeyLength(size_t length);\r
- void ThrowIfResynchronizable(); // to be called when no IV is passed\r
- void ThrowIfInvalidIV(const byte *iv); // check for NULL IV if it can't be used\r
- size_t ThrowIfInvalidIVLength(int size);\r
- const byte * GetIVAndThrowIfInvalid(const NameValuePairs ¶ms, size_t &size);\r
- inline void AssertValidKeyLength(size_t length) const\r
- {assert(IsValidKeyLength(length));}\r
-};\r
-\r
-//! interface for the data processing part of block ciphers\r
-\r
-/*! Classes derived from BlockTransformation are block ciphers\r
- in ECB mode (for example the DES::Encryption class), which are stateless.\r
- These classes should not be used directly, but only in combination with\r
- a mode class (see CipherModeDocumentation in modes.h).\r
-*/\r
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE BlockTransformation : public Algorithm\r
-{\r
-public:\r
- //! encrypt or decrypt inBlock, xor with xorBlock, and write to outBlock\r
- virtual void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const =0;\r
-\r
- //! encrypt or decrypt one block\r
- /*! \pre size of inBlock and outBlock == BlockSize() */\r
- void ProcessBlock(const byte *inBlock, byte *outBlock) const\r
- {ProcessAndXorBlock(inBlock, NULL, outBlock);}\r
-\r
- //! encrypt or decrypt one block in place\r
- void ProcessBlock(byte *inoutBlock) const\r
- {ProcessAndXorBlock(inoutBlock, NULL, inoutBlock);}\r
-\r
- //! block size of the cipher in bytes\r
- virtual unsigned int BlockSize() const =0;\r
-\r
- //! returns how inputs and outputs should be aligned for optimal performance\r
- virtual unsigned int OptimalDataAlignment() const;\r
-\r
- //! returns true if this is a permutation (i.e. there is an inverse transformation)\r
- virtual bool IsPermutation() const {return true;}\r
-\r
- //! returns true if this is an encryption object\r
- virtual bool IsForwardTransformation() const =0;\r
-\r
- //! return number of blocks that can be processed in parallel, for bit-slicing implementations\r
- virtual unsigned int OptimalNumberOfParallelBlocks() const {return 1;}\r
-\r
- enum {BT_InBlockIsCounter=1, BT_DontIncrementInOutPointers=2, BT_XorInput=4, BT_ReverseDirection=8} FlagsForAdvancedProcessBlocks;\r
-\r
- //! encrypt and xor blocks according to flags (see FlagsForAdvancedProcessBlocks)\r
- /*! /note If BT_InBlockIsCounter is set, last byte of inBlocks may be modified. */\r
- virtual size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const;\r
-\r
- inline CipherDir GetCipherDirection() const {return IsForwardTransformation() ? ENCRYPTION : DECRYPTION;}\r
-};\r
-\r
-//! interface for the data processing part of stream ciphers\r
-\r
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE StreamTransformation : public Algorithm\r
-{\r
-public:\r
- //! return a reference to this object, \r
- /*! This function is useful for passing a temporary StreamTransformation object to a \r
- function that takes a non-const reference. */\r
- StreamTransformation& Ref() {return *this;}\r
-\r
- //! returns block size, if input must be processed in blocks, otherwise 1\r
- virtual unsigned int MandatoryBlockSize() const {return 1;}\r
-\r
- //! returns the input block size that is most efficient for this cipher\r
- /*! \note optimal input length is n * OptimalBlockSize() - GetOptimalBlockSizeUsed() for any n > 0 */\r
- virtual unsigned int OptimalBlockSize() const {return MandatoryBlockSize();}\r
- //! returns how much of the current block is used up\r
- virtual unsigned int GetOptimalBlockSizeUsed() const {return 0;}\r
-\r
- //! returns how input should be aligned for optimal performance\r
- virtual unsigned int OptimalDataAlignment() const;\r
-\r
- //! encrypt or decrypt an array of bytes of specified length\r
- /*! \note either inString == outString, or they don't overlap */\r
- virtual void ProcessData(byte *outString, const byte *inString, size_t length) =0;\r
-\r
- //! for ciphers where the last block of data is special, encrypt or decrypt the last block of data\r
- /*! For now the only use of this function is for CBC-CTS mode. */\r
- virtual void ProcessLastBlock(byte *outString, const byte *inString, size_t length);\r
- //! returns the minimum size of the last block, 0 indicating the last block is not special\r
- virtual unsigned int MinLastBlockSize() const {return 0;}\r
-\r
- //! same as ProcessData(inoutString, inoutString, length)\r
- inline void ProcessString(byte *inoutString, size_t length)\r
- {ProcessData(inoutString, inoutString, length);}\r
- //! same as ProcessData(outString, inString, length)\r
- inline void ProcessString(byte *outString, const byte *inString, size_t length)\r
- {ProcessData(outString, inString, length);}\r
- //! implemented as {ProcessData(&input, &input, 1); return input;}\r
- inline byte ProcessByte(byte input)\r
- {ProcessData(&input, &input, 1); return input;}\r
-\r
- //! returns whether this cipher supports random access\r
- virtual bool IsRandomAccess() const =0;\r
- //! for random access ciphers, seek to an absolute position\r
- virtual void Seek(lword n)\r
- {\r
- assert(!IsRandomAccess());\r
- throw NotImplemented("StreamTransformation: this object doesn't support random access");\r
- }\r
-\r
- //! returns whether this transformation is self-inverting (e.g. xor with a keystream)\r
- virtual bool IsSelfInverting() const =0;\r
- //! returns whether this is an encryption object\r
- virtual bool IsForwardTransformation() const =0;\r
-};\r
-\r
-//! interface for hash functions and data processing part of MACs\r
-\r
-/*! HashTransformation objects are stateful. They are created in an initial state,\r
- change state as Update() is called, and return to the initial\r
- state when Final() is called. This interface allows a large message to\r
- be hashed in pieces by calling Update() on each piece followed by\r
- calling Final().\r
-*/\r
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE HashTransformation : public Algorithm\r
-{\r
-public:\r
- //! return a reference to this object, \r
- /*! This function is useful for passing a temporary HashTransformation object to a \r
- function that takes a non-const reference. */\r
- HashTransformation& Ref() {return *this;}\r
-\r
- //! process more input\r
- virtual void Update(const byte *input, size_t length) =0;\r
-\r
- //! request space to write input into\r
- virtual byte * CreateUpdateSpace(size_t &size) {size=0; return NULL;}\r
-\r
- //! compute hash for current message, then restart for a new message\r
- /*! \pre size of digest == DigestSize(). */\r
- virtual void Final(byte *digest)\r
- {TruncatedFinal(digest, DigestSize());}\r
-\r
- //! discard the current state, and restart with a new message\r
- virtual void Restart()\r
- {TruncatedFinal(NULL, 0);}\r
-\r
- //! size of the hash/digest/MAC returned by Final()\r
- virtual unsigned int DigestSize() const =0;\r
-\r
- //! same as DigestSize()\r
- unsigned int TagSize() const {return DigestSize();}\r
-\r
-\r
- //! block size of underlying compression function, or 0 if not block based\r
- virtual unsigned int BlockSize() const {return 0;}\r
-\r
- //! input to Update() should have length a multiple of this for optimal speed\r
- virtual unsigned int OptimalBlockSize() const {return 1;}\r
-\r
- //! returns how input should be aligned for optimal performance\r
- virtual unsigned int OptimalDataAlignment() const;\r
-\r
- //! use this if your input is in one piece and you don't want to call Update() and Final() separately\r
- virtual void CalculateDigest(byte *digest, const byte *input, size_t length)\r
- {Update(input, length); Final(digest);}\r
-\r
- //! verify that digest is a valid digest for the current message, then reinitialize the object\r
- /*! Default implementation is to call Final() and do a bitwise comparison\r
- between its output and digest. */\r
- virtual bool Verify(const byte *digest)\r
- {return TruncatedVerify(digest, DigestSize());}\r
-\r
- //! use this if your input is in one piece and you don't want to call Update() and Verify() separately\r
- virtual bool VerifyDigest(const byte *digest, const byte *input, size_t length)\r
- {Update(input, length); return Verify(digest);}\r
-\r
- //! truncated version of Final()\r
- virtual void TruncatedFinal(byte *digest, size_t digestSize) =0;\r
-\r
- //! truncated version of CalculateDigest()\r
- virtual void CalculateTruncatedDigest(byte *digest, size_t digestSize, const byte *input, size_t length)\r
- {Update(input, length); TruncatedFinal(digest, digestSize);}\r
-\r
- //! truncated version of Verify()\r
- virtual bool TruncatedVerify(const byte *digest, size_t digestLength);\r
-\r
- //! truncated version of VerifyDigest()\r
- virtual bool VerifyTruncatedDigest(const byte *digest, size_t digestLength, const byte *input, size_t length)\r
- {Update(input, length); return TruncatedVerify(digest, digestLength);}\r
-\r
-protected:\r
- void ThrowIfInvalidTruncatedSize(size_t size) const;\r
-};\r
-\r
-typedef HashTransformation HashFunction;\r
-\r
-//! interface for one direction (encryption or decryption) of a block cipher\r
-/*! \note These objects usually should not be used directly. See BlockTransformation for more details. */\r
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE BlockCipher : public SimpleKeyingInterface, public BlockTransformation\r
-{\r
-protected:\r
- const Algorithm & GetAlgorithm() const {return *this;}\r
-};\r
-\r
-//! interface for one direction (encryption or decryption) of a stream cipher or cipher mode\r
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE SymmetricCipher : public SimpleKeyingInterface, public StreamTransformation\r
-{\r
-protected:\r
- const Algorithm & GetAlgorithm() const {return *this;}\r
-};\r
-\r
-//! interface for message authentication codes\r
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE MessageAuthenticationCode : public SimpleKeyingInterface, public HashTransformation\r
-{\r
-protected:\r
- const Algorithm & GetAlgorithm() const {return *this;}\r
-};\r
-\r
-//! interface for for one direction (encryption or decryption) of a stream cipher or block cipher mode with authentication\r
-/*! The StreamTransformation part of this interface is used to encrypt/decrypt the data, and the MessageAuthenticationCode part of this\r
- interface is used to input additional authenticated data (AAD, which is MAC'ed but not encrypted), and to generate/verify the MAC. */\r
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AuthenticatedSymmetricCipher : public MessageAuthenticationCode, public StreamTransformation\r
-{\r
-public:\r
- //! this indicates that a member function was called in the wrong state, for example trying to encrypt a message before having set the key or IV\r
- class BadState : public Exception\r
- {\r
- public:\r
- explicit BadState(const std::string &name, const char *message) : Exception(OTHER_ERROR, name + ": " + message) {}\r
- explicit BadState(const std::string &name, const char *function, const char *state) : Exception(OTHER_ERROR, name + ": " + function + " was called before " + state) {}\r
- };\r
-\r
- //! the maximum length of AAD that can be input before the encrypted data\r
- virtual lword MaxHeaderLength() const =0;\r
- //! the maximum length of encrypted data\r
- virtual lword MaxMessageLength() const =0;\r
- //! the maximum length of AAD that can be input after the encrypted data\r
- virtual lword MaxFooterLength() const {return 0;}\r
- //! if this function returns true, SpecifyDataLengths() must be called before attempting to input data\r
- /*! This is the case for some schemes, such as CCM. */\r
- virtual bool NeedsPrespecifiedDataLengths() const {return false;}\r
- //! this function only needs to be called if NeedsPrespecifiedDataLengths() returns true\r
- void SpecifyDataLengths(lword headerLength, lword messageLength, lword footerLength=0);\r
- //! encrypt and generate MAC in one call. will truncate MAC if macSize < TagSize()\r
- virtual void EncryptAndAuthenticate(byte *ciphertext, byte *mac, size_t macSize, const byte *iv, int ivLength, const byte *header, size_t headerLength, const byte *message, size_t messageLength);\r
- //! decrypt and verify MAC in one call, returning true iff MAC is valid. will assume MAC is truncated if macLength < TagSize()\r
- virtual bool DecryptAndVerify(byte *message, const byte *mac, size_t macLength, const byte *iv, int ivLength, const byte *header, size_t headerLength, const byte *ciphertext, size_t ciphertextLength);\r
-\r
- // redeclare this to avoid compiler ambiguity errors\r
- virtual std::string AlgorithmName() const =0;\r
-\r
-protected:\r
- const Algorithm & GetAlgorithm() const {return *static_cast<const MessageAuthenticationCode *>(this);}\r
- virtual void UncheckedSpecifyDataLengths(lword headerLength, lword messageLength, lword footerLength) {}\r
-};\r
-\r
-#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY\r
-typedef SymmetricCipher StreamCipher;\r
-#endif\r
-\r
-//! interface for random number generators\r
-/*! All return values are uniformly distributed over the range specified.\r
-*/\r
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE RandomNumberGenerator : public Algorithm\r
-{\r
-public:\r
- //! update RNG state with additional unpredictable values\r
- virtual void IncorporateEntropy(const byte *input, size_t length) {throw NotImplemented("RandomNumberGenerator: IncorporateEntropy not implemented");}\r
-\r
- //! returns true if IncorporateEntropy is implemented\r
- virtual bool CanIncorporateEntropy() const {return false;}\r
-\r
- //! generate new random byte and return it\r
- virtual byte GenerateByte();\r
-\r
- //! generate new random bit and return it\r
- /*! Default implementation is to call GenerateByte() and return its lowest bit. */\r
- virtual unsigned int GenerateBit();\r
-\r
- //! generate a random 32 bit word in the range min to max, inclusive\r
- virtual word32 GenerateWord32(word32 a=0, word32 b=0xffffffffL);\r
-\r
- //! generate random array of bytes\r
- virtual void GenerateBlock(byte *output, size_t size);\r
-\r
- //! generate and discard n bytes\r
- virtual void DiscardBytes(size_t n);\r
-\r
- //! generate random bytes as input to a BufferedTransformation\r
- virtual void GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword length);\r
-\r
- //! randomly shuffle the specified array, resulting permutation is uniformly distributed\r
- template <class IT> void Shuffle(IT begin, IT end)\r
- {\r
- for (; begin != end; ++begin)\r
- std::iter_swap(begin, begin + GenerateWord32(0, end-begin-1));\r
- }\r
-\r
-#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY\r
- byte GetByte() {return GenerateByte();}\r
- unsigned int GetBit() {return GenerateBit();}\r
- word32 GetLong(word32 a=0, word32 b=0xffffffffL) {return GenerateWord32(a, b);}\r
- word16 GetShort(word16 a=0, word16 b=0xffff) {return (word16)GenerateWord32(a, b);}\r
- void GetBlock(byte *output, size_t size) {GenerateBlock(output, size);}\r
-#endif\r
-};\r
-\r
-//! returns a reference that can be passed to functions that ask for a RNG but doesn't actually use it\r
-CRYPTOPP_DLL RandomNumberGenerator & CRYPTOPP_API NullRNG();\r
-\r
-class WaitObjectContainer;\r
-class CallStack;\r
-\r
-//! interface for objects that you can wait for\r
-\r
-class CRYPTOPP_NO_VTABLE Waitable\r
-{\r
-public:\r
- virtual ~Waitable() {}\r
-\r
- //! maximum number of wait objects that this object can return\r
- virtual unsigned int GetMaxWaitObjectCount() const =0;\r
- //! put wait objects into container\r
- /*! \param callStack is used for tracing no wait loops, example:\r
- something.GetWaitObjects(c, CallStack("my func after X", 0));\r
- - or in an outer GetWaitObjects() method that itself takes a callStack parameter:\r
- innerThing.GetWaitObjects(c, CallStack("MyClass::GetWaitObjects at X", &callStack)); */\r
- virtual void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) =0;\r
- //! wait on this object\r
- /*! same as creating an empty container, calling GetWaitObjects(), and calling Wait() on the container */\r
- bool Wait(unsigned long milliseconds, CallStack const& callStack);\r
-};\r
-\r
-//! the default channel for BufferedTransformation, equal to the empty string\r
-extern CRYPTOPP_DLL const std::string DEFAULT_CHANNEL;\r
-\r
-//! channel for additional authenticated data, equal to "AAD"\r
-extern CRYPTOPP_DLL const std::string AAD_CHANNEL;\r
-\r
-//! interface for buffered transformations\r
-\r
-/*! BufferedTransformation is a generalization of BlockTransformation,\r
- StreamTransformation, and HashTransformation.\r
-\r
- A buffered transformation is an object that takes a stream of bytes\r
- as input (this may be done in stages), does some computation on them, and\r
- then places the result into an internal buffer for later retrieval. Any\r
- partial result already in the output buffer is not modified by further\r
- input.\r
-\r
- If a method takes a "blocking" parameter, and you\r
- pass "false" for it, the method will return before all input has been processed if\r
- the input cannot be processed without waiting (for network buffers to become available, for example).\r
- In this case the method will return true\r
- or a non-zero integer value. When this happens you must continue to call the method with the same\r
- parameters until it returns false or zero, before calling any other method on it or\r
- attached BufferedTransformation. The integer return value in this case is approximately\r
- the number of bytes left to be processed, and can be used to implement a progress bar.\r
-\r
- For functions that take a "propagation" parameter, propagation != 0 means pass on the signal to attached\r
- BufferedTransformation objects, with propagation decremented at each step until it reaches 0.\r
- -1 means unlimited propagation.\r
-\r
- \nosubgrouping\r
-*/\r
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE BufferedTransformation : public Algorithm, public Waitable\r
-{\r
-public:\r
- // placed up here for CW8\r
- static const std::string &NULL_CHANNEL; // same as DEFAULT_CHANNEL, for backwards compatibility\r
-\r
- BufferedTransformation() : Algorithm(false) {}\r
-\r
- //! return a reference to this object\r
- /*! This function is useful for passing a temporary BufferedTransformation object to a \r
- function that takes a non-const reference. */\r
- BufferedTransformation& Ref() {return *this;}\r
-\r
- //! \name INPUT\r
- //@{\r
- //! input a byte for processing\r
- size_t Put(byte inByte, bool blocking=true)\r
- {return Put(&inByte, 1, blocking);}\r
- //! input multiple bytes\r
- size_t Put(const byte *inString, size_t length, bool blocking=true)\r
- {return Put2(inString, length, 0, blocking);}\r
-\r
- //! input a 16-bit word\r
- size_t PutWord16(word16 value, ByteOrder order=BIG_ENDIAN_ORDER, bool blocking=true);\r
- //! input a 32-bit word\r
- size_t PutWord32(word32 value, ByteOrder order=BIG_ENDIAN_ORDER, bool blocking=true);\r
-\r
- //! request space which can be written into by the caller, and then used as input to Put()\r
- /*! \param size is requested size (as a hint) for input, and size of the returned space for output */\r
- /*! \note The purpose of this method is to help avoid doing extra memory allocations. */\r
- virtual byte * CreatePutSpace(size_t &size) {size=0; return NULL;}\r
-\r
- virtual bool CanModifyInput() const {return false;}\r
-\r
- //! input multiple bytes that may be modified by callee\r
- size_t PutModifiable(byte *inString, size_t length, bool blocking=true)\r
- {return PutModifiable2(inString, length, 0, blocking);}\r
-\r
- bool MessageEnd(int propagation=-1, bool blocking=true)\r
- {return !!Put2(NULL, 0, propagation < 0 ? -1 : propagation+1, blocking);}\r
- size_t PutMessageEnd(const byte *inString, size_t length, int propagation=-1, bool blocking=true)\r
- {return Put2(inString, length, propagation < 0 ? -1 : propagation+1, blocking);}\r
-\r
- //! input multiple bytes for blocking or non-blocking processing\r
- /*! \param messageEnd means how many filters to signal MessageEnd to, including this one */\r
- virtual size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking) =0;\r
- //! input multiple bytes that may be modified by callee for blocking or non-blocking processing\r
- /*! \param messageEnd means how many filters to signal MessageEnd to, including this one */\r
- virtual size_t PutModifiable2(byte *inString, size_t length, int messageEnd, bool blocking)\r
- {return Put2(inString, length, messageEnd, blocking);}\r
-\r
- //! thrown by objects that have not implemented nonblocking input processing\r
- struct BlockingInputOnly : public NotImplemented\r
- {BlockingInputOnly(const std::string &s) : NotImplemented(s + ": Nonblocking input is not implemented by this object.") {}};\r
- //@}\r
-\r
- //! \name WAITING\r
- //@{\r
- unsigned int GetMaxWaitObjectCount() const;\r
- void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack);\r
- //@}\r
-\r
- //! \name SIGNALS\r
- //@{\r
- virtual void IsolatedInitialize(const NameValuePairs ¶meters) {throw NotImplemented("BufferedTransformation: this object can't be reinitialized");}\r
- virtual bool IsolatedFlush(bool hardFlush, bool blocking) =0;\r
- virtual bool IsolatedMessageSeriesEnd(bool blocking) {return false;}\r
-\r
- //! initialize or reinitialize this object\r
- virtual void Initialize(const NameValuePairs ¶meters=g_nullNameValuePairs, int propagation=-1);\r
- //! flush buffered input and/or output\r
- /*! \param hardFlush is used to indicate whether all data should be flushed\r
- \note Hard flushes must be used with care. It means try to process and output everything, even if\r
- there may not be enough data to complete the action. For example, hard flushing a HexDecoder would\r
- cause an error if you do it after inputing an odd number of hex encoded characters.\r
- For some types of filters, for example ZlibDecompressor, hard flushes can only\r
- be done at "synchronization points". These synchronization points are positions in the data\r
- stream that are created by hard flushes on the corresponding reverse filters, in this\r
- example ZlibCompressor. This is useful when zlib compressed data is moved across a\r
- network in packets and compression state is preserved across packets, as in the ssh2 protocol.\r
- */\r
- virtual bool Flush(bool hardFlush, int propagation=-1, bool blocking=true);\r
- //! mark end of a series of messages\r
- /*! There should be a MessageEnd immediately before MessageSeriesEnd. */\r
- virtual bool MessageSeriesEnd(int propagation=-1, bool blocking=true);\r
-\r
- //! set propagation of automatically generated and transferred signals\r
- /*! propagation == 0 means do not automaticly generate signals */\r
- virtual void SetAutoSignalPropagation(int propagation) {}\r
-\r
- //!\r
- virtual int GetAutoSignalPropagation() const {return 0;}\r
-public:\r
-\r
-#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY\r
- void Close() {MessageEnd();}\r
-#endif\r
- //@}\r
-\r
- //! \name RETRIEVAL OF ONE MESSAGE\r
- //@{\r
- //! returns number of bytes that is currently ready for retrieval\r
- /*! All retrieval functions return the actual number of bytes\r
- retrieved, which is the lesser of the request number and\r
- MaxRetrievable(). */\r
- virtual lword MaxRetrievable() const;\r
-\r
- //! returns whether any bytes are currently ready for retrieval\r
- virtual bool AnyRetrievable() const;\r
-\r
- //! try to retrieve a single byte\r
- virtual size_t Get(byte &outByte);\r
- //! try to retrieve multiple bytes\r
- virtual size_t Get(byte *outString, size_t getMax);\r
-\r
- //! peek at the next byte without removing it from the output buffer\r
- virtual size_t Peek(byte &outByte) const;\r
- //! peek at multiple bytes without removing them from the output buffer\r
- virtual size_t Peek(byte *outString, size_t peekMax) const;\r
-\r
- //! try to retrieve a 16-bit word\r
- size_t GetWord16(word16 &value, ByteOrder order=BIG_ENDIAN_ORDER);\r
- //! try to retrieve a 32-bit word\r
- size_t GetWord32(word32 &value, ByteOrder order=BIG_ENDIAN_ORDER);\r
-\r
- //! try to peek at a 16-bit word\r
- size_t PeekWord16(word16 &value, ByteOrder order=BIG_ENDIAN_ORDER) const;\r
- //! try to peek at a 32-bit word\r
- size_t PeekWord32(word32 &value, ByteOrder order=BIG_ENDIAN_ORDER) const;\r
-\r
- //! move transferMax bytes of the buffered output to target as input\r
- lword TransferTo(BufferedTransformation &target, lword transferMax=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL)\r
- {TransferTo2(target, transferMax, channel); return transferMax;}\r
-\r
- //! discard skipMax bytes from the output buffer\r
- virtual lword Skip(lword skipMax=LWORD_MAX);\r
-\r
- //! copy copyMax bytes of the buffered output to target as input\r
- lword CopyTo(BufferedTransformation &target, lword copyMax=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL) const\r
- {return CopyRangeTo(target, 0, copyMax, channel);}\r
-\r
- //! copy copyMax bytes of the buffered output, starting at position (relative to current position), to target as input\r
- lword CopyRangeTo(BufferedTransformation &target, lword position, lword copyMax=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL) const\r
- {lword i = position; CopyRangeTo2(target, i, i+copyMax, channel); return i-position;}\r
-\r
-#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY\r
- unsigned long MaxRetrieveable() const {return MaxRetrievable();}\r
-#endif\r
- //@}\r
-\r
- //! \name RETRIEVAL OF MULTIPLE MESSAGES\r
- //@{\r
- //!\r
- virtual lword TotalBytesRetrievable() const;\r
- //! number of times MessageEnd() has been received minus messages retrieved or skipped\r
- virtual unsigned int NumberOfMessages() const;\r
- //! returns true if NumberOfMessages() > 0\r
- virtual bool AnyMessages() const;\r
- //! start retrieving the next message\r
- /*!\r
- Returns false if no more messages exist or this message \r
- is not completely retrieved.\r
- */\r
- virtual bool GetNextMessage();\r
- //! skip count number of messages\r
- virtual unsigned int SkipMessages(unsigned int count=UINT_MAX);\r
- //!\r
- unsigned int TransferMessagesTo(BufferedTransformation &target, unsigned int count=UINT_MAX, const std::string &channel=DEFAULT_CHANNEL)\r
- {TransferMessagesTo2(target, count, channel); return count;}\r
- //!\r
- unsigned int CopyMessagesTo(BufferedTransformation &target, unsigned int count=UINT_MAX, const std::string &channel=DEFAULT_CHANNEL) const;\r
-\r
- //!\r
- virtual void SkipAll();\r
- //!\r
- void TransferAllTo(BufferedTransformation &target, const std::string &channel=DEFAULT_CHANNEL)\r
- {TransferAllTo2(target, channel);}\r
- //!\r
- void CopyAllTo(BufferedTransformation &target, const std::string &channel=DEFAULT_CHANNEL) const;\r
-\r
- virtual bool GetNextMessageSeries() {return false;}\r
- virtual unsigned int NumberOfMessagesInThisSeries() const {return NumberOfMessages();}\r
- virtual unsigned int NumberOfMessageSeries() const {return 0;}\r
- //@}\r
-\r
- //! \name NON-BLOCKING TRANSFER OF OUTPUT\r
- //@{\r
- //! upon return, byteCount contains number of bytes that have finished being transfered, and returns the number of bytes left in the current transfer block\r
- virtual size_t TransferTo2(BufferedTransformation &target, lword &byteCount, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) =0;\r
- //! upon return, begin contains the start position of data yet to be finished copying, and returns the number of bytes left in the current transfer block\r
- virtual size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const =0;\r
- //! upon return, messageCount contains number of messages that have finished being transfered, and returns the number of bytes left in the current transfer block\r
- size_t TransferMessagesTo2(BufferedTransformation &target, unsigned int &messageCount, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true);\r
- //! returns the number of bytes left in the current transfer block\r
- size_t TransferAllTo2(BufferedTransformation &target, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true);\r
- //@}\r
-\r
- //! \name CHANNELS\r
- //@{\r
- struct NoChannelSupport : public NotImplemented\r
- {NoChannelSupport(const std::string &name) : NotImplemented(name + ": this object doesn't support multiple channels") {}};\r
- struct InvalidChannelName : public InvalidArgument\r
- {InvalidChannelName(const std::string &name, const std::string &channel) : InvalidArgument(name + ": unexpected channel name \"" + channel + "\"") {}};\r
-\r
- size_t ChannelPut(const std::string &channel, byte inByte, bool blocking=true)\r
- {return ChannelPut(channel, &inByte, 1, blocking);}\r
- size_t ChannelPut(const std::string &channel, const byte *inString, size_t length, bool blocking=true)\r
- {return ChannelPut2(channel, inString, length, 0, blocking);}\r
-\r
- size_t ChannelPutModifiable(const std::string &channel, byte *inString, size_t length, bool blocking=true)\r
- {return ChannelPutModifiable2(channel, inString, length, 0, blocking);}\r
-\r
- size_t ChannelPutWord16(const std::string &channel, word16 value, ByteOrder order=BIG_ENDIAN_ORDER, bool blocking=true);\r
- size_t ChannelPutWord32(const std::string &channel, word32 value, ByteOrder order=BIG_ENDIAN_ORDER, bool blocking=true);\r
-\r
- bool ChannelMessageEnd(const std::string &channel, int propagation=-1, bool blocking=true)\r
- {return !!ChannelPut2(channel, NULL, 0, propagation < 0 ? -1 : propagation+1, blocking);}\r
- size_t ChannelPutMessageEnd(const std::string &channel, const byte *inString, size_t length, int propagation=-1, bool blocking=true)\r
- {return ChannelPut2(channel, inString, length, propagation < 0 ? -1 : propagation+1, blocking);}\r
-\r
- virtual byte * ChannelCreatePutSpace(const std::string &channel, size_t &size);\r
-\r
- virtual size_t ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking);\r
- virtual size_t ChannelPutModifiable2(const std::string &channel, byte *begin, size_t length, int messageEnd, bool blocking);\r
-\r
- virtual bool ChannelFlush(const std::string &channel, bool hardFlush, int propagation=-1, bool blocking=true);\r
- virtual bool ChannelMessageSeriesEnd(const std::string &channel, int propagation=-1, bool blocking=true);\r
-\r
- virtual void SetRetrievalChannel(const std::string &channel);\r
- //@}\r
-\r
- //! \name ATTACHMENT\r
- /*! Some BufferedTransformation objects (e.g. Filter objects)\r
- allow other BufferedTransformation objects to be attached. When\r
- this is done, the first object instead of buffering its output,\r
- sents that output to the attached object as input. The entire\r
- attachment chain is deleted when the anchor object is destructed.\r
- */\r
- //@{\r
- //! returns whether this object allows attachment\r
- virtual bool Attachable() {return false;}\r
- //! returns the object immediately attached to this object or NULL for no attachment\r
- virtual BufferedTransformation *AttachedTransformation() {assert(!Attachable()); return 0;}\r
- //!\r
- virtual const BufferedTransformation *AttachedTransformation() const\r
- {return const_cast<BufferedTransformation *>(this)->AttachedTransformation();}\r
- //! delete the current attachment chain and replace it with newAttachment\r
- virtual void Detach(BufferedTransformation *newAttachment = 0)\r
- {assert(!Attachable()); throw NotImplemented("BufferedTransformation: this object is not attachable");}\r
- //! add newAttachment to the end of attachment chain\r
- virtual void Attach(BufferedTransformation *newAttachment);\r
- //@}\r
-\r
-protected:\r
- static int DecrementPropagation(int propagation)\r
- {return propagation != 0 ? propagation - 1 : 0;}\r
-\r
-private:\r
- byte m_buf[4]; // for ChannelPutWord16 and ChannelPutWord32, to ensure buffer isn't deallocated before non-blocking operation completes\r
-};\r
-\r
-//! returns a reference to a BufferedTransformation object that discards all input\r
-BufferedTransformation & TheBitBucket();\r
-\r
-//! interface for crypto material, such as public and private keys, and crypto parameters\r
-\r
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CryptoMaterial : public NameValuePairs\r
-{\r
-public:\r
- //! exception thrown when invalid crypto material is detected\r
- class CRYPTOPP_DLL InvalidMaterial : public InvalidDataFormat\r
- {\r
- public:\r
- explicit InvalidMaterial(const std::string &s) : InvalidDataFormat(s) {}\r
- };\r
-\r
- //! assign values from source to this object\r
- /*! \note This function can be used to create a public key from a private key. */\r
- virtual void AssignFrom(const NameValuePairs &source) =0;\r
-\r
- //! check this object for errors\r
- /*! \param level denotes the level of thoroughness:\r
- 0 - using this object won't cause a crash or exception (rng is ignored)\r
- 1 - this object will probably function (encrypt, sign, etc.) correctly (but may not check for weak keys and such)\r
- 2 - make sure this object will function correctly, and do reasonable security checks\r
- 3 - do checks that may take a long time\r
- \return true if the tests pass */\r
- virtual bool Validate(RandomNumberGenerator &rng, unsigned int level) const =0;\r
-\r
- //! throws InvalidMaterial if this object fails Validate() test\r
- virtual void ThrowIfInvalid(RandomNumberGenerator &rng, unsigned int level) const\r
- {if (!Validate(rng, level)) throw InvalidMaterial("CryptoMaterial: this object contains invalid values");}\r
-\r
-// virtual std::vector<std::string> GetSupportedFormats(bool includeSaveOnly=false, bool includeLoadOnly=false);\r
-\r
- //! save key into a BufferedTransformation\r
- virtual void Save(BufferedTransformation &bt) const\r
- {throw NotImplemented("CryptoMaterial: this object does not support saving");}\r
-\r
- //! load key from a BufferedTransformation\r
- /*! \throws KeyingErr if decode fails\r
- \note Generally does not check that the key is valid.\r
- Call ValidateKey() or ThrowIfInvalidKey() to check that. */\r
- virtual void Load(BufferedTransformation &bt)\r
- {throw NotImplemented("CryptoMaterial: this object does not support loading");}\r
-\r
- //! \return whether this object supports precomputation\r
- virtual bool SupportsPrecomputation() const {return false;}\r
- //! do precomputation\r
- /*! The exact semantics of Precompute() is varies, but\r
- typically it means calculate a table of n objects\r
- that can be used later to speed up computation. */\r
- virtual void Precompute(unsigned int n)\r
- {assert(!SupportsPrecomputation()); throw NotImplemented("CryptoMaterial: this object does not support precomputation");}\r
- //! retrieve previously saved precomputation\r
- virtual void LoadPrecomputation(BufferedTransformation &storedPrecomputation)\r
- {assert(!SupportsPrecomputation()); throw NotImplemented("CryptoMaterial: this object does not support precomputation");}\r
- //! save precomputation for later use\r
- virtual void SavePrecomputation(BufferedTransformation &storedPrecomputation) const\r
- {assert(!SupportsPrecomputation()); throw NotImplemented("CryptoMaterial: this object does not support precomputation");}\r
-\r
- // for internal library use\r
- void DoQuickSanityCheck() const {ThrowIfInvalid(NullRNG(), 0);}\r
-\r
-#if (defined(__SUNPRO_CC) && __SUNPRO_CC < 0x590)\r
- // Sun Studio 11/CC 5.8 workaround: it generates incorrect code when casting to an empty virtual base class\r
- char m_sunCCworkaround;\r
-#endif\r
-};\r
-\r
-//! interface for generatable crypto material, such as private keys and crypto parameters\r
-\r
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE GeneratableCryptoMaterial : virtual public CryptoMaterial\r
-{\r
-public:\r
- //! generate a random key or crypto parameters\r
- /*! \throws KeyingErr if algorithm parameters are invalid, or if a key can't be generated\r
- (e.g., if this is a public key object) */\r
- virtual void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs ¶ms = g_nullNameValuePairs)\r
- {throw NotImplemented("GeneratableCryptoMaterial: this object does not support key/parameter generation");}\r
-\r
- //! calls the above function with a NameValuePairs object that just specifies "KeySize"\r
- void GenerateRandomWithKeySize(RandomNumberGenerator &rng, unsigned int keySize);\r
-};\r
-\r
-//! interface for public keys\r
-\r
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PublicKey : virtual public CryptoMaterial\r
-{\r
-};\r
-\r
-//! interface for private keys\r
-\r
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PrivateKey : public GeneratableCryptoMaterial\r
-{\r
-};\r
-\r
-//! interface for crypto prameters\r
-\r
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CryptoParameters : public GeneratableCryptoMaterial\r
-{\r
-};\r
-\r
-//! interface for asymmetric algorithms\r
-\r
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AsymmetricAlgorithm : public Algorithm\r
-{\r
-public:\r
- //! returns a reference to the crypto material used by this object\r
- virtual CryptoMaterial & AccessMaterial() =0;\r
- //! returns a const reference to the crypto material used by this object\r
- virtual const CryptoMaterial & GetMaterial() const =0;\r
-\r
- //! for backwards compatibility, calls AccessMaterial().Load(bt)\r
- void BERDecode(BufferedTransformation &bt)\r
- {AccessMaterial().Load(bt);}\r
- //! for backwards compatibility, calls GetMaterial().Save(bt)\r
- void DEREncode(BufferedTransformation &bt) const\r
- {GetMaterial().Save(bt);}\r
-};\r
-\r
-//! interface for asymmetric algorithms using public keys\r
-\r
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PublicKeyAlgorithm : public AsymmetricAlgorithm\r
-{\r
-public:\r
- // VC60 workaround: no co-variant return type\r
- CryptoMaterial & AccessMaterial() {return AccessPublicKey();}\r
- const CryptoMaterial & GetMaterial() const {return GetPublicKey();}\r
-\r
- virtual PublicKey & AccessPublicKey() =0;\r
- virtual const PublicKey & GetPublicKey() const {return const_cast<PublicKeyAlgorithm *>(this)->AccessPublicKey();}\r
-};\r
-\r
-//! interface for asymmetric algorithms using private keys\r
-\r
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PrivateKeyAlgorithm : public AsymmetricAlgorithm\r
-{\r
-public:\r
- CryptoMaterial & AccessMaterial() {return AccessPrivateKey();}\r
- const CryptoMaterial & GetMaterial() const {return GetPrivateKey();}\r
-\r
- virtual PrivateKey & AccessPrivateKey() =0;\r
- virtual const PrivateKey & GetPrivateKey() const {return const_cast<PrivateKeyAlgorithm *>(this)->AccessPrivateKey();}\r
-};\r
-\r
-//! interface for key agreement algorithms\r
-\r
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE KeyAgreementAlgorithm : public AsymmetricAlgorithm\r
-{\r
-public:\r
- CryptoMaterial & AccessMaterial() {return AccessCryptoParameters();}\r
- const CryptoMaterial & GetMaterial() const {return GetCryptoParameters();}\r
-\r
- virtual CryptoParameters & AccessCryptoParameters() =0;\r
- virtual const CryptoParameters & GetCryptoParameters() const {return const_cast<KeyAgreementAlgorithm *>(this)->AccessCryptoParameters();}\r
-};\r
-\r
-//! interface for public-key encryptors and decryptors\r
-\r
-/*! This class provides an interface common to encryptors and decryptors\r
- for querying their plaintext and ciphertext lengths.\r
-*/\r
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_CryptoSystem\r
-{\r
-public:\r
- virtual ~PK_CryptoSystem() {}\r
-\r
- //! maximum length of plaintext for a given ciphertext length\r
- /*! \note This function returns 0 if ciphertextLength is not valid (too long or too short). */\r
- virtual size_t MaxPlaintextLength(size_t ciphertextLength) const =0;\r
-\r
- //! calculate length of ciphertext given length of plaintext\r
- /*! \note This function returns 0 if plaintextLength is not valid (too long). */\r
- virtual size_t CiphertextLength(size_t plaintextLength) const =0;\r
-\r
- //! this object supports the use of the parameter with the given name\r
- /*! some possible parameter names: EncodingParameters, KeyDerivationParameters */\r
- virtual bool ParameterSupported(const char *name) const =0;\r
-\r
- //! return fixed ciphertext length, if one exists, otherwise return 0\r
- /*! \note "Fixed" here means length of ciphertext does not depend on length of plaintext.\r
- It usually does depend on the key length. */\r
- virtual size_t FixedCiphertextLength() const {return 0;}\r
-\r
- //! return maximum plaintext length given the fixed ciphertext length, if one exists, otherwise return 0\r
- virtual size_t FixedMaxPlaintextLength() const {return 0;}\r
-\r
-#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY\r
- size_t MaxPlainTextLength(size_t cipherTextLength) const {return MaxPlaintextLength(cipherTextLength);}\r
- size_t CipherTextLength(size_t plainTextLength) const {return CiphertextLength(plainTextLength);}\r
-#endif\r
-};\r
-\r
-//! interface for public-key encryptors\r
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_Encryptor : public PK_CryptoSystem, public PublicKeyAlgorithm\r
-{\r
-public:\r
- //! exception thrown when trying to encrypt plaintext of invalid length\r
- class CRYPTOPP_DLL InvalidPlaintextLength : public Exception\r
- {\r
- public:\r
- InvalidPlaintextLength() : Exception(OTHER_ERROR, "PK_Encryptor: invalid plaintext length") {}\r
- };\r
-\r
- //! encrypt a byte string\r
- /*! \pre CiphertextLength(plaintextLength) != 0 (i.e., plaintext isn't too long)\r
- \pre size of ciphertext == CiphertextLength(plaintextLength)\r
- */\r
- virtual void Encrypt(RandomNumberGenerator &rng, \r
- const byte *plaintext, size_t plaintextLength, \r
- byte *ciphertext, const NameValuePairs ¶meters = g_nullNameValuePairs) const =0;\r
-\r
- //! create a new encryption filter\r
- /*! \note The caller is responsible for deleting the returned pointer.\r
- \note Encoding parameters should be passed in the "EP" channel.\r
- */\r
- virtual BufferedTransformation * CreateEncryptionFilter(RandomNumberGenerator &rng, \r
- BufferedTransformation *attachment=NULL, const NameValuePairs ¶meters = g_nullNameValuePairs) const;\r
-};\r
-\r
-//! interface for public-key decryptors\r
-\r
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_Decryptor : public PK_CryptoSystem, public PrivateKeyAlgorithm\r
-{\r
-public:\r
- //! decrypt a byte string, and return the length of plaintext\r
- /*! \pre size of plaintext == MaxPlaintextLength(ciphertextLength) bytes.\r
- \return the actual length of the plaintext, indication that decryption failed.\r
- */\r
- virtual DecodingResult Decrypt(RandomNumberGenerator &rng, \r
- const byte *ciphertext, size_t ciphertextLength, \r
- byte *plaintext, const NameValuePairs ¶meters = g_nullNameValuePairs) const =0;\r
-\r
- //! create a new decryption filter\r
- /*! \note caller is responsible for deleting the returned pointer\r
- */\r
- virtual BufferedTransformation * CreateDecryptionFilter(RandomNumberGenerator &rng, \r
- BufferedTransformation *attachment=NULL, const NameValuePairs ¶meters = g_nullNameValuePairs) const;\r
-\r
- //! decrypt a fixed size ciphertext\r
- DecodingResult FixedLengthDecrypt(RandomNumberGenerator &rng, const byte *ciphertext, byte *plaintext, const NameValuePairs ¶meters = g_nullNameValuePairs) const\r
- {return Decrypt(rng, ciphertext, FixedCiphertextLength(), plaintext, parameters);}\r
-};\r
-\r
-#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY\r
-typedef PK_CryptoSystem PK_FixedLengthCryptoSystem;\r
-typedef PK_Encryptor PK_FixedLengthEncryptor;\r
-typedef PK_Decryptor PK_FixedLengthDecryptor;\r
-#endif\r
-\r
-//! interface for public-key signers and verifiers\r
-\r
-/*! This class provides an interface common to signers and verifiers\r
- for querying scheme properties.\r
-*/\r
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_SignatureScheme\r
-{\r
-public:\r
- //! invalid key exception, may be thrown by any function in this class if the private or public key has a length that can't be used\r
- class CRYPTOPP_DLL InvalidKeyLength : public Exception\r
- {\r
- public:\r
- InvalidKeyLength(const std::string &message) : Exception(OTHER_ERROR, message) {}\r
- };\r
-\r
- //! key too short exception, may be thrown by any function in this class if the private or public key is too short to sign or verify anything\r
- class CRYPTOPP_DLL KeyTooShort : public InvalidKeyLength\r
- {\r
- public:\r
- KeyTooShort() : InvalidKeyLength("PK_Signer: key too short for this signature scheme") {}\r
- };\r
-\r
- virtual ~PK_SignatureScheme() {}\r
-\r
- //! signature length if it only depends on the key, otherwise 0\r
- virtual size_t SignatureLength() const =0;\r
-\r
- //! maximum signature length produced for a given length of recoverable message part\r
- virtual size_t MaxSignatureLength(size_t recoverablePartLength = 0) const {return SignatureLength();}\r
-\r
- //! length of longest message that can be recovered, or 0 if this signature scheme does not support message recovery\r
- virtual size_t MaxRecoverableLength() const =0;\r
-\r
- //! length of longest message that can be recovered from a signature of given length, or 0 if this signature scheme does not support message recovery\r
- virtual size_t MaxRecoverableLengthFromSignatureLength(size_t signatureLength) const =0;\r
-\r
- //! requires a random number generator to sign\r
- /*! if this returns false, NullRNG() can be passed to functions that take RandomNumberGenerator & */\r
- virtual bool IsProbabilistic() const =0;\r
-\r
- //! whether or not a non-recoverable message part can be signed\r
- virtual bool AllowNonrecoverablePart() const =0;\r
-\r
- //! if this function returns true, during verification you must input the signature before the message, otherwise you can input it at anytime */\r
- virtual bool SignatureUpfront() const {return false;}\r
-\r
- //! whether you must input the recoverable part before the non-recoverable part during signing\r
- virtual bool RecoverablePartFirst() const =0;\r
-};\r
-\r
-//! interface for accumulating messages to be signed or verified\r
-/*! Only Update() should be called\r
- on this class. No other functions inherited from HashTransformation should be called.\r
-*/\r
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_MessageAccumulator : public HashTransformation\r
-{\r
-public:\r
- //! should not be called on PK_MessageAccumulator\r
- unsigned int DigestSize() const\r
- {throw NotImplemented("PK_MessageAccumulator: DigestSize() should not be called");}\r
- //! should not be called on PK_MessageAccumulator\r
- void TruncatedFinal(byte *digest, size_t digestSize) \r
- {throw NotImplemented("PK_MessageAccumulator: TruncatedFinal() should not be called");}\r
-};\r
-\r
-//! interface for public-key signers\r
-\r
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_Signer : public PK_SignatureScheme, public PrivateKeyAlgorithm\r
-{\r
-public:\r
- //! create a new HashTransformation to accumulate the message to be signed\r
- virtual PK_MessageAccumulator * NewSignatureAccumulator(RandomNumberGenerator &rng) const =0;\r
-\r
- virtual void InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, size_t recoverableMessageLength) const =0;\r
-\r
- //! sign and delete messageAccumulator (even in case of exception thrown)\r
- /*! \pre size of signature == MaxSignatureLength()\r
- \return actual signature length\r
- */\r
- virtual size_t Sign(RandomNumberGenerator &rng, PK_MessageAccumulator *messageAccumulator, byte *signature) const;\r
-\r
- //! sign and restart messageAccumulator\r
- /*! \pre size of signature == MaxSignatureLength()\r
- \return actual signature length\r
- */\r
- virtual size_t SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart=true) const =0;\r
-\r
- //! sign a message\r
- /*! \pre size of signature == MaxSignatureLength()\r
- \return actual signature length\r
- */\r
- virtual size_t SignMessage(RandomNumberGenerator &rng, const byte *message, size_t messageLen, byte *signature) const;\r
-\r
- //! sign a recoverable message\r
- /*! \pre size of signature == MaxSignatureLength(recoverableMessageLength)\r
- \return actual signature length\r
- */\r
- virtual size_t SignMessageWithRecovery(RandomNumberGenerator &rng, const byte *recoverableMessage, size_t recoverableMessageLength, \r
- const byte *nonrecoverableMessage, size_t nonrecoverableMessageLength, byte *signature) const;\r
-};\r
-\r
-//! interface for public-key signature verifiers\r
-/*! The Recover* functions throw NotImplemented if the signature scheme does not support\r
- message recovery.\r
- The Verify* functions throw InvalidDataFormat if the scheme does support message\r
- recovery and the signature contains a non-empty recoverable message part. The\r
- Recovery* functions should be used in that case.\r
-*/\r
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_Verifier : public PK_SignatureScheme, public PublicKeyAlgorithm\r
-{\r
-public:\r
- //! create a new HashTransformation to accumulate the message to be verified\r
- virtual PK_MessageAccumulator * NewVerificationAccumulator() const =0;\r
-\r
- //! input signature into a message accumulator\r
- virtual void InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, size_t signatureLength) const =0;\r
-\r
- //! check whether messageAccumulator contains a valid signature and message, and delete messageAccumulator (even in case of exception thrown)\r
- virtual bool Verify(PK_MessageAccumulator *messageAccumulator) const;\r
-\r
- //! check whether messageAccumulator contains a valid signature and message, and restart messageAccumulator\r
- virtual bool VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const =0;\r
-\r
- //! check whether input signature is a valid signature for input message\r
- virtual bool VerifyMessage(const byte *message, size_t messageLen, \r
- const byte *signature, size_t signatureLength) const;\r
-\r
- //! recover a message from its signature\r
- /*! \pre size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength)\r
- */\r
- virtual DecodingResult Recover(byte *recoveredMessage, PK_MessageAccumulator *messageAccumulator) const;\r
-\r
- //! recover a message from its signature\r
- /*! \pre size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength)\r
- */\r
- virtual DecodingResult RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &messageAccumulator) const =0;\r
-\r
- //! recover a message from its signature\r
- /*! \pre size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength)\r
- */\r
- virtual DecodingResult RecoverMessage(byte *recoveredMessage, \r
- const byte *nonrecoverableMessage, size_t nonrecoverableMessageLength, \r
- const byte *signature, size_t signatureLength) const;\r
-};\r
-\r
-//! interface for domains of simple key agreement protocols\r
-\r
-/*! A key agreement domain is a set of parameters that must be shared\r
- by two parties in a key agreement protocol, along with the algorithms\r
- for generating key pairs and deriving agreed values.\r
-*/\r
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE SimpleKeyAgreementDomain : public KeyAgreementAlgorithm\r
-{\r
-public:\r
- //! return length of agreed value produced\r
- virtual unsigned int AgreedValueLength() const =0;\r
- //! return length of private keys in this domain\r
- virtual unsigned int PrivateKeyLength() const =0;\r
- //! return length of public keys in this domain\r
- virtual unsigned int PublicKeyLength() const =0;\r
- //! generate private key\r
- /*! \pre size of privateKey == PrivateKeyLength() */\r
- virtual void GeneratePrivateKey(RandomNumberGenerator &rng, byte *privateKey) const =0;\r
- //! generate public key\r
- /*! \pre size of publicKey == PublicKeyLength() */\r
- virtual void GeneratePublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const =0;\r
- //! generate private/public key pair\r
- /*! \note equivalent to calling GeneratePrivateKey() and then GeneratePublicKey() */\r
- virtual void GenerateKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const;\r
- //! derive agreed value from your private key and couterparty's public key, return false in case of failure\r
- /*! \note If you have previously validated the public key, use validateOtherPublicKey=false to save time.\r
- \pre size of agreedValue == AgreedValueLength()\r
- \pre length of privateKey == PrivateKeyLength()\r
- \pre length of otherPublicKey == PublicKeyLength()\r
- */\r
- virtual bool Agree(byte *agreedValue, const byte *privateKey, const byte *otherPublicKey, bool validateOtherPublicKey=true) const =0;\r
-\r
-#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY\r
- bool ValidateDomainParameters(RandomNumberGenerator &rng) const\r
- {return GetCryptoParameters().Validate(rng, 2);}\r
-#endif\r
-};\r
-\r
-//! interface for domains of authenticated key agreement protocols\r
-\r
-/*! In an authenticated key agreement protocol, each party has two\r
- key pairs. The long-lived key pair is called the static key pair,\r
- and the short-lived key pair is called the ephemeral key pair.\r
-*/\r
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AuthenticatedKeyAgreementDomain : public KeyAgreementAlgorithm\r
-{\r
-public:\r
- //! return length of agreed value produced\r
- virtual unsigned int AgreedValueLength() const =0;\r
-\r
- //! return length of static private keys in this domain\r
- virtual unsigned int StaticPrivateKeyLength() const =0;\r
- //! return length of static public keys in this domain\r
- virtual unsigned int StaticPublicKeyLength() const =0;\r
- //! generate static private key\r
- /*! \pre size of privateKey == PrivateStaticKeyLength() */\r
- virtual void GenerateStaticPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const =0;\r
- //! generate static public key\r
- /*! \pre size of publicKey == PublicStaticKeyLength() */\r
- virtual void GenerateStaticPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const =0;\r
- //! generate private/public key pair\r
- /*! \note equivalent to calling GenerateStaticPrivateKey() and then GenerateStaticPublicKey() */\r
- virtual void GenerateStaticKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const;\r
-\r
- //! return length of ephemeral private keys in this domain\r
- virtual unsigned int EphemeralPrivateKeyLength() const =0;\r
- //! return length of ephemeral public keys in this domain\r
- virtual unsigned int EphemeralPublicKeyLength() const =0;\r
- //! generate ephemeral private key\r
- /*! \pre size of privateKey == PrivateEphemeralKeyLength() */\r
- virtual void GenerateEphemeralPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const =0;\r
- //! generate ephemeral public key\r
- /*! \pre size of publicKey == PublicEphemeralKeyLength() */\r
- virtual void GenerateEphemeralPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const =0;\r
- //! generate private/public key pair\r
- /*! \note equivalent to calling GenerateEphemeralPrivateKey() and then GenerateEphemeralPublicKey() */\r
- virtual void GenerateEphemeralKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const;\r
-\r
- //! derive agreed value from your private keys and couterparty's public keys, return false in case of failure\r
- /*! \note The ephemeral public key will always be validated.\r
- If you have previously validated the static public key, use validateStaticOtherPublicKey=false to save time.\r
- \pre size of agreedValue == AgreedValueLength()\r
- \pre length of staticPrivateKey == StaticPrivateKeyLength()\r
- \pre length of ephemeralPrivateKey == EphemeralPrivateKeyLength()\r
- \pre length of staticOtherPublicKey == StaticPublicKeyLength()\r
- \pre length of ephemeralOtherPublicKey == EphemeralPublicKeyLength()\r
- */\r
- virtual bool Agree(byte *agreedValue,\r
- const byte *staticPrivateKey, const byte *ephemeralPrivateKey,\r
- const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey,\r
- bool validateStaticOtherPublicKey=true) const =0;\r
-\r
-#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY\r
- bool ValidateDomainParameters(RandomNumberGenerator &rng) const\r
- {return GetCryptoParameters().Validate(rng, 2);}\r
-#endif\r
-};\r
-\r
-// interface for password authenticated key agreement protocols, not implemented yet\r
-#if 0\r
-//! interface for protocol sessions\r
-/*! The methods should be called in the following order:\r
-\r
- InitializeSession(rng, parameters); // or call initialize method in derived class\r
- while (true)\r
- {\r
- if (OutgoingMessageAvailable())\r
- {\r
- length = GetOutgoingMessageLength();\r
- GetOutgoingMessage(message);\r
- ; // send outgoing message\r
- }\r
-\r
- if (LastMessageProcessed())\r
- break;\r
-\r
- ; // receive incoming message\r
- ProcessIncomingMessage(message);\r
- }\r
- ; // call methods in derived class to obtain result of protocol session\r
-*/\r
-class ProtocolSession\r
-{\r
-public:\r
- //! exception thrown when an invalid protocol message is processed\r
- class ProtocolError : public Exception\r
- {\r
- public:\r
- ProtocolError(ErrorType errorType, const std::string &s) : Exception(errorType, s) {}\r
- };\r
-\r
- //! exception thrown when a function is called unexpectedly\r
- /*! for example calling ProcessIncomingMessage() when ProcessedLastMessage() == true */\r
- class UnexpectedMethodCall : public Exception\r
- {\r
- public:\r
- UnexpectedMethodCall(const std::string &s) : Exception(OTHER_ERROR, s) {}\r
- };\r
-\r
- ProtocolSession() : m_rng(NULL), m_throwOnProtocolError(true), m_validState(false) {}\r
- virtual ~ProtocolSession() {}\r
-\r
- virtual void InitializeSession(RandomNumberGenerator &rng, const NameValuePairs ¶meters) =0;\r
-\r
- bool GetThrowOnProtocolError() const {return m_throwOnProtocolError;}\r
- void SetThrowOnProtocolError(bool throwOnProtocolError) {m_throwOnProtocolError = throwOnProtocolError;}\r
-\r
- bool HasValidState() const {return m_validState;}\r
-\r
- virtual bool OutgoingMessageAvailable() const =0;\r
- virtual unsigned int GetOutgoingMessageLength() const =0;\r
- virtual void GetOutgoingMessage(byte *message) =0;\r
-\r
- virtual bool LastMessageProcessed() const =0;\r
- virtual void ProcessIncomingMessage(const byte *message, unsigned int messageLength) =0;\r
-\r
-protected:\r
- void HandleProtocolError(Exception::ErrorType errorType, const std::string &s) const;\r
- void CheckAndHandleInvalidState() const;\r
- void SetValidState(bool valid) {m_validState = valid;}\r
-\r
- RandomNumberGenerator *m_rng;\r
-\r
-private:\r
- bool m_throwOnProtocolError, m_validState;\r
-};\r
-\r
-class KeyAgreementSession : public ProtocolSession\r
-{\r
-public:\r
- virtual unsigned int GetAgreedValueLength() const =0;\r
- virtual void GetAgreedValue(byte *agreedValue) const =0;\r
-};\r
-\r
-class PasswordAuthenticatedKeyAgreementSession : public KeyAgreementSession\r
-{\r
-public:\r
- void InitializePasswordAuthenticatedKeyAgreementSession(RandomNumberGenerator &rng, \r
- const byte *myId, unsigned int myIdLength, \r
- const byte *counterPartyId, unsigned int counterPartyIdLength, \r
- const byte *passwordOrVerifier, unsigned int passwordOrVerifierLength);\r
-};\r
-\r
-class PasswordAuthenticatedKeyAgreementDomain : public KeyAgreementAlgorithm\r
-{\r
-public:\r
- //! return whether the domain parameters stored in this object are valid\r
- virtual bool ValidateDomainParameters(RandomNumberGenerator &rng) const\r
- {return GetCryptoParameters().Validate(rng, 2);}\r
-\r
- virtual unsigned int GetPasswordVerifierLength(const byte *password, unsigned int passwordLength) const =0;\r
- virtual void GeneratePasswordVerifier(RandomNumberGenerator &rng, const byte *userId, unsigned int userIdLength, const byte *password, unsigned int passwordLength, byte *verifier) const =0;\r
-\r
- enum RoleFlags {CLIENT=1, SERVER=2, INITIATOR=4, RESPONDER=8};\r
-\r
- virtual bool IsValidRole(unsigned int role) =0;\r
- virtual PasswordAuthenticatedKeyAgreementSession * CreateProtocolSession(unsigned int role) const =0;\r
-};\r
-#endif\r
-\r
-//! BER Decode Exception Class, may be thrown during an ASN1 BER decode operation\r
-class CRYPTOPP_DLL BERDecodeErr : public InvalidArgument\r
-{\r
-public: \r
- BERDecodeErr() : InvalidArgument("BER decode error") {}\r
- BERDecodeErr(const std::string &s) : InvalidArgument(s) {}\r
-};\r
-\r
-//! interface for encoding and decoding ASN1 objects\r
-class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE ASN1Object\r
-{\r
-public:\r
- virtual ~ASN1Object() {}\r
- //! decode this object from a BufferedTransformation, using BER (Basic Encoding Rules)\r
- virtual void BERDecode(BufferedTransformation &bt) =0;\r
- //! encode this object into a BufferedTransformation, using DER (Distinguished Encoding Rules)\r
- virtual void DEREncode(BufferedTransformation &bt) const =0;\r
- //! encode this object into a BufferedTransformation, using BER\r
- /*! this may be useful if DEREncode() would be too inefficient */\r
- virtual void BEREncode(BufferedTransformation &bt) const {DEREncode(bt);}\r
-};\r
-\r
-#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY\r
-typedef PK_SignatureScheme PK_SignatureSystem;\r
-typedef SimpleKeyAgreementDomain PK_SimpleKeyAgreementDomain;\r
-typedef AuthenticatedKeyAgreementDomain PK_AuthenticatedKeyAgreementDomain;\r
-#endif\r
-\r
-NAMESPACE_END\r
-\r
-#endif\r
+// cryptlib.h - written and placed in the public domain by Wei Dai
+/*! \file
+ This file contains the declarations for the abstract base
+ classes that provide a uniform interface to this library.
+*/
+
+/*! \mainpage Crypto++ Library 5.6.0 API Reference
+<dl>
+<dt>Abstract Base Classes<dd>
+ cryptlib.h
+<dt>Authenticated Encryption<dd>
+ AuthenticatedSymmetricCipherDocumentation
+<dt>Symmetric Ciphers<dd>
+ SymmetricCipherDocumentation
+<dt>Hash Functions<dd>
+ SHA1, SHA224, SHA256, SHA384, SHA512, Tiger, Whirlpool, RIPEMD160, RIPEMD320, RIPEMD128, RIPEMD256, Weak1::MD2, Weak1::MD4, Weak1::MD5
+<dt>Non-Cryptographic Checksums<dd>
+ CRC32, Adler32
+<dt>Message Authentication Codes<dd>
+ VMAC, HMAC, CBC_MAC, CMAC, DMAC, TTMAC, GCM (GMAC)
+<dt>Random Number Generators<dd>
+ NullRNG(), LC_RNG, RandomPool, BlockingRng, NonblockingRng, AutoSeededRandomPool, AutoSeededX917RNG, DefaultAutoSeededRNG
+<dt>Password-based Cryptography<dd>
+ PasswordBasedKeyDerivationFunction
+<dt>Public Key Cryptosystems<dd>
+ DLIES, ECIES, LUCES, RSAES, RabinES, LUC_IES
+<dt>Public Key Signature Schemes<dd>
+ DSA, GDSA, ECDSA, NR, ECNR, LUCSS, RSASS, RSASS_ISO, RabinSS, RWSS, ESIGN
+<dt>Key Agreement<dd>
+ #DH, DH2, #MQV, ECDH, ECMQV, XTR_DH
+<dt>Algebraic Structures<dd>
+ Integer, PolynomialMod2, PolynomialOver, RingOfPolynomialsOver,
+ ModularArithmetic, MontgomeryRepresentation, GFP2_ONB,
+ GF2NP, GF256, GF2_32, EC2N, ECP
+<dt>Secret Sharing and Information Dispersal<dd>
+ SecretSharing, SecretRecovery, InformationDispersal, InformationRecovery
+<dt>Compression<dd>
+ Deflator, Inflator, Gzip, Gunzip, ZlibCompressor, ZlibDecompressor
+<dt>Input Source Classes<dd>
+ StringSource, ArraySource, FileSource, SocketSource, WindowsPipeSource, RandomNumberSource
+<dt>Output Sink Classes<dd>
+ StringSinkTemplate, ArraySink, FileSink, SocketSink, WindowsPipeSink, RandomNumberSink
+<dt>Filter Wrappers<dd>
+ StreamTransformationFilter, HashFilter, HashVerificationFilter, SignerFilter, SignatureVerificationFilter
+<dt>Binary to Text Encoders and Decoders<dd>
+ HexEncoder, HexDecoder, Base64Encoder, Base64Decoder, Base32Encoder, Base32Decoder
+<dt>Wrappers for OS features<dd>
+ Timer, Socket, WindowsHandle, ThreadLocalStorage, ThreadUserTimer
+<dt>FIPS 140 related<dd>
+ fips140.h
+</dl>
+
+In the FIPS 140-2 validated DLL version of Crypto++, only the following implementation class are available.
+<dl>
+<dt>Block Ciphers<dd>
+ AES, DES_EDE2, DES_EDE3, SKIPJACK
+<dt>Cipher Modes (replace template parameter BC with one of the block ciphers above)<dd>
+ ECB_Mode\<BC\>, CTR_Mode\<BC\>, CBC_Mode\<BC\>, CFB_FIPS_Mode\<BC\>, OFB_Mode\<BC\>
+<dt>Hash Functions<dd>
+ SHA1, SHA224, SHA256, SHA384, SHA512
+<dt>Public Key Signature Schemes (replace template parameter H with one of the hash functions above)<dd>
+ RSASS\<PKCS1v15, H\>, RSASS\<PSS, H\>, RSASS_ISO\<H\>, RWSS\<P1363_EMSA2, H\>, DSA, ECDSA\<ECP, H\>, ECDSA\<EC2N, H\>
+<dt>Message Authentication Codes (replace template parameter H with one of the hash functions above)<dd>
+ HMAC\<H\>, CBC_MAC\<DES_EDE2\>, CBC_MAC\<DES_EDE3\>
+<dt>Random Number Generators<dd>
+ DefaultAutoSeededRNG (AutoSeededX917RNG\<AES\>)
+<dt>Key Agreement<dd>
+ #DH
+<dt>Public Key Cryptosystems<dd>
+ RSAES\<OAEP\<SHA1\> \>
+</dl>
+
+<p>This reference manual is a work in progress. Some classes are still lacking detailed descriptions.
+<p>Click <a href="CryptoPPRef.zip">here</a> to download a zip archive containing this manual.
+<p>Thanks to Ryan Phillips for providing the Doxygen configuration file
+and getting me started with this manual.
+*/
+
+#ifndef CRYPTOPP_CRYPTLIB_H
+#define CRYPTOPP_CRYPTLIB_H
+
+#include "config.h"
+#include "stdcpp.h"
+
+NAMESPACE_BEGIN(CryptoPP)
+
+// forward declarations
+class Integer;
+class RandomNumberGenerator;
+class BufferedTransformation;
+
+//! used to specify a direction for a cipher to operate in (encrypt or decrypt)
+enum CipherDir {ENCRYPTION, DECRYPTION};
+
+//! used to represent infinite time
+const unsigned long INFINITE_TIME = ULONG_MAX;
+
+// VC60 workaround: using enums as template parameters causes problems
+template <typename ENUM_TYPE, int VALUE>
+struct EnumToType
+{
+ static ENUM_TYPE ToEnum() {return (ENUM_TYPE)VALUE;}
+};
+
+enum ByteOrder {LITTLE_ENDIAN_ORDER = 0, BIG_ENDIAN_ORDER = 1};
+typedef EnumToType<ByteOrder, LITTLE_ENDIAN_ORDER> LittleEndian;
+typedef EnumToType<ByteOrder, BIG_ENDIAN_ORDER> BigEndian;
+
+//! base class for all exceptions thrown by Crypto++
+class CRYPTOPP_DLL Exception : public std::exception
+{
+public:
+ //! error types
+ enum ErrorType {
+ //! a method is not implemented
+ NOT_IMPLEMENTED,
+ //! invalid function argument
+ INVALID_ARGUMENT,
+ //! BufferedTransformation received a Flush(true) signal but can't flush buffers
+ CANNOT_FLUSH,
+ //! data integerity check (such as CRC or MAC) failed
+ DATA_INTEGRITY_CHECK_FAILED,
+ //! received input data that doesn't conform to expected format
+ INVALID_DATA_FORMAT,
+ //! error reading from input device or writing to output device
+ IO_ERROR,
+ //! some error not belong to any of the above categories
+ OTHER_ERROR
+ };
+
+ explicit Exception(ErrorType errorType, const std::string &s) : m_errorType(errorType), m_what(s) {}
+ virtual ~Exception() throw() {}
+ const char *what() const throw() {return (m_what.c_str());}
+ const std::string &GetWhat() const {return m_what;}
+ void SetWhat(const std::string &s) {m_what = s;}
+ ErrorType GetErrorType() const {return m_errorType;}
+ void SetErrorType(ErrorType errorType) {m_errorType = errorType;}
+
+private:
+ ErrorType m_errorType;
+ std::string m_what;
+};
+
+//! exception thrown when an invalid argument is detected
+class CRYPTOPP_DLL InvalidArgument : public Exception
+{
+public:
+ explicit InvalidArgument(const std::string &s) : Exception(INVALID_ARGUMENT, s) {}
+};
+
+//! exception thrown when input data is received that doesn't conform to expected format
+class CRYPTOPP_DLL InvalidDataFormat : public Exception
+{
+public:
+ explicit InvalidDataFormat(const std::string &s) : Exception(INVALID_DATA_FORMAT, s) {}
+};
+
+//! exception thrown by decryption filters when trying to decrypt an invalid ciphertext
+class CRYPTOPP_DLL InvalidCiphertext : public InvalidDataFormat
+{
+public:
+ explicit InvalidCiphertext(const std::string &s) : InvalidDataFormat(s) {}
+};
+
+//! exception thrown by a class if a non-implemented method is called
+class CRYPTOPP_DLL NotImplemented : public Exception
+{
+public:
+ explicit NotImplemented(const std::string &s) : Exception(NOT_IMPLEMENTED, s) {}
+};
+
+//! exception thrown by a class when Flush(true) is called but it can't completely flush its buffers
+class CRYPTOPP_DLL CannotFlush : public Exception
+{
+public:
+ explicit CannotFlush(const std::string &s) : Exception(CANNOT_FLUSH, s) {}
+};
+
+//! error reported by the operating system
+class CRYPTOPP_DLL OS_Error : public Exception
+{
+public:
+ OS_Error(ErrorType errorType, const std::string &s, const std::string& operation, int errorCode)
+ : Exception(errorType, s), m_operation(operation), m_errorCode(errorCode) {}
+ ~OS_Error() throw() {}
+
+ // the operating system API that reported the error
+ const std::string & GetOperation() const {return m_operation;}
+ // the error code return by the operating system
+ int GetErrorCode() const {return m_errorCode;}
+
+protected:
+ std::string m_operation;
+ int m_errorCode;
+};
+
+//! used to return decoding results
+struct CRYPTOPP_DLL DecodingResult
+{
+ explicit DecodingResult() : isValidCoding(false), messageLength(0) {}
+ explicit DecodingResult(size_t len) : isValidCoding(true), messageLength(len) {}
+
+ bool operator==(const DecodingResult &rhs) const {return isValidCoding == rhs.isValidCoding && messageLength == rhs.messageLength;}
+ bool operator!=(const DecodingResult &rhs) const {return !operator==(rhs);}
+
+ bool isValidCoding;
+ size_t messageLength;
+
+#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY
+ operator size_t() const {return isValidCoding ? messageLength : 0;}
+#endif
+};
+
+//! interface for retrieving values given their names
+/*! \note This class is used to safely pass a variable number of arbitrarily typed arguments to functions
+ and to read values from keys and crypto parameters.
+ \note To obtain an object that implements NameValuePairs for the purpose of parameter
+ passing, use the MakeParameters() function.
+ \note To get a value from NameValuePairs, you need to know the name and the type of the value.
+ Call GetValueNames() on a NameValuePairs object to obtain a list of value names that it supports.
+ Then look at the Name namespace documentation to see what the type of each value is, or
+ alternatively, call GetIntValue() with the value name, and if the type is not int, a
+ ValueTypeMismatch exception will be thrown and you can get the actual type from the exception object.
+*/
+class CRYPTOPP_NO_VTABLE NameValuePairs
+{
+public:
+ virtual ~NameValuePairs() {}
+
+ //! exception thrown when trying to retrieve a value using a different type than expected
+ class CRYPTOPP_DLL ValueTypeMismatch : public InvalidArgument
+ {
+ public:
+ ValueTypeMismatch(const std::string &name, const std::type_info &stored, const std::type_info &retrieving)
+ : InvalidArgument("NameValuePairs: type mismatch for '" + name + "', stored '" + stored.name() + "', trying to retrieve '" + retrieving.name() + "'")
+ , m_stored(stored), m_retrieving(retrieving) {}
+
+ const std::type_info & GetStoredTypeInfo() const {return m_stored;}
+ const std::type_info & GetRetrievingTypeInfo() const {return m_retrieving;}
+
+ private:
+ const std::type_info &m_stored;
+ const std::type_info &m_retrieving;
+ };
+
+ //! get a copy of this object or a subobject of it
+ template <class T>
+ bool GetThisObject(T &object) const
+ {
+ return GetValue((std::string("ThisObject:")+typeid(T).name()).c_str(), object);
+ }
+
+ //! get a pointer to this object, as a pointer to T
+ template <class T>
+ bool GetThisPointer(T *&p) const
+ {
+ return GetValue((std::string("ThisPointer:")+typeid(T).name()).c_str(), p);
+ }
+
+ //! get a named value, returns true if the name exists
+ template <class T>
+ bool GetValue(const char *name, T &value) const
+ {
+ return GetVoidValue(name, typeid(T), &value);
+ }
+
+ //! get a named value, returns the default if the name doesn't exist
+ template <class T>
+ T GetValueWithDefault(const char *name, T defaultValue) const
+ {
+ GetValue(name, defaultValue);
+ return defaultValue;
+ }
+
+ //! get a list of value names that can be retrieved
+ CRYPTOPP_DLL std::string GetValueNames() const
+ {std::string result; GetValue("ValueNames", result); return result;}
+
+ //! get a named value with type int
+ /*! used to ensure we don't accidentally try to get an unsigned int
+ or some other type when we mean int (which is the most common case) */
+ CRYPTOPP_DLL bool GetIntValue(const char *name, int &value) const
+ {return GetValue(name, value);}
+
+ //! get a named value with type int, with default
+ CRYPTOPP_DLL int GetIntValueWithDefault(const char *name, int defaultValue) const
+ {return GetValueWithDefault(name, defaultValue);}
+
+ //! used by derived classes to check for type mismatch
+ CRYPTOPP_DLL static void CRYPTOPP_API ThrowIfTypeMismatch(const char *name, const std::type_info &stored, const std::type_info &retrieving)
+ {if (stored != retrieving) throw ValueTypeMismatch(name, stored, retrieving);}
+
+ template <class T>
+ void GetRequiredParameter(const char *className, const char *name, T &value) const
+ {
+ if (!GetValue(name, value))
+ throw InvalidArgument(std::string(className) + ": missing required parameter '" + name + "'");
+ }
+
+ CRYPTOPP_DLL void GetRequiredIntParameter(const char *className, const char *name, int &value) const
+ {
+ if (!GetIntValue(name, value))
+ throw InvalidArgument(std::string(className) + ": missing required parameter '" + name + "'");
+ }
+
+ //! to be implemented by derived classes, users should use one of the above functions instead
+ CRYPTOPP_DLL virtual bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const =0;
+};
+
+//! namespace containing value name definitions
+/*! value names, types and semantics:
+
+ ThisObject:ClassName (ClassName, copy of this object or a subobject)
+ ThisPointer:ClassName (const ClassName *, pointer to this object or a subobject)
+*/
+DOCUMENTED_NAMESPACE_BEGIN(Name)
+// more names defined in argnames.h
+DOCUMENTED_NAMESPACE_END
+
+//! empty set of name-value pairs
+class CRYPTOPP_DLL NullNameValuePairs : public NameValuePairs
+{
+public:
+ bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const {return false;}
+};
+
+//! _
+extern CRYPTOPP_DLL const NullNameValuePairs g_nullNameValuePairs;
+
+// ********************************************************
+
+//! interface for cloning objects, this is not implemented by most classes yet
+class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Clonable
+{
+public:
+ virtual ~Clonable() {}
+ //! this is not implemented by most classes yet
+ virtual Clonable* Clone() const {throw NotImplemented("Clone() is not implemented yet.");} // TODO: make this =0
+};
+
+//! interface for all crypto algorithms
+
+class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Algorithm : public Clonable
+{
+public:
+ /*! When FIPS 140-2 compliance is enabled and checkSelfTestStatus == true,
+ this constructor throws SelfTestFailure if the self test hasn't been run or fails. */
+ Algorithm(bool checkSelfTestStatus = true);
+ //! returns name of this algorithm, not universally implemented yet
+ virtual std::string AlgorithmName() const {return "unknown";}
+};
+
+//! keying interface for crypto algorithms that take byte strings as keys
+class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE SimpleKeyingInterface
+{
+public:
+ virtual ~SimpleKeyingInterface() {}
+
+ //! returns smallest valid key length in bytes */
+ virtual size_t MinKeyLength() const =0;
+ //! returns largest valid key length in bytes */
+ virtual size_t MaxKeyLength() const =0;
+ //! returns default (recommended) key length in bytes */
+ virtual size_t DefaultKeyLength() const =0;
+
+ //! returns the smallest valid key length in bytes that is >= min(n, GetMaxKeyLength())
+ virtual size_t GetValidKeyLength(size_t n) const =0;
+
+ //! returns whether n is a valid key length
+ virtual bool IsValidKeyLength(size_t n) const
+ {return n == GetValidKeyLength(n);}
+
+ //! set or reset the key of this object
+ /*! \param params is used to specify Rounds, BlockSize, etc. */
+ virtual void SetKey(const byte *key, size_t length, const NameValuePairs ¶ms = g_nullNameValuePairs);
+
+ //! calls SetKey() with an NameValuePairs object that just specifies "Rounds"
+ void SetKeyWithRounds(const byte *key, size_t length, int rounds);
+
+ //! calls SetKey() with an NameValuePairs object that just specifies "IV"
+ void SetKeyWithIV(const byte *key, size_t length, const byte *iv, size_t ivLength);
+
+ //! calls SetKey() with an NameValuePairs object that just specifies "IV"
+ void SetKeyWithIV(const byte *key, size_t length, const byte *iv)
+ {SetKeyWithIV(key, length, iv, IVSize());}
+
+ enum IV_Requirement {UNIQUE_IV = 0, RANDOM_IV, UNPREDICTABLE_RANDOM_IV, INTERNALLY_GENERATED_IV, NOT_RESYNCHRONIZABLE};
+ //! returns the minimal requirement for secure IVs
+ virtual IV_Requirement IVRequirement() const =0;
+
+ //! returns whether this object can be resynchronized (i.e. supports initialization vectors)
+ /*! If this function returns true, and no IV is passed to SetKey() and CanUseStructuredIVs()==true, an IV of all 0's will be assumed. */
+ bool IsResynchronizable() const {return IVRequirement() < NOT_RESYNCHRONIZABLE;}
+ //! returns whether this object can use random IVs (in addition to ones returned by GetNextIV)
+ bool CanUseRandomIVs() const {return IVRequirement() <= UNPREDICTABLE_RANDOM_IV;}
+ //! returns whether this object can use random but possibly predictable IVs (in addition to ones returned by GetNextIV)
+ bool CanUsePredictableIVs() const {return IVRequirement() <= RANDOM_IV;}
+ //! returns whether this object can use structured IVs, for example a counter (in addition to ones returned by GetNextIV)
+ bool CanUseStructuredIVs() const {return IVRequirement() <= UNIQUE_IV;}
+
+ virtual unsigned int IVSize() const {throw NotImplemented(GetAlgorithm().AlgorithmName() + ": this object doesn't support resynchronization");}
+ //! returns default length of IVs accepted by this object
+ unsigned int DefaultIVLength() const {return IVSize();}
+ //! returns minimal length of IVs accepted by this object
+ virtual unsigned int MinIVLength() const {return IVSize();}
+ //! returns maximal length of IVs accepted by this object
+ virtual unsigned int MaxIVLength() const {return IVSize();}
+ //! resynchronize with an IV. ivLength=-1 means use IVSize()
+ virtual void Resynchronize(const byte *iv, int ivLength=-1) {throw NotImplemented(GetAlgorithm().AlgorithmName() + ": this object doesn't support resynchronization");}
+ //! get a secure IV for the next message
+ /*! This method should be called after you finish encrypting one message and are ready to start the next one.
+ After calling it, you must call SetKey() or Resynchronize() before using this object again.
+ This method is not implemented on decryption objects. */
+ virtual void GetNextIV(RandomNumberGenerator &rng, byte *IV);
+
+protected:
+ virtual const Algorithm & GetAlgorithm() const =0;
+ virtual void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms) =0;
+
+ void ThrowIfInvalidKeyLength(size_t length);
+ void ThrowIfResynchronizable(); // to be called when no IV is passed
+ void ThrowIfInvalidIV(const byte *iv); // check for NULL IV if it can't be used
+ size_t ThrowIfInvalidIVLength(int size);
+ const byte * GetIVAndThrowIfInvalid(const NameValuePairs ¶ms, size_t &size);
+ inline void AssertValidKeyLength(size_t length) const
+ {assert(IsValidKeyLength(length));}
+};
+
+//! interface for the data processing part of block ciphers
+
+/*! Classes derived from BlockTransformation are block ciphers
+ in ECB mode (for example the DES::Encryption class), which are stateless.
+ These classes should not be used directly, but only in combination with
+ a mode class (see CipherModeDocumentation in modes.h).
+*/
+class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE BlockTransformation : public Algorithm
+{
+public:
+ //! encrypt or decrypt inBlock, xor with xorBlock, and write to outBlock
+ virtual void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const =0;
+
+ //! encrypt or decrypt one block
+ /*! \pre size of inBlock and outBlock == BlockSize() */
+ void ProcessBlock(const byte *inBlock, byte *outBlock) const
+ {ProcessAndXorBlock(inBlock, NULL, outBlock);}
+
+ //! encrypt or decrypt one block in place
+ void ProcessBlock(byte *inoutBlock) const
+ {ProcessAndXorBlock(inoutBlock, NULL, inoutBlock);}
+
+ //! block size of the cipher in bytes
+ virtual unsigned int BlockSize() const =0;
+
+ //! returns how inputs and outputs should be aligned for optimal performance
+ virtual unsigned int OptimalDataAlignment() const;
+
+ //! returns true if this is a permutation (i.e. there is an inverse transformation)
+ virtual bool IsPermutation() const {return true;}
+
+ //! returns true if this is an encryption object
+ virtual bool IsForwardTransformation() const =0;
+
+ //! return number of blocks that can be processed in parallel, for bit-slicing implementations
+ virtual unsigned int OptimalNumberOfParallelBlocks() const {return 1;}
+
+ enum {BT_InBlockIsCounter=1, BT_DontIncrementInOutPointers=2, BT_XorInput=4, BT_ReverseDirection=8} FlagsForAdvancedProcessBlocks;
+
+ //! encrypt and xor blocks according to flags (see FlagsForAdvancedProcessBlocks)
+ /*! /note If BT_InBlockIsCounter is set, last byte of inBlocks may be modified. */
+ virtual size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const;
+
+ inline CipherDir GetCipherDirection() const {return IsForwardTransformation() ? ENCRYPTION : DECRYPTION;}
+};
+
+//! interface for the data processing part of stream ciphers
+
+class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE StreamTransformation : public Algorithm
+{
+public:
+ //! return a reference to this object,
+ /*! This function is useful for passing a temporary StreamTransformation object to a
+ function that takes a non-const reference. */
+ StreamTransformation& Ref() {return *this;}
+
+ //! returns block size, if input must be processed in blocks, otherwise 1
+ virtual unsigned int MandatoryBlockSize() const {return 1;}
+
+ //! returns the input block size that is most efficient for this cipher
+ /*! \note optimal input length is n * OptimalBlockSize() - GetOptimalBlockSizeUsed() for any n > 0 */
+ virtual unsigned int OptimalBlockSize() const {return MandatoryBlockSize();}
+ //! returns how much of the current block is used up
+ virtual unsigned int GetOptimalBlockSizeUsed() const {return 0;}
+
+ //! returns how input should be aligned for optimal performance
+ virtual unsigned int OptimalDataAlignment() const;
+
+ //! encrypt or decrypt an array of bytes of specified length
+ /*! \note either inString == outString, or they don't overlap */
+ virtual void ProcessData(byte *outString, const byte *inString, size_t length) =0;
+
+ //! for ciphers where the last block of data is special, encrypt or decrypt the last block of data
+ /*! For now the only use of this function is for CBC-CTS mode. */
+ virtual void ProcessLastBlock(byte *outString, const byte *inString, size_t length);
+ //! returns the minimum size of the last block, 0 indicating the last block is not special
+ virtual unsigned int MinLastBlockSize() const {return 0;}
+
+ //! same as ProcessData(inoutString, inoutString, length)
+ inline void ProcessString(byte *inoutString, size_t length)
+ {ProcessData(inoutString, inoutString, length);}
+ //! same as ProcessData(outString, inString, length)
+ inline void ProcessString(byte *outString, const byte *inString, size_t length)
+ {ProcessData(outString, inString, length);}
+ //! implemented as {ProcessData(&input, &input, 1); return input;}
+ inline byte ProcessByte(byte input)
+ {ProcessData(&input, &input, 1); return input;}
+
+ //! returns whether this cipher supports random access
+ virtual bool IsRandomAccess() const =0;
+ //! for random access ciphers, seek to an absolute position
+ virtual void Seek(lword n)
+ {
+ assert(!IsRandomAccess());
+ throw NotImplemented("StreamTransformation: this object doesn't support random access");
+ }
+
+ //! returns whether this transformation is self-inverting (e.g. xor with a keystream)
+ virtual bool IsSelfInverting() const =0;
+ //! returns whether this is an encryption object
+ virtual bool IsForwardTransformation() const =0;
+};
+
+//! interface for hash functions and data processing part of MACs
+
+/*! HashTransformation objects are stateful. They are created in an initial state,
+ change state as Update() is called, and return to the initial
+ state when Final() is called. This interface allows a large message to
+ be hashed in pieces by calling Update() on each piece followed by
+ calling Final().
+*/
+class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE HashTransformation : public Algorithm
+{
+public:
+ //! return a reference to this object,
+ /*! This function is useful for passing a temporary HashTransformation object to a
+ function that takes a non-const reference. */
+ HashTransformation& Ref() {return *this;}
+
+ //! process more input
+ virtual void Update(const byte *input, size_t length) =0;
+
+ //! request space to write input into
+ virtual byte * CreateUpdateSpace(size_t &size) {size=0; return NULL;}
+
+ //! compute hash for current message, then restart for a new message
+ /*! \pre size of digest == DigestSize(). */
+ virtual void Final(byte *digest)
+ {TruncatedFinal(digest, DigestSize());}
+
+ //! discard the current state, and restart with a new message
+ virtual void Restart()
+ {TruncatedFinal(NULL, 0);}
+
+ //! size of the hash/digest/MAC returned by Final()
+ virtual unsigned int DigestSize() const =0;
+
+ //! same as DigestSize()
+ unsigned int TagSize() const {return DigestSize();}
+
+
+ //! block size of underlying compression function, or 0 if not block based
+ virtual unsigned int BlockSize() const {return 0;}
+
+ //! input to Update() should have length a multiple of this for optimal speed
+ virtual unsigned int OptimalBlockSize() const {return 1;}
+
+ //! returns how input should be aligned for optimal performance
+ virtual unsigned int OptimalDataAlignment() const;
+
+ //! use this if your input is in one piece and you don't want to call Update() and Final() separately
+ virtual void CalculateDigest(byte *digest, const byte *input, size_t length)
+ {Update(input, length); Final(digest);}
+
+ //! verify that digest is a valid digest for the current message, then reinitialize the object
+ /*! Default implementation is to call Final() and do a bitwise comparison
+ between its output and digest. */
+ virtual bool Verify(const byte *digest)
+ {return TruncatedVerify(digest, DigestSize());}
+
+ //! use this if your input is in one piece and you don't want to call Update() and Verify() separately
+ virtual bool VerifyDigest(const byte *digest, const byte *input, size_t length)
+ {Update(input, length); return Verify(digest);}
+
+ //! truncated version of Final()
+ virtual void TruncatedFinal(byte *digest, size_t digestSize) =0;
+
+ //! truncated version of CalculateDigest()
+ virtual void CalculateTruncatedDigest(byte *digest, size_t digestSize, const byte *input, size_t length)
+ {Update(input, length); TruncatedFinal(digest, digestSize);}
+
+ //! truncated version of Verify()
+ virtual bool TruncatedVerify(const byte *digest, size_t digestLength);
+
+ //! truncated version of VerifyDigest()
+ virtual bool VerifyTruncatedDigest(const byte *digest, size_t digestLength, const byte *input, size_t length)
+ {Update(input, length); return TruncatedVerify(digest, digestLength);}
+
+protected:
+ void ThrowIfInvalidTruncatedSize(size_t size) const;
+};
+
+typedef HashTransformation HashFunction;
+
+//! interface for one direction (encryption or decryption) of a block cipher
+/*! \note These objects usually should not be used directly. See BlockTransformation for more details. */
+class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE BlockCipher : public SimpleKeyingInterface, public BlockTransformation
+{
+protected:
+ const Algorithm & GetAlgorithm() const {return *this;}
+};
+
+//! interface for one direction (encryption or decryption) of a stream cipher or cipher mode
+class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE SymmetricCipher : public SimpleKeyingInterface, public StreamTransformation
+{
+protected:
+ const Algorithm & GetAlgorithm() const {return *this;}
+};
+
+//! interface for message authentication codes
+class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE MessageAuthenticationCode : public SimpleKeyingInterface, public HashTransformation
+{
+protected:
+ const Algorithm & GetAlgorithm() const {return *this;}
+};
+
+//! interface for for one direction (encryption or decryption) of a stream cipher or block cipher mode with authentication
+/*! The StreamTransformation part of this interface is used to encrypt/decrypt the data, and the MessageAuthenticationCode part of this
+ interface is used to input additional authenticated data (AAD, which is MAC'ed but not encrypted), and to generate/verify the MAC. */
+class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AuthenticatedSymmetricCipher : public MessageAuthenticationCode, public StreamTransformation
+{
+public:
+ //! this indicates that a member function was called in the wrong state, for example trying to encrypt a message before having set the key or IV
+ class BadState : public Exception
+ {
+ public:
+ explicit BadState(const std::string &name, const char *message) : Exception(OTHER_ERROR, name + ": " + message) {}
+ explicit BadState(const std::string &name, const char *function, const char *state) : Exception(OTHER_ERROR, name + ": " + function + " was called before " + state) {}
+ };
+
+ //! the maximum length of AAD that can be input before the encrypted data
+ virtual lword MaxHeaderLength() const =0;
+ //! the maximum length of encrypted data
+ virtual lword MaxMessageLength() const =0;
+ //! the maximum length of AAD that can be input after the encrypted data
+ virtual lword MaxFooterLength() const {return 0;}
+ //! if this function returns true, SpecifyDataLengths() must be called before attempting to input data
+ /*! This is the case for some schemes, such as CCM. */
+ virtual bool NeedsPrespecifiedDataLengths() const {return false;}
+ //! this function only needs to be called if NeedsPrespecifiedDataLengths() returns true
+ void SpecifyDataLengths(lword headerLength, lword messageLength, lword footerLength=0);
+ //! encrypt and generate MAC in one call. will truncate MAC if macSize < TagSize()
+ virtual void EncryptAndAuthenticate(byte *ciphertext, byte *mac, size_t macSize, const byte *iv, int ivLength, const byte *header, size_t headerLength, const byte *message, size_t messageLength);
+ //! decrypt and verify MAC in one call, returning true iff MAC is valid. will assume MAC is truncated if macLength < TagSize()
+ virtual bool DecryptAndVerify(byte *message, const byte *mac, size_t macLength, const byte *iv, int ivLength, const byte *header, size_t headerLength, const byte *ciphertext, size_t ciphertextLength);
+
+ // redeclare this to avoid compiler ambiguity errors
+ virtual std::string AlgorithmName() const =0;
+
+protected:
+ const Algorithm & GetAlgorithm() const {return *static_cast<const MessageAuthenticationCode *>(this);}
+ virtual void UncheckedSpecifyDataLengths(lword headerLength, lword messageLength, lword footerLength) {}
+};
+
+#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY
+typedef SymmetricCipher StreamCipher;
+#endif
+
+//! interface for random number generators
+/*! All return values are uniformly distributed over the range specified.
+*/
+class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE RandomNumberGenerator : public Algorithm
+{
+public:
+ //! update RNG state with additional unpredictable values
+ virtual void IncorporateEntropy(const byte *input, size_t length) {throw NotImplemented("RandomNumberGenerator: IncorporateEntropy not implemented");}
+
+ //! returns true if IncorporateEntropy is implemented
+ virtual bool CanIncorporateEntropy() const {return false;}
+
+ //! generate new random byte and return it
+ virtual byte GenerateByte();
+
+ //! generate new random bit and return it
+ /*! Default implementation is to call GenerateByte() and return its lowest bit. */
+ virtual unsigned int GenerateBit();
+
+ //! generate a random 32 bit word in the range min to max, inclusive
+ virtual word32 GenerateWord32(word32 a=0, word32 b=0xffffffffL);
+
+ //! generate random array of bytes
+ virtual void GenerateBlock(byte *output, size_t size);
+
+ //! generate and discard n bytes
+ virtual void DiscardBytes(size_t n);
+
+ //! generate random bytes as input to a BufferedTransformation
+ virtual void GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword length);
+
+ //! randomly shuffle the specified array, resulting permutation is uniformly distributed
+ template <class IT> void Shuffle(IT begin, IT end)
+ {
+ for (; begin != end; ++begin)
+ std::iter_swap(begin, begin + GenerateWord32(0, end-begin-1));
+ }
+
+#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY
+ byte GetByte() {return GenerateByte();}
+ unsigned int GetBit() {return GenerateBit();}
+ word32 GetLong(word32 a=0, word32 b=0xffffffffL) {return GenerateWord32(a, b);}
+ word16 GetShort(word16 a=0, word16 b=0xffff) {return (word16)GenerateWord32(a, b);}
+ void GetBlock(byte *output, size_t size) {GenerateBlock(output, size);}
+#endif
+};
+
+//! returns a reference that can be passed to functions that ask for a RNG but doesn't actually use it
+CRYPTOPP_DLL RandomNumberGenerator & CRYPTOPP_API NullRNG();
+
+class WaitObjectContainer;
+class CallStack;
+
+//! interface for objects that you can wait for
+
+class CRYPTOPP_NO_VTABLE Waitable
+{
+public:
+ virtual ~Waitable() {}
+
+ //! maximum number of wait objects that this object can return
+ virtual unsigned int GetMaxWaitObjectCount() const =0;
+ //! put wait objects into container
+ /*! \param callStack is used for tracing no wait loops, example:
+ something.GetWaitObjects(c, CallStack("my func after X", 0));
+ - or in an outer GetWaitObjects() method that itself takes a callStack parameter:
+ innerThing.GetWaitObjects(c, CallStack("MyClass::GetWaitObjects at X", &callStack)); */
+ virtual void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) =0;
+ //! wait on this object
+ /*! same as creating an empty container, calling GetWaitObjects(), and calling Wait() on the container */
+ bool Wait(unsigned long milliseconds, CallStack const& callStack);
+};
+
+//! the default channel for BufferedTransformation, equal to the empty string
+extern CRYPTOPP_DLL const std::string DEFAULT_CHANNEL;
+
+//! channel for additional authenticated data, equal to "AAD"
+extern CRYPTOPP_DLL const std::string AAD_CHANNEL;
+
+//! interface for buffered transformations
+
+/*! BufferedTransformation is a generalization of BlockTransformation,
+ StreamTransformation, and HashTransformation.
+
+ A buffered transformation is an object that takes a stream of bytes
+ as input (this may be done in stages), does some computation on them, and
+ then places the result into an internal buffer for later retrieval. Any
+ partial result already in the output buffer is not modified by further
+ input.
+
+ If a method takes a "blocking" parameter, and you
+ pass "false" for it, the method will return before all input has been processed if
+ the input cannot be processed without waiting (for network buffers to become available, for example).
+ In this case the method will return true
+ or a non-zero integer value. When this happens you must continue to call the method with the same
+ parameters until it returns false or zero, before calling any other method on it or
+ attached BufferedTransformation. The integer return value in this case is approximately
+ the number of bytes left to be processed, and can be used to implement a progress bar.
+
+ For functions that take a "propagation" parameter, propagation != 0 means pass on the signal to attached
+ BufferedTransformation objects, with propagation decremented at each step until it reaches 0.
+ -1 means unlimited propagation.
+
+ \nosubgrouping
+*/
+class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE BufferedTransformation : public Algorithm, public Waitable
+{
+public:
+ // placed up here for CW8
+ static const std::string &NULL_CHANNEL; // same as DEFAULT_CHANNEL, for backwards compatibility
+
+ BufferedTransformation() : Algorithm(false) {}
+
+ //! return a reference to this object
+ /*! This function is useful for passing a temporary BufferedTransformation object to a
+ function that takes a non-const reference. */
+ BufferedTransformation& Ref() {return *this;}
+
+ //! \name INPUT
+ //@{
+ //! input a byte for processing
+ size_t Put(byte inByte, bool blocking=true)
+ {return Put(&inByte, 1, blocking);}
+ //! input multiple bytes
+ size_t Put(const byte *inString, size_t length, bool blocking=true)
+ {return Put2(inString, length, 0, blocking);}
+
+ //! input a 16-bit word
+ size_t PutWord16(word16 value, ByteOrder order=BIG_ENDIAN_ORDER, bool blocking=true);
+ //! input a 32-bit word
+ size_t PutWord32(word32 value, ByteOrder order=BIG_ENDIAN_ORDER, bool blocking=true);
+
+ //! request space which can be written into by the caller, and then used as input to Put()
+ /*! \param size is requested size (as a hint) for input, and size of the returned space for output */
+ /*! \note The purpose of this method is to help avoid doing extra memory allocations. */
+ virtual byte * CreatePutSpace(size_t &size) {size=0; return NULL;}
+
+ virtual bool CanModifyInput() const {return false;}
+
+ //! input multiple bytes that may be modified by callee
+ size_t PutModifiable(byte *inString, size_t length, bool blocking=true)
+ {return PutModifiable2(inString, length, 0, blocking);}
+
+ bool MessageEnd(int propagation=-1, bool blocking=true)
+ {return !!Put2(NULL, 0, propagation < 0 ? -1 : propagation+1, blocking);}
+ size_t PutMessageEnd(const byte *inString, size_t length, int propagation=-1, bool blocking=true)
+ {return Put2(inString, length, propagation < 0 ? -1 : propagation+1, blocking);}
+
+ //! input multiple bytes for blocking or non-blocking processing
+ /*! \param messageEnd means how many filters to signal MessageEnd to, including this one */
+ virtual size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking) =0;
+ //! input multiple bytes that may be modified by callee for blocking or non-blocking processing
+ /*! \param messageEnd means how many filters to signal MessageEnd to, including this one */
+ virtual size_t PutModifiable2(byte *inString, size_t length, int messageEnd, bool blocking)
+ {return Put2(inString, length, messageEnd, blocking);}
+
+ //! thrown by objects that have not implemented nonblocking input processing
+ struct BlockingInputOnly : public NotImplemented
+ {BlockingInputOnly(const std::string &s) : NotImplemented(s + ": Nonblocking input is not implemented by this object.") {}};
+ //@}
+
+ //! \name WAITING
+ //@{
+ unsigned int GetMaxWaitObjectCount() const;
+ void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack);
+ //@}
+
+ //! \name SIGNALS
+ //@{
+ virtual void IsolatedInitialize(const NameValuePairs ¶meters) {throw NotImplemented("BufferedTransformation: this object can't be reinitialized");}
+ virtual bool IsolatedFlush(bool hardFlush, bool blocking) =0;
+ virtual bool IsolatedMessageSeriesEnd(bool blocking) {return false;}
+
+ //! initialize or reinitialize this object
+ virtual void Initialize(const NameValuePairs ¶meters=g_nullNameValuePairs, int propagation=-1);
+ //! flush buffered input and/or output
+ /*! \param hardFlush is used to indicate whether all data should be flushed
+ \note Hard flushes must be used with care. It means try to process and output everything, even if
+ there may not be enough data to complete the action. For example, hard flushing a HexDecoder would
+ cause an error if you do it after inputing an odd number of hex encoded characters.
+ For some types of filters, for example ZlibDecompressor, hard flushes can only
+ be done at "synchronization points". These synchronization points are positions in the data
+ stream that are created by hard flushes on the corresponding reverse filters, in this
+ example ZlibCompressor. This is useful when zlib compressed data is moved across a
+ network in packets and compression state is preserved across packets, as in the ssh2 protocol.
+ */
+ virtual bool Flush(bool hardFlush, int propagation=-1, bool blocking=true);
+ //! mark end of a series of messages
+ /*! There should be a MessageEnd immediately before MessageSeriesEnd. */
+ virtual bool MessageSeriesEnd(int propagation=-1, bool blocking=true);
+
+ //! set propagation of automatically generated and transferred signals
+ /*! propagation == 0 means do not automaticly generate signals */
+ virtual void SetAutoSignalPropagation(int propagation) {}
+
+ //!
+ virtual int GetAutoSignalPropagation() const {return 0;}
+public:
+
+#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY
+ void Close() {MessageEnd();}
+#endif
+ //@}
+
+ //! \name RETRIEVAL OF ONE MESSAGE
+ //@{
+ //! returns number of bytes that is currently ready for retrieval
+ /*! All retrieval functions return the actual number of bytes
+ retrieved, which is the lesser of the request number and
+ MaxRetrievable(). */
+ virtual lword MaxRetrievable() const;
+
+ //! returns whether any bytes are currently ready for retrieval
+ virtual bool AnyRetrievable() const;
+
+ //! try to retrieve a single byte
+ virtual size_t Get(byte &outByte);
+ //! try to retrieve multiple bytes
+ virtual size_t Get(byte *outString, size_t getMax);
+
+ //! peek at the next byte without removing it from the output buffer
+ virtual size_t Peek(byte &outByte) const;
+ //! peek at multiple bytes without removing them from the output buffer
+ virtual size_t Peek(byte *outString, size_t peekMax) const;
+
+ //! try to retrieve a 16-bit word
+ size_t GetWord16(word16 &value, ByteOrder order=BIG_ENDIAN_ORDER);
+ //! try to retrieve a 32-bit word
+ size_t GetWord32(word32 &value, ByteOrder order=BIG_ENDIAN_ORDER);
+
+ //! try to peek at a 16-bit word
+ size_t PeekWord16(word16 &value, ByteOrder order=BIG_ENDIAN_ORDER) const;
+ //! try to peek at a 32-bit word
+ size_t PeekWord32(word32 &value, ByteOrder order=BIG_ENDIAN_ORDER) const;
+
+ //! move transferMax bytes of the buffered output to target as input
+ lword TransferTo(BufferedTransformation &target, lword transferMax=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL)
+ {TransferTo2(target, transferMax, channel); return transferMax;}
+
+ //! discard skipMax bytes from the output buffer
+ virtual lword Skip(lword skipMax=LWORD_MAX);
+
+ //! copy copyMax bytes of the buffered output to target as input
+ lword CopyTo(BufferedTransformation &target, lword copyMax=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL) const
+ {return CopyRangeTo(target, 0, copyMax, channel);}
+
+ //! copy copyMax bytes of the buffered output, starting at position (relative to current position), to target as input
+ lword CopyRangeTo(BufferedTransformation &target, lword position, lword copyMax=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL) const
+ {lword i = position; CopyRangeTo2(target, i, i+copyMax, channel); return i-position;}
+
+#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY
+ unsigned long MaxRetrieveable() const {return MaxRetrievable();}
+#endif
+ //@}
+
+ //! \name RETRIEVAL OF MULTIPLE MESSAGES
+ //@{
+ //!
+ virtual lword TotalBytesRetrievable() const;
+ //! number of times MessageEnd() has been received minus messages retrieved or skipped
+ virtual unsigned int NumberOfMessages() const;
+ //! returns true if NumberOfMessages() > 0
+ virtual bool AnyMessages() const;
+ //! start retrieving the next message
+ /*!
+ Returns false if no more messages exist or this message
+ is not completely retrieved.
+ */
+ virtual bool GetNextMessage();
+ //! skip count number of messages
+ virtual unsigned int SkipMessages(unsigned int count=UINT_MAX);
+ //!
+ unsigned int TransferMessagesTo(BufferedTransformation &target, unsigned int count=UINT_MAX, const std::string &channel=DEFAULT_CHANNEL)
+ {TransferMessagesTo2(target, count, channel); return count;}
+ //!
+ unsigned int CopyMessagesTo(BufferedTransformation &target, unsigned int count=UINT_MAX, const std::string &channel=DEFAULT_CHANNEL) const;
+
+ //!
+ virtual void SkipAll();
+ //!
+ void TransferAllTo(BufferedTransformation &target, const std::string &channel=DEFAULT_CHANNEL)
+ {TransferAllTo2(target, channel);}
+ //!
+ void CopyAllTo(BufferedTransformation &target, const std::string &channel=DEFAULT_CHANNEL) const;
+
+ virtual bool GetNextMessageSeries() {return false;}
+ virtual unsigned int NumberOfMessagesInThisSeries() const {return NumberOfMessages();}
+ virtual unsigned int NumberOfMessageSeries() const {return 0;}
+ //@}
+
+ //! \name NON-BLOCKING TRANSFER OF OUTPUT
+ //@{
+ //! upon return, byteCount contains number of bytes that have finished being transfered, and returns the number of bytes left in the current transfer block
+ virtual size_t TransferTo2(BufferedTransformation &target, lword &byteCount, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) =0;
+ //! upon return, begin contains the start position of data yet to be finished copying, and returns the number of bytes left in the current transfer block
+ virtual size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const =0;
+ //! upon return, messageCount contains number of messages that have finished being transfered, and returns the number of bytes left in the current transfer block
+ size_t TransferMessagesTo2(BufferedTransformation &target, unsigned int &messageCount, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true);
+ //! returns the number of bytes left in the current transfer block
+ size_t TransferAllTo2(BufferedTransformation &target, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true);
+ //@}
+
+ //! \name CHANNELS
+ //@{
+ struct NoChannelSupport : public NotImplemented
+ {NoChannelSupport(const std::string &name) : NotImplemented(name + ": this object doesn't support multiple channels") {}};
+ struct InvalidChannelName : public InvalidArgument
+ {InvalidChannelName(const std::string &name, const std::string &channel) : InvalidArgument(name + ": unexpected channel name \"" + channel + "\"") {}};
+
+ size_t ChannelPut(const std::string &channel, byte inByte, bool blocking=true)
+ {return ChannelPut(channel, &inByte, 1, blocking);}
+ size_t ChannelPut(const std::string &channel, const byte *inString, size_t length, bool blocking=true)
+ {return ChannelPut2(channel, inString, length, 0, blocking);}
+
+ size_t ChannelPutModifiable(const std::string &channel, byte *inString, size_t length, bool blocking=true)
+ {return ChannelPutModifiable2(channel, inString, length, 0, blocking);}
+
+ size_t ChannelPutWord16(const std::string &channel, word16 value, ByteOrder order=BIG_ENDIAN_ORDER, bool blocking=true);
+ size_t ChannelPutWord32(const std::string &channel, word32 value, ByteOrder order=BIG_ENDIAN_ORDER, bool blocking=true);
+
+ bool ChannelMessageEnd(const std::string &channel, int propagation=-1, bool blocking=true)
+ {return !!ChannelPut2(channel, NULL, 0, propagation < 0 ? -1 : propagation+1, blocking);}
+ size_t ChannelPutMessageEnd(const std::string &channel, const byte *inString, size_t length, int propagation=-1, bool blocking=true)
+ {return ChannelPut2(channel, inString, length, propagation < 0 ? -1 : propagation+1, blocking);}
+
+ virtual byte * ChannelCreatePutSpace(const std::string &channel, size_t &size);
+
+ virtual size_t ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking);
+ virtual size_t ChannelPutModifiable2(const std::string &channel, byte *begin, size_t length, int messageEnd, bool blocking);
+
+ virtual bool ChannelFlush(const std::string &channel, bool hardFlush, int propagation=-1, bool blocking=true);
+ virtual bool ChannelMessageSeriesEnd(const std::string &channel, int propagation=-1, bool blocking=true);
+
+ virtual void SetRetrievalChannel(const std::string &channel);
+ //@}
+
+ //! \name ATTACHMENT
+ /*! Some BufferedTransformation objects (e.g. Filter objects)
+ allow other BufferedTransformation objects to be attached. When
+ this is done, the first object instead of buffering its output,
+ sents that output to the attached object as input. The entire
+ attachment chain is deleted when the anchor object is destructed.
+ */
+ //@{
+ //! returns whether this object allows attachment
+ virtual bool Attachable() {return false;}
+ //! returns the object immediately attached to this object or NULL for no attachment
+ virtual BufferedTransformation *AttachedTransformation() {assert(!Attachable()); return 0;}
+ //!
+ virtual const BufferedTransformation *AttachedTransformation() const
+ {return const_cast<BufferedTransformation *>(this)->AttachedTransformation();}
+ //! delete the current attachment chain and replace it with newAttachment
+ virtual void Detach(BufferedTransformation *newAttachment = 0)
+ {assert(!Attachable()); throw NotImplemented("BufferedTransformation: this object is not attachable");}
+ //! add newAttachment to the end of attachment chain
+ virtual void Attach(BufferedTransformation *newAttachment);
+ //@}
+
+protected:
+ static int DecrementPropagation(int propagation)
+ {return propagation != 0 ? propagation - 1 : 0;}
+
+private:
+ byte m_buf[4]; // for ChannelPutWord16 and ChannelPutWord32, to ensure buffer isn't deallocated before non-blocking operation completes
+};
+
+//! returns a reference to a BufferedTransformation object that discards all input
+BufferedTransformation & TheBitBucket();
+
+//! interface for crypto material, such as public and private keys, and crypto parameters
+
+class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CryptoMaterial : public NameValuePairs
+{
+public:
+ //! exception thrown when invalid crypto material is detected
+ class CRYPTOPP_DLL InvalidMaterial : public InvalidDataFormat
+ {
+ public:
+ explicit InvalidMaterial(const std::string &s) : InvalidDataFormat(s) {}
+ };
+
+ //! assign values from source to this object
+ /*! \note This function can be used to create a public key from a private key. */
+ virtual void AssignFrom(const NameValuePairs &source) =0;
+
+ //! check this object for errors
+ /*! \param level denotes the level of thoroughness:
+ 0 - using this object won't cause a crash or exception (rng is ignored)
+ 1 - this object will probably function (encrypt, sign, etc.) correctly (but may not check for weak keys and such)
+ 2 - make sure this object will function correctly, and do reasonable security checks
+ 3 - do checks that may take a long time
+ \return true if the tests pass */
+ virtual bool Validate(RandomNumberGenerator &rng, unsigned int level) const =0;
+
+ //! throws InvalidMaterial if this object fails Validate() test
+ virtual void ThrowIfInvalid(RandomNumberGenerator &rng, unsigned int level) const
+ {if (!Validate(rng, level)) throw InvalidMaterial("CryptoMaterial: this object contains invalid values");}
+
+// virtual std::vector<std::string> GetSupportedFormats(bool includeSaveOnly=false, bool includeLoadOnly=false);
+
+ //! save key into a BufferedTransformation
+ virtual void Save(BufferedTransformation &bt) const
+ {throw NotImplemented("CryptoMaterial: this object does not support saving");}
+
+ //! load key from a BufferedTransformation
+ /*! \throws KeyingErr if decode fails
+ \note Generally does not check that the key is valid.
+ Call ValidateKey() or ThrowIfInvalidKey() to check that. */
+ virtual void Load(BufferedTransformation &bt)
+ {throw NotImplemented("CryptoMaterial: this object does not support loading");}
+
+ //! \return whether this object supports precomputation
+ virtual bool SupportsPrecomputation() const {return false;}
+ //! do precomputation
+ /*! The exact semantics of Precompute() is varies, but
+ typically it means calculate a table of n objects
+ that can be used later to speed up computation. */
+ virtual void Precompute(unsigned int n)
+ {assert(!SupportsPrecomputation()); throw NotImplemented("CryptoMaterial: this object does not support precomputation");}
+ //! retrieve previously saved precomputation
+ virtual void LoadPrecomputation(BufferedTransformation &storedPrecomputation)
+ {assert(!SupportsPrecomputation()); throw NotImplemented("CryptoMaterial: this object does not support precomputation");}
+ //! save precomputation for later use
+ virtual void SavePrecomputation(BufferedTransformation &storedPrecomputation) const
+ {assert(!SupportsPrecomputation()); throw NotImplemented("CryptoMaterial: this object does not support precomputation");}
+
+ // for internal library use
+ void DoQuickSanityCheck() const {ThrowIfInvalid(NullRNG(), 0);}
+
+#if (defined(__SUNPRO_CC) && __SUNPRO_CC < 0x590)
+ // Sun Studio 11/CC 5.8 workaround: it generates incorrect code when casting to an empty virtual base class
+ char m_sunCCworkaround;
+#endif
+};
+
+//! interface for generatable crypto material, such as private keys and crypto parameters
+
+class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE GeneratableCryptoMaterial : virtual public CryptoMaterial
+{
+public:
+ //! generate a random key or crypto parameters
+ /*! \throws KeyingErr if algorithm parameters are invalid, or if a key can't be generated
+ (e.g., if this is a public key object) */
+ virtual void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs ¶ms = g_nullNameValuePairs)
+ {throw NotImplemented("GeneratableCryptoMaterial: this object does not support key/parameter generation");}
+
+ //! calls the above function with a NameValuePairs object that just specifies "KeySize"
+ void GenerateRandomWithKeySize(RandomNumberGenerator &rng, unsigned int keySize);
+};
+
+//! interface for public keys
+
+class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PublicKey : virtual public CryptoMaterial
+{
+};
+
+//! interface for private keys
+
+class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PrivateKey : public GeneratableCryptoMaterial
+{
+};
+
+//! interface for crypto prameters
+
+class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CryptoParameters : public GeneratableCryptoMaterial
+{
+};
+
+//! interface for asymmetric algorithms
+
+class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AsymmetricAlgorithm : public Algorithm
+{
+public:
+ //! returns a reference to the crypto material used by this object
+ virtual CryptoMaterial & AccessMaterial() =0;
+ //! returns a const reference to the crypto material used by this object
+ virtual const CryptoMaterial & GetMaterial() const =0;
+
+ //! for backwards compatibility, calls AccessMaterial().Load(bt)
+ void BERDecode(BufferedTransformation &bt)
+ {AccessMaterial().Load(bt);}
+ //! for backwards compatibility, calls GetMaterial().Save(bt)
+ void DEREncode(BufferedTransformation &bt) const
+ {GetMaterial().Save(bt);}
+};
+
+//! interface for asymmetric algorithms using public keys
+
+class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PublicKeyAlgorithm : public AsymmetricAlgorithm
+{
+public:
+ // VC60 workaround: no co-variant return type
+ CryptoMaterial & AccessMaterial() {return AccessPublicKey();}
+ const CryptoMaterial & GetMaterial() const {return GetPublicKey();}
+
+ virtual PublicKey & AccessPublicKey() =0;
+ virtual const PublicKey & GetPublicKey() const {return const_cast<PublicKeyAlgorithm *>(this)->AccessPublicKey();}
+};
+
+//! interface for asymmetric algorithms using private keys
+
+class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PrivateKeyAlgorithm : public AsymmetricAlgorithm
+{
+public:
+ CryptoMaterial & AccessMaterial() {return AccessPrivateKey();}
+ const CryptoMaterial & GetMaterial() const {return GetPrivateKey();}
+
+ virtual PrivateKey & AccessPrivateKey() =0;
+ virtual const PrivateKey & GetPrivateKey() const {return const_cast<PrivateKeyAlgorithm *>(this)->AccessPrivateKey();}
+};
+
+//! interface for key agreement algorithms
+
+class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE KeyAgreementAlgorithm : public AsymmetricAlgorithm
+{
+public:
+ CryptoMaterial & AccessMaterial() {return AccessCryptoParameters();}
+ const CryptoMaterial & GetMaterial() const {return GetCryptoParameters();}
+
+ virtual CryptoParameters & AccessCryptoParameters() =0;
+ virtual const CryptoParameters & GetCryptoParameters() const {return const_cast<KeyAgreementAlgorithm *>(this)->AccessCryptoParameters();}
+};
+
+//! interface for public-key encryptors and decryptors
+
+/*! This class provides an interface common to encryptors and decryptors
+ for querying their plaintext and ciphertext lengths.
+*/
+class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_CryptoSystem
+{
+public:
+ virtual ~PK_CryptoSystem() {}
+
+ //! maximum length of plaintext for a given ciphertext length
+ /*! \note This function returns 0 if ciphertextLength is not valid (too long or too short). */
+ virtual size_t MaxPlaintextLength(size_t ciphertextLength) const =0;
+
+ //! calculate length of ciphertext given length of plaintext
+ /*! \note This function returns 0 if plaintextLength is not valid (too long). */
+ virtual size_t CiphertextLength(size_t plaintextLength) const =0;
+
+ //! this object supports the use of the parameter with the given name
+ /*! some possible parameter names: EncodingParameters, KeyDerivationParameters */
+ virtual bool ParameterSupported(const char *name) const =0;
+
+ //! return fixed ciphertext length, if one exists, otherwise return 0
+ /*! \note "Fixed" here means length of ciphertext does not depend on length of plaintext.
+ It usually does depend on the key length. */
+ virtual size_t FixedCiphertextLength() const {return 0;}
+
+ //! return maximum plaintext length given the fixed ciphertext length, if one exists, otherwise return 0
+ virtual size_t FixedMaxPlaintextLength() const {return 0;}
+
+#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY
+ size_t MaxPlainTextLength(size_t cipherTextLength) const {return MaxPlaintextLength(cipherTextLength);}
+ size_t CipherTextLength(size_t plainTextLength) const {return CiphertextLength(plainTextLength);}
+#endif
+};
+
+//! interface for public-key encryptors
+class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_Encryptor : public PK_CryptoSystem, public PublicKeyAlgorithm
+{
+public:
+ //! exception thrown when trying to encrypt plaintext of invalid length
+ class CRYPTOPP_DLL InvalidPlaintextLength : public Exception
+ {
+ public:
+ InvalidPlaintextLength() : Exception(OTHER_ERROR, "PK_Encryptor: invalid plaintext length") {}
+ };
+
+ //! encrypt a byte string
+ /*! \pre CiphertextLength(plaintextLength) != 0 (i.e., plaintext isn't too long)
+ \pre size of ciphertext == CiphertextLength(plaintextLength)
+ */
+ virtual void Encrypt(RandomNumberGenerator &rng,
+ const byte *plaintext, size_t plaintextLength,
+ byte *ciphertext, const NameValuePairs ¶meters = g_nullNameValuePairs) const =0;
+
+ //! create a new encryption filter
+ /*! \note The caller is responsible for deleting the returned pointer.
+ \note Encoding parameters should be passed in the "EP" channel.
+ */
+ virtual BufferedTransformation * CreateEncryptionFilter(RandomNumberGenerator &rng,
+ BufferedTransformation *attachment=NULL, const NameValuePairs ¶meters = g_nullNameValuePairs) const;
+};
+
+//! interface for public-key decryptors
+
+class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_Decryptor : public PK_CryptoSystem, public PrivateKeyAlgorithm
+{
+public:
+ //! decrypt a byte string, and return the length of plaintext
+ /*! \pre size of plaintext == MaxPlaintextLength(ciphertextLength) bytes.
+ \return the actual length of the plaintext, indication that decryption failed.
+ */
+ virtual DecodingResult Decrypt(RandomNumberGenerator &rng,
+ const byte *ciphertext, size_t ciphertextLength,
+ byte *plaintext, const NameValuePairs ¶meters = g_nullNameValuePairs) const =0;
+
+ //! create a new decryption filter
+ /*! \note caller is responsible for deleting the returned pointer
+ */
+ virtual BufferedTransformation * CreateDecryptionFilter(RandomNumberGenerator &rng,
+ BufferedTransformation *attachment=NULL, const NameValuePairs ¶meters = g_nullNameValuePairs) const;
+
+ //! decrypt a fixed size ciphertext
+ DecodingResult FixedLengthDecrypt(RandomNumberGenerator &rng, const byte *ciphertext, byte *plaintext, const NameValuePairs ¶meters = g_nullNameValuePairs) const
+ {return Decrypt(rng, ciphertext, FixedCiphertextLength(), plaintext, parameters);}
+};
+
+#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY
+typedef PK_CryptoSystem PK_FixedLengthCryptoSystem;
+typedef PK_Encryptor PK_FixedLengthEncryptor;
+typedef PK_Decryptor PK_FixedLengthDecryptor;
+#endif
+
+//! interface for public-key signers and verifiers
+
+/*! This class provides an interface common to signers and verifiers
+ for querying scheme properties.
+*/
+class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_SignatureScheme
+{
+public:
+ //! invalid key exception, may be thrown by any function in this class if the private or public key has a length that can't be used
+ class CRYPTOPP_DLL InvalidKeyLength : public Exception
+ {
+ public:
+ InvalidKeyLength(const std::string &message) : Exception(OTHER_ERROR, message) {}
+ };
+
+ //! key too short exception, may be thrown by any function in this class if the private or public key is too short to sign or verify anything
+ class CRYPTOPP_DLL KeyTooShort : public InvalidKeyLength
+ {
+ public:
+ KeyTooShort() : InvalidKeyLength("PK_Signer: key too short for this signature scheme") {}
+ };
+
+ virtual ~PK_SignatureScheme() {}
+
+ //! signature length if it only depends on the key, otherwise 0
+ virtual size_t SignatureLength() const =0;
+
+ //! maximum signature length produced for a given length of recoverable message part
+ virtual size_t MaxSignatureLength(size_t recoverablePartLength = 0) const {return SignatureLength();}
+
+ //! length of longest message that can be recovered, or 0 if this signature scheme does not support message recovery
+ virtual size_t MaxRecoverableLength() const =0;
+
+ //! length of longest message that can be recovered from a signature of given length, or 0 if this signature scheme does not support message recovery
+ virtual size_t MaxRecoverableLengthFromSignatureLength(size_t signatureLength) const =0;
+
+ //! requires a random number generator to sign
+ /*! if this returns false, NullRNG() can be passed to functions that take RandomNumberGenerator & */
+ virtual bool IsProbabilistic() const =0;
+
+ //! whether or not a non-recoverable message part can be signed
+ virtual bool AllowNonrecoverablePart() const =0;
+
+ //! if this function returns true, during verification you must input the signature before the message, otherwise you can input it at anytime */
+ virtual bool SignatureUpfront() const {return false;}
+
+ //! whether you must input the recoverable part before the non-recoverable part during signing
+ virtual bool RecoverablePartFirst() const =0;
+};
+
+//! interface for accumulating messages to be signed or verified
+/*! Only Update() should be called
+ on this class. No other functions inherited from HashTransformation should be called.
+*/
+class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_MessageAccumulator : public HashTransformation
+{
+public:
+ //! should not be called on PK_MessageAccumulator
+ unsigned int DigestSize() const
+ {throw NotImplemented("PK_MessageAccumulator: DigestSize() should not be called");}
+ //! should not be called on PK_MessageAccumulator
+ void TruncatedFinal(byte *digest, size_t digestSize)
+ {throw NotImplemented("PK_MessageAccumulator: TruncatedFinal() should not be called");}
+};
+
+//! interface for public-key signers
+
+class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_Signer : public PK_SignatureScheme, public PrivateKeyAlgorithm
+{
+public:
+ //! create a new HashTransformation to accumulate the message to be signed
+ virtual PK_MessageAccumulator * NewSignatureAccumulator(RandomNumberGenerator &rng) const =0;
+
+ virtual void InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, size_t recoverableMessageLength) const =0;
+
+ //! sign and delete messageAccumulator (even in case of exception thrown)
+ /*! \pre size of signature == MaxSignatureLength()
+ \return actual signature length
+ */
+ virtual size_t Sign(RandomNumberGenerator &rng, PK_MessageAccumulator *messageAccumulator, byte *signature) const;
+
+ //! sign and restart messageAccumulator
+ /*! \pre size of signature == MaxSignatureLength()
+ \return actual signature length
+ */
+ virtual size_t SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart=true) const =0;
+
+ //! sign a message
+ /*! \pre size of signature == MaxSignatureLength()
+ \return actual signature length
+ */
+ virtual size_t SignMessage(RandomNumberGenerator &rng, const byte *message, size_t messageLen, byte *signature) const;
+
+ //! sign a recoverable message
+ /*! \pre size of signature == MaxSignatureLength(recoverableMessageLength)
+ \return actual signature length
+ */
+ virtual size_t SignMessageWithRecovery(RandomNumberGenerator &rng, const byte *recoverableMessage, size_t recoverableMessageLength,
+ const byte *nonrecoverableMessage, size_t nonrecoverableMessageLength, byte *signature) const;
+};
+
+//! interface for public-key signature verifiers
+/*! The Recover* functions throw NotImplemented if the signature scheme does not support
+ message recovery.
+ The Verify* functions throw InvalidDataFormat if the scheme does support message
+ recovery and the signature contains a non-empty recoverable message part. The
+ Recovery* functions should be used in that case.
+*/
+class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_Verifier : public PK_SignatureScheme, public PublicKeyAlgorithm
+{
+public:
+ //! create a new HashTransformation to accumulate the message to be verified
+ virtual PK_MessageAccumulator * NewVerificationAccumulator() const =0;
+
+ //! input signature into a message accumulator
+ virtual void InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, size_t signatureLength) const =0;
+
+ //! check whether messageAccumulator contains a valid signature and message, and delete messageAccumulator (even in case of exception thrown)
+ virtual bool Verify(PK_MessageAccumulator *messageAccumulator) const;
+
+ //! check whether messageAccumulator contains a valid signature and message, and restart messageAccumulator
+ virtual bool VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const =0;
+
+ //! check whether input signature is a valid signature for input message
+ virtual bool VerifyMessage(const byte *message, size_t messageLen,
+ const byte *signature, size_t signatureLength) const;
+
+ //! recover a message from its signature
+ /*! \pre size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength)
+ */
+ virtual DecodingResult Recover(byte *recoveredMessage, PK_MessageAccumulator *messageAccumulator) const;
+
+ //! recover a message from its signature
+ /*! \pre size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength)
+ */
+ virtual DecodingResult RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &messageAccumulator) const =0;
+
+ //! recover a message from its signature
+ /*! \pre size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength)
+ */
+ virtual DecodingResult RecoverMessage(byte *recoveredMessage,
+ const byte *nonrecoverableMessage, size_t nonrecoverableMessageLength,
+ const byte *signature, size_t signatureLength) const;
+};
+
+//! interface for domains of simple key agreement protocols
+
+/*! A key agreement domain is a set of parameters that must be shared
+ by two parties in a key agreement protocol, along with the algorithms
+ for generating key pairs and deriving agreed values.
+*/
+class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE SimpleKeyAgreementDomain : public KeyAgreementAlgorithm
+{
+public:
+ //! return length of agreed value produced
+ virtual unsigned int AgreedValueLength() const =0;
+ //! return length of private keys in this domain
+ virtual unsigned int PrivateKeyLength() const =0;
+ //! return length of public keys in this domain
+ virtual unsigned int PublicKeyLength() const =0;
+ //! generate private key
+ /*! \pre size of privateKey == PrivateKeyLength() */
+ virtual void GeneratePrivateKey(RandomNumberGenerator &rng, byte *privateKey) const =0;
+ //! generate public key
+ /*! \pre size of publicKey == PublicKeyLength() */
+ virtual void GeneratePublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const =0;
+ //! generate private/public key pair
+ /*! \note equivalent to calling GeneratePrivateKey() and then GeneratePublicKey() */
+ virtual void GenerateKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const;
+ //! derive agreed value from your private key and couterparty's public key, return false in case of failure
+ /*! \note If you have previously validated the public key, use validateOtherPublicKey=false to save time.
+ \pre size of agreedValue == AgreedValueLength()
+ \pre length of privateKey == PrivateKeyLength()
+ \pre length of otherPublicKey == PublicKeyLength()
+ */
+ virtual bool Agree(byte *agreedValue, const byte *privateKey, const byte *otherPublicKey, bool validateOtherPublicKey=true) const =0;
+
+#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY
+ bool ValidateDomainParameters(RandomNumberGenerator &rng) const
+ {return GetCryptoParameters().Validate(rng, 2);}
+#endif
+};
+
+//! interface for domains of authenticated key agreement protocols
+
+/*! In an authenticated key agreement protocol, each party has two
+ key pairs. The long-lived key pair is called the static key pair,
+ and the short-lived key pair is called the ephemeral key pair.
+*/
+class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AuthenticatedKeyAgreementDomain : public KeyAgreementAlgorithm
+{
+public:
+ //! return length of agreed value produced
+ virtual unsigned int AgreedValueLength() const =0;
+
+ //! return length of static private keys in this domain
+ virtual unsigned int StaticPrivateKeyLength() const =0;
+ //! return length of static public keys in this domain
+ virtual unsigned int StaticPublicKeyLength() const =0;
+ //! generate static private key
+ /*! \pre size of privateKey == PrivateStaticKeyLength() */
+ virtual void GenerateStaticPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const =0;
+ //! generate static public key
+ /*! \pre size of publicKey == PublicStaticKeyLength() */
+ virtual void GenerateStaticPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const =0;
+ //! generate private/public key pair
+ /*! \note equivalent to calling GenerateStaticPrivateKey() and then GenerateStaticPublicKey() */
+ virtual void GenerateStaticKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const;
+
+ //! return length of ephemeral private keys in this domain
+ virtual unsigned int EphemeralPrivateKeyLength() const =0;
+ //! return length of ephemeral public keys in this domain
+ virtual unsigned int EphemeralPublicKeyLength() const =0;
+ //! generate ephemeral private key
+ /*! \pre size of privateKey == PrivateEphemeralKeyLength() */
+ virtual void GenerateEphemeralPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const =0;
+ //! generate ephemeral public key
+ /*! \pre size of publicKey == PublicEphemeralKeyLength() */
+ virtual void GenerateEphemeralPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const =0;
+ //! generate private/public key pair
+ /*! \note equivalent to calling GenerateEphemeralPrivateKey() and then GenerateEphemeralPublicKey() */
+ virtual void GenerateEphemeralKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const;
+
+ //! derive agreed value from your private keys and couterparty's public keys, return false in case of failure
+ /*! \note The ephemeral public key will always be validated.
+ If you have previously validated the static public key, use validateStaticOtherPublicKey=false to save time.
+ \pre size of agreedValue == AgreedValueLength()
+ \pre length of staticPrivateKey == StaticPrivateKeyLength()
+ \pre length of ephemeralPrivateKey == EphemeralPrivateKeyLength()
+ \pre length of staticOtherPublicKey == StaticPublicKeyLength()
+ \pre length of ephemeralOtherPublicKey == EphemeralPublicKeyLength()
+ */
+ virtual bool Agree(byte *agreedValue,
+ const byte *staticPrivateKey, const byte *ephemeralPrivateKey,
+ const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey,
+ bool validateStaticOtherPublicKey=true) const =0;
+
+#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY
+ bool ValidateDomainParameters(RandomNumberGenerator &rng) const
+ {return GetCryptoParameters().Validate(rng, 2);}
+#endif
+};
+
+// interface for password authenticated key agreement protocols, not implemented yet
+#if 0
+//! interface for protocol sessions
+/*! The methods should be called in the following order:
+
+ InitializeSession(rng, parameters); // or call initialize method in derived class
+ while (true)
+ {
+ if (OutgoingMessageAvailable())
+ {
+ length = GetOutgoingMessageLength();
+ GetOutgoingMessage(message);
+ ; // send outgoing message
+ }
+
+ if (LastMessageProcessed())
+ break;
+
+ ; // receive incoming message
+ ProcessIncomingMessage(message);
+ }
+ ; // call methods in derived class to obtain result of protocol session
+*/
+class ProtocolSession
+{
+public:
+ //! exception thrown when an invalid protocol message is processed
+ class ProtocolError : public Exception
+ {
+ public:
+ ProtocolError(ErrorType errorType, const std::string &s) : Exception(errorType, s) {}
+ };
+
+ //! exception thrown when a function is called unexpectedly
+ /*! for example calling ProcessIncomingMessage() when ProcessedLastMessage() == true */
+ class UnexpectedMethodCall : public Exception
+ {
+ public:
+ UnexpectedMethodCall(const std::string &s) : Exception(OTHER_ERROR, s) {}
+ };
+
+ ProtocolSession() : m_rng(NULL), m_throwOnProtocolError(true), m_validState(false) {}
+ virtual ~ProtocolSession() {}
+
+ virtual void InitializeSession(RandomNumberGenerator &rng, const NameValuePairs ¶meters) =0;
+
+ bool GetThrowOnProtocolError() const {return m_throwOnProtocolError;}
+ void SetThrowOnProtocolError(bool throwOnProtocolError) {m_throwOnProtocolError = throwOnProtocolError;}
+
+ bool HasValidState() const {return m_validState;}
+
+ virtual bool OutgoingMessageAvailable() const =0;
+ virtual unsigned int GetOutgoingMessageLength() const =0;
+ virtual void GetOutgoingMessage(byte *message) =0;
+
+ virtual bool LastMessageProcessed() const =0;
+ virtual void ProcessIncomingMessage(const byte *message, unsigned int messageLength) =0;
+
+protected:
+ void HandleProtocolError(Exception::ErrorType errorType, const std::string &s) const;
+ void CheckAndHandleInvalidState() const;
+ void SetValidState(bool valid) {m_validState = valid;}
+
+ RandomNumberGenerator *m_rng;
+
+private:
+ bool m_throwOnProtocolError, m_validState;
+};
+
+class KeyAgreementSession : public ProtocolSession
+{
+public:
+ virtual unsigned int GetAgreedValueLength() const =0;
+ virtual void GetAgreedValue(byte *agreedValue) const =0;
+};
+
+class PasswordAuthenticatedKeyAgreementSession : public KeyAgreementSession
+{
+public:
+ void InitializePasswordAuthenticatedKeyAgreementSession(RandomNumberGenerator &rng,
+ const byte *myId, unsigned int myIdLength,
+ const byte *counterPartyId, unsigned int counterPartyIdLength,
+ const byte *passwordOrVerifier, unsigned int passwordOrVerifierLength);
+};
+
+class PasswordAuthenticatedKeyAgreementDomain : public KeyAgreementAlgorithm
+{
+public:
+ //! return whether the domain parameters stored in this object are valid
+ virtual bool ValidateDomainParameters(RandomNumberGenerator &rng) const
+ {return GetCryptoParameters().Validate(rng, 2);}
+
+ virtual unsigned int GetPasswordVerifierLength(const byte *password, unsigned int passwordLength) const =0;
+ virtual void GeneratePasswordVerifier(RandomNumberGenerator &rng, const byte *userId, unsigned int userIdLength, const byte *password, unsigned int passwordLength, byte *verifier) const =0;
+
+ enum RoleFlags {CLIENT=1, SERVER=2, INITIATOR=4, RESPONDER=8};
+
+ virtual bool IsValidRole(unsigned int role) =0;
+ virtual PasswordAuthenticatedKeyAgreementSession * CreateProtocolSession(unsigned int role) const =0;
+};
+#endif
+
+//! BER Decode Exception Class, may be thrown during an ASN1 BER decode operation
+class CRYPTOPP_DLL BERDecodeErr : public InvalidArgument
+{
+public:
+ BERDecodeErr() : InvalidArgument("BER decode error") {}
+ BERDecodeErr(const std::string &s) : InvalidArgument(s) {}
+};
+
+//! interface for encoding and decoding ASN1 objects
+class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE ASN1Object
+{
+public:
+ virtual ~ASN1Object() {}
+ //! decode this object from a BufferedTransformation, using BER (Basic Encoding Rules)
+ virtual void BERDecode(BufferedTransformation &bt) =0;
+ //! encode this object into a BufferedTransformation, using DER (Distinguished Encoding Rules)
+ virtual void DEREncode(BufferedTransformation &bt) const =0;
+ //! encode this object into a BufferedTransformation, using BER
+ /*! this may be useful if DEREncode() would be too inefficient */
+ virtual void BEREncode(BufferedTransformation &bt) const {DEREncode(bt);}
+};
+
+#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY
+typedef PK_SignatureScheme PK_SignatureSystem;
+typedef SimpleKeyAgreementDomain PK_SimpleKeyAgreementDomain;
+typedef AuthenticatedKeyAgreementDomain PK_AuthenticatedKeyAgreementDomain;
+#endif
+
+NAMESPACE_END
+
+#endif
git://git.novaco.in / novacoin.git / blobdiff