1
// cryptlib.h - written and placed in the public domain by Wei Dai
3
This file contains the declarations for the abstract base
4
classes that provide a uniform interface to this library.
7
/*! \mainpage Crypto++ Library 5.6.0 API Reference
9
<dt>Abstract Base Classes<dd>
11
<dt>Authenticated Encryption<dd>
12
AuthenticatedSymmetricCipherDocumentation
13
<dt>Symmetric Ciphers<dd>
14
SymmetricCipherDocumentation
15
<dt>Hash Functions<dd>
16
SHA1, SHA224, SHA256, SHA384, SHA512, Tiger, Whirlpool, RIPEMD160, RIPEMD320, RIPEMD128, RIPEMD256, Weak1::MD2, Weak1::MD4, Weak1::MD5
17
<dt>Non-Cryptographic Checksums<dd>
19
<dt>Message Authentication Codes<dd>
20
VMAC, HMAC, CBC_MAC, CMAC, DMAC, TTMAC, GCM (GMAC)
21
<dt>Random Number Generators<dd>
22
NullRNG(), LC_RNG, RandomPool, BlockingRng, NonblockingRng, AutoSeededRandomPool, AutoSeededX917RNG, DefaultAutoSeededRNG
23
<dt>Password-based Cryptography<dd>
24
PasswordBasedKeyDerivationFunction
25
<dt>Public Key Cryptosystems<dd>
26
DLIES, ECIES, LUCES, RSAES, RabinES, LUC_IES
27
<dt>Public Key Signature Schemes<dd>
28
DSA, GDSA, ECDSA, NR, ECNR, LUCSS, RSASS, RSASS_ISO, RabinSS, RWSS, ESIGN
30
#DH, DH2, #MQV, ECDH, ECMQV, XTR_DH
31
<dt>Algebraic Structures<dd>
32
Integer, PolynomialMod2, PolynomialOver, RingOfPolynomialsOver,
33
ModularArithmetic, MontgomeryRepresentation, GFP2_ONB,
34
GF2NP, GF256, GF2_32, EC2N, ECP
35
<dt>Secret Sharing and Information Dispersal<dd>
36
SecretSharing, SecretRecovery, InformationDispersal, InformationRecovery
38
Deflator, Inflator, Gzip, Gunzip, ZlibCompressor, ZlibDecompressor
39
<dt>Input Source Classes<dd>
40
StringSource, ArraySource, FileSource, SocketSource, WindowsPipeSource, RandomNumberSource
41
<dt>Output Sink Classes<dd>
42
StringSinkTemplate, ArraySink, FileSink, SocketSink, WindowsPipeSink, RandomNumberSink
43
<dt>Filter Wrappers<dd>
44
StreamTransformationFilter, HashFilter, HashVerificationFilter, SignerFilter, SignatureVerificationFilter
45
<dt>Binary to Text Encoders and Decoders<dd>
46
HexEncoder, HexDecoder, Base64Encoder, Base64Decoder, Base32Encoder, Base32Decoder
47
<dt>Wrappers for OS features<dd>
48
Timer, Socket, WindowsHandle, ThreadLocalStorage, ThreadUserTimer
49
<dt>FIPS 140 related<dd>
53
In the FIPS 140-2 validated DLL version of Crypto++, only the following implementation class are available.
56
AES, DES_EDE2, DES_EDE3, SKIPJACK
57
<dt>Cipher Modes (replace template parameter BC with one of the block ciphers above)<dd>
58
ECB_Mode\<BC\>, CTR_Mode\<BC\>, CBC_Mode\<BC\>, CFB_FIPS_Mode\<BC\>, OFB_Mode\<BC\>
59
<dt>Hash Functions<dd>
60
SHA1, SHA224, SHA256, SHA384, SHA512
61
<dt>Public Key Signature Schemes (replace template parameter H with one of the hash functions above)<dd>
62
RSASS\<PKCS1v15, H\>, RSASS\<PSS, H\>, RSASS_ISO\<H\>, RWSS\<P1363_EMSA2, H\>, DSA, ECDSA\<ECP, H\>, ECDSA\<EC2N, H\>
63
<dt>Message Authentication Codes (replace template parameter H with one of the hash functions above)<dd>
64
HMAC\<H\>, CBC_MAC\<DES_EDE2\>, CBC_MAC\<DES_EDE3\>
65
<dt>Random Number Generators<dd>
66
DefaultAutoSeededRNG (AutoSeededX917RNG\<AES\>)
69
<dt>Public Key Cryptosystems<dd>
70
RSAES\<OAEP\<SHA1\> \>
73
<p>This reference manual is a work in progress. Some classes are still lacking detailed descriptions.
74
<p>Click <a href="CryptoPPRef.zip">here</a> to download a zip archive containing this manual.
75
<p>Thanks to Ryan Phillips for providing the Doxygen configuration file
76
and getting me started with this manual.
79
#ifndef CRYPTOPP_CRYPTLIB_H
80
#define CRYPTOPP_CRYPTLIB_H
85
NAMESPACE_BEGIN(CryptoPP)
87
// forward declarations
89
class RandomNumberGenerator;
90
class BufferedTransformation;
92
//! used to specify a direction for a cipher to operate in (encrypt or decrypt)
93
enum CipherDir {ENCRYPTION, DECRYPTION};
95
//! used to represent infinite time
96
const unsigned long INFINITE_TIME = ULONG_MAX;
98
// VC60 workaround: using enums as template parameters causes problems
99
template <typename ENUM_TYPE, int VALUE>
102
static ENUM_TYPE ToEnum() {return (ENUM_TYPE)VALUE;}
105
enum ByteOrder {LITTLE_ENDIAN_ORDER = 0, BIG_ENDIAN_ORDER = 1};
106
typedef EnumToType<ByteOrder, LITTLE_ENDIAN_ORDER> LittleEndian;
107
typedef EnumToType<ByteOrder, BIG_ENDIAN_ORDER> BigEndian;
109
//! base class for all exceptions thrown by Crypto++
110
class CRYPTOPP_DLL Exception : public std::exception
115
//! a method is not implemented
117
//! invalid function argument
119
//! BufferedTransformation received a Flush(true) signal but can't flush buffers
121
//! data integerity check (such as CRC or MAC) failed
122
DATA_INTEGRITY_CHECK_FAILED,
123
//! received input data that doesn't conform to expected format
125
//! error reading from input device or writing to output device
127
//! some error not belong to any of the above categories
131
explicit Exception(ErrorType errorType, const std::string &s) : m_errorType(errorType), m_what(s) {}
132
virtual ~Exception() throw() {}
133
const char *what() const throw() {return (m_what.c_str());}
134
const std::string &GetWhat() const {return m_what;}
135
void SetWhat(const std::string &s) {m_what = s;}
136
ErrorType GetErrorType() const {return m_errorType;}
137
void SetErrorType(ErrorType errorType) {m_errorType = errorType;}
140
ErrorType m_errorType;
144
//! exception thrown when an invalid argument is detected
145
class CRYPTOPP_DLL InvalidArgument : public Exception
148
explicit InvalidArgument(const std::string &s) : Exception(INVALID_ARGUMENT, s) {}
151
//! exception thrown when input data is received that doesn't conform to expected format
152
class CRYPTOPP_DLL InvalidDataFormat : public Exception
155
explicit InvalidDataFormat(const std::string &s) : Exception(INVALID_DATA_FORMAT, s) {}
158
//! exception thrown by decryption filters when trying to decrypt an invalid ciphertext
159
class CRYPTOPP_DLL InvalidCiphertext : public InvalidDataFormat
162
explicit InvalidCiphertext(const std::string &s) : InvalidDataFormat(s) {}
165
//! exception thrown by a class if a non-implemented method is called
166
class CRYPTOPP_DLL NotImplemented : public Exception
169
explicit NotImplemented(const std::string &s) : Exception(NOT_IMPLEMENTED, s) {}
172
//! exception thrown by a class when Flush(true) is called but it can't completely flush its buffers
173
class CRYPTOPP_DLL CannotFlush : public Exception
176
explicit CannotFlush(const std::string &s) : Exception(CANNOT_FLUSH, s) {}
179
//! error reported by the operating system
180
class CRYPTOPP_DLL OS_Error : public Exception
183
OS_Error(ErrorType errorType, const std::string &s, const std::string& operation, int errorCode)
184
: Exception(errorType, s), m_operation(operation), m_errorCode(errorCode) {}
185
~OS_Error() throw() {}
187
// the operating system API that reported the error
188
const std::string & GetOperation() const {return m_operation;}
189
// the error code return by the operating system
190
int GetErrorCode() const {return m_errorCode;}
193
std::string m_operation;
197
//! used to return decoding results
198
struct CRYPTOPP_DLL DecodingResult
200
explicit DecodingResult() : isValidCoding(false), messageLength(0) {}
201
explicit DecodingResult(size_t len) : isValidCoding(true), messageLength(len) {}
203
bool operator==(const DecodingResult &rhs) const {return isValidCoding == rhs.isValidCoding && messageLength == rhs.messageLength;}
204
bool operator!=(const DecodingResult &rhs) const {return !operator==(rhs);}
207
size_t messageLength;
209
#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY
210
operator size_t() const {return isValidCoding ? messageLength : 0;}
214
//! interface for retrieving values given their names
215
/*! \note This class is used to safely pass a variable number of arbitrarily typed arguments to functions
216
and to read values from keys and crypto parameters.
217
\note To obtain an object that implements NameValuePairs for the purpose of parameter
218
passing, use the MakeParameters() function.
219
\note To get a value from NameValuePairs, you need to know the name and the type of the value.
220
Call GetValueNames() on a NameValuePairs object to obtain a list of value names that it supports.
221
Then look at the Name namespace documentation to see what the type of each value is, or
222
alternatively, call GetIntValue() with the value name, and if the type is not int, a
223
ValueTypeMismatch exception will be thrown and you can get the actual type from the exception object.
225
class CRYPTOPP_NO_VTABLE NameValuePairs
228
virtual ~NameValuePairs() {}
230
//! exception thrown when trying to retrieve a value using a different type than expected
231
class CRYPTOPP_DLL ValueTypeMismatch : public InvalidArgument
234
ValueTypeMismatch(const std::string &name, const std::type_info &stored, const std::type_info &retrieving)
235
: InvalidArgument("NameValuePairs: type mismatch for '" + name + "', stored '" + stored.name() + "', trying to retrieve '" + retrieving.name() + "'")
236
, m_stored(stored), m_retrieving(retrieving) {}
238
const std::type_info & GetStoredTypeInfo() const {return m_stored;}
239
const std::type_info & GetRetrievingTypeInfo() const {return m_retrieving;}
242
const std::type_info &m_stored;
243
const std::type_info &m_retrieving;
246
//! get a copy of this object or a subobject of it
248
bool GetThisObject(T &object) const
250
return GetValue((std::string("ThisObject:")+typeid(T).name()).c_str(), object);
253
//! get a pointer to this object, as a pointer to T
255
bool GetThisPointer(T *&p) const
257
return GetValue((std::string("ThisPointer:")+typeid(T).name()).c_str(), p);
260
//! get a named value, returns true if the name exists
262
bool GetValue(const char *name, T &value) const
264
return GetVoidValue(name, typeid(T), &value);
267
//! get a named value, returns the default if the name doesn't exist
269
T GetValueWithDefault(const char *name, T defaultValue) const
271
GetValue(name, defaultValue);
275
//! get a list of value names that can be retrieved
276
CRYPTOPP_DLL std::string GetValueNames() const
277
{std::string result; GetValue("ValueNames", result); return result;}
279
//! get a named value with type int
280
/*! used to ensure we don't accidentally try to get an unsigned int
281
or some other type when we mean int (which is the most common case) */
282
CRYPTOPP_DLL bool GetIntValue(const char *name, int &value) const
283
{return GetValue(name, value);}
285
//! get a named value with type int, with default
286
CRYPTOPP_DLL int GetIntValueWithDefault(const char *name, int defaultValue) const
287
{return GetValueWithDefault(name, defaultValue);}
289
//! used by derived classes to check for type mismatch
290
CRYPTOPP_DLL static void CRYPTOPP_API ThrowIfTypeMismatch(const char *name, const std::type_info &stored, const std::type_info &retrieving)
291
{if (stored != retrieving) throw ValueTypeMismatch(name, stored, retrieving);}
294
void GetRequiredParameter(const char *className, const char *name, T &value) const
296
if (!GetValue(name, value))
297
throw InvalidArgument(std::string(className) + ": missing required parameter '" + name + "'");
300
CRYPTOPP_DLL void GetRequiredIntParameter(const char *className, const char *name, int &value) const
302
if (!GetIntValue(name, value))
303
throw InvalidArgument(std::string(className) + ": missing required parameter '" + name + "'");
306
//! to be implemented by derived classes, users should use one of the above functions instead
307
CRYPTOPP_DLL virtual bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const =0;
310
//! namespace containing value name definitions
311
/*! value names, types and semantics:
313
ThisObject:ClassName (ClassName, copy of this object or a subobject)
314
ThisPointer:ClassName (const ClassName *, pointer to this object or a subobject)
316
DOCUMENTED_NAMESPACE_BEGIN(Name)
317
// more names defined in argnames.h
318
DOCUMENTED_NAMESPACE_END
320
//! empty set of name-value pairs
321
class CRYPTOPP_DLL NullNameValuePairs : public NameValuePairs
324
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const {return false;}
328
extern CRYPTOPP_DLL const NullNameValuePairs g_nullNameValuePairs;
330
// ********************************************************
332
//! interface for cloning objects, this is not implemented by most classes yet
333
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Clonable
336
virtual ~Clonable() {}
337
//! this is not implemented by most classes yet
338
virtual Clonable* Clone() const {throw NotImplemented("Clone() is not implemented yet.");} // TODO: make this =0
341
//! interface for all crypto algorithms
343
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Algorithm : public Clonable
346
/*! When FIPS 140-2 compliance is enabled and checkSelfTestStatus == true,
347
this constructor throws SelfTestFailure if the self test hasn't been run or fails. */
348
Algorithm(bool checkSelfTestStatus = true);
349
//! returns name of this algorithm, not universally implemented yet
350
virtual std::string AlgorithmName() const {return "unknown";}
353
//! keying interface for crypto algorithms that take byte strings as keys
354
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE SimpleKeyingInterface
357
virtual ~SimpleKeyingInterface() {}
359
//! returns smallest valid key length in bytes */
360
virtual size_t MinKeyLength() const =0;
361
//! returns largest valid key length in bytes */
362
virtual size_t MaxKeyLength() const =0;
363
//! returns default (recommended) key length in bytes */
364
virtual size_t DefaultKeyLength() const =0;
366
//! returns the smallest valid key length in bytes that is >= min(n, GetMaxKeyLength())
367
virtual size_t GetValidKeyLength(size_t n) const =0;
369
//! returns whether n is a valid key length
370
virtual bool IsValidKeyLength(size_t n) const
371
{return n == GetValidKeyLength(n);}
373
//! set or reset the key of this object
374
/*! \param params is used to specify Rounds, BlockSize, etc. */
375
virtual void SetKey(const byte *key, size_t length, const NameValuePairs ¶ms = g_nullNameValuePairs);
377
//! calls SetKey() with an NameValuePairs object that just specifies "Rounds"
378
void SetKeyWithRounds(const byte *key, size_t length, int rounds);
380
//! calls SetKey() with an NameValuePairs object that just specifies "IV"
381
void SetKeyWithIV(const byte *key, size_t length, const byte *iv, size_t ivLength);
383
//! calls SetKey() with an NameValuePairs object that just specifies "IV"
384
void SetKeyWithIV(const byte *key, size_t length, const byte *iv)
385
{SetKeyWithIV(key, length, iv, IVSize());}
387
enum IV_Requirement {UNIQUE_IV = 0, RANDOM_IV, UNPREDICTABLE_RANDOM_IV, INTERNALLY_GENERATED_IV, NOT_RESYNCHRONIZABLE};
388
//! returns the minimal requirement for secure IVs
389
virtual IV_Requirement IVRequirement() const =0;
391
//! returns whether this object can be resynchronized (i.e. supports initialization vectors)
392
/*! If this function returns true, and no IV is passed to SetKey() and CanUseStructuredIVs()==true, an IV of all 0's will be assumed. */
393
bool IsResynchronizable() const {return IVRequirement() < NOT_RESYNCHRONIZABLE;}
394
//! returns whether this object can use random IVs (in addition to ones returned by GetNextIV)
395
bool CanUseRandomIVs() const {return IVRequirement() <= UNPREDICTABLE_RANDOM_IV;}
396
//! returns whether this object can use random but possibly predictable IVs (in addition to ones returned by GetNextIV)
397
bool CanUsePredictableIVs() const {return IVRequirement() <= RANDOM_IV;}
398
//! returns whether this object can use structured IVs, for example a counter (in addition to ones returned by GetNextIV)
399
bool CanUseStructuredIVs() const {return IVRequirement() <= UNIQUE_IV;}
401
virtual unsigned int IVSize() const {throw NotImplemented(GetAlgorithm().AlgorithmName() + ": this object doesn't support resynchronization");}
402
//! returns default length of IVs accepted by this object
403
unsigned int DefaultIVLength() const {return IVSize();}
404
//! returns minimal length of IVs accepted by this object
405
virtual unsigned int MinIVLength() const {return IVSize();}
406
//! returns maximal length of IVs accepted by this object
407
virtual unsigned int MaxIVLength() const {return IVSize();}
408
//! resynchronize with an IV. ivLength=-1 means use IVSize()
409
virtual void Resynchronize(const byte *iv, int ivLength=-1) {throw NotImplemented(GetAlgorithm().AlgorithmName() + ": this object doesn't support resynchronization");}
410
//! get a secure IV for the next message
411
/*! This method should be called after you finish encrypting one message and are ready to start the next one.
412
After calling it, you must call SetKey() or Resynchronize() before using this object again.
413
This method is not implemented on decryption objects. */
414
virtual void GetNextIV(RandomNumberGenerator &rng, byte *IV);
417
virtual const Algorithm & GetAlgorithm() const =0;
418
virtual void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms) =0;
420
void ThrowIfInvalidKeyLength(size_t length);
421
void ThrowIfResynchronizable(); // to be called when no IV is passed
422
void ThrowIfInvalidIV(const byte *iv); // check for NULL IV if it can't be used
423
size_t ThrowIfInvalidIVLength(int size);
424
const byte * GetIVAndThrowIfInvalid(const NameValuePairs ¶ms, size_t &size);
425
inline void AssertValidKeyLength(size_t length) const
426
{assert(IsValidKeyLength(length));}
429
//! interface for the data processing part of block ciphers
431
/*! Classes derived from BlockTransformation are block ciphers
432
in ECB mode (for example the DES::Encryption class), which are stateless.
433
These classes should not be used directly, but only in combination with
434
a mode class (see CipherModeDocumentation in modes.h).
436
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE BlockTransformation : public Algorithm
439
//! encrypt or decrypt inBlock, xor with xorBlock, and write to outBlock
440
virtual void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const =0;
442
//! encrypt or decrypt one block
443
/*! \pre size of inBlock and outBlock == BlockSize() */
444
void ProcessBlock(const byte *inBlock, byte *outBlock) const
445
{ProcessAndXorBlock(inBlock, NULL, outBlock);}
447
//! encrypt or decrypt one block in place
448
void ProcessBlock(byte *inoutBlock) const
449
{ProcessAndXorBlock(inoutBlock, NULL, inoutBlock);}
451
//! block size of the cipher in bytes
452
virtual unsigned int BlockSize() const =0;
454
//! returns how inputs and outputs should be aligned for optimal performance
455
virtual unsigned int OptimalDataAlignment() const;
457
//! returns true if this is a permutation (i.e. there is an inverse transformation)
458
virtual bool IsPermutation() const {return true;}
460
//! returns true if this is an encryption object
461
virtual bool IsForwardTransformation() const =0;
463
//! return number of blocks that can be processed in parallel, for bit-slicing implementations
464
virtual unsigned int OptimalNumberOfParallelBlocks() const {return 1;}
466
enum {BT_InBlockIsCounter=1, BT_DontIncrementInOutPointers=2, BT_XorInput=4, BT_ReverseDirection=8} FlagsForAdvancedProcessBlocks;
468
//! encrypt and xor blocks according to flags (see FlagsForAdvancedProcessBlocks)
469
/*! /note If BT_InBlockIsCounter is set, last byte of inBlocks may be modified. */
470
virtual size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const;
472
inline CipherDir GetCipherDirection() const {return IsForwardTransformation() ? ENCRYPTION : DECRYPTION;}
475
//! interface for the data processing part of stream ciphers
477
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE StreamTransformation : public Algorithm
480
//! return a reference to this object,
481
/*! This function is useful for passing a temporary StreamTransformation object to a
482
function that takes a non-const reference. */
483
StreamTransformation& Ref() {return *this;}
485
//! returns block size, if input must be processed in blocks, otherwise 1
486
virtual unsigned int MandatoryBlockSize() const {return 1;}
488
//! returns the input block size that is most efficient for this cipher
489
/*! \note optimal input length is n * OptimalBlockSize() - GetOptimalBlockSizeUsed() for any n > 0 */
490
virtual unsigned int OptimalBlockSize() const {return MandatoryBlockSize();}
491
//! returns how much of the current block is used up
492
virtual unsigned int GetOptimalBlockSizeUsed() const {return 0;}
494
//! returns how input should be aligned for optimal performance
495
virtual unsigned int OptimalDataAlignment() const;
497
//! encrypt or decrypt an array of bytes of specified length
498
/*! \note either inString == outString, or they don't overlap */
499
virtual void ProcessData(byte *outString, const byte *inString, size_t length) =0;
501
//! for ciphers where the last block of data is special, encrypt or decrypt the last block of data
502
/*! For now the only use of this function is for CBC-CTS mode. */
503
virtual void ProcessLastBlock(byte *outString, const byte *inString, size_t length);
504
//! returns the minimum size of the last block, 0 indicating the last block is not special
505
virtual unsigned int MinLastBlockSize() const {return 0;}
507
//! same as ProcessData(inoutString, inoutString, length)
508
inline void ProcessString(byte *inoutString, size_t length)
509
{ProcessData(inoutString, inoutString, length);}
510
//! same as ProcessData(outString, inString, length)
511
inline void ProcessString(byte *outString, const byte *inString, size_t length)
512
{ProcessData(outString, inString, length);}
513
//! implemented as {ProcessData(&input, &input, 1); return input;}
514
inline byte ProcessByte(byte input)
515
{ProcessData(&input, &input, 1); return input;}
517
//! returns whether this cipher supports random access
518
virtual bool IsRandomAccess() const =0;
519
//! for random access ciphers, seek to an absolute position
520
virtual void Seek(lword n)
522
assert(!IsRandomAccess());
523
throw NotImplemented("StreamTransformation: this object doesn't support random access");
526
//! returns whether this transformation is self-inverting (e.g. xor with a keystream)
527
virtual bool IsSelfInverting() const =0;
528
//! returns whether this is an encryption object
529
virtual bool IsForwardTransformation() const =0;
532
//! interface for hash functions and data processing part of MACs
534
/*! HashTransformation objects are stateful. They are created in an initial state,
535
change state as Update() is called, and return to the initial
536
state when Final() is called. This interface allows a large message to
537
be hashed in pieces by calling Update() on each piece followed by
540
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE HashTransformation : public Algorithm
543
//! return a reference to this object,
544
/*! This function is useful for passing a temporary HashTransformation object to a
545
function that takes a non-const reference. */
546
HashTransformation& Ref() {return *this;}
548
//! process more input
549
virtual void Update(const byte *input, size_t length) =0;
551
//! request space to write input into
552
virtual byte * CreateUpdateSpace(size_t &size) {size=0; return NULL;}
554
//! compute hash for current message, then restart for a new message
555
/*! \pre size of digest == DigestSize(). */
556
virtual void Final(byte *digest)
557
{TruncatedFinal(digest, DigestSize());}
559
//! discard the current state, and restart with a new message
560
virtual void Restart()
561
{TruncatedFinal(NULL, 0);}
563
//! size of the hash/digest/MAC returned by Final()
564
virtual unsigned int DigestSize() const =0;
566
//! same as DigestSize()
567
unsigned int TagSize() const {return DigestSize();}
570
//! block size of underlying compression function, or 0 if not block based
571
virtual unsigned int BlockSize() const {return 0;}
573
//! input to Update() should have length a multiple of this for optimal speed
574
virtual unsigned int OptimalBlockSize() const {return 1;}
576
//! returns how input should be aligned for optimal performance
577
virtual unsigned int OptimalDataAlignment() const;
579
//! use this if your input is in one piece and you don't want to call Update() and Final() separately
580
virtual void CalculateDigest(byte *digest, const byte *input, size_t length)
581
{Update(input, length); Final(digest);}
583
//! verify that digest is a valid digest for the current message, then reinitialize the object
584
/*! Default implementation is to call Final() and do a bitwise comparison
585
between its output and digest. */
586
virtual bool Verify(const byte *digest)
587
{return TruncatedVerify(digest, DigestSize());}
589
//! use this if your input is in one piece and you don't want to call Update() and Verify() separately
590
virtual bool VerifyDigest(const byte *digest, const byte *input, size_t length)
591
{Update(input, length); return Verify(digest);}
593
//! truncated version of Final()
594
virtual void TruncatedFinal(byte *digest, size_t digestSize) =0;
596
//! truncated version of CalculateDigest()
597
virtual void CalculateTruncatedDigest(byte *digest, size_t digestSize, const byte *input, size_t length)
598
{Update(input, length); TruncatedFinal(digest, digestSize);}
600
//! truncated version of Verify()
601
virtual bool TruncatedVerify(const byte *digest, size_t digestLength);
603
//! truncated version of VerifyDigest()
604
virtual bool VerifyTruncatedDigest(const byte *digest, size_t digestLength, const byte *input, size_t length)
605
{Update(input, length); return TruncatedVerify(digest, digestLength);}
608
void ThrowIfInvalidTruncatedSize(size_t size) const;
611
typedef HashTransformation HashFunction;
613
//! interface for one direction (encryption or decryption) of a block cipher
614
/*! \note These objects usually should not be used directly. See BlockTransformation for more details. */
615
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE BlockCipher : public SimpleKeyingInterface, public BlockTransformation
618
const Algorithm & GetAlgorithm() const {return *this;}
621
//! interface for one direction (encryption or decryption) of a stream cipher or cipher mode
622
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE SymmetricCipher : public SimpleKeyingInterface, public StreamTransformation
625
const Algorithm & GetAlgorithm() const {return *this;}
628
//! interface for message authentication codes
629
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE MessageAuthenticationCode : public SimpleKeyingInterface, public HashTransformation
632
const Algorithm & GetAlgorithm() const {return *this;}
635
//! interface for for one direction (encryption or decryption) of a stream cipher or block cipher mode with authentication
636
/*! The StreamTransformation part of this interface is used to encrypt/decrypt the data, and the MessageAuthenticationCode part of this
637
interface is used to input additional authenticated data (AAD, which is MAC'ed but not encrypted), and to generate/verify the MAC. */
638
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AuthenticatedSymmetricCipher : public MessageAuthenticationCode, public StreamTransformation
641
//! this indicates that a member function was called in the wrong state, for example trying to encrypt a message before having set the key or IV
642
class BadState : public Exception
645
explicit BadState(const std::string &name, const char *message) : Exception(OTHER_ERROR, name + ": " + message) {}
646
explicit BadState(const std::string &name, const char *function, const char *state) : Exception(OTHER_ERROR, name + ": " + function + " was called before " + state) {}
649
//! the maximum length of AAD that can be input before the encrypted data
650
virtual lword MaxHeaderLength() const =0;
651
//! the maximum length of encrypted data
652
virtual lword MaxMessageLength() const =0;
653
//! the maximum length of AAD that can be input after the encrypted data
654
virtual lword MaxFooterLength() const {return 0;}
655
//! if this function returns true, SpecifyDataLengths() must be called before attempting to input data
656
/*! This is the case for some schemes, such as CCM. */
657
virtual bool NeedsPrespecifiedDataLengths() const {return false;}
658
//! this function only needs to be called if NeedsPrespecifiedDataLengths() returns true
659
void SpecifyDataLengths(lword headerLength, lword messageLength, lword footerLength=0);
660
//! encrypt and generate MAC in one call. will truncate MAC if macSize < TagSize()
661
virtual void EncryptAndAuthenticate(byte *ciphertext, byte *mac, size_t macSize, const byte *iv, int ivLength, const byte *header, size_t headerLength, const byte *message, size_t messageLength);
662
//! decrypt and verify MAC in one call, returning true iff MAC is valid. will assume MAC is truncated if macLength < TagSize()
663
virtual bool DecryptAndVerify(byte *message, const byte *mac, size_t macLength, const byte *iv, int ivLength, const byte *header, size_t headerLength, const byte *ciphertext, size_t ciphertextLength);
665
// redeclare this to avoid compiler ambiguity errors
666
virtual std::string AlgorithmName() const =0;
669
const Algorithm & GetAlgorithm() const {return *static_cast<const MessageAuthenticationCode *>(this);}
670
virtual void UncheckedSpecifyDataLengths(lword headerLength, lword messageLength, lword footerLength) {}
673
#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY
674
typedef SymmetricCipher StreamCipher;
677
//! interface for random number generators
678
/*! All return values are uniformly distributed over the range specified.
680
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE RandomNumberGenerator : public Algorithm
683
//! update RNG state with additional unpredictable values
684
virtual void IncorporateEntropy(const byte *input, size_t length) {throw NotImplemented("RandomNumberGenerator: IncorporateEntropy not implemented");}
686
//! returns true if IncorporateEntropy is implemented
687
virtual bool CanIncorporateEntropy() const {return false;}
689
//! generate new random byte and return it
690
virtual byte GenerateByte();
692
//! generate new random bit and return it
693
/*! Default implementation is to call GenerateByte() and return its lowest bit. */
694
virtual unsigned int GenerateBit();
696
//! generate a random 32 bit word in the range min to max, inclusive
697
virtual word32 GenerateWord32(word32 a=0, word32 b=0xffffffffL);
699
//! generate random array of bytes
700
virtual void GenerateBlock(byte *output, size_t size);
702
//! generate and discard n bytes
703
virtual void DiscardBytes(size_t n);
705
//! generate random bytes as input to a BufferedTransformation
706
virtual void GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword length);
708
//! randomly shuffle the specified array, resulting permutation is uniformly distributed
709
template <class IT> void Shuffle(IT begin, IT end)
711
for (; begin != end; ++begin)
712
std::iter_swap(begin, begin + GenerateWord32(0, end-begin-1));
715
#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY
716
byte GetByte() {return GenerateByte();}
717
unsigned int GetBit() {return GenerateBit();}
718
word32 GetLong(word32 a=0, word32 b=0xffffffffL) {return GenerateWord32(a, b);}
719
word16 GetShort(word16 a=0, word16 b=0xffff) {return (word16)GenerateWord32(a, b);}
720
void GetBlock(byte *output, size_t size) {GenerateBlock(output, size);}
724
//! returns a reference that can be passed to functions that ask for a RNG but doesn't actually use it
725
CRYPTOPP_DLL RandomNumberGenerator & CRYPTOPP_API NullRNG();
727
class WaitObjectContainer;
730
//! interface for objects that you can wait for
732
class CRYPTOPP_NO_VTABLE Waitable
735
virtual ~Waitable() {}
737
//! maximum number of wait objects that this object can return
738
virtual unsigned int GetMaxWaitObjectCount() const =0;
739
//! put wait objects into container
740
/*! \param callStack is used for tracing no wait loops, example:
741
something.GetWaitObjects(c, CallStack("my func after X", 0));
742
- or in an outer GetWaitObjects() method that itself takes a callStack parameter:
743
innerThing.GetWaitObjects(c, CallStack("MyClass::GetWaitObjects at X", &callStack)); */
744
virtual void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) =0;
745
//! wait on this object
746
/*! same as creating an empty container, calling GetWaitObjects(), and calling Wait() on the container */
747
bool Wait(unsigned long milliseconds, CallStack const& callStack);
750
//! the default channel for BufferedTransformation, equal to the empty string
751
extern CRYPTOPP_DLL const std::string DEFAULT_CHANNEL;
753
//! channel for additional authenticated data, equal to "AAD"
754
extern CRYPTOPP_DLL const std::string AAD_CHANNEL;
756
//! interface for buffered transformations
758
/*! BufferedTransformation is a generalization of BlockTransformation,
759
StreamTransformation, and HashTransformation.
761
A buffered transformation is an object that takes a stream of bytes
762
as input (this may be done in stages), does some computation on them, and
763
then places the result into an internal buffer for later retrieval. Any
764
partial result already in the output buffer is not modified by further
767
If a method takes a "blocking" parameter, and you
768
pass "false" for it, the method will return before all input has been processed if
769
the input cannot be processed without waiting (for network buffers to become available, for example).
770
In this case the method will return true
771
or a non-zero integer value. When this happens you must continue to call the method with the same
772
parameters until it returns false or zero, before calling any other method on it or
773
attached BufferedTransformation. The integer return value in this case is approximately
774
the number of bytes left to be processed, and can be used to implement a progress bar.
776
For functions that take a "propagation" parameter, propagation != 0 means pass on the signal to attached
777
BufferedTransformation objects, with propagation decremented at each step until it reaches 0.
778
-1 means unlimited propagation.
782
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE BufferedTransformation : public Algorithm, public Waitable
785
// placed up here for CW8
786
static const std::string &NULL_CHANNEL; // same as DEFAULT_CHANNEL, for backwards compatibility
788
BufferedTransformation() : Algorithm(false) {}
790
//! return a reference to this object
791
/*! This function is useful for passing a temporary BufferedTransformation object to a
792
function that takes a non-const reference. */
793
BufferedTransformation& Ref() {return *this;}
797
//! input a byte for processing
798
size_t Put(byte inByte, bool blocking=true)
799
{return Put(&inByte, 1, blocking);}
800
//! input multiple bytes
801
size_t Put(const byte *inString, size_t length, bool blocking=true)
802
{return Put2(inString, length, 0, blocking);}
804
//! input a 16-bit word
805
size_t PutWord16(word16 value, ByteOrder order=BIG_ENDIAN_ORDER, bool blocking=true);
806
//! input a 32-bit word
807
size_t PutWord32(word32 value, ByteOrder order=BIG_ENDIAN_ORDER, bool blocking=true);
809
//! request space which can be written into by the caller, and then used as input to Put()
810
/*! \param size is requested size (as a hint) for input, and size of the returned space for output */
811
/*! \note The purpose of this method is to help avoid doing extra memory allocations. */
812
virtual byte * CreatePutSpace(size_t &size) {size=0; return NULL;}
814
virtual bool CanModifyInput() const {return false;}
816
//! input multiple bytes that may be modified by callee
817
size_t PutModifiable(byte *inString, size_t length, bool blocking=true)
818
{return PutModifiable2(inString, length, 0, blocking);}
820
bool MessageEnd(int propagation=-1, bool blocking=true)
821
{return !!Put2(NULL, 0, propagation < 0 ? -1 : propagation+1, blocking);}
822
size_t PutMessageEnd(const byte *inString, size_t length, int propagation=-1, bool blocking=true)
823
{return Put2(inString, length, propagation < 0 ? -1 : propagation+1, blocking);}
825
//! input multiple bytes for blocking or non-blocking processing
826
/*! \param messageEnd means how many filters to signal MessageEnd to, including this one */
827
virtual size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking) =0;
828
//! input multiple bytes that may be modified by callee for blocking or non-blocking processing
829
/*! \param messageEnd means how many filters to signal MessageEnd to, including this one */
830
virtual size_t PutModifiable2(byte *inString, size_t length, int messageEnd, bool blocking)
831
{return Put2(inString, length, messageEnd, blocking);}
833
//! thrown by objects that have not implemented nonblocking input processing
834
struct BlockingInputOnly : public NotImplemented
835
{BlockingInputOnly(const std::string &s) : NotImplemented(s + ": Nonblocking input is not implemented by this object.") {}};
840
unsigned int GetMaxWaitObjectCount() const;
841
void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack);
846
virtual void IsolatedInitialize(const NameValuePairs ¶meters) {throw NotImplemented("BufferedTransformation: this object can't be reinitialized");}
847
virtual bool IsolatedFlush(bool hardFlush, bool blocking) =0;
848
virtual bool IsolatedMessageSeriesEnd(bool blocking) {return false;}
850
//! initialize or reinitialize this object
851
virtual void Initialize(const NameValuePairs ¶meters=g_nullNameValuePairs, int propagation=-1);
852
//! flush buffered input and/or output
853
/*! \param hardFlush is used to indicate whether all data should be flushed
854
\note Hard flushes must be used with care. It means try to process and output everything, even if
855
there may not be enough data to complete the action. For example, hard flushing a HexDecoder would
856
cause an error if you do it after inputing an odd number of hex encoded characters.
857
For some types of filters, for example ZlibDecompressor, hard flushes can only
858
be done at "synchronization points". These synchronization points are positions in the data
859
stream that are created by hard flushes on the corresponding reverse filters, in this
860
example ZlibCompressor. This is useful when zlib compressed data is moved across a
861
network in packets and compression state is preserved across packets, as in the ssh2 protocol.
863
virtual bool Flush(bool hardFlush, int propagation=-1, bool blocking=true);
864
//! mark end of a series of messages
865
/*! There should be a MessageEnd immediately before MessageSeriesEnd. */
866
virtual bool MessageSeriesEnd(int propagation=-1, bool blocking=true);
868
//! set propagation of automatically generated and transferred signals
869
/*! propagation == 0 means do not automaticly generate signals */
870
virtual void SetAutoSignalPropagation(int propagation) {}
873
virtual int GetAutoSignalPropagation() const {return 0;}
876
#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY
877
void Close() {MessageEnd();}
881
//! \name RETRIEVAL OF ONE MESSAGE
883
//! returns number of bytes that is currently ready for retrieval
884
/*! All retrieval functions return the actual number of bytes
885
retrieved, which is the lesser of the request number and
887
virtual lword MaxRetrievable() const;
889
//! returns whether any bytes are currently ready for retrieval
890
virtual bool AnyRetrievable() const;
892
//! try to retrieve a single byte
893
virtual size_t Get(byte &outByte);
894
//! try to retrieve multiple bytes
895
virtual size_t Get(byte *outString, size_t getMax);
897
//! peek at the next byte without removing it from the output buffer
898
virtual size_t Peek(byte &outByte) const;
899
//! peek at multiple bytes without removing them from the output buffer
900
virtual size_t Peek(byte *outString, size_t peekMax) const;
902
//! try to retrieve a 16-bit word
903
size_t GetWord16(word16 &value, ByteOrder order=BIG_ENDIAN_ORDER);
904
//! try to retrieve a 32-bit word
905
size_t GetWord32(word32 &value, ByteOrder order=BIG_ENDIAN_ORDER);
907
//! try to peek at a 16-bit word
908
size_t PeekWord16(word16 &value, ByteOrder order=BIG_ENDIAN_ORDER) const;
909
//! try to peek at a 32-bit word
910
size_t PeekWord32(word32 &value, ByteOrder order=BIG_ENDIAN_ORDER) const;
912
//! move transferMax bytes of the buffered output to target as input
913
lword TransferTo(BufferedTransformation &target, lword transferMax=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL)
914
{TransferTo2(target, transferMax, channel); return transferMax;}
916
//! discard skipMax bytes from the output buffer
917
virtual lword Skip(lword skipMax=LWORD_MAX);
919
//! copy copyMax bytes of the buffered output to target as input
920
lword CopyTo(BufferedTransformation &target, lword copyMax=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL) const
921
{return CopyRangeTo(target, 0, copyMax, channel);}
923
//! copy copyMax bytes of the buffered output, starting at position (relative to current position), to target as input
924
lword CopyRangeTo(BufferedTransformation &target, lword position, lword copyMax=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL) const
925
{lword i = position; CopyRangeTo2(target, i, i+copyMax, channel); return i-position;}
927
#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY
928
unsigned long MaxRetrieveable() const {return MaxRetrievable();}
932
//! \name RETRIEVAL OF MULTIPLE MESSAGES
935
virtual lword TotalBytesRetrievable() const;
936
//! number of times MessageEnd() has been received minus messages retrieved or skipped
937
virtual unsigned int NumberOfMessages() const;
938
//! returns true if NumberOfMessages() > 0
939
virtual bool AnyMessages() const;
940
//! start retrieving the next message
942
Returns false if no more messages exist or this message
943
is not completely retrieved.
945
virtual bool GetNextMessage();
946
//! skip count number of messages
947
virtual unsigned int SkipMessages(unsigned int count=UINT_MAX);
949
unsigned int TransferMessagesTo(BufferedTransformation &target, unsigned int count=UINT_MAX, const std::string &channel=DEFAULT_CHANNEL)
950
{TransferMessagesTo2(target, count, channel); return count;}
952
unsigned int CopyMessagesTo(BufferedTransformation &target, unsigned int count=UINT_MAX, const std::string &channel=DEFAULT_CHANNEL) const;
955
virtual void SkipAll();
957
void TransferAllTo(BufferedTransformation &target, const std::string &channel=DEFAULT_CHANNEL)
958
{TransferAllTo2(target, channel);}
960
void CopyAllTo(BufferedTransformation &target, const std::string &channel=DEFAULT_CHANNEL) const;
962
virtual bool GetNextMessageSeries() {return false;}
963
virtual unsigned int NumberOfMessagesInThisSeries() const {return NumberOfMessages();}
964
virtual unsigned int NumberOfMessageSeries() const {return 0;}
967
//! \name NON-BLOCKING TRANSFER OF OUTPUT
969
//! upon return, byteCount contains number of bytes that have finished being transfered, and returns the number of bytes left in the current transfer block
970
virtual size_t TransferTo2(BufferedTransformation &target, lword &byteCount, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) =0;
971
//! upon return, begin contains the start position of data yet to be finished copying, and returns the number of bytes left in the current transfer block
972
virtual size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const =0;
973
//! upon return, messageCount contains number of messages that have finished being transfered, and returns the number of bytes left in the current transfer block
974
size_t TransferMessagesTo2(BufferedTransformation &target, unsigned int &messageCount, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true);
975
//! returns the number of bytes left in the current transfer block
976
size_t TransferAllTo2(BufferedTransformation &target, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true);
981
struct NoChannelSupport : public NotImplemented
982
{NoChannelSupport(const std::string &name) : NotImplemented(name + ": this object doesn't support multiple channels") {}};
983
struct InvalidChannelName : public InvalidArgument
984
{InvalidChannelName(const std::string &name, const std::string &channel) : InvalidArgument(name + ": unexpected channel name \"" + channel + "\"") {}};
986
size_t ChannelPut(const std::string &channel, byte inByte, bool blocking=true)
987
{return ChannelPut(channel, &inByte, 1, blocking);}
988
size_t ChannelPut(const std::string &channel, const byte *inString, size_t length, bool blocking=true)
989
{return ChannelPut2(channel, inString, length, 0, blocking);}
991
size_t ChannelPutModifiable(const std::string &channel, byte *inString, size_t length, bool blocking=true)
992
{return ChannelPutModifiable2(channel, inString, length, 0, blocking);}
994
size_t ChannelPutWord16(const std::string &channel, word16 value, ByteOrder order=BIG_ENDIAN_ORDER, bool blocking=true);
995
size_t ChannelPutWord32(const std::string &channel, word32 value, ByteOrder order=BIG_ENDIAN_ORDER, bool blocking=true);
997
bool ChannelMessageEnd(const std::string &channel, int propagation=-1, bool blocking=true)
998
{return !!ChannelPut2(channel, NULL, 0, propagation < 0 ? -1 : propagation+1, blocking);}
999
size_t ChannelPutMessageEnd(const std::string &channel, const byte *inString, size_t length, int propagation=-1, bool blocking=true)
1000
{return ChannelPut2(channel, inString, length, propagation < 0 ? -1 : propagation+1, blocking);}
1002
virtual byte * ChannelCreatePutSpace(const std::string &channel, size_t &size);
1004
virtual size_t ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking);
1005
virtual size_t ChannelPutModifiable2(const std::string &channel, byte *begin, size_t length, int messageEnd, bool blocking);
1007
virtual bool ChannelFlush(const std::string &channel, bool hardFlush, int propagation=-1, bool blocking=true);
1008
virtual bool ChannelMessageSeriesEnd(const std::string &channel, int propagation=-1, bool blocking=true);
1010
virtual void SetRetrievalChannel(const std::string &channel);
1013
//! \name ATTACHMENT
1014
/*! Some BufferedTransformation objects (e.g. Filter objects)
1015
allow other BufferedTransformation objects to be attached. When
1016
this is done, the first object instead of buffering its output,
1017
sents that output to the attached object as input. The entire
1018
attachment chain is deleted when the anchor object is destructed.
1021
//! returns whether this object allows attachment
1022
virtual bool Attachable() {return false;}
1023
//! returns the object immediately attached to this object or NULL for no attachment
1024
virtual BufferedTransformation *AttachedTransformation() {assert(!Attachable()); return 0;}
1026
virtual const BufferedTransformation *AttachedTransformation() const
1027
{return const_cast<BufferedTransformation *>(this)->AttachedTransformation();}
1028
//! delete the current attachment chain and replace it with newAttachment
1029
virtual void Detach(BufferedTransformation *newAttachment = 0)
1030
{assert(!Attachable()); throw NotImplemented("BufferedTransformation: this object is not attachable");}
1031
//! add newAttachment to the end of attachment chain
1032
virtual void Attach(BufferedTransformation *newAttachment);
1036
static int DecrementPropagation(int propagation)
1037
{return propagation != 0 ? propagation - 1 : 0;}
1040
byte m_buf[4]; // for ChannelPutWord16 and ChannelPutWord32, to ensure buffer isn't deallocated before non-blocking operation completes
1043
//! returns a reference to a BufferedTransformation object that discards all input
1044
BufferedTransformation & TheBitBucket();
1046
//! interface for crypto material, such as public and private keys, and crypto parameters
1048
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CryptoMaterial : public NameValuePairs
1051
//! exception thrown when invalid crypto material is detected
1052
class CRYPTOPP_DLL InvalidMaterial : public InvalidDataFormat
1055
explicit InvalidMaterial(const std::string &s) : InvalidDataFormat(s) {}
1058
//! assign values from source to this object
1059
/*! \note This function can be used to create a public key from a private key. */
1060
virtual void AssignFrom(const NameValuePairs &source) =0;
1062
//! check this object for errors
1063
/*! \param level denotes the level of thoroughness:
1064
0 - using this object won't cause a crash or exception (rng is ignored)
1065
1 - this object will probably function (encrypt, sign, etc.) correctly (but may not check for weak keys and such)
1066
2 - make sure this object will function correctly, and do reasonable security checks
1067
3 - do checks that may take a long time
1068
\return true if the tests pass */
1069
virtual bool Validate(RandomNumberGenerator &rng, unsigned int level) const =0;
1071
//! throws InvalidMaterial if this object fails Validate() test
1072
virtual void ThrowIfInvalid(RandomNumberGenerator &rng, unsigned int level) const
1073
{if (!Validate(rng, level)) throw InvalidMaterial("CryptoMaterial: this object contains invalid values");}
1075
// virtual std::vector<std::string> GetSupportedFormats(bool includeSaveOnly=false, bool includeLoadOnly=false);
1077
//! save key into a BufferedTransformation
1078
virtual void Save(BufferedTransformation &bt) const
1079
{throw NotImplemented("CryptoMaterial: this object does not support saving");}
1081
//! load key from a BufferedTransformation
1082
/*! \throws KeyingErr if decode fails
1083
\note Generally does not check that the key is valid.
1084
Call ValidateKey() or ThrowIfInvalidKey() to check that. */
1085
virtual void Load(BufferedTransformation &bt)
1086
{throw NotImplemented("CryptoMaterial: this object does not support loading");}
1088
//! \return whether this object supports precomputation
1089
virtual bool SupportsPrecomputation() const {return false;}
1090
//! do precomputation
1091
/*! The exact semantics of Precompute() is varies, but
1092
typically it means calculate a table of n objects
1093
that can be used later to speed up computation. */
1094
virtual void Precompute(unsigned int n)
1095
{assert(!SupportsPrecomputation()); throw NotImplemented("CryptoMaterial: this object does not support precomputation");}
1096
//! retrieve previously saved precomputation
1097
virtual void LoadPrecomputation(BufferedTransformation &storedPrecomputation)
1098
{assert(!SupportsPrecomputation()); throw NotImplemented("CryptoMaterial: this object does not support precomputation");}
1099
//! save precomputation for later use
1100
virtual void SavePrecomputation(BufferedTransformation &storedPrecomputation) const
1101
{assert(!SupportsPrecomputation()); throw NotImplemented("CryptoMaterial: this object does not support precomputation");}
1103
// for internal library use
1104
void DoQuickSanityCheck() const {ThrowIfInvalid(NullRNG(), 0);}
1106
#if (defined(__SUNPRO_CC) && __SUNPRO_CC < 0x590)
1107
// Sun Studio 11/CC 5.8 workaround: it generates incorrect code when casting to an empty virtual base class
1108
char m_sunCCworkaround;
1112
//! interface for generatable crypto material, such as private keys and crypto parameters
1114
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE GeneratableCryptoMaterial : virtual public CryptoMaterial
1117
//! generate a random key or crypto parameters
1118
/*! \throws KeyingErr if algorithm parameters are invalid, or if a key can't be generated
1119
(e.g., if this is a public key object) */
1120
virtual void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs ¶ms = g_nullNameValuePairs)
1121
{throw NotImplemented("GeneratableCryptoMaterial: this object does not support key/parameter generation");}
1123
//! calls the above function with a NameValuePairs object that just specifies "KeySize"
1124
void GenerateRandomWithKeySize(RandomNumberGenerator &rng, unsigned int keySize);
1127
//! interface for public keys
1129
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PublicKey : virtual public CryptoMaterial
1133
//! interface for private keys
1135
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PrivateKey : public GeneratableCryptoMaterial
1139
//! interface for crypto prameters
1141
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CryptoParameters : public GeneratableCryptoMaterial
1145
//! interface for asymmetric algorithms
1147
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AsymmetricAlgorithm : public Algorithm
1150
//! returns a reference to the crypto material used by this object
1151
virtual CryptoMaterial & AccessMaterial() =0;
1152
//! returns a const reference to the crypto material used by this object
1153
virtual const CryptoMaterial & GetMaterial() const =0;
1155
//! for backwards compatibility, calls AccessMaterial().Load(bt)
1156
void BERDecode(BufferedTransformation &bt)
1157
{AccessMaterial().Load(bt);}
1158
//! for backwards compatibility, calls GetMaterial().Save(bt)
1159
void DEREncode(BufferedTransformation &bt) const
1160
{GetMaterial().Save(bt);}
1163
//! interface for asymmetric algorithms using public keys
1165
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PublicKeyAlgorithm : public AsymmetricAlgorithm
1168
// VC60 workaround: no co-variant return type
1169
CryptoMaterial & AccessMaterial() {return AccessPublicKey();}
1170
const CryptoMaterial & GetMaterial() const {return GetPublicKey();}
1172
virtual PublicKey & AccessPublicKey() =0;
1173
virtual const PublicKey & GetPublicKey() const {return const_cast<PublicKeyAlgorithm *>(this)->AccessPublicKey();}
1176
//! interface for asymmetric algorithms using private keys
1178
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PrivateKeyAlgorithm : public AsymmetricAlgorithm
1181
CryptoMaterial & AccessMaterial() {return AccessPrivateKey();}
1182
const CryptoMaterial & GetMaterial() const {return GetPrivateKey();}
1184
virtual PrivateKey & AccessPrivateKey() =0;
1185
virtual const PrivateKey & GetPrivateKey() const {return const_cast<PrivateKeyAlgorithm *>(this)->AccessPrivateKey();}
1188
//! interface for key agreement algorithms
1190
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE KeyAgreementAlgorithm : public AsymmetricAlgorithm
1193
CryptoMaterial & AccessMaterial() {return AccessCryptoParameters();}
1194
const CryptoMaterial & GetMaterial() const {return GetCryptoParameters();}
1196
virtual CryptoParameters & AccessCryptoParameters() =0;
1197
virtual const CryptoParameters & GetCryptoParameters() const {return const_cast<KeyAgreementAlgorithm *>(this)->AccessCryptoParameters();}
1200
//! interface for public-key encryptors and decryptors
1202
/*! This class provides an interface common to encryptors and decryptors
1203
for querying their plaintext and ciphertext lengths.
1205
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_CryptoSystem
1208
virtual ~PK_CryptoSystem() {}
1210
//! maximum length of plaintext for a given ciphertext length
1211
/*! \note This function returns 0 if ciphertextLength is not valid (too long or too short). */
1212
virtual size_t MaxPlaintextLength(size_t ciphertextLength) const =0;
1214
//! calculate length of ciphertext given length of plaintext
1215
/*! \note This function returns 0 if plaintextLength is not valid (too long). */
1216
virtual size_t CiphertextLength(size_t plaintextLength) const =0;
1218
//! this object supports the use of the parameter with the given name
1219
/*! some possible parameter names: EncodingParameters, KeyDerivationParameters */
1220
virtual bool ParameterSupported(const char *name) const =0;
1222
//! return fixed ciphertext length, if one exists, otherwise return 0
1223
/*! \note "Fixed" here means length of ciphertext does not depend on length of plaintext.
1224
It usually does depend on the key length. */
1225
virtual size_t FixedCiphertextLength() const {return 0;}
1227
//! return maximum plaintext length given the fixed ciphertext length, if one exists, otherwise return 0
1228
virtual size_t FixedMaxPlaintextLength() const {return 0;}
1230
#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY
1231
size_t MaxPlainTextLength(size_t cipherTextLength) const {return MaxPlaintextLength(cipherTextLength);}
1232
size_t CipherTextLength(size_t plainTextLength) const {return CiphertextLength(plainTextLength);}
1236
//! interface for public-key encryptors
1237
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_Encryptor : public PK_CryptoSystem, public PublicKeyAlgorithm
1240
//! exception thrown when trying to encrypt plaintext of invalid length
1241
class CRYPTOPP_DLL InvalidPlaintextLength : public Exception
1244
InvalidPlaintextLength() : Exception(OTHER_ERROR, "PK_Encryptor: invalid plaintext length") {}
1247
//! encrypt a byte string
1248
/*! \pre CiphertextLength(plaintextLength) != 0 (i.e., plaintext isn't too long)
1249
\pre size of ciphertext == CiphertextLength(plaintextLength)
1251
virtual void Encrypt(RandomNumberGenerator &rng,
1252
const byte *plaintext, size_t plaintextLength,
1253
byte *ciphertext, const NameValuePairs ¶meters = g_nullNameValuePairs) const =0;
1255
//! create a new encryption filter
1256
/*! \note The caller is responsible for deleting the returned pointer.
1257
\note Encoding parameters should be passed in the "EP" channel.
1259
virtual BufferedTransformation * CreateEncryptionFilter(RandomNumberGenerator &rng,
1260
BufferedTransformation *attachment=NULL, const NameValuePairs ¶meters = g_nullNameValuePairs) const;
1263
//! interface for public-key decryptors
1265
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_Decryptor : public PK_CryptoSystem, public PrivateKeyAlgorithm
1268
//! decrypt a byte string, and return the length of plaintext
1269
/*! \pre size of plaintext == MaxPlaintextLength(ciphertextLength) bytes.
1270
\return the actual length of the plaintext, indication that decryption failed.
1272
virtual DecodingResult Decrypt(RandomNumberGenerator &rng,
1273
const byte *ciphertext, size_t ciphertextLength,
1274
byte *plaintext, const NameValuePairs ¶meters = g_nullNameValuePairs) const =0;
1276
//! create a new decryption filter
1277
/*! \note caller is responsible for deleting the returned pointer
1279
virtual BufferedTransformation * CreateDecryptionFilter(RandomNumberGenerator &rng,
1280
BufferedTransformation *attachment=NULL, const NameValuePairs ¶meters = g_nullNameValuePairs) const;
1282
//! decrypt a fixed size ciphertext
1283
DecodingResult FixedLengthDecrypt(RandomNumberGenerator &rng, const byte *ciphertext, byte *plaintext, const NameValuePairs ¶meters = g_nullNameValuePairs) const
1284
{return Decrypt(rng, ciphertext, FixedCiphertextLength(), plaintext, parameters);}
1287
#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY
1288
typedef PK_CryptoSystem PK_FixedLengthCryptoSystem;
1289
typedef PK_Encryptor PK_FixedLengthEncryptor;
1290
typedef PK_Decryptor PK_FixedLengthDecryptor;
1293
//! interface for public-key signers and verifiers
1295
/*! This class provides an interface common to signers and verifiers
1296
for querying scheme properties.
1298
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_SignatureScheme
1301
//! invalid key exception, may be thrown by any function in this class if the private or public key has a length that can't be used
1302
class CRYPTOPP_DLL InvalidKeyLength : public Exception
1305
InvalidKeyLength(const std::string &message) : Exception(OTHER_ERROR, message) {}
1308
//! key too short exception, may be thrown by any function in this class if the private or public key is too short to sign or verify anything
1309
class CRYPTOPP_DLL KeyTooShort : public InvalidKeyLength
1312
KeyTooShort() : InvalidKeyLength("PK_Signer: key too short for this signature scheme") {}
1315
virtual ~PK_SignatureScheme() {}
1317
//! signature length if it only depends on the key, otherwise 0
1318
virtual size_t SignatureLength() const =0;
1320
//! maximum signature length produced for a given length of recoverable message part
1321
virtual size_t MaxSignatureLength(size_t recoverablePartLength = 0) const {return SignatureLength();}
1323
//! length of longest message that can be recovered, or 0 if this signature scheme does not support message recovery
1324
virtual size_t MaxRecoverableLength() const =0;
1326
//! length of longest message that can be recovered from a signature of given length, or 0 if this signature scheme does not support message recovery
1327
virtual size_t MaxRecoverableLengthFromSignatureLength(size_t signatureLength) const =0;
1329
//! requires a random number generator to sign
1330
/*! if this returns false, NullRNG() can be passed to functions that take RandomNumberGenerator & */
1331
virtual bool IsProbabilistic() const =0;
1333
//! whether or not a non-recoverable message part can be signed
1334
virtual bool AllowNonrecoverablePart() const =0;
1336
//! if this function returns true, during verification you must input the signature before the message, otherwise you can input it at anytime */
1337
virtual bool SignatureUpfront() const {return false;}
1339
//! whether you must input the recoverable part before the non-recoverable part during signing
1340
virtual bool RecoverablePartFirst() const =0;
1343
//! interface for accumulating messages to be signed or verified
1344
/*! Only Update() should be called
1345
on this class. No other functions inherited from HashTransformation should be called.
1347
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_MessageAccumulator : public HashTransformation
1350
//! should not be called on PK_MessageAccumulator
1351
unsigned int DigestSize() const
1352
{throw NotImplemented("PK_MessageAccumulator: DigestSize() should not be called");}
1353
//! should not be called on PK_MessageAccumulator
1354
void TruncatedFinal(byte *digest, size_t digestSize)
1355
{throw NotImplemented("PK_MessageAccumulator: TruncatedFinal() should not be called");}
1358
//! interface for public-key signers
1360
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_Signer : public PK_SignatureScheme, public PrivateKeyAlgorithm
1363
//! create a new HashTransformation to accumulate the message to be signed
1364
virtual PK_MessageAccumulator * NewSignatureAccumulator(RandomNumberGenerator &rng) const =0;
1366
virtual void InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, size_t recoverableMessageLength) const =0;
1368
//! sign and delete messageAccumulator (even in case of exception thrown)
1369
/*! \pre size of signature == MaxSignatureLength()
1370
\return actual signature length
1372
virtual size_t Sign(RandomNumberGenerator &rng, PK_MessageAccumulator *messageAccumulator, byte *signature) const;
1374
//! sign and restart messageAccumulator
1375
/*! \pre size of signature == MaxSignatureLength()
1376
\return actual signature length
1378
virtual size_t SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart=true) const =0;
1381
/*! \pre size of signature == MaxSignatureLength()
1382
\return actual signature length
1384
virtual size_t SignMessage(RandomNumberGenerator &rng, const byte *message, size_t messageLen, byte *signature) const;
1386
//! sign a recoverable message
1387
/*! \pre size of signature == MaxSignatureLength(recoverableMessageLength)
1388
\return actual signature length
1390
virtual size_t SignMessageWithRecovery(RandomNumberGenerator &rng, const byte *recoverableMessage, size_t recoverableMessageLength,
1391
const byte *nonrecoverableMessage, size_t nonrecoverableMessageLength, byte *signature) const;
1394
//! interface for public-key signature verifiers
1395
/*! The Recover* functions throw NotImplemented if the signature scheme does not support
1397
The Verify* functions throw InvalidDataFormat if the scheme does support message
1398
recovery and the signature contains a non-empty recoverable message part. The
1399
Recovery* functions should be used in that case.
1401
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_Verifier : public PK_SignatureScheme, public PublicKeyAlgorithm
1404
//! create a new HashTransformation to accumulate the message to be verified
1405
virtual PK_MessageAccumulator * NewVerificationAccumulator() const =0;
1407
//! input signature into a message accumulator
1408
virtual void InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, size_t signatureLength) const =0;
1410
//! check whether messageAccumulator contains a valid signature and message, and delete messageAccumulator (even in case of exception thrown)
1411
virtual bool Verify(PK_MessageAccumulator *messageAccumulator) const;
1413
//! check whether messageAccumulator contains a valid signature and message, and restart messageAccumulator
1414
virtual bool VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const =0;
1416
//! check whether input signature is a valid signature for input message
1417
virtual bool VerifyMessage(const byte *message, size_t messageLen,
1418
const byte *signature, size_t signatureLength) const;
1420
//! recover a message from its signature
1421
/*! \pre size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength)
1423
virtual DecodingResult Recover(byte *recoveredMessage, PK_MessageAccumulator *messageAccumulator) const;
1425
//! recover a message from its signature
1426
/*! \pre size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength)
1428
virtual DecodingResult RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &messageAccumulator) const =0;
1430
//! recover a message from its signature
1431
/*! \pre size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength)
1433
virtual DecodingResult RecoverMessage(byte *recoveredMessage,
1434
const byte *nonrecoverableMessage, size_t nonrecoverableMessageLength,
1435
const byte *signature, size_t signatureLength) const;
1438
//! interface for domains of simple key agreement protocols
1440
/*! A key agreement domain is a set of parameters that must be shared
1441
by two parties in a key agreement protocol, along with the algorithms
1442
for generating key pairs and deriving agreed values.
1444
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE SimpleKeyAgreementDomain : public KeyAgreementAlgorithm
1447
//! return length of agreed value produced
1448
virtual unsigned int AgreedValueLength() const =0;
1449
//! return length of private keys in this domain
1450
virtual unsigned int PrivateKeyLength() const =0;
1451
//! return length of public keys in this domain
1452
virtual unsigned int PublicKeyLength() const =0;
1453
//! generate private key
1454
/*! \pre size of privateKey == PrivateKeyLength() */
1455
virtual void GeneratePrivateKey(RandomNumberGenerator &rng, byte *privateKey) const =0;
1456
//! generate public key
1457
/*! \pre size of publicKey == PublicKeyLength() */
1458
virtual void GeneratePublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const =0;
1459
//! generate private/public key pair
1460
/*! \note equivalent to calling GeneratePrivateKey() and then GeneratePublicKey() */
1461
virtual void GenerateKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const;
1462
//! derive agreed value from your private key and couterparty's public key, return false in case of failure
1463
/*! \note If you have previously validated the public key, use validateOtherPublicKey=false to save time.
1464
\pre size of agreedValue == AgreedValueLength()
1465
\pre length of privateKey == PrivateKeyLength()
1466
\pre length of otherPublicKey == PublicKeyLength()
1468
virtual bool Agree(byte *agreedValue, const byte *privateKey, const byte *otherPublicKey, bool validateOtherPublicKey=true) const =0;
1470
#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY
1471
bool ValidateDomainParameters(RandomNumberGenerator &rng) const
1472
{return GetCryptoParameters().Validate(rng, 2);}
1476
//! interface for domains of authenticated key agreement protocols
1478
/*! In an authenticated key agreement protocol, each party has two
1479
key pairs. The long-lived key pair is called the static key pair,
1480
and the short-lived key pair is called the ephemeral key pair.
1482
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AuthenticatedKeyAgreementDomain : public KeyAgreementAlgorithm
1485
//! return length of agreed value produced
1486
virtual unsigned int AgreedValueLength() const =0;
1488
//! return length of static private keys in this domain
1489
virtual unsigned int StaticPrivateKeyLength() const =0;
1490
//! return length of static public keys in this domain
1491
virtual unsigned int StaticPublicKeyLength() const =0;
1492
//! generate static private key
1493
/*! \pre size of privateKey == PrivateStaticKeyLength() */
1494
virtual void GenerateStaticPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const =0;
1495
//! generate static public key
1496
/*! \pre size of publicKey == PublicStaticKeyLength() */
1497
virtual void GenerateStaticPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const =0;
1498
//! generate private/public key pair
1499
/*! \note equivalent to calling GenerateStaticPrivateKey() and then GenerateStaticPublicKey() */
1500
virtual void GenerateStaticKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const;
1502
//! return length of ephemeral private keys in this domain
1503
virtual unsigned int EphemeralPrivateKeyLength() const =0;
1504
//! return length of ephemeral public keys in this domain
1505
virtual unsigned int EphemeralPublicKeyLength() const =0;
1506
//! generate ephemeral private key
1507
/*! \pre size of privateKey == PrivateEphemeralKeyLength() */
1508
virtual void GenerateEphemeralPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const =0;
1509
//! generate ephemeral public key
1510
/*! \pre size of publicKey == PublicEphemeralKeyLength() */
1511
virtual void GenerateEphemeralPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const =0;
1512
//! generate private/public key pair
1513
/*! \note equivalent to calling GenerateEphemeralPrivateKey() and then GenerateEphemeralPublicKey() */
1514
virtual void GenerateEphemeralKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const;
1516
//! derive agreed value from your private keys and couterparty's public keys, return false in case of failure
1517
/*! \note The ephemeral public key will always be validated.
1518
If you have previously validated the static public key, use validateStaticOtherPublicKey=false to save time.
1519
\pre size of agreedValue == AgreedValueLength()
1520
\pre length of staticPrivateKey == StaticPrivateKeyLength()
1521
\pre length of ephemeralPrivateKey == EphemeralPrivateKeyLength()
1522
\pre length of staticOtherPublicKey == StaticPublicKeyLength()
1523
\pre length of ephemeralOtherPublicKey == EphemeralPublicKeyLength()
1525
virtual bool Agree(byte *agreedValue,
1526
const byte *staticPrivateKey, const byte *ephemeralPrivateKey,
1527
const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey,
1528
bool validateStaticOtherPublicKey=true) const =0;
1530
#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY
1531
bool ValidateDomainParameters(RandomNumberGenerator &rng) const
1532
{return GetCryptoParameters().Validate(rng, 2);}
1536
// interface for password authenticated key agreement protocols, not implemented yet
1538
//! interface for protocol sessions
1539
/*! The methods should be called in the following order:
1541
InitializeSession(rng, parameters); // or call initialize method in derived class
1544
if (OutgoingMessageAvailable())
1546
length = GetOutgoingMessageLength();
1547
GetOutgoingMessage(message);
1548
; // send outgoing message
1551
if (LastMessageProcessed())
1554
; // receive incoming message
1555
ProcessIncomingMessage(message);
1557
; // call methods in derived class to obtain result of protocol session
1559
class ProtocolSession
1562
//! exception thrown when an invalid protocol message is processed
1563
class ProtocolError : public Exception
1566
ProtocolError(ErrorType errorType, const std::string &s) : Exception(errorType, s) {}
1569
//! exception thrown when a function is called unexpectedly
1570
/*! for example calling ProcessIncomingMessage() when ProcessedLastMessage() == true */
1571
class UnexpectedMethodCall : public Exception
1574
UnexpectedMethodCall(const std::string &s) : Exception(OTHER_ERROR, s) {}
1577
ProtocolSession() : m_rng(NULL), m_throwOnProtocolError(true), m_validState(false) {}
1578
virtual ~ProtocolSession() {}
1580
virtual void InitializeSession(RandomNumberGenerator &rng, const NameValuePairs ¶meters) =0;
1582
bool GetThrowOnProtocolError() const {return m_throwOnProtocolError;}
1583
void SetThrowOnProtocolError(bool throwOnProtocolError) {m_throwOnProtocolError = throwOnProtocolError;}
1585
bool HasValidState() const {return m_validState;}
1587
virtual bool OutgoingMessageAvailable() const =0;
1588
virtual unsigned int GetOutgoingMessageLength() const =0;
1589
virtual void GetOutgoingMessage(byte *message) =0;
1591
virtual bool LastMessageProcessed() const =0;
1592
virtual void ProcessIncomingMessage(const byte *message, unsigned int messageLength) =0;
1595
void HandleProtocolError(Exception::ErrorType errorType, const std::string &s) const;
1596
void CheckAndHandleInvalidState() const;
1597
void SetValidState(bool valid) {m_validState = valid;}
1599
RandomNumberGenerator *m_rng;
1602
bool m_throwOnProtocolError, m_validState;
1605
class KeyAgreementSession : public ProtocolSession
1608
virtual unsigned int GetAgreedValueLength() const =0;
1609
virtual void GetAgreedValue(byte *agreedValue) const =0;
1612
class PasswordAuthenticatedKeyAgreementSession : public KeyAgreementSession
1615
void InitializePasswordAuthenticatedKeyAgreementSession(RandomNumberGenerator &rng,
1616
const byte *myId, unsigned int myIdLength,
1617
const byte *counterPartyId, unsigned int counterPartyIdLength,
1618
const byte *passwordOrVerifier, unsigned int passwordOrVerifierLength);
1621
class PasswordAuthenticatedKeyAgreementDomain : public KeyAgreementAlgorithm
1624
//! return whether the domain parameters stored in this object are valid
1625
virtual bool ValidateDomainParameters(RandomNumberGenerator &rng) const
1626
{return GetCryptoParameters().Validate(rng, 2);}
1628
virtual unsigned int GetPasswordVerifierLength(const byte *password, unsigned int passwordLength) const =0;
1629
virtual void GeneratePasswordVerifier(RandomNumberGenerator &rng, const byte *userId, unsigned int userIdLength, const byte *password, unsigned int passwordLength, byte *verifier) const =0;
1631
enum RoleFlags {CLIENT=1, SERVER=2, INITIATOR=4, RESPONDER=8};
1633
virtual bool IsValidRole(unsigned int role) =0;
1634
virtual PasswordAuthenticatedKeyAgreementSession * CreateProtocolSession(unsigned int role) const =0;
1638
//! BER Decode Exception Class, may be thrown during an ASN1 BER decode operation
1639
class CRYPTOPP_DLL BERDecodeErr : public InvalidArgument
1642
BERDecodeErr() : InvalidArgument("BER decode error") {}
1643
BERDecodeErr(const std::string &s) : InvalidArgument(s) {}
1646
//! interface for encoding and decoding ASN1 objects
1647
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE ASN1Object
1650
virtual ~ASN1Object() {}
1651
//! decode this object from a BufferedTransformation, using BER (Basic Encoding Rules)
1652
virtual void BERDecode(BufferedTransformation &bt) =0;
1653
//! encode this object into a BufferedTransformation, using DER (Distinguished Encoding Rules)
1654
virtual void DEREncode(BufferedTransformation &bt) const =0;
1655
//! encode this object into a BufferedTransformation, using BER
1656
/*! this may be useful if DEREncode() would be too inefficient */
1657
virtual void BEREncode(BufferedTransformation &bt) const {DEREncode(bt);}
1660
#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY
1661
typedef PK_SignatureScheme PK_SignatureSystem;
1662
typedef SimpleKeyAgreementDomain PK_SimpleKeyAgreementDomain;
1663
typedef AuthenticatedKeyAgreementDomain PK_AuthenticatedKeyAgreementDomain;