<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/> <title>Crypto++: ccm.cpp Source File</title> <link href="tabs.css" rel="stylesheet" type="text/css"/> <link href="doxygen.css" rel="stylesheet" type="text/css"/> </head> <body> <!-- Generated by Doxygen 1.7.4 --> <div id="top"> <div id="titlearea"> <table cellspacing="0" cellpadding="0"> <tbody> <tr style="height: 56px;"> <td style="padding-left: 0.5em;"> <div id="projectname">Crypto++</div> </td> </tr> </tbody> </table> </div> <div id="navrow1" class="tabs"> <ul class="tablist"> <li><a href="index.html"><span>Main Page</span></a></li> <li><a href="namespaces.html"><span>Namespaces</span></a></li> <li><a href="annotated.html"><span>Classes</span></a></li> <li class="current"><a href="files.html"><span>Files</span></a></li> </ul> </div> <div id="navrow2" class="tabs2"> <ul class="tablist"> <li><a href="files.html"><span>File List</span></a></li> <li><a href="globals.html"><span>File Members</span></a></li> </ul> </div> <div class="header"> <div class="headertitle"> <div class="title">ccm.cpp</div> </div> </div> <div class="contents"> <div class="fragment"><pre class="fragment"><a name="l00001"></a>00001 <span class="comment">// ccm.cpp - written and placed in the public domain by Wei Dai</span> <a name="l00002"></a>00002 <a name="l00003"></a>00003 <span class="preprocessor">#include "pch.h"</span> <a name="l00004"></a>00004 <a name="l00005"></a>00005 <span class="preprocessor">#ifndef CRYPTOPP_IMPORTS</span> <a name="l00006"></a>00006 <span class="preprocessor"></span> <a name="l00007"></a>00007 <span class="preprocessor">#include "ccm.h"</span> <a name="l00008"></a>00008 <a name="l00009"></a>00009 NAMESPACE_BEGIN(CryptoPP) <a name="l00010"></a>00010 <a name="l00011"></a>00011 void <a class="code" href="class_c_c_m___base.html" title=".">CCM_Base</a>::SetKeyWithoutResync(const byte *userKey, <span class="keywordtype">size_t</span> keylength, const <a class="code" href="class_name_value_pairs.html" title="interface for retrieving values given their names">NameValuePairs</a> &params) <a name="l00012"></a>00012 { <a name="l00013"></a>00013 <a class="code" href="class_block_cipher.html" title="interface for one direction (encryption or decryption) of a block cipher">BlockCipher</a> &blockCipher = AccessBlockCipher(); <a name="l00014"></a>00014 <a name="l00015"></a>00015 blockCipher.<a class="code" href="class_simple_keying_interface.html#adf3c29b3ef3af74788a58c7c49887fd7" title="set or reset the key of this object">SetKey</a>(userKey, keylength, params); <a name="l00016"></a>00016 <a name="l00017"></a>00017 <span class="keywordflow">if</span> (blockCipher.<a class="code" href="class_block_transformation.html#adfdb78b033996020435c3dcffdca76ce" title="block size of the cipher in bytes">BlockSize</a>() != REQUIRED_BLOCKSIZE) <a name="l00018"></a>00018 <span class="keywordflow">throw</span> <a class="code" href="class_invalid_argument.html" title="exception thrown when an invalid argument is detected">InvalidArgument</a>(AlgorithmName() + <span class="stringliteral">": block size of underlying block cipher is not 16"</span>); <a name="l00019"></a>00019 <a name="l00020"></a>00020 m_digestSize = params.GetIntValueWithDefault(<a class="code" href="namespace_name.html#ae065e5d1d16c399ad5404659e649bfec" title="int, in bytes">Name::DigestSize</a>(), DefaultDigestSize()); <a name="l00021"></a>00021 <span class="keywordflow">if</span> (m_digestSize % 2 > 0 || m_digestSize < 4 || m_digestSize > 16) <a name="l00022"></a>00022 <span class="keywordflow">throw</span> <a class="code" href="class_invalid_argument.html" title="exception thrown when an invalid argument is detected">InvalidArgument</a>(AlgorithmName() + <span class="stringliteral">": DigestSize must be 4, 6, 8, 10, 12, 14, or 16"</span>); <a name="l00023"></a>00023 <a name="l00024"></a>00024 m_buffer.Grow(2*REQUIRED_BLOCKSIZE); <a name="l00025"></a>00025 m_L = 8; <a name="l00026"></a>00026 } <a name="l00027"></a>00027 <a name="l00028"></a>00028 <span class="keywordtype">void</span> CCM_Base::Resync(<span class="keyword">const</span> byte *iv, <span class="keywordtype">size_t</span> len) <a name="l00029"></a>00029 { <a name="l00030"></a>00030 <a class="code" href="class_block_cipher.html" title="interface for one direction (encryption or decryption) of a block cipher">BlockCipher</a> &cipher = AccessBlockCipher(); <a name="l00031"></a>00031 <a name="l00032"></a>00032 m_L = REQUIRED_BLOCKSIZE-1-(int)len; <a name="l00033"></a>00033 assert(m_L >= 2); <a name="l00034"></a>00034 <span class="keywordflow">if</span> (m_L > 8) <a name="l00035"></a>00035 m_L = 8; <a name="l00036"></a>00036 <a name="l00037"></a>00037 m_buffer[0] = byte(m_L-1); <span class="comment">// flag</span> <a name="l00038"></a>00038 memcpy(m_buffer+1, iv, len); <a name="l00039"></a>00039 memset(m_buffer+1+len, 0, REQUIRED_BLOCKSIZE-1-len); <a name="l00040"></a>00040 <a name="l00041"></a>00041 <span class="keywordflow">if</span> (m_state >= State_IVSet) <a name="l00042"></a>00042 m_ctr.Resynchronize(m_buffer, REQUIRED_BLOCKSIZE); <a name="l00043"></a>00043 <span class="keywordflow">else</span> <a name="l00044"></a>00044 m_ctr.SetCipherWithIV(cipher, m_buffer); <a name="l00045"></a>00045 <a name="l00046"></a>00046 m_ctr.Seek(REQUIRED_BLOCKSIZE); <a name="l00047"></a>00047 m_aadLength = 0; <a name="l00048"></a>00048 m_messageLength = 0; <a name="l00049"></a>00049 } <a name="l00050"></a>00050 <a name="l00051"></a>00051 <span class="keywordtype">void</span> CCM_Base::UncheckedSpecifyDataLengths(lword headerLength, lword messageLength, lword footerLength) <a name="l00052"></a>00052 { <a name="l00053"></a>00053 <span class="keywordflow">if</span> (m_state != State_IVSet) <a name="l00054"></a>00054 <span class="keywordflow">throw</span> BadState(<a class="code" href="class_c_c_m___base.html#a016a9f6d101724b502bd952fd91dc82f" title="returns name of this algorithm, not universally implemented yet">AlgorithmName</a>(), <span class="stringliteral">"SpecifyDataLengths"</span>, <span class="stringliteral">"or after State_IVSet"</span>); <a name="l00055"></a>00055 <a name="l00056"></a>00056 m_aadLength = headerLength; <a name="l00057"></a>00057 m_messageLength = messageLength; <a name="l00058"></a>00058 <a name="l00059"></a>00059 byte *cbcBuffer = CBC_Buffer(); <a name="l00060"></a>00060 <span class="keyword">const</span> <a class="code" href="class_block_cipher.html" title="interface for one direction (encryption or decryption) of a block cipher">BlockCipher</a> &cipher = GetBlockCipher(); <a name="l00061"></a>00061 <a name="l00062"></a>00062 cbcBuffer[0] = byte(64*(headerLength>0) + 8*((m_digestSize-2)/2) + (m_L-1)); <span class="comment">// flag</span> <a name="l00063"></a>00063 PutWord<word64>(<span class="keyword">true</span>, BIG_ENDIAN_ORDER, cbcBuffer+REQUIRED_BLOCKSIZE-8, m_messageLength); <a name="l00064"></a>00064 memcpy(cbcBuffer+1, m_buffer+1, REQUIRED_BLOCKSIZE-1-m_L); <a name="l00065"></a>00065 cipher.<a class="code" href="class_block_transformation.html#a2fefb3f4c6c6297c0c91fcbba9e4f4f3" title="encrypt or decrypt one block">ProcessBlock</a>(cbcBuffer); <a name="l00066"></a>00066 <a name="l00067"></a>00067 <span class="keywordflow">if</span> (headerLength>0) <a name="l00068"></a>00068 { <a name="l00069"></a>00069 assert(m_bufferedDataLength == 0); <a name="l00070"></a>00070 <a name="l00071"></a>00071 <span class="keywordflow">if</span> (headerLength < ((1<<16) - (1<<8))) <a name="l00072"></a>00072 { <a name="l00073"></a>00073 PutWord<word16>(<span class="keyword">true</span>, BIG_ENDIAN_ORDER, m_buffer, (word16)headerLength); <a name="l00074"></a>00074 m_bufferedDataLength = 2; <a name="l00075"></a>00075 } <a name="l00076"></a>00076 <span class="keywordflow">else</span> <span class="keywordflow">if</span> (headerLength < (W64LIT(1)<<32)) <a name="l00077"></a>00077 { <a name="l00078"></a>00078 m_buffer[0] = 0xff; <a name="l00079"></a>00079 m_buffer[1] = 0xfe; <a name="l00080"></a>00080 PutWord<word32>(<span class="keyword">false</span>, BIG_ENDIAN_ORDER, m_buffer+2, (word32)headerLength); <a name="l00081"></a>00081 m_bufferedDataLength = 6; <a name="l00082"></a>00082 } <a name="l00083"></a>00083 <span class="keywordflow">else</span> <a name="l00084"></a>00084 { <a name="l00085"></a>00085 m_buffer[0] = 0xff; <a name="l00086"></a>00086 m_buffer[1] = 0xff; <a name="l00087"></a>00087 PutWord<word64>(<span class="keyword">false</span>, BIG_ENDIAN_ORDER, m_buffer+2, headerLength); <a name="l00088"></a>00088 m_bufferedDataLength = 10; <a name="l00089"></a>00089 } <a name="l00090"></a>00090 } <a name="l00091"></a>00091 } <a name="l00092"></a>00092 <a name="l00093"></a>00093 <span class="keywordtype">size_t</span> CCM_Base::AuthenticateBlocks(<span class="keyword">const</span> byte *data, <span class="keywordtype">size_t</span> len) <a name="l00094"></a>00094 { <a name="l00095"></a>00095 byte *cbcBuffer = CBC_Buffer(); <a name="l00096"></a>00096 <span class="keyword">const</span> <a class="code" href="class_block_cipher.html" title="interface for one direction (encryption or decryption) of a block cipher">BlockCipher</a> &cipher = GetBlockCipher(); <a name="l00097"></a>00097 <span class="keywordflow">return</span> cipher.<a class="code" href="class_block_transformation.html#adcff119bb709c84bfaaab8d1871b018c" title="encrypt and xor blocks according to flags (see FlagsForAdvancedProcessBlocks)">AdvancedProcessBlocks</a>(cbcBuffer, data, cbcBuffer, len, BlockTransformation::BT_DontIncrementInOutPointers|BlockTransformation::BT_XorInput); <a name="l00098"></a>00098 } <a name="l00099"></a>00099 <a name="l00100"></a>00100 <span class="keywordtype">void</span> CCM_Base::AuthenticateLastHeaderBlock() <a name="l00101"></a>00101 { <a name="l00102"></a>00102 byte *cbcBuffer = CBC_Buffer(); <a name="l00103"></a>00103 <span class="keyword">const</span> <a class="code" href="class_block_cipher.html" title="interface for one direction (encryption or decryption) of a block cipher">BlockCipher</a> &cipher = GetBlockCipher(); <a name="l00104"></a>00104 <a name="l00105"></a>00105 <span class="keywordflow">if</span> (m_aadLength != m_totalHeaderLength) <a name="l00106"></a>00106 <span class="keywordflow">throw</span> <a class="code" href="class_invalid_argument.html" title="exception thrown when an invalid argument is detected">InvalidArgument</a>(<a class="code" href="class_c_c_m___base.html#a016a9f6d101724b502bd952fd91dc82f" title="returns name of this algorithm, not universally implemented yet">AlgorithmName</a>() + <span class="stringliteral">": header length doesn't match that given in SpecifyDataLengths"</span>); <a name="l00107"></a>00107 <a name="l00108"></a>00108 <span class="keywordflow">if</span> (m_bufferedDataLength > 0) <a name="l00109"></a>00109 { <a name="l00110"></a>00110 xorbuf(cbcBuffer, m_buffer, m_bufferedDataLength); <a name="l00111"></a>00111 cipher.<a class="code" href="class_block_transformation.html#a2fefb3f4c6c6297c0c91fcbba9e4f4f3" title="encrypt or decrypt one block">ProcessBlock</a>(cbcBuffer); <a name="l00112"></a>00112 m_bufferedDataLength = 0; <a name="l00113"></a>00113 } <a name="l00114"></a>00114 } <a name="l00115"></a>00115 <a name="l00116"></a>00116 <span class="keywordtype">void</span> CCM_Base::AuthenticateLastConfidentialBlock() <a name="l00117"></a>00117 { <a name="l00118"></a>00118 byte *cbcBuffer = CBC_Buffer(); <a name="l00119"></a>00119 <span class="keyword">const</span> <a class="code" href="class_block_cipher.html" title="interface for one direction (encryption or decryption) of a block cipher">BlockCipher</a> &cipher = GetBlockCipher(); <a name="l00120"></a>00120 <a name="l00121"></a>00121 <span class="keywordflow">if</span> (m_messageLength != m_totalMessageLength) <a name="l00122"></a>00122 <span class="keywordflow">throw</span> <a class="code" href="class_invalid_argument.html" title="exception thrown when an invalid argument is detected">InvalidArgument</a>(<a class="code" href="class_c_c_m___base.html#a016a9f6d101724b502bd952fd91dc82f" title="returns name of this algorithm, not universally implemented yet">AlgorithmName</a>() + <span class="stringliteral">": message length doesn't match that given in SpecifyDataLengths"</span>); <a name="l00123"></a>00123 <a name="l00124"></a>00124 <span class="keywordflow">if</span> (m_bufferedDataLength > 0) <a name="l00125"></a>00125 { <a name="l00126"></a>00126 xorbuf(cbcBuffer, m_buffer, m_bufferedDataLength); <a name="l00127"></a>00127 cipher.<a class="code" href="class_block_transformation.html#a2fefb3f4c6c6297c0c91fcbba9e4f4f3" title="encrypt or decrypt one block">ProcessBlock</a>(cbcBuffer); <a name="l00128"></a>00128 m_bufferedDataLength = 0; <a name="l00129"></a>00129 } <a name="l00130"></a>00130 } <a name="l00131"></a>00131 <a name="l00132"></a>00132 <span class="keywordtype">void</span> CCM_Base::AuthenticateLastFooterBlock(byte *mac, <span class="keywordtype">size_t</span> macSize) <a name="l00133"></a>00133 { <a name="l00134"></a>00134 m_ctr.Seek(0); <a name="l00135"></a>00135 m_ctr.ProcessData(mac, CBC_Buffer(), macSize); <a name="l00136"></a>00136 } <a name="l00137"></a>00137 <a name="l00138"></a>00138 NAMESPACE_END <a name="l00139"></a>00139 <a name="l00140"></a>00140 <span class="preprocessor">#endif</span> </pre></div></div> </div> <hr class="footer"/><address class="footer"><small>Generated on Sun Oct 16 2011 for Crypto++ by  <a href="http://www.doxygen.org/index.html"> <img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.4 </small></address> </body> </html>