<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<title>Crypto++: ccm.cpp Source File</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="doxygen.css" rel="stylesheet" type="text/css"/>
</head>
<body>
<!-- Generated by Doxygen 1.7.4 -->
<div id="top">
<div id="titlearea">
<table cellspacing="0" cellpadding="0">
<tbody>
<tr style="height: 56px;">
<td style="padding-left: 0.5em;">
<div id="projectname">Crypto++</div>
</td>
</tr>
</tbody>
</table>
</div>
<div id="navrow1" class="tabs">
<ul class="tablist">
<li><a href="index.html"><span>Main Page</span></a></li>
<li><a href="namespaces.html"><span>Namespaces</span></a></li>
<li><a href="annotated.html"><span>Classes</span></a></li>
<li class="current"><a href="files.html"><span>Files</span></a></li>
</ul>
</div>
<div id="navrow2" class="tabs2">
<ul class="tablist">
<li><a href="files.html"><span>File List</span></a></li>
<li><a href="globals.html"><span>File Members</span></a></li>
</ul>
</div>
<div class="header">
<div class="headertitle">
<div class="title">ccm.cpp</div> </div>
</div>
<div class="contents">
<div class="fragment"><pre class="fragment"><a name="l00001"></a>00001 <span class="comment">// ccm.cpp - written and placed in the public domain by Wei Dai</span>
<a name="l00002"></a>00002
<a name="l00003"></a>00003 <span class="preprocessor">#include "pch.h"</span>
<a name="l00004"></a>00004
<a name="l00005"></a>00005 <span class="preprocessor">#ifndef CRYPTOPP_IMPORTS</span>
<a name="l00006"></a>00006 <span class="preprocessor"></span>
<a name="l00007"></a>00007 <span class="preprocessor">#include "ccm.h"</span>
<a name="l00008"></a>00008
<a name="l00009"></a>00009 NAMESPACE_BEGIN(CryptoPP)
<a name="l00010"></a>00010
<a name="l00011"></a>00011 void <a class="code" href="class_c_c_m___base.html" title=".">CCM_Base</a>::SetKeyWithoutResync(const byte *userKey, <span class="keywordtype">size_t</span> keylength, const <a class="code" href="class_name_value_pairs.html" title="interface for retrieving values given their names">NameValuePairs</a> &params)
<a name="l00012"></a>00012 {
<a name="l00013"></a>00013 <a class="code" href="class_block_cipher.html" title="interface for one direction (encryption or decryption) of a block cipher">BlockCipher</a> &blockCipher = AccessBlockCipher();
<a name="l00014"></a>00014
<a name="l00015"></a>00015 blockCipher.<a class="code" href="class_simple_keying_interface.html#adf3c29b3ef3af74788a58c7c49887fd7" title="set or reset the key of this object">SetKey</a>(userKey, keylength, params);
<a name="l00016"></a>00016
<a name="l00017"></a>00017 <span class="keywordflow">if</span> (blockCipher.<a class="code" href="class_block_transformation.html#adfdb78b033996020435c3dcffdca76ce" title="block size of the cipher in bytes">BlockSize</a>() != REQUIRED_BLOCKSIZE)
<a name="l00018"></a>00018 <span class="keywordflow">throw</span> <a class="code" href="class_invalid_argument.html" title="exception thrown when an invalid argument is detected">InvalidArgument</a>(AlgorithmName() + <span class="stringliteral">": block size of underlying block cipher is not 16"</span>);
<a name="l00019"></a>00019
<a name="l00020"></a>00020 m_digestSize = params.GetIntValueWithDefault(<a class="code" href="namespace_name.html#ae065e5d1d16c399ad5404659e649bfec" title="int, in bytes">Name::DigestSize</a>(), DefaultDigestSize());
<a name="l00021"></a>00021 <span class="keywordflow">if</span> (m_digestSize % 2 > 0 || m_digestSize < 4 || m_digestSize > 16)
<a name="l00022"></a>00022 <span class="keywordflow">throw</span> <a class="code" href="class_invalid_argument.html" title="exception thrown when an invalid argument is detected">InvalidArgument</a>(AlgorithmName() + <span class="stringliteral">": DigestSize must be 4, 6, 8, 10, 12, 14, or 16"</span>);
<a name="l00023"></a>00023
<a name="l00024"></a>00024 m_buffer.Grow(2*REQUIRED_BLOCKSIZE);
<a name="l00025"></a>00025 m_L = 8;
<a name="l00026"></a>00026 }
<a name="l00027"></a>00027
<a name="l00028"></a>00028 <span class="keywordtype">void</span> CCM_Base::Resync(<span class="keyword">const</span> byte *iv, <span class="keywordtype">size_t</span> len)
<a name="l00029"></a>00029 {
<a name="l00030"></a>00030 <a class="code" href="class_block_cipher.html" title="interface for one direction (encryption or decryption) of a block cipher">BlockCipher</a> &cipher = AccessBlockCipher();
<a name="l00031"></a>00031
<a name="l00032"></a>00032 m_L = REQUIRED_BLOCKSIZE-1-(int)len;
<a name="l00033"></a>00033 assert(m_L >= 2);
<a name="l00034"></a>00034 <span class="keywordflow">if</span> (m_L > 8)
<a name="l00035"></a>00035 m_L = 8;
<a name="l00036"></a>00036
<a name="l00037"></a>00037 m_buffer[0] = byte(m_L-1); <span class="comment">// flag</span>
<a name="l00038"></a>00038 memcpy(m_buffer+1, iv, len);
<a name="l00039"></a>00039 memset(m_buffer+1+len, 0, REQUIRED_BLOCKSIZE-1-len);
<a name="l00040"></a>00040
<a name="l00041"></a>00041 <span class="keywordflow">if</span> (m_state >= State_IVSet)
<a name="l00042"></a>00042 m_ctr.Resynchronize(m_buffer, REQUIRED_BLOCKSIZE);
<a name="l00043"></a>00043 <span class="keywordflow">else</span>
<a name="l00044"></a>00044 m_ctr.SetCipherWithIV(cipher, m_buffer);
<a name="l00045"></a>00045
<a name="l00046"></a>00046 m_ctr.Seek(REQUIRED_BLOCKSIZE);
<a name="l00047"></a>00047 m_aadLength = 0;
<a name="l00048"></a>00048 m_messageLength = 0;
<a name="l00049"></a>00049 }
<a name="l00050"></a>00050
<a name="l00051"></a>00051 <span class="keywordtype">void</span> CCM_Base::UncheckedSpecifyDataLengths(lword headerLength, lword messageLength, lword footerLength)
<a name="l00052"></a>00052 {
<a name="l00053"></a>00053 <span class="keywordflow">if</span> (m_state != State_IVSet)
<a name="l00054"></a>00054 <span class="keywordflow">throw</span> BadState(<a class="code" href="class_c_c_m___base.html#a016a9f6d101724b502bd952fd91dc82f" title="returns name of this algorithm, not universally implemented yet">AlgorithmName</a>(), <span class="stringliteral">"SpecifyDataLengths"</span>, <span class="stringliteral">"or after State_IVSet"</span>);
<a name="l00055"></a>00055
<a name="l00056"></a>00056 m_aadLength = headerLength;
<a name="l00057"></a>00057 m_messageLength = messageLength;
<a name="l00058"></a>00058
<a name="l00059"></a>00059 byte *cbcBuffer = CBC_Buffer();
<a name="l00060"></a>00060 <span class="keyword">const</span> <a class="code" href="class_block_cipher.html" title="interface for one direction (encryption or decryption) of a block cipher">BlockCipher</a> &cipher = GetBlockCipher();
<a name="l00061"></a>00061
<a name="l00062"></a>00062 cbcBuffer[0] = byte(64*(headerLength>0) + 8*((m_digestSize-2)/2) + (m_L-1)); <span class="comment">// flag</span>
<a name="l00063"></a>00063 PutWord<word64>(<span class="keyword">true</span>, BIG_ENDIAN_ORDER, cbcBuffer+REQUIRED_BLOCKSIZE-8, m_messageLength);
<a name="l00064"></a>00064 memcpy(cbcBuffer+1, m_buffer+1, REQUIRED_BLOCKSIZE-1-m_L);
<a name="l00065"></a>00065 cipher.<a class="code" href="class_block_transformation.html#a2fefb3f4c6c6297c0c91fcbba9e4f4f3" title="encrypt or decrypt one block">ProcessBlock</a>(cbcBuffer);
<a name="l00066"></a>00066
<a name="l00067"></a>00067 <span class="keywordflow">if</span> (headerLength>0)
<a name="l00068"></a>00068 {
<a name="l00069"></a>00069 assert(m_bufferedDataLength == 0);
<a name="l00070"></a>00070
<a name="l00071"></a>00071 <span class="keywordflow">if</span> (headerLength < ((1<<16) - (1<<8)))
<a name="l00072"></a>00072 {
<a name="l00073"></a>00073 PutWord<word16>(<span class="keyword">true</span>, BIG_ENDIAN_ORDER, m_buffer, (word16)headerLength);
<a name="l00074"></a>00074 m_bufferedDataLength = 2;
<a name="l00075"></a>00075 }
<a name="l00076"></a>00076 <span class="keywordflow">else</span> <span class="keywordflow">if</span> (headerLength < (W64LIT(1)<<32))
<a name="l00077"></a>00077 {
<a name="l00078"></a>00078 m_buffer[0] = 0xff;
<a name="l00079"></a>00079 m_buffer[1] = 0xfe;
<a name="l00080"></a>00080 PutWord<word32>(<span class="keyword">false</span>, BIG_ENDIAN_ORDER, m_buffer+2, (word32)headerLength);
<a name="l00081"></a>00081 m_bufferedDataLength = 6;
<a name="l00082"></a>00082 }
<a name="l00083"></a>00083 <span class="keywordflow">else</span>
<a name="l00084"></a>00084 {
<a name="l00085"></a>00085 m_buffer[0] = 0xff;
<a name="l00086"></a>00086 m_buffer[1] = 0xff;
<a name="l00087"></a>00087 PutWord<word64>(<span class="keyword">false</span>, BIG_ENDIAN_ORDER, m_buffer+2, headerLength);
<a name="l00088"></a>00088 m_bufferedDataLength = 10;
<a name="l00089"></a>00089 }
<a name="l00090"></a>00090 }
<a name="l00091"></a>00091 }
<a name="l00092"></a>00092
<a name="l00093"></a>00093 <span class="keywordtype">size_t</span> CCM_Base::AuthenticateBlocks(<span class="keyword">const</span> byte *data, <span class="keywordtype">size_t</span> len)
<a name="l00094"></a>00094 {
<a name="l00095"></a>00095 byte *cbcBuffer = CBC_Buffer();
<a name="l00096"></a>00096 <span class="keyword">const</span> <a class="code" href="class_block_cipher.html" title="interface for one direction (encryption or decryption) of a block cipher">BlockCipher</a> &cipher = GetBlockCipher();
<a name="l00097"></a>00097 <span class="keywordflow">return</span> cipher.<a class="code" href="class_block_transformation.html#adcff119bb709c84bfaaab8d1871b018c" title="encrypt and xor blocks according to flags (see FlagsForAdvancedProcessBlocks)">AdvancedProcessBlocks</a>(cbcBuffer, data, cbcBuffer, len, BlockTransformation::BT_DontIncrementInOutPointers|BlockTransformation::BT_XorInput);
<a name="l00098"></a>00098 }
<a name="l00099"></a>00099
<a name="l00100"></a>00100 <span class="keywordtype">void</span> CCM_Base::AuthenticateLastHeaderBlock()
<a name="l00101"></a>00101 {
<a name="l00102"></a>00102 byte *cbcBuffer = CBC_Buffer();
<a name="l00103"></a>00103 <span class="keyword">const</span> <a class="code" href="class_block_cipher.html" title="interface for one direction (encryption or decryption) of a block cipher">BlockCipher</a> &cipher = GetBlockCipher();
<a name="l00104"></a>00104
<a name="l00105"></a>00105 <span class="keywordflow">if</span> (m_aadLength != m_totalHeaderLength)
<a name="l00106"></a>00106 <span class="keywordflow">throw</span> <a class="code" href="class_invalid_argument.html" title="exception thrown when an invalid argument is detected">InvalidArgument</a>(<a class="code" href="class_c_c_m___base.html#a016a9f6d101724b502bd952fd91dc82f" title="returns name of this algorithm, not universally implemented yet">AlgorithmName</a>() + <span class="stringliteral">": header length doesn't match that given in SpecifyDataLengths"</span>);
<a name="l00107"></a>00107
<a name="l00108"></a>00108 <span class="keywordflow">if</span> (m_bufferedDataLength > 0)
<a name="l00109"></a>00109 {
<a name="l00110"></a>00110 xorbuf(cbcBuffer, m_buffer, m_bufferedDataLength);
<a name="l00111"></a>00111 cipher.<a class="code" href="class_block_transformation.html#a2fefb3f4c6c6297c0c91fcbba9e4f4f3" title="encrypt or decrypt one block">ProcessBlock</a>(cbcBuffer);
<a name="l00112"></a>00112 m_bufferedDataLength = 0;
<a name="l00113"></a>00113 }
<a name="l00114"></a>00114 }
<a name="l00115"></a>00115
<a name="l00116"></a>00116 <span class="keywordtype">void</span> CCM_Base::AuthenticateLastConfidentialBlock()
<a name="l00117"></a>00117 {
<a name="l00118"></a>00118 byte *cbcBuffer = CBC_Buffer();
<a name="l00119"></a>00119 <span class="keyword">const</span> <a class="code" href="class_block_cipher.html" title="interface for one direction (encryption or decryption) of a block cipher">BlockCipher</a> &cipher = GetBlockCipher();
<a name="l00120"></a>00120
<a name="l00121"></a>00121 <span class="keywordflow">if</span> (m_messageLength != m_totalMessageLength)
<a name="l00122"></a>00122 <span class="keywordflow">throw</span> <a class="code" href="class_invalid_argument.html" title="exception thrown when an invalid argument is detected">InvalidArgument</a>(<a class="code" href="class_c_c_m___base.html#a016a9f6d101724b502bd952fd91dc82f" title="returns name of this algorithm, not universally implemented yet">AlgorithmName</a>() + <span class="stringliteral">": message length doesn't match that given in SpecifyDataLengths"</span>);
<a name="l00123"></a>00123
<a name="l00124"></a>00124 <span class="keywordflow">if</span> (m_bufferedDataLength > 0)
<a name="l00125"></a>00125 {
<a name="l00126"></a>00126 xorbuf(cbcBuffer, m_buffer, m_bufferedDataLength);
<a name="l00127"></a>00127 cipher.<a class="code" href="class_block_transformation.html#a2fefb3f4c6c6297c0c91fcbba9e4f4f3" title="encrypt or decrypt one block">ProcessBlock</a>(cbcBuffer);
<a name="l00128"></a>00128 m_bufferedDataLength = 0;
<a name="l00129"></a>00129 }
<a name="l00130"></a>00130 }
<a name="l00131"></a>00131
<a name="l00132"></a>00132 <span class="keywordtype">void</span> CCM_Base::AuthenticateLastFooterBlock(byte *mac, <span class="keywordtype">size_t</span> macSize)
<a name="l00133"></a>00133 {
<a name="l00134"></a>00134 m_ctr.Seek(0);
<a name="l00135"></a>00135 m_ctr.ProcessData(mac, CBC_Buffer(), macSize);
<a name="l00136"></a>00136 }
<a name="l00137"></a>00137
<a name="l00138"></a>00138 NAMESPACE_END
<a name="l00139"></a>00139
<a name="l00140"></a>00140 <span class="preprocessor">#endif</span>
</pre></div></div>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Oct 16 2011 for Crypto++ by 
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.4 </small></address>
</body>
</html>
