Botan  1.10.9
dlies.cpp
Go to the documentation of this file.
1 /*
2 * DLIES
3 * (C) 1999-2007 Jack Lloyd
4 *
5 * Distributed under the terms of the Botan license
6 */
7 
8 #include <botan/dlies.h>
9 #include <botan/internal/xor_buf.h>
10 
11 namespace Botan {
12 
13 /*
14 * DLIES_Encryptor Constructor
15 */
17  KDF* kdf_obj,
19  size_t mac_kl) :
20  ka(key, "Raw"),
21  kdf(kdf_obj),
22  mac(mac_obj),
23  mac_keylen(mac_kl)
24  {
25  my_key = key.public_value();
26  }
27 
29  {
30  delete kdf;
31  delete mac;
32  }
33 
34 /*
35 * DLIES Encryption
36 */
37 SecureVector<byte> DLIES_Encryptor::enc(const byte in[], size_t length,
38  RandomNumberGenerator&) const
39  {
40  if(length > maximum_input_size())
41  throw Invalid_Argument("DLIES: Plaintext too large");
42  if(other_key.empty())
43  throw Invalid_State("DLIES: The other key was never set");
44 
45  SecureVector<byte> out(my_key.size() + length + mac->output_length());
46  out.copy(&my_key[0], my_key.size());
47  out.copy(my_key.size(), in, length);
48 
49  SecureVector<byte> vz = my_key;
50  vz += ka.derive_key(0, other_key).bits_of();
51 
52  const size_t K_LENGTH = length + mac_keylen;
53  OctetString K = kdf->derive_key(K_LENGTH, vz);
54 
55  if(K.length() != K_LENGTH)
56  throw Encoding_Error("DLIES: KDF did not provide sufficient output");
57  byte* C = &out[my_key.size()];
58 
59  xor_buf(C, K.begin() + mac_keylen, length);
60  mac->set_key(K.begin(), mac_keylen);
61 
62  mac->update(C, length);
63  for(size_t j = 0; j != 8; ++j)
64  mac->update(0);
65 
66  mac->final(C + length);
67 
68  return out;
69  }
70 
71 /*
72 * Set the other parties public key
73 */
75  {
76  other_key = ok;
77  }
78 
79 /*
80 * Return the max size, in bytes, of a message
81 */
82 size_t DLIES_Encryptor::maximum_input_size() const
83  {
84  return 32;
85  }
86 
87 /*
88 * DLIES_Decryptor Constructor
89 */
91  KDF* kdf_obj,
93  size_t mac_kl) :
94  ka(key, "Raw"),
95  kdf(kdf_obj),
96  mac(mac_obj),
97  mac_keylen(mac_kl)
98  {
99  my_key = key.public_value();
100  }
101 
103  {
104  delete kdf;
105  delete mac;
106  }
107 
108 /*
109 * DLIES Decryption
110 */
111 SecureVector<byte> DLIES_Decryptor::dec(const byte msg[], size_t length) const
112  {
113  if(length < my_key.size() + mac->output_length())
114  throw Decoding_Error("DLIES decryption: ciphertext is too short");
115 
116  const size_t CIPHER_LEN = length - my_key.size() - mac->output_length();
117 
118  SecureVector<byte> v(msg, my_key.size());
119  SecureVector<byte> C(msg + my_key.size(), CIPHER_LEN);
120  SecureVector<byte> T(msg + my_key.size() + CIPHER_LEN, mac->output_length());
121 
122  SecureVector<byte> vz(msg, my_key.size());
123  vz += ka.derive_key(0, v).bits_of();
124 
125  const size_t K_LENGTH = C.size() + mac_keylen;
126  OctetString K = kdf->derive_key(K_LENGTH, vz);
127  if(K.length() != K_LENGTH)
128  throw Encoding_Error("DLIES: KDF did not provide sufficient output");
129 
130  mac->set_key(K.begin(), mac_keylen);
131  mac->update(C);
132  for(size_t j = 0; j != 8; ++j)
133  mac->update(0);
134  SecureVector<byte> T2 = mac->final();
135  if(T != T2)
136  throw Decoding_Error("DLIES: message authentication failed");
137 
138  xor_buf(C, K.begin() + mac_keylen, C.size());
139 
140  return C;
141  }
142 
143 }
SymmetricKey derive_key(size_t key_len, const byte in[], size_t in_len, const byte params[], size_t params_len) const
Definition: pubkey.cpp:379
std::invalid_argument Invalid_Argument
Definition: exceptn.h:20
void copy(const T in[], size_t n)
Definition: secmem.h:120
size_t length() const
Definition: symkey.h:25
unsigned char byte
Definition: types.h:22
SecureVector< byte > bits_of() const
Definition: symkey.h:30
DLIES_Encryptor(const PK_Key_Agreement_Key &, KDF *kdf, MessageAuthenticationCode *mac, size_t mac_key_len=20)
Definition: dlies.cpp:16
void set_key(const SymmetricKey &key)
Definition: sym_algo.h:60
const byte * begin() const
Definition: symkey.h:35
MessageAuthenticationCode * mac
Definition: fpe_fe1.cpp:94
bool empty() const
Definition: secmem.h:35
void update(const byte in[], size_t length)
Definition: buf_comp.h:33
SecureVector< byte > derive_key(size_t key_len, const MemoryRegion< byte > &secret, const std::string &salt="") const
Definition: kdf.cpp:15
size_t size() const
Definition: secmem.h:29
virtual MemoryVector< byte > public_value() const =0
void final(byte out[])
Definition: buf_comp.h:80
void set_other_key(const MemoryRegion< byte > &)
Definition: dlies.cpp:74
Definition: kdf.h:20
DLIES_Decryptor(const PK_Key_Agreement_Key &, KDF *kdf, MessageAuthenticationCode *mac, size_t mac_key_len=20)
Definition: dlies.cpp:90
void xor_buf(byte out[], const byte in[], size_t length)
Definition: xor_buf.h:21
virtual size_t output_length() const =0