11 #include <botan/fpe_fe1.h>
12 #include <botan/numthry.h>
13 #include <botan/hmac.h>
14 #include <botan/sha2_32.h>
24 const size_t MAX_N_BYTES = 128/8;
41 a <<= (n_low_zero / 2);
42 b <<= n_low_zero - (n_low_zero / 2);
63 throw std::runtime_error(
"Could not factor n for use in FPE");
75 throw std::logic_error(
"FPE rounds: a < b");
89 ~FPE_Encryptor() {
delete mac; }
94 MessageAuthenticationCode*
mac;
100 const MemoryRegion<byte>& tweak)
102 mac =
new HMAC(
new SHA_256);
107 if(n_bin.size() > MAX_N_BYTES)
108 throw std::runtime_error(
"N is too large for FPE encryption");
110 mac->update_be(static_cast<u32bit>(n_bin.size()));
111 mac->update(&n_bin[0], n_bin.size());
113 mac->update_be(static_cast<u32bit>(tweak.size()));
114 mac->update(&tweak[0], tweak.size());
119 BigInt FPE_Encryptor::operator()(
size_t round_no,
const BigInt& R)
124 mac->update_be(static_cast<u32bit>(round_no));
126 mac->update_be(static_cast<u32bit>(r_bin.size()));
127 mac->update(&r_bin[0], r_bin.size());
129 SecureVector<byte> X =
mac->final();
130 return BigInt(&X[0], X.size());
142 FPE_Encryptor F(key, n, tweak);
147 const size_t r = rounds(a, b);
151 for(
size_t i = 0; i !=
r; ++i)
156 BigInt W = (L + F(i, R)) % a;
170 FPE_Encryptor F(key, n, tweak);
175 const size_t r = rounds(a, b);
179 for(
size_t i = 0; i !=
r; ++i)
184 BigInt L = (W - F(r-i-1, R)) % a;
const size_t PRIME_TABLE_SIZE
BigInt fe1_encrypt(const BigInt &n, const BigInt &X0, const SymmetricKey &key, const MemoryRegion< byte > &tweak)
SecureVector< byte > mac_n_t
BigInt fe1_decrypt(const BigInt &n, const BigInt &X0, const SymmetricKey &key, const MemoryRegion< byte > &tweak)
static SecureVector< byte > encode(const BigInt &n, Base base=Binary)
MessageAuthenticationCode * mac
size_t low_zero_bits(const BigInt &n)
const u16bit BOTAN_DLL PRIMES[]
void swap(Botan::MemoryRegion< T > &x, Botan::MemoryRegion< T > &y)