jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
416 Commits
2 Branches
1.6 MiB
 
 
 
 
 
Tree: 4caefd358b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4caefd358b'
${ noResults }
ed448goldilocks/src/include/decaf/strobe.hxx

240 lines
8.8 KiB
Raw Blame History 

  1. /**

  2.  * @file decaf/strobe.hxx

  3.  * @copyright

  4.  *   Based on CC0 code by David Leon Gil, 2015 \n

  5.  *   Copyright (c) 2015 Cryptography Research, Inc.  \n

  6.  *   Released under the MIT License.  See LICENSE.txt for license information.

  7.  * @author Mike Hamburg

  8.  * @brief STROBE instances, C++ wrapper.

  9.  * @warning This protocol framework is entirely experimental, and shouldn't be

  10.  * relied on for anything serious yet.

  11.  */

  12. 

  13. #ifndef __DECAF_STROBE_HXX__

  14. #define __DECAF_STROBE_HXX__

  15. 

  16. #include <decaf/strobe.h>

  17. 

  18. #include <sys/types.h>

  19. 

  20. 

  21. /** @cond internal */

  22. #if __cplusplus >= 201103L

  23. #define NOEXCEPT noexcept

  24. #define DELETE = delete

  25. #else

  26. #define NOEXCEPT throw()

  27. #define DELETE

  28. #endif

  29. /** @endcond */

  30. 

  31. namespace decaf {

  32. 

  33. /** @brief An exception for misused protocol, eg encrypt with no key. */

  34. class ProtocolException : public std::exception {

  35. public:

  36.     /** @return "ProtocolException" */

  37.     virtual const char * what() const NOEXCEPT { return "ProtocolException"; }

  38. };

  39. 

  40. /** STROBE protocol framework object */

  41. class Strobe {

  42. public:

  43.     /** The wrapped object */

  44.     keccak_decaf_TOY_strobe_t wrapped;

  45.     

  46.     /** Number of bytes in a default authentication size. */

  47.     static const uint16_t DEFAULT_AUTH_SIZE = 16;

  48.     

  49.     /** Am I a server or a client? */

  50.     enum client_or_server { SERVER, CLIENT };

  51.     

  52.     /** Create protocol object. */

  53.     inline Strobe (

  54.         const char *description, /**< Description of this protocol. */

  55.         client_or_server whoami, /**< Am I client or server? */

  56.         const decaf_kparams_s &params = STROBE_256 /**< Strength parameters */

  57.     ) NOEXCEPT {

  58.         decaf_TOY_strobe_init(wrapped, &params, description, whoami == CLIENT);

  59.         keyed = false;

  60.     }

  61.     

  62.     /** Securely destroy by overwriting state. */

  63.     inline ~Strobe() NOEXCEPT { decaf_TOY_strobe_destroy(wrapped); }

  64. 

  65.     /** Stir in fixed key, from a C++ block. */

  66.     inline void fixed_key (

  67.         const Block &data /**< The key. */

  68.     ) throw(ProtocolException) {

  69.         decaf_TOY_strobe_fixed_key(wrapped, data.data(), data.size());

  70.         keyed = true;

  71.     }

  72. 

  73.     /** Stir in fixed key, from a serializeable object. */

  74.     template<class T> inline void fixed_key (

  75.         const Serializable<T> &data /**< The key. */

  76.     ) throw(ProtocolException) {

  77.         fixed_key(data.serialize());

  78.     }

  79. 

  80.     /** Stir in DH key, from a C++ block. */

  81.     inline void dh_key (

  82.         const Block &data /**< The key. */

  83.     ) throw(ProtocolException) {

  84.         decaf_TOY_strobe_dh_key(wrapped, data.data(), data.size());

  85.         keyed = true;

  86.     }

  87. 

  88.     /** Stir in DH key, from a serializeable object. */

  89.     template<class T> inline void dh_key (

  90.         const Serializable<T> &data /**< The key. */

  91.     ) throw(ProtocolException) {

  92.         dh_key(data.serialize());

  93.     }

  94. 

  95.     /** Stir in an explicit nonce. */

  96.     inline void nonce(const Block &data) NOEXCEPT {

  97.         decaf_TOY_strobe_nonce(wrapped, data.data(), data.size());

  98.     }

  99. 

  100.     /** Stir in data we sent as plaintext.  NB This doesn't actually send anything. */

  101.     inline void send_plaintext(const Block &data) NOEXCEPT {

  102.         decaf_TOY_strobe_plaintext(wrapped, data.data(), data.size(), true);

  103.     }

  104. 

  105.     /** Stir in serializeable data we sent as plaintext.  NB This doesn't actually send anything. */

  106.     template<class T> inline void send_plaintext(const Serializable<T> &data) NOEXCEPT {

  107.         send_plaintext(data.serialize());

  108.     }

  109. 

  110.     /** Stir in data we received as plaintext.  NB This doesn't actually receive anything. */

  111.     inline void recv_plaintext(const Block &data) NOEXCEPT {

  112.         decaf_TOY_strobe_plaintext(wrapped, data.data(), data.size(), false);

  113.     }

  114. 

  115.     /** Stir in associated data. */

  116.     inline void ad(const Block &data) {

  117.         decaf_TOY_strobe_ad(wrapped, data.data(), data.size());

  118.     }

  119. 

  120.     /** Stir in associated serializable data. */

  121.     template<class T> inline void ad(const Serializable<T> &data) NOEXCEPT {

  122.         ad(data.serialize());

  123.     }

  124.     

  125.     /** Encrypt into a buffer, without appending authentication data */

  126.     inline void encrypt_no_auth(Buffer out, const Block &data) throw(LengthException,ProtocolException) {

  127.         if (!keyed) throw ProtocolException();

  128.         if (out.size() != data.size()) throw LengthException();

  129.         decaf_TOY_strobe_encrypt(wrapped, out.data(), data.data(), data.size());

  130.     }

  131.     

  132.     /** Encrypt, without appending authentication data */

  133.     inline SecureBuffer encrypt_no_auth(const Block &data) throw(ProtocolException) {

  134.         SecureBuffer out(data.size()); encrypt_no_auth(out, data); return out;

  135.     }

  136.     

  137.     /** Encrypt a serializable object, without appending authentication data */

  138.     template<class T> inline SecureBuffer encrypt_no_auth(const Serializable<T> &data) throw(ProtocolException) {

  139.         return encrypt_no_auth(data.serialize());

  140.     }

  141.     

  142.     /** Decrypt into a buffer, without checking authentication data. */

  143.     inline void decrypt_no_auth(Buffer out, const Block &data) throw(LengthException,ProtocolException) {

  144.         if (!keyed) throw ProtocolException();

  145.         if (out.size() != data.size()) throw LengthException();

  146.         decaf_TOY_strobe_decrypt(wrapped, out.data(), data.data(), data.size());

  147.     }

  148.     

  149.     /** Decrypt, without checking authentication data. */

  150.     inline SecureBuffer decrypt_no_auth(const Block &data) throw(ProtocolException) {

  151.         SecureBuffer out(data.size()); decrypt_no_auth(out, data); return out;

  152.     }

  153.     

  154.     /** Produce an authenticator into a buffer. */

  155.     inline void produce_auth(Buffer out, bool even_though_unkeyed = false) throw(LengthException,ProtocolException) {

  156.         if (!keyed && !even_though_unkeyed) throw ProtocolException();

  157.         if (out.size() > STROBE_MAX_AUTH_BYTES) throw LengthException();

  158.         decaf_TOY_strobe_produce_auth(wrapped, out.data(), out.size());

  159.     }

  160.     

  161.     /** Produce an authenticator. */

  162.     inline SecureBuffer produce_auth(uint8_t bytes = DEFAULT_AUTH_SIZE) throw(ProtocolException) {

  163.         SecureBuffer out(bytes); produce_auth(out); return out;

  164.     }

  165.     

  166.     /** Encrypt into a buffer and append authentication data */

  167.     inline void encrypt(

  168.         Buffer out, const Block &data, uint8_t auth = DEFAULT_AUTH_SIZE

  169.     ) throw(LengthException,ProtocolException) {

  170.         if (out.size() < data.size() || out.size() != data.size() + auth) throw LengthException();

  171.         encrypt_no_auth(out.slice(0,data.size()), data);

  172.         produce_auth(out.slice(data.size(),auth));

  173.     }

  174.     

  175.     /** Encrypt and append authentication data */

  176.     inline SecureBuffer encrypt (

  177.         const Block &data, uint8_t auth = DEFAULT_AUTH_SIZE

  178.     ) throw(LengthException,ProtocolException,std::bad_alloc ){

  179.         SecureBuffer out(data.size() + auth); encrypt(out, data, auth); return out;

  180.     }

  181.     

  182.     /** Encrypt a serializable object and append authentication data */

  183.     template<class T> inline SecureBuffer encrypt (

  184.         const Serializable<T> &data, uint8_t auth = DEFAULT_AUTH_SIZE

  185.     ) throw(LengthException,ProtocolException,std::bad_alloc ){

  186.         return encrypt(data.serialize(), auth);

  187.     }

  188.     

  189.     /** Decrypt into a buffer and check authentication data */

  190.     inline void decrypt (

  191.         Buffer out, const Block &data, uint8_t bytes = DEFAULT_AUTH_SIZE

  192.     ) throw(LengthException, CryptoException, ProtocolException) {

  193.         if (out.size() > data.size() || out.size() != data.size() - bytes) throw LengthException();

  194.         decrypt_no_auth(out, data.slice(0,out.size()));

  195.         verify_auth(data.slice(out.size(),bytes));

  196.     }

  197.     

  198.     /** Decrypt and check authentication data */

  199.     inline SecureBuffer decrypt (

  200.         const Block &data, uint8_t bytes = DEFAULT_AUTH_SIZE

  201.     ) throw(LengthException,CryptoException,ProtocolException,std::bad_alloc) {

  202.         if (data.size() < bytes) throw LengthException();

  203.         SecureBuffer out(data.size() - bytes); decrypt(out, data, bytes); return out;

  204.     }

  205.     

  206.     /** Check authentication data */

  207.     inline void verify_auth(const Block &auth) throw(LengthException,CryptoException) {

  208.         if (auth.size() == 0 || auth.size() > STROBE_MAX_AUTH_BYTES) throw LengthException();

  209.         if (decaf_TOY_strobe_verify_auth(wrapped, auth.data(), auth.size()) != DECAF_SUCCESS) throw CryptoException();

  210.     }

  211.     

  212.     /** Fill pseudorandom data into a buffer */

  213.     inline void prng(Buffer out) NOEXCEPT {

  214.         (void)decaf_TOY_strobe_prng(wrapped, out.data(), out.size());

  215.     }

  216.     

  217.     /** Return pseudorandom data */

  218.     inline SecureBuffer prng(size_t bytes) {

  219.         SecureBuffer out(bytes); prng(out); return out;

  220.     }

  221.     

  222.     /** Change specs, perhaps to a faster spec that takes advantage of being keyed.

  223.      * @warning Experimental.

  224.      */

  225.     inline void respec(const decaf_kparams_s &params) throw(ProtocolException) {

  226.         if (!keyed) throw(ProtocolException());

  227.         decaf_TOY_strobe_respec(wrapped, &params);

  228.     }

  229.     

  230. private:

  231.     bool keyed;

  232. };

  233.   

  234. } /* namespace decaf */

  235. 

  236. #undef NOEXCEPT

  237. #undef DELETE

  238. 

  239. #endif /* __DECAF_STROBE_HXX__ */