diff options
Diffstat (limited to 'default.h')
-rw-r--r-- | default.h | 110 |
1 files changed, 100 insertions, 10 deletions
@@ -1,8 +1,7 @@ // default.h - written and placed in the public domain by Wei Dai
-//! \file
-//! \headerfile default.h
-//! \brief Classes for DefaultEncryptor, DefaultEncryptorWithMAC and decryptors
+//! \file default.h
+//! \brief Classes for DefaultEncryptor, DefaultDecryptor, DefaultEncryptorWithMAC and DefaultDecryptorWithMAC
#ifndef CRYPTOPP_DEFAULT_H
#define CRYPTOPP_DEFAULT_H
@@ -16,15 +15,29 @@ NAMESPACE_BEGIN(CryptoPP)
-typedef DES_EDE2 Default_BlockCipher;
+//! \brief Default block cipher for DefaultEncryptor, DefaultDecryptor, DefaultEncryptorWithMAC and DefaultDecryptorWithMAC
+typedef DES_EDE2 DefaultBlockCipher;
+//! \brief Default hash for use with DefaultEncryptorWithMAC and DefaultDecryptorWithMAC
typedef SHA DefaultHashModule;
+//! \brief Default HMAC for use withDefaultEncryptorWithMAC and DefaultDecryptorWithMAC
typedef HMAC<DefaultHashModule> DefaultMAC;
-//! Password-Based Encryptor using DES-EDE2
+//! \class DefaultEncryptor
+//! \brief Password-Based Encryptor using TripleDES
+//! \details The class uses 2-key TripleDES (DES_EDE2) for encryption, which only
+//! provides about 80-bits of security.
class DefaultEncryptor : public ProxyFilter
{
public:
+ //! \brief Construct a DefaultEncryptor
+ //! \param passphrase a C-String password
+ //! \param attachment a BufferedTransformation to attach to this object
DefaultEncryptor(const char *passphrase, BufferedTransformation *attachment = NULL);
+
+ //! \brief Construct a DefaultEncryptor
+ //! \param passphrase a byte string password
+ //! \param passphraseLength the length of the byte string password
+ //! \param attachment a BufferedTransformation to attach to this object
DefaultEncryptor(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULL);
protected:
@@ -33,14 +46,34 @@ protected: private:
SecByteBlock m_passphrase;
- CBC_Mode<Default_BlockCipher>::Encryption m_cipher;
+ CBC_Mode<DefaultBlockCipher>::Encryption m_cipher;
+
+#if (CRYPTOPP_GCC_VERSION >= 40300) || (CRYPTOPP_CLANG_VERSION >= 20800)
+} __attribute__((deprecated ("DefaultEncryptor will be changing in the near future because the algorithms are no longer secure")));
+#elif (CRYPTOPP_GCC_VERSION)
+} __attribute__((deprecated));
+#else
};
+#endif
-//! Password-Based Decryptor using DES-EDE2
+//! \class DefaultDecryptor
+//! \brief Password-Based Decryptor using TripleDES
+//! \details The class uses 2-key TripleDES (DES_EDE2) for encryption, which only
+//! provides about 80-bits of security.
class DefaultDecryptor : public ProxyFilter
{
public:
+ //! \brief Constructs a DefaultDecryptor
+ //! \param passphrase a C-String password
+ //! \param attachment a BufferedTransformation to attach to this object
+ //! \param throwException a flag specifiying whether an Exception should be thrown on error
DefaultDecryptor(const char *passphrase, BufferedTransformation *attachment = NULL, bool throwException=true);
+
+ //! \brief Constructs a DefaultDecryptor
+ //! \param passphrase a byte string password
+ //! \param passphraseLength the length of the byte string password
+ //! \param attachment a BufferedTransformation to attach to this object
+ //! \param throwException a flag specifiying whether an Exception should be thrown on error
DefaultDecryptor(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULL, bool throwException=true);
class Err : public Exception
@@ -64,16 +97,39 @@ private: void CheckKey(const byte *salt, const byte *keyCheck);
SecByteBlock m_passphrase;
- CBC_Mode<Default_BlockCipher>::Decryption m_cipher;
+ CBC_Mode<DefaultBlockCipher>::Decryption m_cipher;
member_ptr<FilterWithBufferedInput> m_decryptor;
bool m_throwException;
+
+#if (CRYPTOPP_GCC_VERSION >= 40300) || (CRYPTOPP_CLANG_VERSION >= 20800)
+} __attribute__((deprecated ("DefaultDecryptor will be changing in the near future because the algorithms are no longer secure")));
+#elif (CRYPTOPP_GCC_VERSION)
+} __attribute__((deprecated));
+#else
};
+#endif
-//! Password-Based Encryptor using DES-EDE2 and HMAC/SHA-1
+//! \class DefaultEncryptorWithMAC
+//! \brief Password-Based encryptor using TripleDES and HMAC/SHA-1
+//! \details DefaultEncryptorWithMAC uses a non-standard mashup function called Mash() to derive key
+//! bits from the password. The class also uses 2-key TripleDES (DES_EDE2) for encryption, which only
+//! provides about 80-bits of security.
+//! \details The purpose of the function Mash() is to take an arbitrary length input string and
+//! *deterministicly* produce an arbitrary length output string such that (1) it looks random,
+//! (2) no information about the input is deducible from it, and (3) it contains as much entropy
+//! as it can hold, or the amount of entropy in the input string, whichever is smaller.
class DefaultEncryptorWithMAC : public ProxyFilter
{
public:
+ //! \brief Constructs a DefaultEncryptorWithMAC
+ //! \param passphrase a C-String password
+ //! \param attachment a BufferedTransformation to attach to this object
DefaultEncryptorWithMAC(const char *passphrase, BufferedTransformation *attachment = NULL);
+
+ //! \brief Constructs a DefaultEncryptorWithMAC
+ //! \param passphrase a byte string password
+ //! \param passphraseLength the length of the byte string password
+ //! \param attachment a BufferedTransformation to attach to this object
DefaultEncryptorWithMAC(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULL);
protected:
@@ -82,15 +138,42 @@ protected: private:
member_ptr<DefaultMAC> m_mac;
+
+#if (CRYPTOPP_GCC_VERSION >= 40300) || (CRYPTOPP_CLANG_VERSION >= 20800)
+} __attribute__((deprecated ("DefaultEncryptorWithMAC will be changing in the near future because the algorithms are no longer secure")));
+#elif (CRYPTOPP_GCC_VERSION)
+} __attribute__((deprecated));
+#else
};
+#endif
-//! Password-Based Decryptor using DES-EDE2 and HMAC/SHA-1
+//! \class DefaultDecryptorWithMAC
+//! \brief Password-Based decryptor using TripleDES and HMAC/SHA-1
+//! \details DefaultDecryptorWithMAC uses a non-standard mashup function called Mash() to derive key
+//! bits from the password. The class also uses 2-key TripleDES (DES_EDE2) for encryption, which only
+//! provides about 80-bits of security.
+//! \details The purpose of the function Mash() is to take an arbitrary length input string and
+//! *deterministicly* produce an arbitrary length output string such that (1) it looks random,
+//! (2) no information about the input is deducible from it, and (3) it contains as much entropy
+//! as it can hold, or the amount of entropy in the input string, whichever is smaller.
class DefaultDecryptorWithMAC : public ProxyFilter
{
public:
+ //! \class MACBadErr
+ //! \brief Excpetion thrown when an incorrect MAC is encountered
class MACBadErr : public DefaultDecryptor::Err {public: MACBadErr() : DefaultDecryptor::Err("DefaultDecryptorWithMAC: MAC check failed") {}};
+ //! \brief Constructs a DefaultDecryptor
+ //! \param passphrase a C-String password
+ //! \param attachment a BufferedTransformation to attach to this object
+ //! \param throwException a flag specifiying whether an Exception should be thrown on error
DefaultDecryptorWithMAC(const char *passphrase, BufferedTransformation *attachment = NULL, bool throwException=true);
+
+ //! \brief Constructs a DefaultDecryptor
+ //! \param passphrase a byte string password
+ //! \param passphraseLength the length of the byte string password
+ //! \param attachment a BufferedTransformation to attach to this object
+ //! \param throwException a flag specifiying whether an Exception should be thrown on error
DefaultDecryptorWithMAC(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULL, bool throwException=true);
DefaultDecryptor::State CurrentState() const;
@@ -104,7 +187,14 @@ private: member_ptr<DefaultMAC> m_mac;
HashVerifier *m_hashVerifier;
bool m_throwException;
+
+#if (CRYPTOPP_GCC_VERSION >= 40300) || (CRYPTOPP_CLANG_VERSION >= 20800)
+} __attribute__((deprecated ("DefaultDecryptorWithMAC will be changing in the near future because the algorithms are no longer secure")));
+#elif (CRYPTOPP_GCC_VERSION)
+} __attribute__((deprecated));
+#else
};
+#endif
NAMESPACE_END
|