Hi All/Wei,
Grinding through CCM... CCM is most important to me (hence the
attention). But I suspect GCM will experience about the same.
Visual Studio's 'Auto Member Complete' is acting more like 'Selective
Member Complete' so I've spent more time in the source files than I
desire. Member Complete is acting like a banking executive in a
hearing before congress - it takes a lot of shaking to get the truth
out of it...
First issue (I did not set the Key/IV). Perhaps an error about keying
would be more appropriate:
CCM< AES, 96 >::Encryption e;
AuthenticatedEncryptionFilter ef( e, ... )
caught "Message length exceeds maximum"
Second issue (I did not use SetMessageLength). This behavior is
awkward. I'd kind of like to send data in through the filter. When
complete, process it on the default (Encrypted and Authenticated)
channel. The odd thing is that cipher text _is populated_ and an
exception is thrown:
AuthenticatedEncryptionFilter ef( e,
new HexEncoder( new StringSink( cipher ) )
); // AuthenticatedEncryptionFilter
ef.Put( plain.c_str(), plain.length() );
ef.MessageEnd();
caught "Message length does not match that of SpecifyDataLength"
Third Issue (attempting to specify data length). I can't seem to get
to the underlying AssymetricSymmetricCipher. Obviously, the following
does not work but it is what I want (I think it is more 'selective
member complete syndrome'):
CCM< AES, 96 >::Encryption e;
AuthenticatedEncryptionFilter ef( e, new StringSink( cipher ) )
ef.SpecifyDataLengths( 0, plain.length(), 0 );
ef.Put( plain.c_str(), plain.length() );
ef.MessageEnd();
In the end, I don't understand why I must specify the lengths - the
filters should handle it. That's the job of a filter. Also, if I don't
specify the AAD_CHANNEL, put data into the default channel.
Finally, a more complex example (using both ADATA and PDATA). I expect
that if present, PDATA is encrypted and authenticated. Conversely, if
ADATA is present, it is authenticated. Here's how I would like to do
it:
string adata = "aaaaaaa....";
string pdata = "ppppppp....";
AuthenticatedEncryptionFilter ef(...)
ef.Put( pdata, pdata.length() /* Encrypted and Authenticated */ );
ef.Put( adata, adata.length(), AAD_CHANNEL )
ef.MessageEnd();
I have looked at TestAuthenticatedSymmetricCipher() from datatest.cpp.
In my mind's eye (keep in mind I am not a seasoned programmer) it is
too complex. The above is simply an attempt to clean up the complexity
so that it is more programmer friendly. If not friendly and easy to
use, some will make mistakes with it which results in loss of
security.
Jeff
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the "Crypto++ Users"
Google Group.
To unsubscribe, send an email to [email protected].
More information about Crypto++ and this group is available at
http://www.cryptopp.com.
-~----------~----~----~----~------~----~------~--~---
