Hi Wei,
I think I have my sea legs for encryption. Below is what I am using.
The three philosophical objections I have are:
* call SpecifyDataLength
* call the function on the encryption object
* call the function before pushing any data
For the first, I feel it should be the Filter's responsibility to
appease the encryption object when I call MessageEnd(). So the filter
should call SpecifyDataLength() before flushing its buffers after I
call MessageEnd().
Second, in light of the first. Since I am dealing with a Filter (which
has an encryption object attached), I should call SpecifyDataLength()
on the filter and not the encryption object. How the filter deals with
it (perhaps by exposing its own SpecifyDataLengths and calling
AuthenticatedSymmetricCipher::SpecifyDataLengths directly) is up to
the object.
For the third: due to the formatting function of CCM, the default
channel can not do anything with the [encrypted] data until I call
MessageEnd(). I believe this is because the authenticated data must be
know a priori. So forcing a call to SpecifyDataLength() before any
data is pushed to either of the channels seems tenuous to me. It
simply feels awkward.
In the end, let the encryptor and authenticator buffer the respective
data until MessageEnd(). Then let MessageEnd() call
SpecifyDataLength(). I understand that either 1) I must buffer, or 2)
the filters must buffer. But in the end, it is a filter's job to
buffer as required. In my humble (and uneducated) opinion, the
"e.SpecifyDataLengths( ... );" looks like a fish out of water.
Jeff
CCM< AES, 96 >::Encryption e;
e.SetKeyWithIV( key, sizeof(key), iv );
AuthenticatedEncryptionFilter ef( e,
new StringSink( cipher )
); // AuthenticatedEncryptionFilter
e.SpecifyDataLengths( adata.length(), pdata.length(), 0 );
// AuthenticatedEncryptionFilter::ChannelPut
// defines two channels: "" (empty) and "AAD"
// channel "" is encrypted and authenticated
// channel "AAD" is authenticated
ef.ChannelPut( "AAD", (const byte*)adata.c_str(), adata.length() );
// ef.ChannelMessageEnd("AAD");
ef.ChannelPut( "", (const byte*)pdata.c_str(), pdata.length() );
// ef.ChannelMessageEnd("");
ef.MessageEnd();
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the "Crypto++ Users"
Google Group.
To unsubscribe, send an email to [email protected].
More information about Crypto++ and this group is available at
http://www.cryptopp.com.
-~----------~----~----~----~------~----~------~--~---
