|
|
Boost : |
From: Kasra \(Math & ComSci\) (kasra_n500_at_[hidden])
Date: 2008-06-19 17:38:57
Hi to all,
I have looked at the current state of the crypto namespace. The current code is not really modular so I propose the following new/modified features:
we have a defenition for "cipher" that is "some thing" that encrypts/decrypts message within a stream. This thing could perform this operation on any arbitary message length.
for block ciphers the use of mode of operation implements this stream encasulation of the underlying block_cipher.
stream ciphers easily allow for such encapsulations.
wipe algorithms that are used to wipe streams/buffers with specified patterns i.e. Gutmann wipe algorithm
secure allocator would use a default wipe algorithm i.e. all zero for wipe of buffers.
namespace boost { namespace crypto {
template < ... >
class block_cipher // abstract class for ALL block ciphers to inherit from
{
public:
virtual void setkey(...) = 0;
virtual void encrypt(...) = 0;
virtual void decrypt(...) = 0;
};
template < ... >
class padding // abstract class for ALL padding algos to inherit from
{
public:
virtual bool allways() = 0; // if the padding allways pads/unpads
virtual size_t padsize(size_t count) = 0;
virtual size_t unpadsize(size_t count) = 0;
virtual size_t pad(T*dest, const T*src, size_t count) = 0;
virtual size_t unpad(T*dest, const T*src, size_t count) = 0;
};
enum wipe_mode
{ random = 0x2, pattern = 0x4, unknown = ~(random | pattern) };
typedef struct wipe_method_t
{
const wipe_mode mode;
const void *pattern;
const size_t length;
};
template < ... >
class wipe_algorithm
{
private:
int counter;
std::vector < wipe_method_t > pass;
public:
wipe_method_t& next() { return pass[counter++]; } ;
wipe_method_t& previous() { return pass[--counter]; } ;
wipe_method_t& at(int pass) { return pass[pass]; } ;
};
template < ... , class wipe_algorithm>
class basic_wipe : public wipe_algorithm < ... >
{
};
template < ... , class wipe_algorithm > // we allready have it, modifications need to be minor
class secure_alocator { };
template < class cipher >
class basic_crypto_stream : public std::basic_ios <...>
{
/*
* This class allows for transparent encryption/decryption
* and clears buffer (or even wipes) buffers used during the process
*/
public:
.
.
.
};
typedef basic_crypto_stream< char, ... > crypto_stream;
template < ... >
class basic_hash
{
.
.
.
protected:
virtual void transform_create() = 0;
virtual void transform_add(const void* data, size_t data_bits)
{
// this class managed a bit-maped buffering using word oriented
// operations, thus it would comply with new standards while being
// efficient. the classes which inherit from this do not need to
// re-implement this function
};
virtual void transform_finalise() = 0;
public:
.
.
.
};
TODO:
implement :
Hash algorithms: SHA-2 family, Whirlpool, (future : SHA-3)
Stream ciphers : salsa20, and some of the ECRYPT finalysts
}} // crypto , boost namespaces
Optomisation:
the AES (Rijndael) uses a very slow code, the speed could be increases by up to a factor of 5 if pre-computed s-box tables are used, this would cause for an increase of ~4KB in the class size, however, i think the speed penalties are to high for the current implementation.
I think it is enought for now
open for comments, suggestions and anything else
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk