Boost logo

Boost :

From: Kasra \(Math & ComSci\) (kasra_n500_at_[hidden])
Date: 2008-06-19 17:38:57


Hi to all,

I have looked at the current state of the crypto namespace. The current code is not really modular so I propose the following new/modified features:

we have a defenition for "cipher" that is "some thing" that encrypts/decrypts message within a stream. This thing could perform this operation on any arbitary message length.

for block ciphers the use of mode of operation implements this stream encasulation of the underlying block_cipher.

stream ciphers easily allow for such encapsulations.

wipe algorithms that are used to wipe streams/buffers with specified patterns i.e. Gutmann wipe algorithm

secure allocator would use a default wipe algorithm i.e. all zero for wipe of buffers.

namespace boost { namespace crypto {

template < ... >
class block_cipher // abstract class for ALL block ciphers to inherit from
{
public:
virtual void setkey(...) = 0;
virtual void encrypt(...) = 0;
virtual void decrypt(...) = 0;
};

template < ... >
class padding // abstract class for ALL padding algos to inherit from
{
public:
virtual bool allways() = 0; // if the padding allways pads/unpads
virtual size_t padsize(size_t count) = 0;
virtual size_t unpadsize(size_t count) = 0;
virtual size_t pad(T*dest, const T*src, size_t count) = 0;
virtual size_t unpad(T*dest, const T*src, size_t count) = 0;
};

enum wipe_mode
{ random = 0x2, pattern = 0x4, unknown = ~(random | pattern) };

typedef struct wipe_method_t
{
const wipe_mode mode;
const void *pattern;
const size_t length;
};

template < ... >
class wipe_algorithm
{
private:
int counter;

std::vector < wipe_method_t > pass;

public:
wipe_method_t& next() { return pass[counter++]; } ;
wipe_method_t& previous() { return pass[--counter]; } ;
wipe_method_t& at(int pass) { return pass[pass]; } ;
};

template < ... , class wipe_algorithm>
class basic_wipe : public wipe_algorithm < ... >
{
};

template < ... , class wipe_algorithm > // we allready have it, modifications need to be minor
class secure_alocator { };

template < class cipher >
class basic_crypto_stream : public std::basic_ios <...>
{
/*
 * This class allows for transparent encryption/decryption
 * and clears buffer (or even wipes) buffers used during the process
 */
public:
.
.
.
};

typedef basic_crypto_stream< char, ... > crypto_stream;

template < ... >
class basic_hash
{
.
.
.
protected:
virtual void transform_create() = 0;
virtual void transform_add(const void* data, size_t data_bits)
{
// this class managed a bit-maped buffering using word oriented
// operations, thus it would comply with new standards while being
// efficient. the classes which inherit from this do not need to
// re-implement this function
};
virtual void transform_finalise() = 0;

public:
.
.
.
};

TODO:

implement :
          Hash algorithms: SHA-2 family, Whirlpool, (future : SHA-3)
          Stream ciphers : salsa20, and some of the ECRYPT finalysts

}} // crypto , boost namespaces

Optomisation:

the AES (Rijndael) uses a very slow code, the speed could be increases by up to a factor of 5 if pre-computed s-box tables are used, this would cause for an increase of ~4KB in the class size, however, i think the speed penalties are to high for the current implementation.

I think it is enought for now

open for comments, suggestions and anything else

      


Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk