<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>The Low-Level Interface — Botan</title> <link rel="stylesheet" href="_static/agogo.css" type="text/css" /> <link rel="stylesheet" href="_static/pygments.css" type="text/css" /> <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: './', VERSION: '1.10.17', COLLAPSE_INDEX: false, FILE_SUFFIX: '.html', HAS_SOURCE: true }; </script> <script type="text/javascript" src="_static/jquery.js"></script> <script type="text/javascript" src="_static/underscore.js"></script> <script type="text/javascript" src="_static/doctools.js"></script> <link rel="top" title="Botan" href="index.html" /> <link rel="next" title="Secure Memory Containers" href="secmem.html" /> <link rel="prev" title="BigInt" href="bigint.html" /> </head> <body> <div class="header-wrapper"> <div class="header"> <h1>Botan</h1> </div> </div> <div class="content-wrapper"> <div class="content"> <div class="document"> <div class="documentwrapper"> <div class="bodywrapper"> <div class="body"> <div class="section" id="the-low-level-interface"> <h1>The Low-Level Interface<a class="headerlink" href="#the-low-level-interface" title="Permalink to this headline">¶</a></h1> <p>Botan has two different interfaces. The one documented in this section is meant more for implementing higher-level types (see the section on filters, earlier in this manual) than for use by applications. Using it safely requires a solid knowledge of encryption techniques and best practices, so unless you know, for example, what CBC mode and nonces are, and why PKCS #1 padding is important, you should avoid this interface in favor of something working at a higher level.</p> <div class="section" id="basic-algorithm-abilities"> <h2>Basic Algorithm Abilities<a class="headerlink" href="#basic-algorithm-abilities" title="Permalink to this headline">¶</a></h2> <p>There are a small handful of functions implemented by most of Botan’s algorithm objects. Among these are:</p> <dl class="function"> <dt id="Algorithm::name"> std::string <tt class="descclassname">Algorithm::</tt><tt class="descname">name</tt><big>(</big><big>)</big><a class="headerlink" href="#Algorithm::name" title="Permalink to this definition">¶</a></dt> <dd></dd></dl> <p>Returns a human-readable string of the name of this algorithm. Examples of names returned are “AES-128” and “HMAC(SHA-512)”. You can turn names back into algorithm objects using the functions in <tt class="docutils literal"><span class="pre">lookup.h</span></tt>.</p> <dl class="function"> <dt id="Algorithm::clear"> void <tt class="descclassname">Algorithm::</tt><tt class="descname">clear</tt><big>(</big><big>)</big><a class="headerlink" href="#Algorithm::clear" title="Permalink to this definition">¶</a></dt> <dd></dd></dl> <p>Clear out the algorithm’s internal state. A block cipher object will “forget” its key, a hash function will “forget” any data put into it, etc. The object will look and behave as it did when you initially allocated it.</p> <dl class="function"> <dt id="Algorithm::clone"> T* <tt class="descclassname">Algorithm::</tt><tt class="descname">clone</tt><big>(</big><big>)</big><a class="headerlink" href="#Algorithm::clone" title="Permalink to this definition">¶</a></dt> <dd></dd></dl> <p>This function is central to Botan’s name-based interface. The <tt class="docutils literal"><span class="pre">clone</span></tt> has many different return types, such as <tt class="docutils literal"><span class="pre">BlockCipher</span></tt>* and <tt class="docutils literal"><span class="pre">HashFunction</span></tt>*, depending on what kind of object it is called on. Note that unlike Java’s clone, this returns a new object in a “pristine” state; that is, operations done on the initial object before calling <tt class="docutils literal"><span class="pre">clone</span></tt> do not affect the initial state of the new clone.</p> <p>Cloned objects can (and should) be deallocated with the C++ <tt class="docutils literal"><span class="pre">delete</span></tt> operator.</p> </div> <div class="section" id="keys-and-ivs"> <h2>Keys and IVs<a class="headerlink" href="#keys-and-ivs" title="Permalink to this headline">¶</a></h2> <p>Both symmetric keys and initialization values can be considered byte (or octet) strings. These are represented by</p> <dl class="class"> <dt id="OctetString"> <em class="property">class </em><tt class="descname">OctetString</tt><a class="headerlink" href="#OctetString" title="Permalink to this definition">¶</a></dt> <dd><p>Also known as <tt class="docutils literal"><span class="pre">SymmetricKey</span></tt> and <tt class="docutils literal"><span class="pre">InitializationVector</span></tt>, when you want to express intent.</p> <dl class="function"> <dt id="OctetString::OctetString__RandomNumberGeneratorR.s"> <tt class="descname">OctetString</tt><big>(</big>RandomNumberGenerator& <em>rng</em>, size_t <em>length</em><big>)</big><a class="headerlink" href="#OctetString::OctetString__RandomNumberGeneratorR.s" title="Permalink to this definition">¶</a></dt> <dd><p>This constructor creates a new random key <em>length</em> bytes long using the random number generator.</p> </dd></dl> <dl class="function"> <dt id="OctetString::OctetString__ss"> <tt class="descname">OctetString</tt><big>(</big>std::string <em>str</em><big>)</big><a class="headerlink" href="#OctetString::OctetString__ss" title="Permalink to this definition">¶</a></dt> <dd><p>The argument <em>str</em> is assumed to be a hex string; it is converted to binary and stored. Whitespace is ignored.</p> </dd></dl> <dl class="function"> <dt id="OctetString::OctetString__byteCP.s"> <tt class="descname">OctetString</tt><big>(</big>const byte* <em>input</em>, size_t <em>length</em><big>)</big><a class="headerlink" href="#OctetString::OctetString__byteCP.s" title="Permalink to this definition">¶</a></dt> <dd><p>This constructor copies its input.</p> </dd></dl> <dl class="function"> <dt id="OctetString::as_stringC"> <tt class="descname">as_string</tt><big>(</big><big>)</big><tt class="descclassname"> const</tt><a class="headerlink" href="#OctetString::as_stringC" title="Permalink to this definition">¶</a></dt> <dd><p>Returns the hex representation of the key or IV</p> </dd></dl> </dd></dl> </div> <div class="section" id="symmetrically-keyed-algorithms"> <h2>Symmetrically Keyed Algorithms<a class="headerlink" href="#symmetrically-keyed-algorithms" title="Permalink to this headline">¶</a></h2> <p>Block ciphers, stream ciphers, and MACs are all keyed operations; to be useful, they have to be set to use a particular key, which is a randomly chosen string of bits of a specified length. The length required by any particular algorithm may vary, depending on both the algorithm specification and the implementation. You can query any botan object to find out what key length(s) it supports.</p> <p>To make this similarity in terms of keying explicit, all algorithms of those types are derived from the :cpp:class`SymmetricAlgorithm` base. This type provides functions for setting the key, and querying restrictions on the size of the key.</p> <dl class="class"> <dt id="SymmetricAlgorithm"> <em class="property">class </em><tt class="descname">SymmetricAlgorithm</tt><a class="headerlink" href="#SymmetricAlgorithm" title="Permalink to this definition">¶</a></dt> <dd><dl class="function"> <dt id="SymmetricAlgorithm::set_key__byteCP.s"> void <tt class="descname">set_key</tt><big>(</big>const byte* <em>key</em>, size_t <em>length</em><big>)</big><a class="headerlink" href="#SymmetricAlgorithm::set_key__byteCP.s" title="Permalink to this definition">¶</a></dt> <dd></dd></dl> <dl class="function"> <dt id="SymmetricAlgorithm::set_key__SymmetricKeyCR"> void <tt class="descname">set_key</tt><big>(</big>const SymmetricKey& <em>key</em><big>)</big><a class="headerlink" href="#SymmetricAlgorithm::set_key__SymmetricKeyCR" title="Permalink to this definition">¶</a></dt> <dd><p>This sets the key to the value specified. Most algorithms only accept keys of certain lengths. If you attempt to call <tt class="docutils literal"><span class="pre">set_key</span></tt> with a key length that is not supported, the exception <tt class="docutils literal"><span class="pre">Invalid_Key_Length</span></tt> will be thrown.</p> <p>In all cases, <tt class="docutils literal"><span class="pre">set_key</span></tt> must be called on an object before any data processing (encryption, decryption, etc) is done by that object. If this is not done, the results are undefined.</p> </dd></dl> <dl class="function"> <dt id="SymmetricAlgorithm::valid_keylength__sC"> bool <tt class="descname">valid_keylength</tt><big>(</big>size_t <em>length</em><big>)</big><tt class="descclassname"> const</tt><a class="headerlink" href="#SymmetricAlgorithm::valid_keylength__sC" title="Permalink to this definition">¶</a></dt> <dd><p>This function returns true if and only if <em>length</em> is a valid keylength for the algorithm.</p> </dd></dl> <dl class="function"> <dt id="SymmetricAlgorithm::minimum_keylengthC"> size_t <tt class="descname">minimum_keylength</tt><big>(</big><big>)</big><tt class="descclassname"> const</tt><a class="headerlink" href="#SymmetricAlgorithm::minimum_keylengthC" title="Permalink to this definition">¶</a></dt> <dd><p>Return the smallest key length (in bytes) that is acceptible for the algorithm.</p> </dd></dl> <dl class="function"> <dt id="SymmetricAlgorithm::maximum_keylengthC"> size_t <tt class="descname">maximum_keylength</tt><big>(</big><big>)</big><tt class="descclassname"> const</tt><a class="headerlink" href="#SymmetricAlgorithm::maximum_keylengthC" title="Permalink to this definition">¶</a></dt> <dd><p>Return the largest key length (in bytes) that is acceptible for the algorithm</p> </dd></dl> </dd></dl> </div> <div class="section" id="block-ciphers"> <h2>Block Ciphers<a class="headerlink" href="#block-ciphers" title="Permalink to this headline">¶</a></h2> <p>All block ciphers classes in botan are subclasses of</p> <dl class="class"> <dt id="BlockCipher"> <em class="property">class </em><tt class="descname">BlockCipher</tt><a class="headerlink" href="#BlockCipher" title="Permalink to this definition">¶</a></dt> <dd><p>Which subclasses the <a class="reference internal" href="#SymmetricAlgorithm" title="SymmetricAlgorithm"><tt class="xref cpp cpp-class docutils literal"><span class="pre">SymmetricAlgorithm</span></tt></a> interface.</p> <dl class="function"> <dt id="BlockCipher::block_sizeC"> size_t <tt class="descname">block_size</tt><big>(</big><big>)</big><tt class="descclassname"> const</tt><a class="headerlink" href="#BlockCipher::block_sizeC" title="Permalink to this definition">¶</a></dt> <dd><p>Returns the block size of the cipher in bytes</p> </dd></dl> <dl class="function"> <dt id="BlockCipher::encrypt_n__byteCP.byteP.sC"> void <tt class="descname">encrypt_n</tt><big>(</big>const byte* <em>in</em>, byte* <em>out</em>, size_t <em>n</em><big>)</big><tt class="descclassname"> const</tt><a class="headerlink" href="#BlockCipher::encrypt_n__byteCP.byteP.sC" title="Permalink to this definition">¶</a></dt> <dd><p>Encrypt <em>n</em> blocks of data, taking the input from the array <em>in</em> and placing the ciphertext into <em>out</em>. The two pointers may be identical, but should not overlap ranges.</p> </dd></dl> <dl class="function"> <dt id="BlockCipher::encrypt__byteCP.bytePC"> void <tt class="descname">encrypt</tt><big>(</big>const byte* <em>in</em>, byte* <em>out</em><big>)</big><tt class="descclassname"> const</tt><a class="headerlink" href="#BlockCipher::encrypt__byteCP.bytePC" title="Permalink to this definition">¶</a></dt> <dd><p>Encrypt a single block, taking the input from <em>in</em> and placing it in <em>out</em>. Acts like <a class="reference internal" href="#BlockCipher::encrypt_n__byteCP.byteP.sC" title="BlockCipher::encrypt_n"><tt class="xref cpp cpp-func docutils literal"><span class="pre">encrypt_n</span></tt></a>(in, out, 1).</p> </dd></dl> <dl class="function"> <dt id="BlockCipher::encrypt__bytePC"> void <tt class="descname">encrypt</tt><big>(</big>byte* <em>block</em><big>)</big><tt class="descclassname"> const</tt><a class="headerlink" href="#BlockCipher::encrypt__bytePC" title="Permalink to this definition">¶</a></dt> <dd><p>Identical to <a class="reference internal" href="#BlockCipher::encrypt__byteCP.bytePC" title="BlockCipher::encrypt"><tt class="xref cpp cpp-func docutils literal"><span class="pre">encrypt</span></tt></a>(block, block)</p> </dd></dl> <dl class="function"> <dt id="BlockCipher::decrypt_n__byteCP.byte.sC"> void <tt class="descname">decrypt_n</tt><big>(</big>const byte* <em>in</em>, byte <em>out</em>, size_t <em>n</em><big>)</big><tt class="descclassname"> const</tt><a class="headerlink" href="#BlockCipher::decrypt_n__byteCP.byte.sC" title="Permalink to this definition">¶</a></dt> <dd><p>Decrypt <em>n</em> blocks of data, taking the input from <em>in</em> and placing the plaintext in <em>out</em>. The two pointers may be identical, but should not overlap ranges.</p> </dd></dl> <dl class="function"> <dt id="BlockCipher::decrypt__byteCP.bytePC"> void <tt class="descname">decrypt</tt><big>(</big>const byte* <em>in</em>, byte* <em>out</em><big>)</big><tt class="descclassname"> const</tt><a class="headerlink" href="#BlockCipher::decrypt__byteCP.bytePC" title="Permalink to this definition">¶</a></dt> <dd><p>Decrypt a single block, taking the input from <em>in</em> and placing it in <em>out</em>. Acts like <a class="reference internal" href="#BlockCipher::decrypt_n__byteCP.byte.sC" title="BlockCipher::decrypt_n"><tt class="xref cpp cpp-func docutils literal"><span class="pre">decrypt_n</span></tt></a>(in, out, 1).</p> </dd></dl> <dl class="function"> <dt id="BlockCipher::decrypt__bytePC"> void <tt class="descname">decrypt</tt><big>(</big>byte* <em>block</em><big>)</big><tt class="descclassname"> const</tt><a class="headerlink" href="#BlockCipher::decrypt__bytePC" title="Permalink to this definition">¶</a></dt> <dd><p>Identical to <a class="reference internal" href="#BlockCipher::decrypt__byteCP.bytePC" title="BlockCipher::decrypt"><tt class="xref cpp cpp-func docutils literal"><span class="pre">decrypt</span></tt></a>(block, block)</p> </dd></dl> </dd></dl> </div> <div class="section" id="stream-ciphers"> <h2>Stream Ciphers<a class="headerlink" href="#stream-ciphers" title="Permalink to this headline">¶</a></h2> <p>Stream ciphers are somewhat different from block ciphers, in that encrypting data results in changing the internal state of the cipher. Also, you may encrypt any length of data in one go (in byte amounts).</p> <dl class="function"> <dt id="StreamCipher::encrypt__byteCP.byteP.s"> void <tt class="descclassname">StreamCipher::</tt><tt class="descname">encrypt</tt><big>(</big>const byte* <em>in</em>, byte* <em>out</em>, size_t <em>length</em><big>)</big><a class="headerlink" href="#StreamCipher::encrypt__byteCP.byteP.s" title="Permalink to this definition">¶</a></dt> <dd></dd></dl> <dl class="function"> <dt id="StreamCipher::encrypt__byteP.s"> void <tt class="descclassname">StreamCipher::</tt><tt class="descname">encrypt</tt><big>(</big>byte* <em>data</em>, size_t <em>length</em><big>)</big><a class="headerlink" href="#StreamCipher::encrypt__byteP.s" title="Permalink to this definition">¶</a></dt> <dd></dd></dl> <p>Stream ciphers implement the <tt class="docutils literal"><span class="pre">SymmetricAlgorithm</span></tt> interface.</p> </div> <div class="section" id="hash-functions-message-authentication-codes"> <h2>Hash Functions / Message Authentication Codes<a class="headerlink" href="#hash-functions-message-authentication-codes" title="Permalink to this headline">¶</a></h2> <p>Hash functions take their input without producing any output, only producing anything when all input has already taken place. MACs are very similar, but are additionally keyed. Both of these are derived from the base class <tt class="docutils literal"><span class="pre">BufferedComputation</span></tt>, which has the following functions.</p> <dl class="function"> <dt id="BufferedComputation::output_length"> size_t <tt class="descclassname">BufferedComputation::</tt><tt class="descname">output_length</tt><big>(</big><big>)</big><a class="headerlink" href="#BufferedComputation::output_length" title="Permalink to this definition">¶</a></dt> <dd></dd></dl> <p>Return the size of the output of this function.</p> <dl class="function"> <dt id="BufferedComputation::update__byteCP.s"> void <tt class="descclassname">BufferedComputation::</tt><tt class="descname">update</tt><big>(</big>const byte* <em>input</em>, size_t <em>length</em><big>)</big><a class="headerlink" href="#BufferedComputation::update__byteCP.s" title="Permalink to this definition">¶</a></dt> <dd></dd></dl> <dl class="function"> <dt id="BufferedComputation::update__byte"> void <tt class="descclassname">BufferedComputation::</tt><tt class="descname">update</tt><big>(</big>byte <em>input</em><big>)</big><a class="headerlink" href="#BufferedComputation::update__byte" title="Permalink to this definition">¶</a></dt> <dd></dd></dl> <dl class="function"> <dt id="BufferedComputation::update__ssCR"> void <tt class="descclassname">BufferedComputation::</tt><tt class="descname">update</tt><big>(</big>const std::string& <em>input</em><big>)</big><a class="headerlink" href="#BufferedComputation::update__ssCR" title="Permalink to this definition">¶</a></dt> <dd></dd></dl> <p>Updates the hash/mac calculation with <em>input</em>.</p> <dl class="function"> <dt id="BufferedComputation::final__byteP"> void <tt class="descclassname">BufferedComputation::</tt><tt class="descname">final</tt><big>(</big>byte* <em>out</em><big>)</big><a class="headerlink" href="#BufferedComputation::final__byteP" title="Permalink to this definition">¶</a></dt> <dd></dd></dl> <dl class="function"> <dt id="BufferedComputation::final"> SecureVector<byte> <tt class="descclassname">BufferedComputation::</tt><tt class="descname">final</tt><big>(</big><big>)</big><a class="headerlink" href="#BufferedComputation::final" title="Permalink to this definition">¶</a></dt> <dd></dd></dl> <p>Complete the hash/MAC calculation and place the result into <tt class="docutils literal"><span class="pre">out</span></tt>. For the argument taking an array, exactly <tt class="docutils literal"><span class="pre">output_length</span></tt> bytes will be written. After you call <tt class="docutils literal"><span class="pre">final</span></tt>, the hash function is reset to its initial state, so it may be reused immediately.</p> <p>The second method of using final is to call it with no arguments at all, as shown in the second prototype. It will return the hash/mac value in a memory buffer.</p> <p>There is also a pair of functions called <tt class="docutils literal"><span class="pre">process</span></tt>. They are a combination of a single <tt class="docutils literal"><span class="pre">update</span></tt>, and <tt class="docutils literal"><span class="pre">final</span></tt>. Both versions return the final value, rather than placing it an array. Calling <tt class="docutils literal"><span class="pre">process</span></tt> with a single byte value isn’t available, mostly because it would rarely be useful.</p> <p>A MAC can be viewed (in most cases) as a keyed hash function, so classes that are derived from <tt class="docutils literal"><span class="pre">MessageAuthenticationCode</span></tt> have <tt class="docutils literal"><span class="pre">update</span></tt> and <tt class="docutils literal"><span class="pre">final</span></tt> classes just like a <tt class="docutils literal"><span class="pre">HashFunction</span></tt> (and like a <tt class="docutils literal"><span class="pre">HashFunction</span></tt>, after <tt class="docutils literal"><span class="pre">final</span></tt> is called, it can be used to make a new MAC right away; the key is kept around).</p> <p>A MAC has the <tt class="docutils literal"><span class="pre">SymmetricAlgorithm</span></tt> interface in addition to the <tt class="docutils literal"><span class="pre">BufferedComputation</span></tt> interface.</p> <div class="section" id="checksums"> <h3>Checksums<a class="headerlink" href="#checksums" title="Permalink to this headline">¶</a></h3> <p>Checksums are very similar to hash functions, and in fact share the same interface. But there are some significant differences, the major ones being that the output size is very small (usually in the range of 2 to 4 bytes), and is not cryptographically secure. But for their intended purpose (error checking), they perform very well. Some examples of checksums included in Botan are the Adler32 and CRC32 checksums.</p> </div> </div> </div> </div> </div> </div> </div> <div class="sidebar"> <h3>Table Of Contents</h3> <ul class="current"> <li class="toctree-l1"><a class="reference internal" href="index.html">Welcome</a></li> <li class="toctree-l1"><a class="reference internal" href="reading.html">Recommended Reading</a></li> <li class="toctree-l1"><a class="reference internal" href="building.html">Building The Library</a></li> <li class="toctree-l1"><a class="reference internal" href="firststep.html">Getting Started</a></li> <li class="toctree-l1"><a class="reference internal" href="filters.html">Information Flow: Pipes and Filters</a></li> <li class="toctree-l1"><a class="reference internal" href="pubkey.html">Public Key Cryptography</a></li> <li class="toctree-l1"><a class="reference internal" href="x509.html">Certificate Handling</a></li> <li class="toctree-l1"><a class="reference internal" href="ssl.html">SSL and TLS</a></li> <li class="toctree-l1"><a class="reference internal" href="bigint.html">BigInt</a></li> <li class="toctree-l1 current"><a class="current reference internal" href="">The Low-Level Interface</a><ul> <li class="toctree-l2"><a class="reference internal" href="#basic-algorithm-abilities">Basic Algorithm Abilities</a></li> <li class="toctree-l2"><a class="reference internal" href="#keys-and-ivs">Keys and IVs</a></li> <li class="toctree-l2"><a class="reference internal" href="#symmetrically-keyed-algorithms">Symmetrically Keyed Algorithms</a></li> <li class="toctree-l2"><a class="reference internal" href="#block-ciphers">Block Ciphers</a></li> <li class="toctree-l2"><a class="reference internal" href="#stream-ciphers">Stream Ciphers</a></li> <li class="toctree-l2"><a class="reference internal" href="#hash-functions-message-authentication-codes">Hash Functions / Message Authentication Codes</a></li> </ul> </li> <li class="toctree-l1"><a class="reference internal" href="secmem.html">Secure Memory Containers</a></li> <li class="toctree-l1"><a class="reference internal" href="kdf.html">Key Derivation Functions</a></li> <li class="toctree-l1"><a class="reference internal" href="pbkdf.html">PBKDF Algorithms</a></li> <li class="toctree-l1"><a class="reference internal" href="passhash.html">Password Hashing</a></li> <li class="toctree-l1"><a class="reference internal" href="rng.html">Random Number Generators</a></li> <li class="toctree-l1"><a class="reference internal" href="fpe.html">Format Preserving Encryption</a></li> <li class="toctree-l1"><a class="reference internal" href="python.html">Python Binding</a></li> </ul> <h3 style="margin-top: 1.5em;">Search</h3> <form class="search" action="search.html" method="get"> <input type="text" name="q" /> <input type="submit" value="Go" /> <input type="hidden" name="check_keywords" value="yes" /> <input type="hidden" name="area" value="default" /> </form> <p class="searchtip" style="font-size: 90%"> Enter search terms or a module, class or function name. </p> </div> <div class="clearer"></div> </div> </div> <div class="footer-wrapper"> <div class="footer"> <div class="left"> <a href="bigint.html" title="BigInt" accesskey="P">previous</a> | <a href="secmem.html" title="Secure Memory Containers" accesskey="N">next</a> | <a href="genindex.html" title="General Index" accesskey="I">index</a> <br/> <a href="_sources/lowlevel.txt" rel="nofollow">Show Source</a> </div> <div class="right"> <div class="footer"> © Copyright 2000-2011, Jack Lloyd. Created using <a href="http://sphinx-doc.org/">Sphinx</a> 1.2.3. </div> </div> <div class="clearer"></div> </div> </div> </body> </html>