Class desfire::crypto

• Defined in File crypto.hpp

Inheritance Relationships

Derived Types

• public desfire::crypto_2k3des_base (Class desfire::crypto_2k3des_base)

• public desfire::crypto_des_base (Class desfire::crypto_des_base)

• public desfire::crypto_with_cmac (Class desfire::crypto_with_cmac)

Class Documentation

class crypto

Class that abstracts the primitive cryptographic implementation of a given cipher_type.

Different platforms may provide different implementation depending on what hardware and library features they might offer. Note that this is distinct from protocol. While protocol provides the mechanisms for managing messages in a protected session, crypto only provides the cryptographic implementation for encryption, decryption, MACing, and CMACing for the subclass crypto_with_cmac.

See also

• crypto_with_cmac

• cipher

• protocol_legacy

• protocol_default

Note

We recommend to inherit from one of crypto_des_base, crypto_2k3des_base, crypto_3k3des_base, crypto_aes_base, since these classes already do much of the heavy lifting required for these ciphers, and subclasses must provide only the cryptographic primitives.

Subclassed by desfire::crypto_2k3des_base, desfire::crypto_des_base, desfire::crypto_with_cmac

Public Functions

virtual desfire::cipher_type cipher_type() const = 0

Cipher used by this cryptographic implementation.

virtual void setup_with_key(range<std::uint8_t const*> key) = 0

Sets the key to be used from now onwards in this cryptographic implementation.

This method should do all the setup needed for further operations, i.e. setting the key in the internal cryptographic primitives, resetting or setting initialization vectors, deriving CMAC keys where needed. This method should be called by init_session as soon as it has derived the key from the random data.

Parameters:

key – Range of bytes containing the key to use for the following operations. This is specified as a range on raw bytes for convenience, as the underlying cryptographic functions are likely low level.

virtual void init_session(range<std::uint8_t const*> random_data) = 0

Begins a new session by deriving the session key from random_data and calling setup_with_key.

This method should do the appropriate operations to derive a session key from the data random_data which was obtained as a consequence of the key exchange protocol between the two parties. These usually consist in byte shift and rearrangement.

Note

Implementations of this method must then call manually setup_with_key in order to complete the session initialization process.

Parameters:

random_data – Range of bytes containing the random data exchanged by the two parties. This has to be used to derive the session key. This is specified as a range on raw bytes for convenience, as the underlying cryptographic functions are likely low level.

virtual void do_crypto(range<std::uint8_t*> data, range<std::uint8_t*> iv, crypto_operation op) = 0

Performs a supported cryptographic operation on the given data and initialization vector.

Parameters:

• data – Input data (plaintext for crypto_operation::encrypt and crypto_operation::mac, and ciphertext for crypto_operation::decrypt). This data is modified and upon exit will contain the resulting ciphertext or plaintext, respectively, therefore this must be already padded and resized to the next multiple of the block size according to cipher_type.

• iv – Initialization vector to use during the cryptographic operation. This must the the right size depending on the block size of this implementation’s cipher_type, and will be overwritten by the cryptographic algorithm (i.e. upon exit it is transformed).

• op – Cryptographic operation to perform.

virtual ~crypto() = default