Revisions to AES Implementation in C++ - Code Review Stack Exchange

added 42 characters in body

Source Link

edited Nov 9, 2017 at 19:29

803
5
10

Since there are only three valid key sizes for AES, it makes sense to not even let the AES class be instantiated with any uint16 value. I would introduce an enum similar to this:

enum class AesKeyLen
{
    Aes128,
    Aes192,
    Aes256
};

And then change the uint16 constructor to this:

explicit AES (AesKeyLen keyLen);

Sure, they could still pass bad values, but they have to try harder by explicitly creating an invalid enum value. Also, and because it'smaking it a scoped enum, integers aren't implicitly cast to the AesKeyLen provides extra type-safety and prevents naming clashes.

Either way, I think it makes sense to throw out of the constructor immediately if the key length is wrong instead of waiting until the encrypt function.

If you want to enforce a valid value at compile-time, you can use a static_assert, or you can use a smart-enum pattern. This is an example hacked together real quick:

class AesKeyLen
{    
private:
    uint16 _length;

    AesKeyLen(uint16 len)
    {
        _length = len;
    }

public:
    uint16 length()
    {
        return _length;
    }

    static AesKeyLen Aes128()
    {
        return AesKeyLen(128);
    }

    static AesKeyLen Aes192()
    {
        return AesKeyLen(192);
    }

    static AesKeyLen Aes256()
    {
        return AesKeyLen(256);
    }
};

And then replace the uint16 constructor again:

explicit AES (AesKeyLen keyLen);

Since there are only three valid key sizes for AES, it makes sense to not even let the AES class be instantiated with any uint16 value. I would introduce an enum similar to this:

enum class AesKeyLen
{
    Aes128,
    Aes192,
    Aes256
};

And then change the uint16 constructor to this:

explicit AES (AesKeyLen keyLen);

Sure, they could still pass bad values, but they have to try harder, and because it's a scoped enum, integers aren't implicitly cast to the AesKeyLen type.

Either way, I think it makes sense to throw out of the constructor immediately if the key length is wrong instead of waiting until the encrypt function.

If you want to enforce a valid value at compile-time, you can use a static_assert, or you can use a smart-enum pattern. This is an example hacked together real quick:

class AesKeyLen
{    
private:
    uint16 _length;

    AesKeyLen(uint16 len)
    {
        _length = len;
    }

public:
    uint16 length()
    {
        return _length;
    }

    static AesKeyLen Aes128()
    {
        return AesKeyLen(128);
    }

    static AesKeyLen Aes192()
    {
        return AesKeyLen(192);
    }

    static AesKeyLen Aes256()
    {
        return AesKeyLen(256);
    }
};

And then replace the uint16 constructor again:

explicit AES (AesKeyLen keyLen);

Since there are only three valid key sizes for AES, it makes sense to not even let the AES class be instantiated with any uint16 value. I would introduce an enum similar to this:

enum class AesKeyLen
{
    Aes128,
    Aes192,
    Aes256
};

And then change the uint16 constructor to this:

explicit AES (AesKeyLen keyLen);

Sure, they could still pass bad values, but they have to try harder by explicitly creating an invalid enum value. Also, making it a scoped enum provides extra type-safety and prevents naming clashes.

Either way, I think it makes sense to throw out of the constructor immediately if the key length is wrong instead of waiting until the encrypt function.

If you want to enforce a valid value at compile-time, you can use a static_assert, or you can use a smart-enum pattern. This is an example hacked together real quick:

class AesKeyLen
{    
private:
    uint16 _length;

    AesKeyLen(uint16 len)
    {
        _length = len;
    }

public:
    uint16 length()
    {
        return _length;
    }

    static AesKeyLen Aes128()
    {
        return AesKeyLen(128);
    }

    static AesKeyLen Aes192()
    {
        return AesKeyLen(192);
    }

    static AesKeyLen Aes256()
    {
        return AesKeyLen(256);
    }
};

And then replace the uint16 constructor again:

explicit AES (AesKeyLen keyLen);

deleted 640 characters in body

Source Link

edited Nov 9, 2017 at 6:41

Millie Smith

803
5
10

Since there are only three valid key sizes for AES, it makes sense to not even let the AES class be instantiated with any uint16 value. I would introduce an enum similar to this:

enum class AesKeyLen
{
    Aes128,
    Aes192,
    Aes256
};

And then change the uint16 constructor to this:

explicit AES (AesKeyLen keyLen);

Sure, they could still pass bad values, but they have to try harder, and because it's a scoped enum, integers aren't implicitly cast to the AesKeyLen type.

Either way, I think it makes sense to throw out of the constructor immediately if the key length is wrong instead of waiting until the encrypt function.

If you want to enforce a valid value at compile-time, you can use a static_assert, or you can use a smart-enum pattern. This is an example hacked together real quick:

class AesKeyLen
{    
private:
    enum class AesKeyLenEnum
    {
        Aes128,
        Aes192,
        Aes256
    };

    uint16 _length;

    AesKeyLen(AesKeyLenEnum keyLen)
    {
        if (keyLen == AesKeyLenEnum::Aes128)
        {
            _length = 128;
        }
        else if (keyLen == AesKeyLenEnum::Aes192)
        {
            _length = 192;
        }
        else if (keyLen ==uint16 AesKeyLenEnum::Aes256len)
        {
            _length = 256;
        }
        else
        {
            throw std::runtime_error("Invalid Aes key length");
        }len;
    }
    
public:
    uint16 length()
    {
        return _length;
    }
    
    static AesKeyLen Aes128()
    {
        return AesKeyLen(AesKeyLenEnum::Aes128128);
    }
    
    static AesKeyLen Aes192()
    {
        return AesKeyLen(AesKeyLenEnum::Aes192192);
    }
    
    static AesKeyLen Aes256()
    {
        return AesKeyLen(AesKeyLenEnum::Aes256256);
    }
};

And then replace the uint16 constructor again:

explicit AES (AesKeyLen keyLen);

Since there are only three valid key sizes for AES, it makes sense to not even let the AES class be instantiated with any uint16 value. I would introduce an enum similar to this:

enum class AesKeyLen
{
    Aes128,
    Aes192,
    Aes256
};

And then change the uint16 constructor to this:

explicit AES (AesKeyLen keyLen);

Sure, they could still pass bad values, but they have to try harder, and because it's a scoped enum, integers aren't implicitly cast to the AesKeyLen type.

Either way, I think it makes sense to throw out of the constructor immediately if the key length is wrong instead of waiting until the encrypt function.

If you want to enforce a valid value at compile-time, you can use a static_assert, or you can use a smart-enum pattern. This is an example hacked together real quick:

class AesKeyLen
{    
private:
    enum class AesKeyLenEnum
    {
        Aes128,
        Aes192,
        Aes256
    };

    uint16 _length;

    AesKeyLen(AesKeyLenEnum keyLen)
    {
        if (keyLen == AesKeyLenEnum::Aes128)
        {
            _length = 128;
        }
        else if (keyLen == AesKeyLenEnum::Aes192)
        {
            _length = 192;
        }
        else if (keyLen == AesKeyLenEnum::Aes256)
        {
            _length = 256;
        }
        else
        {
            throw std::runtime_error("Invalid Aes key length");
        }
    }
    
public:
    uint16 length()
    {
        return _length;
    }
    
    static AesKeyLen Aes128()
    {
        return AesKeyLen(AesKeyLenEnum::Aes128);
    }
    
    static AesKeyLen Aes192()
    {
        return AesKeyLen(AesKeyLenEnum::Aes192);
    }
    
    static AesKeyLen Aes256()
    {
        return AesKeyLen(AesKeyLenEnum::Aes256);
    }
};

And then replace the uint16 constructor again:

explicit AES (AesKeyLen keyLen);

Since there are only three valid key sizes for AES, it makes sense to not even let the AES class be instantiated with any uint16 value. I would introduce an enum similar to this:

enum class AesKeyLen
{
    Aes128,
    Aes192,
    Aes256
};

And then change the uint16 constructor to this:

explicit AES (AesKeyLen keyLen);

Sure, they could still pass bad values, but they have to try harder, and because it's a scoped enum, integers aren't implicitly cast to the AesKeyLen type.

Either way, I think it makes sense to throw out of the constructor immediately if the key length is wrong instead of waiting until the encrypt function.

If you want to enforce a valid value at compile-time, you can use a static_assert, or you can use a smart-enum pattern. This is an example hacked together real quick:

class AesKeyLen
{    
private:
    uint16 _length;

    AesKeyLen(uint16 len)
    {
        _length = len;
    }

public:
    uint16 length()
    {
        return _length;
    }

    static AesKeyLen Aes128()
    {
        return AesKeyLen(128);
    }

    static AesKeyLen Aes192()
    {
        return AesKeyLen(192);
    }

    static AesKeyLen Aes256()
    {
        return AesKeyLen(256);
    }
};

And then replace the uint16 constructor again:

explicit AES (AesKeyLen keyLen);

Source Link

answered Nov 9, 2017 at 0:39

Millie Smith

803
5
10

Since there are only three valid key sizes for AES, it makes sense to not even let the AES class be instantiated with any uint16 value. I would introduce an enum similar to this:

enum class AesKeyLen
{
    Aes128,
    Aes192,
    Aes256
};

And then change the uint16 constructor to this:

explicit AES (AesKeyLen keyLen);

Sure, they could still pass bad values, but they have to try harder, and because it's a scoped enum, integers aren't implicitly cast to the AesKeyLen type.

Either way, I think it makes sense to throw out of the constructor immediately if the key length is wrong instead of waiting until the encrypt function.

If you want to enforce a valid value at compile-time, you can use a static_assert, or you can use a smart-enum pattern. This is an example hacked together real quick:

class AesKeyLen
{    
private:
    enum class AesKeyLenEnum
    {
        Aes128,
        Aes192,
        Aes256
    };

    uint16 _length;

    AesKeyLen(AesKeyLenEnum keyLen)
    {
        if (keyLen == AesKeyLenEnum::Aes128)
        {
            _length = 128;
        }
        else if (keyLen == AesKeyLenEnum::Aes192)
        {
            _length = 192;
        }
        else if (keyLen == AesKeyLenEnum::Aes256)
        {
            _length = 256;
        }
        else
        {
            throw std::runtime_error("Invalid Aes key length");
        }
    }
    
public:
    uint16 length()
    {
        return _length;
    }
    
    static AesKeyLen Aes128()
    {
        return AesKeyLen(AesKeyLenEnum::Aes128);
    }
    
    static AesKeyLen Aes192()
    {
        return AesKeyLen(AesKeyLenEnum::Aes192);
    }
    
    static AesKeyLen Aes256()
    {
        return AesKeyLen(AesKeyLenEnum::Aes256);
    }
};

And then replace the uint16 constructor again:

explicit AES (AesKeyLen keyLen);

Stack Exchange Network

Return to Answer