OFB Mode

From Crypto++ Wiki
Jump to: navigation, search
OFB Mode
Documentation
#include <cryptopp/modes.h>

OFB Mode is output feedback. OFB was originally specified by NIST in FIPS 81. The standard, issued in 1980, only offers confidentiality. Other modes, such as CCM and GCM, offer authenticated encryption which places an integrity assurance over the encrpyted data.

OFB mode uses an IV, and the plain text does not be padded to the block size of the cipher. For additional information on this mode, see Block Cipher Modes of Operation.


If your project is using encryption alone to secure your data, encryption alone is usually not enough. Please take a moment to read Authenticated Encryption and understand why you should prefer to use CCM, GCM, or EAX over other modes, such as CBC or CTR.

Sample Program

The sample program below demonstrates AES in OFB mode using filters (see pipelining). Though the key is declared on the stack, a SecByteBlock is used to ensure the sensitive material is zeroized. Similar could be used for both plain text and recovered text.

AutoSeededRandomPool prng;

byte key[ AES::DEFAULT_KEYLENGTH ];
prng.GenerateBlock( key, sizeof(key) );

byte iv[ AES::BLOCKSIZE ];
prng.GenerateBlock( iv, sizeof(iv) );

string plain = "OFB Mode Test";
string cipher, encoded, recovered;

/*********************************\
\*********************************/

try
{
    cout << "plain text: " << plain << endl;

    OFB_Mode< AES >::Encryption e;
    d.SetKeyWithIV( key, sizeof(key), iv );

    // OFB mode must not use padding. Specifying
    //  a scheme will result in an exception
    StringSource ss1( plain, true, 
        new StreamTransformationFilter( e,
            new StringSink( cipher )
        ) // StreamTransformationFilter      
    ); // StringSource
}
catch( CryptoPP::Exception& e )
{
    cerr << e.what() << endl;
    exit(1);
}

/*********************************\
\*********************************/

// Pretty print cipher text
StringSource ss2( cipher, true,
    new HexEncoder(
        new StringSink( encoded )
    ) // HexEncoder
); // StringSource
cout << "cipher text: " << encoded << endl;

/*********************************\
\*********************************/

try
{
    OFB_Mode< AES >::Decryption d;
    d.SetKeyWithIV( key, sizeof(key), iv );

    StringSource ss3( cipher, true, 
        new StreamTransformationFilter( d,
            new StringSink( recovered )
        ) // StreamTransformationFilter
    ); // StringSource

    cout << "recovered text: " << recovered << endl;
}
catch( CryptoPP::Exception& e )
{
    cerr << e.what() << endl;
    exit(1);
}

A typical output is shown below. Note that each run will produce different results because the key and initialization vector are randomly generated.

$ ./Driver.exe 
key: 2EDCA4AAB6B51AB3EABEC97B2BA74D4E
iv: EEA37DEE36032EB1EF0F1AE0E514A75E
plain text: OFB Mode Test
cipher text: C1ECE8ABABF8DD92E86BD56742
recovered text: OFB Mode Test

Downloads

AES-OFB-Filter.zip - Demonstrates encryption and decryption using AES in OFB mode with filters