1 files changed, 32 insertions, 1 deletions

diff --git a/src/lib/misc/fpe_fe1/fpe_fe1.h b/src/lib/misc/fpe_fe1/fpe_fe1.h
index 8f987fd65..e823a5d3c 100644
--- a/src/lib/misc/fpe_fe1/fpe_fe1.h
+++ b/src/lib/misc/fpe_fe1/fpe_fe1.h
@@ -16,11 +16,26 @@ namespace Botan {
 class Modular_Reducer;
 class MessageAuthenticationCode;
 
+/**
+* Format Preserving Encryption using the scheme FE1 from the paper
+* "Format-Preserving Encryption" by Bellare, Rogaway, et al
+* (https://eprint.iacr.org/2009/251)
+*/
 class BOTAN_PUBLIC_API(2,5) FPE_FE1 final : public SymmetricAlgorithm
    {
    public:
+
+      /**
+      * @param n the modulus. All plaintext and ciphertext values must be
+      *        less than this.
+      * @param rounds the number of rounds to use. Must be at least 3.
+      * @param compat_mode An error in versions before 2.5.0 chose incorrect
+      *        values for a and b. Set compat_mode to true to select this version.
+      * @param mac_algo the PRF to use as the encryption function
+      */
       FPE_FE1(const BigInt& n,
-              size_t rounds = 3,
+              size_t rounds = 5,
+              bool compat_mode = false,
               const std::string& mac_algo = "HMAC(SHA-256)");
 
       ~FPE_FE1();
@@ -31,8 +46,18 @@ class BOTAN_PUBLIC_API(2,5) FPE_FE1 final : public SymmetricAlgorithm
 
       void clear() override;
 
+      /**
+      * Encrypt X from and onto the group Z_n using key and tweak
+      * @param x the plaintext to encrypt <= n
+      * @param tweak will modify the ciphertext
+      */
       BigInt encrypt(const BigInt& x, const uint8_t tweak[], size_t tweak_len) const;
 
+      /**
+      * Decrypt X from and onto the group Z_n using key and tweak
+      * @param x the ciphertext to encrypt <= n
+      * @param tweak must match the value used to encrypt
+      */
       BigInt decrypt(const BigInt& x, const uint8_t tweak[], size_t tweak_len) const;
 
       BigInt encrypt(const BigInt& x, uint64_t tweak) const;
@@ -67,6 +92,9 @@ namespace FPE {
 * @param X the plaintext as a BigInt
 * @param key a random key
 * @param tweak will modify the ciphertext (think of as an IV)
+*
+* @warning This function is hardcoded to use only 3 rounds which
+* may be insecure for some values of n. Prefer FPE_FE1 class
 */
 BigInt BOTAN_PUBLIC_API(2,0) fe1_encrypt(const BigInt& n, const BigInt& X,
                                          const SymmetricKey& key,
@@ -78,6 +106,9 @@ BigInt BOTAN_PUBLIC_API(2,0) fe1_encrypt(const BigInt& n, const BigInt& X,
 * @param X the ciphertext as a BigInt
 * @param key is the key used for encryption
 * @param tweak the same tweak used for encryption
+*
+* @warning This function is hardcoded to use only 3 rounds which
+* may be insecure for some values of n. Prefer FPE_FE1 class
 */
 BigInt BOTAN_PUBLIC_API(2,0) fe1_decrypt(const BigInt& n, const BigInt& X,
                                          const SymmetricKey& key,