word32 EncodeDSA_Signature(const Integer& r, const Integer& s, byte* output)
{
word32 rSz = r.ByteCount();
word32 sSz = s.ByteCount();
byte rLen[MAX_LENGTH_SZ + 1];
byte sLen[MAX_LENGTH_SZ + 1];
rLen[0] = INTEGER;
sLen[0] = INTEGER;
word32 rLenSz = SetLength(rSz, &rLen[1]) + 1;
word32 sLenSz = SetLength(sSz, &sLen[1]) + 1;
byte seqArray[MAX_SEQ_SZ];
word32 seqSz = SetSequence(rLenSz + rSz + sLenSz + sSz, seqArray);
// seq
memcpy(output, seqArray, seqSz);
// r
memcpy(output + seqSz, rLen, rLenSz);
r.Encode(output + seqSz + rLenSz, rSz);
// s
memcpy(output + seqSz + rLenSz + rSz, sLen, sLenSz);
s.Encode(output + seqSz + rLenSz + rSz + sLenSz, sSz);
return seqSz + rLenSz + rSz + sLenSz + sSz;
}
int AsymmCipher::decrypt(const byte* cipher, int cipherlen, byte* out, int numbytes)
{
Integer m;
if (!decodeintarray(&m, 1, cipher, cipherlen))
{
return 0;
}
rsadecrypt(key, &m);
unsigned l = key[AsymmCipher::PRIV_P].ByteCount() + key[AsymmCipher::PRIV_Q].ByteCount() - 2;
if (m.ByteCount() > l)
{
l = m.ByteCount();
}
l -= numbytes;
while (numbytes--)
{
out[numbytes] = m.GetByte(l++);
}
return 1;
}
void DiffieHellman::get_parms(byte* bp, byte* bg, byte* bpub) const
{
using TaoCrypt::Integer;
Integer p = pimpl_->dh_.GetP();
Integer g = pimpl_->dh_.GetG();
p.Encode(bp, p.ByteCount());
g.Encode(bg, g.ByteCount());
memcpy(bpub, pimpl_->publicKey_, pimpl_->dh_.GetByteLength());
}
void DiffieHellman::set_sizes(int& pSz, int& gSz, int& pubSz) const
{
using TaoCrypt::Integer;
Integer p = pimpl_->dh_.GetP();
Integer g = pimpl_->dh_.GetG();
pSz = p.ByteCount();
gSz = g.ByteCount();
pubSz = pimpl_->dh_.GetByteLength();
}
DecodingResult TF_DecryptorBase::Decrypt(RandomNumberGenerator &rng, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs ¶meters) const
{
SecByteBlock paddedBlock(PaddedBlockByteLength());
Integer x = GetTrapdoorFunctionInterface().CalculateInverse(rng, Integer(ciphertext, FixedCiphertextLength()));
if (x.ByteCount() > paddedBlock.size())
x = Integer::Zero(); // don't return false here to prevent timing attack
x.Encode(paddedBlock, paddedBlock.size());
return GetMessageEncodingInterface().Unpad(paddedBlock, PaddedBlockBitLength(), plaintext, parameters);
}
int AsymmCipher::decrypt(const byte* c, int cl, byte* out, int numbytes)
{
Integer m;
if (!decodeintarray(&m,1,c,cl)) return 0;
rsadecrypt(key,&m);
unsigned l = key[AsymmCipher::PRIV_D].ByteCount()-2;
if (m.ByteCount() > l) l = m.ByteCount();
l -= numbytes;
while (numbytes--) out[numbytes] = m.GetByte(l++);
return 1;
}
extern "C" int rsa_pss_sign(const char *key_file, const unsigned char *msg,
int len, unsigned char *sig_buf, unsigned char *modulus_buf)
{
try {
AutoSeededRandomPool rng;
FileSource file(key_file, true);
RSA::PrivateKey key;
ByteQueue bq;
// Load the key
file.TransferTo(bq);
bq.MessageEnd();
key.BERDecodePrivateKey(bq, false, bq.MaxRetrievable());
// Write the modulus
Integer mod = key.GetModulus();
// error check
if (mod.ByteCount() != RCM_RSA_MODULUS_SIZE)
throw std::length_error("incorrect rsa key modulus length");
for (int i = 0; i < mod.ByteCount(); i++)
modulus_buf[i] = mod.GetByte(i);
// Sign the message
RSASS<PSS, SHA256>::Signer signer(key);
size_t length = signer.MaxSignatureLength();
SecByteBlock signature(length);
length = signer.SignMessage(rng, msg, len, signature);
// Copy in reverse order
for (int i = 0; i < length; i++)
sig_buf[length - i - 1] = signature[i];
}
catch(const CryptoPP::Exception& e) {
cerr << e.what() << endl;
return 1;
}
catch(std::length_error& le) {
cerr << "Error: " << le.what() << endl;
return 1;
}
return 0;
}
DecodingResult TF_DecryptorBase::Decrypt(RandomNumberGenerator &rng, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs ¶meters) const
{
if (ciphertextLength != FixedCiphertextLength())
throw InvalidArgument(AlgorithmName() + ": ciphertext length of " + IntToString(ciphertextLength) + " doesn't match the required length of " + IntToString(FixedCiphertextLength()) + " for this key");
SecByteBlock paddedBlock(PaddedBlockByteLength());
Integer x = GetTrapdoorFunctionInterface().CalculateInverse(rng, Integer(ciphertext, ciphertextLength));
if (x.ByteCount() > paddedBlock.size())
x = Integer::Zero(); // don't return false here to prevent timing attack
x.Encode(paddedBlock, paddedBlock.size());
return GetMessageEncodingInterface().Unpad(paddedBlock, PaddedBlockBitLength(), plaintext, parameters);
}
word32 SSL_Decrypt(const RSA_PublicKey& key, const byte* sig, byte* plain)
{
PK_Lengths lengths(key.GetModulus());
ByteBlock paddedBlock(BitsToBytes(lengths.PaddedBlockBitLength()));
Integer x = key.ApplyFunction(Integer(sig,
lengths.FixedCiphertextLength()));
if (x.ByteCount() > paddedBlock.size())
x = Integer::Zero();
x.Encode(paddedBlock.get_buffer(), paddedBlock.size());
return RSA_BlockType1().UnPad(paddedBlock.get_buffer(),
lengths.PaddedBlockBitLength(), plain);
}
word32 RSA_Decryptor<Pad>::Decrypt(const byte* cipher, word32 sz, byte* plain,
RandomNumberGenerator& rng)
{
PK_Lengths lengths(key_.GetModulus());
if (sz != lengths.FixedCiphertextLength())
return 0;
ByteBlock paddedBlock(lengths.PaddedBlockByteLength());
Integer x = key_.CalculateInverse(rng, Integer(cipher,
lengths.FixedCiphertextLength()).Ref());
if (x.ByteCount() > paddedBlock.size())
x = Integer::Zero(); // don't return false, prevents timing attack
x.Encode(paddedBlock.get_buffer(), paddedBlock.size());
return padding_.UnPad(paddedBlock.get_buffer(),
lengths.PaddedBlockBitLength(), plain);
}
ElGamalEncryptor::ElGamalEncryptor(const Integer &p, const Integer &g, const Integer &y)
: p(p), g(g), y(y), modulusLen(p.ByteCount()),
gpc(p, g, ExponentBitLength(), 1), ypc(p, y, ExponentBitLength(), 1)
{
}
static PyObject *
SigningKey__dump(SigningKey *self, PyObject *dummy) {
const DL_GroupParameters_EC<ECP>& gp = self->k->GetKey().GetGroupParameters();
std::cout << "whee " << gp.GetEncodedElementSize(true) << "\a";
std::cout << "booo " << gp.GetEncodedElementSize(false) << "\n";
ECPPoint p = gp.GetSubgroupGenerator();
std::cout << "generator " << p.x << ", " << p.y << "\n";
std::cout << "GroupOrder: ";
std::cout << gp.GetGroupOrder();
std::cout << "\n";
std::string s;
StringSink* ss = new StringSink(s);
HexEncoder he(ss);
std::cout << "AlgorithmID: ";
gp.GetAlgorithmID().DEREncode(he);
std::cout << s << "\n";
const ECP& ec = gp.GetCurve();
Integer fieldsize = ec.FieldSize();
std::cout << "field size " << fieldsize.BitCount() << " " << fieldsize.ByteCount() << " " << ec.FieldSize() << "\n";
std::cout << "Curve: ";
std::cout << "curve field max element bit length: " << ec.GetField().MaxElementBitLength() << "\n";
std::cout << "curve field modulus: " << ec.GetField().GetModulus() << "\n";
std::cout << "curve A: " << ec.GetA() << ", curve B: " << ec.GetB();
const ECP::Field& f = ec.GetField();
std::cout << "curve field modulus: " << f.GetModulus() << "\n";
std::cout << "curve field identity: " << f.Identity() << "\n";
std::string cfs;
StringSink* cfss = new StringSink(cfs);
HexEncoder cfhe(cfss);
f.DEREncode(cfhe);
std::cout << "curve field derencoding: " << cfs << "\n";
const CryptoMaterial& cm = self->k->GetMaterial();
Integer i;
cm.GetValue("SubgroupOrder", i);
std::cout << "\n";
std::cout << "SubgroupOrder: ";
std::cout << i;
std::cout << "\n";
ECP::Element e;
cm.GetValue("SubgroupGenerator", e);
std::cout << "SubgroupGenerator: ";
std::cout << e.x << ", " << e.y;
std::cout << "\n";
std::cout << "private key: ";
const PrivateKey& privkey = self->k->GetPrivateKey();
std::cout << privkey.GetValueNames() << "\n";
Integer privi;
privkey.GetValue("PrivateExponent", privi);
std::cout << privi << "\n";
std::cout << "numbits: " << privi.BitCount() << "\n";
std::cout << "numbytes: " << privi.ByteCount() << "\n";
Py_RETURN_NONE;
}
BlumGoldwasserPublicKey::BlumGoldwasserPublicKey(const Integer &n)
: n(n), modulusLen(n.ByteCount())
{
}