std::string DecryptAsymmetrical(const std::string& privKey, const std::string& data) { assert(!data.empty()); string result; AutoSeededRandomPool rng; RSA::PrivateKey privateKey; privateKey.Load(StringSource(privKey, true).Ref()); RSAES_OAEP_SHA_Decryptor d(privateKey); ui32 blocksCount = *(ui16*)data.data(); const char* ptr = data.data() + 2; for (size_t i = 0; i < blocksCount; ++i) { ui16 blockSize = *(ui16*)ptr; ptr += 2; string currData = string(ptr, blockSize); ptr += blockSize; string currResult; StringSource ss(currData, true, new PK_DecryptorFilter(rng, d, new StringSink(currResult))); result += currResult; } assert(!result.empty()); return result; }
void LoadKey(const string& filename, RSA::PrivateKey& PrivateKey) { // DER Encode Key - PKCS #8 key format PrivateKey.Load( FileSource(filename.c_str(), true, NULL, true /*binary*/).Ref() ); }
void signature_sign(const string & account_num, string & signature){ // Setup string message = account_num; RSA::PrivateKey privateKey; AutoSeededRandomPool rng; // Load private key CryptoPP::ByteQueue bytes; FileSource file("privkey.txt", true, new Base64Decoder); file.TransferTo(bytes); bytes.MessageEnd(); privateKey.Load(bytes); // Sign and Encode RSASS<PSSR, SHA1>::Signer signer(privateKey); // StringSource StringSource(message, true, new SignerFilter(rng, signer, new StringSink(signature), true // putMessage ) // SignerFilter ); }
void Sign(string str){ // string strContents = "A message to be signed"; string strContents = str; //FileSource("tobesigned.dat", true, new StringSink(strContents)); AutoSeededRandomPool rng; //Read private key CryptoPP::ByteQueue bytes; FileSource file("privkey.txt", true, new Base64Decoder); file.TransferTo(bytes); bytes.MessageEnd(); RSA::PrivateKey privateKey; privateKey.Load(bytes); //Sign message RSASSA_PKCS1v15_SHA_Signer privkey(privateKey); SecByteBlock sbbSignature(privkey.SignatureLength()); privkey.SignMessage( rng, (byte const*) strContents.data(), strContents.size(), sbbSignature); //Save result FileSink sink("message.dat"); //c sink.Put((byte const*) strContents.data(), strContents.size()); FileSink sinksig("cipher.dat"); //m sinksig.Put(sbbSignature, sbbSignature.size()); }
void loadRSAPriKey(RSA::PrivateKey& key, const char* filename){ ByteQueue byte; FileSource file(filename, true, new Base64Decoder); file.TransferTo(byte); byte.MessageEnd(); key.Load(byte); }
std::string Sign(const std::string& privKey, const std::string& message) { AutoSeededRandomPool rng; string signature; RSA::PrivateKey privateKey; privateKey.Load(StringSource(privKey, true).Ref()); RSASSA_PKCS1v15_SHA_Signer signer(privateKey); StringSource(message, true, new SignerFilter(rng, signer, new StringSink(signature))); return signature; }
string SignLicense(AutoSeededRandomPool &rng, string strContents, string pass) { //Read private key string encPrivKey; StringSink encPrivKeySink(encPrivKey); FileSource file("secondary-privkey-enc.txt", true, new Base64Decoder); file.CopyTo(encPrivKeySink); //Read initialization vector byte iv[AES::BLOCKSIZE]; CryptoPP::ByteQueue bytesIv; FileSource file2("secondary-privkey-iv.txt", true, new Base64Decoder); file2.TransferTo(bytesIv); bytesIv.MessageEnd(); bytesIv.Get(iv, AES::BLOCKSIZE); //Hash the pass phrase to create 128 bit key string hashedPass; RIPEMD128 hash; StringSource(pass, true, new HashFilter(hash, new StringSink(hashedPass))); //Decrypt private key byte test[encPrivKey.length()]; CFB_Mode<AES>::Decryption cfbDecryption((const unsigned char*)hashedPass.c_str(), hashedPass.length(), iv); cfbDecryption.ProcessData(test, (byte *)encPrivKey.c_str(), encPrivKey.length()); StringSource privateKeySrc(test, encPrivKey.length(), true, NULL); //Decode key RSA::PrivateKey privateKey; privateKey.Load(privateKeySrc); //Sign message RSASSA_PKCS1v15_SHA_Signer privkey(privateKey); SecByteBlock sbbSignature(privkey.SignatureLength()); privkey.SignMessage( rng, (byte const*) strContents.data(), strContents.size(), sbbSignature); //Save result string out; Base64Encoder enc(new StringSink(out)); enc.Put(sbbSignature, sbbSignature.size()); enc.MessageEnd(); return out; }
int main (int argc, const char* argv[]) { string toSign; FileSource(argv[1], true, new StringSink(toSign)); AutoSeededRandomPool rng; //Read private key CryptoPP::ByteQueue bytes; FileSource file(argv[2], true, new Base64Decoder); file.TransferTo(bytes); bytes.MessageEnd(); RSA::PrivateKey privateKey; privateKey.Load(bytes); //Sign message RSASSA_PKCS1v15_SHA_Signer signer(privateKey); SecByteBlock signature(signer.SignatureLength()); signer.SignMessage( rng, (byte const*) toSign.data(), toSign.size(), signature); //Print string of signature HexEncoder encoder; string signatureString; encoder.Put(signature.data(), signature.size()); encoder.MessageEnd(); word64 signatureSize = encoder.MaxRetrievable(); if (signatureSize) { signatureString.resize(signatureSize); encoder.Get((byte*) signatureString.data(), signatureString.size()); } cout << signatureString << endl; }
bool SecTpm::importPrivateKeyPkcs5IntoTpm(const Name& keyName, const uint8_t* buf, size_t size, const std::string& passwordStr) { using namespace CryptoPP; Oid pbes2Id; Oid pbkdf2Id; SecByteBlock saltBlock; uint32_t iterationCount; Oid pbes2encsId; SecByteBlock ivBlock; SecByteBlock encryptedDataBlock; try { // decode some decoding processes are not necessary for now, // because we assume only one encryption scheme. StringSource source(buf, size, true); // EncryptedPrivateKeyInfo ::= SEQUENCE { // encryptionAlgorithm EncryptionAlgorithmIdentifier, // encryptedData OCTET STRING } BERSequenceDecoder encryptedPrivateKeyInfo(source); { // EncryptionAlgorithmIdentifier ::= SEQUENCE { // algorithm OBJECT IDENTIFIER {{PBES2-id}}, // parameters SEQUENCE {{PBES2-params}} } BERSequenceDecoder encryptionAlgorithm(encryptedPrivateKeyInfo); { pbes2Id.decode(encryptionAlgorithm); // PBES2-params ::= SEQUENCE { // keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}}, // encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} } BERSequenceDecoder pbes2Params(encryptionAlgorithm); { // AlgorithmIdentifier ::= SEQUENCE { // algorithm OBJECT IDENTIFIER {{PBKDF2-id}}, // parameters SEQUENCE {{PBKDF2-params}} } BERSequenceDecoder pbes2KDFs(pbes2Params); { pbkdf2Id.decode(pbes2KDFs); // AlgorithmIdentifier ::= SEQUENCE { // salt OCTET STRING, // iterationCount INTEGER (1..MAX), // keyLength INTEGER (1..MAX) OPTIONAL, // prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1 } BERSequenceDecoder pbkdf2Params(pbes2KDFs); { BERDecodeOctetString(pbkdf2Params, saltBlock); BERDecodeUnsigned<uint32_t>(pbkdf2Params, iterationCount, INTEGER); } pbkdf2Params.MessageEnd(); } pbes2KDFs.MessageEnd(); // AlgorithmIdentifier ::= SEQUENCE { // algorithm OBJECT IDENTIFIER {{DES-EDE3-CBC-PAD}}, // parameters OCTET STRING} {{iv}} } BERSequenceDecoder pbes2Encs(pbes2Params); { pbes2encsId.decode(pbes2Encs); BERDecodeOctetString(pbes2Encs, ivBlock); } pbes2Encs.MessageEnd(); } pbes2Params.MessageEnd(); } encryptionAlgorithm.MessageEnd(); BERDecodeOctetString(encryptedPrivateKeyInfo, encryptedDataBlock); } encryptedPrivateKeyInfo.MessageEnd(); } catch (const CryptoPP::Exception& e) { return false; } PKCS5_PBKDF2_HMAC<SHA1> keyGenerator; size_t derivedLen = 24; //For DES-EDE3-CBC-PAD byte derived[24] = {0}; byte purpose = 0; try { keyGenerator.DeriveKey(derived, derivedLen, purpose, reinterpret_cast<const byte*>(passwordStr.c_str()), passwordStr.size(), saltBlock.BytePtr(), saltBlock.size(), iterationCount); } catch (const CryptoPP::Exception& e) { return false; } //decrypt CBC_Mode< DES_EDE3 >::Decryption d; d.SetKeyWithIV(derived, derivedLen, ivBlock.BytePtr()); OBufferStream privateKeyOs; try { StringSource encryptedSource(encryptedDataBlock.BytePtr(), encryptedDataBlock.size(), true, new StreamTransformationFilter(d, new FileSink(privateKeyOs))); } catch (const CryptoPP::Exception& e) { return false; } if (!importPrivateKeyPkcs8IntoTpm(keyName, privateKeyOs.buf()->buf(), privateKeyOs.buf()->size())) return false; // determine key type StringSource privateKeySource(privateKeyOs.buf()->buf(), privateKeyOs.buf()->size(), true); KeyType publicKeyType = KeyType::NONE; SecByteBlock rawKeyBits; // PrivateKeyInfo ::= SEQUENCE { // INTEGER, // SEQUENCE, // OCTECT STRING} BERSequenceDecoder privateKeyInfo(privateKeySource); { uint32_t versionNum; BERDecodeUnsigned<uint32_t>(privateKeyInfo, versionNum, INTEGER); BERSequenceDecoder sequenceDecoder(privateKeyInfo); { Oid keyTypeOid; keyTypeOid.decode(sequenceDecoder); if (keyTypeOid == oid::RSA) publicKeyType = KeyType::RSA; else if (keyTypeOid == oid::ECDSA) publicKeyType = KeyType::EC; else return false; // Unsupported key type; } } // derive public key OBufferStream publicKeyOs; try { switch (publicKeyType) { case KeyType::RSA: { RSA::PrivateKey privateKey; privateKey.Load(StringStore(privateKeyOs.buf()->buf(), privateKeyOs.buf()->size()).Ref()); RSAFunction publicKey(privateKey); FileSink publicKeySink(publicKeyOs); publicKey.DEREncode(publicKeySink); publicKeySink.MessageEnd(); break; } case KeyType::EC: { ECDSA<ECP, SHA256>::PrivateKey privateKey; privateKey.Load(StringStore(privateKeyOs.buf()->buf(), privateKeyOs.buf()->size()).Ref()); ECDSA<ECP, SHA256>::PublicKey publicKey; privateKey.MakePublicKey(publicKey); publicKey.AccessGroupParameters().SetEncodeAsOID(true); FileSink publicKeySink(publicKeyOs); publicKey.DEREncode(publicKeySink); publicKeySink.MessageEnd(); break; } default: return false; } } catch (const CryptoPP::Exception& e) { return false; } if (!importPublicKeyPkcs1IntoTpm(keyName, publicKeyOs.buf()->buf(), publicKeyOs.buf()->size())) return false; return true; }
Block SecTpmFile::signInTpm(const uint8_t* data, size_t dataLength, const Name& keyName, DigestAlgorithm digestAlgorithm) { string keyURI = keyName.toUri(); if (!doesKeyExistInTpm(keyName, KeyClass::PRIVATE)) BOOST_THROW_EXCEPTION(Error("private key doesn't exist")); try { using namespace CryptoPP; AutoSeededRandomPool rng; // Read public key shared_ptr<v1::PublicKey> pubkeyPtr; pubkeyPtr = getPublicKeyFromTpm(keyName); switch (pubkeyPtr->getKeyType()) { case KeyType::RSA: { // Read private key ByteQueue bytes; FileSource file(m_impl->transformName(keyURI, ".pri").string().c_str(), true, new Base64Decoder); file.TransferTo(bytes); bytes.MessageEnd(); RSA::PrivateKey privateKey; privateKey.Load(bytes); // Sign message switch (digestAlgorithm) { case DigestAlgorithm::SHA256: { RSASS<PKCS1v15, SHA256>::Signer signer(privateKey); OBufferStream os; StringSource(data, dataLength, true, new SignerFilter(rng, signer, new FileSink(os))); return Block(tlv::SignatureValue, os.buf()); } default: BOOST_THROW_EXCEPTION(Error("Unsupported digest algorithm")); } } case KeyType::EC: { // Read private key ByteQueue bytes; FileSource file(m_impl->transformName(keyURI, ".pri").string().c_str(), true, new Base64Decoder); file.TransferTo(bytes); bytes.MessageEnd(); // Sign message switch (digestAlgorithm) { case DigestAlgorithm::SHA256: { ECDSA<ECP, SHA256>::PrivateKey privateKey; privateKey.Load(bytes); ECDSA<ECP, SHA256>::Signer signer(privateKey); OBufferStream os; StringSource(data, dataLength, true, new SignerFilter(rng, signer, new FileSink(os))); uint8_t buf[200]; size_t bufSize = DSAConvertSignatureFormat(buf, sizeof(buf), DSA_DER, os.buf()->buf(), os.buf()->size(), DSA_P1363); shared_ptr<Buffer> sigBuffer = make_shared<Buffer>(buf, bufSize); return Block(tlv::SignatureValue, sigBuffer); } default: BOOST_THROW_EXCEPTION(Error("Unsupported digest algorithm")); } } default: BOOST_THROW_EXCEPTION(Error("Unsupported key type")); } } catch (const CryptoPP::Exception& e) { BOOST_THROW_EXCEPTION(Error(e.what())); } }