word32 EncodeDSA_Signature(const Integer& r, const Integer& s, byte* output)
    word32 rSz = r.ByteCount();
    word32 sSz = s.ByteCount();

    byte rLen[MAX_LENGTH_SZ + 1];
    byte sLen[MAX_LENGTH_SZ + 1];

    rLen[0] = INTEGER;
    sLen[0] = INTEGER;

    word32 rLenSz = SetLength(rSz, &rLen[1]) + 1;
    word32 sLenSz = SetLength(sSz, &sLen[1]) + 1;

    byte seqArray[MAX_SEQ_SZ];

    word32 seqSz = SetSequence(rLenSz + rSz + sLenSz + sSz, seqArray);
    // seq
    memcpy(output, seqArray, seqSz);
    // r
    memcpy(output + seqSz, rLen, rLenSz);
    r.Encode(output + seqSz + rLenSz, rSz);
    // s
    memcpy(output + seqSz + rLenSz + rSz, sLen, sLenSz);
    s.Encode(output + seqSz + rLenSz + rSz + sLenSz, sSz);

    return seqSz + rLenSz + rSz + sLenSz + sSz;
Exemplo n.º 2
int AsymmCipher::decrypt(const byte* cipher, int cipherlen, byte* out, int numbytes)
    Integer m;

    if (!decodeintarray(&m, 1, cipher, cipherlen))
        return 0;

    rsadecrypt(key, &m);

    unsigned l = key[AsymmCipher::PRIV_P].ByteCount() + key[AsymmCipher::PRIV_Q].ByteCount() - 2;

    if (m.ByteCount() > l)
        l = m.ByteCount();

    l -= numbytes;

    while (numbytes--)
        out[numbytes] = m.GetByte(l++);

    return 1;
Exemplo n.º 3
void DiffieHellman::get_parms(byte* bp, byte* bg, byte* bpub) const
    using TaoCrypt::Integer;
    Integer p = pimpl_->dh_.GetP();
    Integer g = pimpl_->dh_.GetG();

    p.Encode(bp, p.ByteCount());
    g.Encode(bg, g.ByteCount());
    memcpy(bpub, pimpl_->publicKey_, pimpl_->dh_.GetByteLength());
Exemplo n.º 4
void DiffieHellman::set_sizes(int& pSz, int& gSz, int& pubSz) const
    using TaoCrypt::Integer;
    Integer p = pimpl_->dh_.GetP();
    Integer g = pimpl_->dh_.GetG();

    pSz   = p.ByteCount();
    gSz   = g.ByteCount();
    pubSz = pimpl_->dh_.GetByteLength();
Exemplo n.º 5
DecodingResult TF_DecryptorBase::Decrypt(RandomNumberGenerator &rng, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs &parameters) const
	SecByteBlock paddedBlock(PaddedBlockByteLength());
	Integer x = GetTrapdoorFunctionInterface().CalculateInverse(rng, Integer(ciphertext, FixedCiphertextLength()));
	if (x.ByteCount() > paddedBlock.size())
		x = Integer::Zero();	// don't return false here to prevent timing attack
	x.Encode(paddedBlock, paddedBlock.size());
	return GetMessageEncodingInterface().Unpad(paddedBlock, PaddedBlockBitLength(), plaintext, parameters);
Exemplo n.º 6
int AsymmCipher::decrypt(const byte* c, int cl, byte* out, int numbytes)
    Integer m;

    if (!decodeintarray(&m,1,c,cl)) return 0;


    unsigned l = key[AsymmCipher::PRIV_D].ByteCount()-2;

    if (m.ByteCount() > l) l = m.ByteCount();

    l -= numbytes;

    while (numbytes--) out[numbytes] = m.GetByte(l++);

    return 1;
extern "C" int rsa_pss_sign(const char *key_file, const unsigned char *msg,
			int len, unsigned char *sig_buf, unsigned char *modulus_buf)
	try {
		AutoSeededRandomPool rng;
		FileSource file(key_file, true);
		RSA::PrivateKey key;
		ByteQueue bq;

		// Load the key
		key.BERDecodePrivateKey(bq, false, bq.MaxRetrievable());

		// Write the modulus
		Integer mod = key.GetModulus();
		// error check
		if (mod.ByteCount() != RCM_RSA_MODULUS_SIZE)
			throw std::length_error("incorrect rsa key modulus length");
		for (int i = 0; i < mod.ByteCount(); i++)
			modulus_buf[i] = mod.GetByte(i);

		// Sign the message
		RSASS<PSS, SHA256>::Signer signer(key);
		size_t length = signer.MaxSignatureLength();
		SecByteBlock signature(length);

		length = signer.SignMessage(rng, msg, len, signature);

		// Copy in reverse order
		for (int i = 0; i < length; i++)
			sig_buf[length - i - 1] = signature[i];
	catch(const CryptoPP::Exception& e) {
		cerr << e.what() << endl;
		return 1;
	catch(std::length_error& le) {
		cerr << "Error: " << le.what() << endl;
		return 1;

	return 0;
Exemplo n.º 8
DecodingResult TF_DecryptorBase::Decrypt(RandomNumberGenerator &rng, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs &parameters) const
	if (ciphertextLength != FixedCiphertextLength())
			throw InvalidArgument(AlgorithmName() + ": ciphertext length of " + IntToString(ciphertextLength) + " doesn't match the required length of " + IntToString(FixedCiphertextLength()) + " for this key");

	SecByteBlock paddedBlock(PaddedBlockByteLength());
	Integer x = GetTrapdoorFunctionInterface().CalculateInverse(rng, Integer(ciphertext, ciphertextLength));
	if (x.ByteCount() > paddedBlock.size())
		x = Integer::Zero();	// don't return false here to prevent timing attack
	x.Encode(paddedBlock, paddedBlock.size());
	return GetMessageEncodingInterface().Unpad(paddedBlock, PaddedBlockBitLength(), plaintext, parameters);
Exemplo n.º 9
word32 SSL_Decrypt(const RSA_PublicKey& key, const byte* sig, byte* plain)
    PK_Lengths lengths(key.GetModulus());
    ByteBlock paddedBlock(BitsToBytes(lengths.PaddedBlockBitLength()));
    Integer x = key.ApplyFunction(Integer(sig,
    if (x.ByteCount() > paddedBlock.size())
        x = Integer::Zero();	
    x.Encode(paddedBlock.get_buffer(), paddedBlock.size());
    return RSA_BlockType1().UnPad(paddedBlock.get_buffer(),
                                  lengths.PaddedBlockBitLength(), plain);
Exemplo n.º 10
word32 RSA_Decryptor<Pad>::Decrypt(const byte* cipher, word32 sz, byte* plain,
                                   RandomNumberGenerator& rng)
    PK_Lengths lengths(key_.GetModulus());

    if (sz != lengths.FixedCiphertextLength())
        return 0;
    ByteBlock paddedBlock(lengths.PaddedBlockByteLength());
    Integer x = key_.CalculateInverse(rng, Integer(cipher,
    if (x.ByteCount() > paddedBlock.size())
        x = Integer::Zero();	// don't return false, prevents timing attack
    x.Encode(paddedBlock.get_buffer(), paddedBlock.size());
    return padding_.UnPad(paddedBlock.get_buffer(),
                          lengths.PaddedBlockBitLength(), plain);
Exemplo n.º 11
ElGamalEncryptor::ElGamalEncryptor(const Integer &p, const Integer &g, const Integer &y)
	: p(p), g(g), y(y), modulusLen(p.ByteCount()),
	  gpc(p, g, ExponentBitLength(), 1), ypc(p, y, ExponentBitLength(), 1)
Exemplo n.º 12
static PyObject *
SigningKey__dump(SigningKey *self, PyObject *dummy) {
    const DL_GroupParameters_EC<ECP>& gp = self->k->GetKey().GetGroupParameters();
    std::cout << "whee " << gp.GetEncodedElementSize(true) << "\a";
    std::cout << "booo " << gp.GetEncodedElementSize(false) << "\n";

    ECPPoint p = gp.GetSubgroupGenerator();
    std::cout << "generator " << p.x << ", " << p.y << "\n";

    std::cout << "GroupOrder: ";
    std::cout << gp.GetGroupOrder();
    std::cout << "\n";

    std::string s;
    StringSink* ss = new StringSink(s);
    HexEncoder he(ss);
    std::cout << "AlgorithmID: ";
    std::cout << s << "\n";

    const ECP& ec = gp.GetCurve();
    Integer fieldsize = ec.FieldSize();
    std::cout << "field size " << fieldsize.BitCount() << " " << fieldsize.ByteCount() << " " << ec.FieldSize() << "\n";
    std::cout << "Curve: ";
    std::cout << "curve field max element bit length: " << ec.GetField().MaxElementBitLength() << "\n";
    std::cout << "curve field modulus: " << ec.GetField().GetModulus() << "\n";
    std::cout << "curve A: " << ec.GetA() << ", curve B: " << ec.GetB();

    const ECP::Field& f = ec.GetField();
    std::cout << "curve field modulus: " << f.GetModulus() << "\n";
    std::cout << "curve field identity: " << f.Identity() << "\n";

    std::string cfs;
    StringSink* cfss = new StringSink(cfs);
    HexEncoder cfhe(cfss);
    std::cout << "curve field derencoding: " << cfs << "\n";

    const CryptoMaterial& cm = self->k->GetMaterial();
    Integer i;
    cm.GetValue("SubgroupOrder", i);
    std::cout << "\n";
    std::cout << "SubgroupOrder: ";
    std::cout << i;
    std::cout << "\n";
    ECP::Element e;
    cm.GetValue("SubgroupGenerator", e);
    std::cout << "SubgroupGenerator: ";
    std::cout << e.x << ", " << e.y;
    std::cout << "\n";

    std::cout << "private key: ";

    const PrivateKey& privkey = self->k->GetPrivateKey();

    std::cout << privkey.GetValueNames() << "\n";

    Integer privi;
    privkey.GetValue("PrivateExponent", privi);
    std::cout << privi << "\n";
    std::cout << "numbits: " << privi.BitCount() << "\n";
    std::cout << "numbytes: " << privi.ByteCount() << "\n";

Exemplo n.º 13
BlumGoldwasserPublicKey::BlumGoldwasserPublicKey(const Integer &n)
	: n(n), modulusLen(n.ByteCount())