void DL_GroupParameters_DSA::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg)
{
Integer p, q, g;
if (alg.GetValue("Modulus", p) && alg.GetValue("SubgroupGenerator", g))
{
q = alg.GetValueWithDefault("SubgroupOrder", ComputeGroupOrder(p)/2);
}
else
{
int modulusSize = 1024;
alg.GetIntValue("ModulusSize", modulusSize) || alg.GetIntValue("KeySize", modulusSize);
if (!DSA::IsValidPrimeLength(modulusSize))
throw InvalidArgument("DSA: not a valid prime length");
SecByteBlock seed(SHA::DIGESTSIZE);
Integer h;
int c;
do
{
rng.GenerateBlock(seed, SHA::DIGESTSIZE);
} while (!DSA::GeneratePrimes(seed, SHA::DIGESTSIZE*8, c, p, modulusSize, q));
do
{
h.Randomize(rng, 2, p-2);
g = a_exp_b_mod_c(h, (p-1)/q, p);
} while (g <= 1);
}
Initialize(p, q, g);
}
void OAEP_Base::Pad(RandomNumberGenerator &rng, const byte *input, size_t inputLength, byte *oaepBlock, size_t oaepBlockLen, const NameValuePairs ¶meters) const
{
CRYPTOPP_ASSERT (inputLength <= MaxUnpaddedLength(oaepBlockLen));
using CryptoPP::auto_ptr;
auto_ptr<HashTransformation> pHash(NewHash());
// convert from bit length to byte length
if (oaepBlockLen % 8 != 0)
{
oaepBlock[0] = 0;
oaepBlock++;
}
oaepBlockLen /= 8;
const size_t hLen = pHash->DigestSize();
const size_t seedLen = hLen, dbLen = oaepBlockLen-seedLen;
byte *const maskedSeed = oaepBlock;
byte *const maskedDB = oaepBlock+seedLen;
ConstByteArrayParameter encodingParameters;
parameters.GetValue(Name::EncodingParameters(), encodingParameters);
// DB = pHash || 00 ... || 01 || M
pHash->CalculateDigest(maskedDB, encodingParameters.begin(), encodingParameters.size());
memset(maskedDB+hLen, 0, dbLen-hLen-inputLength-1);
maskedDB[dbLen-inputLength-1] = 0x01;
memcpy(maskedDB+dbLen-inputLength, input, inputLength);
auto_ptr<MaskGeneratingFunction> pMGF(NewMGF());
rng.GenerateBlock(maskedSeed, seedLen);
pMGF->GenerateAndMask(*pHash, maskedDB, dbLen, maskedSeed, seedLen);
pMGF->GenerateAndMask(*pHash, maskedSeed, seedLen, maskedDB, dbLen);
}
void OAEP<H,MGF,P,PLen>::Pad(RandomNumberGenerator &rng, const byte *input, unsigned int inputLength, byte *oaepBlock, unsigned int oaepBlockLen) const
{
assert (inputLength <= MaxUnpaddedLength(oaepBlockLen));
// convert from bit length to byte length
if (oaepBlockLen % 8 != 0)
{
oaepBlock[0] = 0;
oaepBlock++;
}
oaepBlockLen /= 8;
const unsigned int hLen = H::DIGESTSIZE;
const unsigned int seedLen = hLen, dbLen = oaepBlockLen-seedLen;
byte *const maskedSeed = oaepBlock;
byte *const maskedDB = oaepBlock+seedLen;
// DB = pHash || 00 ... || 01 || M
memcpy(maskedDB, PHash<H,P,PLen>(), hLen);
memset(maskedDB+hLen, 0, dbLen-hLen-inputLength-1);
maskedDB[dbLen-inputLength-1] = 0x01;
memcpy(maskedDB+dbLen-inputLength, input, inputLength);
rng.GenerateBlock(maskedSeed, seedLen);
H h;
MGF mgf;
mgf.GenerateAndMask(h, maskedDB, dbLen, maskedSeed, seedLen);
mgf.GenerateAndMask(h, maskedSeed, seedLen, maskedDB, dbLen);
}
void BenchMark(const char *name, RandomNumberGenerator &rng, double timeTotal)
{
const int BUF_SIZE = 2048U;
AlignedSecByteBlock buf(BUF_SIZE);
Test::GlobalRNG().GenerateBlock(buf, BUF_SIZE);
buf.SetMark(16);
SymmetricCipher * cipher = dynamic_cast<SymmetricCipher*>(&rng);
if (cipher != NULLPTR)
{
const size_t size = cipher->DefaultKeyLength();
if (cipher->IsResynchronizable())
cipher->SetKeyWithIV(buf, size, buf+size);
else
cipher->SetKey(buf, size);
}
unsigned long long blocks = 1;
double timeTaken;
clock_t start = ::clock();
do
{
rng.GenerateBlock(buf, buf.size());
blocks++;
timeTaken = double(::clock() - start) / CLOCK_TICKS_PER_SECOND;
} while (timeTaken < timeTotal);
OutputResultBytes(name, double(blocks) * BUF_SIZE, timeTaken);
}
void PolynomialMod2::Randomize(RandomNumberGenerator &rng, size_t nbits)
{
const size_t nbytes = nbits/8 + 1;
SecByteBlock buf(nbytes);
rng.GenerateBlock(buf, nbytes);
buf[0] = (byte)Crop(buf[0], nbits % 8);
Decode(buf, nbytes);
}
EncryptParams::EncryptParams(EncryptionMode encryptMode, PaddingScheme paddingScheme, uint8_t ivLength = 0)
: m_encryptMode(encryptMode)
, m_paddingScheme(paddingScheme)
{
if (ivLength != 0){
RandomNumberGenerator rng;
m_iv.resize(ivLength);
rng.GenerateBlock(m_iv.buf(), m_iv.size());
}
}
void RSA_BlockType2::Pad(const byte *input, word32 inputLen, byte *pkcsBlock,
word32 pkcsBlockLen, RandomNumberGenerator& rng) const
{
// convert from bit length to byte length
if (pkcsBlockLen % 8 != 0)
{
pkcsBlock[0] = 0;
pkcsBlock++;
}
pkcsBlockLen /= 8;
pkcsBlock[0] = 2; // block type 2
// pad with non-zero random bytes
word32 padLen = pkcsBlockLen - inputLen - 1;
rng.GenerateBlock(&pkcsBlock[1], padLen);
for (word32 i = 1; i < padLen; i++)
if (pkcsBlock[i] == 0) pkcsBlock[i] = 0x01;
pkcsBlock[pkcsBlockLen-inputLen-1] = 0; // separator
memcpy(pkcsBlock+pkcsBlockLen-inputLen, input, inputLen);
}
void PSSR_MEM_Base::ComputeMessageRepresentative(RandomNumberGenerator &rng,
const byte *recoverableMessage, size_t recoverableMessageLength,
HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
byte *representative, size_t representativeBitLength) const
{
assert(representativeBitLength >= MinRepresentativeBitLength(hashIdentifier.second, hash.DigestSize()));
const size_t u = hashIdentifier.second + 1;
const size_t representativeByteLength = BitsToBytes(representativeBitLength);
const size_t digestSize = hash.DigestSize();
const size_t saltSize = SaltLen(digestSize);
byte *const h = representative + representativeByteLength - u - digestSize;
SecByteBlock digest(digestSize), salt(saltSize);
hash.Final(digest);
rng.GenerateBlock(salt, saltSize);
// compute H = hash of M'
byte c[8];
PutWord(false, BIG_ENDIAN_ORDER, c, (word32)SafeRightShift<29>(recoverableMessageLength));
PutWord(false, BIG_ENDIAN_ORDER, c+4, word32(recoverableMessageLength << 3));
hash.Update(c, 8);
hash.Update(recoverableMessage, recoverableMessageLength);
hash.Update(digest, digestSize);
hash.Update(salt, saltSize);
hash.Final(h);
// compute representative
GetMGF().GenerateAndMask(hash, representative, representativeByteLength - u - digestSize, h, digestSize, false);
byte *xorStart = representative + representativeByteLength - u - digestSize - salt.size() - recoverableMessageLength - 1;
xorStart[0] ^= 1;
xorbuf(xorStart + 1, recoverableMessage, recoverableMessageLength);
xorbuf(xorStart + 1 + recoverableMessageLength, salt, salt.size());
memcpy(representative + representativeByteLength - u, hashIdentifier.first, hashIdentifier.second);
representative[representativeByteLength - 1] = hashIdentifier.second ? 0xcc : 0xbc;
if (representativeBitLength % 8 != 0)
representative[0] = (byte)Crop(representative[0], representativeBitLength % 8);
}
void SimpleKeyingInterface::GetNextIV(RandomNumberGenerator &rng, byte *IV)
{
rng.GenerateBlock(IV, IVSize());
}
