void DL_GroupParameters_DSA::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg) { Integer p, q, g; if (alg.GetValue("Modulus", p) && alg.GetValue("SubgroupGenerator", g)) { q = alg.GetValueWithDefault("SubgroupOrder", ComputeGroupOrder(p)/2); } else { int modulusSize = 1024; alg.GetIntValue("ModulusSize", modulusSize) || alg.GetIntValue("KeySize", modulusSize); if (!DSA::IsValidPrimeLength(modulusSize)) throw InvalidArgument("DSA: not a valid prime length"); SecByteBlock seed(SHA::DIGESTSIZE); Integer h; int c; do { rng.GenerateBlock(seed, SHA::DIGESTSIZE); } while (!DSA::GeneratePrimes(seed, SHA::DIGESTSIZE*8, c, p, modulusSize, q)); do { h.Randomize(rng, 2, p-2); g = a_exp_b_mod_c(h, (p-1)/q, p); } while (g <= 1); } Initialize(p, q, g); }
void OAEP_Base::Pad(RandomNumberGenerator &rng, const byte *input, size_t inputLength, byte *oaepBlock, size_t oaepBlockLen, const NameValuePairs ¶meters) const { CRYPTOPP_ASSERT (inputLength <= MaxUnpaddedLength(oaepBlockLen)); using CryptoPP::auto_ptr; auto_ptr<HashTransformation> pHash(NewHash()); // convert from bit length to byte length if (oaepBlockLen % 8 != 0) { oaepBlock[0] = 0; oaepBlock++; } oaepBlockLen /= 8; const size_t hLen = pHash->DigestSize(); const size_t seedLen = hLen, dbLen = oaepBlockLen-seedLen; byte *const maskedSeed = oaepBlock; byte *const maskedDB = oaepBlock+seedLen; ConstByteArrayParameter encodingParameters; parameters.GetValue(Name::EncodingParameters(), encodingParameters); // DB = pHash || 00 ... || 01 || M pHash->CalculateDigest(maskedDB, encodingParameters.begin(), encodingParameters.size()); memset(maskedDB+hLen, 0, dbLen-hLen-inputLength-1); maskedDB[dbLen-inputLength-1] = 0x01; memcpy(maskedDB+dbLen-inputLength, input, inputLength); auto_ptr<MaskGeneratingFunction> pMGF(NewMGF()); rng.GenerateBlock(maskedSeed, seedLen); pMGF->GenerateAndMask(*pHash, maskedDB, dbLen, maskedSeed, seedLen); pMGF->GenerateAndMask(*pHash, maskedSeed, seedLen, maskedDB, dbLen); }
void OAEP<H,MGF,P,PLen>::Pad(RandomNumberGenerator &rng, const byte *input, unsigned int inputLength, byte *oaepBlock, unsigned int oaepBlockLen) const { assert (inputLength <= MaxUnpaddedLength(oaepBlockLen)); // convert from bit length to byte length if (oaepBlockLen % 8 != 0) { oaepBlock[0] = 0; oaepBlock++; } oaepBlockLen /= 8; const unsigned int hLen = H::DIGESTSIZE; const unsigned int seedLen = hLen, dbLen = oaepBlockLen-seedLen; byte *const maskedSeed = oaepBlock; byte *const maskedDB = oaepBlock+seedLen; // DB = pHash || 00 ... || 01 || M memcpy(maskedDB, PHash<H,P,PLen>(), hLen); memset(maskedDB+hLen, 0, dbLen-hLen-inputLength-1); maskedDB[dbLen-inputLength-1] = 0x01; memcpy(maskedDB+dbLen-inputLength, input, inputLength); rng.GenerateBlock(maskedSeed, seedLen); H h; MGF mgf; mgf.GenerateAndMask(h, maskedDB, dbLen, maskedSeed, seedLen); mgf.GenerateAndMask(h, maskedSeed, seedLen, maskedDB, dbLen); }
void BenchMark(const char *name, RandomNumberGenerator &rng, double timeTotal) { const int BUF_SIZE = 2048U; AlignedSecByteBlock buf(BUF_SIZE); Test::GlobalRNG().GenerateBlock(buf, BUF_SIZE); buf.SetMark(16); SymmetricCipher * cipher = dynamic_cast<SymmetricCipher*>(&rng); if (cipher != NULLPTR) { const size_t size = cipher->DefaultKeyLength(); if (cipher->IsResynchronizable()) cipher->SetKeyWithIV(buf, size, buf+size); else cipher->SetKey(buf, size); } unsigned long long blocks = 1; double timeTaken; clock_t start = ::clock(); do { rng.GenerateBlock(buf, buf.size()); blocks++; timeTaken = double(::clock() - start) / CLOCK_TICKS_PER_SECOND; } while (timeTaken < timeTotal); OutputResultBytes(name, double(blocks) * BUF_SIZE, timeTaken); }
void PolynomialMod2::Randomize(RandomNumberGenerator &rng, size_t nbits) { const size_t nbytes = nbits/8 + 1; SecByteBlock buf(nbytes); rng.GenerateBlock(buf, nbytes); buf[0] = (byte)Crop(buf[0], nbits % 8); Decode(buf, nbytes); }
EncryptParams::EncryptParams(EncryptionMode encryptMode, PaddingScheme paddingScheme, uint8_t ivLength = 0) : m_encryptMode(encryptMode) , m_paddingScheme(paddingScheme) { if (ivLength != 0){ RandomNumberGenerator rng; m_iv.resize(ivLength); rng.GenerateBlock(m_iv.buf(), m_iv.size()); } }
void RSA_BlockType2::Pad(const byte *input, word32 inputLen, byte *pkcsBlock, word32 pkcsBlockLen, RandomNumberGenerator& rng) const { // convert from bit length to byte length if (pkcsBlockLen % 8 != 0) { pkcsBlock[0] = 0; pkcsBlock++; } pkcsBlockLen /= 8; pkcsBlock[0] = 2; // block type 2 // pad with non-zero random bytes word32 padLen = pkcsBlockLen - inputLen - 1; rng.GenerateBlock(&pkcsBlock[1], padLen); for (word32 i = 1; i < padLen; i++) if (pkcsBlock[i] == 0) pkcsBlock[i] = 0x01; pkcsBlock[pkcsBlockLen-inputLen-1] = 0; // separator memcpy(pkcsBlock+pkcsBlockLen-inputLen, input, inputLen); }
void PSSR_MEM_Base::ComputeMessageRepresentative(RandomNumberGenerator &rng, const byte *recoverableMessage, size_t recoverableMessageLength, HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, byte *representative, size_t representativeBitLength) const { assert(representativeBitLength >= MinRepresentativeBitLength(hashIdentifier.second, hash.DigestSize())); const size_t u = hashIdentifier.second + 1; const size_t representativeByteLength = BitsToBytes(representativeBitLength); const size_t digestSize = hash.DigestSize(); const size_t saltSize = SaltLen(digestSize); byte *const h = representative + representativeByteLength - u - digestSize; SecByteBlock digest(digestSize), salt(saltSize); hash.Final(digest); rng.GenerateBlock(salt, saltSize); // compute H = hash of M' byte c[8]; PutWord(false, BIG_ENDIAN_ORDER, c, (word32)SafeRightShift<29>(recoverableMessageLength)); PutWord(false, BIG_ENDIAN_ORDER, c+4, word32(recoverableMessageLength << 3)); hash.Update(c, 8); hash.Update(recoverableMessage, recoverableMessageLength); hash.Update(digest, digestSize); hash.Update(salt, saltSize); hash.Final(h); // compute representative GetMGF().GenerateAndMask(hash, representative, representativeByteLength - u - digestSize, h, digestSize, false); byte *xorStart = representative + representativeByteLength - u - digestSize - salt.size() - recoverableMessageLength - 1; xorStart[0] ^= 1; xorbuf(xorStart + 1, recoverableMessage, recoverableMessageLength); xorbuf(xorStart + 1 + recoverableMessageLength, salt, salt.size()); memcpy(representative + representativeByteLength - u, hashIdentifier.first, hashIdentifier.second); representative[representativeByteLength - 1] = hashIdentifier.second ? 0xcc : 0xbc; if (representativeBitLength % 8 != 0) representative[0] = (byte)Crop(representative[0], representativeBitLength % 8); }
void SimpleKeyingInterface::GetNextIV(RandomNumberGenerator &rng, byte *IV) { rng.GenerateBlock(IV, IVSize()); }