Please ignore what I said in my private reply. (I didn't notice you sent a
public post as well as a private email.) That will work for the
encryption, but not the decryption. Try the attached code instead.
On Fri, Oct 15, 2004 at 12:43:06PM -1000, Mukkamala, Subbarayudu wrote:
> Hi:
> I am trying to use RSA algorithms from Crypto ++ 5.2.1 library for IPSec.
>
> I need some clarification on signature generation using RSA, interpreting the
> following from IKE standard [rfc 2409] section 5.1.
>
> -------------- RFC 2409 Section 5.1---------------------------------
> In general the signature will be over HASH_I and HASH_R as above
> using the negotiated prf, or the HMAC version of the negotiated hash
> function (if no prf is negotiated). However, this can be overridden
> for construction of the signature if the signature algorithm is tied
> to a particular hash algorithm (e.g. DSS is only defined with SHA's
> 160 bit output). In this case, the signature will be over HASH_I and
> HASH_R as above, except using the HMAC version of the hash algorithm
> associated with the signature method. The negotiated prf and hash
> function would continue to be used for all other prescribed pseudo-
> random functions.
>
> Since the hash algorithm used is already known there is no need to
> encode its OID into the signature. In addition, there is no binding
> between the OIDs used for RSA signatures in PKCS #1 and those used in
> this document. Therefore, RSA signatures MUST be encoded as a private
> key encryption in PKCS #1 format and not as a signature in PKCS #1
> format (which includes the OID of the hash algorithm). DSS signatures
> MUST be encoded as r followed by s.
> -------------- RFC 2409 Section 5.1---------------------------------
>
> I See the above to do the followign steps: See at
> http://www.netsys.com/ipsec/1998/msg00347.html
>
> - ISAKMP produces HASH_I/HASH_R however it wishes
>
> - the hash is used as input data for encryption with the RSA private key, with
> padding as required by the RSA algorithm
>
> - the (key bits) of encryption output is passed over the wire as the signature
>
> As I see RSA encryption algorithm of Crypto++ usually takes only public key, NOT
> private key except in case of RSA Signature generation.
>
> But as the spec indicates that we can not use RSA signature provided by Crypto++ as
> it encodes OID os algorithm Can you tell how to encrypt HASH_I/HASH_R with RSA
> private key using Crypto++?
>
> Please let me know.
>
> Thank You
> Subbu
>
>
template <class KEYS>
class ReverseTrapdoorFunctionPublic : public KEYS::PublicKey, public
TrapdoorFunctionInverse, public PrivateKey
{
public:
Integer CalculateInverse (RandomNumberGenerator &rng, const Integer &x) const
{return this->ApplyRandomizedFunction(rng, x);}
};
template <class KEYS>
class ReverseTrapdoorFunctionPrivate : public KEYS::PrivateKey
{
public:
Integer ApplyRandomizedFunction (RandomNumberGenerator &rng, const Integer &x)
const {return this->CalculateInverse(rng, x);}
void operator=(const ReverseTrapdoorFunctionPublic<KEYS> &) {throw
NotImplemented("ReverseTrapdoorFunctionPrivate: cannot convert a public key to a
private key");}
};
template <class KEYS>
struct ReverseKeys
{
static std::string StaticAlgorithmName() {return "Reverse" +
KEYS::StaticAlgorithmName();}
typedef ReverseTrapdoorFunctionPrivate<KEYS> PublicKey;
typedef ReverseTrapdoorFunctionPublic<KEYS> PrivateKey;
};
template <class STANDARD>
struct ReverseRSAES : public TF_ES<STANDARD, ReverseKeys<RSA> >
{
};
void Test()
{
ReverseTrapdoorFunctionPrivate<RSA> priv;
priv.Initialize(GlobalRNG(), 512);
ReverseTrapdoorFunctionPublic<RSA> pub;
pub.AssignFrom(priv);
ReverseRSAES<PKCS1v15>::Encryptor e(priv);
ReverseRSAES<PKCS1v15>::Decryptor d(pub);
SecByteBlock ciphertext(e.FixedCiphertextLength()),
plaintext(e.FixedMaxPlaintextLength());
e.Encrypt(GlobalRNG(), (byte *)"test", 4, ciphertext);
d.Decrypt(GlobalRNG(), ciphertext, ciphertext.size(), plaintext);
}
