HI
I have some problem while using the ReverseRSAES that was sent to me in
the last reply.
I am able to decrypt the the message encrypted by Crypto++
ReverseRSAES<PKCS1v15>::Encryptor,
But when I try to decrypt the message from Cisico router, it failed.
I tried the same with SSL RSA_public_decrypt function, and it succeeded.
I am copying the the code and output for both Crypto++ and SSL. Please
help me to find the problem with this.
Thank You
Subbu
-----Original Message-----
From: Wei Dai [mailto:[EMAIL PROTECTED]
Sent: Friday, October 15, 2004 10:57 PM
To: [EMAIL PROTECTED]
Subject: Re: ISAKMP HASH_I/HASH_R encryption with RSA Private key
Please ignore what I said in my private reply. (I didn't notice you sent
a
public post as well as a private email.) That will work for the
encryption, but not the decryption. Try the attached code instead.
On Fri, Oct 15, 2004 at 12:43:06PM -1000, Mukkamala, Subbarayudu wrote:
> Hi:
> I am trying to use RSA algorithms from Crypto ++ 5.2.1 library for
IPSec.
>
> I need some clarification on signature generation using RSA,
interpreting the following from IKE standard [rfc 2409] section 5.1.
>
> -------------- RFC 2409 Section 5.1---------------------------------
> In general the signature will be over HASH_I and HASH_R as above
> using the negotiated prf, or the HMAC version of the negotiated
hash
> function (if no prf is negotiated). However, this can be overridden
> for construction of the signature if the signature algorithm is
tied
> to a particular hash algorithm (e.g. DSS is only defined with SHA's
> 160 bit output). In this case, the signature will be over HASH_I
and
> HASH_R as above, except using the HMAC version of the hash
algorithm
> associated with the signature method. The negotiated prf and hash
> function would continue to be used for all other prescribed pseudo-
> random functions.
>
> Since the hash algorithm used is already known there is no need to
> encode its OID into the signature. In addition, there is no binding
> between the OIDs used for RSA signatures in PKCS #1 and those used
in
> this document. Therefore, RSA signatures MUST be encoded as a
private
> key encryption in PKCS #1 format and not as a signature in PKCS #1
> format (which includes the OID of the hash algorithm). DSS
signatures
> MUST be encoded as r followed by s.
> -------------- RFC 2409 Section 5.1---------------------------------
>
> I See the above to do the followign steps: See at
http://www.netsys.com/ipsec/1998/msg00347.html
>
> - ISAKMP produces HASH_I/HASH_R however it wishes
>
> - the hash is used as input data for encryption with the RSA private
key, with padding as required by the RSA algorithm
>
> - the (key bits) of encryption output is passed over the wire as the
signature
>
> As I see RSA encryption algorithm of Crypto++ usually takes only
public key, NOT private key except in case of RSA Signature generation.
>
> But as the spec indicates that we can not use RSA signature provided
by Crypto++ as it encodes OID os algorithm Can you tell how to encrypt
HASH_I/HASH_R with RSA private key using Crypto++?
>
> Please let me know.
>
> Thank You
> Subbu
>
>
Public Key from the Cisco Router:
305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C9303D D58D4EE0
12445584 3EB615F8 5CF79695 A2C3DC56 0249683D E63FF490 4CF4FAB0 5F3F109E
6BFAA619 A3BBA368 E745BC58 015EEF04 639D7CB2 930BFCEE 11020301 0001
Encrypted Text:
133BAE7964AF3E65377DFDB2F9DB7078DED219D8C56020333134EBF5689CF729D9E7C296F88ABF2F48322B68AF7588F3669F7644B84C5B4BF5F5419B97AFF60C
Crypto++ Code
INT32 MyRSADecryptor2(const char *pubFilename, char *ciphertext, char *result_str)
{
DecodingResult isValid;
try
{
std::string timeSeed;
timeSeed = IntToString(time(NULL));
const char* seed = timeSeed.c_str();
RandomPool randPool;
randPool.Put((byte *)seed, strlen(seed));
cout << "Using seed: " << seed << endl << endl;
// GlobalRNG().Put((const byte *)seed, strlen(seed));
FileSource pubFile(pubFilename, true, new HexDecoder);
ReverseTrapdoorFunctionPublic<RSA> pub;
pub.BERDecode(pubFile);
ReverseRSAES<PKCS1v15>::Decryptor d(pub);
string result;
StringSource(ciphertext, true, new HexDecoder(new
PK_DecryptorFilter(randPool, d, new StringSink(result))));
strcpy (result_str, result.c_str());
}
catch(CryptoPP::Exception &e)
{
cout << "\nCryptoPP::Exception caught: " << e.what() << endl;
return -1;
}
return 1;
}
Crypto++ Output:
CryptoPP::Exception caught: ReverseRSA/EME-PKCS1-v1_5: invalid ciphertext
SSL: Code
static int CiscoKey(RSA *key)
{
static unsigned char n[] =
"\x00\xC9\x30\x3D\xD5\x8D\x4E\xE0\x12\x44\x55\x84\x3E\xB6\x15\xF8\x5C\xF7\x96\x95\xA2\xC3\xDC\x56\x02\x49\x68\x3D\xE6\x3F\xF4\x90\x4C\xF4\xFA\xB0\x5F\x3F\x10\x9E\x6B\xFA\xA6\x19\xA3\xBB\xA3\x68\xE7\x45\xBC\x58\x01\x5E\xEF\x04\x63\x9D\x7C\xB2\x93\x0B\xFC\xEE\x11";
static unsigned char e[] = "\x01\x00\x01";
key->n = BN_bin2bn(n, sizeof(n)-1, key->n);
key->e = BN_bin2bn(e, sizeof(e)-1, key->e);
}
key = RSA_new();
CiscoKey(key);
RSA_public_decrypt(clen, ctext, ptext, key, padding);
SSL Output:
SSL RSA_public_decrypt(clen, ctext, ptext, key, RSA_PKCS1_PADDING); Output:
9E D7 8A 52 29 9A 84 5A 00 51 A5 69 D7 FA 3D C7
SSL RSA_public_decrypt(clen, ctext, ptext, key, RSA_NO_PADDING); Output:
00 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 9E D7 8A 52 29 9A
84 5A 00 51 A5 69 D7 FA 3D C7
