Hi Everyone,
Back in April 2013, Jesse Wilson and Daniele Perito offered a patch to
unconditionally patch Crypto++ to use Bouncy Castle's algorithm for ECIES.
See "Problem with the way gfpcrypt HMAC's the encoding parameters' length
in DHAES_MODE",
https://groups.google.com/d/msg/cryptopp-users/vR8GSL8wxPA/Bf9koUDyZ88J.
The community offered a comparable patch that preserved existing library
behavior and provided the interop via a ECIES_BC class. The changes for
ECIES_BC are shown below.
I'd like to open comments on the patch below, and get it committed if there
are no objections.
Jeff
$ cat ecies_bc.diff
diff --git a/eccrypto.h b/eccrypto.h
index 9261296..611e65e 100644
--- a/eccrypto.h
+++ b/eccrypto.h
@@ -252,6 +252,20 @@ struct ECIES
static std::string CRYPTOPP_API StaticAlgorithmName() {return
"ECIES";}// TODO: fix this after name is standardized
};
+// Set DHAES_MODE=true and BC_COMPAT=true for interop'ing with Bouncy
Castle.
+// See
https://groups.google.com/d/msg/cryptopp-users/vR8GSL8wxPA/Bf9koUDyZ88J.
+template <class EC, class COFACTOR_OPTION = NoCofactorMultiplication>
+struct ECIES_BC
+ : public DL_ES<
+ DL_Keys_EC<EC>,
+ DL_KeyAgreementAlgorithm_DH<typename EC::Point, COFACTOR_OPTION>,
+ DL_KeyDerivationAlgorithm_P1363<typename EC::Point, true
/*DHAES_MODE*/, P1363_KDF2<SHA1> >,
+ DL_EncryptionAlgorithm_Xor<HMAC<SHA1>, true /*DHAES_MODE*/, true
/*BC_COMPAT*/>,
+ ECIES_BC<EC> >
+{
+ static std::string CRYPTOPP_API StaticAlgorithmName() {return
"ECIES-BC";} // TODO: fix this after name is standardized
+};
+
NAMESPACE_END
#ifdef CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES
diff --git a/gfpcrypt.h b/gfpcrypt.h
index 7af993f..bce898c 100644
--- a/gfpcrypt.h
+++ b/gfpcrypt.h
@@ -408,7 +408,9 @@ CRYPTOPP_DLL_TEMPLATE_CLASS
DL_PrivateKey_GFP<DL_GroupParameters_DSA>;
CRYPTOPP_DLL_TEMPLATE_CLASS
DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_GFP<DL_GroupParameters_DSA>,
DSA2<SHA> >;
//! the XOR encryption method, for use with DL-based cryptosystems
-template <class MAC, bool DHAES_MODE>
+// Set BC_COMPAT=true if interop'ing with Bouncy Castle. Thanks to Jesse
Wilson and Daniele Perito.
+// See
https://groups.google.com/d/msg/cryptopp-users/vR8GSL8wxPA/Bf9koUDyZ88J.
+template <class MAC, bool DHAES_MODE, bool BC_COMPAT = false>
class DL_EncryptionAlgorithm_Xor : public DL_SymmetricEncryptionAlgorithm
{
public:
@@ -442,9 +444,17 @@ public:
mac.Update(encodingParameters.begin(), encodingParameters.size());
if (DHAES_MODE)
{
- byte L[8] = {0,0,0,0};
- PutWord(false, BIG_ENDIAN_ORDER, L+4,
word32(encodingParameters.size()));
- mac.Update(L, 8);
+ if (BC_COMPAT) {
+ byte L[4];
+ PutWord(false, BIG_ENDIAN_ORDER, L, word32(8 *
encodingParameters.size()));
+ mac.Update(L, 4);
+ }
+ else
+ {
+ byte L[8] = {0,0,0,0};
+ PutWord(false, BIG_ENDIAN_ORDER, L+4,
word32(encodingParameters.size()));
+ mac.Update(L, 8);
+ }
}
mac.Final(ciphertext + plaintextLength);
}
@@ -471,9 +481,17 @@ public:
mac.Update(encodingParameters.begin(), encodingParameters.size());
if (DHAES_MODE)
{
- byte L[8] = {0,0,0,0};
- PutWord(false, BIG_ENDIAN_ORDER, L+4,
word32(encodingParameters.size()));
- mac.Update(L, 8);
+ if (BC_COMPAT) {
+ byte L[4];
+ PutWord(false, BIG_ENDIAN_ORDER, L, word32(8 *
encodingParameters.size()));
+ mac.Update(L, 4);
+ }
+ else
+ {
+ byte L[8] = {0,0,0,0};
+ PutWord(false, BIG_ENDIAN_ORDER, L+4,
word32(encodingParameters.size()));
+ mac.Update(L, 8);
+ }
}
if (!mac.Verify(ciphertext + plaintextLength))
return DecodingResult();
--
--
You received this message because you are subscribed to the "Crypto++ Users"
Google Group.
To unsubscribe, send an email to [email protected].
More information about Crypto++ and this group is available at
http://www.cryptopp.com.
---
You received this message because you are subscribed to the Google Groups
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
