Hey Jeffrey, if this is the patch actually being available on the wiki it shouldn't be a problem. It doesn't remove features and doesn't break compability hence it should be fine.
In fact I already merged it into CryptoJPM as part of the very first changes. Now as you seem wiling to touch ecies.h, may I propose changing our ECIES class? I've already done it in my fork and all I'm proposing is to change the template parameters for ECIES, such that: Compability isn't broken, meaning old defaults need to be "defaulted" via "class Hash = SHA1" style. The user can actually select the hash function and (for non BC cases) is not forced to use SHA-1. It may also be possible to allow usage of "own" KDFs, currently P13663_KDF2 is enforced. BR JPM Am 17.06.2015 um 14:53 schrieb Jeffrey Walton: > Hi Everyone, > > Back in April 2013, Jesse Wilson and Daniele Perito offered a patch to > unconditionally patch Crypto++ to use Bouncy Castle's algorithm for > ECIES. See "Problem with the way gfpcrypt HMAC's the encoding > parameters' length in DHAES_MODE", > https://groups.google.com/d/msg/cryptopp-users/vR8GSL8wxPA/Bf9koUDyZ88J. > > The community offered a comparable patch that preserved existing > library behavior and provided the interop via a ECIES_BC class. The > changes for ECIES_BC are shown below. > > I'd like to open comments on the patch below, and get it committed if > there are no objections. > > Jeff > > $ cat ecies_bc.diff > diff --git a/eccrypto.h b/eccrypto.h > index 9261296..611e65e 100644 > --- a/eccrypto.h > +++ b/eccrypto.h > @@ -252,6 +252,20 @@ struct ECIES > static std::string CRYPTOPP_API StaticAlgorithmName() {return > "ECIES";}// TODO: fix this after name is standardized > }; > > +// Set DHAES_MODE=true and BC_COMPAT=true for interop'ing with Bouncy > Castle. > +// See > https://groups.google.com/d/msg/cryptopp-users/vR8GSL8wxPA/Bf9koUDyZ88J. > +template <class EC, class COFACTOR_OPTION = NoCofactorMultiplication> > +struct ECIES_BC > + : public DL_ES< > + DL_Keys_EC<EC>, > + DL_KeyAgreementAlgorithm_DH<typename EC::Point, COFACTOR_OPTION>, > + DL_KeyDerivationAlgorithm_P1363<typename EC::Point, true > /*DHAES_MODE*/, P1363_KDF2<SHA1> >, > + DL_EncryptionAlgorithm_Xor<HMAC<SHA1>, true /*DHAES_MODE*/, > true /*BC_COMPAT*/>, > + ECIES_BC<EC> > > +{ > + static std::string CRYPTOPP_API StaticAlgorithmName() {return > "ECIES-BC";} // TODO: fix this after name is standardized > +}; > + > NAMESPACE_END > > #ifdef CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES > diff --git a/gfpcrypt.h b/gfpcrypt.h > index 7af993f..bce898c 100644 > --- a/gfpcrypt.h > +++ b/gfpcrypt.h > @@ -408,7 +408,9 @@ CRYPTOPP_DLL_TEMPLATE_CLASS > DL_PrivateKey_GFP<DL_GroupParameters_DSA>; > CRYPTOPP_DLL_TEMPLATE_CLASS > DL_PrivateKey_WithSignaturePairwiseConsistencyTest<DL_PrivateKey_GFP<DL_GroupParameters_DSA>, > DSA2<SHA> >; > > //! the XOR encryption method, for use with DL-based cryptosystems > -template <class MAC, bool DHAES_MODE> > +// Set BC_COMPAT=true if interop'ing with Bouncy Castle. Thanks to > Jesse Wilson and Daniele Perito. > +// See > https://groups.google.com/d/msg/cryptopp-users/vR8GSL8wxPA/Bf9koUDyZ88J. > +template <class MAC, bool DHAES_MODE, bool BC_COMPAT = false> > class DL_EncryptionAlgorithm_Xor : public DL_SymmetricEncryptionAlgorithm > { > public: > @@ -442,9 +444,17 @@ public: > mac.Update(encodingParameters.begin(), > encodingParameters.size()); > if (DHAES_MODE) > { > - byte L[8] = {0,0,0,0}; > - PutWord(false, BIG_ENDIAN_ORDER, L+4, > word32(encodingParameters.size())); > - mac.Update(L, 8); > + if (BC_COMPAT) { > + byte L[4]; > + PutWord(false, BIG_ENDIAN_ORDER, L, word32(8 * > encodingParameters.size())); > + mac.Update(L, 4); > + } > + else > + { > + byte L[8] = {0,0,0,0}; > + PutWord(false, BIG_ENDIAN_ORDER, L+4, > word32(encodingParameters.size())); > + mac.Update(L, 8); > + } > } > mac.Final(ciphertext + plaintextLength); > } > @@ -471,9 +481,17 @@ public: > mac.Update(encodingParameters.begin(), > encodingParameters.size()); > if (DHAES_MODE) > { > - byte L[8] = {0,0,0,0}; > - PutWord(false, BIG_ENDIAN_ORDER, L+4, > word32(encodingParameters.size())); > - mac.Update(L, 8); > + if (BC_COMPAT) { > + byte L[4]; > + PutWord(false, BIG_ENDIAN_ORDER, L, word32(8 * > encodingParameters.size())); > + mac.Update(L, 4); > + } > + else > + { > + byte L[8] = {0,0,0,0}; > + PutWord(false, BIG_ENDIAN_ORDER, L+4, > word32(encodingParameters.size())); > + mac.Update(L, 8); > + } > } > if (!mac.Verify(ciphertext + plaintextLength)) > return DecodingResult(); > -- > -- > You received this message because you are subscribed to the "Crypto++ > Users" Google Group. > To unsubscribe, send an email to > [email protected]. > More information about Crypto++ and this group is available at > http://www.cryptopp.com. > --- > You received this message because you are subscribed to the Google > Groups "Crypto++ Users" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] > <mailto:[email protected]>. > For more options, visit https://groups.google.com/d/optout. -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
smime.p7s
Description: S/MIME Cryptographic Signature
