如何将已完全散列的menezes-qu-vanstone(fhmqv)的补丁应用于已从Ubuntu存储库安装的crypto ++
[英]How to apply the patch for fully hashed menezes-qu-vanstone (fhmqv) to crypto++ that has been installed from the Ubuntu repository
问题描述
I want to use Elliptic Curve Diffie-Hellman (ECDH) key exchange protocol for a key agreement process. 
我想将椭圆曲线Diffie-Hellman(ECDH)密钥交换协议用于密钥协商过程。 It is already implemented in crypto++ library and I wanted to utilize it. 它已经在crypto ++库中实现,我想利用它。 I have already installed crypto++ (by typing sudo apt-get... command in a terminal) but since traditional ECDH is vulnerable to man-in-the-middle attack. 我已经安装了crypto ++(通过在终端中键入sudo apt-get ...命令),但是由于传统的ECDH容易受到中间人攻击。
I want to use fully hashed menezes-qu-vanstone protocol. 我想使用完全散列的menezes-qu-vanstone协议。 Although it is implemented for crypto++ it is not in the main stream so I need to patch it. 尽管它是为crypto ++实现的,但它不在主流中,因此我需要对其进行修补。 There is an explanation here but it is for those who built the library from the source code. 这里有一个解释,但这是针对那些从源代码构建库的人的。
Is there anyone who knows how to apply this patch to crypto++ that has been installed from Ubuntu repository? 有谁知道如何将此修补程序应用于从Ubuntu存储库安装的crypto ++? I am using Ubuntu 15. 我正在使用Ubuntu 15。
1 个解决方案
解决方案1
1 已采纳 2015-12-16 04:31:11
but since traditional ECDH is vulnerable to man-in-the-middle attack.
What others often do is to pair ECDH with a signature scheme. 其他人通常要做的是将ECDH与签名方案配对。 For example, TLS uses ECDH with a scheme like RSA or ECDSA. 例如,TLS将ECDH与RSA或ECDSA之类的方案一起使用。
I'm not saying you should do it; 我并不是说您应该这样做; I'm only letting you know what others are doing. 我只是让你知道别人在做什么。
it is not in the main stream so I need to patch it...
We will be adding HMQV and FHMQV at the next release. 在下一个版本中,我们将添加HMQV和FHMQV。 The next release will be happening in the next couple of months. 下一个版本将在未来几个月内发布。
Is there anyone who knows how to apply this patch to crypto++ that has been installed from Ubuntu repository?
The easiest thing to do would be to probably be to build a new version of the library, and then install it into /usr/local . 最简单的操作可能是构建该库的新版本,然后将其安装到/usr/local 。 I presume you know how to download and patch. 我想您知道如何下载和打补丁。 To build and install: 要构建和安装:
# Crypto++ build directory
...
make static dynamic cryptest.exe
sudo make install PREFIX=/usr/local
You might be able to patch Ubuntu version because FHMQV is mostly a header-only implementation. 您可能可以修补Ubuntu版本,因为FHMQV主要是仅标头的实现。 However, cryptest.exe will not have the validation stuff included. 但是, cryptest.exe将不包含验证内容。 You really need to build the library for it. 您确实需要为其构建库。
Download the patch and perform the following. 下载补丁程序并执行以下操作。 fhmqv.h is the "meat and potatoes" of the patch. fhmqv.h是补丁的“肉和土豆”。
sudo cp fhmqv.h /usr/include/cryptopp
You also need to add the following to eccrypto.h . 您还需要将以下内容添加到eccrypto.h 。 Start by opening the file with privileges (ie, sudo emacs /usr/include/cryptopp/eccrypto.h ). 首先使用特权打开文件(即sudo emacs /usr/include/cryptopp/eccrypto.h )。
Then, add this to the top of eccrypto.h : 然后,将其添加到eccrypto.h的顶部:
#include "fhmqv.h"
And add this to the bottom of eccrypto.h : 并将其添加到eccrypto.h的底部:
//! Fully Hashed Menezes-Qu-Vanstone in GF(p) with key validation,
/*! <a href="http://eprint.iacr.org/2009/408">A Secure and Efficient Authenticated DiffieHellman Protocol</a>
Note: this is FHMQV, Protocol 5, from page 11; and not FHMQV-C.
*/
template <class EC, class COFACTOR_OPTION = CPP_TYPENAME DL_GroupParameters_EC<EC>::DefaultCofactorOption, class HASH = SHA256>
struct FHMQV
{
typedef FHMQV_Domain<DL_GroupParameters_EC<EC>, COFACTOR_OPTION, HASH> Domain;
};
Most of the other stuff in the DIFF file is not needed, like the changes to wait.h and wait.cpp . 不需要DIFF文件中的大多数其他内容,例如对wait.h和wait.cpp的更改。 It was added to address outstanding bugs. 它被添加来解决未解决的错误。 The bugs were cleared at Crypto++ 5.6.3. 这些错误已在Crypto ++ 5.6.3中清除。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.