Using the str and num Classes

This section contains several examples that illustrate how the CDK can be used to perform various data type conversions and other related tasks.


Converting Between cdk::str and cdk::num

The cdk::str and cdk::num classes play a major role in the CDK. cdk::str objects provide both storage and data manipulation functions, including many of the features found in C++'s STL string class, while class cdk::num provides high-precision arithmetic. The two classes have been optimized to work together and conversions between objects of the two types have been made quite simple. That a cdk::str object can simply be cast into a cdk::num illustrates the close synergy between these classes.

For example, the code listing below creates a PKCS #10 PDU by calling cdk::Key::asn1sign() and that method requires a random cdk::num input (for non-deterministic signature schemes). To obtain this input, it is simplest to apply the convenient cast to the output of cdk::getrand2():

// generate a new RSA key pair
cdk::Key k;
k.hashtype = hSHA1;
k.RSAkeygen(cdk::getrand2(80));

// extract the algorithm ID and public key
cdk::str algID = k.asn1parameters(1,0);
cdk::str pubkey = k.asn1public();

// create an unsigned PKCS #10 certificate request
cdk::DName dn;
dn.cname = "John Doe";
cdk::str tbsP10 = makep10raw(dn.toasn1(), algID, pubkey, "");

// sign the PKCS #10 request
cdk::str p10;
int i = k.asn1sign(tbsP10, num(cdk::getrand2(80)), p10);
// i > 0 indicates an error

Conversely, to convert a cdk::num object into one of type cdk::str, one can simply apply the cdk::num::tostr() method.


Encoding and Decoding Strings

To hex-encode a binary string (with a leading '0x' prepended to the output):

cdk::str hexStr = binStr.tohex(1);

To hex-encode a binary string (without a leading '0x'):

cdk::str hexStr = binStr.tohex(0);

To decode (or parse) a hex-encoded string to binary:

cdk::str binStr = cdk::hex("0x0FAC0900AA");

To decode a base64-encoded string to binary

cdk::str b64Str = "D6wJAKo=";
cdk::str binStr = b64Str.tobin64();

To base64-encode an octet string according to RFC 1113 and RFC 1421:

b64Str = binStr.tobase64(1);

This method, known as "PEM encoding" or "printable encoding," is the most popular form of encapsulating a base64-encoded octet string and is recommended for most applications.

To base64-encode an octet string without the RFC 1113 padding:

b64Str = binStr.tobase64(0);


Arithmetic in Galois Fields

To instantiate and operate on elements of a finite field, first encode the irreducible polynomial with respect to which field elements are to be represented. For example, let f = x^128 + x^7 + x^2 + x + 1 be the irreducble polynomial over GF(2) used to represent elements of GF(2^128) in the specification of the GHASH function used in AES-GCM. We encode f into an object of class num (for use as the class FParms parameters of field elements) as follows:

static num f(hex("0100000000000000000000000000000087"));

Two 16-byte/128-bit octet strings A and B presented as in NIST SP-800-38D can then be made into field elements (after a careful bit-reversal) in this way:

num a = num(str(16,A)).mod(R,128), b = num(str(16,B)).mod(R,128);

To multply A by B and store the product in a 16-byte octet string C, we use the following code:

a = a * b;
a.fix();
char C[16]; memcpy(C,a.tostr(16).rawptr(),16);


The next topic is Processing X.509v3 Certificates and CRLs.


ISC Cryptographic Development Kit - User's Guide
ISC website
Questions? E-mail ISC technical support
Copyright© 2002-2006 Information Security Corp. All rights reserved.