tags:

views:

117

answers:

6
+7  Q: 

Tiny asymmetric cipher implementation to validate download

To allow a small C++ application to update itself at clients connected over the internet, I am in need of a mechanism that validates the download based on a public key. Algorithms such as DSA or RSA seem to be able to do this nicely.

However, looking at well-known available libraries for this (Crypto++, LibTomCrypt) they all end up making my binary > 500k larger, while it seems to me such logic can be implemented in a couple of k. Are there any libraries that implement RSA/DSA hash verification in a, say, <20k footprint?

+1  A: 

If you are windows only you may be able to link against the windows Crypto API as long as your apps are deployed on win2k or greater. Windows Crypto MSDN article.

EDIT: Another possible solution, if you just need to verify the the download did not get corrupted a quick bit of googleing found the source to this small implementation of MD5. according to the read-me at the top 3k of object code compiled.

Scott Chamberlain  2010-07-21 18:38:31
MD5 is essentially deprecated by serious cryptographers, SHA-1 is probably a better choice.
jsl4tv  2010-07-21 20:57:40
MD5 is absolute overkill for detecting corruption, CRC64 is probably a better choice.
GregS  2010-07-22 00:56:54
A: 

In http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.143.3049&amp;rep=rep1&amp;type=pdf an elliptic curve library is described which according to the authors can be configured to need only about 7k ROM and below 200 bytes of RAM on a microcontroller

Peter G.  2010-07-21 18:41:04
+1  A: 

Do you really need ciphers ? Generally, to validate a download, you can use a hash function like MD5 or SHA. Maybe you can find a small library using these.

Either way, you can try the openssl library. However the .a on my machine is about 400K and 250K stripped.

Scharron  2010-07-21 19:01:05
The whole point is not to verify the download on whether the bytes are in the right order, but to verify its authenticity and to prevent someone on the same network segment from forcing an update with a malicious binary.
 2010-07-23 09:12:41
A: 

I think you might find that the MIRACL library meets your needs.

GregS  2010-07-22 00:59:49
A: 

checksums can easily handle validation jobs like these.

d-live  2010-07-22 09:11:54
The whole point is not to verify the download on whether the bytes are in the right order, but to verify its authenticity and to prevent someone on the same network segment from forcing an update with a malicious binary.
 2010-07-23 09:13:22
+1  A: 

Since I found no libraries that fitted my specific need, I whipped up my own library for this: http://github.com/ImplicitLink/dsa_verify. The current implementation has a ~50k footprint of program memory, mainly due to the included bignum math lib, but future versions may be stripped even more.

 2010-07-23 09:15:40

related questions

Of Memory Management, Heap Corruption, and C++
How do I make a GUI?
Alpha blending sprites in Nintendo DS Homebrew
Thread safe lazy contruction of a singleton in C++
Interview Programming Questions - In house Exam
Link issues (VC6)
What are the barriers to understanding pointers and what can be done to overcome them?
Why are professors or schools picking Java over C++ to teach to students?
What is the best way to create a sparse array in C++
C/C++ library for reading MIDI signals from a USB MIDI device
How do you pack a visual studio c++ project for release?
How to set up unit testing for Visual Studio C++
How do I configure and communicate with a serial port?
Lightweight IDE for Linux
Mapping Stream data to data structures in C#
CPU throttling in C++
Asynchronous multi-direction server-client communication over the same open socket?
Exceptions in C++
Heap corruption under Win32; how to locate?
Build for Windows NT 4.0 using Visual Studio 2005?
C++: Should I use nested classes in this case?
BerkeleyDB Concurrency
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS