Crypto++  5.6.4
Free C++ class library of cryptographic schemes
validat2.cpp
1 // validat2.cpp - written and placed in the public domain by Wei Dai
2 
3 #include "pch.h"
4 
5 #define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1
6 
7 #include "cryptlib.h"
8 #include "pubkey.h"
9 #include "gfpcrypt.h"
10 #include "eccrypto.h"
11 #include "blumshub.h"
12 #include "filters.h"
13 #include "files.h"
14 #include "rsa.h"
15 #include "md2.h"
16 #include "elgamal.h"
17 #include "nr.h"
18 #include "dsa.h"
19 #include "dh.h"
20 #include "mqv.h"
21 #include "hmqv.h"
22 #include "fhmqv.h"
23 #include "luc.h"
24 #include "xtrcrypt.h"
25 #include "rabin.h"
26 #include "rw.h"
27 #include "eccrypto.h"
28 #include "integer.h"
29 #include "gf2n.h"
30 #include "ecp.h"
31 #include "ec2n.h"
32 #include "asn.h"
33 #include "rng.h"
34 #include "hex.h"
35 #include "oids.h"
36 #include "esign.h"
37 #include "osrng.h"
38 #include "smartptr.h"
39 
40 #include <iostream>
41 #include <sstream>
42 #include <iomanip>
43 
44 #include "validate.h"
45 
46 // Aggressive stack checking with VS2005 SP1 and above.
47 #if (CRYPTOPP_MSC_VERSION >= 1410)
48 # pragma strict_gs_check (on)
49 #endif
50 
51 // Quiet deprecated warnings intended to benefit users.
52 #if CRYPTOPP_MSC_VERSION
53 # pragma warning(disable: 4996)
54 #endif
55 
56 #if CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE
57 # pragma GCC diagnostic ignored "-Wdeprecated-declarations"
58 #endif
59 
60 USING_NAMESPACE(CryptoPP)
61 USING_NAMESPACE(std)
62 
64 {
65 public:
66  FixedRNG(BufferedTransformation &source) : m_source(source) {}
67 
68  void GenerateBlock(byte *output, size_t size)
69  {
70  m_source.Get(output, size);
71  }
72 
73 private:
74  BufferedTransformation &m_source;
75 };
76 
77 bool ValidateBBS()
78 {
79  cout << "\nBlumBlumShub validation suite running...\n\n";
80 
81  Integer p("212004934506826557583707108431463840565872545889679278744389317666981496005411448865750399674653351");
82  Integer q("100677295735404212434355574418077394581488455772477016953458064183204108039226017738610663984508231");
83  Integer seed("63239752671357255800299643604761065219897634268887145610573595874544114193025997412441121667211431");
84  BlumBlumShub bbs(p, q, seed);
85  bool pass = true, fail;
86  int j;
87 
88  static const byte output1[] = {
89  0x49,0xEA,0x2C,0xFD,0xB0,0x10,0x64,0xA0,0xBB,0xB9,
90  0x2A,0xF1,0x01,0xDA,0xC1,0x8A,0x94,0xF7,0xB7,0xCE};
91  static const byte output2[] = {
92  0x74,0x45,0x48,0xAE,0xAC,0xB7,0x0E,0xDF,0xAF,0xD7,
93  0xD5,0x0E,0x8E,0x29,0x83,0x75,0x6B,0x27,0x46,0xA1};
94 
95  // Coverity finding, also see http://stackoverflow.com/a/34509163/608639.
96  StreamState ss(cout);
97  byte buf[20];
98 
99  bbs.GenerateBlock(buf, 20);
100  fail = memcmp(output1, buf, 20) != 0;
101  pass = pass && !fail;
102 
103  cout << (fail ? "FAILED " : "passed ");
104  for (j=0;j<20;j++)
105  cout << setw(2) << setfill('0') << hex << (int)buf[j];
106  cout << endl;
107 
108  bbs.Seek(10);
109  bbs.GenerateBlock(buf, 10);
110  fail = memcmp(output1+10, buf, 10) != 0;
111  pass = pass && !fail;
112 
113  cout << (fail ? "FAILED " : "passed ");
114  for (j=0;j<10;j++)
115  cout << setw(2) << setfill('0') << hex << (int)buf[j];
116  cout << endl;
117 
118  bbs.Seek(1234567);
119  bbs.GenerateBlock(buf, 20);
120  fail = memcmp(output2, buf, 20) != 0;
121  pass = pass && !fail;
122 
123  cout << (fail ? "FAILED " : "passed ");
124  for (j=0;j<20;j++)
125  cout << setw(2) << setfill('0') << hex << (int)buf[j];
126  cout << endl;
127 
128  return pass;
129 }
130 
131 bool SignatureValidate(PK_Signer &priv, PK_Verifier &pub, bool thorough = false)
132 {
133  bool pass = true, fail;
134 
135  fail = !pub.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2) || !priv.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2);
136  pass = pass && !fail;
137 
138  cout << (fail ? "FAILED " : "passed ");
139  cout << "signature key validation\n";
140 
141  const byte *message = (byte *)"test message";
142  const int messageLen = 12;
143 
144  SecByteBlock signature(priv.MaxSignatureLength());
145  size_t signatureLength = priv.SignMessage(GlobalRNG(), message, messageLen, signature);
146  fail = !pub.VerifyMessage(message, messageLen, signature, signatureLength);
147  pass = pass && !fail;
148 
149  cout << (fail ? "FAILED " : "passed ");
150  cout << "signature and verification\n";
151 
152  ++signature[0];
153  fail = pub.VerifyMessage(message, messageLen, signature, signatureLength);
154  pass = pass && !fail;
155 
156  cout << (fail ? "FAILED " : "passed ");
157  cout << "checking invalid signature" << endl;
158 
159  if (priv.MaxRecoverableLength() > 0)
160  {
161  signatureLength = priv.SignMessageWithRecovery(GlobalRNG(), message, messageLen, NULL, 0, signature);
162  SecByteBlock recovered(priv.MaxRecoverableLengthFromSignatureLength(signatureLength));
163  DecodingResult result = pub.RecoverMessage(recovered, NULL, 0, signature, signatureLength);
164  fail = !(result.isValidCoding && result.messageLength == messageLen && memcmp(recovered, message, messageLen) == 0);
165  pass = pass && !fail;
166 
167  cout << (fail ? "FAILED " : "passed ");
168  cout << "signature and verification with recovery" << endl;
169 
170  ++signature[0];
171  result = pub.RecoverMessage(recovered, NULL, 0, signature, signatureLength);
172  fail = result.isValidCoding;
173  pass = pass && !fail;
174 
175  cout << (fail ? "FAILED " : "passed ");
176  cout << "recovery with invalid signature" << endl;
177  }
178 
179  return pass;
180 }
181 
182 bool CryptoSystemValidate(PK_Decryptor &priv, PK_Encryptor &pub, bool thorough = false)
183 {
184  bool pass = true, fail;
185 
186  fail = !pub.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2) || !priv.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2);
187  pass = pass && !fail;
188 
189  cout << (fail ? "FAILED " : "passed ");
190  cout << "cryptosystem key validation\n";
191 
192  const byte *message = (byte *)"test message";
193  const int messageLen = 12;
194  SecByteBlock ciphertext(priv.CiphertextLength(messageLen));
195  SecByteBlock plaintext(priv.MaxPlaintextLength(ciphertext.size()));
196 
197  pub.Encrypt(GlobalRNG(), message, messageLen, ciphertext);
198  fail = priv.Decrypt(GlobalRNG(), ciphertext, priv.CiphertextLength(messageLen), plaintext) != DecodingResult(messageLen);
199  fail = fail || memcmp(message, plaintext, messageLen);
200  pass = pass && !fail;
201 
202  cout << (fail ? "FAILED " : "passed ");
203  cout << "encryption and decryption\n";
204 
205  return pass;
206 }
207 
208 bool SimpleKeyAgreementValidate(SimpleKeyAgreementDomain &d)
209 {
210  if (d.GetCryptoParameters().Validate(GlobalRNG(), 3))
211  cout << "passed simple key agreement domain parameters validation" << endl;
212  else
213  {
214  cout << "FAILED simple key agreement domain parameters invalid" << endl;
215  return false;
216  }
217 
218  SecByteBlock priv1(d.PrivateKeyLength()), priv2(d.PrivateKeyLength());
219  SecByteBlock pub1(d.PublicKeyLength()), pub2(d.PublicKeyLength());
220  SecByteBlock val1(d.AgreedValueLength()), val2(d.AgreedValueLength());
221 
222  d.GenerateKeyPair(GlobalRNG(), priv1, pub1);
223  d.GenerateKeyPair(GlobalRNG(), priv2, pub2);
224 
225  memset(val1.begin(), 0x10, val1.size());
226  memset(val2.begin(), 0x11, val2.size());
227 
228  if (!(d.Agree(val1, priv1, pub2) && d.Agree(val2, priv2, pub1)))
229  {
230  cout << "FAILED simple key agreement failed" << endl;
231  return false;
232  }
233 
234  if (memcmp(val1.begin(), val2.begin(), d.AgreedValueLength()))
235  {
236  cout << "FAILED simple agreed values not equal" << endl;
237  return false;
238  }
239 
240  cout << "passed simple key agreement" << endl;
241  return true;
242 }
243 
244 bool AuthenticatedKeyAgreementValidate(AuthenticatedKeyAgreementDomain &d)
245 {
246  if (d.GetCryptoParameters().Validate(GlobalRNG(), 3))
247  cout << "passed authenticated key agreement domain parameters validation" << endl;
248  else
249  {
250  cout << "FAILED authenticated key agreement domain parameters invalid" << endl;
251  return false;
252  }
253 
254  SecByteBlock spriv1(d.StaticPrivateKeyLength()), spriv2(d.StaticPrivateKeyLength());
255  SecByteBlock epriv1(d.EphemeralPrivateKeyLength()), epriv2(d.EphemeralPrivateKeyLength());
256  SecByteBlock spub1(d.StaticPublicKeyLength()), spub2(d.StaticPublicKeyLength());
257  SecByteBlock epub1(d.EphemeralPublicKeyLength()), epub2(d.EphemeralPublicKeyLength());
258  SecByteBlock val1(d.AgreedValueLength()), val2(d.AgreedValueLength());
259 
260  d.GenerateStaticKeyPair(GlobalRNG(), spriv1, spub1);
261  d.GenerateStaticKeyPair(GlobalRNG(), spriv2, spub2);
262  d.GenerateEphemeralKeyPair(GlobalRNG(), epriv1, epub1);
263  d.GenerateEphemeralKeyPair(GlobalRNG(), epriv2, epub2);
264 
265  memset(val1.begin(), 0x10, val1.size());
266  memset(val2.begin(), 0x11, val2.size());
267 
268  if (!(d.Agree(val1, spriv1, epriv1, spub2, epub2) && d.Agree(val2, spriv2, epriv2, spub1, epub1)))
269  {
270  cout << "FAILED authenticated key agreement failed" << endl;
271  return false;
272  }
273 
274  if (memcmp(val1.begin(), val2.begin(), d.AgreedValueLength()))
275  {
276  cout << "FAILED authenticated agreed values not equal" << endl;
277  return false;
278  }
279 
280  cout << "passed authenticated key agreement" << endl;
281  return true;
282 }
283 
284 bool ValidateRSA()
285 {
286  cout << "\nRSA validation suite running...\n\n";
287 
288  byte out[100], outPlain[100];
289  bool pass = true, fail;
290 
291  {
292  const char *plain = "Everyone gets Friday off.";
293  static const byte signature[] =
294  "\x05\xfa\x6a\x81\x2f\xc7\xdf\x8b\xf4\xf2\x54\x25\x09\xe0\x3e\x84"
295  "\x6e\x11\xb9\xc6\x20\xbe\x20\x09\xef\xb4\x40\xef\xbc\xc6\x69\x21"
296  "\x69\x94\xac\x04\xf3\x41\xb5\x7d\x05\x20\x2d\x42\x8f\xb2\xa2\x7b"
297  "\x5c\x77\xdf\xd9\xb1\x5b\xfc\x3d\x55\x93\x53\x50\x34\x10\xc1\xe1";
298 
299  FileSource keys(CRYPTOPP_DATA_DIR "TestData/rsa512a.dat", true, new HexDecoder);
300  Weak::RSASSA_PKCS1v15_MD2_Signer rsaPriv(keys);
301  Weak::RSASSA_PKCS1v15_MD2_Verifier rsaPub(rsaPriv);
302 
303  size_t signatureLength = rsaPriv.SignMessage(GlobalRNG(), (byte *)plain, strlen(plain), out);
304  fail = memcmp(signature, out, 64) != 0;
305  pass = pass && !fail;
306 
307  cout << (fail ? "FAILED " : "passed ");
308  cout << "signature check against test vector\n";
309 
310  fail = !rsaPub.VerifyMessage((byte *)plain, strlen(plain), out, signatureLength);
311  pass = pass && !fail;
312 
313  cout << (fail ? "FAILED " : "passed ");
314  cout << "verification check against test vector\n";
315 
316  out[10]++;
317  fail = rsaPub.VerifyMessage((byte *)plain, strlen(plain), out, signatureLength);
318  pass = pass && !fail;
319 
320  cout << (fail ? "FAILED " : "passed ");
321  cout << "invalid signature verification\n";
322  }
323  {
324  FileSource keys(CRYPTOPP_DATA_DIR "TestData/rsa1024.dat", true, new HexDecoder);
325  RSAES_PKCS1v15_Decryptor rsaPriv(keys);
326  RSAES_PKCS1v15_Encryptor rsaPub(rsaPriv);
327 
328  pass = CryptoSystemValidate(rsaPriv, rsaPub) && pass;
329  }
330  {
331  RSAES<OAEP<SHA> >::Decryptor rsaPriv(GlobalRNG(), 512);
332  RSAES<OAEP<SHA> >::Encryptor rsaPub(rsaPriv);
333 
334  pass = CryptoSystemValidate(rsaPriv, rsaPub) && pass;
335  }
336  {
337  byte *plain = (byte *)
338  "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
339  static const byte encrypted[] =
340  "\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a"
341  "\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4"
342  "\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52"
343  "\x62\x51";
344  static const byte oaepSeed[] =
345  "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2"
346  "\xf0\x6c\xb5\x8f";
347  ByteQueue bq;
348  bq.Put(oaepSeed, 20);
349  FixedRNG rng(bq);
350 
351  FileSource privFile(CRYPTOPP_DATA_DIR "TestData/rsa400pv.dat", true, new HexDecoder);
352  FileSource pubFile(CRYPTOPP_DATA_DIR "TestData/rsa400pb.dat", true, new HexDecoder);
353  RSAES_OAEP_SHA_Decryptor rsaPriv;
354  rsaPriv.AccessKey().BERDecodePrivateKey(privFile, false, 0);
355  RSAES_OAEP_SHA_Encryptor rsaPub(pubFile);
356 
357  memset(out, 0, 50);
358  memset(outPlain, 0, 8);
359  rsaPub.Encrypt(rng, plain, 8, out);
360  DecodingResult result = rsaPriv.FixedLengthDecrypt(GlobalRNG(), encrypted, outPlain);
361  fail = !result.isValidCoding || (result.messageLength!=8) || memcmp(out, encrypted, 50) || memcmp(plain, outPlain, 8);
362  pass = pass && !fail;
363 
364  cout << (fail ? "FAILED " : "passed ");
365  cout << "PKCS 2.0 encryption and decryption\n";
366  }
367 
368  return pass;
369 }
370 
371 bool ValidateDH()
372 {
373  cout << "\nDH validation suite running...\n\n";
374 
375  FileSource f(CRYPTOPP_DATA_DIR "TestData/dh1024.dat", true, new HexDecoder());
376  DH dh(f);
377  return SimpleKeyAgreementValidate(dh);
378 }
379 
380 bool ValidateMQV()
381 {
382  cout << "\nMQV validation suite running...\n\n";
383 
384  FileSource f(CRYPTOPP_DATA_DIR "TestData/mqv1024.dat", true, new HexDecoder());
385  MQV mqv(f);
386  return AuthenticatedKeyAgreementValidate(mqv);
387 }
388 
389 bool ValidateHMQV()
390 {
391  std::cout << "\nHMQV validation suite running...\n\n";
392 
393  //ECHMQV< ECP >::Domain hmqvB(false /*server*/);
394  ECHMQV256 hmqvB(false);
395  FileSource f256(CRYPTOPP_DATA_DIR "TestData/hmqv256.dat", true, new HexDecoder());
396  FileSource f384(CRYPTOPP_DATA_DIR "TestData/hmqv384.dat", true, new HexDecoder());
397  FileSource f512(CRYPTOPP_DATA_DIR "TestData/hmqv512.dat", true, new HexDecoder());
398  hmqvB.AccessGroupParameters().BERDecode(f256);
399 
400  std::cout << "HMQV with NIST P-256 and SHA-256:" << std::endl;
401 
402  if (hmqvB.GetCryptoParameters().Validate(GlobalRNG(), 3))
403  std::cout << "passed authenticated key agreement domain parameters validation (server)" << std::endl;
404  else
405  {
406  std::cout << "FAILED authenticated key agreement domain parameters invalid (server)" << std::endl;
407  return false;
408  }
409 
410  const OID oid = ASN1::secp256r1();
411  ECHMQV< ECP >::Domain hmqvA(oid, true /*client*/);
412 
413  if (hmqvA.GetCryptoParameters().Validate(GlobalRNG(), 3))
414  std::cout << "passed authenticated key agreement domain parameters validation (client)" << std::endl;
415  else
416  {
417  std::cout << "FAILED authenticated key agreement domain parameters invalid (client)" << std::endl;
418  return false;
419  }
420 
421  SecByteBlock sprivA(hmqvA.StaticPrivateKeyLength()), sprivB(hmqvB.StaticPrivateKeyLength());
422  SecByteBlock eprivA(hmqvA.EphemeralPrivateKeyLength()), eprivB(hmqvB.EphemeralPrivateKeyLength());
423  SecByteBlock spubA(hmqvA.StaticPublicKeyLength()), spubB(hmqvB.StaticPublicKeyLength());
424  SecByteBlock epubA(hmqvA.EphemeralPublicKeyLength()), epubB(hmqvB.EphemeralPublicKeyLength());
425  SecByteBlock valA(hmqvA.AgreedValueLength()), valB(hmqvB.AgreedValueLength());
426 
427  hmqvA.GenerateStaticKeyPair(GlobalRNG(), sprivA, spubA);
428  hmqvB.GenerateStaticKeyPair(GlobalRNG(), sprivB, spubB);
429  hmqvA.GenerateEphemeralKeyPair(GlobalRNG(), eprivA, epubA);
430  hmqvB.GenerateEphemeralKeyPair(GlobalRNG(), eprivB, epubB);
431 
432  memset(valA.begin(), 0x00, valA.size());
433  memset(valB.begin(), 0x11, valB.size());
434 
435  if (!(hmqvA.Agree(valA, sprivA, eprivA, spubB, epubB) && hmqvB.Agree(valB, sprivB, eprivB, spubA, epubA)))
436  {
437  std::cout << "FAILED authenticated key agreement failed" << std::endl;
438  return false;
439  }
440 
441  if (memcmp(valA.begin(), valB.begin(), hmqvA.AgreedValueLength()))
442  {
443  std::cout << "FAILED authenticated agreed values not equal" << std::endl;
444  return false;
445  }
446 
447  std::cout << "passed authenticated key agreement" << std::endl;
448 
449  // Now test HMQV with NIST P-384 curve and SHA384 hash
450  std::cout << endl;
451  std::cout << "HMQV with NIST P-384 and SHA-384:" << std::endl;
452 
453  ECHMQV384 hmqvB384(false);
454  hmqvB384.AccessGroupParameters().BERDecode(f384);
455 
456  if (hmqvB384.GetCryptoParameters().Validate(GlobalRNG(), 3))
457  std::cout << "passed authenticated key agreement domain parameters validation (server)" << std::endl;
458  else
459  {
460  std::cout << "FAILED authenticated key agreement domain parameters invalid (server)" << std::endl;
461  return false;
462  }
463 
464  const OID oid384 = ASN1::secp384r1();
465  ECHMQV384 hmqvA384(oid384, true /*client*/);
466 
467  if (hmqvA384.GetCryptoParameters().Validate(GlobalRNG(), 3))
468  std::cout << "passed authenticated key agreement domain parameters validation (client)" << std::endl;
469  else
470  {
471  std::cout << "FAILED authenticated key agreement domain parameters invalid (client)" << std::endl;
472  return false;
473  }
474 
475  SecByteBlock sprivA384(hmqvA384.StaticPrivateKeyLength()), sprivB384(hmqvB384.StaticPrivateKeyLength());
476  SecByteBlock eprivA384(hmqvA384.EphemeralPrivateKeyLength()), eprivB384(hmqvB384.EphemeralPrivateKeyLength());
477  SecByteBlock spubA384(hmqvA384.StaticPublicKeyLength()), spubB384(hmqvB384.StaticPublicKeyLength());
478  SecByteBlock epubA384(hmqvA384.EphemeralPublicKeyLength()), epubB384(hmqvB384.EphemeralPublicKeyLength());
479  SecByteBlock valA384(hmqvA384.AgreedValueLength()), valB384(hmqvB384.AgreedValueLength());
480 
481  hmqvA384.GenerateStaticKeyPair(GlobalRNG(), sprivA384, spubA384);
482  hmqvB384.GenerateStaticKeyPair(GlobalRNG(), sprivB384, spubB384);
483  hmqvA384.GenerateEphemeralKeyPair(GlobalRNG(), eprivA384, epubA384);
484  hmqvB384.GenerateEphemeralKeyPair(GlobalRNG(), eprivB384, epubB384);
485 
486  memset(valA384.begin(), 0x00, valA384.size());
487  memset(valB384.begin(), 0x11, valB384.size());
488 
489  if (!(hmqvA384.Agree(valA384, sprivA384, eprivA384, spubB384, epubB384) && hmqvB384.Agree(valB384, sprivB384, eprivB384, spubA384, epubA384)))
490  {
491  std::cout << "FAILED authenticated key agreement failed" << std::endl;
492  return false;
493  }
494 
495  if (memcmp(valA384.begin(), valB384.begin(), hmqvA384.AgreedValueLength()))
496  {
497  std::cout << "FAILED authenticated agreed values not equal" << std::endl;
498  return false;
499  }
500 
501  std::cout << "passed authenticated key agreement" << std::endl;
502 
503  return true;
504 }
505 
506 bool ValidateFHMQV()
507 {
508  std::cout << "\nFHMQV validation suite running...\n\n";
509 
510  //ECFHMQV< ECP >::Domain fhmqvB(false /*server*/);
511  ECFHMQV256 fhmqvB(false);
512  FileSource f256(CRYPTOPP_DATA_DIR "TestData/fhmqv256.dat", true, new HexDecoder());
513  FileSource f384(CRYPTOPP_DATA_DIR "TestData/fhmqv384.dat", true, new HexDecoder());
514  FileSource f512(CRYPTOPP_DATA_DIR "TestData/fhmqv512.dat", true, new HexDecoder());
515  fhmqvB.AccessGroupParameters().BERDecode(f256);
516 
517  std::cout << "FHMQV with NIST P-256 and SHA-256:" << std::endl;
518 
519  if (fhmqvB.GetCryptoParameters().Validate(GlobalRNG(), 3))
520  std::cout << "passed authenticated key agreement domain parameters validation (server)" << std::endl;
521  else
522  {
523  std::cout << "FAILED authenticated key agreement domain parameters invalid (server)" << std::endl;
524  return false;
525  }
526 
527  const OID oid = ASN1::secp256r1();
528  ECFHMQV< ECP >::Domain fhmqvA(oid, true /*client*/);
529 
530  if (fhmqvA.GetCryptoParameters().Validate(GlobalRNG(), 3))
531  std::cout << "passed authenticated key agreement domain parameters validation (client)" << std::endl;
532  else
533  {
534  std::cout << "FAILED authenticated key agreement domain parameters invalid (client)" << std::endl;
535  return false;
536  }
537 
538  SecByteBlock sprivA(fhmqvA.StaticPrivateKeyLength()), sprivB(fhmqvB.StaticPrivateKeyLength());
539  SecByteBlock eprivA(fhmqvA.EphemeralPrivateKeyLength()), eprivB(fhmqvB.EphemeralPrivateKeyLength());
540  SecByteBlock spubA(fhmqvA.StaticPublicKeyLength()), spubB(fhmqvB.StaticPublicKeyLength());
541  SecByteBlock epubA(fhmqvA.EphemeralPublicKeyLength()), epubB(fhmqvB.EphemeralPublicKeyLength());
542  SecByteBlock valA(fhmqvA.AgreedValueLength()), valB(fhmqvB.AgreedValueLength());
543 
544  fhmqvA.GenerateStaticKeyPair(GlobalRNG(), sprivA, spubA);
545  fhmqvB.GenerateStaticKeyPair(GlobalRNG(), sprivB, spubB);
546  fhmqvA.GenerateEphemeralKeyPair(GlobalRNG(), eprivA, epubA);
547  fhmqvB.GenerateEphemeralKeyPair(GlobalRNG(), eprivB, epubB);
548 
549  memset(valA.begin(), 0x00, valA.size());
550  memset(valB.begin(), 0x11, valB.size());
551 
552  if (!(fhmqvA.Agree(valA, sprivA, eprivA, spubB, epubB) && fhmqvB.Agree(valB, sprivB, eprivB, spubA, epubA)))
553  {
554  std::cout << "FAILED authenticated key agreement failed" << std::endl;
555  return false;
556  }
557 
558  if (memcmp(valA.begin(), valB.begin(), fhmqvA.AgreedValueLength()))
559  {
560  std::cout << "FAILED authenticated agreed values not equal" << std::endl;
561  return false;
562  }
563 
564  std::cout << "passed authenticated key agreement" << std::endl;
565 
566  // Now test FHMQV with NIST P-384 curve and SHA384 hash
567  std::cout << endl;
568  std::cout << "FHMQV with NIST P-384 and SHA-384:" << std::endl;
569 
570  ECHMQV384 fhmqvB384(false);
571  fhmqvB384.AccessGroupParameters().BERDecode(f384);
572 
573  if (fhmqvB384.GetCryptoParameters().Validate(GlobalRNG(), 3))
574  std::cout << "passed authenticated key agreement domain parameters validation (server)" << std::endl;
575  else
576  {
577  std::cout << "FAILED authenticated key agreement domain parameters invalid (server)" << std::endl;
578  return false;
579  }
580 
581  const OID oid384 = ASN1::secp384r1();
582  ECHMQV384 fhmqvA384(oid384, true /*client*/);
583 
584  if (fhmqvA384.GetCryptoParameters().Validate(GlobalRNG(), 3))
585  std::cout << "passed authenticated key agreement domain parameters validation (client)" << std::endl;
586  else
587  {
588  std::cout << "FAILED authenticated key agreement domain parameters invalid (client)" << std::endl;
589  return false;
590  }
591 
592  SecByteBlock sprivA384(fhmqvA384.StaticPrivateKeyLength()), sprivB384(fhmqvB384.StaticPrivateKeyLength());
593  SecByteBlock eprivA384(fhmqvA384.EphemeralPrivateKeyLength()), eprivB384(fhmqvB384.EphemeralPrivateKeyLength());
594  SecByteBlock spubA384(fhmqvA384.StaticPublicKeyLength()), spubB384(fhmqvB384.StaticPublicKeyLength());
595  SecByteBlock epubA384(fhmqvA384.EphemeralPublicKeyLength()), epubB384(fhmqvB384.EphemeralPublicKeyLength());
596  SecByteBlock valA384(fhmqvA384.AgreedValueLength()), valB384(fhmqvB384.AgreedValueLength());
597 
598  fhmqvA384.GenerateStaticKeyPair(GlobalRNG(), sprivA384, spubA384);
599  fhmqvB384.GenerateStaticKeyPair(GlobalRNG(), sprivB384, spubB384);
600  fhmqvA384.GenerateEphemeralKeyPair(GlobalRNG(), eprivA384, epubA384);
601  fhmqvB384.GenerateEphemeralKeyPair(GlobalRNG(), eprivB384, epubB384);
602 
603  memset(valA384.begin(), 0x00, valA384.size());
604  memset(valB384.begin(), 0x11, valB384.size());
605 
606  if (!(fhmqvA384.Agree(valA384, sprivA384, eprivA384, spubB384, epubB384) && fhmqvB384.Agree(valB384, sprivB384, eprivB384, spubA384, epubA384)))
607  {
608  std::cout << "FAILED authenticated key agreement failed" << std::endl;
609  return false;
610  }
611 
612  if (memcmp(valA384.begin(), valB384.begin(), fhmqvA384.AgreedValueLength()))
613  {
614  std::cout << "FAILED authenticated agreed values not equal" << std::endl;
615  return false;
616  }
617 
618  std::cout << "passed authenticated key agreement" << std::endl;
619 
620  return true;
621 }
622 
623 bool ValidateLUC_DH()
624 {
625  cout << "\nLUC-DH validation suite running...\n\n";
626 
627  FileSource f(CRYPTOPP_DATA_DIR "TestData/lucd512.dat", true, new HexDecoder());
628  LUC_DH dh(f);
629  return SimpleKeyAgreementValidate(dh);
630 }
631 
632 bool ValidateXTR_DH()
633 {
634  cout << "\nXTR-DH validation suite running...\n\n";
635 
636  FileSource f(CRYPTOPP_DATA_DIR "TestData/xtrdh171.dat", true, new HexDecoder());
637  XTR_DH dh(f);
638  return SimpleKeyAgreementValidate(dh);
639 }
640 
641 bool ValidateElGamal()
642 {
643  cout << "\nElGamal validation suite running...\n\n";
644  bool pass = true;
645  {
646  FileSource fc(CRYPTOPP_DATA_DIR "TestData/elgc1024.dat", true, new HexDecoder);
647  ElGamalDecryptor privC(fc);
648  ElGamalEncryptor pubC(privC);
649  privC.AccessKey().Precompute();
650  ByteQueue queue;
651  privC.AccessKey().SavePrecomputation(queue);
652  privC.AccessKey().LoadPrecomputation(queue);
653 
654  pass = CryptoSystemValidate(privC, pubC) && pass;
655  }
656  return pass;
657 }
658 
659 bool ValidateDLIES()
660 {
661  cout << "\nDLIES validation suite running...\n\n";
662  bool pass = true;
663  {
664  FileSource fc(CRYPTOPP_DATA_DIR "TestData/dlie1024.dat", true, new HexDecoder);
665  DLIES<>::Decryptor privC(fc);
666  DLIES<>::Encryptor pubC(privC);
667  pass = CryptoSystemValidate(privC, pubC) && pass;
668  }
669  {
670  cout << "Generating new encryption key..." << endl;
672  gp.GenerateRandomWithKeySize(GlobalRNG(), 128);
673  DLIES<>::Decryptor decryptor;
674  decryptor.AccessKey().GenerateRandom(GlobalRNG(), gp);
675  DLIES<>::Encryptor encryptor(decryptor);
676 
677  pass = CryptoSystemValidate(decryptor, encryptor) && pass;
678  }
679  return pass;
680 }
681 
682 bool ValidateNR()
683 {
684  cout << "\nNR validation suite running...\n\n";
685  bool pass = true;
686  {
687  FileSource f(CRYPTOPP_DATA_DIR "TestData/nr2048.dat", true, new HexDecoder);
688  NR<SHA>::Signer privS(f);
689  privS.AccessKey().Precompute();
690  NR<SHA>::Verifier pubS(privS);
691 
692  pass = SignatureValidate(privS, pubS) && pass;
693  }
694  {
695  cout << "Generating new signature key..." << endl;
696  NR<SHA>::Signer privS(GlobalRNG(), 256);
697  NR<SHA>::Verifier pubS(privS);
698 
699  pass = SignatureValidate(privS, pubS) && pass;
700  }
701  return pass;
702 }
703 
704 bool ValidateDSA(bool thorough)
705 {
706  cout << "\nDSA validation suite running...\n\n";
707 
708  bool pass = true;
709  FileSource fs1(CRYPTOPP_DATA_DIR "TestData/dsa1024.dat", true, new HexDecoder());
710  DSA::Signer priv(fs1);
711  DSA::Verifier pub(priv);
712  FileSource fs2(CRYPTOPP_DATA_DIR "TestData/dsa1024b.dat", true, new HexDecoder());
713  DSA::Verifier pub1(fs2);
714  assert(pub.GetKey() == pub1.GetKey());
715  pass = SignatureValidate(priv, pub, thorough) && pass;
716  pass = RunTestDataFile(CRYPTOPP_DATA_DIR "TestVectors/dsa.txt", g_nullNameValuePairs, thorough) && pass;
717 
718  return pass;
719 }
720 
721 bool ValidateLUC()
722 {
723  cout << "\nLUC validation suite running...\n\n";
724  bool pass=true;
725 
726  {
727  FileSource f(CRYPTOPP_DATA_DIR "TestData/luc1024.dat", true, new HexDecoder);
730  pass = SignatureValidate(priv, pub) && pass;
731  }
732  {
733  LUCES_OAEP_SHA_Decryptor priv(GlobalRNG(), 512);
734  LUCES_OAEP_SHA_Encryptor pub(priv);
735  pass = CryptoSystemValidate(priv, pub) && pass;
736  }
737  return pass;
738 }
739 
740 bool ValidateLUC_DL()
741 {
742  cout << "\nLUC-HMP validation suite running...\n\n";
743 
744  FileSource f(CRYPTOPP_DATA_DIR "TestData/lucs512.dat", true, new HexDecoder);
745  LUC_HMP<SHA>::Signer privS(f);
746  LUC_HMP<SHA>::Verifier pubS(privS);
747  bool pass = SignatureValidate(privS, pubS);
748 
749  cout << "\nLUC-IES validation suite running...\n\n";
750 
751  FileSource fc(CRYPTOPP_DATA_DIR "TestData/lucc512.dat", true, new HexDecoder);
752  LUC_IES<>::Decryptor privC(fc);
753  LUC_IES<>::Encryptor pubC(privC);
754  pass = CryptoSystemValidate(privC, pubC) && pass;
755 
756  return pass;
757 }
758 
759 bool ValidateRabin()
760 {
761  cout << "\nRabin validation suite running...\n\n";
762  bool pass=true;
763 
764  {
765  FileSource f(CRYPTOPP_DATA_DIR "TestData/rabi1024.dat", true, new HexDecoder);
768  pass = SignatureValidate(priv, pub) && pass;
769  }
770  {
771  RabinES<OAEP<SHA> >::Decryptor priv(GlobalRNG(), 512);
772  RabinES<OAEP<SHA> >::Encryptor pub(priv);
773  pass = CryptoSystemValidate(priv, pub) && pass;
774  }
775  return pass;
776 }
777 
778 bool ValidateRW()
779 {
780  cout << "\nRW validation suite running...\n\n";
781 
782  FileSource f(CRYPTOPP_DATA_DIR "TestData/rw1024.dat", true, new HexDecoder);
783  RWSS<PSSR, SHA>::Signer priv(f);
784  RWSS<PSSR, SHA>::Verifier pub(priv);
785 
786  return SignatureValidate(priv, pub);
787 }
788 
789 /*
790 bool ValidateBlumGoldwasser()
791 {
792  cout << "\nBlumGoldwasser validation suite running...\n\n";
793 
794  FileSource f(CRYPTOPP_DATA_DIR "TestData/blum512.dat", true, new HexDecoder);
795  BlumGoldwasserPrivateKey priv(f);
796  BlumGoldwasserPublicKey pub(priv);
797 
798  return CryptoSystemValidate(priv, pub);
799 }
800 */
801 
802 #if !defined(NDEBUG) && !defined(CRYPTOPP_IMPORTS)
803 // Issue 64: "PolynomialMod2::operator<<=", http://github.com/weidai11/cryptopp/issues/64
804 bool TestPolynomialMod2()
805 {
806  bool pass1 = true, pass2 = true, pass3 = true;
807 
808  cout << "\nTesting PolynomialMod2 bit operations...\n\n";
809 
810  static const unsigned int start = 0;
811  static const unsigned int stop = 4 * WORD_BITS + 1;
812 
813  for (unsigned int i=start; i < stop; i++)
814  {
815  PolynomialMod2 p(1);
816  p <<= i;
817 
818  Integer n(Integer::One());
819  n <<= i;
820 
821  std::ostringstream oss1;
822  oss1 << p;
823 
824  std::string str1, str2;
825 
826  // str1 needs the commas removed used for grouping
827  str1 = oss1.str();
828  str1.erase(std::remove(str1.begin(), str1.end(), ','), str1.end());
829 
830  // str1 needs the trailing 'b' removed
831  str1.erase(str1.end() - 1);
832 
833  // str2 is fine as-is
834  str2 = IntToString(n, 2);
835 
836  pass1 &= (str1 == str2);
837  }
838 
839  for (unsigned int i=start; i < stop; i++)
840  {
841  const word w((word)SIZE_MAX);
842 
843  PolynomialMod2 p(w);
844  p <<= i;
845 
846  Integer n(Integer::POSITIVE, static_cast<lword>(w));
847  n <<= i;
848 
849  std::ostringstream oss1;
850  oss1 << p;
851 
852  std::string str1, str2;
853 
854  // str1 needs the commas removed used for grouping
855  str1 = oss1.str();
856  str1.erase(std::remove(str1.begin(), str1.end(), ','), str1.end());
857 
858  // str1 needs the trailing 'b' removed
859  str1.erase(str1.end() - 1);
860 
861  // str2 is fine as-is
862  str2 = IntToString(n, 2);
863 
864  pass2 &= (str1 == str2);
865  }
866 
867  RandomNumberGenerator& prng = GlobalRNG();
868  for (unsigned int i=start; i < stop; i++)
869  {
870  word w; // Cast to lword due to Visual Studio
871  prng.GenerateBlock((byte*)&w, sizeof(w));
872 
873  PolynomialMod2 p(w);
874  p <<= i;
875 
876  Integer n(Integer::POSITIVE, static_cast<lword>(w));
877  n <<= i;
878 
879  std::ostringstream oss1;
880  oss1 << p;
881 
882  std::string str1, str2;
883 
884  // str1 needs the commas removed used for grouping
885  str1 = oss1.str();
886  str1.erase(std::remove(str1.begin(), str1.end(), ','), str1.end());
887 
888  // str1 needs the trailing 'b' removed
889  str1.erase(str1.end() - 1);
890 
891  // str2 is fine as-is
892  str2 = IntToString(n, 2);
893 
894  if (str1 != str2)
895  {
896  cout << " Oops..." << "\n";
897  cout << " random: " << std::hex << n << std::dec << "\n";
898  cout << " str1: " << str1 << "\n";
899  cout << " str2: " << str2 << "\n";
900  }
901 
902  pass3 &= (str1 == str2);
903  }
904 
905  cout << (!pass1 ? "FAILED" : "passed") << ": " << "1 shifted over range [" << dec << start << "," << stop << "]" << "\n";
906  cout << (!pass2 ? "FAILED" : "passed") << ": " << "0x" << hex << word(SIZE_MAX) << dec << " shifted over range [" << start << "," << stop << "]" << "\n";
907  cout << (!pass3 ? "FAILED" : "passed") << ": " << "random values shifted over range [" << dec << start << "," << stop << "]" << "\n";
908 
909  if (!(pass1 && pass2 && pass3))
910  cout.flush();
911 
912  return pass1 && pass2 && pass3;
913 }
914 #endif
915 
916 bool ValidateECP()
917 {
918  cout << "\nECP validation suite running...\n\n";
919 
920  ECIES<ECP>::Decryptor cpriv(GlobalRNG(), ASN1::secp192r1());
921  ECIES<ECP>::Encryptor cpub(cpriv);
922  ByteQueue bq;
923  cpriv.GetKey().DEREncode(bq);
924  cpub.AccessKey().AccessGroupParameters().SetEncodeAsOID(true);
925  cpub.GetKey().DEREncode(bq);
926  ECDSA<ECP, SHA>::Signer spriv(bq);
927  ECDSA<ECP, SHA>::Verifier spub(bq);
928  ECDH<ECP>::Domain ecdhc(ASN1::secp192r1());
929  ECMQV<ECP>::Domain ecmqvc(ASN1::secp192r1());
930 
931  spriv.AccessKey().Precompute();
932  ByteQueue queue;
933  spriv.AccessKey().SavePrecomputation(queue);
934  spriv.AccessKey().LoadPrecomputation(queue);
935 
936  bool pass = SignatureValidate(spriv, spub);
937  cpub.AccessKey().Precompute();
938  cpriv.AccessKey().Precompute();
939  pass = CryptoSystemValidate(cpriv, cpub) && pass;
940  pass = SimpleKeyAgreementValidate(ecdhc) && pass;
941  pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass;
942 
943  cout << "Turning on point compression..." << endl;
944  cpriv.AccessKey().AccessGroupParameters().SetPointCompression(true);
945  cpub.AccessKey().AccessGroupParameters().SetPointCompression(true);
946  ecdhc.AccessGroupParameters().SetPointCompression(true);
947  ecmqvc.AccessGroupParameters().SetPointCompression(true);
948  pass = CryptoSystemValidate(cpriv, cpub) && pass;
949  pass = SimpleKeyAgreementValidate(ecdhc) && pass;
950  pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass;
951 
952  cout << "Testing SEC 2, NIST, and Brainpool recommended curves..." << endl;
953  OID oid;
954  while (!(oid = DL_GroupParameters_EC<ECP>::GetNextRecommendedParametersOID(oid)).m_values.empty())
955  {
956  DL_GroupParameters_EC<ECP> params(oid);
957  bool fail = !params.Validate(GlobalRNG(), 2);
958  cout << (fail ? "FAILED" : "passed") << " " << dec << params.GetCurve().GetField().MaxElementBitLength() << " bits" << endl;
959  pass = pass && !fail;
960  }
961 
962  return pass;
963 }
964 
965 bool ValidateEC2N()
966 {
967  cout << "\nEC2N validation suite running...\n\n";
968 
969  ECIES<EC2N>::Decryptor cpriv(GlobalRNG(), ASN1::sect193r1());
970  ECIES<EC2N>::Encryptor cpub(cpriv);
971  ByteQueue bq;
972  cpriv.DEREncode(bq);
973  cpub.AccessKey().AccessGroupParameters().SetEncodeAsOID(true);
974  cpub.DEREncode(bq);
975  ECDSA<EC2N, SHA>::Signer spriv(bq);
977  ECDH<EC2N>::Domain ecdhc(ASN1::sect193r1());
978  ECMQV<EC2N>::Domain ecmqvc(ASN1::sect193r1());
979 
980  spriv.AccessKey().Precompute();
981  ByteQueue queue;
982  spriv.AccessKey().SavePrecomputation(queue);
983  spriv.AccessKey().LoadPrecomputation(queue);
984 
985  bool pass = SignatureValidate(spriv, spub);
986  pass = CryptoSystemValidate(cpriv, cpub) && pass;
987  pass = SimpleKeyAgreementValidate(ecdhc) && pass;
988  pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass;
989 
990  cout << "Turning on point compression..." << endl;
991  cpriv.AccessKey().AccessGroupParameters().SetPointCompression(true);
992  cpub.AccessKey().AccessGroupParameters().SetPointCompression(true);
993  ecdhc.AccessGroupParameters().SetPointCompression(true);
994  ecmqvc.AccessGroupParameters().SetPointCompression(true);
995  pass = CryptoSystemValidate(cpriv, cpub) && pass;
996  pass = SimpleKeyAgreementValidate(ecdhc) && pass;
997  pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass;
998 
999 #if 0 // TODO: turn this back on when I make EC2N faster for pentanomial basis
1000  cout << "Testing SEC 2 recommended curves..." << endl;
1001  OID oid;
1002  while (!(oid = DL_GroupParameters_EC<EC2N>::GetNextRecommendedParametersOID(oid)).m_values.empty())
1003  {
1004  DL_GroupParameters_EC<EC2N> params(oid);
1005  bool fail = !params.Validate(GlobalRNG(), 2);
1006  cout << (fail ? "FAILED" : "passed") << " " << params.GetCurve().GetField().MaxElementBitLength() << " bits" << endl;
1007  pass = pass && !fail;
1008  }
1009 #endif
1010 
1011  return pass;
1012 }
1013 
1014 bool ValidateECDSA()
1015 {
1016  cout << "\nECDSA validation suite running...\n\n";
1017 
1018  // from Sample Test Vectors for P1363
1019  GF2NT gf2n(191, 9, 0);
1020  byte a[]="\x28\x66\x53\x7B\x67\x67\x52\x63\x6A\x68\xF5\x65\x54\xE1\x26\x40\x27\x6B\x64\x9E\xF7\x52\x62\x67";
1021  byte b[]="\x2E\x45\xEF\x57\x1F\x00\x78\x6F\x67\xB0\x08\x1B\x94\x95\xA3\xD9\x54\x62\xF5\xDE\x0A\xA1\x85\xEC";
1022  EC2N ec(gf2n, PolynomialMod2(a,24), PolynomialMod2(b,24));
1023 
1024  EC2N::Point P;
1025  ec.DecodePoint(P, (byte *)"\x04\x36\xB3\xDA\xF8\xA2\x32\x06\xF9\xC4\xF2\x99\xD7\xB2\x1A\x9C\x36\x91\x37\xF2\xC8\x4A\xE1\xAA\x0D"
1026  "\x76\x5B\xE7\x34\x33\xB3\xF9\x5E\x33\x29\x32\xE7\x0E\xA2\x45\xCA\x24\x18\xEA\x0E\xF9\x80\x18\xFB", ec.EncodedPointSize());
1027  Integer n("40000000000000000000000004a20e90c39067c893bbb9a5H");
1028  Integer d("340562e1dda332f9d2aec168249b5696ee39d0ed4d03760fH");
1029  EC2N::Point Q(ec.Multiply(d, P));
1030  ECDSA<EC2N, SHA>::Signer priv(ec, P, n, d);
1031  ECDSA<EC2N, SHA>::Verifier pub(priv);
1032 
1033  Integer h("A9993E364706816ABA3E25717850C26C9CD0D89DH");
1034  Integer k("3eeace72b4919d991738d521879f787cb590aff8189d2b69H");
1035  static const byte sig[]="\x03\x8e\x5a\x11\xfb\x55\xe4\xc6\x54\x71\xdc\xd4\x99\x84\x52\xb1\xe0\x2d\x8a\xf7\x09\x9b\xb9\x30"
1036  "\x0c\x9a\x08\xc3\x44\x68\xc2\x44\xb4\xe5\xd6\xb2\x1b\x3c\x68\x36\x28\x07\x41\x60\x20\x32\x8b\x6e";
1037  Integer r(sig, 24);
1038  Integer s(sig+24, 24);
1039 
1040  Integer rOut, sOut;
1041  bool fail, pass=true;
1042 
1043  priv.RawSign(k, h, rOut, sOut);
1044  fail = (rOut != r) || (sOut != s);
1045  pass = pass && !fail;
1046 
1047  cout << (fail ? "FAILED " : "passed ");
1048  cout << "signature check against test vector\n";
1049 
1050  fail = !pub.VerifyMessage((byte *)"abc", 3, sig, sizeof(sig));
1051  pass = pass && !fail;
1052 
1053  cout << (fail ? "FAILED " : "passed ");
1054  cout << "verification check against test vector\n";
1055 
1056  fail = pub.VerifyMessage((byte *)"xyz", 3, sig, sizeof(sig));
1057  pass = pass && !fail;
1058 
1059  pass = SignatureValidate(priv, pub) && pass;
1060 
1061  return pass;
1062 }
1063 
1064 bool ValidateESIGN()
1065 {
1066  cout << "\nESIGN validation suite running...\n\n";
1067 
1068  bool pass = true, fail;
1069 
1070  static const char plain[] = "test";
1071  static const byte signature[] =
1072  "\xA3\xE3\x20\x65\xDE\xDA\xE7\xEC\x05\xC1\xBF\xCD\x25\x79\x7D\x99\xCD\xD5\x73\x9D\x9D\xF3\xA4\xAA\x9A\xA4\x5A\xC8\x23\x3D\x0D\x37\xFE\xBC\x76\x3F\xF1\x84\xF6\x59"
1073  "\x14\x91\x4F\x0C\x34\x1B\xAE\x9A\x5C\x2E\x2E\x38\x08\x78\x77\xCB\xDC\x3C\x7E\xA0\x34\x44\x5B\x0F\x67\xD9\x35\x2A\x79\x47\x1A\x52\x37\x71\xDB\x12\x67\xC1\xB6\xC6"
1074  "\x66\x73\xB3\x40\x2E\xD6\xF2\x1A\x84\x0A\xB6\x7B\x0F\xEB\x8B\x88\xAB\x33\xDD\xE4\x83\x21\x90\x63\x2D\x51\x2A\xB1\x6F\xAB\xA7\x5C\xFD\x77\x99\xF2\xE1\xEF\x67\x1A"
1075  "\x74\x02\x37\x0E\xED\x0A\x06\xAD\xF4\x15\x65\xB8\xE1\xD1\x45\xAE\x39\x19\xB4\xFF\x5D\xF1\x45\x7B\xE0\xFE\x72\xED\x11\x92\x8F\x61\x41\x4F\x02\x00\xF2\x76\x6F\x7C"
1076  "\x79\xA2\xE5\x52\x20\x5D\x97\x5E\xFE\x39\xAE\x21\x10\xFB\x35\xF4\x80\x81\x41\x13\xDD\xE8\x5F\xCA\x1E\x4F\xF8\x9B\xB2\x68\xFB\x28";
1077 
1078  FileSource keys(CRYPTOPP_DATA_DIR "TestData/esig1536.dat", true, new HexDecoder);
1079  ESIGN<SHA>::Signer signer(keys);
1080  ESIGN<SHA>::Verifier verifier(signer);
1081 
1082  fail = !SignatureValidate(signer, verifier);
1083  pass = pass && !fail;
1084 
1085  fail = !verifier.VerifyMessage((byte *)plain, strlen(plain), signature, verifier.SignatureLength());
1086  pass = pass && !fail;
1087 
1088  cout << (fail ? "FAILED " : "passed ");
1089  cout << "verification check against test vector\n";
1090 
1091  cout << "Generating signature key from seed..." << endl;
1092  signer.AccessKey().GenerateRandom(GlobalRNG(), MakeParameters("Seed", ConstByteArrayParameter((const byte *)"test", 4))("KeySize", 3*512));
1093  verifier = signer;
1094 
1095  fail = !SignatureValidate(signer, verifier);
1096  pass = pass && !fail;
1097 
1098  return pass;
1099 }
fhmqv.h
Classes for Fully Hashed Menezes-Qu-Vanstone key agreement in GF(p)
StreamState
Definition: validate.h:109
PK_Encryptor
Interface for public-key encryptors.
Definition: cryptlib.h:2350
PK_Verifier::RecoverMessage
virtual DecodingResult RecoverMessage(byte *recoveredMessage, const byte *nonrecoverableMessage, size_t nonrecoverableMessageLength, const byte *signature, size_t signatureLength) const
Recover a message from its signature.
Definition: cryptlib.cpp:912
MakeParameters
AlgorithmParameters MakeParameters(const char *name, const T &value, bool throwIfNotUsed=true)
Create an object that implements NameValuePairs.
Definition: algparam.h:554
HexDecoder
Decode base 16 data back to bytes.
Definition: hex.h:37
ecp.h
Classes for Elliptic Curves over prime fields.
RSAES_PKCS1v15_Decryptor
RSAES<PKCS1v15>::Decryptor typedef
Definition: rsa.h:199
SimpleKeyAgreementDomain
Interface for domains of simple key agreement protocols.
Definition: cryptlib.h:2683
luc.h
PrivateKeyAlgorithm::GetMaterial
const CryptoMaterial & GetMaterial() const
Retrieves a reference to a Private Key.
Definition: cryptlib.h:2270
ByteQueue
Data structure used to store byte strings.
Definition: queue.h:21
gf2n.h
PolynomialMod2
Polynomial with Coefficients in GF(2)
Definition: gf2n.h:19
Integer::One
static const Integer & One()
Integer representing 1.
Definition: integer.cpp:3016
Integer::POSITIVE
@ POSITIVE
the value is positive or 0
Definition: integer.h:71
elgamal.h
Classes and functions for ElGamal key agreement and encryption schemes.
BufferedTransformation
Interface for buffered transformations.
Definition: cryptlib.h:1353
EC2N
Elliptic Curve over GF(2^n)
Definition: ec2n.h:45
ECDSA
ECDSA
Definition: eccrypto.h:309
SecByteBlock
SecBlock<byte> typedef.
Definition: secblock.h:731
PK_CryptoSystem::MaxPlaintextLength
virtual size_t MaxPlaintextLength(size_t ciphertextLength) const =0
Provides the maximum length of plaintext for a given ciphertext length.
esign.h
This file contains classes that implement the ESIGN signature schemes as defined in IEEE P1363a.
smartptr.h
Classes for automatic resource management.
pubkey.h
This file contains helper classes/functions for implementing public key algorithms.
PK_Decryptor
Interface for public-key decryptors.
Definition: cryptlib.h:2386
FHMQV_Domain
Fully Hashed Menezes-Qu-Vanstone in GF(p)
Definition: fhmqv.h:25
SIZE_MAX
#define SIZE_MAX
The maximum value of a machine word.
Definition: misc.h:95
gfpcrypt.h
Implementation of schemes based on DL over GF(p)
BufferedTransformation::Put
size_t Put(byte inByte, bool blocking=true)
Input a byte for processing.
Definition: cryptlib.h:1378
RSAES_PKCS1v15_Encryptor
RSAES<PKCS1v15>::Encryptor typedef
Definition: rsa.h:202
EC2NPoint
Elliptic Curve Point.
Definition: ec2n.h:23
DL_GroupParameters_EC
Elliptic Curve Parameters.
Definition: eccrypto.h:32
RandomNumberGenerator::GenerateBlock
virtual void GenerateBlock(byte *output, size_t size)
Generate random array of bytes.
Definition: cryptlib.cpp:330
AuthenticatedKeyAgreementDomain
Interface for domains of authenticated key agreement protocols.
Definition: cryptlib.h:2748
dh.h
Classes for Diffie-Hellman key exchange.
OID
Object Identifier.
Definition: asn.h:160
filters.h
Implementation of BufferedTransformation's attachment interface.
RandomNumberGenerator
Interface for random number generators.
Definition: cryptlib.h:1187
rng.h
Miscellaneous classes for RNGs.
hex.h
Classes for HexEncoder and HexDecoder.
CryptoMaterial::Validate
virtual bool Validate(RandomNumberGenerator &rng, unsigned int level) const =0
Check this object for errors.
DecodingResult::messageLength
size_t messageLength
Recovered message length if isValidCoding is true, undefined otherwise.
Definition: cryptlib.h:259
PK_SignatureScheme::MaxRecoverableLength
virtual size_t MaxRecoverableLength() const =0
Provides the length of longest message that can be recovered.
PK_Signer
Interface for public-key signers.
Definition: cryptlib.h:2542
PK_Signer::SignMessage
virtual size_t SignMessage(RandomNumberGenerator &rng, const byte *message, size_t messageLen, byte *signature) const
Sign a message.
Definition: cryptlib.cpp:876
rsa.h
Classes for the RSA cryptosystem.
MQV_Domain
MQV domain for performing authenticated key agreement.
Definition: mqv.h:28
RSAES_OAEP_SHA_Decryptor
RSAES<OAEP<SHA>>::Decryptor typedef
Definition: rsa.h:206
dsa.h
Classes for the DSA signature algorithm.
HMQV_Domain
Hashed Menezes-Qu-Vanstone in GF(p)
Definition: hmqv.h:24
PublicKeyAlgorithm::GetMaterial
const CryptoMaterial & GetMaterial() const
Retrieves a reference to a Public Key.
Definition: cryptlib.h:2245
PK_SignatureScheme::MaxRecoverableLengthFromSignatureLength
virtual size_t MaxRecoverableLengthFromSignatureLength(size_t signatureLength) const =0
Provides the length of longest message that can be recovered from a signature of given length.
IntToString
std::string IntToString(T value, unsigned int base=10)
Converts a value to a string.
Definition: misc.h:530
DecodingResult
Returns a decoding results.
Definition: cryptlib.h:237
PK_Decryptor::Decrypt
virtual DecodingResult Decrypt(RandomNumberGenerator &rng, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs &parameters=g_nullNameValuePairs) const =0
Decrypt a byte string.
RSAES_OAEP_SHA_Encryptor
RSAES<OAEP<SHA>>::Encryptor typedef
Definition: rsa.h:209
asn.h
Classes and functions for working with ANS.1 objects.
oids.h
ASN.1 object identifiers for algorthms and schemes.
BlumBlumShub
BlumBlumShub with factorization of the modulus.
Definition: blumshub.h:43
PK_Encryptor::Encrypt
virtual void Encrypt(RandomNumberGenerator &rng, const byte *plaintext, size_t plaintextLength, byte *ciphertext, const NameValuePairs &parameters=g_nullNameValuePairs) const =0
Encrypt a byte string.
XTR_DH
XTR-DH with key validation.
Definition: xtrcrypt.h:17
mqv.h
Classes for Menezes–Qu–Vanstone (MQV) key agreement.
Weak::RSASSA_PKCS1v15_MD2_Signer
RSASS<PKCS1v15, Weak::MD2>::Signer typedef
Definition: rsa.h:223
GeneratableCryptoMaterial::GenerateRandomWithKeySize
void GenerateRandomWithKeySize(RandomNumberGenerator &rng, unsigned int keySize)
Generate a random key or crypto parameters.
Definition: cryptlib.cpp:772
blumshub.h
Classes for Blum Blum Shub generator.
Weak::RSASSA_PKCS1v15_MD2_Verifier
RSASS<PKCS1v15, Weak::MD2>::Verifier typedef
Definition: rsa.h:226
PK_Verifier
Interface for public-key signature verifiers.
Definition: cryptlib.h:2609
g_nullNameValuePairs
const NameValuePairs & g_nullNameValuePairs
An empty set of name-value pairs.
Definition: cryptlib.cpp:80
RabinES
Rabin encryption.
Definition: rabin.h:95
CryptoPP
Crypto++ library namespace.
PK_CryptoSystem::CiphertextLength
virtual size_t CiphertextLength(size_t plaintextLength) const =0
Calculate the length of ciphertext given length of plaintext.
PK_Verifier::VerifyMessage
virtual bool VerifyMessage(const byte *message, size_t messageLen, const byte *signature, size_t signatureLen) const
Check whether input signature is a valid signature for input message.
Definition: cryptlib.cpp:898
osrng.h
Classes for access to the operating system's random number generators.
eccrypto.h
Classes and functions for Elliptic Curves over prime and binary fields.
FileSource
file-based implementation of Source interface
Definition: files.h:56
DecodingResult::isValidCoding
bool isValidCoding
Flag to indicate the decoding is valid.
Definition: cryptlib.h:257
rw.h
Classes for Rabin-Williams signature scheme.
hmqv.h
Classes for Hashed Menezes-Qu-Vanstone key agreement in GF(p)
DL_GroupParameters_GFP_DefaultSafePrime
GF(p) group parameters that default to same primes.
Definition: gfpcrypt.h:171
PK_FinalTemplate
Template implementing constructors for public key algorithm classes.
Definition: pubkey.h:2041
ec2n.h
Classes for Elliptic Curves over binary fields.
RSAES
RSA encryption algorithm.
Definition: rsa.h:166
FixedRNG::GenerateBlock
void GenerateBlock(byte *output, size_t size)
Generate random array of bytes.
Definition: validat2.cpp:68
cryptlib.h
Abstract base classes that provide a uniform interface to this library.
DH_Domain
Diffie-Hellman domain.
Definition: dh.h:24
ConstByteArrayParameter
Used to pass byte array input as part of a NameValuePairs object.
Definition: algparam.h:30
integer.h
Multiple precision integer with arithmetic operations.
FixedRNG
Definition: validat2.cpp:64
PK_Signer::SignMessageWithRecovery
virtual size_t SignMessageWithRecovery(RandomNumberGenerator &rng, const byte *recoverableMessage, size_t recoverableMessageLength, const byte *nonrecoverableMessage, size_t nonrecoverableMessageLength, byte *signature) const
Sign a recoverable message.
Definition: cryptlib.cpp:883
Integer
Multiple precision integer with arithmetic operations.
Definition: integer.h:46
GF2NT
GF(2^n) with Trinomial Basis.
Definition: gf2n.h:319
PK_SignatureScheme::MaxSignatureLength
virtual size_t MaxSignatureLength(size_t recoverablePartLength=0) const
Provides the maximum signature length produced given the length of the recoverable message part.
Definition: cryptlib.h:2480
rabin.h
Classes for Rabin encryption and signature schemes.
xtrcrypt.h
"The XTR public key system" by Arjen K.