Crypto++  5.6.4
Free C++ class library of cryptographic schemes
validat2.cpp
1 // validat2.cpp - written and placed in the public domain by Wei Dai
2 
3 #include "pch.h"
4 
5 #define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1
6 
7 #include "cryptlib.h"
8 #include "pubkey.h"
9 #include "gfpcrypt.h"
10 #include "eccrypto.h"
11 #include "blumshub.h"
12 #include "filters.h"
13 #include "files.h"
14 #include "rsa.h"
15 #include "md2.h"
16 #include "elgamal.h"
17 #include "nr.h"
18 #include "dsa.h"
19 #include "dh.h"
20 #include "mqv.h"
21 #include "hmqv.h"
22 #include "fhmqv.h"
23 #include "luc.h"
24 #include "xtrcrypt.h"
25 #include "rabin.h"
26 #include "rw.h"
27 #include "eccrypto.h"
28 #include "integer.h"
29 #include "gf2n.h"
30 #include "ecp.h"
31 #include "ec2n.h"
32 #include "asn.h"
33 #include "rng.h"
34 #include "hex.h"
35 #include "oids.h"
36 #include "esign.h"
37 #include "osrng.h"
38 #include "smartptr.h"
39 
40 #include <iostream>
41 #include <sstream>
42 #include <iomanip>
43 
44 #include "validate.h"
45 
46 // Aggressive stack checking with VS2005 SP1 and above.
47 #if (CRYPTOPP_MSC_VERSION >= 1410)
48 # pragma strict_gs_check (on)
49 #endif
50 
51 // Quiet deprecated warnings intended to benefit users.
52 #if CRYPTOPP_MSC_VERSION
53 # pragma warning(disable: 4996)
54 #endif
55 
56 #if CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE
57 # pragma GCC diagnostic ignored "-Wdeprecated-declarations"
58 #endif
59 
60 USING_NAMESPACE(CryptoPP)
61 USING_NAMESPACE(std)
62 
64 {
65 public:
66  FixedRNG(BufferedTransformation &source) : m_source(source) {}
67 
68  void GenerateBlock(byte *output, size_t size)
69  {
70  m_source.Get(output, size);
71  }
72 
73 private:
74  BufferedTransformation &m_source;
75 };
76 
77 bool ValidateBBS()
78 {
79  cout << "\nBlumBlumShub validation suite running...\n\n";
80 
81  Integer p("212004934506826557583707108431463840565872545889679278744389317666981496005411448865750399674653351");
82  Integer q("100677295735404212434355574418077394581488455772477016953458064183204108039226017738610663984508231");
83  Integer seed("63239752671357255800299643604761065219897634268887145610573595874544114193025997412441121667211431");
84  BlumBlumShub bbs(p, q, seed);
85  bool pass = true, fail;
86  int j;
87 
88  static const byte output1[] = {
89  0x49,0xEA,0x2C,0xFD,0xB0,0x10,0x64,0xA0,0xBB,0xB9,
90  0x2A,0xF1,0x01,0xDA,0xC1,0x8A,0x94,0xF7,0xB7,0xCE};
91  static const byte output2[] = {
92  0x74,0x45,0x48,0xAE,0xAC,0xB7,0x0E,0xDF,0xAF,0xD7,
93  0xD5,0x0E,0x8E,0x29,0x83,0x75,0x6B,0x27,0x46,0xA1};
94 
95  // Coverity finding, also see http://stackoverflow.com/a/34509163/608639.
96  StreamState ss(cout);
97  byte buf[20];
98 
99  bbs.GenerateBlock(buf, 20);
100  fail = memcmp(output1, buf, 20) != 0;
101  pass = pass && !fail;
102 
103  cout << (fail ? "FAILED " : "passed ");
104  for (j=0;j<20;j++)
105  cout << setw(2) << setfill('0') << hex << (int)buf[j];
106  cout << endl;
107 
108  bbs.Seek(10);
109  bbs.GenerateBlock(buf, 10);
110  fail = memcmp(output1+10, buf, 10) != 0;
111  pass = pass && !fail;
112 
113  cout << (fail ? "FAILED " : "passed ");
114  for (j=0;j<10;j++)
115  cout << setw(2) << setfill('0') << hex << (int)buf[j];
116  cout << endl;
117 
118  bbs.Seek(1234567);
119  bbs.GenerateBlock(buf, 20);
120  fail = memcmp(output2, buf, 20) != 0;
121  pass = pass && !fail;
122 
123  cout << (fail ? "FAILED " : "passed ");
124  for (j=0;j<20;j++)
125  cout << setw(2) << setfill('0') << hex << (int)buf[j];
126  cout << endl;
127 
128  return pass;
129 }
130 
131 bool SignatureValidate(PK_Signer &priv, PK_Verifier &pub, bool thorough = false)
132 {
133  bool pass = true, fail;
134 
135  fail = !pub.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2) || !priv.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2);
136  pass = pass && !fail;
137 
138  cout << (fail ? "FAILED " : "passed ");
139  cout << "signature key validation\n";
140 
141  const byte *message = (byte *)"test message";
142  const int messageLen = 12;
143 
144  SecByteBlock signature(priv.MaxSignatureLength());
145  size_t signatureLength = priv.SignMessage(GlobalRNG(), message, messageLen, signature);
146  fail = !pub.VerifyMessage(message, messageLen, signature, signatureLength);
147  pass = pass && !fail;
148 
149  cout << (fail ? "FAILED " : "passed ");
150  cout << "signature and verification\n";
151 
152  ++signature[0];
153  fail = pub.VerifyMessage(message, messageLen, signature, signatureLength);
154  pass = pass && !fail;
155 
156  cout << (fail ? "FAILED " : "passed ");
157  cout << "checking invalid signature" << endl;
158 
159  if (priv.MaxRecoverableLength() > 0)
160  {
161  signatureLength = priv.SignMessageWithRecovery(GlobalRNG(), message, messageLen, NULL, 0, signature);
162  SecByteBlock recovered(priv.MaxRecoverableLengthFromSignatureLength(signatureLength));
163  DecodingResult result = pub.RecoverMessage(recovered, NULL, 0, signature, signatureLength);
164  fail = !(result.isValidCoding && result.messageLength == messageLen && memcmp(recovered, message, messageLen) == 0);
165  pass = pass && !fail;
166 
167  cout << (fail ? "FAILED " : "passed ");
168  cout << "signature and verification with recovery" << endl;
169 
170  ++signature[0];
171  result = pub.RecoverMessage(recovered, NULL, 0, signature, signatureLength);
172  fail = result.isValidCoding;
173  pass = pass && !fail;
174 
175  cout << (fail ? "FAILED " : "passed ");
176  cout << "recovery with invalid signature" << endl;
177  }
178 
179  return pass;
180 }
181 
182 bool CryptoSystemValidate(PK_Decryptor &priv, PK_Encryptor &pub, bool thorough = false)
183 {
184  bool pass = true, fail;
185 
186  fail = !pub.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2) || !priv.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2);
187  pass = pass && !fail;
188 
189  cout << (fail ? "FAILED " : "passed ");
190  cout << "cryptosystem key validation\n";
191 
192  const byte *message = (byte *)"test message";
193  const int messageLen = 12;
194  SecByteBlock ciphertext(priv.CiphertextLength(messageLen));
195  SecByteBlock plaintext(priv.MaxPlaintextLength(ciphertext.size()));
196 
197  pub.Encrypt(GlobalRNG(), message, messageLen, ciphertext);
198  fail = priv.Decrypt(GlobalRNG(), ciphertext, priv.CiphertextLength(messageLen), plaintext) != DecodingResult(messageLen);
199  fail = fail || memcmp(message, plaintext, messageLen);
200  pass = pass && !fail;
201 
202  cout << (fail ? "FAILED " : "passed ");
203  cout << "encryption and decryption\n";
204 
205  return pass;
206 }
207 
208 bool SimpleKeyAgreementValidate(SimpleKeyAgreementDomain &d)
209 {
210  if (d.GetCryptoParameters().Validate(GlobalRNG(), 3))
211  cout << "passed simple key agreement domain parameters validation" << endl;
212  else
213  {
214  cout << "FAILED simple key agreement domain parameters invalid" << endl;
215  return false;
216  }
217 
218  SecByteBlock priv1(d.PrivateKeyLength()), priv2(d.PrivateKeyLength());
219  SecByteBlock pub1(d.PublicKeyLength()), pub2(d.PublicKeyLength());
220  SecByteBlock val1(d.AgreedValueLength()), val2(d.AgreedValueLength());
221 
222  d.GenerateKeyPair(GlobalRNG(), priv1, pub1);
223  d.GenerateKeyPair(GlobalRNG(), priv2, pub2);
224 
225  memset(val1.begin(), 0x10, val1.size());
226  memset(val2.begin(), 0x11, val2.size());
227 
228  if (!(d.Agree(val1, priv1, pub2) && d.Agree(val2, priv2, pub1)))
229  {
230  cout << "FAILED simple key agreement failed" << endl;
231  return false;
232  }
233 
234  if (memcmp(val1.begin(), val2.begin(), d.AgreedValueLength()))
235  {
236  cout << "FAILED simple agreed values not equal" << endl;
237  return false;
238  }
239 
240  cout << "passed simple key agreement" << endl;
241  return true;
242 }
243 
244 bool AuthenticatedKeyAgreementValidate(AuthenticatedKeyAgreementDomain &d)
245 {
246  if (d.GetCryptoParameters().Validate(GlobalRNG(), 3))
247  cout << "passed authenticated key agreement domain parameters validation" << endl;
248  else
249  {
250  cout << "FAILED authenticated key agreement domain parameters invalid" << endl;
251  return false;
252  }
253 
258  SecByteBlock val1(d.AgreedValueLength()), val2(d.AgreedValueLength());
259 
260  d.GenerateStaticKeyPair(GlobalRNG(), spriv1, spub1);
261  d.GenerateStaticKeyPair(GlobalRNG(), spriv2, spub2);
262  d.GenerateEphemeralKeyPair(GlobalRNG(), epriv1, epub1);
263  d.GenerateEphemeralKeyPair(GlobalRNG(), epriv2, epub2);
264 
265  memset(val1.begin(), 0x10, val1.size());
266  memset(val2.begin(), 0x11, val2.size());
267 
268  if (!(d.Agree(val1, spriv1, epriv1, spub2, epub2) && d.Agree(val2, spriv2, epriv2, spub1, epub1)))
269  {
270  cout << "FAILED authenticated key agreement failed" << endl;
271  return false;
272  }
273 
274  if (memcmp(val1.begin(), val2.begin(), d.AgreedValueLength()))
275  {
276  cout << "FAILED authenticated agreed values not equal" << endl;
277  return false;
278  }
279 
280  cout << "passed authenticated key agreement" << endl;
281  return true;
282 }
283 
284 bool ValidateRSA()
285 {
286  cout << "\nRSA validation suite running...\n\n";
287 
288  byte out[100], outPlain[100];
289  bool pass = true, fail;
290 
291  {
292  const char *plain = "Everyone gets Friday off.";
293  static const byte signature[] =
294  "\x05\xfa\x6a\x81\x2f\xc7\xdf\x8b\xf4\xf2\x54\x25\x09\xe0\x3e\x84"
295  "\x6e\x11\xb9\xc6\x20\xbe\x20\x09\xef\xb4\x40\xef\xbc\xc6\x69\x21"
296  "\x69\x94\xac\x04\xf3\x41\xb5\x7d\x05\x20\x2d\x42\x8f\xb2\xa2\x7b"
297  "\x5c\x77\xdf\xd9\xb1\x5b\xfc\x3d\x55\x93\x53\x50\x34\x10\xc1\xe1";
298 
299  FileSource keys(CRYPTOPP_DATA_DIR "TestData/rsa512a.dat", true, new HexDecoder);
300  Weak::RSASSA_PKCS1v15_MD2_Signer rsaPriv(keys);
301  Weak::RSASSA_PKCS1v15_MD2_Verifier rsaPub(rsaPriv);
302 
303  size_t signatureLength = rsaPriv.SignMessage(GlobalRNG(), (byte *)plain, strlen(plain), out);
304  fail = memcmp(signature, out, 64) != 0;
305  pass = pass && !fail;
306 
307  cout << (fail ? "FAILED " : "passed ");
308  cout << "signature check against test vector\n";
309 
310  fail = !rsaPub.VerifyMessage((byte *)plain, strlen(plain), out, signatureLength);
311  pass = pass && !fail;
312 
313  cout << (fail ? "FAILED " : "passed ");
314  cout << "verification check against test vector\n";
315 
316  out[10]++;
317  fail = rsaPub.VerifyMessage((byte *)plain, strlen(plain), out, signatureLength);
318  pass = pass && !fail;
319 
320  cout << (fail ? "FAILED " : "passed ");
321  cout << "invalid signature verification\n";
322  }
323  {
324  FileSource keys(CRYPTOPP_DATA_DIR "TestData/rsa1024.dat", true, new HexDecoder);
325  RSAES_PKCS1v15_Decryptor rsaPriv(keys);
326  RSAES_PKCS1v15_Encryptor rsaPub(rsaPriv);
327 
328  pass = CryptoSystemValidate(rsaPriv, rsaPub) && pass;
329  }
330  {
331  RSAES<OAEP<SHA> >::Decryptor rsaPriv(GlobalRNG(), 512);
332  RSAES<OAEP<SHA> >::Encryptor rsaPub(rsaPriv);
333 
334  pass = CryptoSystemValidate(rsaPriv, rsaPub) && pass;
335  }
336  {
337  byte *plain = (byte *)
338  "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
339  static const byte encrypted[] =
340  "\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a"
341  "\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4"
342  "\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52"
343  "\x62\x51";
344  static const byte oaepSeed[] =
345  "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2"
346  "\xf0\x6c\xb5\x8f";
347  ByteQueue bq;
348  bq.Put(oaepSeed, 20);
349  FixedRNG rng(bq);
350 
351  FileSource privFile(CRYPTOPP_DATA_DIR "TestData/rsa400pv.dat", true, new HexDecoder);
352  FileSource pubFile(CRYPTOPP_DATA_DIR "TestData/rsa400pb.dat", true, new HexDecoder);
353  RSAES_OAEP_SHA_Decryptor rsaPriv;
354  rsaPriv.AccessKey().BERDecodePrivateKey(privFile, false, 0);
355  RSAES_OAEP_SHA_Encryptor rsaPub(pubFile);
356 
357  memset(out, 0, 50);
358  memset(outPlain, 0, 8);
359  rsaPub.Encrypt(rng, plain, 8, out);
360  DecodingResult result = rsaPriv.FixedLengthDecrypt(GlobalRNG(), encrypted, outPlain);
361  fail = !result.isValidCoding || (result.messageLength!=8) || memcmp(out, encrypted, 50) || memcmp(plain, outPlain, 8);
362  pass = pass && !fail;
363 
364  cout << (fail ? "FAILED " : "passed ");
365  cout << "PKCS 2.0 encryption and decryption\n";
366  }
367 
368  return pass;
369 }
370 
371 bool ValidateDH()
372 {
373  cout << "\nDH validation suite running...\n\n";
374 
375  FileSource f(CRYPTOPP_DATA_DIR "TestData/dh1024.dat", true, new HexDecoder());
376  DH dh(f);
377  return SimpleKeyAgreementValidate(dh);
378 }
379 
380 bool ValidateMQV()
381 {
382  cout << "\nMQV validation suite running...\n\n";
383 
384  FileSource f(CRYPTOPP_DATA_DIR "TestData/mqv1024.dat", true, new HexDecoder());
385  MQV mqv(f);
386  return AuthenticatedKeyAgreementValidate(mqv);
387 }
388 
389 bool ValidateHMQV()
390 {
391  std::cout << "\nHMQV validation suite running...\n\n";
392 
393  //ECHMQV< ECP >::Domain hmqvB(false /*server*/);
394  ECHMQV256 hmqvB(false);
395  FileSource f256(CRYPTOPP_DATA_DIR "TestData/hmqv256.dat", true, new HexDecoder());
396  FileSource f384(CRYPTOPP_DATA_DIR "TestData/hmqv384.dat", true, new HexDecoder());
397  FileSource f512(CRYPTOPP_DATA_DIR "TestData/hmqv512.dat", true, new HexDecoder());
398  hmqvB.AccessGroupParameters().BERDecode(f256);
399 
400  std::cout << "HMQV with NIST P-256 and SHA-256:" << std::endl;
401 
402  if (hmqvB.GetCryptoParameters().Validate(GlobalRNG(), 3))
403  std::cout << "passed authenticated key agreement domain parameters validation (server)" << std::endl;
404  else
405  {
406  std::cout << "FAILED authenticated key agreement domain parameters invalid (server)" << std::endl;
407  return false;
408  }
409 
410  const OID oid = ASN1::secp256r1();
411  ECHMQV< ECP >::Domain hmqvA(oid, true /*client*/);
412 
413  if (hmqvA.GetCryptoParameters().Validate(GlobalRNG(), 3))
414  std::cout << "passed authenticated key agreement domain parameters validation (client)" << std::endl;
415  else
416  {
417  std::cout << "FAILED authenticated key agreement domain parameters invalid (client)" << std::endl;
418  return false;
419  }
420 
421  SecByteBlock sprivA(hmqvA.StaticPrivateKeyLength()), sprivB(hmqvB.StaticPrivateKeyLength());
422  SecByteBlock eprivA(hmqvA.EphemeralPrivateKeyLength()), eprivB(hmqvB.EphemeralPrivateKeyLength());
423  SecByteBlock spubA(hmqvA.StaticPublicKeyLength()), spubB(hmqvB.StaticPublicKeyLength());
424  SecByteBlock epubA(hmqvA.EphemeralPublicKeyLength()), epubB(hmqvB.EphemeralPublicKeyLength());
425  SecByteBlock valA(hmqvA.AgreedValueLength()), valB(hmqvB.AgreedValueLength());
426 
427  hmqvA.GenerateStaticKeyPair(GlobalRNG(), sprivA, spubA);
428  hmqvB.GenerateStaticKeyPair(GlobalRNG(), sprivB, spubB);
429  hmqvA.GenerateEphemeralKeyPair(GlobalRNG(), eprivA, epubA);
430  hmqvB.GenerateEphemeralKeyPair(GlobalRNG(), eprivB, epubB);
431 
432  memset(valA.begin(), 0x00, valA.size());
433  memset(valB.begin(), 0x11, valB.size());
434 
435  if (!(hmqvA.Agree(valA, sprivA, eprivA, spubB, epubB) && hmqvB.Agree(valB, sprivB, eprivB, spubA, epubA)))
436  {
437  std::cout << "FAILED authenticated key agreement failed" << std::endl;
438  return false;
439  }
440 
441  if (memcmp(valA.begin(), valB.begin(), hmqvA.AgreedValueLength()))
442  {
443  std::cout << "FAILED authenticated agreed values not equal" << std::endl;
444  return false;
445  }
446 
447  std::cout << "passed authenticated key agreement" << std::endl;
448 
449  // Now test HMQV with NIST P-384 curve and SHA384 hash
450  std::cout << endl;
451  std::cout << "HMQV with NIST P-384 and SHA-384:" << std::endl;
452 
453  ECHMQV384 hmqvB384(false);
454  hmqvB384.AccessGroupParameters().BERDecode(f384);
455 
456  if (hmqvB384.GetCryptoParameters().Validate(GlobalRNG(), 3))
457  std::cout << "passed authenticated key agreement domain parameters validation (server)" << std::endl;
458  else
459  {
460  std::cout << "FAILED authenticated key agreement domain parameters invalid (server)" << std::endl;
461  return false;
462  }
463 
464  const OID oid384 = ASN1::secp384r1();
465  ECHMQV384 hmqvA384(oid384, true /*client*/);
466 
467  if (hmqvA384.GetCryptoParameters().Validate(GlobalRNG(), 3))
468  std::cout << "passed authenticated key agreement domain parameters validation (client)" << std::endl;
469  else
470  {
471  std::cout << "FAILED authenticated key agreement domain parameters invalid (client)" << std::endl;
472  return false;
473  }
474 
475  SecByteBlock sprivA384(hmqvA384.StaticPrivateKeyLength()), sprivB384(hmqvB384.StaticPrivateKeyLength());
476  SecByteBlock eprivA384(hmqvA384.EphemeralPrivateKeyLength()), eprivB384(hmqvB384.EphemeralPrivateKeyLength());
477  SecByteBlock spubA384(hmqvA384.StaticPublicKeyLength()), spubB384(hmqvB384.StaticPublicKeyLength());
478  SecByteBlock epubA384(hmqvA384.EphemeralPublicKeyLength()), epubB384(hmqvB384.EphemeralPublicKeyLength());
479  SecByteBlock valA384(hmqvA384.AgreedValueLength()), valB384(hmqvB384.AgreedValueLength());
480 
481  hmqvA384.GenerateStaticKeyPair(GlobalRNG(), sprivA384, spubA384);
482  hmqvB384.GenerateStaticKeyPair(GlobalRNG(), sprivB384, spubB384);
483  hmqvA384.GenerateEphemeralKeyPair(GlobalRNG(), eprivA384, epubA384);
484  hmqvB384.GenerateEphemeralKeyPair(GlobalRNG(), eprivB384, epubB384);
485 
486  memset(valA384.begin(), 0x00, valA384.size());
487  memset(valB384.begin(), 0x11, valB384.size());
488 
489  if (!(hmqvA384.Agree(valA384, sprivA384, eprivA384, spubB384, epubB384) && hmqvB384.Agree(valB384, sprivB384, eprivB384, spubA384, epubA384)))
490  {
491  std::cout << "FAILED authenticated key agreement failed" << std::endl;
492  return false;
493  }
494 
495  if (memcmp(valA384.begin(), valB384.begin(), hmqvA384.AgreedValueLength()))
496  {
497  std::cout << "FAILED authenticated agreed values not equal" << std::endl;
498  return false;
499  }
500 
501  std::cout << "passed authenticated key agreement" << std::endl;
502 
503  return true;
504 }
505 
506 bool ValidateFHMQV()
507 {
508  std::cout << "\nFHMQV validation suite running...\n\n";
509 
510  //ECFHMQV< ECP >::Domain fhmqvB(false /*server*/);
511  ECFHMQV256 fhmqvB(false);
512  FileSource f256(CRYPTOPP_DATA_DIR "TestData/fhmqv256.dat", true, new HexDecoder());
513  FileSource f384(CRYPTOPP_DATA_DIR "TestData/fhmqv384.dat", true, new HexDecoder());
514  FileSource f512(CRYPTOPP_DATA_DIR "TestData/fhmqv512.dat", true, new HexDecoder());
515  fhmqvB.AccessGroupParameters().BERDecode(f256);
516 
517  std::cout << "FHMQV with NIST P-256 and SHA-256:" << std::endl;
518 
519  if (fhmqvB.GetCryptoParameters().Validate(GlobalRNG(), 3))
520  std::cout << "passed authenticated key agreement domain parameters validation (server)" << std::endl;
521  else
522  {
523  std::cout << "FAILED authenticated key agreement domain parameters invalid (server)" << std::endl;
524  return false;
525  }
526 
527  const OID oid = ASN1::secp256r1();
528  ECFHMQV< ECP >::Domain fhmqvA(oid, true /*client*/);
529 
530  if (fhmqvA.GetCryptoParameters().Validate(GlobalRNG(), 3))
531  std::cout << "passed authenticated key agreement domain parameters validation (client)" << std::endl;
532  else
533  {
534  std::cout << "FAILED authenticated key agreement domain parameters invalid (client)" << std::endl;
535  return false;
536  }
537 
538  SecByteBlock sprivA(fhmqvA.StaticPrivateKeyLength()), sprivB(fhmqvB.StaticPrivateKeyLength());
539  SecByteBlock eprivA(fhmqvA.EphemeralPrivateKeyLength()), eprivB(fhmqvB.EphemeralPrivateKeyLength());
540  SecByteBlock spubA(fhmqvA.StaticPublicKeyLength()), spubB(fhmqvB.StaticPublicKeyLength());
541  SecByteBlock epubA(fhmqvA.EphemeralPublicKeyLength()), epubB(fhmqvB.EphemeralPublicKeyLength());
542  SecByteBlock valA(fhmqvA.AgreedValueLength()), valB(fhmqvB.AgreedValueLength());
543 
544  fhmqvA.GenerateStaticKeyPair(GlobalRNG(), sprivA, spubA);
545  fhmqvB.GenerateStaticKeyPair(GlobalRNG(), sprivB, spubB);
546  fhmqvA.GenerateEphemeralKeyPair(GlobalRNG(), eprivA, epubA);
547  fhmqvB.GenerateEphemeralKeyPair(GlobalRNG(), eprivB, epubB);
548 
549  memset(valA.begin(), 0x00, valA.size());
550  memset(valB.begin(), 0x11, valB.size());
551 
552  if (!(fhmqvA.Agree(valA, sprivA, eprivA, spubB, epubB) && fhmqvB.Agree(valB, sprivB, eprivB, spubA, epubA)))
553  {
554  std::cout << "FAILED authenticated key agreement failed" << std::endl;
555  return false;
556  }
557 
558  if (memcmp(valA.begin(), valB.begin(), fhmqvA.AgreedValueLength()))
559  {
560  std::cout << "FAILED authenticated agreed values not equal" << std::endl;
561  return false;
562  }
563 
564  std::cout << "passed authenticated key agreement" << std::endl;
565 
566  // Now test FHMQV with NIST P-384 curve and SHA384 hash
567  std::cout << endl;
568  std::cout << "FHMQV with NIST P-384 and SHA-384:" << std::endl;
569 
570  ECHMQV384 fhmqvB384(false);
571  fhmqvB384.AccessGroupParameters().BERDecode(f384);
572 
573  if (fhmqvB384.GetCryptoParameters().Validate(GlobalRNG(), 3))
574  std::cout << "passed authenticated key agreement domain parameters validation (server)" << std::endl;
575  else
576  {
577  std::cout << "FAILED authenticated key agreement domain parameters invalid (server)" << std::endl;
578  return false;
579  }
580 
581  const OID oid384 = ASN1::secp384r1();
582  ECHMQV384 fhmqvA384(oid384, true /*client*/);
583 
584  if (fhmqvA384.GetCryptoParameters().Validate(GlobalRNG(), 3))
585  std::cout << "passed authenticated key agreement domain parameters validation (client)" << std::endl;
586  else
587  {
588  std::cout << "FAILED authenticated key agreement domain parameters invalid (client)" << std::endl;
589  return false;
590  }
591 
592  SecByteBlock sprivA384(fhmqvA384.StaticPrivateKeyLength()), sprivB384(fhmqvB384.StaticPrivateKeyLength());
593  SecByteBlock eprivA384(fhmqvA384.EphemeralPrivateKeyLength()), eprivB384(fhmqvB384.EphemeralPrivateKeyLength());
594  SecByteBlock spubA384(fhmqvA384.StaticPublicKeyLength()), spubB384(fhmqvB384.StaticPublicKeyLength());
595  SecByteBlock epubA384(fhmqvA384.EphemeralPublicKeyLength()), epubB384(fhmqvB384.EphemeralPublicKeyLength());
596  SecByteBlock valA384(fhmqvA384.AgreedValueLength()), valB384(fhmqvB384.AgreedValueLength());
597 
598  fhmqvA384.GenerateStaticKeyPair(GlobalRNG(), sprivA384, spubA384);
599  fhmqvB384.GenerateStaticKeyPair(GlobalRNG(), sprivB384, spubB384);
600  fhmqvA384.GenerateEphemeralKeyPair(GlobalRNG(), eprivA384, epubA384);
601  fhmqvB384.GenerateEphemeralKeyPair(GlobalRNG(), eprivB384, epubB384);
602 
603  memset(valA384.begin(), 0x00, valA384.size());
604  memset(valB384.begin(), 0x11, valB384.size());
605 
606  if (!(fhmqvA384.Agree(valA384, sprivA384, eprivA384, spubB384, epubB384) && fhmqvB384.Agree(valB384, sprivB384, eprivB384, spubA384, epubA384)))
607  {
608  std::cout << "FAILED authenticated key agreement failed" << std::endl;
609  return false;
610  }
611 
612  if (memcmp(valA384.begin(), valB384.begin(), fhmqvA384.AgreedValueLength()))
613  {
614  std::cout << "FAILED authenticated agreed values not equal" << std::endl;
615  return false;
616  }
617 
618  std::cout << "passed authenticated key agreement" << std::endl;
619 
620  return true;
621 }
622 
623 bool ValidateLUC_DH()
624 {
625  cout << "\nLUC-DH validation suite running...\n\n";
626 
627  FileSource f(CRYPTOPP_DATA_DIR "TestData/lucd512.dat", true, new HexDecoder());
628  LUC_DH dh(f);
629  return SimpleKeyAgreementValidate(dh);
630 }
631 
632 bool ValidateXTR_DH()
633 {
634  cout << "\nXTR-DH validation suite running...\n\n";
635 
636  FileSource f(CRYPTOPP_DATA_DIR "TestData/xtrdh171.dat", true, new HexDecoder());
637  XTR_DH dh(f);
638  return SimpleKeyAgreementValidate(dh);
639 }
640 
641 bool ValidateElGamal()
642 {
643  cout << "\nElGamal validation suite running...\n\n";
644  bool pass = true;
645  {
646  FileSource fc(CRYPTOPP_DATA_DIR "TestData/elgc1024.dat", true, new HexDecoder);
647  ElGamalDecryptor privC(fc);
648  ElGamalEncryptor pubC(privC);
649  privC.AccessKey().Precompute();
650  ByteQueue queue;
651  privC.AccessKey().SavePrecomputation(queue);
652  privC.AccessKey().LoadPrecomputation(queue);
653 
654  pass = CryptoSystemValidate(privC, pubC) && pass;
655  }
656  return pass;
657 }
658 
659 bool ValidateDLIES()
660 {
661  cout << "\nDLIES validation suite running...\n\n";
662  bool pass = true;
663  {
664  FileSource fc(CRYPTOPP_DATA_DIR "TestData/dlie1024.dat", true, new HexDecoder);
665  DLIES<>::Decryptor privC(fc);
666  DLIES<>::Encryptor pubC(privC);
667  pass = CryptoSystemValidate(privC, pubC) && pass;
668  }
669  {
670  cout << "Generating new encryption key..." << endl;
672  gp.GenerateRandomWithKeySize(GlobalRNG(), 128);
673  DLIES<>::Decryptor decryptor;
674  decryptor.AccessKey().GenerateRandom(GlobalRNG(), gp);
675  DLIES<>::Encryptor encryptor(decryptor);
676 
677  pass = CryptoSystemValidate(decryptor, encryptor) && pass;
678  }
679  return pass;
680 }
681 
682 bool ValidateNR()
683 {
684  cout << "\nNR validation suite running...\n\n";
685  bool pass = true;
686  {
687  FileSource f(CRYPTOPP_DATA_DIR "TestData/nr2048.dat", true, new HexDecoder);
688  NR<SHA>::Signer privS(f);
689  privS.AccessKey().Precompute();
690  NR<SHA>::Verifier pubS(privS);
691 
692  pass = SignatureValidate(privS, pubS) && pass;
693  }
694  {
695  cout << "Generating new signature key..." << endl;
696  NR<SHA>::Signer privS(GlobalRNG(), 256);
697  NR<SHA>::Verifier pubS(privS);
698 
699  pass = SignatureValidate(privS, pubS) && pass;
700  }
701  return pass;
702 }
703 
704 bool ValidateDSA(bool thorough)
705 {
706  cout << "\nDSA validation suite running...\n\n";
707 
708  bool pass = true;
709  FileSource fs1(CRYPTOPP_DATA_DIR "TestData/dsa1024.dat", true, new HexDecoder());
710  DSA::Signer priv(fs1);
711  DSA::Verifier pub(priv);
712  FileSource fs2(CRYPTOPP_DATA_DIR "TestData/dsa1024b.dat", true, new HexDecoder());
713  DSA::Verifier pub1(fs2);
714  CRYPTOPP_ASSERT(pub.GetKey() == pub1.GetKey());
715  pass = SignatureValidate(priv, pub, thorough) && pass;
716  pass = RunTestDataFile(CRYPTOPP_DATA_DIR "TestVectors/dsa.txt", g_nullNameValuePairs, thorough) && pass;
717 
718  return pass;
719 }
720 
721 bool ValidateLUC()
722 {
723  cout << "\nLUC validation suite running...\n\n";
724  bool pass=true;
725 
726  {
727  FileSource f(CRYPTOPP_DATA_DIR "TestData/luc1024.dat", true, new HexDecoder);
730  pass = SignatureValidate(priv, pub) && pass;
731  }
732  {
733  LUCES_OAEP_SHA_Decryptor priv(GlobalRNG(), 512);
734  LUCES_OAEP_SHA_Encryptor pub(priv);
735  pass = CryptoSystemValidate(priv, pub) && pass;
736  }
737  return pass;
738 }
739 
740 bool ValidateLUC_DL()
741 {
742  cout << "\nLUC-HMP validation suite running...\n\n";
743 
744  FileSource f(CRYPTOPP_DATA_DIR "TestData/lucs512.dat", true, new HexDecoder);
745  LUC_HMP<SHA>::Signer privS(f);
746  LUC_HMP<SHA>::Verifier pubS(privS);
747  bool pass = SignatureValidate(privS, pubS);
748 
749  cout << "\nLUC-IES validation suite running...\n\n";
750 
751  FileSource fc(CRYPTOPP_DATA_DIR "TestData/lucc512.dat", true, new HexDecoder);
752  LUC_IES<>::Decryptor privC(fc);
753  LUC_IES<>::Encryptor pubC(privC);
754  pass = CryptoSystemValidate(privC, pubC) && pass;
755 
756  return pass;
757 }
758 
759 bool ValidateRabin()
760 {
761  cout << "\nRabin validation suite running...\n\n";
762  bool pass=true;
763 
764  {
765  FileSource f(CRYPTOPP_DATA_DIR "TestData/rabi1024.dat", true, new HexDecoder);
768  pass = SignatureValidate(priv, pub) && pass;
769  }
770  {
771  RabinES<OAEP<SHA> >::Decryptor priv(GlobalRNG(), 512);
772  RabinES<OAEP<SHA> >::Encryptor pub(priv);
773  pass = CryptoSystemValidate(priv, pub) && pass;
774  }
775  return pass;
776 }
777 
778 bool ValidateRW()
779 {
780  cout << "\nRW validation suite running...\n\n";
781 
782  FileSource f(CRYPTOPP_DATA_DIR "TestData/rw1024.dat", true, new HexDecoder);
783  RWSS<PSSR, SHA>::Signer priv(f);
784  RWSS<PSSR, SHA>::Verifier pub(priv);
785 
786  return SignatureValidate(priv, pub);
787 }
788 
789 /*
790 bool ValidateBlumGoldwasser()
791 {
792  cout << "\nBlumGoldwasser validation suite running...\n\n";
793 
794  FileSource f(CRYPTOPP_DATA_DIR "TestData/blum512.dat", true, new HexDecoder);
795  BlumGoldwasserPrivateKey priv(f);
796  BlumGoldwasserPublicKey pub(priv);
797 
798  return CryptoSystemValidate(priv, pub);
799 }
800 */
801 
802 #if CRYPTOPP_DEBUG && !defined(CRYPTOPP_IMPORTS)
803 // Issue 64: "PolynomialMod2::operator<<=", http://github.com/weidai11/cryptopp/issues/64
804 bool TestPolynomialMod2()
805 {
806  bool pass1 = true, pass2 = true, pass3 = true;
807 
808  cout << "\nTesting PolynomialMod2 bit operations...\n\n";
809 
810  static const unsigned int start = 0;
811  static const unsigned int stop = 4 * WORD_BITS + 1;
812 
813  for (unsigned int i=start; i < stop; i++)
814  {
815  PolynomialMod2 p(1);
816  p <<= i;
817 
818  Integer n(Integer::One());
819  n <<= i;
820 
821  std::ostringstream oss1;
822  oss1 << p;
823 
824  std::string str1, str2;
825 
826  // str1 needs the commas removed used for grouping
827  str1 = oss1.str();
828  str1.erase(std::remove(str1.begin(), str1.end(), ','), str1.end());
829 
830  // str1 needs the trailing 'b' removed
831  str1.erase(str1.end() - 1);
832 
833  // str2 is fine as-is
834  str2 = IntToString(n, 2);
835 
836  pass1 &= (str1 == str2);
837  }
838 
839  for (unsigned int i=start; i < stop; i++)
840  {
841  const word w((word)SIZE_MAX);
842 
843  PolynomialMod2 p(w);
844  p <<= i;
845 
846  Integer n(Integer::POSITIVE, static_cast<lword>(w));
847  n <<= i;
848 
849  std::ostringstream oss1;
850  oss1 << p;
851 
852  std::string str1, str2;
853 
854  // str1 needs the commas removed used for grouping
855  str1 = oss1.str();
856  str1.erase(std::remove(str1.begin(), str1.end(), ','), str1.end());
857 
858  // str1 needs the trailing 'b' removed
859  str1.erase(str1.end() - 1);
860 
861  // str2 is fine as-is
862  str2 = IntToString(n, 2);
863 
864  pass2 &= (str1 == str2);
865  }
866 
867  RandomNumberGenerator& prng = GlobalRNG();
868  for (unsigned int i=start; i < stop; i++)
869  {
870  word w; // Cast to lword due to Visual Studio
871  prng.GenerateBlock((byte*)&w, sizeof(w));
872 
873  PolynomialMod2 p(w);
874  p <<= i;
875 
876  Integer n(Integer::POSITIVE, static_cast<lword>(w));
877  n <<= i;
878 
879  std::ostringstream oss1;
880  oss1 << p;
881 
882  std::string str1, str2;
883 
884  // str1 needs the commas removed used for grouping
885  str1 = oss1.str();
886  str1.erase(std::remove(str1.begin(), str1.end(), ','), str1.end());
887 
888  // str1 needs the trailing 'b' removed
889  str1.erase(str1.end() - 1);
890 
891  // str2 is fine as-is
892  str2 = IntToString(n, 2);
893 
894  if (str1 != str2)
895  {
896  cout << " Oops..." << "\n";
897  cout << " random: " << std::hex << n << std::dec << "\n";
898  cout << " str1: " << str1 << "\n";
899  cout << " str2: " << str2 << "\n";
900  }
901 
902  pass3 &= (str1 == str2);
903  }
904 
905  cout << (!pass1 ? "FAILED" : "passed") << ": " << "1 shifted over range [" << dec << start << "," << stop << "]" << "\n";
906  cout << (!pass2 ? "FAILED" : "passed") << ": " << "0x" << hex << word(SIZE_MAX) << dec << " shifted over range [" << start << "," << stop << "]" << "\n";
907  cout << (!pass3 ? "FAILED" : "passed") << ": " << "random values shifted over range [" << dec << start << "," << stop << "]" << "\n";
908 
909  if (!(pass1 && pass2 && pass3))
910  cout.flush();
911 
912  return pass1 && pass2 && pass3;
913 }
914 #endif
915 
916 bool ValidateECP()
917 {
918  cout << "\nECP validation suite running...\n\n";
919 
920  ECIES<ECP>::Decryptor cpriv(GlobalRNG(), ASN1::secp192r1());
921  ECIES<ECP>::Encryptor cpub(cpriv);
922  ByteQueue bq;
923  cpriv.GetKey().DEREncode(bq);
924  cpub.AccessKey().AccessGroupParameters().SetEncodeAsOID(true);
925  cpub.GetKey().DEREncode(bq);
926  ECDSA<ECP, SHA>::Signer spriv(bq);
927  ECDSA<ECP, SHA>::Verifier spub(bq);
928  ECDH<ECP>::Domain ecdhc(ASN1::secp192r1());
929  ECMQV<ECP>::Domain ecmqvc(ASN1::secp192r1());
930 
931  spriv.AccessKey().Precompute();
932  ByteQueue queue;
933  spriv.AccessKey().SavePrecomputation(queue);
934  spriv.AccessKey().LoadPrecomputation(queue);
935 
936  bool pass = SignatureValidate(spriv, spub);
937  cpub.AccessKey().Precompute();
938  cpriv.AccessKey().Precompute();
939  pass = CryptoSystemValidate(cpriv, cpub) && pass;
940  pass = SimpleKeyAgreementValidate(ecdhc) && pass;
941  pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass;
942 
943  cout << "Turning on point compression..." << endl;
944  cpriv.AccessKey().AccessGroupParameters().SetPointCompression(true);
945  cpub.AccessKey().AccessGroupParameters().SetPointCompression(true);
946  ecdhc.AccessGroupParameters().SetPointCompression(true);
947  ecmqvc.AccessGroupParameters().SetPointCompression(true);
948  pass = CryptoSystemValidate(cpriv, cpub) && pass;
949  pass = SimpleKeyAgreementValidate(ecdhc) && pass;
950  pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass;
951 
952  cout << "Testing SEC 2, NIST, and Brainpool recommended curves..." << endl;
953  OID oid;
954  while (!(oid = DL_GroupParameters_EC<ECP>::GetNextRecommendedParametersOID(oid)).m_values.empty())
955  {
956  DL_GroupParameters_EC<ECP> params(oid);
957  bool fail = !params.Validate(GlobalRNG(), 2);
958  cout << (fail ? "FAILED" : "passed") << " " << dec << params.GetCurve().GetField().MaxElementBitLength() << " bits" << endl;
959  pass = pass && !fail;
960  }
961 
962  return pass;
963 }
964 
965 bool ValidateEC2N()
966 {
967  cout << "\nEC2N validation suite running...\n\n";
968 
969  ECIES<EC2N>::Decryptor cpriv(GlobalRNG(), ASN1::sect193r1());
970  ECIES<EC2N>::Encryptor cpub(cpriv);
971  ByteQueue bq;
972  cpriv.DEREncode(bq);
973  cpub.AccessKey().AccessGroupParameters().SetEncodeAsOID(true);
974  cpub.DEREncode(bq);
975  ECDSA<EC2N, SHA>::Signer spriv(bq);
977  ECDH<EC2N>::Domain ecdhc(ASN1::sect193r1());
978  ECMQV<EC2N>::Domain ecmqvc(ASN1::sect193r1());
979 
980  spriv.AccessKey().Precompute();
981  ByteQueue queue;
982  spriv.AccessKey().SavePrecomputation(queue);
983  spriv.AccessKey().LoadPrecomputation(queue);
984 
985  bool pass = SignatureValidate(spriv, spub);
986  pass = CryptoSystemValidate(cpriv, cpub) && pass;
987  pass = SimpleKeyAgreementValidate(ecdhc) && pass;
988  pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass;
989 
990  cout << "Turning on point compression..." << endl;
991  cpriv.AccessKey().AccessGroupParameters().SetPointCompression(true);
992  cpub.AccessKey().AccessGroupParameters().SetPointCompression(true);
993  ecdhc.AccessGroupParameters().SetPointCompression(true);
994  ecmqvc.AccessGroupParameters().SetPointCompression(true);
995  pass = CryptoSystemValidate(cpriv, cpub) && pass;
996  pass = SimpleKeyAgreementValidate(ecdhc) && pass;
997  pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass;
998 
999 #if 0 // TODO: turn this back on when I make EC2N faster for pentanomial basis
1000  cout << "Testing SEC 2 recommended curves..." << endl;
1001  OID oid;
1002  while (!(oid = DL_GroupParameters_EC<EC2N>::GetNextRecommendedParametersOID(oid)).m_values.empty())
1003  {
1004  DL_GroupParameters_EC<EC2N> params(oid);
1005  bool fail = !params.Validate(GlobalRNG(), 2);
1006  cout << (fail ? "FAILED" : "passed") << " " << params.GetCurve().GetField().MaxElementBitLength() << " bits" << endl;
1007  pass = pass && !fail;
1008  }
1009 #endif
1010 
1011  return pass;
1012 }
1013 
1014 bool ValidateECDSA()
1015 {
1016  cout << "\nECDSA validation suite running...\n\n";
1017 
1018  // from Sample Test Vectors for P1363
1019  GF2NT gf2n(191, 9, 0);
1020  byte a[]="\x28\x66\x53\x7B\x67\x67\x52\x63\x6A\x68\xF5\x65\x54\xE1\x26\x40\x27\x6B\x64\x9E\xF7\x52\x62\x67";
1021  byte b[]="\x2E\x45\xEF\x57\x1F\x00\x78\x6F\x67\xB0\x08\x1B\x94\x95\xA3\xD9\x54\x62\xF5\xDE\x0A\xA1\x85\xEC";
1022  EC2N ec(gf2n, PolynomialMod2(a,24), PolynomialMod2(b,24));
1023 
1024  EC2N::Point P;
1025  ec.DecodePoint(P, (byte *)"\x04\x36\xB3\xDA\xF8\xA2\x32\x06\xF9\xC4\xF2\x99\xD7\xB2\x1A\x9C\x36\x91\x37\xF2\xC8\x4A\xE1\xAA\x0D"
1026  "\x76\x5B\xE7\x34\x33\xB3\xF9\x5E\x33\x29\x32\xE7\x0E\xA2\x45\xCA\x24\x18\xEA\x0E\xF9\x80\x18\xFB", ec.EncodedPointSize());
1027  Integer n("40000000000000000000000004a20e90c39067c893bbb9a5H");
1028  Integer d("340562e1dda332f9d2aec168249b5696ee39d0ed4d03760fH");
1029  EC2N::Point Q(ec.Multiply(d, P));
1030  ECDSA<EC2N, SHA>::Signer priv(ec, P, n, d);
1031  ECDSA<EC2N, SHA>::Verifier pub(priv);
1032 
1033  Integer h("A9993E364706816ABA3E25717850C26C9CD0D89DH");
1034  Integer k("3eeace72b4919d991738d521879f787cb590aff8189d2b69H");
1035  static const byte sig[]="\x03\x8e\x5a\x11\xfb\x55\xe4\xc6\x54\x71\xdc\xd4\x99\x84\x52\xb1\xe0\x2d\x8a\xf7\x09\x9b\xb9\x30"
1036  "\x0c\x9a\x08\xc3\x44\x68\xc2\x44\xb4\xe5\xd6\xb2\x1b\x3c\x68\x36\x28\x07\x41\x60\x20\x32\x8b\x6e";
1037  Integer r(sig, 24);
1038  Integer s(sig+24, 24);
1039 
1040  Integer rOut, sOut;
1041  bool fail, pass=true;
1042 
1043  priv.RawSign(k, h, rOut, sOut);
1044  fail = (rOut != r) || (sOut != s);
1045  pass = pass && !fail;
1046 
1047  cout << (fail ? "FAILED " : "passed ");
1048  cout << "signature check against test vector\n";
1049 
1050  fail = !pub.VerifyMessage((byte *)"abc", 3, sig, sizeof(sig));
1051  pass = pass && !fail;
1052 
1053  cout << (fail ? "FAILED " : "passed ");
1054  cout << "verification check against test vector\n";
1055 
1056  fail = pub.VerifyMessage((byte *)"xyz", 3, sig, sizeof(sig));
1057  pass = pass && !fail;
1058 
1059  pass = SignatureValidate(priv, pub) && pass;
1060 
1061  return pass;
1062 }
1063 
1064 bool ValidateESIGN()
1065 {
1066  cout << "\nESIGN validation suite running...\n\n";
1067 
1068  bool pass = true, fail;
1069 
1070  static const char plain[] = "test";
1071  static const byte signature[] =
1072  "\xA3\xE3\x20\x65\xDE\xDA\xE7\xEC\x05\xC1\xBF\xCD\x25\x79\x7D\x99\xCD\xD5\x73\x9D\x9D\xF3\xA4\xAA\x9A\xA4\x5A\xC8\x23\x3D\x0D\x37\xFE\xBC\x76\x3F\xF1\x84\xF6\x59"
1073  "\x14\x91\x4F\x0C\x34\x1B\xAE\x9A\x5C\x2E\x2E\x38\x08\x78\x77\xCB\xDC\x3C\x7E\xA0\x34\x44\x5B\x0F\x67\xD9\x35\x2A\x79\x47\x1A\x52\x37\x71\xDB\x12\x67\xC1\xB6\xC6"
1074  "\x66\x73\xB3\x40\x2E\xD6\xF2\x1A\x84\x0A\xB6\x7B\x0F\xEB\x8B\x88\xAB\x33\xDD\xE4\x83\x21\x90\x63\x2D\x51\x2A\xB1\x6F\xAB\xA7\x5C\xFD\x77\x99\xF2\xE1\xEF\x67\x1A"
1075  "\x74\x02\x37\x0E\xED\x0A\x06\xAD\xF4\x15\x65\xB8\xE1\xD1\x45\xAE\x39\x19\xB4\xFF\x5D\xF1\x45\x7B\xE0\xFE\x72\xED\x11\x92\x8F\x61\x41\x4F\x02\x00\xF2\x76\x6F\x7C"
1076  "\x79\xA2\xE5\x52\x20\x5D\x97\x5E\xFE\x39\xAE\x21\x10\xFB\x35\xF4\x80\x81\x41\x13\xDD\xE8\x5F\xCA\x1E\x4F\xF8\x9B\xB2\x68\xFB\x28";
1077 
1078  FileSource keys(CRYPTOPP_DATA_DIR "TestData/esig1536.dat", true, new HexDecoder);
1079  ESIGN<SHA>::Signer signer(keys);
1080  ESIGN<SHA>::Verifier verifier(signer);
1081 
1082  fail = !SignatureValidate(signer, verifier);
1083  pass = pass && !fail;
1084 
1085  fail = !verifier.VerifyMessage((byte *)plain, strlen(plain), signature, verifier.SignatureLength());
1086  pass = pass && !fail;
1087 
1088  cout << (fail ? "FAILED " : "passed ");
1089  cout << "verification check against test vector\n";
1090 
1091  cout << "Generating signature key from seed..." << endl;
1092  signer.AccessKey().GenerateRandom(GlobalRNG(), MakeParameters("Seed", ConstByteArrayParameter((const byte *)"test", 4))("KeySize", 3*512));
1093  verifier = signer;
1094 
1095  fail = !SignatureValidate(signer, verifier);
1096  pass = pass && !fail;
1097 
1098  return pass;
1099 }
Used to pass byte array input as part of a NameValuePairs object.
Definition: algparam.h:29
RSAES::Encryptor typedef
Definition: rsa.h:202
virtual void GenerateEphemeralKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const
Generate private/public key pair.
Definition: cryptlib.cpp:930
Classes for Rabin encryption and signature schemes.
virtual unsigned int StaticPublicKeyLength() const =0
Provides the size of the static public key.
Classes for Fully Hashed Menezes-Qu-Vanstone key agreement in GF(p)
virtual size_t SignMessageWithRecovery(RandomNumberGenerator &rng, const byte *recoverableMessage, size_t recoverableMessageLength, const byte *nonrecoverableMessage, size_t nonrecoverableMessageLength, byte *signature) const
Sign a recoverable message.
Definition: cryptlib.cpp:879
virtual bool VerifyMessage(const byte *message, size_t messageLen, const byte *signature, size_t signatureLen) const
Check whether input signature is a valid signature for input message.
Definition: cryptlib.cpp:894
void GenerateBlock(byte *output, size_t size)
Generate random array of bytes.
Definition: validat2.cpp:68
Classes and functions for ElGamal key agreement and encryption schemes.
virtual DecodingResult Decrypt(RandomNumberGenerator &rng, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs &parameters=g_nullNameValuePairs) const =0
Decrypt a byte string.
virtual void GenerateBlock(byte *output, size_t size)
Generate random array of bytes.
Definition: cryptlib.cpp:326
This file contains helper classes/functions for implementing public key algorithms.
GF(2^n) with Trinomial Basis.
Definition: gf2n.h:318
virtual unsigned int AgreedValueLength() const =0
Provides the size of the agreed value.
file-based implementation of Source interface
Definition: files.h:55
Classes for Elliptic Curves over prime fields.
Fully Hashed Menezes-Qu-Vanstone in GF(p)
Definition: fhmqv.h:24
Interface for public-key signers.
Definition: cryptlib.h:2548
Interface for public-key encryptors.
Definition: cryptlib.h:2356
RSASS::Verifier typedef
Definition: rsa.h:226
Decode base 16 data back to bytes.
Definition: hex.h:36
Abstract base classes that provide a uniform interface to this library.
Hashed Menezes-Qu-Vanstone in GF(p)
Definition: hmqv.h:23
virtual bool Agree(byte *agreedValue, const byte *staticPrivateKey, const byte *ephemeralPrivateKey, const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey, bool validateStaticOtherPublicKey=true) const =0
Derive agreed value.
GF(p) group parameters that default to same primes.
Definition: gfpcrypt.h:170
ASN.1 object identifiers for algorthms and schemes.
Classes for automatic resource management.
STL namespace.
Interface for random number generators.
Definition: cryptlib.h:1193
size_t messageLength
Recovered message length if isValidCoding is true, undefined otherwise.
Definition: cryptlib.h:264
SecBlock typedef.
Definition: secblock.h:731
Interface for buffered transformations.
Definition: cryptlib.h:1359
const CryptoMaterial & GetMaterial() const
Retrieves a reference to a Private Key.
Definition: cryptlib.h:2277
static const Integer & One()
Integer representing 1.
Definition: integer.cpp:3019
This file contains classes that implement the ESIGN signature schemes as defined in IEEE P1363a...
Classes for Hashed Menezes-Qu-Vanstone key agreement in GF(p)
Polynomial with Coefficients in GF(2)
Definition: gf2n.h:18
virtual unsigned int EphemeralPublicKeyLength() const =0
Provides the size of ephemeral public key.
RSASS::Signer typedef
Definition: rsa.h:223
Classes for Elliptic Curves over binary fields.
Rabin encryption.
Definition: rabin.h:94
virtual size_t MaxRecoverableLengthFromSignatureLength(size_t signatureLength) const =0
Provides the length of longest message that can be recovered from a signature of given length...
Interface for domains of simple key agreement protocols.
Definition: cryptlib.h:2689
Returns a decoding results.
Definition: cryptlib.h:241
Classes for Rabin-Williams signature scheme.
Interface for public-key decryptors.
Definition: cryptlib.h:2392
MQV domain for performing authenticated key agreement.
Definition: mqv.h:27
XTR-DH with key validation.
Definition: xtrcrypt.h:16
virtual size_t MaxRecoverableLength() const =0
Provides the length of longest message that can be recovered.
size_t Put(byte inByte, bool blocking=true)
Input a byte for processing.
Definition: cryptlib.h:1385
virtual void GenerateKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const
Generate a private/public key pair.
Definition: cryptlib.cpp:918
virtual unsigned int AgreedValueLength() const =0
Provides the size of the agreed value.
AlgorithmParameters MakeParameters(const char *name, const T &value, bool throwIfNotUsed=true)
Create an object that implements NameValuePairs.
Definition: algparam.h:554
RSAES>::Decryptor typedef
Definition: rsa.h:206
Classes for Diffie-Hellman key exchange.
Classes for HexEncoder and HexDecoder.
virtual size_t MaxSignatureLength(size_t recoverablePartLength=0) const
Provides the maximum signature length produced given the length of the recoverable message part...
Definition: cryptlib.h:2487
virtual void GenerateStaticKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const
Generate a static private/public key pair.
Definition: cryptlib.cpp:924
virtual size_t MaxPlaintextLength(size_t ciphertextLength) const =0
Provides the maximum length of plaintext for a given ciphertext length.
RSAES>::Encryptor typedef
Definition: rsa.h:209
Multiple precision integer with arithmetic operations.
Definition: integer.h:45
Elliptic Curve over GF(2^n)
Definition: ec2n.h:44
virtual size_t CiphertextLength(size_t plaintextLength) const =0
Calculate the length of ciphertext given length of plaintext.
virtual DecodingResult RecoverMessage(byte *recoveredMessage, const byte *nonrecoverableMessage, size_t nonrecoverableMessageLength, const byte *signature, size_t signatureLength) const
Recover a message from its signature.
Definition: cryptlib.cpp:908
virtual const CryptoParameters & GetCryptoParameters() const
Retrieves a reference to Crypto Parameters.
Definition: cryptlib.h:2307
const CryptoMaterial & GetMaterial() const
Retrieves a reference to a Public Key.
Definition: cryptlib.h:2252
const NameValuePairs & g_nullNameValuePairs
An empty set of name-value pairs.
Definition: cryptlib.cpp:76
Implementation of schemes based on DL over GF(p)
Classes for the DSA signature algorithm.
Miscellaneous classes for RNGs.
virtual size_t SignMessage(RandomNumberGenerator &rng, const byte *message, size_t messageLen, byte *signature) const
Sign a message.
Definition: cryptlib.cpp:872
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
Definition: trap.h:62
Diffie-Hellman domain.
Definition: dh.h:23
Data structure used to store byte strings.
Definition: queue.h:20
virtual unsigned int PrivateKeyLength() const =0
Provides the size of the private key.
Classes and functions for working with ANS.1 objects.
virtual bool Agree(byte *agreedValue, const byte *privateKey, const byte *otherPublicKey, bool validateOtherPublicKey=true) const =0
Derive agreed value.
Elliptic Curve Parameters.
Definition: eccrypto.h:31
RSAES::Decryptor typedef
Definition: rsa.h:199
Implementation of BufferedTransformation's attachment interface.
"The XTR public key system" by Arjen K.
Classes for the RSA cryptosystem.
virtual bool Validate(RandomNumberGenerator &rng, unsigned int level) const =0
Check this object for errors.
Interface for public-key signature verifiers.
Definition: cryptlib.h:2615
BlumBlumShub with factorization of the modulus.
Definition: blumshub.h:42
Classes for Blum Blum Shub generator.
virtual unsigned int StaticPrivateKeyLength() const =0
Provides the size of the static private key.
void GenerateRandomWithKeySize(RandomNumberGenerator &rng, unsigned int keySize)
Generate a random key or crypto parameters.
Definition: cryptlib.cpp:768
std::string IntToString(T value, unsigned int base=10)
Converts a value to a string.
Definition: misc.h:530
RSA encryption algorithm.
Definition: rsa.h:165
virtual unsigned int PublicKeyLength() const =0
Provides the size of the public key.
Multiple precision integer with arithmetic operations.
virtual unsigned int EphemeralPrivateKeyLength() const =0
Provides the size of ephemeral private key.
bool isValidCoding
Flag to indicate the decoding is valid.
Definition: cryptlib.h:262
Classes and functions for Elliptic Curves over prime and binary fields.
Crypto++ library namespace.
Interface for domains of authenticated key agreement protocols.
Definition: cryptlib.h:2754
Elliptic Curve Point.
Definition: ec2n.h:22
virtual void Encrypt(RandomNumberGenerator &rng, const byte *plaintext, size_t plaintextLength, byte *ciphertext, const NameValuePairs &parameters=g_nullNameValuePairs) const =0
Encrypt a byte string.
Classes for Menezes–Qu–Vanstone (MQV) key agreement.
Object Identifier.
Definition: asn.h:158
Classes for access to the operating system's random number generators.
the value is positive or 0
Definition: integer.h:71
#define SIZE_MAX
The maximum value of a machine word.
Definition: misc.h:95
Template implementing constructors for public key algorithm classes.
Definition: pubkey.h:2037