Crypto++  5.6.3
Free C++ class library of cryptographic schemes
validat2.cpp
1 // validat2.cpp - written and placed in the public domain by Wei Dai
2 
3 #include "pch.h"
4 
5 #define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1
6 
7 #include "cryptlib.h"
8 #include "pubkey.h"
9 #include "gfpcrypt.h"
10 #include "eccrypto.h"
11 #include "blumshub.h"
12 #include "filters.h"
13 #include "files.h"
14 #include "rsa.h"
15 #include "md2.h"
16 #include "elgamal.h"
17 #include "nr.h"
18 #include "dsa.h"
19 #include "dh.h"
20 #include "mqv.h"
21 #include "luc.h"
22 #include "xtrcrypt.h"
23 #include "rabin.h"
24 #include "rw.h"
25 #include "eccrypto.h"
26 #include "integer.h"
27 #include "gf2n.h"
28 #include "ecp.h"
29 #include "ec2n.h"
30 #include "asn.h"
31 #include "rng.h"
32 #include "hex.h"
33 #include "oids.h"
34 #include "esign.h"
35 #include "osrng.h"
36 #include "smartptr.h"
37 
38 #include <iostream>
39 #include <sstream>
40 #include <iomanip>
41 
42 #include "validate.h"
43 
44 // Aggressive stack checking with VS2005 SP1 and above.
45 #if (CRYPTOPP_MSC_VERSION >= 1410)
46 # pragma strict_gs_check (on)
47 #endif
48 
49 // Quiet deprecated warnings intended to benefit users.
50 #if CRYPTOPP_MSC_VERSION
51 # pragma warning(disable: 4996)
52 #endif
53 
54 #if CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE
55 # pragma GCC diagnostic ignored "-Wdeprecated-declarations"
56 #endif
57 
58 USING_NAMESPACE(CryptoPP)
59 USING_NAMESPACE(std)
60 
62 {
63 public:
64  FixedRNG(BufferedTransformation &source) : m_source(source) {}
65 
66  void GenerateBlock(byte *output, size_t size)
67  {
68  m_source.Get(output, size);
69  }
70 
71 private:
72  BufferedTransformation &m_source;
73 };
74 
75 bool ValidateBBS()
76 {
77  cout << "\nBlumBlumShub validation suite running...\n\n";
78 
79  Integer p("212004934506826557583707108431463840565872545889679278744389317666981496005411448865750399674653351");
80  Integer q("100677295735404212434355574418077394581488455772477016953458064183204108039226017738610663984508231");
81  Integer seed("63239752671357255800299643604761065219897634268887145610573595874544114193025997412441121667211431");
82  BlumBlumShub bbs(p, q, seed);
83  bool pass = true, fail;
84  int j;
85 
86  static const byte output1[] = {
87  0x49,0xEA,0x2C,0xFD,0xB0,0x10,0x64,0xA0,0xBB,0xB9,
88  0x2A,0xF1,0x01,0xDA,0xC1,0x8A,0x94,0xF7,0xB7,0xCE};
89  static const byte output2[] = {
90  0x74,0x45,0x48,0xAE,0xAC,0xB7,0x0E,0xDF,0xAF,0xD7,
91  0xD5,0x0E,0x8E,0x29,0x83,0x75,0x6B,0x27,0x46,0xA1};
92 
93  // Coverity finding, also see http://stackoverflow.com/a/34509163/608639.
94  StreamState ss(cout);
95  byte buf[20];
96 
97  bbs.GenerateBlock(buf, 20);
98  fail = memcmp(output1, buf, 20) != 0;
99  pass = pass && !fail;
100 
101  cout << (fail ? "FAILED " : "passed ");
102  for (j=0;j<20;j++)
103  cout << setw(2) << setfill('0') << hex << (int)buf[j];
104  cout << endl;
105 
106  bbs.Seek(10);
107  bbs.GenerateBlock(buf, 10);
108  fail = memcmp(output1+10, buf, 10) != 0;
109  pass = pass && !fail;
110 
111  cout << (fail ? "FAILED " : "passed ");
112  for (j=0;j<10;j++)
113  cout << setw(2) << setfill('0') << hex << (int)buf[j];
114  cout << endl;
115 
116  bbs.Seek(1234567);
117  bbs.GenerateBlock(buf, 20);
118  fail = memcmp(output2, buf, 20) != 0;
119  pass = pass && !fail;
120 
121  cout << (fail ? "FAILED " : "passed ");
122  for (j=0;j<20;j++)
123  cout << setw(2) << setfill('0') << hex << (int)buf[j];
124  cout << endl;
125 
126  return pass;
127 }
128 
129 bool SignatureValidate(PK_Signer &priv, PK_Verifier &pub, bool thorough = false)
130 {
131  bool pass = true, fail;
132 
133  fail = !pub.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2) || !priv.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2);
134  pass = pass && !fail;
135 
136  cout << (fail ? "FAILED " : "passed ");
137  cout << "signature key validation\n";
138 
139  const byte *message = (byte *)"test message";
140  const int messageLen = 12;
141 
142  SecByteBlock signature(priv.MaxSignatureLength());
143  size_t signatureLength = priv.SignMessage(GlobalRNG(), message, messageLen, signature);
144  fail = !pub.VerifyMessage(message, messageLen, signature, signatureLength);
145  pass = pass && !fail;
146 
147  cout << (fail ? "FAILED " : "passed ");
148  cout << "signature and verification\n";
149 
150  ++signature[0];
151  fail = pub.VerifyMessage(message, messageLen, signature, signatureLength);
152  pass = pass && !fail;
153 
154  cout << (fail ? "FAILED " : "passed ");
155  cout << "checking invalid signature" << endl;
156 
157  if (priv.MaxRecoverableLength() > 0)
158  {
159  signatureLength = priv.SignMessageWithRecovery(GlobalRNG(), message, messageLen, NULL, 0, signature);
160  SecByteBlock recovered(priv.MaxRecoverableLengthFromSignatureLength(signatureLength));
161  DecodingResult result = pub.RecoverMessage(recovered, NULL, 0, signature, signatureLength);
162  fail = !(result.isValidCoding && result.messageLength == messageLen && memcmp(recovered, message, messageLen) == 0);
163  pass = pass && !fail;
164 
165  cout << (fail ? "FAILED " : "passed ");
166  cout << "signature and verification with recovery" << endl;
167 
168  ++signature[0];
169  result = pub.RecoverMessage(recovered, NULL, 0, signature, signatureLength);
170  fail = result.isValidCoding;
171  pass = pass && !fail;
172 
173  cout << (fail ? "FAILED " : "passed ");
174  cout << "recovery with invalid signature" << endl;
175  }
176 
177  return pass;
178 }
179 
180 bool CryptoSystemValidate(PK_Decryptor &priv, PK_Encryptor &pub, bool thorough = false)
181 {
182  bool pass = true, fail;
183 
184  fail = !pub.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2) || !priv.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2);
185  pass = pass && !fail;
186 
187  cout << (fail ? "FAILED " : "passed ");
188  cout << "cryptosystem key validation\n";
189 
190  const byte *message = (byte *)"test message";
191  const int messageLen = 12;
192  SecByteBlock ciphertext(priv.CiphertextLength(messageLen));
193  SecByteBlock plaintext(priv.MaxPlaintextLength(ciphertext.size()));
194 
195  pub.Encrypt(GlobalRNG(), message, messageLen, ciphertext);
196  fail = priv.Decrypt(GlobalRNG(), ciphertext, priv.CiphertextLength(messageLen), plaintext) != DecodingResult(messageLen);
197  fail = fail || memcmp(message, plaintext, messageLen);
198  pass = pass && !fail;
199 
200  cout << (fail ? "FAILED " : "passed ");
201  cout << "encryption and decryption\n";
202 
203  return pass;
204 }
205 
206 bool SimpleKeyAgreementValidate(SimpleKeyAgreementDomain &d)
207 {
208  if (d.GetCryptoParameters().Validate(GlobalRNG(), 3))
209  cout << "passed simple key agreement domain parameters validation" << endl;
210  else
211  {
212  cout << "FAILED simple key agreement domain parameters invalid" << endl;
213  return false;
214  }
215 
216  SecByteBlock priv1(d.PrivateKeyLength()), priv2(d.PrivateKeyLength());
217  SecByteBlock pub1(d.PublicKeyLength()), pub2(d.PublicKeyLength());
218  SecByteBlock val1(d.AgreedValueLength()), val2(d.AgreedValueLength());
219 
220  d.GenerateKeyPair(GlobalRNG(), priv1, pub1);
221  d.GenerateKeyPair(GlobalRNG(), priv2, pub2);
222 
223  memset(val1.begin(), 0x10, val1.size());
224  memset(val2.begin(), 0x11, val2.size());
225 
226  if (!(d.Agree(val1, priv1, pub2) && d.Agree(val2, priv2, pub1)))
227  {
228  cout << "FAILED simple key agreement failed" << endl;
229  return false;
230  }
231 
232  if (memcmp(val1.begin(), val2.begin(), d.AgreedValueLength()))
233  {
234  cout << "FAILED simple agreed values not equal" << endl;
235  return false;
236  }
237 
238  cout << "passed simple key agreement" << endl;
239  return true;
240 }
241 
242 bool AuthenticatedKeyAgreementValidate(AuthenticatedKeyAgreementDomain &d)
243 {
244  if (d.GetCryptoParameters().Validate(GlobalRNG(), 3))
245  cout << "passed authenticated key agreement domain parameters validation" << endl;
246  else
247  {
248  cout << "FAILED authenticated key agreement domain parameters invalid" << endl;
249  return false;
250  }
251 
256  SecByteBlock val1(d.AgreedValueLength()), val2(d.AgreedValueLength());
257 
258  d.GenerateStaticKeyPair(GlobalRNG(), spriv1, spub1);
259  d.GenerateStaticKeyPair(GlobalRNG(), spriv2, spub2);
260  d.GenerateEphemeralKeyPair(GlobalRNG(), epriv1, epub1);
261  d.GenerateEphemeralKeyPair(GlobalRNG(), epriv2, epub2);
262 
263  memset(val1.begin(), 0x10, val1.size());
264  memset(val2.begin(), 0x11, val2.size());
265 
266  if (!(d.Agree(val1, spriv1, epriv1, spub2, epub2) && d.Agree(val2, spriv2, epriv2, spub1, epub1)))
267  {
268  cout << "FAILED authenticated key agreement failed" << endl;
269  return false;
270  }
271 
272  if (memcmp(val1.begin(), val2.begin(), d.AgreedValueLength()))
273  {
274  cout << "FAILED authenticated agreed values not equal" << endl;
275  return false;
276  }
277 
278  cout << "passed authenticated key agreement" << endl;
279  return true;
280 }
281 
282 bool ValidateRSA()
283 {
284  cout << "\nRSA validation suite running...\n\n";
285 
286  byte out[100], outPlain[100];
287  bool pass = true, fail;
288 
289  {
290  const char *plain = "Everyone gets Friday off.";
291  static const byte signature[] =
292  "\x05\xfa\x6a\x81\x2f\xc7\xdf\x8b\xf4\xf2\x54\x25\x09\xe0\x3e\x84"
293  "\x6e\x11\xb9\xc6\x20\xbe\x20\x09\xef\xb4\x40\xef\xbc\xc6\x69\x21"
294  "\x69\x94\xac\x04\xf3\x41\xb5\x7d\x05\x20\x2d\x42\x8f\xb2\xa2\x7b"
295  "\x5c\x77\xdf\xd9\xb1\x5b\xfc\x3d\x55\x93\x53\x50\x34\x10\xc1\xe1";
296 
297  FileSource keys(CRYPTOPP_DATA_DIR "TestData/rsa512a.dat", true, new HexDecoder);
298  Weak::RSASSA_PKCS1v15_MD2_Signer rsaPriv(keys);
299  Weak::RSASSA_PKCS1v15_MD2_Verifier rsaPub(rsaPriv);
300 
301  size_t signatureLength = rsaPriv.SignMessage(GlobalRNG(), (byte *)plain, strlen(plain), out);
302  fail = memcmp(signature, out, 64) != 0;
303  pass = pass && !fail;
304 
305  cout << (fail ? "FAILED " : "passed ");
306  cout << "signature check against test vector\n";
307 
308  fail = !rsaPub.VerifyMessage((byte *)plain, strlen(plain), out, signatureLength);
309  pass = pass && !fail;
310 
311  cout << (fail ? "FAILED " : "passed ");
312  cout << "verification check against test vector\n";
313 
314  out[10]++;
315  fail = rsaPub.VerifyMessage((byte *)plain, strlen(plain), out, signatureLength);
316  pass = pass && !fail;
317 
318  cout << (fail ? "FAILED " : "passed ");
319  cout << "invalid signature verification\n";
320  }
321  {
322  FileSource keys(CRYPTOPP_DATA_DIR "TestData/rsa1024.dat", true, new HexDecoder);
323  RSAES_PKCS1v15_Decryptor rsaPriv(keys);
324  RSAES_PKCS1v15_Encryptor rsaPub(rsaPriv);
325 
326  pass = CryptoSystemValidate(rsaPriv, rsaPub) && pass;
327  }
328  {
329  RSAES<OAEP<SHA> >::Decryptor rsaPriv(GlobalRNG(), 512);
330  RSAES<OAEP<SHA> >::Encryptor rsaPub(rsaPriv);
331 
332  pass = CryptoSystemValidate(rsaPriv, rsaPub) && pass;
333  }
334  {
335  byte *plain = (byte *)
336  "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
337  static const byte encrypted[] =
338  "\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a"
339  "\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4"
340  "\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52"
341  "\x62\x51";
342  static const byte oaepSeed[] =
343  "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2"
344  "\xf0\x6c\xb5\x8f";
345  ByteQueue bq;
346  bq.Put(oaepSeed, 20);
347  FixedRNG rng(bq);
348 
349  FileSource privFile(CRYPTOPP_DATA_DIR "TestData/rsa400pv.dat", true, new HexDecoder);
350  FileSource pubFile(CRYPTOPP_DATA_DIR "TestData/rsa400pb.dat", true, new HexDecoder);
351  RSAES_OAEP_SHA_Decryptor rsaPriv;
352  rsaPriv.AccessKey().BERDecodePrivateKey(privFile, false, 0);
353  RSAES_OAEP_SHA_Encryptor rsaPub(pubFile);
354 
355  memset(out, 0, 50);
356  memset(outPlain, 0, 8);
357  rsaPub.Encrypt(rng, plain, 8, out);
358  DecodingResult result = rsaPriv.FixedLengthDecrypt(GlobalRNG(), encrypted, outPlain);
359  fail = !result.isValidCoding || (result.messageLength!=8) || memcmp(out, encrypted, 50) || memcmp(plain, outPlain, 8);
360  pass = pass && !fail;
361 
362  cout << (fail ? "FAILED " : "passed ");
363  cout << "PKCS 2.0 encryption and decryption\n";
364  }
365 
366  return pass;
367 }
368 
369 bool ValidateDH()
370 {
371  cout << "\nDH validation suite running...\n\n";
372 
373  FileSource f(CRYPTOPP_DATA_DIR "TestData/dh1024.dat", true, new HexDecoder());
374  DH dh(f);
375  return SimpleKeyAgreementValidate(dh);
376 }
377 
378 bool ValidateMQV()
379 {
380  cout << "\nMQV validation suite running...\n\n";
381 
382  FileSource f(CRYPTOPP_DATA_DIR "TestData/mqv1024.dat", true, new HexDecoder());
383  MQV mqv(f);
384  return AuthenticatedKeyAgreementValidate(mqv);
385 }
386 
387 bool ValidateLUC_DH()
388 {
389  cout << "\nLUC-DH validation suite running...\n\n";
390 
391  FileSource f(CRYPTOPP_DATA_DIR "TestData/lucd512.dat", true, new HexDecoder());
392  LUC_DH dh(f);
393  return SimpleKeyAgreementValidate(dh);
394 }
395 
396 bool ValidateXTR_DH()
397 {
398  cout << "\nXTR-DH validation suite running...\n\n";
399 
400  FileSource f(CRYPTOPP_DATA_DIR "TestData/xtrdh171.dat", true, new HexDecoder());
401  XTR_DH dh(f);
402  return SimpleKeyAgreementValidate(dh);
403 }
404 
405 bool ValidateElGamal()
406 {
407  cout << "\nElGamal validation suite running...\n\n";
408  bool pass = true;
409  {
410  FileSource fc(CRYPTOPP_DATA_DIR "TestData/elgc1024.dat", true, new HexDecoder);
411  ElGamalDecryptor privC(fc);
412  ElGamalEncryptor pubC(privC);
413  privC.AccessKey().Precompute();
414  ByteQueue queue;
415  privC.AccessKey().SavePrecomputation(queue);
416  privC.AccessKey().LoadPrecomputation(queue);
417 
418  pass = CryptoSystemValidate(privC, pubC) && pass;
419  }
420  return pass;
421 }
422 
423 bool ValidateDLIES()
424 {
425  cout << "\nDLIES validation suite running...\n\n";
426  bool pass = true;
427  {
428  FileSource fc(CRYPTOPP_DATA_DIR "TestData/dlie1024.dat", true, new HexDecoder);
429  DLIES<>::Decryptor privC(fc);
430  DLIES<>::Encryptor pubC(privC);
431  pass = CryptoSystemValidate(privC, pubC) && pass;
432  }
433  {
434  cout << "Generating new encryption key..." << endl;
436  gp.GenerateRandomWithKeySize(GlobalRNG(), 128);
437  DLIES<>::Decryptor decryptor;
438  decryptor.AccessKey().GenerateRandom(GlobalRNG(), gp);
439  DLIES<>::Encryptor encryptor(decryptor);
440 
441  pass = CryptoSystemValidate(decryptor, encryptor) && pass;
442  }
443  return pass;
444 }
445 
446 bool ValidateNR()
447 {
448  cout << "\nNR validation suite running...\n\n";
449  bool pass = true;
450  {
451  FileSource f(CRYPTOPP_DATA_DIR "TestData/nr2048.dat", true, new HexDecoder);
452  NR<SHA>::Signer privS(f);
453  privS.AccessKey().Precompute();
454  NR<SHA>::Verifier pubS(privS);
455 
456  pass = SignatureValidate(privS, pubS) && pass;
457  }
458  {
459  cout << "Generating new signature key..." << endl;
460  NR<SHA>::Signer privS(GlobalRNG(), 256);
461  NR<SHA>::Verifier pubS(privS);
462 
463  pass = SignatureValidate(privS, pubS) && pass;
464  }
465  return pass;
466 }
467 
468 bool ValidateDSA(bool thorough)
469 {
470  cout << "\nDSA validation suite running...\n\n";
471 
472  bool pass = true;
473  FileSource fs1(CRYPTOPP_DATA_DIR "TestData/dsa1024.dat", true, new HexDecoder());
474  DSA::Signer priv(fs1);
475  DSA::Verifier pub(priv);
476  FileSource fs2(CRYPTOPP_DATA_DIR "TestData/dsa1024b.dat", true, new HexDecoder());
477  DSA::Verifier pub1(fs2);
478  assert(pub.GetKey() == pub1.GetKey());
479  pass = SignatureValidate(priv, pub, thorough) && pass;
480  pass = RunTestDataFile(CRYPTOPP_DATA_DIR "TestVectors/dsa.txt", g_nullNameValuePairs, thorough) && pass;
481 
482  return pass;
483 }
484 
485 bool ValidateLUC()
486 {
487  cout << "\nLUC validation suite running...\n\n";
488  bool pass=true;
489 
490  {
491  FileSource f(CRYPTOPP_DATA_DIR "TestData/luc1024.dat", true, new HexDecoder);
494  pass = SignatureValidate(priv, pub) && pass;
495  }
496  {
497  LUCES_OAEP_SHA_Decryptor priv(GlobalRNG(), 512);
498  LUCES_OAEP_SHA_Encryptor pub(priv);
499  pass = CryptoSystemValidate(priv, pub) && pass;
500  }
501  return pass;
502 }
503 
504 bool ValidateLUC_DL()
505 {
506  cout << "\nLUC-HMP validation suite running...\n\n";
507 
508  FileSource f(CRYPTOPP_DATA_DIR "TestData/lucs512.dat", true, new HexDecoder);
509  LUC_HMP<SHA>::Signer privS(f);
510  LUC_HMP<SHA>::Verifier pubS(privS);
511  bool pass = SignatureValidate(privS, pubS);
512 
513  cout << "\nLUC-IES validation suite running...\n\n";
514 
515  FileSource fc(CRYPTOPP_DATA_DIR "TestData/lucc512.dat", true, new HexDecoder);
516  LUC_IES<>::Decryptor privC(fc);
517  LUC_IES<>::Encryptor pubC(privC);
518  pass = CryptoSystemValidate(privC, pubC) && pass;
519 
520  return pass;
521 }
522 
523 bool ValidateRabin()
524 {
525  cout << "\nRabin validation suite running...\n\n";
526  bool pass=true;
527 
528  {
529  FileSource f(CRYPTOPP_DATA_DIR "TestData/rabi1024.dat", true, new HexDecoder);
532  pass = SignatureValidate(priv, pub) && pass;
533  }
534  {
535  RabinES<OAEP<SHA> >::Decryptor priv(GlobalRNG(), 512);
536  RabinES<OAEP<SHA> >::Encryptor pub(priv);
537  pass = CryptoSystemValidate(priv, pub) && pass;
538  }
539  return pass;
540 }
541 
542 bool ValidateRW()
543 {
544  cout << "\nRW validation suite running...\n\n";
545 
546  FileSource f(CRYPTOPP_DATA_DIR "TestData/rw1024.dat", true, new HexDecoder);
547  RWSS<PSSR, SHA>::Signer priv(f);
548  RWSS<PSSR, SHA>::Verifier pub(priv);
549 
550  return SignatureValidate(priv, pub);
551 }
552 
553 /*
554 bool ValidateBlumGoldwasser()
555 {
556  cout << "\nBlumGoldwasser validation suite running...\n\n";
557 
558  FileSource f(CRYPTOPP_DATA_DIR "TestData/blum512.dat", true, new HexDecoder);
559  BlumGoldwasserPrivateKey priv(f);
560  BlumGoldwasserPublicKey pub(priv);
561 
562  return CryptoSystemValidate(priv, pub);
563 }
564 */
565 
566 #if !defined(NDEBUG) && !defined(CRYPTOPP_IMPORTS)
567 // Issue 64: "PolynomialMod2::operator<<=", http://github.com/weidai11/cryptopp/issues/64
568 bool TestPolynomialMod2()
569 {
570  bool pass1 = true, pass2 = true, pass3 = true;
571 
572  cout << "\nTesting PolynomialMod2 bit operations...\n\n";
573 
574  static const unsigned int start = 0;
575  static const unsigned int stop = 4 * WORD_BITS + 1;
576 
577  for (unsigned int i=start; i < stop; i++)
578  {
579  PolynomialMod2 p(1);
580  p <<= i;
581 
582  Integer n(Integer::One());
583  n <<= i;
584 
585  std::ostringstream oss1;
586  oss1 << p;
587 
588  std::string str1, str2;
589 
590  // str1 needs the commas removed used for grouping
591  str1 = oss1.str();
592  str1.erase(std::remove(str1.begin(), str1.end(), ','), str1.end());
593 
594  // str1 needs the trailing 'b' removed
595  str1.erase(str1.end() - 1);
596 
597  // str2 is fine as-is
598  str2 = IntToString(n, 2);
599 
600  pass1 &= (str1 == str2);
601  }
602 
603  for (unsigned int i=start; i < stop; i++)
604  {
605  const word w((word)SIZE_MAX);
606 
607  PolynomialMod2 p(w);
608  p <<= i;
609 
610  Integer n(Integer::POSITIVE, static_cast<lword>(w));
611  n <<= i;
612 
613  std::ostringstream oss1;
614  oss1 << p;
615 
616  std::string str1, str2;
617 
618  // str1 needs the commas removed used for grouping
619  str1 = oss1.str();
620  str1.erase(std::remove(str1.begin(), str1.end(), ','), str1.end());
621 
622  // str1 needs the trailing 'b' removed
623  str1.erase(str1.end() - 1);
624 
625  // str2 is fine as-is
626  str2 = IntToString(n, 2);
627 
628  pass2 &= (str1 == str2);
629  }
630 
631  RandomNumberGenerator& prng = GlobalRNG();
632  for (unsigned int i=start; i < stop; i++)
633  {
634  word w; // Cast to lword due to Visual Studio
635  prng.GenerateBlock((byte*)&w, sizeof(w));
636 
637  PolynomialMod2 p(w);
638  p <<= i;
639 
640  Integer n(Integer::POSITIVE, static_cast<lword>(w));
641  n <<= i;
642 
643  std::ostringstream oss1;
644  oss1 << p;
645 
646  std::string str1, str2;
647 
648  // str1 needs the commas removed used for grouping
649  str1 = oss1.str();
650  str1.erase(std::remove(str1.begin(), str1.end(), ','), str1.end());
651 
652  // str1 needs the trailing 'b' removed
653  str1.erase(str1.end() - 1);
654 
655  // str2 is fine as-is
656  str2 = IntToString(n, 2);
657 
658  if (str1 != str2)
659  {
660  cout << " Oops..." << "\n";
661  cout << " random: " << std::hex << n << std::dec << "\n";
662  cout << " str1: " << str1 << "\n";
663  cout << " str2: " << str2 << "\n";
664  }
665 
666  pass3 &= (str1 == str2);
667  }
668 
669  cout << (!pass1 ? "FAILED" : "passed") << " " << "1 shifted over range [" << dec << start << "," << stop << "]" << "\n";
670  cout << (!pass2 ? "FAILED" : "passed") << " " << "0x" << hex << word(SIZE_MAX) << dec << " shifted over range [" << start << "," << stop << "]" << "\n";
671  cout << (!pass3 ? "FAILED" : "passed") << " " << "random values shifted over range [" << dec << start << "," << stop << "]" << "\n";
672 
673  if (!(pass1 && pass2 && pass3))
674  cout.flush();
675 
676  return pass1 && pass2 && pass3;
677 }
678 #endif
679 
680 bool ValidateECP()
681 {
682  cout << "\nECP validation suite running...\n\n";
683 
684  ECIES<ECP>::Decryptor cpriv(GlobalRNG(), ASN1::secp192r1());
685  ECIES<ECP>::Encryptor cpub(cpriv);
686  ByteQueue bq;
687  cpriv.GetKey().DEREncode(bq);
688  cpub.AccessKey().AccessGroupParameters().SetEncodeAsOID(true);
689  cpub.GetKey().DEREncode(bq);
690  ECDSA<ECP, SHA>::Signer spriv(bq);
691  ECDSA<ECP, SHA>::Verifier spub(bq);
692  ECDH<ECP>::Domain ecdhc(ASN1::secp192r1());
693  ECMQV<ECP>::Domain ecmqvc(ASN1::secp192r1());
694 
695  spriv.AccessKey().Precompute();
696  ByteQueue queue;
697  spriv.AccessKey().SavePrecomputation(queue);
698  spriv.AccessKey().LoadPrecomputation(queue);
699 
700  bool pass = SignatureValidate(spriv, spub);
701  cpub.AccessKey().Precompute();
702  cpriv.AccessKey().Precompute();
703  pass = CryptoSystemValidate(cpriv, cpub) && pass;
704  pass = SimpleKeyAgreementValidate(ecdhc) && pass;
705  pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass;
706 
707  cout << "Turning on point compression..." << endl;
708  cpriv.AccessKey().AccessGroupParameters().SetPointCompression(true);
709  cpub.AccessKey().AccessGroupParameters().SetPointCompression(true);
710  ecdhc.AccessGroupParameters().SetPointCompression(true);
711  ecmqvc.AccessGroupParameters().SetPointCompression(true);
712  pass = CryptoSystemValidate(cpriv, cpub) && pass;
713  pass = SimpleKeyAgreementValidate(ecdhc) && pass;
714  pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass;
715 
716  cout << "Testing SEC 2, NIST, and Brainpool recommended curves..." << endl;
717  OID oid;
718  while (!(oid = DL_GroupParameters_EC<ECP>::GetNextRecommendedParametersOID(oid)).m_values.empty())
719  {
720  DL_GroupParameters_EC<ECP> params(oid);
721  bool fail = !params.Validate(GlobalRNG(), 2);
722  cout << (fail ? "FAILED" : "passed") << " " << dec << params.GetCurve().GetField().MaxElementBitLength() << " bits" << endl;
723  pass = pass && !fail;
724  }
725 
726  return pass;
727 }
728 
729 bool ValidateEC2N()
730 {
731  cout << "\nEC2N validation suite running...\n\n";
732 
733  ECIES<EC2N>::Decryptor cpriv(GlobalRNG(), ASN1::sect193r1());
734  ECIES<EC2N>::Encryptor cpub(cpriv);
735  ByteQueue bq;
736  cpriv.DEREncode(bq);
737  cpub.AccessKey().AccessGroupParameters().SetEncodeAsOID(true);
738  cpub.DEREncode(bq);
739  ECDSA<EC2N, SHA>::Signer spriv(bq);
741  ECDH<EC2N>::Domain ecdhc(ASN1::sect193r1());
742  ECMQV<EC2N>::Domain ecmqvc(ASN1::sect193r1());
743 
744  spriv.AccessKey().Precompute();
745  ByteQueue queue;
746  spriv.AccessKey().SavePrecomputation(queue);
747  spriv.AccessKey().LoadPrecomputation(queue);
748 
749  bool pass = SignatureValidate(spriv, spub);
750  pass = CryptoSystemValidate(cpriv, cpub) && pass;
751  pass = SimpleKeyAgreementValidate(ecdhc) && pass;
752  pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass;
753 
754  cout << "Turning on point compression..." << endl;
755  cpriv.AccessKey().AccessGroupParameters().SetPointCompression(true);
756  cpub.AccessKey().AccessGroupParameters().SetPointCompression(true);
757  ecdhc.AccessGroupParameters().SetPointCompression(true);
758  ecmqvc.AccessGroupParameters().SetPointCompression(true);
759  pass = CryptoSystemValidate(cpriv, cpub) && pass;
760  pass = SimpleKeyAgreementValidate(ecdhc) && pass;
761  pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass;
762 
763 #if 0 // TODO: turn this back on when I make EC2N faster for pentanomial basis
764  cout << "Testing SEC 2 recommended curves..." << endl;
765  OID oid;
766  while (!(oid = DL_GroupParameters_EC<EC2N>::GetNextRecommendedParametersOID(oid)).m_values.empty())
767  {
768  DL_GroupParameters_EC<EC2N> params(oid);
769  bool fail = !params.Validate(GlobalRNG(), 2);
770  cout << (fail ? "FAILED" : "passed") << " " << params.GetCurve().GetField().MaxElementBitLength() << " bits" << endl;
771  pass = pass && !fail;
772  }
773 #endif
774 
775  return pass;
776 }
777 
778 bool ValidateECDSA()
779 {
780  cout << "\nECDSA validation suite running...\n\n";
781 
782  // from Sample Test Vectors for P1363
783  GF2NT gf2n(191, 9, 0);
784  byte a[]="\x28\x66\x53\x7B\x67\x67\x52\x63\x6A\x68\xF5\x65\x54\xE1\x26\x40\x27\x6B\x64\x9E\xF7\x52\x62\x67";
785  byte b[]="\x2E\x45\xEF\x57\x1F\x00\x78\x6F\x67\xB0\x08\x1B\x94\x95\xA3\xD9\x54\x62\xF5\xDE\x0A\xA1\x85\xEC";
786  EC2N ec(gf2n, PolynomialMod2(a,24), PolynomialMod2(b,24));
787 
788  EC2N::Point P;
789  ec.DecodePoint(P, (byte *)"\x04\x36\xB3\xDA\xF8\xA2\x32\x06\xF9\xC4\xF2\x99\xD7\xB2\x1A\x9C\x36\x91\x37\xF2\xC8\x4A\xE1\xAA\x0D"
790  "\x76\x5B\xE7\x34\x33\xB3\xF9\x5E\x33\x29\x32\xE7\x0E\xA2\x45\xCA\x24\x18\xEA\x0E\xF9\x80\x18\xFB", ec.EncodedPointSize());
791  Integer n("40000000000000000000000004a20e90c39067c893bbb9a5H");
792  Integer d("340562e1dda332f9d2aec168249b5696ee39d0ed4d03760fH");
793  EC2N::Point Q(ec.Multiply(d, P));
794  ECDSA<EC2N, SHA>::Signer priv(ec, P, n, d);
795  ECDSA<EC2N, SHA>::Verifier pub(priv);
796 
797  Integer h("A9993E364706816ABA3E25717850C26C9CD0D89DH");
798  Integer k("3eeace72b4919d991738d521879f787cb590aff8189d2b69H");
799  static const byte sig[]="\x03\x8e\x5a\x11\xfb\x55\xe4\xc6\x54\x71\xdc\xd4\x99\x84\x52\xb1\xe0\x2d\x8a\xf7\x09\x9b\xb9\x30"
800  "\x0c\x9a\x08\xc3\x44\x68\xc2\x44\xb4\xe5\xd6\xb2\x1b\x3c\x68\x36\x28\x07\x41\x60\x20\x32\x8b\x6e";
801  Integer r(sig, 24);
802  Integer s(sig+24, 24);
803 
804  Integer rOut, sOut;
805  bool fail, pass=true;
806 
807  priv.RawSign(k, h, rOut, sOut);
808  fail = (rOut != r) || (sOut != s);
809  pass = pass && !fail;
810 
811  cout << (fail ? "FAILED " : "passed ");
812  cout << "signature check against test vector\n";
813 
814  fail = !pub.VerifyMessage((byte *)"abc", 3, sig, sizeof(sig));
815  pass = pass && !fail;
816 
817  cout << (fail ? "FAILED " : "passed ");
818  cout << "verification check against test vector\n";
819 
820  fail = pub.VerifyMessage((byte *)"xyz", 3, sig, sizeof(sig));
821  pass = pass && !fail;
822 
823  pass = SignatureValidate(priv, pub) && pass;
824 
825  return pass;
826 }
827 
828 bool ValidateESIGN()
829 {
830  cout << "\nESIGN validation suite running...\n\n";
831 
832  bool pass = true, fail;
833 
834  static const char plain[] = "test";
835  static const byte signature[] =
836  "\xA3\xE3\x20\x65\xDE\xDA\xE7\xEC\x05\xC1\xBF\xCD\x25\x79\x7D\x99\xCD\xD5\x73\x9D\x9D\xF3\xA4\xAA\x9A\xA4\x5A\xC8\x23\x3D\x0D\x37\xFE\xBC\x76\x3F\xF1\x84\xF6\x59"
837  "\x14\x91\x4F\x0C\x34\x1B\xAE\x9A\x5C\x2E\x2E\x38\x08\x78\x77\xCB\xDC\x3C\x7E\xA0\x34\x44\x5B\x0F\x67\xD9\x35\x2A\x79\x47\x1A\x52\x37\x71\xDB\x12\x67\xC1\xB6\xC6"
838  "\x66\x73\xB3\x40\x2E\xD6\xF2\x1A\x84\x0A\xB6\x7B\x0F\xEB\x8B\x88\xAB\x33\xDD\xE4\x83\x21\x90\x63\x2D\x51\x2A\xB1\x6F\xAB\xA7\x5C\xFD\x77\x99\xF2\xE1\xEF\x67\x1A"
839  "\x74\x02\x37\x0E\xED\x0A\x06\xAD\xF4\x15\x65\xB8\xE1\xD1\x45\xAE\x39\x19\xB4\xFF\x5D\xF1\x45\x7B\xE0\xFE\x72\xED\x11\x92\x8F\x61\x41\x4F\x02\x00\xF2\x76\x6F\x7C"
840  "\x79\xA2\xE5\x52\x20\x5D\x97\x5E\xFE\x39\xAE\x21\x10\xFB\x35\xF4\x80\x81\x41\x13\xDD\xE8\x5F\xCA\x1E\x4F\xF8\x9B\xB2\x68\xFB\x28";
841 
842  FileSource keys(CRYPTOPP_DATA_DIR "TestData/esig1536.dat", true, new HexDecoder);
843  ESIGN<SHA>::Signer signer(keys);
844  ESIGN<SHA>::Verifier verifier(signer);
845 
846  fail = !SignatureValidate(signer, verifier);
847  pass = pass && !fail;
848 
849  fail = !verifier.VerifyMessage((byte *)plain, strlen(plain), signature, verifier.SignatureLength());
850  pass = pass && !fail;
851 
852  cout << (fail ? "FAILED " : "passed ");
853  cout << "verification check against test vector\n";
854 
855  cout << "Generating signature key from seed..." << endl;
856  signer.AccessKey().GenerateRandom(GlobalRNG(), MakeParameters("Seed", ConstByteArrayParameter((const byte *)"test", 4))("KeySize", 3*512));
857  verifier = signer;
858 
859  fail = !SignatureValidate(signer, verifier);
860  pass = pass && !fail;
861 
862  return pass;
863 }
Used to pass byte array input as part of a NameValuePairs object.
Definition: algparam.h:29
RSAES::Encryptor typedef
Definition: rsa.h:202
virtual void GenerateEphemeralKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const
Generate private/public key pair.
Definition: cryptlib.cpp:933
Classes for Rabin encryption and signature schemes.
virtual unsigned int StaticPublicKeyLength() const =0
Provides the size of the static public key.
virtual size_t SignMessageWithRecovery(RandomNumberGenerator &rng, const byte *recoverableMessage, size_t recoverableMessageLength, const byte *nonrecoverableMessage, size_t nonrecoverableMessageLength, byte *signature) const
Sign a recoverable message.
Definition: cryptlib.cpp:882
virtual bool VerifyMessage(const byte *message, size_t messageLen, const byte *signature, size_t signatureLen) const
Check whether input signature is a valid signature for input message.
Definition: cryptlib.cpp:897
void GenerateBlock(byte *output, size_t size)
Generate random array of bytes.
Definition: validat2.cpp:66
Classes and functions for ElGamal key agreement and encryption schemes.
virtual DecodingResult Decrypt(RandomNumberGenerator &rng, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs &parameters=g_nullNameValuePairs) const =0
Decrypt a byte string.
virtual void GenerateBlock(byte *output, size_t size)
Generate random array of bytes.
Definition: cryptlib.cpp:329
This file contains helper classes/functions for implementing public key algorithms.
GF(2^n) with Trinomial Basis.
Definition: gf2n.h:318
virtual unsigned int AgreedValueLength() const =0
Provides the size of the agreed value.
file-based implementation of Source interface
Definition: files.h:55
Classes for Elliptic Curves over prime fields.
Interface for public-key signers.
Definition: cryptlib.h:2534
Interface for public-key encryptors.
Definition: cryptlib.h:2342
RSASS::Verifier typedef
Definition: rsa.h:226
Decode base 16 data back to bytes.
Definition: hex.h:36
Abstract base classes that provide a uniform interface to this library.
virtual bool Agree(byte *agreedValue, const byte *staticPrivateKey, const byte *ephemeralPrivateKey, const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey, bool validateStaticOtherPublicKey=true) const =0
Derive agreed value.
GF(p) group parameters that default to same primes.
Definition: gfpcrypt.h:170
ASN.1 object identifiers for algorthms and schemes.
Classes for automatic resource management.
STL namespace.
Interface for random number generators.
Definition: cryptlib.h:1186
size_t messageLength
Recovered message length if isValidCoding is true, undefined otherwise.
Definition: cryptlib.h:259
SecBlock typedef.
Definition: secblock.h:734
Interface for buffered transformations.
Definition: cryptlib.h:1352
const CryptoMaterial & GetMaterial() const
Retrieves a reference to a Private Key.
Definition: cryptlib.h:2263
static const Integer & One()
Integer representing 1.
Definition: integer.cpp:2948
This file contains classes that implement the ESIGN signature schemes as defined in IEEE P1363a...
Polynomial with Coefficients in GF(2)
Definition: gf2n.h:18
virtual unsigned int EphemeralPublicKeyLength() const =0
Provides the size of ephemeral public key.
RSASS::Signer typedef
Definition: rsa.h:223
Classes for Elliptic Curves over binary fields.
Rabin encryption.
Definition: rabin.h:94
virtual size_t MaxRecoverableLengthFromSignatureLength(size_t signatureLength) const =0
Provides the length of longest message that can be recovered from a signature of given length...
Interface for domains of simple key agreement protocols.
Definition: cryptlib.h:2675
Returns a decoding results.
Definition: cryptlib.h:236
Classes for Rabin-Williams signature schemes.
Interface for public-key decryptors.
Definition: cryptlib.h:2378
MQV domain for performing authenticated key agreement.
Definition: mqv.h:26
XTR-DH with key validation.
Definition: xtrcrypt.h:16
virtual size_t MaxRecoverableLength() const =0
Provides the length of longest message that can be recovered.
size_t Put(byte inByte, bool blocking=true)
Input a byte for processing.
Definition: cryptlib.h:1378
virtual void GenerateKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const
Generate a private/public key pair.
Definition: cryptlib.cpp:921
virtual unsigned int AgreedValueLength() const =0
Provides the size of the agreed value.
AlgorithmParameters MakeParameters(const char *name, const T &value, bool throwIfNotUsed=true)
Create an object that implements NameValuePairs.
Definition: algparam.h:554
RSAES>::Decryptor typedef
Definition: rsa.h:206
Classes for Diffie-Hellman key exchange.
Classes for HexEncoder and HexDecoder.
virtual size_t MaxSignatureLength(size_t recoverablePartLength=0) const
Provides the maximum signature length produced given the length of the recoverable message part...
Definition: cryptlib.h:2473
virtual void GenerateStaticKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const
Generate a static private/public key pair.
Definition: cryptlib.cpp:927
virtual size_t MaxPlaintextLength(size_t ciphertextLength) const =0
Provides the maximum length of plaintext for a given ciphertext length.
RSAES>::Encryptor typedef
Definition: rsa.h:209
Multiple precision integer with arithmetic operations.
Definition: integer.h:31
Elliptic Curve over GF(2^n)
Definition: ec2n.h:44
virtual size_t CiphertextLength(size_t plaintextLength) const =0
Calculate the length of ciphertext given length of plaintext.
virtual DecodingResult RecoverMessage(byte *recoveredMessage, const byte *nonrecoverableMessage, size_t nonrecoverableMessageLength, const byte *signature, size_t signatureLength) const
Recover a message from its signature.
Definition: cryptlib.cpp:911
virtual const CryptoParameters & GetCryptoParameters() const
Retrieves a reference to Crypto Parameters.
Definition: cryptlib.h:2293
const CryptoMaterial & GetMaterial() const
Retrieves a reference to a Public Key.
Definition: cryptlib.h:2238
const NameValuePairs & g_nullNameValuePairs
An empty set of name-value pairs.
Definition: cryptlib.cpp:79
Implementation of schemes based on DL over GF(p)
Classes for the DSA signature algorithm.
Miscellaneous classes for RNGs.
virtual size_t SignMessage(RandomNumberGenerator &rng, const byte *message, size_t messageLen, byte *signature) const
Sign a message.
Definition: cryptlib.cpp:875
Diffie-Hellman domain.
Definition: dh.h:23
Data structure used to store byte strings.
Definition: queue.h:20
virtual unsigned int PrivateKeyLength() const =0
Provides the size of the private key.
Classes and functions for working with ANS.1 objects.
virtual bool Agree(byte *agreedValue, const byte *privateKey, const byte *otherPublicKey, bool validateOtherPublicKey=true) const =0
Derive agreed value.
Elliptic Curve Parameters.
Definition: eccrypto.h:29
RSAES::Decryptor typedef
Definition: rsa.h:199
Implementation of BufferedTransformation's attachment interface.
"The XTR public key system" by Arjen K.
Classes for the RSA cryptosystem.
virtual bool Validate(RandomNumberGenerator &rng, unsigned int level) const =0
Check this object for errors.
Interface for public-key signature verifiers.
Definition: cryptlib.h:2601
BlumBlumShub with factorization of the modulus.
Definition: blumshub.h:42
Classes for Blum Blum Shub generator.
virtual unsigned int StaticPrivateKeyLength() const =0
Provides the size of the static private key.
void GenerateRandomWithKeySize(RandomNumberGenerator &rng, unsigned int keySize)
Generate a random key or crypto parameters.
Definition: cryptlib.cpp:771
std::string IntToString(T value, unsigned int base=10)
Converts a value to a string.
Definition: misc.h:494
RSA encryption algorithm.
Definition: rsa.h:165
virtual unsigned int PublicKeyLength() const =0
Provides the size of the public key.
virtual unsigned int EphemeralPrivateKeyLength() const =0
Provides the size of ephemeral private key.
bool isValidCoding
Flag to indicate the decoding is valid.
Definition: cryptlib.h:257
Classes and functions for Elliptic Curves over prime and binary fields.
Crypto++ library namespace.
Interface for domains of authenticated key agreement protocols.
Definition: cryptlib.h:2740
Elliptic Curve Point.
Definition: ec2n.h:22
virtual void Encrypt(RandomNumberGenerator &rng, const byte *plaintext, size_t plaintextLength, byte *ciphertext, const NameValuePairs &parameters=g_nullNameValuePairs) const =0
Encrypt a byte string.
Classes for Menezes–Qu–Vanstone (MQV) key agreement.
Object Identifier.
Definition: asn.h:158
Classes for access to the operating system's random number generators.
the value is positive or 0
Definition: integer.h:57
#define SIZE_MAX
The maximum value of a machine word.
Definition: misc.h:78
Template implementing constructors for public key algorithm classes.
Definition: pubkey.h:2030