Crypto++  5.6.5
Free C++ class library of cryptographic schemes
validat2.cpp
1 // validat2.cpp - written and placed in the public domain by Wei Dai
2 
3 #include "pch.h"
4 
5 #define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1
6 
7 #include "cryptlib.h"
8 #include "gfpcrypt.h"
9 #include "eccrypto.h"
10 #include "blumshub.h"
11 #include "filters.h"
12 #include "files.h"
13 #include "rsa.h"
14 #include "md2.h"
15 #include "elgamal.h"
16 #include "nr.h"
17 #include "dsa.h"
18 #include "dh.h"
19 #include "mqv.h"
20 #include "hmqv.h"
21 #include "fhmqv.h"
22 #include "luc.h"
23 #include "xtrcrypt.h"
24 #include "rabin.h"
25 #include "rw.h"
26 #include "eccrypto.h"
27 #include "integer.h"
28 #include "gf2n.h"
29 #include "ecp.h"
30 #include "ec2n.h"
31 #include "asn.h"
32 #include "rng.h"
33 #include "hex.h"
34 #include "oids.h"
35 #include "esign.h"
36 #include "osrng.h"
37 #include "smartptr.h"
38 
39 #include <iostream>
40 #include <sstream>
41 #include <iomanip>
42 
43 #include "validate.h"
44 
45 // Aggressive stack checking with VS2005 SP1 and above.
46 #if (CRYPTOPP_MSC_VERSION >= 1410)
47 # pragma strict_gs_check (on)
48 #endif
49 
50 // Quiet deprecated warnings intended to benefit users.
51 #if CRYPTOPP_MSC_VERSION
52 # pragma warning(disable: 4996)
53 #endif
54 
55 #if CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE
56 # pragma GCC diagnostic ignored "-Wdeprecated-declarations"
57 #endif
58 
59 USING_NAMESPACE(CryptoPP)
60 
61 class FixedRNG : public RandomNumberGenerator
62 {
63 public:
64  FixedRNG(BufferedTransformation &source) : m_source(source) {}
65 
66  void GenerateBlock(byte *output, size_t size)
67  {
68  m_source.Get(output, size);
69  }
70 
71 private:
72  BufferedTransformation &m_source;
73 };
74 
75 bool ValidateBBS()
76 {
77  std::cout << "\nBlumBlumShub validation suite running...\n\n";
78 
79  Integer p("212004934506826557583707108431463840565872545889679278744389317666981496005411448865750399674653351");
80  Integer q("100677295735404212434355574418077394581488455772477016953458064183204108039226017738610663984508231");
81  Integer seed("63239752671357255800299643604761065219897634268887145610573595874544114193025997412441121667211431");
82  BlumBlumShub bbs(p, q, seed);
83  bool pass = true, fail;
84  int j;
85 
86  static const byte output1[] = {
87  0x49,0xEA,0x2C,0xFD,0xB0,0x10,0x64,0xA0,0xBB,0xB9,
88  0x2A,0xF1,0x01,0xDA,0xC1,0x8A,0x94,0xF7,0xB7,0xCE};
89  static const byte output2[] = {
90  0x74,0x45,0x48,0xAE,0xAC,0xB7,0x0E,0xDF,0xAF,0xD7,
91  0xD5,0x0E,0x8E,0x29,0x83,0x75,0x6B,0x27,0x46,0xA1};
92 
93  // Coverity finding, also see http://stackoverflow.com/a/34509163/608639.
94  StreamState ss(std::cout);
95  byte buf[20];
96 
97  bbs.GenerateBlock(buf, 20);
98  fail = memcmp(output1, buf, 20) != 0;
99  pass = pass && !fail;
100 
101  std::cout << (fail ? "FAILED " : "passed ");
102  for (j=0;j<20;j++)
103  std::cout << std::setw(2) << std::setfill('0') << std::hex << (int)buf[j];
104  std::cout << std::endl;
105 
106  bbs.Seek(10);
107  bbs.GenerateBlock(buf, 10);
108  fail = memcmp(output1+10, buf, 10) != 0;
109  pass = pass && !fail;
110 
111  std::cout << (fail ? "FAILED " : "passed ");
112  for (j=0;j<10;j++)
113  std::cout << std::setw(2) << std::setfill('0') << std::hex << (int)buf[j];
114  std::cout << std::endl;
115 
116  bbs.Seek(1234567);
117  bbs.GenerateBlock(buf, 20);
118  fail = memcmp(output2, buf, 20) != 0;
119  pass = pass && !fail;
120 
121  std::cout << (fail ? "FAILED " : "passed ");
122  for (j=0;j<20;j++)
123  std::cout << std::setw(2) << std::setfill('0') << std::hex << (int)buf[j];
124  std::cout << std::endl;
125 
126  return pass;
127 }
128 
129 bool SignatureValidate(PK_Signer &priv, PK_Verifier &pub, bool thorough = false)
130 {
131  bool pass = true, fail;
132 
133  fail = !pub.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2) || !priv.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2);
134  pass = pass && !fail;
135 
136  std::cout << (fail ? "FAILED " : "passed ");
137  std::cout << "signature key validation\n";
138 
139  const byte *message = (byte *)"test message";
140  const int messageLen = 12;
141 
142  SecByteBlock signature(priv.MaxSignatureLength());
143  size_t signatureLength = priv.SignMessage(GlobalRNG(), message, messageLen, signature);
144  fail = !pub.VerifyMessage(message, messageLen, signature, signatureLength);
145  pass = pass && !fail;
146 
147  std::cout << (fail ? "FAILED " : "passed ");
148  std::cout << "signature and verification\n";
149 
150  ++signature[0];
151  fail = pub.VerifyMessage(message, messageLen, signature, signatureLength);
152  pass = pass && !fail;
153 
154  std::cout << (fail ? "FAILED " : "passed ");
155  std::cout << "checking invalid signature" << std::endl;
156 
157  if (priv.MaxRecoverableLength() > 0)
158  {
159  signatureLength = priv.SignMessageWithRecovery(GlobalRNG(), message, messageLen, NULL, 0, signature);
160  SecByteBlock recovered(priv.MaxRecoverableLengthFromSignatureLength(signatureLength));
161  DecodingResult result = pub.RecoverMessage(recovered, NULL, 0, signature, signatureLength);
162  fail = !(result.isValidCoding && result.messageLength == messageLen && memcmp(recovered, message, messageLen) == 0);
163  pass = pass && !fail;
164 
165  std::cout << (fail ? "FAILED " : "passed ");
166  std::cout << "signature and verification with recovery" << std::endl;
167 
168  ++signature[0];
169  result = pub.RecoverMessage(recovered, NULL, 0, signature, signatureLength);
170  fail = result.isValidCoding;
171  pass = pass && !fail;
172 
173  std::cout << (fail ? "FAILED " : "passed ");
174  std::cout << "recovery with invalid signature" << std::endl;
175  }
176 
177  return pass;
178 }
179 
180 bool CryptoSystemValidate(PK_Decryptor &priv, PK_Encryptor &pub, bool thorough)
181 {
182  bool pass = true, fail;
183 
184  fail = !pub.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2) || !priv.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2);
185  pass = pass && !fail;
186 
187  std::cout << (fail ? "FAILED " : "passed ");
188  std::cout << "cryptosystem key validation\n";
189 
190  const byte *message = (byte *)"test message";
191  const int messageLen = 12;
192  SecByteBlock ciphertext(priv.CiphertextLength(messageLen));
193  SecByteBlock plaintext(priv.MaxPlaintextLength(ciphertext.size()));
194 
195  pub.Encrypt(GlobalRNG(), message, messageLen, ciphertext);
196  fail = priv.Decrypt(GlobalRNG(), ciphertext, priv.CiphertextLength(messageLen), plaintext) != DecodingResult(messageLen);
197  fail = fail || memcmp(message, plaintext, messageLen);
198  pass = pass && !fail;
199 
200  std::cout << (fail ? "FAILED " : "passed ");
201  std::cout << "encryption and decryption\n";
202 
203  return pass;
204 }
205 
206 bool SimpleKeyAgreementValidate(SimpleKeyAgreementDomain &d)
207 {
208  if (d.GetCryptoParameters().Validate(GlobalRNG(), 3))
209  std::cout << "passed simple key agreement domain parameters validation" << std::endl;
210  else
211  {
212  std::cout << "FAILED simple key agreement domain parameters invalid" << std::endl;
213  return false;
214  }
215 
216  SecByteBlock priv1(d.PrivateKeyLength()), priv2(d.PrivateKeyLength());
217  SecByteBlock pub1(d.PublicKeyLength()), pub2(d.PublicKeyLength());
218  SecByteBlock val1(d.AgreedValueLength()), val2(d.AgreedValueLength());
219 
220  d.GenerateKeyPair(GlobalRNG(), priv1, pub1);
221  d.GenerateKeyPair(GlobalRNG(), priv2, pub2);
222 
223  memset(val1.begin(), 0x10, val1.size());
224  memset(val2.begin(), 0x11, val2.size());
225 
226  if (!(d.Agree(val1, priv1, pub2) && d.Agree(val2, priv2, pub1)))
227  {
228  std::cout << "FAILED simple key agreement failed" << std::endl;
229  return false;
230  }
231 
232  if (memcmp(val1.begin(), val2.begin(), d.AgreedValueLength()))
233  {
234  std::cout << "FAILED simple agreed values not equal" << std::endl;
235  return false;
236  }
237 
238  std::cout << "passed simple key agreement" << std::endl;
239  return true;
240 }
241 
242 bool AuthenticatedKeyAgreementValidate(AuthenticatedKeyAgreementDomain &d)
243 {
244  if (d.GetCryptoParameters().Validate(GlobalRNG(), 3))
245  std::cout << "passed authenticated key agreement domain parameters validation" << std::endl;
246  else
247  {
248  std::cout << "FAILED authenticated key agreement domain parameters invalid" << std::endl;
249  return false;
250  }
251 
256  SecByteBlock val1(d.AgreedValueLength()), val2(d.AgreedValueLength());
257 
258  d.GenerateStaticKeyPair(GlobalRNG(), spriv1, spub1);
259  d.GenerateStaticKeyPair(GlobalRNG(), spriv2, spub2);
260  d.GenerateEphemeralKeyPair(GlobalRNG(), epriv1, epub1);
261  d.GenerateEphemeralKeyPair(GlobalRNG(), epriv2, epub2);
262 
263  memset(val1.begin(), 0x10, val1.size());
264  memset(val2.begin(), 0x11, val2.size());
265 
266  if (!(d.Agree(val1, spriv1, epriv1, spub2, epub2) && d.Agree(val2, spriv2, epriv2, spub1, epub1)))
267  {
268  std::cout << "FAILED authenticated key agreement failed" << std::endl;
269  return false;
270  }
271 
272  if (memcmp(val1.begin(), val2.begin(), d.AgreedValueLength()))
273  {
274  std::cout << "FAILED authenticated agreed values not equal" << std::endl;
275  return false;
276  }
277 
278  std::cout << "passed authenticated key agreement" << std::endl;
279  return true;
280 }
281 
282 bool ValidateRSA()
283 {
284  std::cout << "\nRSA validation suite running...\n\n";
285 
286  byte out[100], outPlain[100];
287  bool pass = true, fail;
288 
289  {
290  const char *plain = "Everyone gets Friday off.";
291  static const byte signature[] =
292  "\x05\xfa\x6a\x81\x2f\xc7\xdf\x8b\xf4\xf2\x54\x25\x09\xe0\x3e\x84"
293  "\x6e\x11\xb9\xc6\x20\xbe\x20\x09\xef\xb4\x40\xef\xbc\xc6\x69\x21"
294  "\x69\x94\xac\x04\xf3\x41\xb5\x7d\x05\x20\x2d\x42\x8f\xb2\xa2\x7b"
295  "\x5c\x77\xdf\xd9\xb1\x5b\xfc\x3d\x55\x93\x53\x50\x34\x10\xc1\xe1";
296 
297  FileSource keys(CRYPTOPP_DATA_DIR "TestData/rsa512a.dat", true, new HexDecoder);
298  Weak::RSASSA_PKCS1v15_MD2_Signer rsaPriv(keys);
299  Weak::RSASSA_PKCS1v15_MD2_Verifier rsaPub(rsaPriv);
300 
301  size_t signatureLength = rsaPriv.SignMessage(GlobalRNG(), (byte *)plain, strlen(plain), out);
302  fail = memcmp(signature, out, 64) != 0;
303  pass = pass && !fail;
304 
305  std::cout << (fail ? "FAILED " : "passed ");
306  std::cout << "signature check against test vector\n";
307 
308  fail = !rsaPub.VerifyMessage((byte *)plain, strlen(plain), out, signatureLength);
309  pass = pass && !fail;
310 
311  std::cout << (fail ? "FAILED " : "passed ");
312  std::cout << "verification check against test vector\n";
313 
314  out[10]++;
315  fail = rsaPub.VerifyMessage((byte *)plain, strlen(plain), out, signatureLength);
316  pass = pass && !fail;
317 
318  std::cout << (fail ? "FAILED " : "passed ");
319  std::cout << "invalid signature verification\n";
320  }
321  {
322  FileSource keys(CRYPTOPP_DATA_DIR "TestData/rsa1024.dat", true, new HexDecoder);
323  RSAES_PKCS1v15_Decryptor rsaPriv(keys);
324  RSAES_PKCS1v15_Encryptor rsaPub(rsaPriv);
325 
326  pass = CryptoSystemValidate(rsaPriv, rsaPub) && pass;
327  }
328  {
329  RSAES<OAEP<SHA> >::Decryptor rsaPriv(GlobalRNG(), 512);
330  RSAES<OAEP<SHA> >::Encryptor rsaPub(rsaPriv);
331 
332  pass = CryptoSystemValidate(rsaPriv, rsaPub) && pass;
333  }
334  {
335  byte *plain = (byte *)
336  "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
337  static const byte encrypted[] =
338  "\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a"
339  "\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4"
340  "\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52"
341  "\x62\x51";
342  static const byte oaepSeed[] =
343  "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2"
344  "\xf0\x6c\xb5\x8f";
345  ByteQueue bq;
346  bq.Put(oaepSeed, 20);
347  FixedRNG rng(bq);
348 
349  FileSource privFile(CRYPTOPP_DATA_DIR "TestData/rsa400pv.dat", true, new HexDecoder);
350  FileSource pubFile(CRYPTOPP_DATA_DIR "TestData/rsa400pb.dat", true, new HexDecoder);
351  RSAES_OAEP_SHA_Decryptor rsaPriv;
352  rsaPriv.AccessKey().BERDecodePrivateKey(privFile, false, 0);
353  RSAES_OAEP_SHA_Encryptor rsaPub(pubFile);
354 
355  memset(out, 0, 50);
356  memset(outPlain, 0, 8);
357  rsaPub.Encrypt(rng, plain, 8, out);
358  DecodingResult result = rsaPriv.FixedLengthDecrypt(GlobalRNG(), encrypted, outPlain);
359  fail = !result.isValidCoding || (result.messageLength!=8) || memcmp(out, encrypted, 50) || memcmp(plain, outPlain, 8);
360  pass = pass && !fail;
361 
362  std::cout << (fail ? "FAILED " : "passed ");
363  std::cout << "PKCS 2.0 encryption and decryption\n";
364  }
365 
366  return pass;
367 }
368 
369 bool ValidateDH()
370 {
371  std::cout << "\nDH validation suite running...\n\n";
372 
373  FileSource f(CRYPTOPP_DATA_DIR "TestData/dh1024.dat", true, new HexDecoder());
374  DH dh(f);
375  return SimpleKeyAgreementValidate(dh);
376 }
377 
378 bool ValidateMQV()
379 {
380  std::cout << "\nMQV validation suite running...\n\n";
381 
382  FileSource f(CRYPTOPP_DATA_DIR "TestData/mqv1024.dat", true, new HexDecoder());
383  MQV mqv(f);
384  return AuthenticatedKeyAgreementValidate(mqv);
385 }
386 
387 bool ValidateHMQV()
388 {
389  std::cout << "\nHMQV validation suite running...\n\n";
390 
391  //ECHMQV< ECP >::Domain hmqvB(false /*server*/);
392  ECHMQV256 hmqvB(false);
393  FileSource f256(CRYPTOPP_DATA_DIR "TestData/hmqv256.dat", true, new HexDecoder());
394  FileSource f384(CRYPTOPP_DATA_DIR "TestData/hmqv384.dat", true, new HexDecoder());
395  FileSource f512(CRYPTOPP_DATA_DIR "TestData/hmqv512.dat", true, new HexDecoder());
396  hmqvB.AccessGroupParameters().BERDecode(f256);
397 
398  std::cout << "HMQV with NIST P-256 and SHA-256:" << std::endl;
399 
400  if (hmqvB.GetCryptoParameters().Validate(GlobalRNG(), 3))
401  std::cout << "passed authenticated key agreement domain parameters validation (server)" << std::endl;
402  else
403  {
404  std::cout << "FAILED authenticated key agreement domain parameters invalid (server)" << std::endl;
405  return false;
406  }
407 
408  const OID oid = ASN1::secp256r1();
409  ECHMQV< ECP >::Domain hmqvA(oid, true /*client*/);
410 
411  if (hmqvA.GetCryptoParameters().Validate(GlobalRNG(), 3))
412  std::cout << "passed authenticated key agreement domain parameters validation (client)" << std::endl;
413  else
414  {
415  std::cout << "FAILED authenticated key agreement domain parameters invalid (client)" << std::endl;
416  return false;
417  }
418 
419  SecByteBlock sprivA(hmqvA.StaticPrivateKeyLength()), sprivB(hmqvB.StaticPrivateKeyLength());
420  SecByteBlock eprivA(hmqvA.EphemeralPrivateKeyLength()), eprivB(hmqvB.EphemeralPrivateKeyLength());
421  SecByteBlock spubA(hmqvA.StaticPublicKeyLength()), spubB(hmqvB.StaticPublicKeyLength());
422  SecByteBlock epubA(hmqvA.EphemeralPublicKeyLength()), epubB(hmqvB.EphemeralPublicKeyLength());
423  SecByteBlock valA(hmqvA.AgreedValueLength()), valB(hmqvB.AgreedValueLength());
424 
425  hmqvA.GenerateStaticKeyPair(GlobalRNG(), sprivA, spubA);
426  hmqvB.GenerateStaticKeyPair(GlobalRNG(), sprivB, spubB);
427  hmqvA.GenerateEphemeralKeyPair(GlobalRNG(), eprivA, epubA);
428  hmqvB.GenerateEphemeralKeyPair(GlobalRNG(), eprivB, epubB);
429 
430  memset(valA.begin(), 0x00, valA.size());
431  memset(valB.begin(), 0x11, valB.size());
432 
433  if (!(hmqvA.Agree(valA, sprivA, eprivA, spubB, epubB) && hmqvB.Agree(valB, sprivB, eprivB, spubA, epubA)))
434  {
435  std::cout << "FAILED authenticated key agreement failed" << std::endl;
436  return false;
437  }
438 
439  if (memcmp(valA.begin(), valB.begin(), hmqvA.AgreedValueLength()))
440  {
441  std::cout << "FAILED authenticated agreed values not equal" << std::endl;
442  return false;
443  }
444 
445  std::cout << "passed authenticated key agreement" << std::endl;
446 
447  // Now test HMQV with NIST P-384 curve and SHA384 hash
448  std::cout << std::endl;
449  std::cout << "HMQV with NIST P-384 and SHA-384:" << std::endl;
450 
451  ECHMQV384 hmqvB384(false);
452  hmqvB384.AccessGroupParameters().BERDecode(f384);
453 
454  if (hmqvB384.GetCryptoParameters().Validate(GlobalRNG(), 3))
455  std::cout << "passed authenticated key agreement domain parameters validation (server)" << std::endl;
456  else
457  {
458  std::cout << "FAILED authenticated key agreement domain parameters invalid (server)" << std::endl;
459  return false;
460  }
461 
462  const OID oid384 = ASN1::secp384r1();
463  ECHMQV384 hmqvA384(oid384, true /*client*/);
464 
465  if (hmqvA384.GetCryptoParameters().Validate(GlobalRNG(), 3))
466  std::cout << "passed authenticated key agreement domain parameters validation (client)" << std::endl;
467  else
468  {
469  std::cout << "FAILED authenticated key agreement domain parameters invalid (client)" << std::endl;
470  return false;
471  }
472 
473  SecByteBlock sprivA384(hmqvA384.StaticPrivateKeyLength()), sprivB384(hmqvB384.StaticPrivateKeyLength());
474  SecByteBlock eprivA384(hmqvA384.EphemeralPrivateKeyLength()), eprivB384(hmqvB384.EphemeralPrivateKeyLength());
475  SecByteBlock spubA384(hmqvA384.StaticPublicKeyLength()), spubB384(hmqvB384.StaticPublicKeyLength());
476  SecByteBlock epubA384(hmqvA384.EphemeralPublicKeyLength()), epubB384(hmqvB384.EphemeralPublicKeyLength());
477  SecByteBlock valA384(hmqvA384.AgreedValueLength()), valB384(hmqvB384.AgreedValueLength());
478 
479  hmqvA384.GenerateStaticKeyPair(GlobalRNG(), sprivA384, spubA384);
480  hmqvB384.GenerateStaticKeyPair(GlobalRNG(), sprivB384, spubB384);
481  hmqvA384.GenerateEphemeralKeyPair(GlobalRNG(), eprivA384, epubA384);
482  hmqvB384.GenerateEphemeralKeyPair(GlobalRNG(), eprivB384, epubB384);
483 
484  memset(valA384.begin(), 0x00, valA384.size());
485  memset(valB384.begin(), 0x11, valB384.size());
486 
487  if (!(hmqvA384.Agree(valA384, sprivA384, eprivA384, spubB384, epubB384) && hmqvB384.Agree(valB384, sprivB384, eprivB384, spubA384, epubA384)))
488  {
489  std::cout << "FAILED authenticated key agreement failed" << std::endl;
490  return false;
491  }
492 
493  if (memcmp(valA384.begin(), valB384.begin(), hmqvA384.AgreedValueLength()))
494  {
495  std::cout << "FAILED authenticated agreed values not equal" << std::endl;
496  return false;
497  }
498 
499  std::cout << "passed authenticated key agreement" << std::endl;
500 
501  return true;
502 }
503 
504 bool ValidateFHMQV()
505 {
506  std::cout << "\nFHMQV validation suite running...\n\n";
507 
508  //ECFHMQV< ECP >::Domain fhmqvB(false /*server*/);
509  ECFHMQV256 fhmqvB(false);
510  FileSource f256(CRYPTOPP_DATA_DIR "TestData/fhmqv256.dat", true, new HexDecoder());
511  FileSource f384(CRYPTOPP_DATA_DIR "TestData/fhmqv384.dat", true, new HexDecoder());
512  FileSource f512(CRYPTOPP_DATA_DIR "TestData/fhmqv512.dat", true, new HexDecoder());
513  fhmqvB.AccessGroupParameters().BERDecode(f256);
514 
515  std::cout << "FHMQV with NIST P-256 and SHA-256:" << std::endl;
516 
517  if (fhmqvB.GetCryptoParameters().Validate(GlobalRNG(), 3))
518  std::cout << "passed authenticated key agreement domain parameters validation (server)" << std::endl;
519  else
520  {
521  std::cout << "FAILED authenticated key agreement domain parameters invalid (server)" << std::endl;
522  return false;
523  }
524 
525  const OID oid = ASN1::secp256r1();
526  ECFHMQV< ECP >::Domain fhmqvA(oid, true /*client*/);
527 
528  if (fhmqvA.GetCryptoParameters().Validate(GlobalRNG(), 3))
529  std::cout << "passed authenticated key agreement domain parameters validation (client)" << std::endl;
530  else
531  {
532  std::cout << "FAILED authenticated key agreement domain parameters invalid (client)" << std::endl;
533  return false;
534  }
535 
536  SecByteBlock sprivA(fhmqvA.StaticPrivateKeyLength()), sprivB(fhmqvB.StaticPrivateKeyLength());
537  SecByteBlock eprivA(fhmqvA.EphemeralPrivateKeyLength()), eprivB(fhmqvB.EphemeralPrivateKeyLength());
538  SecByteBlock spubA(fhmqvA.StaticPublicKeyLength()), spubB(fhmqvB.StaticPublicKeyLength());
539  SecByteBlock epubA(fhmqvA.EphemeralPublicKeyLength()), epubB(fhmqvB.EphemeralPublicKeyLength());
540  SecByteBlock valA(fhmqvA.AgreedValueLength()), valB(fhmqvB.AgreedValueLength());
541 
542  fhmqvA.GenerateStaticKeyPair(GlobalRNG(), sprivA, spubA);
543  fhmqvB.GenerateStaticKeyPair(GlobalRNG(), sprivB, spubB);
544  fhmqvA.GenerateEphemeralKeyPair(GlobalRNG(), eprivA, epubA);
545  fhmqvB.GenerateEphemeralKeyPair(GlobalRNG(), eprivB, epubB);
546 
547  memset(valA.begin(), 0x00, valA.size());
548  memset(valB.begin(), 0x11, valB.size());
549 
550  if (!(fhmqvA.Agree(valA, sprivA, eprivA, spubB, epubB) && fhmqvB.Agree(valB, sprivB, eprivB, spubA, epubA)))
551  {
552  std::cout << "FAILED authenticated key agreement failed" << std::endl;
553  return false;
554  }
555 
556  if (memcmp(valA.begin(), valB.begin(), fhmqvA.AgreedValueLength()))
557  {
558  std::cout << "FAILED authenticated agreed values not equal" << std::endl;
559  return false;
560  }
561 
562  std::cout << "passed authenticated key agreement" << std::endl;
563 
564  // Now test FHMQV with NIST P-384 curve and SHA384 hash
565  std::cout << std::endl;
566  std::cout << "FHMQV with NIST P-384 and SHA-384:" << std::endl;
567 
568  ECHMQV384 fhmqvB384(false);
569  fhmqvB384.AccessGroupParameters().BERDecode(f384);
570 
571  if (fhmqvB384.GetCryptoParameters().Validate(GlobalRNG(), 3))
572  std::cout << "passed authenticated key agreement domain parameters validation (server)" << std::endl;
573  else
574  {
575  std::cout << "FAILED authenticated key agreement domain parameters invalid (server)" << std::endl;
576  return false;
577  }
578 
579  const OID oid384 = ASN1::secp384r1();
580  ECHMQV384 fhmqvA384(oid384, true /*client*/);
581 
582  if (fhmqvA384.GetCryptoParameters().Validate(GlobalRNG(), 3))
583  std::cout << "passed authenticated key agreement domain parameters validation (client)" << std::endl;
584  else
585  {
586  std::cout << "FAILED authenticated key agreement domain parameters invalid (client)" << std::endl;
587  return false;
588  }
589 
590  SecByteBlock sprivA384(fhmqvA384.StaticPrivateKeyLength()), sprivB384(fhmqvB384.StaticPrivateKeyLength());
591  SecByteBlock eprivA384(fhmqvA384.EphemeralPrivateKeyLength()), eprivB384(fhmqvB384.EphemeralPrivateKeyLength());
592  SecByteBlock spubA384(fhmqvA384.StaticPublicKeyLength()), spubB384(fhmqvB384.StaticPublicKeyLength());
593  SecByteBlock epubA384(fhmqvA384.EphemeralPublicKeyLength()), epubB384(fhmqvB384.EphemeralPublicKeyLength());
594  SecByteBlock valA384(fhmqvA384.AgreedValueLength()), valB384(fhmqvB384.AgreedValueLength());
595 
596  fhmqvA384.GenerateStaticKeyPair(GlobalRNG(), sprivA384, spubA384);
597  fhmqvB384.GenerateStaticKeyPair(GlobalRNG(), sprivB384, spubB384);
598  fhmqvA384.GenerateEphemeralKeyPair(GlobalRNG(), eprivA384, epubA384);
599  fhmqvB384.GenerateEphemeralKeyPair(GlobalRNG(), eprivB384, epubB384);
600 
601  memset(valA384.begin(), 0x00, valA384.size());
602  memset(valB384.begin(), 0x11, valB384.size());
603 
604  if (!(fhmqvA384.Agree(valA384, sprivA384, eprivA384, spubB384, epubB384) && fhmqvB384.Agree(valB384, sprivB384, eprivB384, spubA384, epubA384)))
605  {
606  std::cout << "FAILED authenticated key agreement failed" << std::endl;
607  return false;
608  }
609 
610  if (memcmp(valA384.begin(), valB384.begin(), fhmqvA384.AgreedValueLength()))
611  {
612  std::cout << "FAILED authenticated agreed values not equal" << std::endl;
613  return false;
614  }
615 
616  std::cout << "passed authenticated key agreement" << std::endl;
617 
618  return true;
619 }
620 
621 bool ValidateLUC_DH()
622 {
623  std::cout << "\nLUC-DH validation suite running...\n\n";
624 
625  FileSource f(CRYPTOPP_DATA_DIR "TestData/lucd512.dat", true, new HexDecoder());
626  LUC_DH dh(f);
627  return SimpleKeyAgreementValidate(dh);
628 }
629 
630 bool ValidateXTR_DH()
631 {
632  std::cout << "\nXTR-DH validation suite running...\n\n";
633 
634  FileSource f(CRYPTOPP_DATA_DIR "TestData/xtrdh171.dat", true, new HexDecoder());
635  XTR_DH dh(f);
636  return SimpleKeyAgreementValidate(dh);
637 }
638 
639 bool ValidateElGamal()
640 {
641  std::cout << "\nElGamal validation suite running...\n\n";
642  bool pass = true;
643  {
644  FileSource fc(CRYPTOPP_DATA_DIR "TestData/elgc1024.dat", true, new HexDecoder);
645  ElGamalDecryptor privC(fc);
646  ElGamalEncryptor pubC(privC);
647  privC.AccessKey().Precompute();
648  ByteQueue queue;
649  privC.AccessKey().SavePrecomputation(queue);
650  privC.AccessKey().LoadPrecomputation(queue);
651 
652  pass = CryptoSystemValidate(privC, pubC) && pass;
653  }
654  return pass;
655 }
656 
657 bool ValidateDLIES()
658 {
659  std::cout << "\nDLIES validation suite running...\n\n";
660  bool pass = true;
661  {
662  FileSource fc(CRYPTOPP_DATA_DIR "TestData/dlies1024.dat", true, new HexDecoder);
663  DLIES<>::Decryptor privC(fc);
664  DLIES<>::Encryptor pubC(privC);
665  pass = CryptoSystemValidate(privC, pubC) && pass;
666  }
667  {
668  std::cout << "Generating new encryption key..." << std::endl;
670  gp.GenerateRandomWithKeySize(GlobalRNG(), 128);
671  DLIES<>::Decryptor decryptor;
672  decryptor.AccessKey().GenerateRandom(GlobalRNG(), gp);
673  DLIES<>::Encryptor encryptor(decryptor);
674 
675  pass = CryptoSystemValidate(decryptor, encryptor) && pass;
676  }
677  return pass;
678 }
679 
680 bool ValidateNR()
681 {
682  std::cout << "\nNR validation suite running...\n\n";
683  bool pass = true;
684  {
685  FileSource f(CRYPTOPP_DATA_DIR "TestData/nr2048.dat", true, new HexDecoder);
686  NR<SHA>::Signer privS(f);
687  privS.AccessKey().Precompute();
688  NR<SHA>::Verifier pubS(privS);
689 
690  pass = SignatureValidate(privS, pubS) && pass;
691  }
692  {
693  std::cout << "Generating new signature key..." << std::endl;
694  NR<SHA>::Signer privS(GlobalRNG(), 256);
695  NR<SHA>::Verifier pubS(privS);
696 
697  pass = SignatureValidate(privS, pubS) && pass;
698  }
699  return pass;
700 }
701 
702 bool ValidateDSA(bool thorough)
703 {
704  std::cout << "\nDSA validation suite running...\n\n";
705 
706  bool pass = true;
707  FileSource fs1(CRYPTOPP_DATA_DIR "TestData/dsa1024.dat", true, new HexDecoder());
708  DSA::Signer priv(fs1);
709  DSA::Verifier pub(priv);
710  FileSource fs2(CRYPTOPP_DATA_DIR "TestData/dsa1024b.dat", true, new HexDecoder());
711  DSA::Verifier pub1(fs2);
712  CRYPTOPP_ASSERT(pub.GetKey() == pub1.GetKey());
713  pass = SignatureValidate(priv, pub, thorough) && pass;
714  pass = RunTestDataFile(CRYPTOPP_DATA_DIR "TestVectors/dsa.txt", g_nullNameValuePairs, thorough) && pass;
715 
716  return pass;
717 }
718 
719 bool ValidateLUC()
720 {
721  std::cout << "\nLUC validation suite running...\n\n";
722  bool pass=true;
723 
724  {
725  FileSource f(CRYPTOPP_DATA_DIR "TestData/luc1024.dat", true, new HexDecoder);
728  pass = SignatureValidate(priv, pub) && pass;
729  }
730  {
731  LUCES_OAEP_SHA_Decryptor priv(GlobalRNG(), 512);
732  LUCES_OAEP_SHA_Encryptor pub(priv);
733  pass = CryptoSystemValidate(priv, pub) && pass;
734  }
735  return pass;
736 }
737 
738 bool ValidateLUC_DL()
739 {
740  std::cout << "\nLUC-HMP validation suite running...\n\n";
741 
742  FileSource f(CRYPTOPP_DATA_DIR "TestData/lucs512.dat", true, new HexDecoder);
743  LUC_HMP<SHA>::Signer privS(f);
744  LUC_HMP<SHA>::Verifier pubS(privS);
745  bool pass = SignatureValidate(privS, pubS);
746 
747  std::cout << "\nLUC-IES validation suite running...\n\n";
748 
749  FileSource fc(CRYPTOPP_DATA_DIR "TestData/lucc512.dat", true, new HexDecoder);
750  LUC_IES<>::Decryptor privC(fc);
751  LUC_IES<>::Encryptor pubC(privC);
752  pass = CryptoSystemValidate(privC, pubC) && pass;
753 
754  return pass;
755 }
756 
757 bool ValidateRabin()
758 {
759  std::cout << "\nRabin validation suite running...\n\n";
760  bool pass=true;
761 
762  {
763  FileSource f(CRYPTOPP_DATA_DIR "TestData/rabi1024.dat", true, new HexDecoder);
766  pass = SignatureValidate(priv, pub) && pass;
767  }
768  {
769  RabinES<OAEP<SHA> >::Decryptor priv(GlobalRNG(), 512);
770  RabinES<OAEP<SHA> >::Encryptor pub(priv);
771  pass = CryptoSystemValidate(priv, pub) && pass;
772  }
773  return pass;
774 }
775 
776 bool ValidateRW()
777 {
778  std::cout << "\nRW validation suite running...\n\n";
779 
780  FileSource f(CRYPTOPP_DATA_DIR "TestData/rw1024.dat", true, new HexDecoder);
781  RWSS<PSSR, SHA>::Signer priv(f);
782  RWSS<PSSR, SHA>::Verifier pub(priv);
783 
784  return SignatureValidate(priv, pub);
785 }
786 
787 /*
788 bool ValidateBlumGoldwasser()
789 {
790  std::cout << "\nBlumGoldwasser validation suite running...\n\n";
791 
792  FileSource f(CRYPTOPP_DATA_DIR "TestData/blum512.dat", true, new HexDecoder);
793  BlumGoldwasserPrivateKey priv(f);
794  BlumGoldwasserPublicKey pub(priv);
795 
796  return CryptoSystemValidate(priv, pub);
797 }
798 */
799 
800 #if CRYPTOPP_DEBUG && !defined(CRYPTOPP_IMPORTS)
801 // Issue 64: "PolynomialMod2::operator<<=", http://github.com/weidai11/cryptopp/issues/64
802 bool TestPolynomialMod2()
803 {
804  bool pass1 = true, pass2 = true, pass3 = true;
805 
806  std::cout << "\nTesting PolynomialMod2 bit operations...\n\n";
807 
808  static const unsigned int start = 0;
809  static const unsigned int stop = 4 * WORD_BITS + 1;
810 
811  for (unsigned int i=start; i < stop; i++)
812  {
813  PolynomialMod2 p(1);
814  p <<= i;
815 
816  Integer n(Integer::One());
817  n <<= i;
818 
819  std::ostringstream oss1;
820  oss1 << p;
821 
822  std::string str1, str2;
823 
824  // str1 needs the commas removed used for grouping
825  str1 = oss1.str();
826  str1.erase(std::remove(str1.begin(), str1.end(), ','), str1.end());
827 
828  // str1 needs the trailing 'b' removed
829  str1.erase(str1.end() - 1);
830 
831  // str2 is fine as-is
832  str2 = IntToString(n, 2);
833 
834  pass1 &= (str1 == str2);
835  }
836 
837  for (unsigned int i=start; i < stop; i++)
838  {
839  const word w((word)SIZE_MAX);
840 
841  PolynomialMod2 p(w);
842  p <<= i;
843 
844  Integer n(Integer::POSITIVE, static_cast<lword>(w));
845  n <<= i;
846 
847  std::ostringstream oss1;
848  oss1 << p;
849 
850  std::string str1, str2;
851 
852  // str1 needs the commas removed used for grouping
853  str1 = oss1.str();
854  str1.erase(std::remove(str1.begin(), str1.end(), ','), str1.end());
855 
856  // str1 needs the trailing 'b' removed
857  str1.erase(str1.end() - 1);
858 
859  // str2 is fine as-is
860  str2 = IntToString(n, 2);
861 
862  pass2 &= (str1 == str2);
863  }
864 
865  RandomNumberGenerator& prng = GlobalRNG();
866  for (unsigned int i=start; i < stop; i++)
867  {
868  word w; // Cast to lword due to Visual Studio
869  prng.GenerateBlock((byte*)&w, sizeof(w));
870 
871  PolynomialMod2 p(w);
872  p <<= i;
873 
874  Integer n(Integer::POSITIVE, static_cast<lword>(w));
875  n <<= i;
876 
877  std::ostringstream oss1;
878  oss1 << p;
879 
880  std::string str1, str2;
881 
882  // str1 needs the commas removed used for grouping
883  str1 = oss1.str();
884  str1.erase(std::remove(str1.begin(), str1.end(), ','), str1.end());
885 
886  // str1 needs the trailing 'b' removed
887  str1.erase(str1.end() - 1);
888 
889  // str2 is fine as-is
890  str2 = IntToString(n, 2);
891 
892  if (str1 != str2)
893  {
894  std::cout << " Oops..." << "\n";
895  std::cout << " random: " << std::hex << n << std::dec << "\n";
896  std::cout << " str1: " << str1 << "\n";
897  std::cout << " str2: " << str2 << "\n";
898  }
899 
900  pass3 &= (str1 == str2);
901  }
902 
903  std::cout << (!pass1 ? "FAILED" : "passed") << ": " << "1 shifted over range [" << std::dec << start << "," << stop << "]" << "\n";
904  std::cout << (!pass2 ? "FAILED" : "passed") << ": " << "0x" << std::hex << word(SIZE_MAX) << std::dec << " shifted over range [" << start << "," << stop << "]" << "\n";
905  std::cout << (!pass3 ? "FAILED" : "passed") << ": " << "random values shifted over range [" << std::dec << start << "," << stop << "]" << "\n";
906 
907  if (!(pass1 && pass2 && pass3))
908  std::cout.flush();
909 
910  return pass1 && pass2 && pass3;
911 }
912 #endif
913 
914 bool ValidateECP()
915 {
916  std::cout << "\nECP validation suite running...\n\n";
917 
918  ECIES<ECP>::Decryptor cpriv(GlobalRNG(), ASN1::secp192r1());
919  ECIES<ECP>::Encryptor cpub(cpriv);
920  ByteQueue bq;
921  cpriv.GetKey().DEREncode(bq);
922  cpub.AccessKey().AccessGroupParameters().SetEncodeAsOID(true);
923  cpub.GetKey().DEREncode(bq);
924  ECDSA<ECP, SHA>::Signer spriv(bq);
925  ECDSA<ECP, SHA>::Verifier spub(bq);
926  ECDH<ECP>::Domain ecdhc(ASN1::secp192r1());
927  ECMQV<ECP>::Domain ecmqvc(ASN1::secp192r1());
928 
929  spriv.AccessKey().Precompute();
930  ByteQueue queue;
931  spriv.AccessKey().SavePrecomputation(queue);
932  spriv.AccessKey().LoadPrecomputation(queue);
933 
934  bool pass = SignatureValidate(spriv, spub);
935  cpub.AccessKey().Precompute();
936  cpriv.AccessKey().Precompute();
937  pass = CryptoSystemValidate(cpriv, cpub) && pass;
938  pass = SimpleKeyAgreementValidate(ecdhc) && pass;
939  pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass;
940 
941  std::cout << "Turning on point compression..." << std::endl;
942  cpriv.AccessKey().AccessGroupParameters().SetPointCompression(true);
943  cpub.AccessKey().AccessGroupParameters().SetPointCompression(true);
944  ecdhc.AccessGroupParameters().SetPointCompression(true);
945  ecmqvc.AccessGroupParameters().SetPointCompression(true);
946  pass = CryptoSystemValidate(cpriv, cpub) && pass;
947  pass = SimpleKeyAgreementValidate(ecdhc) && pass;
948  pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass;
949 
950  std::cout << "Testing SEC 2, NIST, and Brainpool recommended curves..." << std::endl;
951  OID oid;
952  while (!(oid = DL_GroupParameters_EC<ECP>::GetNextRecommendedParametersOID(oid)).m_values.empty())
953  {
954  DL_GroupParameters_EC<ECP> params(oid);
955  bool fail = !params.Validate(GlobalRNG(), 2);
956  std::cout << (fail ? "FAILED" : "passed") << " " << std::dec << params.GetCurve().GetField().MaxElementBitLength() << " bits" << std::endl;
957  pass = pass && !fail;
958  }
959 
960  return pass;
961 }
962 
963 bool ValidateEC2N()
964 {
965  std::cout << "\nEC2N validation suite running...\n\n";
966 
967  ECIES<EC2N>::Decryptor cpriv(GlobalRNG(), ASN1::sect193r1());
968  ECIES<EC2N>::Encryptor cpub(cpriv);
969  ByteQueue bq;
970  cpriv.DEREncode(bq);
971  cpub.AccessKey().AccessGroupParameters().SetEncodeAsOID(true);
972  cpub.DEREncode(bq);
973  ECDSA<EC2N, SHA>::Signer spriv(bq);
975  ECDH<EC2N>::Domain ecdhc(ASN1::sect193r1());
976  ECMQV<EC2N>::Domain ecmqvc(ASN1::sect193r1());
977 
978  spriv.AccessKey().Precompute();
979  ByteQueue queue;
980  spriv.AccessKey().SavePrecomputation(queue);
981  spriv.AccessKey().LoadPrecomputation(queue);
982 
983  bool pass = SignatureValidate(spriv, spub);
984  pass = CryptoSystemValidate(cpriv, cpub) && pass;
985  pass = SimpleKeyAgreementValidate(ecdhc) && pass;
986  pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass;
987 
988  std::cout << "Turning on point compression..." << std::endl;
989  cpriv.AccessKey().AccessGroupParameters().SetPointCompression(true);
990  cpub.AccessKey().AccessGroupParameters().SetPointCompression(true);
991  ecdhc.AccessGroupParameters().SetPointCompression(true);
992  ecmqvc.AccessGroupParameters().SetPointCompression(true);
993  pass = CryptoSystemValidate(cpriv, cpub) && pass;
994  pass = SimpleKeyAgreementValidate(ecdhc) && pass;
995  pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass;
996 
997 #if 0 // TODO: turn this back on when I make EC2N faster for pentanomial basis
998  std::cout << "Testing SEC 2 recommended curves..." << std::endl;
999  OID oid;
1000  while (!(oid = DL_GroupParameters_EC<EC2N>::GetNextRecommendedParametersOID(oid)).m_values.empty())
1001  {
1002  DL_GroupParameters_EC<EC2N> params(oid);
1003  bool fail = !params.Validate(GlobalRNG(), 2);
1004  std::cout << (fail ? "FAILED" : "passed") << " " << params.GetCurve().GetField().MaxElementBitLength() << " bits" << std::endl;
1005  pass = pass && !fail;
1006  }
1007 #endif
1008 
1009  return pass;
1010 }
1011 
1012 bool ValidateECDSA()
1013 {
1014  std::cout << "\nECDSA validation suite running...\n\n";
1015 
1016  // from Sample Test Vectors for P1363
1017  GF2NT gf2n(191, 9, 0);
1018  byte a[]="\x28\x66\x53\x7B\x67\x67\x52\x63\x6A\x68\xF5\x65\x54\xE1\x26\x40\x27\x6B\x64\x9E\xF7\x52\x62\x67";
1019  byte b[]="\x2E\x45\xEF\x57\x1F\x00\x78\x6F\x67\xB0\x08\x1B\x94\x95\xA3\xD9\x54\x62\xF5\xDE\x0A\xA1\x85\xEC";
1020  EC2N ec(gf2n, PolynomialMod2(a,24), PolynomialMod2(b,24));
1021 
1022  EC2N::Point P;
1023  ec.DecodePoint(P, (byte *)"\x04\x36\xB3\xDA\xF8\xA2\x32\x06\xF9\xC4\xF2\x99\xD7\xB2\x1A\x9C\x36\x91\x37\xF2\xC8\x4A\xE1\xAA\x0D"
1024  "\x76\x5B\xE7\x34\x33\xB3\xF9\x5E\x33\x29\x32\xE7\x0E\xA2\x45\xCA\x24\x18\xEA\x0E\xF9\x80\x18\xFB", ec.EncodedPointSize());
1025  Integer n("40000000000000000000000004a20e90c39067c893bbb9a5H");
1026  Integer d("340562e1dda332f9d2aec168249b5696ee39d0ed4d03760fH");
1027  EC2N::Point Q(ec.Multiply(d, P));
1028  ECDSA<EC2N, SHA>::Signer priv(ec, P, n, d);
1029  ECDSA<EC2N, SHA>::Verifier pub(priv);
1030 
1031  Integer h("A9993E364706816ABA3E25717850C26C9CD0D89DH");
1032  Integer k("3eeace72b4919d991738d521879f787cb590aff8189d2b69H");
1033  static const byte sig[]="\x03\x8e\x5a\x11\xfb\x55\xe4\xc6\x54\x71\xdc\xd4\x99\x84\x52\xb1\xe0\x2d\x8a\xf7\x09\x9b\xb9\x30"
1034  "\x0c\x9a\x08\xc3\x44\x68\xc2\x44\xb4\xe5\xd6\xb2\x1b\x3c\x68\x36\x28\x07\x41\x60\x20\x32\x8b\x6e";
1035  Integer r(sig, 24);
1036  Integer s(sig+24, 24);
1037 
1038  Integer rOut, sOut;
1039  bool fail, pass=true;
1040 
1041  priv.RawSign(k, h, rOut, sOut);
1042  fail = (rOut != r) || (sOut != s);
1043  pass = pass && !fail;
1044 
1045  std::cout << (fail ? "FAILED " : "passed ");
1046  std::cout << "signature check against test vector\n";
1047 
1048  fail = !pub.VerifyMessage((byte *)"abc", 3, sig, sizeof(sig));
1049  pass = pass && !fail;
1050 
1051  std::cout << (fail ? "FAILED " : "passed ");
1052  std::cout << "verification check against test vector\n";
1053 
1054  fail = pub.VerifyMessage((byte *)"xyz", 3, sig, sizeof(sig));
1055  pass = pass && !fail;
1056 
1057  pass = SignatureValidate(priv, pub) && pass;
1058 
1059  return pass;
1060 }
1061 
1062 bool ValidateESIGN()
1063 {
1064  std::cout << "\nESIGN validation suite running...\n\n";
1065 
1066  bool pass = true, fail;
1067 
1068  static const char plain[] = "test";
1069  static const byte signature[] =
1070  "\xA3\xE3\x20\x65\xDE\xDA\xE7\xEC\x05\xC1\xBF\xCD\x25\x79\x7D\x99\xCD\xD5\x73\x9D"
1071  "\x9D\xF3\xA4\xAA\x9A\xA4\x5A\xC8\x23\x3D\x0D\x37\xFE\xBC\x76\x3F\xF1\x84\xF6\x59"
1072  "\x14\x91\x4F\x0C\x34\x1B\xAE\x9A\x5C\x2E\x2E\x38\x08\x78\x77\xCB\xDC\x3C\x7E\xA0"
1073  "\x34\x44\x5B\x0F\x67\xD9\x35\x2A\x79\x47\x1A\x52\x37\x71\xDB\x12\x67\xC1\xB6\xC6"
1074  "\x66\x73\xB3\x40\x2E\xD6\xF2\x1A\x84\x0A\xB6\x7B\x0F\xEB\x8B\x88\xAB\x33\xDD\xE4"
1075  "\x83\x21\x90\x63\x2D\x51\x2A\xB1\x6F\xAB\xA7\x5C\xFD\x77\x99\xF2\xE1\xEF\x67\x1A"
1076  "\x74\x02\x37\x0E\xED\x0A\x06\xAD\xF4\x15\x65\xB8\xE1\xD1\x45\xAE\x39\x19\xB4\xFF"
1077  "\x5D\xF1\x45\x7B\xE0\xFE\x72\xED\x11\x92\x8F\x61\x41\x4F\x02\x00\xF2\x76\x6F\x7C"
1078  "\x79\xA2\xE5\x52\x20\x5D\x97\x5E\xFE\x39\xAE\x21\x10\xFB\x35\xF4\x80\x81\x41\x13"
1079  "\xDD\xE8\x5F\xCA\x1E\x4F\xF8\x9B\xB2\x68\xFB\x28";
1080 
1081  FileSource keys(CRYPTOPP_DATA_DIR "TestData/esig1536.dat", true, new HexDecoder);
1082  ESIGN<SHA>::Signer signer(keys);
1083  ESIGN<SHA>::Verifier verifier(signer);
1084 
1085  fail = !SignatureValidate(signer, verifier);
1086  pass = pass && !fail;
1087 
1088  fail = !verifier.VerifyMessage((byte *)plain, strlen(plain), signature, verifier.SignatureLength());
1089  pass = pass && !fail;
1090 
1091  std::cout << (fail ? "FAILED " : "passed ");
1092  std::cout << "verification check against test vector\n";
1093 
1094  std::cout << "Generating signature key from seed..." << std::endl;
1095  signer.AccessKey().GenerateRandom(GlobalRNG(), MakeParameters("Seed", ConstByteArrayParameter((const byte *)"test", 4))("KeySize", 3*512));
1096  verifier = signer;
1097 
1098  fail = !SignatureValidate(signer, verifier);
1099  pass = pass && !fail;
1100 
1101  return pass;
1102 }
Used to pass byte array input as part of a NameValuePairs object.
Definition: algparam.h:29
RSAES::Encryptor typedef
Definition: rsa.h:202
virtual void GenerateEphemeralKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const
Generate private/public key pair.
Definition: cryptlib.cpp:930
Classes for Rabin encryption and signature schemes.
virtual unsigned int StaticPublicKeyLength() const =0
Provides the size of the static public key.
Classes for Fully Hashed Menezes-Qu-Vanstone key agreement in GF(p)
virtual size_t SignMessageWithRecovery(RandomNumberGenerator &rng, const byte *recoverableMessage, size_t recoverableMessageLength, const byte *nonrecoverableMessage, size_t nonrecoverableMessageLength, byte *signature) const
Sign a recoverable message.
Definition: cryptlib.cpp:879
virtual bool VerifyMessage(const byte *message, size_t messageLen, const byte *signature, size_t signatureLen) const
Check whether input signature is a valid signature for input message.
Definition: cryptlib.cpp:894
Classes and functions for ElGamal key agreement and encryption schemes.
virtual DecodingResult Decrypt(RandomNumberGenerator &rng, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs &parameters=g_nullNameValuePairs) const =0
Decrypt a byte string.
virtual void GenerateBlock(byte *output, size_t size)
Generate random array of bytes.
Definition: cryptlib.cpp:326
GF(2^n) with Trinomial Basis.
Definition: gf2n.h:318
virtual unsigned int AgreedValueLength() const =0
Provides the size of the agreed value.
file-based implementation of Source interface
Definition: files.h:55
Classes for Elliptic Curves over prime fields.
Fully Hashed Menezes-Qu-Vanstone in GF(p)
Definition: fhmqv.h:24
Interface for public-key signers.
Definition: cryptlib.h:2548
Interface for public-key encryptors.
Definition: cryptlib.h:2356
RSASS::Verifier typedef
Definition: rsa.h:226
Decode base 16 data back to bytes.
Definition: hex.h:36
Abstract base classes that provide a uniform interface to this library.
Hashed Menezes-Qu-Vanstone in GF(p)
Definition: hmqv.h:23
virtual bool Agree(byte *agreedValue, const byte *staticPrivateKey, const byte *ephemeralPrivateKey, const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey, bool validateStaticOtherPublicKey=true) const =0
Derive agreed value.
GF(p) group parameters that default to same primes.
Definition: gfpcrypt.h:170
ASN.1 object identifiers for algorthms and schemes.
Classes for automatic resource management.
Interface for random number generators.
Definition: cryptlib.h:1193
size_t messageLength
Recovered message length if isValidCoding is true, undefined otherwise.
Definition: cryptlib.h:264
SecBlock typedef.
Definition: secblock.h:731
Interface for buffered transformations.
Definition: cryptlib.h:1359
const CryptoMaterial & GetMaterial() const
Retrieves a reference to a Private Key.
Definition: cryptlib.h:2277
static const Integer & One()
Integer representing 1.
Definition: integer.cpp:3019
This file contains classes that implement the ESIGN signature schemes as defined in IEEE P1363a...
Classes for Hashed Menezes-Qu-Vanstone key agreement in GF(p)
Polynomial with Coefficients in GF(2)
Definition: gf2n.h:18
virtual unsigned int EphemeralPublicKeyLength() const =0
Provides the size of ephemeral public key.
RSASS::Signer typedef
Definition: rsa.h:223
Classes for Elliptic Curves over binary fields.
Rabin encryption.
Definition: rabin.h:94
virtual size_t MaxRecoverableLengthFromSignatureLength(size_t signatureLength) const =0
Provides the length of longest message that can be recovered from a signature of given length...
Interface for domains of simple key agreement protocols.
Definition: cryptlib.h:2689
Returns a decoding results.
Definition: cryptlib.h:241
Classes for Rabin-Williams signature scheme.
Interface for public-key decryptors.
Definition: cryptlib.h:2392
MQV domain for performing authenticated key agreement.
Definition: mqv.h:27
XTR-DH with key validation.
Definition: xtrcrypt.h:16
virtual size_t MaxRecoverableLength() const =0
Provides the length of longest message that can be recovered.
size_t Put(byte inByte, bool blocking=true)
Input a byte for processing.
Definition: cryptlib.h:1385
virtual void GenerateKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const
Generate a private/public key pair.
Definition: cryptlib.cpp:918
virtual unsigned int AgreedValueLength() const =0
Provides the size of the agreed value.
AlgorithmParameters MakeParameters(const char *name, const T &value, bool throwIfNotUsed=true)
Create an object that implements NameValuePairs.
Definition: algparam.h:554
RSAES>::Decryptor typedef
Definition: rsa.h:206
Classes for Diffie-Hellman key exchange.
Classes for HexEncoder and HexDecoder.
virtual size_t MaxSignatureLength(size_t recoverablePartLength=0) const
Provides the maximum signature length produced given the length of the recoverable message part...
Definition: cryptlib.h:2487
virtual void GenerateStaticKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const
Generate a static private/public key pair.
Definition: cryptlib.cpp:924
virtual size_t MaxPlaintextLength(size_t ciphertextLength) const =0
Provides the maximum length of plaintext for a given ciphertext length.
RSAES>::Encryptor typedef
Definition: rsa.h:209
Multiple precision integer with arithmetic operations.
Definition: integer.h:45
Elliptic Curve over GF(2^n)
Definition: ec2n.h:44
virtual size_t CiphertextLength(size_t plaintextLength) const =0
Calculate the length of ciphertext given length of plaintext.
virtual DecodingResult RecoverMessage(byte *recoveredMessage, const byte *nonrecoverableMessage, size_t nonrecoverableMessageLength, const byte *signature, size_t signatureLength) const
Recover a message from its signature.
Definition: cryptlib.cpp:908
virtual const CryptoParameters & GetCryptoParameters() const
Retrieves a reference to Crypto Parameters.
Definition: cryptlib.h:2307
const CryptoMaterial & GetMaterial() const
Retrieves a reference to a Public Key.
Definition: cryptlib.h:2252
const NameValuePairs & g_nullNameValuePairs
An empty set of name-value pairs.
Definition: cryptlib.cpp:76
Implementation of schemes based on DL over GF(p)
Classes for the DSA signature algorithm.
Miscellaneous classes for RNGs.
virtual size_t SignMessage(RandomNumberGenerator &rng, const byte *message, size_t messageLen, byte *signature) const
Sign a message.
Definition: cryptlib.cpp:872
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
Definition: trap.h:62
Diffie-Hellman domain.
Definition: dh.h:23
Data structure used to store byte strings.
Definition: queue.h:20
virtual unsigned int PrivateKeyLength() const =0
Provides the size of the private key.
Classes and functions for working with ANS.1 objects.
virtual bool Agree(byte *agreedValue, const byte *privateKey, const byte *otherPublicKey, bool validateOtherPublicKey=true) const =0
Derive agreed value.
Elliptic Curve Parameters.
Definition: eccrypto.h:31
RSAES::Decryptor typedef
Definition: rsa.h:199
Implementation of BufferedTransformation's attachment interface.
"The XTR public key system" by Arjen K.
Classes for the RSA cryptosystem.
virtual bool Validate(RandomNumberGenerator &rng, unsigned int level) const =0
Check this object for errors.
Interface for public-key signature verifiers.
Definition: cryptlib.h:2615
BlumBlumShub with factorization of the modulus.
Definition: blumshub.h:42
Classes for Blum Blum Shub generator.
virtual unsigned int StaticPrivateKeyLength() const =0
Provides the size of the static private key.
void GenerateRandomWithKeySize(RandomNumberGenerator &rng, unsigned int keySize)
Generate a random key or crypto parameters.
Definition: cryptlib.cpp:768
std::string IntToString(T value, unsigned int base=10)
Converts a value to a string.
Definition: misc.h:530
RSA encryption algorithm.
Definition: rsa.h:165
virtual unsigned int PublicKeyLength() const =0
Provides the size of the public key.
Multiple precision integer with arithmetic operations.
virtual unsigned int EphemeralPrivateKeyLength() const =0
Provides the size of ephemeral private key.
bool isValidCoding
Flag to indicate the decoding is valid.
Definition: cryptlib.h:262
Classes and functions for Elliptic Curves over prime and binary fields.
virtual size_t Get(byte &outByte)
Retrieve a 8-bit byte.
Definition: cryptlib.cpp:515
Crypto++ library namespace.
Interface for domains of authenticated key agreement protocols.
Definition: cryptlib.h:2754
Elliptic Curve Point.
Definition: ec2n.h:22
virtual void Encrypt(RandomNumberGenerator &rng, const byte *plaintext, size_t plaintextLength, byte *ciphertext, const NameValuePairs &parameters=g_nullNameValuePairs) const =0
Encrypt a byte string.
Classes for Menezes–Qu–Vanstone (MQV) key agreement.
Object Identifier.
Definition: asn.h:158
Classes for access to the operating system's random number generators.
the value is positive or 0
Definition: integer.h:71
#define SIZE_MAX
The maximum value of a machine word.
Definition: misc.h:95
Template implementing constructors for public key algorithm classes.
Definition: pubkey.h:2038