void DigestFile(const char *filename)
{
MD5 md5;
SHA sha;
RIPEMD160 ripemd;
SHA256 sha256;
HashFilter md5Filter(md5), shaFilter(sha), ripemdFilter(ripemd), sha256Filter(sha256);
auto_ptr<ChannelSwitch> channelSwitch(new ChannelSwitch);
channelSwitch->AddDefaultRoute(md5Filter);
channelSwitch->AddDefaultRoute(shaFilter);
channelSwitch->AddDefaultRoute(ripemdFilter);
channelSwitch->AddDefaultRoute(sha256Filter);
FileSource(filename, true, channelSwitch.release());
HexEncoder encoder(new FileSink(cout), false);
cout << "\nMD5: ";
md5Filter.TransferTo(encoder);
cout << "\nSHA-1: ";
shaFilter.TransferTo(encoder);
cout << "\nRIPEMD-160: ";
ripemdFilter.TransferTo(encoder);
cout << "\nSHA-256: ";
sha256Filter.TransferTo(encoder);
}
void AES_CTR_Encrypt(const char *hexKey, const char *hexIV, const char *infile, const char *outfile)
{
SecByteBlock key = HexDecodeString(hexKey);
SecByteBlock iv = HexDecodeString(hexIV);
CTR_Mode<AES>::Encryption aes(key, key.size(), iv);
FileSource(infile, true, new StreamTransformationFilter(aes, new FileSink(outfile)));
}
void DigestFile(const char *filename)
{
SHA1 sha;
RIPEMD160 ripemd;
SHA256 sha256;
Tiger tiger;
SHA512 sha512;
Whirlpool whirlpool;
vector_member_ptrs<HashFilter> filters(6);
filters[0].reset(new HashFilter(sha));
filters[1].reset(new HashFilter(ripemd));
filters[2].reset(new HashFilter(tiger));
filters[3].reset(new HashFilter(sha256));
filters[4].reset(new HashFilter(sha512));
filters[5].reset(new HashFilter(whirlpool));
auto_ptr<ChannelSwitch> channelSwitch(new ChannelSwitch);
size_t i;
for (i=0; i<filters.size(); i++)
channelSwitch->AddDefaultRoute(*filters[i]);
FileSource(filename, true, channelSwitch.release());
HexEncoder encoder(new FileSink(cout), false);
for (i=0; i<filters.size(); i++)
{
cout << filters[i]->AlgorithmName() << ": ";
filters[i]->TransferTo(encoder);
cout << "\n";
}
}
/*
* Description: use the same key to decrypt the 'decFilename' and create recoverFile
* Input:
* decFilename: the encrypted file name
* recoverFilename: the decrypted file name
* OutPut:
* if decrypted the file successful, return true, else return false
* Others: we should also delete the file 'decFilename'
*/
bool MyAES::DecryptFile(const string & decFilename,
const string & recoverFilename)
{
// check if the file 'decFilename' exists!
if (access(decFilename.c_str(), 0) == -1)
{
cout << "The file " << decFilename << " is not exist! " << endl;
return false;
}
// exist , then decrypt the file
CBC_Mode<AES>::Decryption aesDecryptor(key, key_length, iv);
FileSource(decFilename.c_str(), true,
new StreamTransformationFilter(aesDecryptor,
new FileSink(recoverFilename.c_str())));
return true;
}
void HmacFile(const char *hexKey, const char *file)
{
member_ptr<MessageAuthenticationCode> mac;
if (strcmp(hexKey, "selftest") == 0)
{
cerr << "Computing HMAC/SHA1 value for self test.\n";
mac.reset(NewIntegrityCheckingMAC());
}
else
{
std::string decodedKey;
StringSource(hexKey, true, new HexDecoder(new StringSink(decodedKey)));
mac.reset(new HMAC<SHA1>((const byte *)decodedKey.data(), decodedKey.size()));
}
FileSource(file, true, new HashFilter(*mac, new HexEncoder(new FileSink(cout))));
}
/*
* Description: use the key to encrypt the 'inFilename' and store the cipher in 'outFilname'
* Input:
* inFilename: the file need to be encrypted!
* outFilename: the encrypted file
* OutPut:
* if encrypt success, return true, or return false
* Others: the function should delete the file : 'inFilename', however I note it
*/
bool MyAES::EncryptFile(const string & inFilename, const string & outFilename)
{
// check if the file 'inFilename' exists.
if (access(inFilename.c_str(), 0) == -1)
{
cout << "The file " << inFilename << " is not exist! " << endl;
return false;
}
// file exists, the encrypt the file
CBC_Mode<AES>::Encryption aesEncryptor(key, key_length, iv);
FileSource(inFilename.c_str(), true,
new StreamTransformationFilter(aesEncryptor,
new FileSink(outFilename.c_str())));
// remove the file 'inFilename'
// if(remove(inFilename) == 0) cout << "remove file succeed! " << endl;
// else cout << "fail to remove the file " << inFilname << endl;
// use function remove(), you have to add #include <cstdio> in the .h file
return true;
}
int main (int argc, const char* argv[]) {
string toSign;
FileSource(argv[1], true, new StringSink(toSign));
AutoSeededRandomPool rng;
//Read private key
CryptoPP::ByteQueue bytes;
FileSource file(argv[2], true, new Base64Decoder);
file.TransferTo(bytes);
bytes.MessageEnd();
RSA::PrivateKey privateKey;
privateKey.Load(bytes);
//Sign message
RSASSA_PKCS1v15_SHA_Signer signer(privateKey);
SecByteBlock signature(signer.SignatureLength());
signer.SignMessage(
rng,
(byte const*) toSign.data(),
toSign.size(),
signature);
//Print string of signature
HexEncoder encoder;
string signatureString;
encoder.Put(signature.data(), signature.size());
encoder.MessageEnd();
word64 signatureSize = encoder.MaxRetrievable();
if (signatureSize) {
signatureString.resize(signatureSize);
encoder.Get((byte*) signatureString.data(), signatureString.size());
}
cout << signatureString << endl;
}
void DoPowerUpSelfTest(const char *moduleFilename, const byte *expectedModuleSha1Digest)
{
g_powerUpSelfTestStatus = POWER_UP_SELF_TEST_NOT_DONE;
SetPowerUpSelfTestInProgressOnThisThread(true);
try
{
if (FIPS_140_2_ComplianceEnabled() || moduleFilename != NULL)
{
// integrity test
SHA1 sha;
HashVerifier verifier(sha);
verifier.Put(expectedModuleSha1Digest, sha.DigestSize());
FileStore(moduleFilename).TransferAllTo(verifier);
if (!verifier.GetLastResult())
{
#ifdef CRYPTOPP_WIN32_AVAILABLE
std::string actualDigest;
FileSource(moduleFilename, true, new HashFilter(sha, new HexEncoder(new StringSink(actualDigest))));
OutputDebugString(("Crypto++ EDC test failed. Actual digest is: " + actualDigest + "\n").c_str());
#endif
throw 0; // throw here so we break in the debugger, this will be caught right away
}
}
// algorithm tests
X917RNG_KnownAnswerTest<DES_EDE3>(
"48851090B4992453E83CDA86416534E53EA2FCE1A0B3A40C", // key
"7D00BD0A79F6B0F5", // seed
"22B590B08B53363AEB89AD65F81A5B6FB83F326CE06BF35751E6C41B43B729C4", // output
1489728269); // time vector
SymmetricEncryptionKnownAnswerTest<DES>(
"0123456789abcdef", // key
"1234567890abcdef", // IV
"4e6f77206973207468652074696d6520666f7220616c6c20", // plaintext
"3fa40e8a984d48156a271787ab8883f9893d51ec4b563b53", // ecb
"E5C7CDDE872BF27C43E934008C389C0F683788499A7C05F6", // cbc
"F3096249C7F46E51A69E839B1A92F78403467133898EA622", // cfb
"f3096249c7f46e5135f24a242eeb3d3f3d6d5be3255af8c3", // ofb
"F3096249C7F46E51163A8CA0FFC94C27FA2F80F480B86F75");// ctr
SymmetricEncryptionKnownAnswerTest<DES_EDE3>(
"385D7189A5C3D485E1370AA5D408082B5CCCCB5E19F2D90E",
"C141B5FCCD28DC8A",
"6E1BD7C6120947A464A6AAB293A0F89A563D8D40D3461B68",
"64EAAD4ACBB9CEAD6C7615E7C7E4792FE587D91F20C7D2F4",
"6235A461AFD312973E3B4F7AA7D23E34E03371F8E8C376C9",
"E26BA806A59B0330DE40CA38E77A3E494BE2B212F6DD624B",
"E26BA806A59B03307DE2BCC25A08BA40A8BA335F5D604C62",
"E26BA806A59B03303C62C2EFF32D3ACDD5D5F35EBCC53371");
SymmetricEncryptionKnownAnswerTest<SKIPJACK>(
"1555E5531C3A169B2D65",
"6EC9795701F49864",
"00AFA48E9621E52E8CBDA312660184EDDB1F33D9DACDA8DA",
"DBEC73562EFCAEB56204EB8AE9557EBF77473FBB52D17CD1",
"0C7B0B74E21F99B8F2C8DF37879F6C044967F42A796DCA8B",
"79FDDA9724E36CC2E023E9A5C717A8A8A7FDA465CADCBF63",
"79FDDA9724E36CC26CACBD83C1ABC06EAF5B249BE5B1E040",
"79FDDA9724E36CC211B0AEC607B95A96BCDA318440B82F49");
SymmetricEncryptionKnownAnswerTest<AES>(
"2b7e151628aed2a6abf7158809cf4f3c",
"000102030405060708090a0b0c0d0e0f",
"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710", // plaintext
"3ad77bb40d7a3660a89ecaf32466ef97f5d3d58503b9699de785895a96fdbaaf43b1cd7f598ece23881b00e3ed0306887b0c785e27e8ad3f8223207104725dd4", // ecb
"7649abac8119b246cee98e9b12e9197d5086cb9b507219ee95db113a917678b273bed6b8e3c1743b7116e69e222295163ff1caa1681fac09120eca307586e1a7", // cbc
"3b3fd92eb72dad20333449f8e83cfb4ac8a64537a0b3a93fcde3cdad9f1ce58b26751f67a3cbb140b1808cf187a4f4dfc04b05357c5d1c0eeac4c66f9ff7f2e6", // cfb
"3b3fd92eb72dad20333449f8e83cfb4a7789508d16918f03f53c52dac54ed8259740051e9c5fecf64344f7a82260edcc304c6528f659c77866a510d9c1d6ae5e", // ofb
NULL);
SymmetricEncryptionKnownAnswerTest<AES>(
"2b7e151628aed2a6abf7158809cf4f3c",
"f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
NULL,
NULL,
NULL,
NULL,
"874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff5ae4df3edbd5d35e5b4f09020db03eab1e031dda2fbe03d1792170a0f3009cee"); // ctr
SecureHashKnownAnswerTest<SHA>(
"abc",
"A9993E364706816ABA3E25717850C26C9CD0D89D");
MAC_KnownAnswerTest<HMAC<SHA> >(
"303132333435363738393a3b3c3d3e3f40414243",
"Sample #2",
"0922d3405faa3d194f82a45830737d5cc6c75d24");
SignatureKnownAnswerTest<RSASS<PKCS1v15, SHA> >(
"30820150020100300d06092a864886f70d01010105000482013a3082013602010002400a66791dc6988168de7ab77419bb7fb0"
"c001c62710270075142942e19a8d8c51d053b3e3782a1de5dc5af4ebe99468170114a1dfe67cdc9a9af55d655620bbab0203010001"
"02400123c5b61ba36edb1d3679904199a89ea80c09b9122e1400c09adcf7784676d01d23356a7d44d6bd8bd50e94bfc723fa"
"87d8862b75177691c11d757692df8881022033d48445c859e52340de704bcdda065fbb4058d740bd1d67d29e9c146c11cf61"
"0220335e8408866b0fd38dc7002d3f972c67389a65d5d8306566d5c4f2a5aa52628b0220045ec90071525325d3d46db79695e9af"
"acc4523964360e02b119baa366316241022015eb327360c7b60d12e5e2d16bdcd97981d17fba6b70db13b20b436e24eada590220"
"2ca6366d72781dfa24d34a9a24cbc2ae927a9958af426563ff63fb11658a461d",
"Everyone gets Friday off.",
"0610761F95FFD1B8F29DA34212947EC2AA0E358866A722F03CC3C41487ADC604A48FF54F5C6BEDB9FB7BD59F82D6E55D8F3174BA361B2214B2D74E8825E04E81");
SignaturePairwiseConsistencyTest<DSA>(
"3082014A0201003082012B06072A8648CE3804013082011E02818100F468699A6F6EBCC0120D3B34C8E007F125EC7D81F763B8D0F33869AE3BD6B9F2ECCC7DF34DF84C0307449E9B85D30D57194BCCEB310F48141914DD13A077AAF9B624A6CBE666BBA1D7EBEA95B5BA6F54417FD5D4E4220C601E071D316A24EA814E8B0122DBF47EE8AEEFD319EBB01DD95683F10DBB4FEB023F8262A07EAEB7FD02150082AD4E034DA6EEACDFDAE68C36F2BAD614F9E53B02818071AAF73361A26081529F7D84078ADAFCA48E031DB54AD57FB1A833ADBD8672328AABAA0C756247998D7A5B10DACA359D231332CE8120B483A784FE07D46EEBFF0D7D374A10691F78653E6DC29E27CCB1B174923960DFE5B959B919B2C3816C19251832AFD8E35D810E598F82877ABF7D40A041565168BD7F0E21E3FE2A8D8C1C0416021426EBA66E846E755169F84A1DA981D86502405DDF");
SignaturePairwiseConsistencyTest<ECDSA<EC2N, SHA> >(
"302D020100301006072A8648CE3D020106052B8104000404163014020101040F0070337065E1E196980A9D00E37211");
SignaturePairwiseConsistencyTest<ECDSA<ECP, SHA> >(
"3039020100301306072A8648CE3D020106082A8648CE3D030101041F301D02010104182BB8A13C8B867010BD9471D9E81FDB01ABD0538C64D6249A");
}
catch (...)
{
g_powerUpSelfTestStatus = POWER_UP_SELF_TEST_FAILED;
goto done;
}
g_powerUpSelfTestStatus = POWER_UP_SELF_TEST_PASSED;
done:
SetPowerUpSelfTestInProgressOnThisThread(false);
return;
}
int main(int argc, char *argv[])
#endif
{
#ifdef _CRTDBG_LEAK_CHECK_DF
// Turn on leak-checking
int tempflag = _CrtSetDbgFlag( _CRTDBG_REPORT_FLAG );
tempflag |= _CRTDBG_LEAK_CHECK_DF;
_CrtSetDbgFlag( tempflag );
#endif
#if defined(__MWERKS__) && defined(macintosh)
argc = ccommand(&argv);
#endif
try
{
std::string command, executableName, edcFilename;
if (argc < 2)
command = 'h';
else
command = argv[1];
if (FIPS_140_2_ComplianceEnabled())
{
edcFilename = "edc.dat";
#ifdef CRYPTOPP_WIN32_AVAILABLE
TCHAR filename[MAX_PATH];
GetModuleFileName(GetModuleHandle(NULL), filename, sizeof(filename));
executableName = filename;
std::string::size_type pos = executableName.rfind('\\');
if (pos != std::string::npos)
edcFilename = executableName.substr(0, pos+1) + edcFilename;
#else
executableName = argv[0];
#endif
if (command.substr(0, 4) != "fips")
{
byte expectedModuleDigest[SHA1::DIGESTSIZE];
FileSource(edcFilename.c_str(), true, new HexDecoder(new ArraySink(expectedModuleDigest, sizeof(expectedModuleDigest))));
DoPowerUpSelfTest(executableName.c_str(), expectedModuleDigest);
}
}
switch (command[0])
{
case 'g':
{
char seed[1024], privFilename[128], pubFilename[128];
unsigned int keyLength;
cout << "Key length in bits: ";
cin >> keyLength;
cout << "\nSave private key to file: ";
cin >> privFilename;
cout << "\nSave public key to file: ";
cin >> pubFilename;
cout << "\nRandom Seed: ";
ws(cin);
cin.getline(seed, 1024);
GenerateRSAKey(keyLength, privFilename, pubFilename, seed);
return 0;
}
case 'r':
{
switch (argv[1][1])
{
case 's':
RSASignFile(argv[2], argv[3], argv[4]);
return 0;
case 'v':
{
bool verified = RSAVerifyFile(argv[2], argv[3], argv[4]);
cout << (verified ? "valid signature" : "invalid signature") << endl;
return 0;
}
default:
{
char privFilename[128], pubFilename[128];
char seed[1024], message[1024];
cout << "Private key file: ";
cin >> privFilename;
cout << "\nPublic key file: ";
cin >> pubFilename;
cout << "\nRandom Seed: ";
ws(cin);
cin.getline(seed, 1024);
cout << "\nMessage: ";
cin.getline(message, 1024);
string ciphertext = RSAEncryptString(pubFilename, seed, message);
cout << "\nCiphertext: " << ciphertext << endl;
string decrypted = RSADecryptString(privFilename, ciphertext.c_str());
cout << "\nDecrypted: " << decrypted << endl;
return 0;
}
}
}
case 'm':
DigestFile(argv[2]);
return 0;
case 't':
{
if (command == "tv")
{
return !RunTestDataFile(argv[2]);
}
// VC60 workaround: use char array instead of std::string to workaround MSVC's getline bug
char passPhrase[MAX_PHRASE_LENGTH], plaintext[1024];
cout << "Passphrase: ";
cin.getline(passPhrase, MAX_PHRASE_LENGTH);
cout << "\nPlaintext: ";
cin.getline(plaintext, 1024);
string ciphertext = EncryptString(plaintext, passPhrase);
cout << "\nCiphertext: " << ciphertext << endl;
string decrypted = DecryptString(ciphertext.c_str(), passPhrase);
cout << "\nDecrypted: " << decrypted << endl;
return 0;
}
case 'e':
case 'd':
if (command == "e64")
Base64Encode(argv[2], argv[3]);
else if (command == "d64")
Base64Decode(argv[2], argv[3]);
else if (command == "e16")
HexEncode(argv[2], argv[3]);
else if (command == "d16")
HexDecode(argv[2], argv[3]);
else
{
char passPhrase[MAX_PHRASE_LENGTH];
cout << "Passphrase: ";
cin.getline(passPhrase, MAX_PHRASE_LENGTH);
if (command == "e")
EncryptFile(argv[2], argv[3], passPhrase);
else
DecryptFile(argv[2], argv[3], passPhrase);
}
return 0;
case 's':
if (argv[1][1] == 's')
{
char seed[1024];
cout << "\nRandom Seed: ";
ws(cin);
cin.getline(seed, 1024);
SecretShareFile(atoi(argv[2]), atoi(argv[3]), argv[4], seed);
}
else
SecretRecoverFile(argc-3, argv[2], argv+3);
return 0;
case 'i':
if (argv[1][1] == 'd')
InformationDisperseFile(atoi(argv[2]), atoi(argv[3]), argv[4]);
else
InformationRecoverFile(argc-3, argv[2], argv+3);
return 0;
case 'v':
return !Validate(argc>2 ? atoi(argv[2]) : 0, argv[1][1] == 'v', argc>3 ? argv[3] : NULL);
case 'b':
if (argc<3)
BenchMarkAll();
else
BenchMarkAll((float)atof(argv[2]));
return 0;
case 'z':
GzipFile(argv[3], argv[4], argv[2][0]-'0');
return 0;
case 'u':
GunzipFile(argv[2], argv[3]);
return 0;
case 'f':
if (command == "fips")
FIPS140_SampleApplication(executableName.c_str(), edcFilename.c_str());
else if (command == "fips-rand")
FIPS140_GenerateRandomFiles();
else if (command == "ft")
ForwardTcpPort(argv[2], argv[3], argv[4]);
return 0;
case 'a':
if (AdhocTest)
return (*AdhocTest)(argc, argv);
else
return 0;
default:
FileSource usage("usage.dat", true, new FileSink(cout));
return 1;
}
}
catch(CryptoPP::Exception &e)
{
cout << "\nCryptoPP::Exception caught: " << e.what() << endl;
return -1;
}
catch(std::exception &e)
{
cout << "\nstd::exception caught: " << e.what() << endl;
return -2;
}
}
void HexDecode(const char *in, const char *out)
{
FileSource(in, true, new HexDecoder(new FileSink(out)));
}
void Base64Decode(const char *in, const char *out)
{
FileSource(in, true, new Base64Decoder(new FileSink(out)));
}
void GunzipFile(const char *in, const char *out)
{
FileSource(in, true, new Gunzip(new FileSink(out)));
}
void FIPS140_SampleApplication(const char *moduleFilename, const char *edcFilename)
{
if (!FIPS_140_2_ComplianceEnabled())
{
cerr << "FIPS-140-2 compliance was turned off at compile time.\n";
abort();
}
// try to use a crypto algorithm before doing a self test
try
{
// trying to use a crypto algorithm before power-up self test will result in an exception
DES::Encryption des;
// should not be here
cerr << "Use of DES before power-up test failed to cause an exception.\n";
abort();
}
catch (SelfTestFailure &e)
{
cout << "0. Caught expected exception. Exception message follows: ";
cout << e.what() << endl;
}
// simulate a power-up self test error
SimulatePowerUpSelfTestFailure();
try
{
// trying to use a crypto algorithm after power-up self test error will result in an exception
DES::Encryption des;
// should not be here
cerr << "Use of DES failed to cause an exception after power-up self test error.\n";
abort();
}
catch (SelfTestFailure &e)
{
cout << "1. Caught expected exception when simulating self test failure. Exception message follows: ";
cout << e.what() << endl;
}
// clear the self test error state and do power-up self test
byte expectedModuleDigest[SHA1::DIGESTSIZE];
FileSource(edcFilename, true, new HexDecoder(new ArraySink(expectedModuleDigest, sizeof(expectedModuleDigest))));
DoPowerUpSelfTest(moduleFilename, expectedModuleDigest);
if (GetPowerUpSelfTestStatus() != POWER_UP_SELF_TEST_PASSED)
{
cerr << "Power-up self test failed.\n";
abort();
}
cout << "2. Power-up self test passed.\n";
// encrypt and decrypt
const byte key[] = {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
const byte iv[] = {0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};
const byte plaintext[] = { // "Now is the time for all " without tailing 0
0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20};
byte ciphertext[24];
byte decrypted[24];
CBC_Mode<DES>::Encryption encryption_DES_CBC;
encryption_DES_CBC.SetKeyWithIV(key, 8, iv);
encryption_DES_CBC.ProcessString(ciphertext, plaintext, 24);
CBC_Mode<DES>::Decryption decryption_DES_CBC;
decryption_DES_CBC.SetKeyWithIV(key, 8, iv);
decryption_DES_CBC.ProcessString(decrypted, ciphertext, 24);
if (memcmp(plaintext, decrypted, 24) != 0)
{
cerr << "DES-CBC Encryption/decryption failed.\n";
abort();
}
cout << "3. DES-CBC Encryption/decryption succeeded.\n";
// hash
const byte message[] = {'a', 'b', 'c'};
const byte expectedDigest[] = {0xA9,0x99,0x3E,0x36,0x47,0x06,0x81,0x6A,0xBA,0x3E,0x25,0x71,0x78,0x50,0xC2,0x6C,0x9C,0xD0,0xD8,0x9D};
byte digest[20];
SHA1 sha;
sha.Update(message, 3);
sha.Final(digest);
if (memcmp(digest, expectedDigest, 20) != 0)
{
cerr << "SHA-1 hash failed.\n";
abort();
}
cout << "4. SHA-1 hash succeeded.\n";
// create auto-seeded X9.17 RNG object, if available
#ifdef OS_RNG_AVAILABLE
AutoSeededX917RNG<DES_EDE3> rng;
#else
// this is used to allow this function to compile on platforms that don't have auto-seeded RNGs
RandomNumberGenerator &rng(NullRNG());
#endif
// generate DSA key
DSA::PrivateKey dsaPrivateKey;
dsaPrivateKey.GenerateRandomWithKeySize(rng, 1024);
DSA::PublicKey dsaPublicKey;
dsaPublicKey.AssignFrom(dsaPrivateKey);
if (!dsaPrivateKey.Validate(rng, 3) || !dsaPublicKey.Validate(rng, 3))
{
cerr << "DSA key generation failed.\n";
abort();
}
cout << "5. DSA key generation succeeded.\n";
// encode DSA key
std::string encodedDsaPublicKey, encodedDsaPrivateKey;
dsaPublicKey.DEREncode(StringSink(encodedDsaPublicKey).Ref());
dsaPrivateKey.DEREncode(StringSink(encodedDsaPrivateKey).Ref());
// decode DSA key
DSA::PrivateKey decodedDsaPrivateKey;
decodedDsaPrivateKey.BERDecode(StringStore(encodedDsaPrivateKey).Ref());
DSA::PublicKey decodedDsaPublicKey;
decodedDsaPublicKey.BERDecode(StringStore(encodedDsaPublicKey).Ref());
if (!decodedDsaPrivateKey.Validate(rng, 3) || !decodedDsaPublicKey.Validate(rng, 3))
{
cerr << "DSA key encode/decode failed.\n";
abort();
}
cout << "6. DSA key encode/decode succeeded.\n";
// sign and verify
byte signature[40];
DSA::Signer signer(dsaPrivateKey);
assert(signer.SignatureLength() == 40);
signer.SignMessage(rng, message, 3, signature);
DSA::Verifier verifier(dsaPublicKey);
if (!verifier.VerifyMessage(message, 3, signature, 40))
{
cerr << "DSA signature and verification failed.\n";
abort();
}
cout << "7. DSA signature and verification succeeded.\n";
// try to verify an invalid signature
signature[0] ^= 1;
if (verifier.VerifyMessage(message, 3, signature, 40))
{
cerr << "DSA signature verification failed to detect bad signature.\n";
abort();
}
cout << "8. DSA signature verification successfully detected bad signature.\n";
// try to use an invalid key length
try
{
encryption_DES_CBC.SetKey(key, 5);
// should not be here
cerr << "DES implementation did not detect use of invalid key length.\n";
abort();
}
catch (InvalidArgument &e)
{
cout << "9. Caught expected exception when using invalid key length. Exception message follows: ";
cout << e.what() << endl;
}
cout << "\nFIPS 140-2 Sample Application completed normally.\n";
}
