void EncryptionPairwiseConsistencyTest(const PK_Encryptor &encryptor, const PK_Decryptor &decryptor)
{
try
{
#ifdef OS_RNG_AVAILABLE
AutoSeededX917RNG<DES_EDE3> rng;
#else
RandomNumberGenerator &rng = NullRNG();
#endif
const char *testMessage ="test message";
EqualityComparisonFilter comparison;
comparison.ChannelPutMessageEnd("0", (const byte *)testMessage, strlen(testMessage));
StringSource(
testMessage,
true,
new PK_EncryptorFilter(
rng,
encryptor,
new PK_DecryptorFilter(rng, decryptor, new ChannelSwitch(comparison, "1"))));
comparison.ChannelMessageSeriesEnd("0");
comparison.ChannelMessageSeriesEnd("1");
}
catch (...)
{
throw SelfTestFailure(encryptor.AlgorithmName() + ": pairwise consistency test failed");
}
}
void RSASignFile(const char *privFilename, const char *messageFilename, const char *signatureFilename)
{
FileSource privFile(privFilename, true, new HexDecoder);
RSASSA_PKCS1v15_SHA_Signer priv(privFile);
// RSASSA_PKCS1v15_SHA_Signer ignores the rng. Use a real RNG for other signature schemes!
FileSource f(messageFilename, true, new SignerFilter(NullRNG(), priv, new HexEncoder(new FileSink(signatureFilename))));
}
bool PK_DeterministicSignatureMessageEncodingMethod::VerifyMessageRepresentative(
HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
byte *representative, size_t representativeBitLength) const
{
SecByteBlock computedRepresentative(BitsToBytes(representativeBitLength));
ComputeMessageRepresentative(NullRNG(), NULL, 0, hash, hashIdentifier, messageEmpty, computedRepresentative, representativeBitLength);
return VerifyBufsEqual(representative, computedRepresentative, computedRepresentative.size());
}
void TestInstantiations_gfpcrypt()
{
GDSA<SHA>::Signer test;
GDSA<SHA>::Verifier test1;
DSA::Signer test5(NullRNG(), 100);
DSA::Signer test2(test5);
NR<SHA>::Signer test3;
NR<SHA>::Verifier test4;
DLIES<>::Encryptor test6;
DLIES<>::Decryptor test7;
}
void RSA_TestInstantiations()
{
RSASS<PKCS1v15, SHA1>::Verifier x1(1, 1);
RSASS<PKCS1v15, SHA1>::Signer x2(NullRNG(), 1);
RSASS<PKCS1v15, SHA1>::Verifier x3(x2);
RSASS<PKCS1v15, SHA1>::Verifier x4(x2.GetKey());
RSASS<PSS, SHA1>::Verifier x5(x3);
#ifndef __MWERKS__
RSASS<PSSR, SHA1>::Signer x6 = x2;
x3 = x2;
x6 = x2;
#endif
RSAES<PKCS1v15>::Encryptor x7(x2);
#ifndef __GNUC__
RSAES<PKCS1v15>::Encryptor x8(x3);
#endif
RSAES<OAEP<SHA1> >::Encryptor x9(x2);
x4 = x2.GetKey();
RSASS<PKCS1v15, SHA3_256>::Verifier x10(1, 1);
RSASS<PKCS1v15, SHA3_256>::Signer x11(NullRNG(), 1);
RSASS<PKCS1v15, SHA3_256>::Verifier x12(x11);
RSASS<PKCS1v15, SHA3_256>::Verifier x13(x11.GetKey());
}
void SignatureKnownAnswerTest(const char *key, const char *message, const char *signature, SCHEME *dummy = NULL)
{
typename SCHEME::Signer signer(StringSource(key, true, new HexDecoder).Ref());
typename SCHEME::Verifier verifier(signer);
EqualityComparisonFilter comparison;
StringSource(message, true, new SignerFilter(NullRNG(), signer, new ChannelSwitch(comparison, "0")));
StringSource(signature, true, new HexDecoder(new ChannelSwitch(comparison, "1")));
comparison.ChannelMessageSeriesEnd("0");
comparison.ChannelMessageSeriesEnd("1");
VerifierFilter verifierFilter(verifier, NULL, VerifierFilter::SIGNATURE_AT_BEGIN | VerifierFilter::THROW_EXCEPTION);
StringSource(signature, true, new HexDecoder(new Redirector(verifierFilter, false)));
StringSource(message, true, new Redirector(verifierFilter));
}
void EncryptionPairwiseConsistencyTest(const PK_Encryptor &encryptor, const PK_Decryptor &decryptor)
{
try
{
#ifdef OS_RNG_AVAILABLE
DefaultAutoSeededRNG rng;
#else
RandomNumberGenerator &rng = NullRNG();
#endif
const char *testMessage ="test message";
std::string ciphertext, decrypted;
StringSource(
testMessage,
true,
new PK_EncryptorFilter(
rng,
encryptor,
new StringSink(ciphertext)));
if (ciphertext == testMessage)
throw 0;
StringSource(
ciphertext,
true,
new PK_DecryptorFilter(
rng,
decryptor,
new StringSink(decrypted)));
if (decrypted != testMessage)
throw 0;
}
catch (...)
{
throw SelfTestFailure(encryptor.AlgorithmName() + ": pairwise consistency test failed");
}
}
void SignatureKnownAnswerTest(const char *key, const char *message, const char *signature, SCHEME *dummy = NULL)
{
#ifdef OS_RNG_AVAILABLE
DefaultAutoSeededRNG rng;
#else
RandomNumberGenerator &rng = NullRNG();
#endif
typename SCHEME::Signer signer(StringSource(key, true, new HexDecoder).Ref());
typename SCHEME::Verifier verifier(signer);
EqualityComparisonFilter comparison;
StringSource(message, true, new SignerFilter(rng, signer, new ChannelSwitch(comparison, "0")));
StringSource(signature, true, new HexDecoder(new ChannelSwitch(comparison, "1")));
comparison.ChannelMessageSeriesEnd("0");
comparison.ChannelMessageSeriesEnd("1");
VerifierFilter verifierFilter(verifier, NULL, VerifierFilter::SIGNATURE_AT_BEGIN | VerifierFilter::THROW_EXCEPTION);
StringSource(signature, true, new HexDecoder(new Redirector(verifierFilter, Redirector::DATA_ONLY)));
StringSource(message, true, new Redirector(verifierFilter));
}
void SignaturePairwiseConsistencyTest(const PK_Signer &signer, const PK_Verifier &verifier)
{
try
{
#ifdef OS_RNG_AVAILABLE
DefaultAutoSeededRNG rng;
#else
RandomNumberGenerator &rng = NullRNG();
#endif
StringSource(
"test message",
true,
new SignerFilter(
rng,
signer,
new VerifierFilter(verifier, NULL, VerifierFilter::THROW_EXCEPTION),
true));
}
catch (...)
{
throw SelfTestFailure(signer.AlgorithmName() + ": pairwise consistency test failed");
}
}
void FIPS140_SampleApplication()
{
if (!FIPS_140_2_ComplianceEnabled())
{
cerr << "FIPS 140-2 compliance was turned off at compile time.\n";
abort();
}
// check self test status
if (GetPowerUpSelfTestStatus() != POWER_UP_SELF_TEST_PASSED)
{
cerr << "Automatic power-up self test failed.\n";
abort();
}
cout << "0. Automatic power-up self test passed.\n";
// simulate a power-up self test error
SimulatePowerUpSelfTestFailure();
try
{
// trying to use a crypto algorithm after power-up self test error will result in an exception
AES::Encryption aes;
// should not be here
cerr << "Use of AES failed to cause an exception after power-up self test error.\n";
abort();
}
catch (SelfTestFailure &e)
{
cout << "1. Caught expected exception when simulating self test failure. Exception message follows: ";
cout << e.what() << endl;
}
// clear the self test error state and redo power-up self test
DoDllPowerUpSelfTest();
if (GetPowerUpSelfTestStatus() != POWER_UP_SELF_TEST_PASSED)
{
cerr << "Re-do power-up self test failed.\n";
abort();
}
cout << "2. Re-do power-up self test passed.\n";
// encrypt and decrypt
const byte key[] = {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
const byte iv[] = {0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};
const byte plaintext[] = { // "Now is the time for all " without tailing 0
0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20};
byte ciphertext[24];
byte decrypted[24];
CFB_FIPS_Mode<DES_EDE3>::Encryption encryption_DES_EDE3_CFB;
encryption_DES_EDE3_CFB.SetKeyWithIV(key, sizeof(key), iv);
encryption_DES_EDE3_CFB.ProcessString(ciphertext, plaintext, 23);
CFB_FIPS_Mode<DES_EDE3>::Decryption decryption_DES_EDE3_CFB;
decryption_DES_EDE3_CFB.SetKeyWithIV(key, sizeof(key), iv);
decryption_DES_EDE3_CFB.ProcessString(decrypted, ciphertext, 24);
if (memcmp(plaintext, decrypted, 24) != 0)
{
cerr << "DES-EDE3-CFB Encryption/decryption failed.\n";
abort();
}
cout << "3. DES-EDE3-CFB Encryption/decryption succeeded.\n";
// hash
const byte message[] = {'a', 'b', 'c'};
const byte expectedDigest[] = {0xA9,0x99,0x3E,0x36,0x47,0x06,0x81,0x6A,0xBA,0x3E,0x25,0x71,0x78,0x50,0xC2,0x6C,0x9C,0xD0,0xD8,0x9D};
byte digest[20];
SHA1 sha;
sha.Update(message, 3);
sha.Final(digest);
if (memcmp(digest, expectedDigest, 20) != 0)
{
cerr << "SHA-1 hash failed.\n";
abort();
}
cout << "4. SHA-1 hash succeeded.\n";
// create auto-seeded X9.17 RNG object, if available
#ifdef OS_RNG_AVAILABLE
AutoSeededX917RNG<DES_EDE3> rng;
#else
// this is used to allow this function to compile on platforms that don't have auto-seeded RNGs
RandomNumberGenerator &rng(NullRNG());
#endif
// generate DSA key
DSA::PrivateKey dsaPrivateKey;
dsaPrivateKey.GenerateRandomWithKeySize(rng, 1024);
DSA::PublicKey dsaPublicKey;
dsaPublicKey.AssignFrom(dsaPrivateKey);
if (!dsaPrivateKey.Validate(rng, 3) || !dsaPublicKey.Validate(rng, 3))
{
cerr << "DSA key generation failed.\n";
abort();
}
cout << "5. DSA key generation succeeded.\n";
// encode DSA key
std::string encodedDsaPublicKey, encodedDsaPrivateKey;
dsaPublicKey.DEREncode(StringSink(encodedDsaPublicKey).Ref());
dsaPrivateKey.DEREncode(StringSink(encodedDsaPrivateKey).Ref());
// decode DSA key
DSA::PrivateKey decodedDsaPrivateKey;
decodedDsaPrivateKey.BERDecode(StringStore(encodedDsaPrivateKey).Ref());
DSA::PublicKey decodedDsaPublicKey;
decodedDsaPublicKey.BERDecode(StringStore(encodedDsaPublicKey).Ref());
if (!decodedDsaPrivateKey.Validate(rng, 3) || !decodedDsaPublicKey.Validate(rng, 3))
{
cerr << "DSA key encode/decode failed.\n";
abort();
}
cout << "6. DSA key encode/decode succeeded.\n";
// sign and verify
byte signature[40];
DSA::Signer signer(dsaPrivateKey);
assert(signer.SignatureLength() == 40);
signer.SignMessage(rng, message, 3, signature);
DSA::Verifier verifier(dsaPublicKey);
if (!verifier.VerifyMessage(message, 3, signature, sizeof(signature)))
{
cerr << "DSA signature and verification failed.\n";
abort();
}
cout << "7. DSA signature and verification succeeded.\n";
// try to verify an invalid signature
signature[0] ^= 1;
if (verifier.VerifyMessage(message, 3, signature, sizeof(signature)))
{
cerr << "DSA signature verification failed to detect bad signature.\n";
abort();
}
cout << "8. DSA signature verification successfully detected bad signature.\n";
// try to use an invalid key length
try
{
ECB_Mode<DES_EDE3>::Encryption encryption_DES_EDE3_ECB;
encryption_DES_EDE3_ECB.SetKey(key, 5);
// should not be here
cerr << "DES-EDE3 implementation did not detect use of invalid key length.\n";
abort();
}
catch (InvalidArgument &e)
{
cout << "9. Caught expected exception when using invalid key length. Exception message follows: ";
cout << e.what() << endl;
}
cout << "\nFIPS 140-2 Sample Application completed normally.\n";
}
void ElGamal_TestInstantiations()
{
ElGamalEncryptor test1(1, 1, 1);
ElGamalDecryptor test2(NullRNG(), 123);
ElGamalEncryptor test3(test2);
}
void DH_TestInstantiations()
{
DH dh1;
DH dh2(NullRNG(), 10);
}
