void EncryptionPairwiseConsistencyTest(const PK_Encryptor &encryptor, const PK_Decryptor &decryptor) { try { #ifdef OS_RNG_AVAILABLE AutoSeededX917RNG<DES_EDE3> rng; #else RandomNumberGenerator &rng = NullRNG(); #endif const char *testMessage ="test message"; EqualityComparisonFilter comparison; comparison.ChannelPutMessageEnd("0", (const byte *)testMessage, strlen(testMessage)); StringSource( testMessage, true, new PK_EncryptorFilter( rng, encryptor, new PK_DecryptorFilter(rng, decryptor, new ChannelSwitch(comparison, "1")))); comparison.ChannelMessageSeriesEnd("0"); comparison.ChannelMessageSeriesEnd("1"); } catch (...) { throw SelfTestFailure(encryptor.AlgorithmName() + ": pairwise consistency test failed"); } }
void RSASignFile(const char *privFilename, const char *messageFilename, const char *signatureFilename) { FileSource privFile(privFilename, true, new HexDecoder); RSASSA_PKCS1v15_SHA_Signer priv(privFile); // RSASSA_PKCS1v15_SHA_Signer ignores the rng. Use a real RNG for other signature schemes! FileSource f(messageFilename, true, new SignerFilter(NullRNG(), priv, new HexEncoder(new FileSink(signatureFilename)))); }
bool PK_DeterministicSignatureMessageEncodingMethod::VerifyMessageRepresentative( HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, byte *representative, size_t representativeBitLength) const { SecByteBlock computedRepresentative(BitsToBytes(representativeBitLength)); ComputeMessageRepresentative(NullRNG(), NULL, 0, hash, hashIdentifier, messageEmpty, computedRepresentative, representativeBitLength); return VerifyBufsEqual(representative, computedRepresentative, computedRepresentative.size()); }
void TestInstantiations_gfpcrypt() { GDSA<SHA>::Signer test; GDSA<SHA>::Verifier test1; DSA::Signer test5(NullRNG(), 100); DSA::Signer test2(test5); NR<SHA>::Signer test3; NR<SHA>::Verifier test4; DLIES<>::Encryptor test6; DLIES<>::Decryptor test7; }
void RSA_TestInstantiations() { RSASS<PKCS1v15, SHA1>::Verifier x1(1, 1); RSASS<PKCS1v15, SHA1>::Signer x2(NullRNG(), 1); RSASS<PKCS1v15, SHA1>::Verifier x3(x2); RSASS<PKCS1v15, SHA1>::Verifier x4(x2.GetKey()); RSASS<PSS, SHA1>::Verifier x5(x3); #ifndef __MWERKS__ RSASS<PSSR, SHA1>::Signer x6 = x2; x3 = x2; x6 = x2; #endif RSAES<PKCS1v15>::Encryptor x7(x2); #ifndef __GNUC__ RSAES<PKCS1v15>::Encryptor x8(x3); #endif RSAES<OAEP<SHA1> >::Encryptor x9(x2); x4 = x2.GetKey(); RSASS<PKCS1v15, SHA3_256>::Verifier x10(1, 1); RSASS<PKCS1v15, SHA3_256>::Signer x11(NullRNG(), 1); RSASS<PKCS1v15, SHA3_256>::Verifier x12(x11); RSASS<PKCS1v15, SHA3_256>::Verifier x13(x11.GetKey()); }
void SignatureKnownAnswerTest(const char *key, const char *message, const char *signature, SCHEME *dummy = NULL) { typename SCHEME::Signer signer(StringSource(key, true, new HexDecoder).Ref()); typename SCHEME::Verifier verifier(signer); EqualityComparisonFilter comparison; StringSource(message, true, new SignerFilter(NullRNG(), signer, new ChannelSwitch(comparison, "0"))); StringSource(signature, true, new HexDecoder(new ChannelSwitch(comparison, "1"))); comparison.ChannelMessageSeriesEnd("0"); comparison.ChannelMessageSeriesEnd("1"); VerifierFilter verifierFilter(verifier, NULL, VerifierFilter::SIGNATURE_AT_BEGIN | VerifierFilter::THROW_EXCEPTION); StringSource(signature, true, new HexDecoder(new Redirector(verifierFilter, false))); StringSource(message, true, new Redirector(verifierFilter)); }
void EncryptionPairwiseConsistencyTest(const PK_Encryptor &encryptor, const PK_Decryptor &decryptor) { try { #ifdef OS_RNG_AVAILABLE DefaultAutoSeededRNG rng; #else RandomNumberGenerator &rng = NullRNG(); #endif const char *testMessage ="test message"; std::string ciphertext, decrypted; StringSource( testMessage, true, new PK_EncryptorFilter( rng, encryptor, new StringSink(ciphertext))); if (ciphertext == testMessage) throw 0; StringSource( ciphertext, true, new PK_DecryptorFilter( rng, decryptor, new StringSink(decrypted))); if (decrypted != testMessage) throw 0; } catch (...) { throw SelfTestFailure(encryptor.AlgorithmName() + ": pairwise consistency test failed"); } }
void SignatureKnownAnswerTest(const char *key, const char *message, const char *signature, SCHEME *dummy = NULL) { #ifdef OS_RNG_AVAILABLE DefaultAutoSeededRNG rng; #else RandomNumberGenerator &rng = NullRNG(); #endif typename SCHEME::Signer signer(StringSource(key, true, new HexDecoder).Ref()); typename SCHEME::Verifier verifier(signer); EqualityComparisonFilter comparison; StringSource(message, true, new SignerFilter(rng, signer, new ChannelSwitch(comparison, "0"))); StringSource(signature, true, new HexDecoder(new ChannelSwitch(comparison, "1"))); comparison.ChannelMessageSeriesEnd("0"); comparison.ChannelMessageSeriesEnd("1"); VerifierFilter verifierFilter(verifier, NULL, VerifierFilter::SIGNATURE_AT_BEGIN | VerifierFilter::THROW_EXCEPTION); StringSource(signature, true, new HexDecoder(new Redirector(verifierFilter, Redirector::DATA_ONLY))); StringSource(message, true, new Redirector(verifierFilter)); }
void SignaturePairwiseConsistencyTest(const PK_Signer &signer, const PK_Verifier &verifier) { try { #ifdef OS_RNG_AVAILABLE DefaultAutoSeededRNG rng; #else RandomNumberGenerator &rng = NullRNG(); #endif StringSource( "test message", true, new SignerFilter( rng, signer, new VerifierFilter(verifier, NULL, VerifierFilter::THROW_EXCEPTION), true)); } catch (...) { throw SelfTestFailure(signer.AlgorithmName() + ": pairwise consistency test failed"); } }
void FIPS140_SampleApplication() { if (!FIPS_140_2_ComplianceEnabled()) { cerr << "FIPS 140-2 compliance was turned off at compile time.\n"; abort(); } // check self test status if (GetPowerUpSelfTestStatus() != POWER_UP_SELF_TEST_PASSED) { cerr << "Automatic power-up self test failed.\n"; abort(); } cout << "0. Automatic power-up self test passed.\n"; // simulate a power-up self test error SimulatePowerUpSelfTestFailure(); try { // trying to use a crypto algorithm after power-up self test error will result in an exception AES::Encryption aes; // should not be here cerr << "Use of AES failed to cause an exception after power-up self test error.\n"; abort(); } catch (SelfTestFailure &e) { cout << "1. Caught expected exception when simulating self test failure. Exception message follows: "; cout << e.what() << endl; } // clear the self test error state and redo power-up self test DoDllPowerUpSelfTest(); if (GetPowerUpSelfTestStatus() != POWER_UP_SELF_TEST_PASSED) { cerr << "Re-do power-up self test failed.\n"; abort(); } cout << "2. Re-do power-up self test passed.\n"; // encrypt and decrypt const byte key[] = {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; const byte iv[] = {0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef}; const byte plaintext[] = { // "Now is the time for all " without tailing 0 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20}; byte ciphertext[24]; byte decrypted[24]; CFB_FIPS_Mode<DES_EDE3>::Encryption encryption_DES_EDE3_CFB; encryption_DES_EDE3_CFB.SetKeyWithIV(key, sizeof(key), iv); encryption_DES_EDE3_CFB.ProcessString(ciphertext, plaintext, 23); CFB_FIPS_Mode<DES_EDE3>::Decryption decryption_DES_EDE3_CFB; decryption_DES_EDE3_CFB.SetKeyWithIV(key, sizeof(key), iv); decryption_DES_EDE3_CFB.ProcessString(decrypted, ciphertext, 24); if (memcmp(plaintext, decrypted, 24) != 0) { cerr << "DES-EDE3-CFB Encryption/decryption failed.\n"; abort(); } cout << "3. DES-EDE3-CFB Encryption/decryption succeeded.\n"; // hash const byte message[] = {'a', 'b', 'c'}; const byte expectedDigest[] = {0xA9,0x99,0x3E,0x36,0x47,0x06,0x81,0x6A,0xBA,0x3E,0x25,0x71,0x78,0x50,0xC2,0x6C,0x9C,0xD0,0xD8,0x9D}; byte digest[20]; SHA1 sha; sha.Update(message, 3); sha.Final(digest); if (memcmp(digest, expectedDigest, 20) != 0) { cerr << "SHA-1 hash failed.\n"; abort(); } cout << "4. SHA-1 hash succeeded.\n"; // create auto-seeded X9.17 RNG object, if available #ifdef OS_RNG_AVAILABLE AutoSeededX917RNG<DES_EDE3> rng; #else // this is used to allow this function to compile on platforms that don't have auto-seeded RNGs RandomNumberGenerator &rng(NullRNG()); #endif // generate DSA key DSA::PrivateKey dsaPrivateKey; dsaPrivateKey.GenerateRandomWithKeySize(rng, 1024); DSA::PublicKey dsaPublicKey; dsaPublicKey.AssignFrom(dsaPrivateKey); if (!dsaPrivateKey.Validate(rng, 3) || !dsaPublicKey.Validate(rng, 3)) { cerr << "DSA key generation failed.\n"; abort(); } cout << "5. DSA key generation succeeded.\n"; // encode DSA key std::string encodedDsaPublicKey, encodedDsaPrivateKey; dsaPublicKey.DEREncode(StringSink(encodedDsaPublicKey).Ref()); dsaPrivateKey.DEREncode(StringSink(encodedDsaPrivateKey).Ref()); // decode DSA key DSA::PrivateKey decodedDsaPrivateKey; decodedDsaPrivateKey.BERDecode(StringStore(encodedDsaPrivateKey).Ref()); DSA::PublicKey decodedDsaPublicKey; decodedDsaPublicKey.BERDecode(StringStore(encodedDsaPublicKey).Ref()); if (!decodedDsaPrivateKey.Validate(rng, 3) || !decodedDsaPublicKey.Validate(rng, 3)) { cerr << "DSA key encode/decode failed.\n"; abort(); } cout << "6. DSA key encode/decode succeeded.\n"; // sign and verify byte signature[40]; DSA::Signer signer(dsaPrivateKey); assert(signer.SignatureLength() == 40); signer.SignMessage(rng, message, 3, signature); DSA::Verifier verifier(dsaPublicKey); if (!verifier.VerifyMessage(message, 3, signature, sizeof(signature))) { cerr << "DSA signature and verification failed.\n"; abort(); } cout << "7. DSA signature and verification succeeded.\n"; // try to verify an invalid signature signature[0] ^= 1; if (verifier.VerifyMessage(message, 3, signature, sizeof(signature))) { cerr << "DSA signature verification failed to detect bad signature.\n"; abort(); } cout << "8. DSA signature verification successfully detected bad signature.\n"; // try to use an invalid key length try { ECB_Mode<DES_EDE3>::Encryption encryption_DES_EDE3_ECB; encryption_DES_EDE3_ECB.SetKey(key, 5); // should not be here cerr << "DES-EDE3 implementation did not detect use of invalid key length.\n"; abort(); } catch (InvalidArgument &e) { cout << "9. Caught expected exception when using invalid key length. Exception message follows: "; cout << e.what() << endl; } cout << "\nFIPS 140-2 Sample Application completed normally.\n"; }
void ElGamal_TestInstantiations() { ElGamalEncryptor test1(1, 1, 1); ElGamalDecryptor test2(NullRNG(), 123); ElGamalEncryptor test3(test2); }
void DH_TestInstantiations() { DH dh1; DH dh2(NullRNG(), 10); }