Fabcoin Core  0.16.2
P2P Digital Currency
validat2.cpp
Go to the documentation of this file.
1 // validat2.cpp - written and placed in the public domain by Wei Dai
2 
3 #include "pch.h"
4 
5 #define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1
6 
7 #include "cryptlib.h"
8 #include "pubkey.h"
9 #include "gfpcrypt.h"
10 #include "eccrypto.h"
11 #include "blumshub.h"
12 #include "filters.h"
13 #include "files.h"
14 #include "rsa.h"
15 #include "md2.h"
16 #include "elgamal.h"
17 #include "nr.h"
18 #include "dsa.h"
19 #include "dh.h"
20 #include "mqv.h"
21 #include "hmqv.h"
22 #include "fhmqv.h"
23 #include "luc.h"
24 #include "xtrcrypt.h"
25 #include "rabin.h"
26 #include "rw.h"
27 #include "eccrypto.h"
28 #include "integer.h"
29 #include "gf2n.h"
30 #include "ecp.h"
31 #include "ec2n.h"
32 #include "asn.h"
33 #include "rng.h"
34 #include "hex.h"
35 #include "oids.h"
36 #include "esign.h"
37 #include "osrng.h"
38 #include "sha.h"
39 #include "ripemd.h"
40 #include "smartptr.h"
41 
42 #include <iostream>
43 #include <sstream>
44 #include <iomanip>
45 
46 #include "validate.h"
47 
48 // Aggressive stack checking with VS2005 SP1 and above.
49 #if (CRYPTOPP_MSC_VERSION >= 1410)
50 # pragma strict_gs_check (on)
51 #endif
52 
53 #if CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE
54 # pragma GCC diagnostic ignored "-Wdeprecated-declarations"
55 #endif
56 
57 USING_NAMESPACE(CryptoPP)
58 USING_NAMESPACE(std)
59 
60 class FixedRNG : public RandomNumberGenerator
61 {
62 public:
63  FixedRNG(BufferedTransformation &source) : m_source(source) {}
64 
65  void GenerateBlock(byte *output, size_t size)
66  {
67  m_source.Get(output, size);
68  }
69 
70 private:
71  BufferedTransformation &m_source;
72 };
73 
74 bool ValidateBBS()
75 {
76  cout << "\nBlumBlumShub validation suite running...\n\n";
77 
78  Integer p("212004934506826557583707108431463840565872545889679278744389317666981496005411448865750399674653351");
79  Integer q("100677295735404212434355574418077394581488455772477016953458064183204108039226017738610663984508231");
80  Integer seed("63239752671357255800299643604761065219897634268887145610573595874544114193025997412441121667211431");
81  BlumBlumShub bbs(p, q, seed);
82  bool pass = true, fail;
83  int j;
84 
85  static const byte output1[] = {
86  0x49,0xEA,0x2C,0xFD,0xB0,0x10,0x64,0xA0,0xBB,0xB9,
87  0x2A,0xF1,0x01,0xDA,0xC1,0x8A,0x94,0xF7,0xB7,0xCE};
88  static const byte output2[] = {
89  0x74,0x45,0x48,0xAE,0xAC,0xB7,0x0E,0xDF,0xAF,0xD7,
90  0xD5,0x0E,0x8E,0x29,0x83,0x75,0x6B,0x27,0x46,0xA1};
91 
92  // Coverity finding, also see http://stackoverflow.com/a/34509163/608639.
93  StreamState ss(cout);
94  byte buf[20];
95 
96  bbs.GenerateBlock(buf, 20);
97  fail = memcmp(output1, buf, 20) != 0;
98  pass = pass && !fail;
99 
100  cout << (fail ? "FAILED " : "passed ");
101  for (j=0;j<20;j++)
102  cout << setw(2) << setfill('0') << hex << (int)buf[j];
103  cout << endl;
104 
105  bbs.Seek(10);
106  bbs.GenerateBlock(buf, 10);
107  fail = memcmp(output1+10, buf, 10) != 0;
108  pass = pass && !fail;
109 
110  cout << (fail ? "FAILED " : "passed ");
111  for (j=0;j<10;j++)
112  cout << setw(2) << setfill('0') << hex << (int)buf[j];
113  cout << endl;
114 
115  bbs.Seek(1234567);
116  bbs.GenerateBlock(buf, 20);
117  fail = memcmp(output2, buf, 20) != 0;
118  pass = pass && !fail;
119 
120  cout << (fail ? "FAILED " : "passed ");
121  for (j=0;j<20;j++)
122  cout << setw(2) << setfill('0') << hex << (int)buf[j];
123  cout << endl;
124 
125  return pass;
126 }
127 
128 bool SignatureValidate(PK_Signer &priv, PK_Verifier &pub, bool thorough = false)
129 {
130  bool pass = true, fail;
131 
132  fail = !pub.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2) || !priv.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2);
133  pass = pass && !fail;
134 
135  cout << (fail ? "FAILED " : "passed ");
136  cout << "signature key validation\n";
137 
138  const byte *message = (byte *)"test message";
139  const int messageLen = 12;
140 
141  SecByteBlock signature(priv.MaxSignatureLength());
142  size_t signatureLength = priv.SignMessage(GlobalRNG(), message, messageLen, signature);
143  fail = !pub.VerifyMessage(message, messageLen, signature, signatureLength);
144  pass = pass && !fail;
145 
146  cout << (fail ? "FAILED " : "passed ");
147  cout << "signature and verification\n";
148 
149  ++signature[0];
150  fail = pub.VerifyMessage(message, messageLen, signature, signatureLength);
151  pass = pass && !fail;
152 
153  cout << (fail ? "FAILED " : "passed ");
154  cout << "checking invalid signature" << endl;
155 
156  if (priv.MaxRecoverableLength() > 0)
157  {
158  signatureLength = priv.SignMessageWithRecovery(GlobalRNG(), message, messageLen, NULL, 0, signature);
159  SecByteBlock recovered(priv.MaxRecoverableLengthFromSignatureLength(signatureLength));
160  DecodingResult result = pub.RecoverMessage(recovered, NULL, 0, signature, signatureLength);
161  fail = !(result.isValidCoding && result.messageLength == messageLen && memcmp(recovered, message, messageLen) == 0);
162  pass = pass && !fail;
163 
164  cout << (fail ? "FAILED " : "passed ");
165  cout << "signature and verification with recovery" << endl;
166 
167  ++signature[0];
168  result = pub.RecoverMessage(recovered, NULL, 0, signature, signatureLength);
169  fail = result.isValidCoding;
170  pass = pass && !fail;
171 
172  cout << (fail ? "FAILED " : "passed ");
173  cout << "recovery with invalid signature" << endl;
174  }
175 
176  return pass;
177 }
178 
179 bool CryptoSystemValidate(PK_Decryptor &priv, PK_Encryptor &pub, bool thorough = false)
180 {
181  bool pass = true, fail;
182 
183  fail = !pub.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2) || !priv.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2);
184  pass = pass && !fail;
185 
186  cout << (fail ? "FAILED " : "passed ");
187  cout << "cryptosystem key validation\n";
188 
189  const byte *message = (byte *)"test message";
190  const int messageLen = 12;
191  SecByteBlock ciphertext(priv.CiphertextLength(messageLen));
192  SecByteBlock plaintext(priv.MaxPlaintextLength(ciphertext.size()));
193 
194  pub.Encrypt(GlobalRNG(), message, messageLen, ciphertext);
195  fail = priv.Decrypt(GlobalRNG(), ciphertext, priv.CiphertextLength(messageLen), plaintext) != DecodingResult(messageLen);
196  fail = fail || memcmp(message, plaintext, messageLen);
197  pass = pass && !fail;
198 
199  cout << (fail ? "FAILED " : "passed ");
200  cout << "encryption and decryption\n";
201 
202  return pass;
203 }
204 
205 bool SimpleKeyAgreementValidate(SimpleKeyAgreementDomain &d)
206 {
207  if (d.GetCryptoParameters().Validate(GlobalRNG(), 3))
208  cout << "passed simple key agreement domain parameters validation" << endl;
209  else
210  {
211  cout << "FAILED simple key agreement domain parameters invalid" << endl;
212  return false;
213  }
214 
215  SecByteBlock priv1(d.PrivateKeyLength()), priv2(d.PrivateKeyLength());
216  SecByteBlock pub1(d.PublicKeyLength()), pub2(d.PublicKeyLength());
217  SecByteBlock val1(d.AgreedValueLength()), val2(d.AgreedValueLength());
218 
219  d.GenerateKeyPair(GlobalRNG(), priv1, pub1);
220  d.GenerateKeyPair(GlobalRNG(), priv2, pub2);
221 
222  memset(val1.begin(), 0x10, val1.size());
223  memset(val2.begin(), 0x11, val2.size());
224 
225  if (!(d.Agree(val1, priv1, pub2) && d.Agree(val2, priv2, pub1)))
226  {
227  cout << "FAILED simple key agreement failed" << endl;
228  return false;
229  }
230 
231  if (memcmp(val1.begin(), val2.begin(), d.AgreedValueLength()))
232  {
233  cout << "FAILED simple agreed values not equal" << endl;
234  return false;
235  }
236 
237  cout << "passed simple key agreement" << endl;
238  return true;
239 }
240 
241 bool AuthenticatedKeyAgreementValidate(AuthenticatedKeyAgreementDomain &d)
242 {
243  if (d.GetCryptoParameters().Validate(GlobalRNG(), 3))
244  cout << "passed authenticated key agreement domain parameters validation" << endl;
245  else
246  {
247  cout << "FAILED authenticated key agreement domain parameters invalid" << endl;
248  return false;
249  }
250 
251  SecByteBlock spriv1(d.StaticPrivateKeyLength()), spriv2(d.StaticPrivateKeyLength());
252  SecByteBlock epriv1(d.EphemeralPrivateKeyLength()), epriv2(d.EphemeralPrivateKeyLength());
253  SecByteBlock spub1(d.StaticPublicKeyLength()), spub2(d.StaticPublicKeyLength());
254  SecByteBlock epub1(d.EphemeralPublicKeyLength()), epub2(d.EphemeralPublicKeyLength());
255  SecByteBlock val1(d.AgreedValueLength()), val2(d.AgreedValueLength());
256 
257  d.GenerateStaticKeyPair(GlobalRNG(), spriv1, spub1);
258  d.GenerateStaticKeyPair(GlobalRNG(), spriv2, spub2);
259  d.GenerateEphemeralKeyPair(GlobalRNG(), epriv1, epub1);
260  d.GenerateEphemeralKeyPair(GlobalRNG(), epriv2, epub2);
261 
262  memset(val1.begin(), 0x10, val1.size());
263  memset(val2.begin(), 0x11, val2.size());
264 
265  if (!(d.Agree(val1, spriv1, epriv1, spub2, epub2) && d.Agree(val2, spriv2, epriv2, spub1, epub1)))
266  {
267  cout << "FAILED authenticated key agreement failed" << endl;
268  return false;
269  }
270 
271  if (memcmp(val1.begin(), val2.begin(), d.AgreedValueLength()))
272  {
273  cout << "FAILED authenticated agreed values not equal" << endl;
274  return false;
275  }
276 
277  cout << "passed authenticated key agreement" << endl;
278  return true;
279 }
280 
281 bool ValidateRSA()
282 {
283  cout << "\nRSA validation suite running...\n\n";
284 
285  byte out[100], outPlain[100];
286  bool pass = true, fail;
287 
288  {
289  const char *plain = "Everyone gets Friday off.";
290  static const byte signature[] =
291  "\x05\xfa\x6a\x81\x2f\xc7\xdf\x8b\xf4\xf2\x54\x25\x09\xe0\x3e\x84"
292  "\x6e\x11\xb9\xc6\x20\xbe\x20\x09\xef\xb4\x40\xef\xbc\xc6\x69\x21"
293  "\x69\x94\xac\x04\xf3\x41\xb5\x7d\x05\x20\x2d\x42\x8f\xb2\xa2\x7b"
294  "\x5c\x77\xdf\xd9\xb1\x5b\xfc\x3d\x55\x93\x53\x50\x34\x10\xc1\xe1";
295 
296  FileSource keys(CRYPTOPP_DATA_DIR "TestData/rsa512a.dat", true, new HexDecoder);
297  Weak::RSASSA_PKCS1v15_MD2_Signer rsaPriv(keys);
298  Weak::RSASSA_PKCS1v15_MD2_Verifier rsaPub(rsaPriv);
299 
300  size_t signatureLength = rsaPriv.SignMessage(GlobalRNG(), (byte *)plain, strlen(plain), out);
301  fail = memcmp(signature, out, 64) != 0;
302  pass = pass && !fail;
303 
304  cout << (fail ? "FAILED " : "passed ");
305  cout << "signature check against test vector\n";
306 
307  fail = !rsaPub.VerifyMessage((byte *)plain, strlen(plain), out, signatureLength);
308  pass = pass && !fail;
309 
310  cout << (fail ? "FAILED " : "passed ");
311  cout << "verification check against test vector\n";
312 
313  out[10]++;
314  fail = rsaPub.VerifyMessage((byte *)plain, strlen(plain), out, signatureLength);
315  pass = pass && !fail;
316 
317  cout << (fail ? "FAILED " : "passed ");
318  cout << "invalid signature verification\n";
319  }
320  {
321  FileSource keys(CRYPTOPP_DATA_DIR "TestData/rsa1024.dat", true, new HexDecoder);
322  RSAES_PKCS1v15_Decryptor rsaPriv(keys);
323  RSAES_PKCS1v15_Encryptor rsaPub(rsaPriv);
324 
325  pass = CryptoSystemValidate(rsaPriv, rsaPub) && pass;
326  }
327  {
328  RSAES<OAEP<SHA> >::Decryptor rsaPriv(GlobalRNG(), 512);
329  RSAES<OAEP<SHA> >::Encryptor rsaPub(rsaPriv);
330 
331  pass = CryptoSystemValidate(rsaPriv, rsaPub) && pass;
332  }
333  {
334  byte *plain = (byte *)
335  "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
336  static const byte encrypted[] =
337  "\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a"
338  "\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4"
339  "\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52"
340  "\x62\x51";
341  static const byte oaepSeed[] =
342  "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2"
343  "\xf0\x6c\xb5\x8f";
344  ByteQueue bq;
345  bq.Put(oaepSeed, 20);
346  FixedRNG rng(bq);
347 
348  FileSource privFile(CRYPTOPP_DATA_DIR "TestData/rsa400pv.dat", true, new HexDecoder);
349  FileSource pubFile(CRYPTOPP_DATA_DIR "TestData/rsa400pb.dat", true, new HexDecoder);
350  RSAES_OAEP_SHA_Decryptor rsaPriv;
351  rsaPriv.AccessKey().BERDecodePrivateKey(privFile, false, 0);
352  RSAES_OAEP_SHA_Encryptor rsaPub(pubFile);
353 
354  memset(out, 0, 50);
355  memset(outPlain, 0, 8);
356  rsaPub.Encrypt(rng, plain, 8, out);
357  DecodingResult result = rsaPriv.FixedLengthDecrypt(GlobalRNG(), encrypted, outPlain);
358  fail = !result.isValidCoding || (result.messageLength!=8) || memcmp(out, encrypted, 50) || memcmp(plain, outPlain, 8);
359  pass = pass && !fail;
360 
361  cout << (fail ? "FAILED " : "passed ");
362  cout << "PKCS 2.0 encryption and decryption\n";
363  }
364 
365  return pass;
366 }
367 
368 bool ValidateDH()
369 {
370  cout << "\nDH validation suite running...\n\n";
371 
372  FileSource f(CRYPTOPP_DATA_DIR "TestData/dh1024.dat", true, new HexDecoder());
373  DH dh(f);
374  return SimpleKeyAgreementValidate(dh);
375 }
376 
377 bool ValidateMQV()
378 {
379  cout << "\nMQV validation suite running...\n\n";
380 
381  FileSource f(CRYPTOPP_DATA_DIR "TestData/mqv1024.dat", true, new HexDecoder());
382  MQV mqv(f);
383  return AuthenticatedKeyAgreementValidate(mqv);
384 }
385 
386 bool ValidateHMQV()
387 {
388  std::cout << "\nHMQV validation suite running...\n\n";
389 
390  //ECHMQV< ECP >::Domain hmqvB(false /*server*/);
391  ECHMQV256 hmqvB(false);
392  FileSource f256(CRYPTOPP_DATA_DIR "TestData/hmqv256.dat", true, new HexDecoder());
393  FileSource f384(CRYPTOPP_DATA_DIR "TestData/hmqv384.dat", true, new HexDecoder());
394  FileSource f512(CRYPTOPP_DATA_DIR "TestData/hmqv512.dat", true, new HexDecoder());
395  hmqvB.AccessGroupParameters().BERDecode(f256);
396 
397  std::cout << "HMQV with NIST P-256 and SHA-256:" << std::endl;
398 
399  if (hmqvB.GetCryptoParameters().Validate(GlobalRNG(), 3))
400  std::cout << "passed authenticated key agreement domain parameters validation (server)" << std::endl;
401  else
402  {
403  std::cout << "FAILED authenticated key agreement domain parameters invalid (server)" << std::endl;
404  return false;
405  }
406 
407  const OID oid = ASN1::secp256r1();
408  ECHMQV< ECP >::Domain hmqvA(oid, true /*client*/);
409 
410  if (hmqvA.GetCryptoParameters().Validate(GlobalRNG(), 3))
411  std::cout << "passed authenticated key agreement domain parameters validation (client)" << std::endl;
412  else
413  {
414  std::cout << "FAILED authenticated key agreement domain parameters invalid (client)" << std::endl;
415  return false;
416  }
417 
418  SecByteBlock sprivA(hmqvA.StaticPrivateKeyLength()), sprivB(hmqvB.StaticPrivateKeyLength());
419  SecByteBlock eprivA(hmqvA.EphemeralPrivateKeyLength()), eprivB(hmqvB.EphemeralPrivateKeyLength());
420  SecByteBlock spubA(hmqvA.StaticPublicKeyLength()), spubB(hmqvB.StaticPublicKeyLength());
421  SecByteBlock epubA(hmqvA.EphemeralPublicKeyLength()), epubB(hmqvB.EphemeralPublicKeyLength());
422  SecByteBlock valA(hmqvA.AgreedValueLength()), valB(hmqvB.AgreedValueLength());
423 
424  hmqvA.GenerateStaticKeyPair(GlobalRNG(), sprivA, spubA);
425  hmqvB.GenerateStaticKeyPair(GlobalRNG(), sprivB, spubB);
426  hmqvA.GenerateEphemeralKeyPair(GlobalRNG(), eprivA, epubA);
427  hmqvB.GenerateEphemeralKeyPair(GlobalRNG(), eprivB, epubB);
428 
429  memset(valA.begin(), 0x00, valA.size());
430  memset(valB.begin(), 0x11, valB.size());
431 
432  if (!(hmqvA.Agree(valA, sprivA, eprivA, spubB, epubB) && hmqvB.Agree(valB, sprivB, eprivB, spubA, epubA)))
433  {
434  std::cout << "FAILED authenticated key agreement failed" << std::endl;
435  return false;
436  }
437 
438  if (memcmp(valA.begin(), valB.begin(), hmqvA.AgreedValueLength()))
439  {
440  std::cout << "FAILED authenticated agreed values not equal" << std::endl;
441  return false;
442  }
443 
444  std::cout << "passed authenticated key agreement" << std::endl;
445 
446  // Now test HMQV with NIST P-384 curve and SHA384 hash
447  std::cout << endl;
448  std::cout << "HMQV with NIST P-384 and SHA-384:" << std::endl;
449 
450  ECHMQV384 hmqvB384(false);
451  hmqvB384.AccessGroupParameters().BERDecode(f384);
452 
453  if (hmqvB384.GetCryptoParameters().Validate(GlobalRNG(), 3))
454  std::cout << "passed authenticated key agreement domain parameters validation (server)" << std::endl;
455  else
456  {
457  std::cout << "FAILED authenticated key agreement domain parameters invalid (server)" << std::endl;
458  return false;
459  }
460 
461  const OID oid384 = ASN1::secp384r1();
462  ECHMQV384 hmqvA384(oid384, true /*client*/);
463 
464  if (hmqvA384.GetCryptoParameters().Validate(GlobalRNG(), 3))
465  std::cout << "passed authenticated key agreement domain parameters validation (client)" << std::endl;
466  else
467  {
468  std::cout << "FAILED authenticated key agreement domain parameters invalid (client)" << std::endl;
469  return false;
470  }
471 
472  SecByteBlock sprivA384(hmqvA384.StaticPrivateKeyLength()), sprivB384(hmqvB384.StaticPrivateKeyLength());
473  SecByteBlock eprivA384(hmqvA384.EphemeralPrivateKeyLength()), eprivB384(hmqvB384.EphemeralPrivateKeyLength());
474  SecByteBlock spubA384(hmqvA384.StaticPublicKeyLength()), spubB384(hmqvB384.StaticPublicKeyLength());
475  SecByteBlock epubA384(hmqvA384.EphemeralPublicKeyLength()), epubB384(hmqvB384.EphemeralPublicKeyLength());
476  SecByteBlock valA384(hmqvA384.AgreedValueLength()), valB384(hmqvB384.AgreedValueLength());
477 
478  hmqvA384.GenerateStaticKeyPair(GlobalRNG(), sprivA384, spubA384);
479  hmqvB384.GenerateStaticKeyPair(GlobalRNG(), sprivB384, spubB384);
480  hmqvA384.GenerateEphemeralKeyPair(GlobalRNG(), eprivA384, epubA384);
481  hmqvB384.GenerateEphemeralKeyPair(GlobalRNG(), eprivB384, epubB384);
482 
483  memset(valA384.begin(), 0x00, valA384.size());
484  memset(valB384.begin(), 0x11, valB384.size());
485 
486  if (!(hmqvA384.Agree(valA384, sprivA384, eprivA384, spubB384, epubB384) && hmqvB384.Agree(valB384, sprivB384, eprivB384, spubA384, epubA384)))
487  {
488  std::cout << "FAILED authenticated key agreement failed" << std::endl;
489  return false;
490  }
491 
492  if (memcmp(valA384.begin(), valB384.begin(), hmqvA384.AgreedValueLength()))
493  {
494  std::cout << "FAILED authenticated agreed values not equal" << std::endl;
495  return false;
496  }
497 
498  std::cout << "passed authenticated key agreement" << std::endl;
499 
500  return true;
501 }
502 
503 bool ValidateFHMQV()
504 {
505  std::cout << "\nFHMQV validation suite running...\n\n";
506 
507  //ECFHMQV< ECP >::Domain fhmqvB(false /*server*/);
508  ECFHMQV256 fhmqvB(false);
509  FileSource f256(CRYPTOPP_DATA_DIR "TestData/fhmqv256.dat", true, new HexDecoder());
510  FileSource f384(CRYPTOPP_DATA_DIR "TestData/fhmqv384.dat", true, new HexDecoder());
511  FileSource f512(CRYPTOPP_DATA_DIR "TestData/fhmqv512.dat", true, new HexDecoder());
512  fhmqvB.AccessGroupParameters().BERDecode(f256);
513 
514  std::cout << "FHMQV with NIST P-256 and SHA-256:" << std::endl;
515 
516  if (fhmqvB.GetCryptoParameters().Validate(GlobalRNG(), 3))
517  std::cout << "passed authenticated key agreement domain parameters validation (server)" << std::endl;
518  else
519  {
520  std::cout << "FAILED authenticated key agreement domain parameters invalid (server)" << std::endl;
521  return false;
522  }
523 
524  const OID oid = ASN1::secp256r1();
525  ECFHMQV< ECP >::Domain fhmqvA(oid, true /*client*/);
526 
527  if (fhmqvA.GetCryptoParameters().Validate(GlobalRNG(), 3))
528  std::cout << "passed authenticated key agreement domain parameters validation (client)" << std::endl;
529  else
530  {
531  std::cout << "FAILED authenticated key agreement domain parameters invalid (client)" << std::endl;
532  return false;
533  }
534 
535  SecByteBlock sprivA(fhmqvA.StaticPrivateKeyLength()), sprivB(fhmqvB.StaticPrivateKeyLength());
536  SecByteBlock eprivA(fhmqvA.EphemeralPrivateKeyLength()), eprivB(fhmqvB.EphemeralPrivateKeyLength());
537  SecByteBlock spubA(fhmqvA.StaticPublicKeyLength()), spubB(fhmqvB.StaticPublicKeyLength());
538  SecByteBlock epubA(fhmqvA.EphemeralPublicKeyLength()), epubB(fhmqvB.EphemeralPublicKeyLength());
539  SecByteBlock valA(fhmqvA.AgreedValueLength()), valB(fhmqvB.AgreedValueLength());
540 
541  fhmqvA.GenerateStaticKeyPair(GlobalRNG(), sprivA, spubA);
542  fhmqvB.GenerateStaticKeyPair(GlobalRNG(), sprivB, spubB);
543  fhmqvA.GenerateEphemeralKeyPair(GlobalRNG(), eprivA, epubA);
544  fhmqvB.GenerateEphemeralKeyPair(GlobalRNG(), eprivB, epubB);
545 
546  memset(valA.begin(), 0x00, valA.size());
547  memset(valB.begin(), 0x11, valB.size());
548 
549  if (!(fhmqvA.Agree(valA, sprivA, eprivA, spubB, epubB) && fhmqvB.Agree(valB, sprivB, eprivB, spubA, epubA)))
550  {
551  std::cout << "FAILED authenticated key agreement failed" << std::endl;
552  return false;
553  }
554 
555  if (memcmp(valA.begin(), valB.begin(), fhmqvA.AgreedValueLength()))
556  {
557  std::cout << "FAILED authenticated agreed values not equal" << std::endl;
558  return false;
559  }
560 
561  std::cout << "passed authenticated key agreement" << std::endl;
562 
563  // Now test FHMQV with NIST P-384 curve and SHA384 hash
564  std::cout << endl;
565  std::cout << "FHMQV with NIST P-384 and SHA-384:" << std::endl;
566 
567  ECHMQV384 fhmqvB384(false);
568  fhmqvB384.AccessGroupParameters().BERDecode(f384);
569 
570  if (fhmqvB384.GetCryptoParameters().Validate(GlobalRNG(), 3))
571  std::cout << "passed authenticated key agreement domain parameters validation (server)" << std::endl;
572  else
573  {
574  std::cout << "FAILED authenticated key agreement domain parameters invalid (server)" << std::endl;
575  return false;
576  }
577 
578  const OID oid384 = ASN1::secp384r1();
579  ECHMQV384 fhmqvA384(oid384, true /*client*/);
580 
581  if (fhmqvA384.GetCryptoParameters().Validate(GlobalRNG(), 3))
582  std::cout << "passed authenticated key agreement domain parameters validation (client)" << std::endl;
583  else
584  {
585  std::cout << "FAILED authenticated key agreement domain parameters invalid (client)" << std::endl;
586  return false;
587  }
588 
589  SecByteBlock sprivA384(fhmqvA384.StaticPrivateKeyLength()), sprivB384(fhmqvB384.StaticPrivateKeyLength());
590  SecByteBlock eprivA384(fhmqvA384.EphemeralPrivateKeyLength()), eprivB384(fhmqvB384.EphemeralPrivateKeyLength());
591  SecByteBlock spubA384(fhmqvA384.StaticPublicKeyLength()), spubB384(fhmqvB384.StaticPublicKeyLength());
592  SecByteBlock epubA384(fhmqvA384.EphemeralPublicKeyLength()), epubB384(fhmqvB384.EphemeralPublicKeyLength());
593  SecByteBlock valA384(fhmqvA384.AgreedValueLength()), valB384(fhmqvB384.AgreedValueLength());
594 
595  fhmqvA384.GenerateStaticKeyPair(GlobalRNG(), sprivA384, spubA384);
596  fhmqvB384.GenerateStaticKeyPair(GlobalRNG(), sprivB384, spubB384);
597  fhmqvA384.GenerateEphemeralKeyPair(GlobalRNG(), eprivA384, epubA384);
598  fhmqvB384.GenerateEphemeralKeyPair(GlobalRNG(), eprivB384, epubB384);
599 
600  memset(valA384.begin(), 0x00, valA384.size());
601  memset(valB384.begin(), 0x11, valB384.size());
602 
603  if (!(fhmqvA384.Agree(valA384, sprivA384, eprivA384, spubB384, epubB384) && fhmqvB384.Agree(valB384, sprivB384, eprivB384, spubA384, epubA384)))
604  {
605  std::cout << "FAILED authenticated key agreement failed" << std::endl;
606  return false;
607  }
608 
609  if (memcmp(valA384.begin(), valB384.begin(), fhmqvA384.AgreedValueLength()))
610  {
611  std::cout << "FAILED authenticated agreed values not equal" << std::endl;
612  return false;
613  }
614 
615  std::cout << "passed authenticated key agreement" << std::endl;
616 
617  return true;
618 }
619 
620 bool ValidateLUC_DH()
621 {
622  cout << "\nLUC-DH validation suite running...\n\n";
623 
624  FileSource f(CRYPTOPP_DATA_DIR "TestData/lucd512.dat", true, new HexDecoder());
625  LUC_DH dh(f);
626  return SimpleKeyAgreementValidate(dh);
627 }
628 
629 bool ValidateXTR_DH()
630 {
631  cout << "\nXTR-DH validation suite running...\n\n";
632 
633  FileSource f(CRYPTOPP_DATA_DIR "TestData/xtrdh171.dat", true, new HexDecoder());
634  XTR_DH dh(f);
635  return SimpleKeyAgreementValidate(dh);
636 }
637 
638 bool ValidateElGamal()
639 {
640  cout << "\nElGamal validation suite running...\n\n";
641  bool pass = true;
642  {
643  FileSource fc(CRYPTOPP_DATA_DIR "TestData/elgc1024.dat", true, new HexDecoder);
644  ElGamalDecryptor privC(fc);
645  ElGamalEncryptor pubC(privC);
646  privC.AccessKey().Precompute();
647  ByteQueue queue;
648  privC.AccessKey().SavePrecomputation(queue);
649  privC.AccessKey().LoadPrecomputation(queue);
650 
651  pass = CryptoSystemValidate(privC, pubC) && pass;
652  }
653  return pass;
654 }
655 
656 bool ValidateDLIES()
657 {
658  cout << "\nDLIES validation suite running...\n\n";
659  bool pass = true;
660  {
661  FileSource fc(CRYPTOPP_DATA_DIR "TestData/dlie1024.dat", true, new HexDecoder);
662  DLIES<>::Decryptor privC(fc);
663  DLIES<>::Encryptor pubC(privC);
664  pass = CryptoSystemValidate(privC, pubC) && pass;
665  }
666  {
667  cout << "Generating new encryption key..." << endl;
668  DLIES<>::GroupParameters gp;
669  gp.GenerateRandomWithKeySize(GlobalRNG(), 128);
670  DLIES<>::Decryptor decryptor;
671  decryptor.AccessKey().GenerateRandom(GlobalRNG(), gp);
672  DLIES<>::Encryptor encryptor(decryptor);
673 
674  pass = CryptoSystemValidate(decryptor, encryptor) && pass;
675  }
676  return pass;
677 }
678 
679 bool ValidateNR()
680 {
681  cout << "\nNR validation suite running...\n\n";
682  bool pass = true;
683  {
684  FileSource f(CRYPTOPP_DATA_DIR "TestData/nr2048.dat", true, new HexDecoder);
685  NR<SHA>::Signer privS(f);
686  privS.AccessKey().Precompute();
687  NR<SHA>::Verifier pubS(privS);
688 
689  pass = SignatureValidate(privS, pubS) && pass;
690  }
691  {
692  cout << "Generating new signature key..." << endl;
693  NR<SHA>::Signer privS(GlobalRNG(), 256);
694  NR<SHA>::Verifier pubS(privS);
695 
696  pass = SignatureValidate(privS, pubS) && pass;
697  }
698  return pass;
699 }
700 
701 bool ValidateDSA(bool thorough)
702 {
703  cout << "\nDSA validation suite running...\n\n";
704 
705  bool pass = true;
706  FileSource fs1(CRYPTOPP_DATA_DIR "TestData/dsa1024.dat", true, new HexDecoder());
707  DSA::Signer priv(fs1);
708  DSA::Verifier pub(priv);
709  FileSource fs2(CRYPTOPP_DATA_DIR "TestData/dsa1024b.dat", true, new HexDecoder());
710  DSA::Verifier pub1(fs2);
711  CRYPTOPP_ASSERT(pub.GetKey() == pub1.GetKey());
712  pass = SignatureValidate(priv, pub, thorough) && pass;
713  pass = RunTestDataFile(CRYPTOPP_DATA_DIR "TestVectors/dsa.txt", g_nullNameValuePairs, thorough) && pass;
714 
715  return pass;
716 }
717 
718 bool ValidateLUC()
719 {
720  cout << "\nLUC validation suite running...\n\n";
721  bool pass=true;
722 
723  {
724  FileSource f(CRYPTOPP_DATA_DIR "TestData/luc1024.dat", true, new HexDecoder);
725  LUCSSA_PKCS1v15_SHA_Signer priv(f);
726  LUCSSA_PKCS1v15_SHA_Verifier pub(priv);
727  pass = SignatureValidate(priv, pub) && pass;
728  }
729  {
730  LUCES_OAEP_SHA_Decryptor priv(GlobalRNG(), 512);
731  LUCES_OAEP_SHA_Encryptor pub(priv);
732  pass = CryptoSystemValidate(priv, pub) && pass;
733  }
734  return pass;
735 }
736 
737 bool ValidateLUC_DL()
738 {
739  cout << "\nLUC-HMP validation suite running...\n\n";
740 
741  FileSource f(CRYPTOPP_DATA_DIR "TestData/lucs512.dat", true, new HexDecoder);
742  LUC_HMP<SHA>::Signer privS(f);
743  LUC_HMP<SHA>::Verifier pubS(privS);
744  bool pass = SignatureValidate(privS, pubS);
745 
746  cout << "\nLUC-IES validation suite running...\n\n";
747 
748  FileSource fc(CRYPTOPP_DATA_DIR "TestData/lucc512.dat", true, new HexDecoder);
749  LUC_IES<>::Decryptor privC(fc);
750  LUC_IES<>::Encryptor pubC(privC);
751  pass = CryptoSystemValidate(privC, pubC) && pass;
752 
753  return pass;
754 }
755 
756 bool ValidateRabin()
757 {
758  cout << "\nRabin validation suite running...\n\n";
759  bool pass=true;
760 
761  {
762  FileSource f(CRYPTOPP_DATA_DIR "TestData/rabi1024.dat", true, new HexDecoder);
763  RabinSS<PSSR, SHA>::Signer priv(f);
764  RabinSS<PSSR, SHA>::Verifier pub(priv);
765  pass = SignatureValidate(priv, pub) && pass;
766  }
767  {
768  RabinES<OAEP<SHA> >::Decryptor priv(GlobalRNG(), 512);
769  RabinES<OAEP<SHA> >::Encryptor pub(priv);
770  pass = CryptoSystemValidate(priv, pub) && pass;
771  }
772  return pass;
773 }
774 
775 bool ValidateRW()
776 {
777  cout << "\nRW validation suite running...\n\n";
778 
779  FileSource f(CRYPTOPP_DATA_DIR "TestData/rw1024.dat", true, new HexDecoder);
780  RWSS<PSSR, SHA>::Signer priv(f);
781  RWSS<PSSR, SHA>::Verifier pub(priv);
782 
783  return SignatureValidate(priv, pub);
784 }
785 
786 /*
787 bool ValidateBlumGoldwasser()
788 {
789  cout << "\nBlumGoldwasser validation suite running...\n\n";
790 
791  FileSource f(CRYPTOPP_DATA_DIR "TestData/blum512.dat", true, new HexDecoder);
792  BlumGoldwasserPrivateKey priv(f);
793  BlumGoldwasserPublicKey pub(priv);
794 
795  return CryptoSystemValidate(priv, pub);
796 }
797 */
798 
799 #if defined(CRYPTOPP_DEBUG) && !defined(CRYPTOPP_IMPORTS)
800 // Issue 64: "PolynomialMod2::operator<<=", http://github.com/weidai11/cryptopp/issues/64
801 bool TestPolynomialMod2()
802 {
803  bool pass1 = true, pass2 = true, pass3 = true;
804 
805  cout << "\nTesting PolynomialMod2 bit operations...\n\n";
806 
807  static const unsigned int start = 0;
808  static const unsigned int stop = 4 * WORD_BITS + 1;
809 
810  for (unsigned int i=start; i < stop; i++)
811  {
812  PolynomialMod2 p(1);
813  p <<= i;
814 
815  Integer n(Integer::One());
816  n <<= i;
817 
818  std::ostringstream oss1;
819  oss1 << p;
820 
821  std::string str1, str2;
822 
823  // str1 needs the commas removed used for grouping
824  str1 = oss1.str();
825  str1.erase(std::remove(str1.begin(), str1.end(), ','), str1.end());
826 
827  // str1 needs the trailing 'b' removed
828  str1.erase(str1.end() - 1);
829 
830  // str2 is fine as-is
831  str2 = IntToString(n, 2);
832 
833  pass1 &= (str1 == str2);
834  }
835 
836  for (unsigned int i=start; i < stop; i++)
837  {
838  const word w((word)SIZE_MAX);
839 
840  PolynomialMod2 p(w);
841  p <<= i;
842 
843  Integer n(Integer::POSITIVE, static_cast<lword>(w));
844  n <<= i;
845 
846  std::ostringstream oss1;
847  oss1 << p;
848 
849  std::string str1, str2;
850 
851  // str1 needs the commas removed used for grouping
852  str1 = oss1.str();
853  str1.erase(std::remove(str1.begin(), str1.end(), ','), str1.end());
854 
855  // str1 needs the trailing 'b' removed
856  str1.erase(str1.end() - 1);
857 
858  // str2 is fine as-is
859  str2 = IntToString(n, 2);
860 
861  pass2 &= (str1 == str2);
862  }
863 
864  RandomNumberGenerator& prng = GlobalRNG();
865  for (unsigned int i=start; i < stop; i++)
866  {
867  word w; // Cast to lword due to Visual Studio
868  prng.GenerateBlock((byte*)&w, sizeof(w));
869 
870  PolynomialMod2 p(w);
871  p <<= i;
872 
873  Integer n(Integer::POSITIVE, static_cast<lword>(w));
874  n <<= i;
875 
876  std::ostringstream oss1;
877  oss1 << p;
878 
879  std::string str1, str2;
880 
881  // str1 needs the commas removed used for grouping
882  str1 = oss1.str();
883  str1.erase(std::remove(str1.begin(), str1.end(), ','), str1.end());
884 
885  // str1 needs the trailing 'b' removed
886  str1.erase(str1.end() - 1);
887 
888  // str2 is fine as-is
889  str2 = IntToString(n, 2);
890 
891  if (str1 != str2)
892  {
893  cout << " Oops..." << "\n";
894  cout << " random: " << std::hex << n << std::dec << "\n";
895  cout << " str1: " << str1 << "\n";
896  cout << " str2: " << str2 << "\n";
897  }
898 
899  pass3 &= (str1 == str2);
900  }
901 
902  cout << (!pass1 ? "FAILED" : "passed") << ": " << "1 shifted over range [" << dec << start << "," << stop << "]" << "\n";
903  cout << (!pass2 ? "FAILED" : "passed") << ": " << "0x" << hex << word(SIZE_MAX) << dec << " shifted over range [" << start << "," << stop << "]" << "\n";
904  cout << (!pass3 ? "FAILED" : "passed") << ": " << "random values shifted over range [" << dec << start << "," << stop << "]" << "\n";
905 
906  if (!(pass1 && pass2 && pass3))
907  cout.flush();
908 
909  return pass1 && pass2 && pass3;
910 }
911 #endif
912 
913 bool ValidateECP()
914 {
915  cout << "\nECP validation suite running...\n\n";
916 
917  ECIES<ECP>::Decryptor cpriv(GlobalRNG(), ASN1::secp192r1());
918  ECIES<ECP>::Encryptor cpub(cpriv);
919  ByteQueue bq;
920  cpriv.GetKey().DEREncode(bq);
921  cpub.AccessKey().AccessGroupParameters().SetEncodeAsOID(true);
922  cpub.GetKey().DEREncode(bq);
923  ECDSA<ECP, SHA>::Signer spriv(bq);
924  ECDSA<ECP, SHA>::Verifier spub(bq);
925  ECDH<ECP>::Domain ecdhc(ASN1::secp192r1());
926  ECMQV<ECP>::Domain ecmqvc(ASN1::secp192r1());
927 
928  spriv.AccessKey().Precompute();
929  ByteQueue queue;
930  spriv.AccessKey().SavePrecomputation(queue);
931  spriv.AccessKey().LoadPrecomputation(queue);
932 
933  bool pass = SignatureValidate(spriv, spub);
934  cpub.AccessKey().Precompute();
935  cpriv.AccessKey().Precompute();
936  pass = CryptoSystemValidate(cpriv, cpub) && pass;
937  pass = SimpleKeyAgreementValidate(ecdhc) && pass;
938  pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass;
939 
940  cout << "Turning on point compression..." << endl;
941  cpriv.AccessKey().AccessGroupParameters().SetPointCompression(true);
942  cpub.AccessKey().AccessGroupParameters().SetPointCompression(true);
943  ecdhc.AccessGroupParameters().SetPointCompression(true);
944  ecmqvc.AccessGroupParameters().SetPointCompression(true);
945  pass = CryptoSystemValidate(cpriv, cpub) && pass;
946  pass = SimpleKeyAgreementValidate(ecdhc) && pass;
947  pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass;
948 
949  cout << "Testing SEC 2, NIST, and Brainpool recommended curves..." << endl;
950  OID oid;
951  while (!(oid = DL_GroupParameters_EC<ECP>::GetNextRecommendedParametersOID(oid)).m_values.empty())
952  {
953  DL_GroupParameters_EC<ECP> params(oid);
954  bool fail = !params.Validate(GlobalRNG(), 2);
955  cout << (fail ? "FAILED" : "passed") << " " << dec << params.GetCurve().GetField().MaxElementBitLength() << " bits" << endl;
956  pass = pass && !fail;
957  }
958 
959  return pass;
960 }
961 
962 bool ValidateEC2N()
963 {
964  cout << "\nEC2N validation suite running...\n\n";
965 
966  ECIES<EC2N>::Decryptor cpriv(GlobalRNG(), ASN1::sect193r1());
967  ECIES<EC2N>::Encryptor cpub(cpriv);
968  ByteQueue bq;
969  cpriv.DEREncode(bq);
970  cpub.AccessKey().AccessGroupParameters().SetEncodeAsOID(true);
971  cpub.DEREncode(bq);
972  ECDSA<EC2N, SHA>::Signer spriv(bq);
973  ECDSA<EC2N, SHA>::Verifier spub(bq);
974  ECDH<EC2N>::Domain ecdhc(ASN1::sect193r1());
975  ECMQV<EC2N>::Domain ecmqvc(ASN1::sect193r1());
976 
977  spriv.AccessKey().Precompute();
978  ByteQueue queue;
979  spriv.AccessKey().SavePrecomputation(queue);
980  spriv.AccessKey().LoadPrecomputation(queue);
981 
982  bool pass = SignatureValidate(spriv, spub);
983  pass = CryptoSystemValidate(cpriv, cpub) && pass;
984  pass = SimpleKeyAgreementValidate(ecdhc) && pass;
985  pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass;
986 
987  cout << "Turning on point compression..." << endl;
988  cpriv.AccessKey().AccessGroupParameters().SetPointCompression(true);
989  cpub.AccessKey().AccessGroupParameters().SetPointCompression(true);
990  ecdhc.AccessGroupParameters().SetPointCompression(true);
991  ecmqvc.AccessGroupParameters().SetPointCompression(true);
992  pass = CryptoSystemValidate(cpriv, cpub) && pass;
993  pass = SimpleKeyAgreementValidate(ecdhc) && pass;
994  pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass;
995 
996 #if 0 // TODO: turn this back on when I make EC2N faster for pentanomial basis
997  cout << "Testing SEC 2 recommended curves..." << endl;
998  OID oid;
999  while (!(oid = DL_GroupParameters_EC<EC2N>::GetNextRecommendedParametersOID(oid)).m_values.empty())
1000  {
1001  DL_GroupParameters_EC<EC2N> params(oid);
1002  bool fail = !params.Validate(GlobalRNG(), 2);
1003  cout << (fail ? "FAILED" : "passed") << " " << params.GetCurve().GetField().MaxElementBitLength() << " bits" << endl;
1004  pass = pass && !fail;
1005  }
1006 #endif
1007 
1008  return pass;
1009 }
1010 
1011 bool ValidateECDSA()
1012 {
1013  cout << "\nECDSA validation suite running...\n\n";
1014 
1015  // from Sample Test Vectors for P1363
1016  GF2NT gf2n(191, 9, 0);
1017  byte a[]="\x28\x66\x53\x7B\x67\x67\x52\x63\x6A\x68\xF5\x65\x54\xE1\x26\x40\x27\x6B\x64\x9E\xF7\x52\x62\x67";
1018  byte b[]="\x2E\x45\xEF\x57\x1F\x00\x78\x6F\x67\xB0\x08\x1B\x94\x95\xA3\xD9\x54\x62\xF5\xDE\x0A\xA1\x85\xEC";
1019  EC2N ec(gf2n, PolynomialMod2(a,24), PolynomialMod2(b,24));
1020 
1021  EC2N::Point P;
1022  ec.DecodePoint(P, (byte *)"\x04\x36\xB3\xDA\xF8\xA2\x32\x06\xF9\xC4\xF2\x99\xD7\xB2\x1A\x9C\x36\x91\x37\xF2\xC8\x4A\xE1\xAA\x0D"
1023  "\x76\x5B\xE7\x34\x33\xB3\xF9\x5E\x33\x29\x32\xE7\x0E\xA2\x45\xCA\x24\x18\xEA\x0E\xF9\x80\x18\xFB", ec.EncodedPointSize());
1024  Integer n("40000000000000000000000004a20e90c39067c893bbb9a5H");
1025  Integer d("340562e1dda332f9d2aec168249b5696ee39d0ed4d03760fH");
1026  EC2N::Point Q(ec.Multiply(d, P));
1027  ECDSA<EC2N, SHA>::Signer priv(ec, P, n, d);
1028  ECDSA<EC2N, SHA>::Verifier pub(priv);
1029 
1030  Integer h("A9993E364706816ABA3E25717850C26C9CD0D89DH");
1031  Integer k("3eeace72b4919d991738d521879f787cb590aff8189d2b69H");
1032  static const byte sig[]="\x03\x8e\x5a\x11\xfb\x55\xe4\xc6\x54\x71\xdc\xd4\x99\x84\x52\xb1\xe0\x2d\x8a\xf7\x09\x9b\xb9\x30"
1033  "\x0c\x9a\x08\xc3\x44\x68\xc2\x44\xb4\xe5\xd6\xb2\x1b\x3c\x68\x36\x28\x07\x41\x60\x20\x32\x8b\x6e";
1034  Integer r(sig, 24);
1035  Integer s(sig+24, 24);
1036 
1037  Integer rOut, sOut;
1038  bool fail, pass=true;
1039 
1040  priv.RawSign(k, h, rOut, sOut);
1041  fail = (rOut != r) || (sOut != s);
1042  pass = pass && !fail;
1043 
1044  cout << (fail ? "FAILED " : "passed ");
1045  cout << "signature check against test vector\n";
1046 
1047  fail = !pub.VerifyMessage((byte *)"abc", 3, sig, sizeof(sig));
1048  pass = pass && !fail;
1049 
1050  cout << (fail ? "FAILED " : "passed ");
1051  cout << "verification check against test vector\n";
1052 
1053  fail = pub.VerifyMessage((byte *)"xyz", 3, sig, sizeof(sig));
1054  pass = pass && !fail;
1055 
1056  pass = SignatureValidate(priv, pub) && pass;
1057 
1058  return pass;
1059 }
1060 
1061 // from http://www.teletrust.de/fileadmin/files/oid/ecgdsa_final.pdf
1062 bool ValidateECGDSA()
1063 {
1064  cout << "\nECGDSA validation suite running...\n\n";
1065 
1066  bool fail, pass=true;
1067 
1068  // 2.4.1 Examples of ECGDSA over GF(p) with the hash function RIPEMD-160 (p. 10)
1069  {
1070  OID oid = ASN1::brainpoolP192r1();
1071  DL_GroupParameters_EC<ECP> params(oid);
1072  Integer x("0x 80F2425E 89B4F585 F27F3536 ED834D68 E3E492DE 08FE84B9");
1073  ECGDSA<ECP, RIPEMD160>::Signer signer(params, x);
1074  ECGDSA<ECP, RIPEMD160>::Verifier verifier(signer);
1075 
1076  Integer e("0x 00000000 577EF842 B32FDE45 79727FFF 02F7A280 74ADC4EF");
1077  Integer k("0x 22C17C2A 367DD85A B8A365ED 06F19C43 F9ED1834 9A9BC044");
1078 
1079  Integer r, s;
1080  signer.RawSign(k, e, r, s);
1081 
1082  Integer rExp("0x 2D017BE7 F117FF99 4ED6FC63 CA5B4C7A 0430E9FA 095DAFC4");
1083  Integer sExp("0x C02B5CC5 C51D5411 060BF024 5049F824 839F671D 78A1BBF1");
1084 
1085  fail = (r != rExp) || (s != sExp);
1086  pass = pass && !fail;
1087 
1088  const byte msg[] = "Example of ECGDSA with the hash function RIPEMD-160";
1089  const size_t len = strlen((char*)msg);
1090 
1091  byte signature[48];
1092  r.Encode(signature+0, 24);
1093  s.Encode(signature+24, 24);
1094 
1095  fail = !verifier.VerifyMessage(msg, len, signature, sizeof(signature));
1096  pass = pass && !fail;
1097 
1098  cout << (fail ? "FAILED " : "passed ");
1099  cout << "brainpoolP192r1 using RIPEMD-160\n";
1100 
1101  fail = !SignatureValidate(signer, verifier);
1102  pass = pass && !fail;
1103  }
1104 
1105  // 2.4.1 Examples of ECGDSA over GF(p) with the hash function RIPEMD-160 (p. 13)
1106  {
1107  OID oid = ASN1::brainpoolP256r1();
1108  DL_GroupParameters_EC<ECP> params(oid);
1109  Integer x("0x 47B3A278 62DEF037 49ACF0D6 00E69F9B 851D01ED AEFA531F 4D168E78 7307F4D8");
1110  ECGDSA<ECP, RIPEMD160>::Signer signer(params, x);
1111  ECGDSA<ECP, RIPEMD160>::Verifier verifier(signer);
1112 
1113  Integer e("0x 00000000 00000000 00000000 577EF842 B32FDE45 79727FFF 02F7A280 74ADC4EF");
1114  Integer k("0x 908E3099 776261A4 558FF7A9 FA6DFFE0 CA6BB3F9 CB35C2E4 E1DC73FD 5E8C08A3");
1115 
1116  Integer r, s;
1117  signer.RawSign(k, e, r, s);
1118 
1119  Integer rExp("0x 62CCD1D2 91E62F6A 4FFBD966 C66C85AA BA990BB6 AB0C087D BD54A456 CCC84E4C");
1120  Integer sExp("0x 9119719B 08EEA0D6 BC56E4D1 D37369BC F3768445 EF65CAE4 A37BF6D4 3BD01646");
1121 
1122  fail = (r != rExp) || (s != sExp);
1123  pass = pass && !fail;
1124 
1125  const byte msg[] = "Example of ECGDSA with the hash function RIPEMD-160";
1126  const size_t len = strlen((char*)msg);
1127 
1128  byte signature[64];
1129  r.Encode(signature+0, 32);
1130  s.Encode(signature+32, 32);
1131 
1132  fail = !verifier.VerifyMessage(msg, len, signature, sizeof(signature));
1133  pass = pass && !fail;
1134 
1135  cout << (fail ? "FAILED " : "passed ");
1136  cout << "brainpoolP256r1 using RIPEMD-160\n";
1137 
1138  fail = !SignatureValidate(signer, verifier);
1139  pass = pass && !fail;
1140  }
1141 
1142  // 2.4.1 Examples of ECGDSA over GF(p) with the hash function RIPEMD-160 (p. 16)
1143  {
1144  OID oid = ASN1::brainpoolP320r1();
1145  DL_GroupParameters_EC<ECP> params(oid);
1146  Integer x("0x 48683594 5A3A284F FC52629A D48D8F37 F4B2E993 9C52BC72 362A9961 40192AEF 7D2AAFF0 C73A51C5");
1147  ECGDSA<ECP, RIPEMD160>::Signer signer(params, x);
1148  ECGDSA<ECP, RIPEMD160>::Verifier verifier(signer);
1149 
1150  Integer e("0x 00000000 00000000 00000000 00000000 00000000 577EF842 B32FDE45 79727FFF 02F7A280 74ADC4EF");
1151  Integer k("0x C70BC00A 77AD7872 5D36CEEC 27D6F956 FB546EEF 6DC90E35 31452BD8 7ECE8A4A 7AD730AD C299D81B");
1152 
1153  Integer r, s;
1154  signer.RawSign(k, e, r, s);
1155 
1156  Integer rExp("0x 3C925969 FAB22F7A E7B8CC5D 50CB0867 DFDB2CF4 FADA3D49 0DF75D72 F7563186 419494C9 8F9C82A6");
1157  Integer sExp("0x 06AB5250 B31A8E93 56194894 61733200 E4FD5C12 75C0AB37 E7E41149 5BAAE145 41DF6DE6 66B8CA56");
1158 
1159  fail = (r != rExp) || (s != sExp);
1160  pass = pass && !fail;
1161 
1162  const byte msg[] = "Example of ECGDSA with the hash function RIPEMD-160";
1163  const size_t len = strlen((char*)msg);
1164 
1165  byte signature[80];
1166  r.Encode(signature+0, 40);
1167  s.Encode(signature+40, 40);
1168 
1169  fail = !verifier.VerifyMessage(msg, len, signature, sizeof(signature));
1170  pass = pass && !fail;
1171 
1172  cout << (fail ? "FAILED " : "passed ");
1173  cout << "brainpoolP320r1 using RIPEMD-160\n";
1174 
1175  fail = !SignatureValidate(signer, verifier);
1176  pass = pass && !fail;
1177  }
1178 
1179  // 2.4.1 Examples of ECGDSA over GF(p) with the hash function SHA-1 (p. 19)
1180  {
1181  OID oid = ASN1::brainpoolP192r1();
1182  DL_GroupParameters_EC<ECP> params(oid);
1183  Integer x("0x 80F2425E 89B4F585 F27F3536 ED834D68 E3E492DE 08FE84B9");
1184  ECGDSA<ECP, SHA1>::Signer signer(params, x);
1185  ECGDSA<ECP, SHA1>::Verifier verifier(signer);
1186 
1187  Integer e("0x 00000000 CF00CD42 CAA80DDF 8DDEBDFD 32F2DA15 11B53F29");
1188  Integer k("0x 22C17C2A 367DD85A B8A365ED 06F19C43 F9ED1834 9A9BC044");
1189 
1190  Integer r, s;
1191  signer.RawSign(k, e, r, s);
1192 
1193  Integer rExp("0x 2D017BE7 F117FF99 4ED6FC63 CA5B4C7A 0430E9FA 095DAFC4");
1194  Integer sExp("0x 18FD604E 5F00F55B 3585C052 8C319A2B 05B8F2DD EE9CF1A6");
1195 
1196  fail = (r != rExp) || (s != sExp);
1197  pass = pass && !fail;
1198 
1199  const byte msg[] = "Example of ECGDSA with the hash function SHA-1";
1200  const size_t len = strlen((char*)msg);
1201 
1202  byte signature[48];
1203  r.Encode(signature+0, 24);
1204  s.Encode(signature+24, 24);
1205 
1206  fail = !verifier.VerifyMessage(msg, len, signature, sizeof(signature));
1207  pass = pass && !fail;
1208 
1209  cout << (fail ? "FAILED " : "passed ");
1210  cout << "brainpoolP192r1 using SHA-1\n";
1211 
1212  fail = !SignatureValidate(signer, verifier);
1213  pass = pass && !fail;
1214  }
1215 
1216  // 2.4.1 Examples of ECGDSA over GF(p) with the hash function SHA-224 (p. 21)
1217  {
1218  OID oid = ASN1::brainpoolP256r1();
1219  DL_GroupParameters_EC<ECP> params(oid);
1220  Integer x("0x 47B3A278 62DEF037 49ACF0D6 00E69F9B 851D01ED AEFA531F 4D168E78 7307F4D8");
1221  ECGDSA<ECP, SHA224>::Signer signer(params, x);
1222  ECGDSA<ECP, SHA224>::Verifier verifier(signer);
1223 
1224  Integer e("0x 00000000 92AE8A0E 8D08EADE E9426378 714FF3E0 1957587D 2876FA70 D40E3144");
1225  Integer k("0x 908E3099 776261A4 558FF7A9 FA6DFFE0 CA6BB3F9 CB35C2E4 E1DC73FD 5E8C08A3");
1226 
1227  Integer r, s;
1228  signer.RawSign(k, e, r, s);
1229 
1230  Integer rExp("0x 62CCD1D2 91E62F6A 4FFBD966 C66C85AA BA990BB6 AB0C087D BD54A456 CCC84E4C");
1231  Integer sExp("0x 6F029D92 1CBD2552 6EDCCF1C 45E3CBF7 B7A5D8D4 E005F0C4 1C49B052 DECB04EA");
1232 
1233  fail = (r != rExp) || (s != sExp);
1234  pass = pass && !fail;
1235 
1236  const byte msg[] = "Example of ECGDSA with the hash function SHA-224";
1237  const size_t len = strlen((char*)msg);
1238 
1239  byte signature[64];
1240  r.Encode(signature+0, 32);
1241  s.Encode(signature+32, 32);
1242 
1243  fail = !verifier.VerifyMessage(msg, len, signature, sizeof(signature));
1244  pass = pass && !fail;
1245 
1246  cout << (fail ? "FAILED " : "passed ");
1247  cout << "brainpoolP256r1 using SHA-224\n";
1248 
1249  fail = !SignatureValidate(signer, verifier);
1250  pass = pass && !fail;
1251  }
1252 
1253  // 2.4.1 Examples of ECGDSA over GF(p) with the hash function SHA-224 (p. 23)
1254  {
1255  OID oid = ASN1::brainpoolP320r1();
1256  DL_GroupParameters_EC<ECP> params(oid);
1257  Integer x("0x 48683594 5A3A284F FC52629A D48D8F37 F4B2E993 9C52BC72 362A9961 40192AEF 7D2AAFF0 C73A51C5");
1258  ECGDSA<ECP, SHA224>::Signer signer(params, x);
1259  ECGDSA<ECP, SHA224>::Verifier verifier(signer);
1260 
1261  Integer e("0x 00000000 00000000 00000000 92AE8A0E 8D08EADE E9426378 714FF3E0 1957587D 2876FA70 D40E3144");
1262  Integer k("0x C70BC00A 77AD7872 5D36CEEC 27D6F956 FB546EEF 6DC90E35 31452BD8 7ECE8A4A 7AD730AD C299D81B");
1263 
1264  Integer r, s;
1265  signer.RawSign(k, e, r, s);
1266 
1267  Integer rExp("0x 3C925969 FAB22F7A E7B8CC5D 50CB0867 DFDB2CF4 FADA3D49 0DF75D72 F7563186 419494C9 8F9C82A6");
1268  Integer sExp("0x 6EA191CA 0D468AC3 E9568768 9338357C 7D0BACB3 F1D87E0D EC05F635 B7ADB842 75AA0086 60F812CF");
1269 
1270  fail = (r != rExp) || (s != sExp);
1271  pass = pass && !fail;
1272 
1273  const byte msg[] = "Example of ECGDSA with the hash function SHA-224";
1274  const size_t len = strlen((char*)msg);
1275 
1276  byte signature[80];
1277  r.Encode(signature+0, 40);
1278  s.Encode(signature+40, 40);
1279 
1280  fail = !verifier.VerifyMessage(msg, len, signature, sizeof(signature));
1281  pass = pass && !fail;
1282 
1283  cout << (fail ? "FAILED " : "passed ");
1284  cout << "brainpoolP320r1 using SHA-224\n";
1285 
1286  fail = !SignatureValidate(signer, verifier);
1287  pass = pass && !fail;
1288  }
1289 
1290  // 2.4.1 Examples of ECGDSA over GF(p) with the hash function SHA-224 (p. 27)
1291  {
1292  OID oid = ASN1::brainpoolP320r1();
1293  DL_GroupParameters_EC<ECP> params(oid);
1294  Integer x("0x 48683594 5A3A284F FC52629A D48D8F37 F4B2E993 9C52BC72 362A9961 40192AEF 7D2AAFF0 C73A51C5");
1295  ECGDSA<ECP, SHA256>::Signer signer(params, x);
1296  ECGDSA<ECP, SHA256>::Verifier verifier(signer);
1297 
1298  Integer e("0x 00000000 00000000 37ED8AA9 4AE667DB BB753330 E050EB8E 12195807 ECDC4FB1 0E0662B4 22C219D7");
1299  Integer k("0x C70BC00A 77AD7872 5D36CEEC 27D6F956 FB546EEF 6DC90E35 31452BD8 7ECE8A4A 7AD730AD C299D81B");
1300 
1301  Integer r, s;
1302  signer.RawSign(k, e, r, s);
1303 
1304  Integer rExp("0x 3C925969 FAB22F7A E7B8CC5D 50CB0867 DFDB2CF4 FADA3D49 0DF75D72 F7563186 419494C9 8F9C82A6");
1305  Integer sExp("0x 24370797 A9D11717 BBBB2B76 2E08ECD0 7DD7E033 F544E47C BF3C6D16 FD90B51D CC2E4DD8 E6ECD8CD");
1306 
1307  fail = (r != rExp) || (s != sExp);
1308  pass = pass && !fail;
1309 
1310  const byte msg[] = "Example of ECGDSA with the hash function SHA-256";
1311  const size_t len = strlen((char*)msg);
1312 
1313  byte signature[80];
1314  r.Encode(signature+0, 40);
1315  s.Encode(signature+40, 40);
1316 
1317  fail = !verifier.VerifyMessage(msg, len, signature, sizeof(signature));
1318  pass = pass && !fail;
1319 
1320  cout << (fail ? "FAILED " : "passed ");
1321  cout << "brainpoolP320r1 using SHA-256\n";
1322 
1323  fail = !SignatureValidate(signer, verifier);
1324  pass = pass && !fail;
1325  }
1326 
1327  // 2.4.1 Examples of ECGDSA over GF(p) with the hash function SHA-384 (p. 34)
1328  {
1329  OID oid = ASN1::brainpoolP512r1();
1330  DL_GroupParameters_EC<ECP> params(oid);
1331  Integer x("0x 92006A98 8AF96D91 57AADCF8 62716962 7CE2ECC4 C58ECE5C 1A0A8642 11AB764C 04236FA0 160857A7 8E71CCAE 4D79D52E 5A69A457 8AF50658 1F598FA9 B4F7DA68");
1332  ECGDSA<ECP, SHA384>::Signer signer(params, x);
1333  ECGDSA<ECP, SHA384>::Verifier verifier(signer);
1334 
1335  Integer e("0x 00000000 00000000 00000000 00000000 68FEAB7D 8BF8A779 4466E447 5959946B 2136C084 A86090CA 8070C980 68B1250D 88213190 6B7E0CB8 475F9054 E9290C2E");
1336  Integer k("0x 6942B01D 5901BEC1 506BB874 9618E22E C0FCD7F3 5159D51E D53BA77A 78752128 A58232AD 8E0E021A FDE1477F F4C74FDF FE88AE2D 15D89B56 F6D73C03 77631D2B");
1337 
1338  Integer r, s;
1339  signer.RawSign(k, e, r, s);
1340 
1341  Integer rExp("0x 0104918B 2B32B1A5 49BD43C3 0092953B 4164CA01 A1A97B5B 0756EA06 3AC16B41 B88A1BAB 4538CD7D 8466180B 3E3F5C86 46AC4A45 F564E9B6 8FEE72ED 00C7AC48");
1342  Integer sExp("0x 3D233E9F D9EB152E 889F4F7C F325B464 0894E5EA 44C51443 54305CD4 BF70D234 8257C2DB E06C5544 92CE9FDD 6861A565 77B53E5E E80E6062 31A4CF06 8FA1EC21");
1343 
1344  fail = (r != rExp) || (s != sExp);
1345  pass = pass && !fail;
1346 
1347  const byte msg[] = "Example of ECGDSA with the hash function SHA-384";
1348  const size_t len = strlen((char*)msg);
1349 
1350  byte signature[128];
1351  r.Encode(signature+0, 64);
1352  s.Encode(signature+64, 64);
1353 
1354  fail = !verifier.VerifyMessage(msg, len, signature, sizeof(signature));
1355  pass = pass && !fail;
1356 
1357  cout << (fail ? "FAILED " : "passed ");
1358  cout << "brainpoolP512r1 using SHA-384\n";
1359 
1360  fail = !SignatureValidate(signer, verifier);
1361  pass = pass && !fail;
1362  }
1363 
1364  // 2.4.1 Examples of ECGDSA over GF(p) with the hash function SHA-512 (p. 38)
1365  {
1366  OID oid = ASN1::brainpoolP512r1();
1367  DL_GroupParameters_EC<ECP> params(oid);
1368  Integer x("0x 92006A98 8AF96D91 57AADCF8 62716962 7CE2ECC4 C58ECE5C 1A0A8642 11AB764C 04236FA0 160857A7 8E71CCAE 4D79D52E 5A69A457 8AF50658 1F598FA9 B4F7DA68");
1369  ECGDSA<ECP, SHA512>::Signer signer(params, x);
1370  ECGDSA<ECP, SHA512>::Verifier verifier(signer);
1371 
1372  Integer e("0x 1A95EF81 D213BD3B 8191E7FE 7F5BFD43 F51E3EE5 A4FD3D08 4A7C9BB5 411F4649 746AEBC6 623D4DEA 7E02DC5A 85E24AF2 96B5A555 AD470413 71E4BF64 380F3E34");
1373  Integer k("0x 6942B01D 5901BEC1 506BB874 9618E22E C0FCD7F3 5159D51E D53BA77A 78752128 A58232AD 8E0E021A FDE1477F F4C74FDF FE88AE2D 15D89B56 F6D73C03 77631D2B");
1374 
1375  Integer r, s;
1376  signer.RawSign(k, e, r, s);
1377 
1378  Integer rExp("0x 0104918B 2B32B1A5 49BD43C3 0092953B 4164CA01 A1A97B5B 0756EA06 3AC16B41 B88A1BAB 4538CD7D 8466180B 3E3F5C86 46AC4A45 F564E9B6 8FEE72ED 00C7AC48");
1379  Integer sExp("0x 17A011F8 DD7B5665 2B27AA6D 6E7BDF3C 7C23B5FA 32910FBA A107E627 0E1CA8A7 A263F661 8E6098A0 D6CD6BA1 C03544C5 425875EC B3418AF5 A3EE3F32 143E48D2");
1380 
1381  fail = (r != rExp) || (s != sExp);
1382  pass = pass && !fail;
1383 
1384  const byte msg[] = "Example of ECGDSA with the hash function SHA-512";
1385  const size_t len = strlen((char*)msg);
1386 
1387  byte signature[128];
1388  r.Encode(signature+0, 64);
1389  s.Encode(signature+64, 64);
1390 
1391  fail = !verifier.VerifyMessage(msg, len, signature, sizeof(signature));
1392  pass = pass && !fail;
1393 
1394  cout << (fail ? "FAILED " : "passed ");
1395  cout << "brainpoolP512r1 using SHA-512\n";
1396 
1397  fail = !SignatureValidate(signer, verifier);
1398  pass = pass && !fail;
1399  }
1400 
1401  return pass;
1402 }
1403 
1404 bool ValidateESIGN()
1405 {
1406  cout << "\nESIGN validation suite running...\n\n";
1407 
1408  bool pass = true, fail;
1409 
1410  static const char plain[] = "test";
1411  static const byte signature[] =
1412  "\xA3\xE3\x20\x65\xDE\xDA\xE7\xEC\x05\xC1\xBF\xCD\x25\x79\x7D\x99\xCD\xD5\x73\x9D\x9D\xF3\xA4\xAA\x9A\xA4\x5A\xC8\x23\x3D\x0D\x37"
1413  "\xFE\xBC\x76\x3F\xF1\x84\xF6\x59\x14\x91\x4F\x0C\x34\x1B\xAE\x9A\x5C\x2E\x2E\x38\x08\x78\x77\xCB\xDC\x3C\x7E\xA0\x34\x44\x5B\x0F"
1414  "\x67\xD9\x35\x2A\x79\x47\x1A\x52\x37\x71\xDB\x12\x67\xC1\xB6\xC6\x66\x73\xB3\x40\x2E\xD6\xF2\x1A\x84\x0A\xB6\x7B\x0F\xEB\x8B\x88"
1415  "\xAB\x33\xDD\xE4\x83\x21\x90\x63\x2D\x51\x2A\xB1\x6F\xAB\xA7\x5C\xFD\x77\x99\xF2\xE1\xEF\x67\x1A\x74\x02\x37\x0E\xED\x0A\x06\xAD"
1416  "\xF4\x15\x65\xB8\xE1\xD1\x45\xAE\x39\x19\xB4\xFF\x5D\xF1\x45\x7B\xE0\xFE\x72\xED\x11\x92\x8F\x61\x41\x4F\x02\x00\xF2\x76\x6F\x7C"
1417  "\x79\xA2\xE5\x52\x20\x5D\x97\x5E\xFE\x39\xAE\x21\x10\xFB\x35\xF4\x80\x81\x41\x13\xDD\xE8\x5F\xCA\x1E\x4F\xF8\x9B\xB2\x68\xFB\x28";
1418 
1419  FileSource keys(CRYPTOPP_DATA_DIR "TestData/esig1536.dat", true, new HexDecoder);
1420  ESIGN<SHA>::Signer signer(keys);
1421  ESIGN<SHA>::Verifier verifier(signer);
1422 
1423  fail = !SignatureValidate(signer, verifier);
1424  pass = pass && !fail;
1425 
1426  fail = !verifier.VerifyMessage((byte *)plain, strlen(plain), signature, verifier.SignatureLength());
1427  pass = pass && !fail;
1428 
1429  cout << (fail ? "FAILED " : "passed ");
1430  cout << "verification check against test vector\n";
1431 
1432  cout << "Generating signature key from seed..." << endl;
1433  signer.AccessKey().GenerateRandom(GlobalRNG(), MakeParameters("Seed", ConstByteArrayParameter((const byte *)"test", 4))("KeySize", 3*512));
1434  verifier = signer;
1435 
1436  fail = !SignatureValidate(signer, verifier);
1437  pass = pass && !fail;
1438 
1439  return pass;
1440 }
ConstByteArrayParameter
Used to pass byte array input as part of a NameValuePairs object.
Definition: algparam.h:29
ValidateRW
bool ValidateRW()
Definition: validat2.cpp:775
AuthenticatedKeyAgreementDomain::Agree
virtual bool Agree(byte *agreedValue, const byte *staticPrivateKey, const byte *ephemeralPrivateKey, const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey, bool validateStaticOtherPublicKey=true) const =0
Derive agreed value.
HMQV_Domain::Agree
bool Agree(byte *agreedValue, const byte *staticPrivateKey, const byte *ephemeralPrivateKey, const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey, bool validateStaticOtherPublicKey=true) const
derive agreed value from your private keys and couterparty&#39;s public keys, return false in case of fai...
Definition: hmqv.h:123
AuthenticatedKeyAgreementDomain::GenerateEphemeralKeyPair
virtual void GenerateEphemeralKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const
Generate private/public key pair.
Definition: cryptlib.cpp:942
rabin.h
Classes for Rabin encryption and signature schemes.
fhmqv.h
Classes for Fully Hashed Menezes-Qu-Vanstone key agreement in GF(p)
PK_Signer::SignMessageWithRecovery
virtual size_t SignMessageWithRecovery(RandomNumberGenerator &rng, const byte *recoverableMessage, size_t recoverableMessageLength, const byte *nonrecoverableMessage, size_t nonrecoverableMessageLength, byte *signature) const
Sign a recoverable message.
Definition: cryptlib.cpp:891
SimpleKeyAgreementValidate
bool SimpleKeyAgreementValidate(SimpleKeyAgreementDomain &d)
Definition: validat2.cpp:205
byte
uint8_t byte
Definition: Common.h:57
PK_Verifier::VerifyMessage
virtual bool VerifyMessage(const byte *message, size_t messageLen, const byte *signature, size_t signatureLen) const
Check whether input signature is a valid signature for input message.
Definition: cryptlib.cpp:906
FixedRNG::GenerateBlock
void GenerateBlock(byte *output, size_t size)
Generate random array of bytes.
Definition: validat2.cpp:65
AuthenticatedKeyAgreementDomain::StaticPublicKeyLength
virtual unsigned int StaticPublicKeyLength() const =0
Provides the size of the static public key.
elgamal.h
Classes and functions for ElGamal key agreement and encryption schemes.
ripemd.h
Classes for RIPEMD message digest.
Integer::Encode
void Encode(byte *output, size_t outputLen, Signedness sign=UNSIGNED) const
Encode in big-endian format.
Definition: integer.cpp:3369
SimpleKeyAgreementDomain::AgreedValueLength
virtual unsigned int AgreedValueLength() const =0
Provides the size of the agreed value.
RandomNumberGenerator::GenerateBlock
virtual void GenerateBlock(byte *output, size_t size)
Generate random array of bytes.
Definition: cryptlib.cpp:326
GF2NT
GF(2^n) with Trinomial Basis.
Definition: gf2n.h:326
AuthenticatedKeyAgreementValidate
bool AuthenticatedKeyAgreementValidate(AuthenticatedKeyAgreementDomain &d)
Definition: validat2.cpp:241
ValidateDSA
bool ValidateDSA(bool thorough)
Definition: validat2.cpp:701
FileSource
Implementation of Store interface.
Definition: files.h:80
ecp.h
Classes for Elliptic Curves over prime fields.
FHMQV_Domain
Fully Hashed Menezes-Qu-Vanstone in GF(p)
Definition: fhmqv.h:24
FHMQV_Domain::AgreedValueLength
unsigned int AgreedValueLength() const
return length of agreed value produced
Definition: fhmqv.h:70
PK_Signer
Interface for public-key signers.
Definition: cryptlib.h:2527
h
#define h(i)
Definition: sha.cpp:736
PK_Encryptor
Interface for public-key encryptors.
Definition: cryptlib.h:2336
HMQV_Domain::StaticPrivateKeyLength
unsigned int StaticPrivateKeyLength() const
return length of static private keys in this domain
Definition: hmqv.h:71
EC2N::DecodePoint
bool DecodePoint(Point &P, BufferedTransformation &bt, size_t len) const
Decodes an elliptic curve point.
Definition: ec2n.cpp:47
Q
#define Q(i)
Definition: cast.cpp:199
HexDecoder
Decode base 16 data back to bytes.
Definition: hex.h:36
cryptlib.h
Abstract base classes that provide a uniform interface to this library.
PK_Encryptor::Encrypt
virtual void Encrypt(RandomNumberGenerator &rng, const byte *plaintext, size_t plaintextLength, byte *ciphertext, const NameValuePairs &parameters=g_nullNameValuePairs) const =0
Encrypt a byte string.
PK_CryptoSystem::MaxPlaintextLength
virtual size_t MaxPlaintextLength(size_t ciphertextLength) const =0
Provides the maximum length of plaintext for a given ciphertext length.
HMQV_Domain
Hashed Menezes-Qu-Vanstone in GF(p)
Definition: hmqv.h:23
DL_GroupParameters_GFP_DefaultSafePrime
Definition: gfpcrypt.h:183
BlumBlumShub::Seek
void Seek(lword index)
Seek to an absolute position.
Definition: blumshub.cpp:55
GlobalRNG
RandomNumberGenerator & GlobalRNG()
Definition: test.cpp:123
FixedRNG::m_source
BufferedTransformation & m_source
Definition: validat2.cpp:71
oids.h
ASN.1 object identifiers for algorthms and schemes.
SimpleKeyAgreementDomain::PrivateKeyLength
virtual unsigned int PrivateKeyLength() const =0
Provides the size of the private key.
smartptr.h
Classes for automatic resource management.
ValidateECGDSA
bool ValidateECGDSA()
Definition: validat2.cpp:1062
std
std::hash for asio::adress
Definition: Common.h:323
FHMQV_Domain::EphemeralPublicKeyLength
unsigned int EphemeralPublicKeyLength() const
Provides the size of ephemeral public key.
Definition: fhmqv.h:96
RandomNumberGenerator
Interface for random number generators.
Definition: cryptlib.h:1188
DecodingResult::messageLength
size_t messageLength
Recovered message length if isValidCoding is true, undefined otherwise.
Definition: cryptlib.h:261
AuthenticatedKeyAgreementDomain::StaticPrivateKeyLength
virtual unsigned int StaticPrivateKeyLength() const =0
Provides the size of the static private key.
BufferedTransformation
Interface for buffered transformations.
Definition: cryptlib.h:1352
SimpleKeyAgreementDomain::PublicKeyLength
virtual unsigned int PublicKeyLength() const =0
Provides the size of the public key.
HMQV_Domain::AccessGroupParameters
GroupParameters & AccessGroupParameters()
Definition: hmqv.h:64
ValidateElGamal
bool ValidateElGamal()
Definition: validat2.cpp:638
PrivateKeyAlgorithm::GetMaterial
const CryptoMaterial & GetMaterial() const
Retrieves a reference to a Private Key.
Definition: cryptlib.h:2259
Integer::One
static const Integer &CRYPTOPP_API One()
Integer representing 1.
Definition: integer.cpp:3035
esign.h
Classes providing ESIGN signature schemes as defined in IEEE P1363a.
hmqv.h
Classes for Hashed Menezes-Qu-Vanstone key agreement in GF(p)
luc.h
Classes for the LUC cryptosystem.
PolynomialMod2
Polynomial with Coefficients in GF(2)
Definition: gf2n.h:21
ValidateMQV
bool ValidateMQV()
Definition: validat2.cpp:377
ec2n.h
Classes for Elliptic Curves over binary fields.
PK_SignatureScheme::MaxRecoverableLength
virtual size_t MaxRecoverableLength() const =0
Provides the length of longest message that can be recovered.
AuthenticatedKeyAgreementDomain::EphemeralPrivateKeyLength
virtual unsigned int EphemeralPrivateKeyLength() const =0
Provides the size of ephemeral private key.
RabinES
Rabin encryption scheme.
Definition: rabin.h:118
SimpleKeyAgreementDomain
Interface for domains of simple key agreement protocols.
Definition: cryptlib.h:2664
ValidateESIGN
bool ValidateESIGN()
Definition: validat2.cpp:1404
a
#define a(i)
DecodingResult
Returns a decoding results.
Definition: cryptlib.h:238
x
#define x(i)
WORD_BITS
const unsigned int WORD_BITS
Definition: config.h:317
rw.h
Classes for Rabin-Williams signature scheme.
source
const char * source
Definition: rpcconsole.cpp:60
PK_Decryptor
Interface for public-key decryptors.
Definition: cryptlib.h:2372
EC2N::EncodedPointSize
unsigned int EncodedPointSize(bool compressed=false) const
Determines encoded point size.
Definition: ec2n.h:67
MQV_Domain
MQV domain for performing authenticated key agreement.
Definition: mqv.h:27
PublicBlumBlumShub::GenerateBlock
void GenerateBlock(byte *output, size_t size)
Generate random array of bytes.
Definition: blumshub.cpp:36
DL_GroupParameters_EC::GetCurve
const EllipticCurve & GetCurve() const
Definition: eccrypto.h:151
XTR_DH
XTR-DH with key validation.
Definition: xtrcrypt.h:16
BufferedTransformation::Put
size_t Put(byte inByte, bool blocking=true)
Input a byte for processing.
Definition: cryptlib.h:1376
SimpleKeyAgreementDomain::GenerateKeyPair
virtual void GenerateKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const
Generate a private/public key pair.
Definition: cryptlib.cpp:930
CryptoMaterial::Validate
virtual bool Validate(RandomNumberGenerator &rng, unsigned int level) const =0
Check this object for errors.
MakeParameters
AlgorithmParameters MakeParameters(const char *name, const T &value, bool throwIfNotUsed=true)
Create an object that implements NameValuePairs.
Definition: algparam.h:498
FHMQV_Domain::EphemeralPrivateKeyLength
unsigned int EphemeralPrivateKeyLength() const
Provides the size of ephemeral private key.
Definition: fhmqv.h:95
ValidateDH
bool ValidateDH()
Definition: validat2.cpp:368
HMQV_Domain::AgreedValueLength
unsigned int AgreedValueLength() const
return length of agreed value produced
Definition: hmqv.h:69
SignatureValidate
bool SignatureValidate(PK_Signer &priv, PK_Verifier &pub, bool thorough=false)
Definition: validat2.cpp:128
dh.h
Classes for Diffie-Hellman key exchange.
hex.h
Classes for HexEncoder and HexDecoder.
PK_SignatureScheme::MaxSignatureLength
virtual size_t MaxSignatureLength(size_t recoverablePartLength=0) const
Provides the maximum signature length produced given the length of the recoverable message part...
Definition: cryptlib.h:2466
AuthenticatedKeyAgreementDomain::GenerateStaticKeyPair
virtual void GenerateStaticKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const
Generate a static private/public key pair.
Definition: cryptlib.cpp:936
EC2N::Multiply
Point Multiply(const Integer &k, const Point &P) const
Definition: ec2n.h:59
ModularArithmetic::MaxElementBitLength
unsigned int MaxElementBitLength() const
Provides the maximum bit size of an element in the ring.
Definition: modarith.h:223
FixedRNG::FixedRNG
FixedRNG(BufferedTransformation &source)
Definition: validat2.cpp:63
Integer
Multiple precision integer with arithmetic operations.
Definition: integer.h:43
EC2N
Elliptic Curve over GF(2^n)
Definition: ec2n.h:24
ValidateEC2N
bool ValidateEC2N()
Definition: validat2.cpp:962
PK_Verifier::RecoverMessage
virtual DecodingResult RecoverMessage(byte *recoveredMessage, const byte *nonrecoverableMessage, size_t nonrecoverableMessageLength, const byte *signature, size_t signatureLength) const
Recover a message from its signature.
Definition: cryptlib.cpp:920
ValidateFHMQV
bool ValidateFHMQV()
Definition: validat2.cpp:503
FHMQV_Domain::StaticPublicKeyLength
unsigned int StaticPublicKeyLength() const
return length of static public keys in this domain
Definition: fhmqv.h:74
AuthenticatedKeyAgreementDomain::EphemeralPublicKeyLength
virtual unsigned int EphemeralPublicKeyLength() const =0
Provides the size of ephemeral public key.
KeyAgreementAlgorithm::GetCryptoParameters
virtual const CryptoParameters & GetCryptoParameters() const
Retrieves a reference to Crypto Parameters.
Definition: cryptlib.h:2287
PublicKeyAlgorithm::GetMaterial
const CryptoMaterial & GetMaterial() const
Retrieves a reference to a Public Key.
Definition: cryptlib.h:2236
PK_SignatureScheme::MaxRecoverableLengthFromSignatureLength
virtual size_t MaxRecoverableLengthFromSignatureLength(size_t signatureLength) const =0
Provides the length of longest message that can be recovered from a signature of given length...
FHMQV_Domain::StaticPrivateKeyLength
unsigned int StaticPrivateKeyLength() const
return length of static private keys in this domain
Definition: fhmqv.h:72
gfpcrypt.h
Classes and functions for schemes based on Discrete Logs (DL) over GF(p)
HMQV_Domain::EphemeralPrivateKeyLength
unsigned int EphemeralPrivateKeyLength() const
Provides the size of ephemeral private key.
Definition: hmqv.h:94
dsa.h
Classes for the DSA signature algorithm.
rng.h
Miscellaneous classes for RNGs.
gf2n.h
Classes and functions for schemes over GF(2^n)
HMQV_Domain::EphemeralPublicKeyLength
unsigned int EphemeralPublicKeyLength() const
Provides the size of ephemeral public key.
Definition: hmqv.h:95
PK_Signer::SignMessage
virtual size_t SignMessage(RandomNumberGenerator &rng, const byte *message, size_t messageLen, byte *signature) const
Sign a message.
Definition: cryptlib.cpp:884
ValidateRSA
bool ValidateRSA()
Definition: validat2.cpp:281
b
#define b(i, j)
SimpleKeyAgreementDomain::Agree
virtual bool Agree(byte *agreedValue, const byte *privateKey, const byte *otherPublicKey, bool validateOtherPublicKey=true) const =0
Derive agreed value.
CRYPTOPP_ASSERT
#define CRYPTOPP_ASSERT(exp)
Definition: trap.h:92
DH_Domain
Diffie-Hellman domain.
Definition: dh.h:25
g_nullNameValuePairs
const NameValuePairs & g_nullNameValuePairs
An empty set of name-value pairs.
Definition: cryptlib.cpp:76
CryptoSystemValidate
bool CryptoSystemValidate(PK_Decryptor &priv, PK_Encryptor &pub, bool thorough=false)
Definition: validat2.cpp:179
FHMQV_Domain::AccessGroupParameters
GroupParameters & AccessGroupParameters()
Definition: fhmqv.h:65
ByteQueue
Data structure used to store byte strings.
Definition: queue.h:20
asn.h
Classes and functions for working with ANS.1 objects.
ValidateLUC_DL
bool ValidateLUC_DL()
Definition: validat2.cpp:737
sha.h
Classes for SHA-1 and SHA-2 family of message digests.
DL_GroupParameters_EC
Elliptic Curve Parameters.
Definition: eccrypto.h:32
filters.h
Implementation of BufferedTransformation&#39;s attachment interface.
f
#define f(x)
Definition: gost.cpp:57
USING_NAMESPACE
#define USING_NAMESPACE(x)
Definition: config.h:206
xtrcrypt.h
"The XTR public key system" by Arjen K.
rsa.h
Classes for the RSA cryptosystem.
ValidateECP
bool ValidateECP()
Definition: validat2.cpp:913
pass
#define pass(a, b, c, mul, X)
PK_Verifier
Interface for public-key signature verifiers.
Definition: cryptlib.h:2592
ValidateDLIES
bool ValidateDLIES()
Definition: validat2.cpp:656
BlumBlumShub
BlumBlumShub with factorization of the modulus.
Definition: blumshub.h:40
size
uint8_t const size_t const size
Definition: sha3.h:20
PK_CryptoSystem::CiphertextLength
virtual size_t CiphertextLength(size_t plaintextLength) const =0
Calculate the length of ciphertext given length of plaintext.
blumshub.h
Classes for Blum Blum Shub generator.
P
#define P
AuthenticatedKeyAgreementDomain::AgreedValueLength
virtual unsigned int AgreedValueLength() const =0
Provides the size of the agreed value.
ValidateLUC
bool ValidateLUC()
Definition: validat2.cpp:718
GeneratableCryptoMaterial::GenerateRandomWithKeySize
void GenerateRandomWithKeySize(RandomNumberGenerator &rng, unsigned int keySize)
Generate a random key or crypto parameters.
Definition: cryptlib.cpp:780
IntToString
std::string IntToString(T value, unsigned int base=10)
Converts a value to a string.
Definition: misc.h:539
RSAES
RSA encryption algorithm.
Definition: rsa.h:178
ValidateHMQV
bool ValidateHMQV()
Definition: validat2.cpp:386
ValidateNR
bool ValidateNR()
Definition: validat2.cpp:679
integer.h
Multiple precision integer with arithmetic operations.
files.h
Classes providing file-based library services.
DecodingResult::isValidCoding
bool isValidCoding
Flag to indicate the decoding is valid.
Definition: cryptlib.h:259
e
#define e(i)
Definition: sha.cpp:733
ValidateBBS
bool ValidateBBS()
Definition: validat2.cpp:74
eccrypto.h
Classes and functions for Elliptic Curves over prime and binary fields.
FHMQV_Domain::Agree
bool Agree(byte *agreedValue, const byte *staticPrivateKey, const byte *ephemeralPrivateKey, const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey, bool validateStaticOtherPublicKey=true) const
derive agreed value from your private keys and couterparty&#39;s public keys, return false in case of fai...
Definition: fhmqv.h:124
RunTestDataFile
bool RunTestDataFile(const char *filename, const NameValuePairs &overrideParameters, bool thorough)
Definition: datatest.cpp:841
DL_GroupParameters< typename EcPrecomputation< EC >::Element >::Validate
bool Validate(RandomNumberGenerator &rng, unsigned int level) const
Definition: pubkey.h:748
ValidateLUC_DH
bool ValidateLUC_DH()
Definition: validat2.cpp:620
ValidateECDSA
bool ValidateECDSA()
Definition: validat2.cpp:1011
d
#define d(i)
Definition: sha.cpp:732
AuthenticatedKeyAgreementDomain
Interface for domains of authenticated key agreement protocols.
Definition: cryptlib.h:2727
EC2NPoint
Elliptical Curve Point over GF(2^n)
Definition: ecpoint.h:55
ECP::GetField
const Field & GetField() const
Definition: ecp.h:86
MQV_Domain::AccessGroupParameters
GroupParameters & AccessGroupParameters()
Retrieves the group parameters for this domain.
Definition: mqv.h:89
EC2N::GetField
const Field & GetField() const
Definition: ec2n.h:79
mqv.h
Classes for Menezes–Qu–Vanstone (MQV) key agreement.
DH_Domain::AccessGroupParameters
GroupParameters & AccessGroupParameters()
Retrieves the group parameters for this domain.
Definition: dh.h:124
ValidateXTR_DH
bool ValidateXTR_DH()
Definition: validat2.cpp:629
OID
Object Identifier.
Definition: asn.h:166
CRYPTOPP_DATA_DIR
#define CRYPTOPP_DATA_DIR
Definition: config.h:72
word
word32 word
Definition: config.h:308
osrng.h
Classes for access to the operating system&#39;s random number generators.
ValidateRabin
bool ValidateRabin()
Definition: validat2.cpp:756
stop
UniValue stop(const JSONRPCRequest &jsonRequest)
Definition: server.cpp:237
Integer::POSITIVE
the value is positive or 0
Definition: integer.h:69
GF2NP::MaxElementBitLength
unsigned int MaxElementBitLength() const
Definition: gf2n.h:308
HMQV_Domain::StaticPublicKeyLength
unsigned int StaticPublicKeyLength() const
return length of static public keys in this domain
Definition: hmqv.h:73
SIZE_MAX
#define SIZE_MAX
Definition: misc.h:113
PK_Decryptor::Decrypt
virtual DecodingResult Decrypt(RandomNumberGenerator &rng, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs &parameters=g_nullNameValuePairs) const =0
Decrypt a byte string.
PK_FinalTemplate
Template implementing constructors for public key algorithm classes.
Definition: pubkey.h:1989
Generated on Mon Oct 22 2018 15:15:33 for Fabcoin Core by   doxygen 1.8.11