arne
/
cryptopp
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' of https://github.com/weidai11/cryptopp

pull/871/head
Jeffrey Walton 2019-08-03 16:34:11 -04:00
parent b6d7590ba5 7eeb954b23
commit 122e3df252
4 changed files with 99 additions and 179 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pubkey.h
View File

@ -886,7 +886,7 @@ public:
/// \brief Retrieves the encoded element's size /// \brief Retrieves the encoded element's size
/// \param reversible flag indicating the encoding format /// \param reversible flag indicating the encoding format
/// \return encoded element's size, in bytes /// \return encoded element's size, in bytes
/// \details The format of the encoded element varies by the underlyinhg type of the element and the /// \details The format of the encoded element varies by the underlying type of the element and the
/// reversible flag. GetEncodedElementSize() must be implemented in a derived class. /// reversible flag. GetEncodedElementSize() must be implemented in a derived class.
/// \sa GetEncodedElementSize(), EncodeElement(), DecodeElement() /// \sa GetEncodedElementSize(), EncodeElement(), DecodeElement()
virtual unsigned int GetEncodedElementSize(bool reversible) const =0; virtual unsigned int GetEncodedElementSize(bool reversible) const =0;

62
validat6.cpp
View File

@ -133,6 +133,68 @@ bool AuthenticatedKeyAgreementValidate(AuthenticatedKeyAgreementDomain &d)
return true; return true;
} }
bool AuthenticatedKeyAgreementValidateWithRoles(AuthenticatedKeyAgreementDomain &initiator, AuthenticatedKeyAgreementDomain &responder)
{
if (initiator.GetCryptoParameters().Validate(GlobalRNG(), 3))
std::cout << "passed authenticated key agreement domain parameters validation (initiator)" << std::endl;
else
{
std::cout << "FAILED authenticated key agreement domain parameters invalid (initiator)" << std::endl;
return false;
}
if (responder.GetCryptoParameters().Validate(GlobalRNG(), 3))
std::cout << "passed authenticated key agreement domain parameters validation (responder)" << std::endl;
else
{
std::cout << "FAILED authenticated key agreement domain parameters invalid (responder)" << std::endl;
return false;
}
if (initiator.StaticPrivateKeyLength() != responder.StaticPrivateKeyLength() ||
initiator.EphemeralPrivateKeyLength() != responder.EphemeralPrivateKeyLength() ||
initiator.StaticPublicKeyLength() != responder.StaticPublicKeyLength() ||
initiator.EphemeralPublicKeyLength() != responder.EphemeralPublicKeyLength() ||
initiator.AgreedValueLength() != responder.AgreedValueLength())
{
std::cout << "passed authenticated key agreement domain parameter consistency" << std::endl;
}
else
{
std::cout << "FAILED authenticated key agreement domain parameter consistency" << std::endl;
return false;
}
SecByteBlock spriv1(initiator.StaticPrivateKeyLength()), spriv2(responder.StaticPrivateKeyLength());
SecByteBlock epriv1(initiator.EphemeralPrivateKeyLength()), epriv2(responder.EphemeralPrivateKeyLength());
SecByteBlock spub1(initiator.StaticPublicKeyLength()), spub2(responder.StaticPublicKeyLength());
SecByteBlock epub1(initiator.EphemeralPublicKeyLength()), epub2(responder.EphemeralPublicKeyLength());
SecByteBlock val1(initiator.AgreedValueLength()), val2(responder.AgreedValueLength());
initiator.GenerateStaticKeyPair(GlobalRNG(), spriv1, spub1);
responder.GenerateStaticKeyPair(GlobalRNG(), spriv2, spub2);
initiator.GenerateEphemeralKeyPair(GlobalRNG(), epriv1, epub1);
responder.GenerateEphemeralKeyPair(GlobalRNG(), epriv2, epub2);
memset(val1.begin(), 0x10, val1.size());
memset(val2.begin(), 0x11, val2.size());
if (!(initiator.Agree(val1, spriv1, epriv1, spub2, epub2) && responder.Agree(val2, spriv2, epriv2, spub1, epub1)))
{
std::cout << "FAILED authenticated key agreement failed" << std::endl;
return false;
}
if (memcmp(val1.begin(), val2.begin(), initiator.AgreedValueLength()))
{
std::cout << "FAILED authenticated agreed values not equal" << std::endl;
return false;
}
std::cout << "passed authenticated key agreement" << std::endl;
return true;
}
bool SignatureValidate(PK_Signer &priv, PK_Verifier &pub, bool thorough) bool SignatureValidate(PK_Signer &priv, PK_Verifier &pub, bool thorough)
{ {
bool pass = true, fail; bool pass = true, fail;

213
validat7.cpp
View File

@ -76,234 +76,91 @@ bool ValidateMQV()
bool ValidateHMQV() bool ValidateHMQV()
{ {
std::cout << "\nHMQV validation suite running...\n\n"; std::cout << "\nHMQV validation suite running...\n\n";
bool success = true;
ECHMQV256 hmqvB(false);
FileSource f256(DataDir("TestData/hmqv256.dat").c_str(), true, new HexDecoder); FileSource f256(DataDir("TestData/hmqv256.dat").c_str(), true, new HexDecoder);
FileSource f384(DataDir("TestData/hmqv384.dat").c_str(), true, new HexDecoder); FileSource f384(DataDir("TestData/hmqv384.dat").c_str(), true, new HexDecoder);
FileSource f512(DataDir("TestData/hmqv512.dat").c_str(), true, new HexDecoder); FileSource f512(DataDir("TestData/hmqv512.dat").c_str(), true, new HexDecoder);
hmqvB.AccessGroupParameters().BERDecode(f256);
/////////////////////////
std::cout << "HMQV with NIST P-256 and SHA-256:" << std::endl; std::cout << "HMQV with NIST P-256 and SHA-256:" << std::endl;
if (hmqvB.GetCryptoParameters().Validate(GlobalRNG(), 3)) ECHMQV256 hmqvB256(false);
std::cout << "passed authenticated key agreement domain parameters validation (server)" << std::endl; hmqvB256.AccessGroupParameters().BERDecode(f256);
else
{
std::cout << "FAILED authenticated key agreement domain parameters invalid (server)" << std::endl;
return false;
}
const OID oid = ASN1::secp256r1(); const OID oid = ASN1::secp256r1();
ECHMQV< ECP >::Domain hmqvA(oid, true /*client*/); ECHMQV< ECP >::Domain hmqvA256(oid, true /*client*/);
if (hmqvA.GetCryptoParameters().Validate(GlobalRNG(), 3)) success = AuthenticatedKeyAgreementValidateWithRoles(hmqvA256, hmqvB256) && success;
std::cout << "passed authenticated key agreement domain parameters validation (client)" << std::endl;
else
{
std::cout << "FAILED authenticated key agreement domain parameters invalid (client)" << std::endl;
return false;
}
SecByteBlock sprivA(hmqvA.StaticPrivateKeyLength()), sprivB(hmqvB.StaticPrivateKeyLength()); /////////////////////////
SecByteBlock eprivA(hmqvA.EphemeralPrivateKeyLength()), eprivB(hmqvB.EphemeralPrivateKeyLength());
SecByteBlock spubA(hmqvA.StaticPublicKeyLength()), spubB(hmqvB.StaticPublicKeyLength());
SecByteBlock epubA(hmqvA.EphemeralPublicKeyLength()), epubB(hmqvB.EphemeralPublicKeyLength());
SecByteBlock valA(hmqvA.AgreedValueLength()), valB(hmqvB.AgreedValueLength());
hmqvA.GenerateStaticKeyPair(GlobalRNG(), sprivA, spubA);
hmqvB.GenerateStaticKeyPair(GlobalRNG(), sprivB, spubB);
hmqvA.GenerateEphemeralKeyPair(GlobalRNG(), eprivA, epubA);
hmqvB.GenerateEphemeralKeyPair(GlobalRNG(), eprivB, epubB);
std::memset(valA.begin(), 0x00, valA.size());
std::memset(valB.begin(), 0x11, valB.size());
if (!(hmqvA.Agree(valA, sprivA, eprivA, spubB, epubB) && hmqvB.Agree(valB, sprivB, eprivB, spubA, epubA)))
{
std::cout << "FAILED authenticated key agreement failed" << std::endl;
return false;
}
if (memcmp(valA.begin(), valB.begin(), hmqvA.AgreedValueLength()))
{
std::cout << "FAILED authenticated agreed values not equal" << std::endl;
return false;
}
std::cout << "passed authenticated key agreement" << std::endl;
// Now test HMQV with NIST P-384 curve and SHA384 hash
std::cout << std::endl;
std::cout << "HMQV with NIST P-384 and SHA-384:" << std::endl; std::cout << "HMQV with NIST P-384 and SHA-384:" << std::endl;
ECHMQV384 hmqvB384(false); ECHMQV384 hmqvB384(false);
hmqvB384.AccessGroupParameters().BERDecode(f384); hmqvB384.AccessGroupParameters().BERDecode(f384);
if (hmqvB384.GetCryptoParameters().Validate(GlobalRNG(), 3))
std::cout << "passed authenticated key agreement domain parameters validation (server)" << std::endl;
else
{
std::cout << "FAILED authenticated key agreement domain parameters invalid (server)" << std::endl;
return false;
}
const OID oid384 = ASN1::secp384r1(); const OID oid384 = ASN1::secp384r1();
ECHMQV384 hmqvA384(oid384, true /*client*/); ECHMQV384 hmqvA384(oid384, true /*client*/);
if (hmqvA384.GetCryptoParameters().Validate(GlobalRNG(), 3)) success = AuthenticatedKeyAgreementValidateWithRoles(hmqvA384, hmqvB384) && success;
std::cout << "passed authenticated key agreement domain parameters validation (client)" << std::endl;
else
{
std::cout << "FAILED authenticated key agreement domain parameters invalid (client)" << std::endl;
return false;
}
SecByteBlock sprivA384(hmqvA384.StaticPrivateKeyLength()), sprivB384(hmqvB384.StaticPrivateKeyLength()); /////////////////////////
SecByteBlock eprivA384(hmqvA384.EphemeralPrivateKeyLength()), eprivB384(hmqvB384.EphemeralPrivateKeyLength());
SecByteBlock spubA384(hmqvA384.StaticPublicKeyLength()), spubB384(hmqvB384.StaticPublicKeyLength());
SecByteBlock epubA384(hmqvA384.EphemeralPublicKeyLength()), epubB384(hmqvB384.EphemeralPublicKeyLength());
SecByteBlock valA384(hmqvA384.AgreedValueLength()), valB384(hmqvB384.AgreedValueLength());
hmqvA384.GenerateStaticKeyPair(GlobalRNG(), sprivA384, spubA384); std::cout << "HMQV with NIST P-521 and SHA-512:" << std::endl;
hmqvB384.GenerateStaticKeyPair(GlobalRNG(), sprivB384, spubB384);
hmqvA384.GenerateEphemeralKeyPair(GlobalRNG(), eprivA384, epubA384);
hmqvB384.GenerateEphemeralKeyPair(GlobalRNG(), eprivB384, epubB384);
std::memset(valA384.begin(), 0x00, valA384.size()); ECHMQV512 hmqvB521(false);
std::memset(valB384.begin(), 0x11, valB384.size()); hmqvB521.AccessGroupParameters().BERDecode(f512);
const OID oid521 = ASN1::secp521r1();
ECHMQV512 hmqvA521(oid521, true /*client*/);
if (!(hmqvA384.Agree(valA384, sprivA384, eprivA384, spubB384, epubB384) && hmqvB384.Agree(valB384, sprivB384, eprivB384, spubA384, epubA384))) success = AuthenticatedKeyAgreementValidateWithRoles(hmqvA521, hmqvB521) && success;
{
std::cout << "FAILED authenticated key agreement failed" << std::endl;
return false;
}
if (memcmp(valA384.begin(), valB384.begin(), hmqvA384.AgreedValueLength())) return success;
{
std::cout << "FAILED authenticated agreed values not equal" << std::endl;
return false;
}
std::cout << "passed authenticated key agreement" << std::endl;
return true;
} }
bool ValidateFHMQV() bool ValidateFHMQV()
{ {
std::cout << "\nFHMQV validation suite running...\n\n"; std::cout << "\nFHMQV validation suite running...\n\n";
bool success = true;
//ECFHMQV< ECP >::Domain fhmqvB(false /*server*/);
ECFHMQV256 fhmqvB(false);
FileSource f256(DataDir("TestData/fhmqv256.dat").c_str(), true, new HexDecoder); FileSource f256(DataDir("TestData/fhmqv256.dat").c_str(), true, new HexDecoder);
FileSource f384(DataDir("TestData/fhmqv384.dat").c_str(), true, new HexDecoder); FileSource f384(DataDir("TestData/fhmqv384.dat").c_str(), true, new HexDecoder);
FileSource f512(DataDir("TestData/fhmqv512.dat").c_str(), true, new HexDecoder); FileSource f512(DataDir("TestData/fhmqv512.dat").c_str(), true, new HexDecoder);
fhmqvB.AccessGroupParameters().BERDecode(f256);
/////////////////////////
std::cout << "FHMQV with NIST P-256 and SHA-256:" << std::endl; std::cout << "FHMQV with NIST P-256 and SHA-256:" << std::endl;
if (fhmqvB.GetCryptoParameters().Validate(GlobalRNG(), 3)) ECFHMQV256 fhmqvB256(false);
std::cout << "passed authenticated key agreement domain parameters validation (server)" << std::endl; fhmqvB256.AccessGroupParameters().BERDecode(f256);
else
{
std::cout << "FAILED authenticated key agreement domain parameters invalid (server)" << std::endl;
return false;
}
const OID oid = ASN1::secp256r1(); const OID oid = ASN1::secp256r1();
ECFHMQV< ECP >::Domain fhmqvA(oid, true /*client*/); ECFHMQV< ECP >::Domain fhmqvA256(oid, true /*client*/);
if (fhmqvA.GetCryptoParameters().Validate(GlobalRNG(), 3)) success = AuthenticatedKeyAgreementValidateWithRoles(fhmqvA256, fhmqvB256) && success;
std::cout << "passed authenticated key agreement domain parameters validation (client)" << std::endl;
else
{
std::cout << "FAILED authenticated key agreement domain parameters invalid (client)" << std::endl;
return false;
}
SecByteBlock sprivA(fhmqvA.StaticPrivateKeyLength()), sprivB(fhmqvB.StaticPrivateKeyLength()); /////////////////////////
SecByteBlock eprivA(fhmqvA.EphemeralPrivateKeyLength()), eprivB(fhmqvB.EphemeralPrivateKeyLength());
SecByteBlock spubA(fhmqvA.StaticPublicKeyLength()), spubB(fhmqvB.StaticPublicKeyLength());
SecByteBlock epubA(fhmqvA.EphemeralPublicKeyLength()), epubB(fhmqvB.EphemeralPublicKeyLength());
SecByteBlock valA(fhmqvA.AgreedValueLength()), valB(fhmqvB.AgreedValueLength());
fhmqvA.GenerateStaticKeyPair(GlobalRNG(), sprivA, spubA);
fhmqvB.GenerateStaticKeyPair(GlobalRNG(), sprivB, spubB);
fhmqvA.GenerateEphemeralKeyPair(GlobalRNG(), eprivA, epubA);
fhmqvB.GenerateEphemeralKeyPair(GlobalRNG(), eprivB, epubB);
std::memset(valA.begin(), 0x00, valA.size());
std::memset(valB.begin(), 0x11, valB.size());
if (!(fhmqvA.Agree(valA, sprivA, eprivA, spubB, epubB) && fhmqvB.Agree(valB, sprivB, eprivB, spubA, epubA)))
{
std::cout << "FAILED authenticated key agreement failed" << std::endl;
return false;
}
if (memcmp(valA.begin(), valB.begin(), fhmqvA.AgreedValueLength()))
{
std::cout << "FAILED authenticated agreed values not equal" << std::endl;
return false;
}
std::cout << "passed authenticated key agreement" << std::endl;
// Now test FHMQV with NIST P-384 curve and SHA384 hash
std::cout << std::endl;
std::cout << "FHMQV with NIST P-384 and SHA-384:" << std::endl; std::cout << "FHMQV with NIST P-384 and SHA-384:" << std::endl;
ECHMQV384 fhmqvB384(false); ECHMQV384 fhmqvB384(false);
fhmqvB384.AccessGroupParameters().BERDecode(f384); fhmqvB384.AccessGroupParameters().BERDecode(f384);
if (fhmqvB384.GetCryptoParameters().Validate(GlobalRNG(), 3))
std::cout << "passed authenticated key agreement domain parameters validation (server)" << std::endl;
else
{
std::cout << "FAILED authenticated key agreement domain parameters invalid (server)" << std::endl;
return false;
}
const OID oid384 = ASN1::secp384r1(); const OID oid384 = ASN1::secp384r1();
ECHMQV384 fhmqvA384(oid384, true /*client*/); ECHMQV384 fhmqvA384(oid384, true /*client*/);
if (fhmqvA384.GetCryptoParameters().Validate(GlobalRNG(), 3)) success = AuthenticatedKeyAgreementValidateWithRoles(fhmqvA384, fhmqvB384) && success;
std::cout << "passed authenticated key agreement domain parameters validation (client)" << std::endl;
else
{
std::cout << "FAILED authenticated key agreement domain parameters invalid (client)" << std::endl;
return false;
}
SecByteBlock sprivA384(fhmqvA384.StaticPrivateKeyLength()), sprivB384(fhmqvB384.StaticPrivateKeyLength()); /////////////////////////
SecByteBlock eprivA384(fhmqvA384.EphemeralPrivateKeyLength()), eprivB384(fhmqvB384.EphemeralPrivateKeyLength());
SecByteBlock spubA384(fhmqvA384.StaticPublicKeyLength()), spubB384(fhmqvB384.StaticPublicKeyLength());
SecByteBlock epubA384(fhmqvA384.EphemeralPublicKeyLength()), epubB384(fhmqvB384.EphemeralPublicKeyLength());
SecByteBlock valA384(fhmqvA384.AgreedValueLength()), valB384(fhmqvB384.AgreedValueLength());
fhmqvA384.GenerateStaticKeyPair(GlobalRNG(), sprivA384, spubA384); std::cout << "FHMQV with NIST P-521 and SHA-512:" << std::endl;
fhmqvB384.GenerateStaticKeyPair(GlobalRNG(), sprivB384, spubB384);
fhmqvA384.GenerateEphemeralKeyPair(GlobalRNG(), eprivA384, epubA384);
fhmqvB384.GenerateEphemeralKeyPair(GlobalRNG(), eprivB384, epubB384);
std::memset(valA384.begin(), 0x00, valA384.size()); ECHMQV512 fhmqvB521(false);
std::memset(valB384.begin(), 0x11, valB384.size()); fhmqvB521.AccessGroupParameters().BERDecode(f512);
const OID oid521 = ASN1::secp521r1();
ECHMQV512 fhmqvA521(oid521, true /*client*/);
if (!(fhmqvA384.Agree(valA384, sprivA384, eprivA384, spubB384, epubB384) && fhmqvB384.Agree(valB384, sprivB384, eprivB384, spubA384, epubA384))) success = AuthenticatedKeyAgreementValidateWithRoles(fhmqvA521, fhmqvB521) && success;
{
std::cout << "FAILED authenticated key agreement failed" << std::endl;
return false;
}
if (memcmp(valA384.begin(), valB384.begin(), fhmqvA384.AgreedValueLength())) return success;
{
std::cout << "FAILED authenticated agreed values not equal" << std::endl;
return false;
}
std::cout << "passed authenticated key agreement" << std::endl;
return true;
} }
bool ValidateLUC_DH() bool ValidateLUC_DH()

1
validate.h
View File

@ -344,6 +344,7 @@ bool RunTestDataFile(const char *filename, const NameValuePairs &overrideParamet
// Definitions in validat6.cpp // Definitions in validat6.cpp
bool CryptoSystemValidate(PK_Decryptor &priv, PK_Encryptor &pub, bool thorough = false); bool CryptoSystemValidate(PK_Decryptor &priv, PK_Encryptor &pub, bool thorough = false);
bool SimpleKeyAgreementValidate(SimpleKeyAgreementDomain &d); bool SimpleKeyAgreementValidate(SimpleKeyAgreementDomain &d);
bool AuthenticatedKeyAgreementValidateWithRoles(AuthenticatedKeyAgreementDomain &initiator, AuthenticatedKeyAgreementDomain &responder);
bool AuthenticatedKeyAgreementValidate(AuthenticatedKeyAgreementDomain &d); bool AuthenticatedKeyAgreementValidate(AuthenticatedKeyAgreementDomain &d);
bool SignatureValidate(PK_Signer &priv, PK_Verifier &pub, bool thorough = false); bool SignatureValidate(PK_Signer &priv, PK_Verifier &pub, bool thorough = false);