arne
/
cryptopp
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Modified validation suite to use VerifyBufsEqual rather than memcmp. VerifyBufsEqual is a constant time compare, so it serves to educate users on the function to call to use

pull/1/merge
Jeffrey Walton 2015-06-28 23:06:12 -04:00
parent a0390f1fd7
commit b51c3ea0b5
3 changed files with 44 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
validat1.cpp
View File

@ -4,6 +4,7 @@
#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1
#include "files.h"
#include "misc.h"
#include "hex.h"
#include "base32.h"
#include "base64.h"
@ -435,11 +436,11 @@ bool BlockTransformationTest(const CipherFactory &cg, BufferedTransformation &va
apbt transE = cg.NewEncryption(key);
transE->ProcessBlock(plain, out);
fail = memcmp(out, cipher, cg.BlockSize()) != 0;
fail = !VerifyBufsEqual(out, cipher, cg.BlockSize());
apbt transD = cg.NewDecryption(key);
transD->ProcessBlock(out, outplain);
fail=fail || memcmp(outplain, plain, cg.BlockSize());
fail=fail || !VerifyBufsEqual(outplain, plain, cg.BlockSize());
pass = pass && !fail;
@ -703,7 +704,7 @@ bool ValidateCipherModes()
modeE.SetStolenIV(stolenIV);
fail = !TestFilter(StreamTransformationFilter(modeE).Ref(),
plain, 3, encrypted, sizeof(encrypted));
fail = memcmp(stolenIV, decryptionIV, 8) != 0 || fail;
fail = !VerifyBufsEqual(stolenIV, decryptionIV, 8) || fail;
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ") << "CBC encryption with ciphertext and IV stealing" << endl;
@ -899,11 +900,11 @@ bool ValidateRC2()
apbt transE(new RC2Encryption(key, keyLen, effectiveLen));
transE->ProcessBlock(plain, out);
fail = memcmp(out, cipher, RC2Encryption::BLOCKSIZE) != 0;
fail = !VerifyBufsEqual(out, cipher, RC2Encryption::BLOCKSIZE);
apbt transD(new RC2Decryption(key, keyLen, effectiveLen));
transD->ProcessBlock(out, outplain);
fail=fail || memcmp(outplain, plain, RC2Encryption::BLOCKSIZE);
fail=fail || !VerifyBufsEqual(outplain, plain, RC2Encryption::BLOCKSIZE);
pass = pass && !fail;
@ -1053,13 +1054,13 @@ bool ValidateARC4()
arc4.reset(new Weak::ARC4(Key0, sizeof(Key0)));
arc4->ProcessString(Input0, sizeof(Input0));
fail = memcmp(Input0, Output0, sizeof(Input0)) != 0;
fail = !VerifyBufsEqual(Input0, Output0, sizeof(Input0));
cout << (fail ? "FAILED" : "passed") << " Test 0" << endl;
pass = pass && !fail;
arc4.reset(new Weak::ARC4(Key1, sizeof(Key1)));
arc4->ProcessString(Key1, Input1, sizeof(Key1));
fail = memcmp(Output1, Key1, sizeof(Key1)) != 0;
fail = !VerifyBufsEqual(Output1, Key1, sizeof(Key1));
cout << (fail ? "FAILED" : "passed") << " Test 1" << endl;
pass = pass && !fail;
@ -1171,11 +1172,11 @@ bool ValidateBlowfish()
{
ECB_Mode<Blowfish>::Encryption enc((byte *)key[i], strlen(key[i]));
enc.ProcessData(out, plain[i], 8);
fail = memcmp(out, cipher[i], 8) != 0;
fail = !VerifyBufsEqual(out, cipher[i], 8);
ECB_Mode<Blowfish>::Decryption dec((byte *)key[i], strlen(key[i]));
dec.ProcessData(outplain, cipher[i], 8);
fail = fail || memcmp(outplain, plain[i], 8);
fail = fail || !VerifyBufsEqual(outplain, plain[i], 8);
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
@ -1273,7 +1274,7 @@ bool ValidateSEAL()
seal.Seek(1);
output[1] = seal.ProcessByte(output[1]);
seal.ProcessString(output+2, size-2);
pass = pass && memcmp(output+1, input+1, size-1) == 0;
pass = pass && VerifyBufsEqual(output+1, input+1, size-1);
cout << (pass ? "passed" : "FAILED") << endl;
return pass;

40
validat2.cpp
View File

@ -20,6 +20,7 @@
#include "ec2n.h"
#include "asn.h"
#include "rng.h"
#include "misc.h"
#include "files.h"
#include "hex.h"
#include "oids.h"
@ -69,7 +70,7 @@ bool ValidateBBS()
byte buf[20];
bbs.GenerateBlock(buf, 20);
fail = memcmp(output1, buf, 20) != 0;
fail = !VerifyBufsEqual(output1, buf, 20);
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
@ -79,7 +80,7 @@ bool ValidateBBS()
bbs.Seek(10);
bbs.GenerateBlock(buf, 10);
fail = memcmp(output1+10, buf, 10) != 0;
fail = !VerifyBufsEqual(output1+10, buf, 10);
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
@ -89,7 +90,7 @@ bool ValidateBBS()
bbs.Seek(1234567);
bbs.GenerateBlock(buf, 20);
fail = memcmp(output2, buf, 20) != 0;
fail = !VerifyBufsEqual(output2, buf, 20);
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
@ -133,7 +134,7 @@ bool SignatureValidate(PK_Signer &priv, PK_Verifier &pub, bool thorough = false)
signatureLength = priv.SignMessageWithRecovery(GlobalRNG(), message, messageLen, NULL, 0, signature);
SecByteBlock recovered(priv.MaxRecoverableLengthFromSignatureLength(signatureLength));
DecodingResult result = pub.RecoverMessage(recovered, NULL, 0, signature, signatureLength);
fail = !(result.isValidCoding && result.messageLength == messageLen && memcmp(recovered, message, messageLen) == 0);
fail = !(result.isValidCoding && result.messageLength == messageLen && VerifyBufsEqual(recovered, message, messageLen));
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
@ -168,7 +169,7 @@ bool CryptoSystemValidate(PK_Decryptor &priv, PK_Encryptor &pub, bool thorough =
pub.Encrypt(GlobalRNG(), message, messageLen, ciphertext);
fail = priv.Decrypt(GlobalRNG(), ciphertext, priv.CiphertextLength(messageLen), plaintext) != DecodingResult(messageLen);
fail = fail || memcmp(message, plaintext, messageLen);
fail = fail || !VerifyBufsEqual(message, plaintext, messageLen);
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
@ -203,7 +204,7 @@ bool SimpleKeyAgreementValidate(SimpleKeyAgreementDomain &d)
return false;
}
if (memcmp(val1.begin(), val2.begin(), d.AgreedValueLength()))
if (!VerifyBufsEqual(val1.begin(), val2.begin(), d.AgreedValueLength()))
{
cout << "FAILED simple agreed values not equal" << endl;
return false;
@ -243,7 +244,7 @@ bool AuthenticatedKeyAgreementValidate(AuthenticatedKeyAgreementDomain &d)
return false;
}
if (memcmp(val1.begin(), val2.begin(), d.AgreedValueLength()))
if (!VerifyBufsEqual(val1.begin(), val2.begin(), d.AgreedValueLength()))
{
cout << "FAILED authenticated agreed values not equal" << endl;
return false;
@ -273,7 +274,7 @@ bool ValidateRSA()
Weak::RSASSA_PKCS1v15_MD2_Verifier rsaPub(rsaPriv);
size_t signatureLength = rsaPriv.SignMessage(GlobalRNG(), (byte *)plain, strlen(plain), out);
fail = memcmp(signature, out, 64) != 0;
fail = !VerifyBufsEqual(signature, out, 64);
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
@ -330,7 +331,7 @@ bool ValidateRSA()
memset(outPlain, 0, 8);
rsaPub.Encrypt(rng, plain, 8, out);
DecodingResult result = rsaPriv.FixedLengthDecrypt(GlobalRNG(), encrypted, outPlain);
fail = !result.isValidCoding || (result.messageLength!=8) || memcmp(out, encrypted, 50) || memcmp(plain, outPlain, 8);
fail = !result.isValidCoding || (result.messageLength!=8) || !VerifyBufsEqual(out, encrypted, 50) || !VerifyBufsEqual(plain, outPlain, 8);
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
@ -515,12 +516,25 @@ bool ValidateRabin()
bool ValidateRW()
{
cout << "\nRW validation suite running...\n\n";
bool pass=true;
FileSource f("TestData/rw1024.dat", true, new HexDecoder);
RWSS<PSSR, SHA>::Signer priv(f);
RWSS<PSSR, SHA>::Verifier pub(priv);
{
FileSource f("TestData/rw1024.dat", true, new HexDecoder);
RWSS<PSSR, SHA>::Signer priv(f);
RWSS<PSSR, SHA>::Verifier pub(priv);
pass = pass && SignatureValidate(priv, pub);
}
{
cout << "Turning off blinding..." << endl;
return SignatureValidate(priv, pub);
FileSource f("TestData/rw1024.dat", true, new HexDecoder);
RWSS<PSSR, SHA>::Signer priv(f);
priv.AccessKey().SetEnableBlinding(false);
RWSS<PSSR, SHA>::Verifier pub(priv);
pass = pass && SignatureValidate(priv, pub);
}
return pass;
}
/*

11
validat3.cpp
View File

@ -21,6 +21,7 @@
#include "pwdbased.h"
#include "filters.h"
#include "hex.h"
#include "misc.h"
#include "files.h"
#include <iostream>
@ -54,7 +55,7 @@ bool HashModuleTest(HashTransformation &md, const HashTestTuple *testSet, unsign
for (j=0; j<testSet[i].repeatTimes; j++)
md.Update(testSet[i].input, testSet[i].inputLen);
md.Final(digest);
fail = memcmp(digest, testSet[i].output, md.DigestSize()) != 0;
fail = !VerifyBufsEqual(digest, testSet[i].output, md.DigestSize());
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
@ -377,7 +378,7 @@ bool ValidateMD5MAC()
{
mac.Update((byte *)TestVals[i], strlen(TestVals[i]));
mac.Final(digest);
fail = memcmp(digest, output[k][i], MD5MAC::DIGESTSIZE)
fail = !VerifyBufsEqual(digest, output[k][i], MD5MAC::DIGESTSIZE)
|| !mac.VerifyDigest(output[k][i], (byte *)TestVals[i], strlen(TestVals[i]));
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
@ -448,7 +449,7 @@ bool ValidateXMACC()
{
mac.Update((byte *)TestVals[i], strlen(TestVals[i]));
mac.Final(digest);
fail = memcmp(digest, output[k][i], XMACC_MD5::DIGESTSIZE)
fail = !VerifyBufsEqual(digest, output[k][i], XMACC_MD5::DIGESTSIZE)
|| !mac.VerifyDigest(output[k][i], (byte *)TestVals[i], strlen(TestVals[i]));
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
@ -498,7 +499,7 @@ bool ValidateTTMAC()
{
mac.Update((byte *)TestVals[k], strlen(TestVals[k]));
mac.Final(digest);
fail = memcmp(digest, output[k], TTMAC::DIGESTSIZE)
fail = !VerifyBufsEqual(digest, output[k], TTMAC::DIGESTSIZE)
|| !mac.VerifyDigest(output[k], (byte *)TestVals[k], strlen(TestVals[k]));
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
@ -532,7 +533,7 @@ bool TestPBKDF(PasswordBasedKeyDerivationFunction &pbkdf, const PBKDF_TestTuple
SecByteBlock derived(derivedKey.size());
pbkdf.DeriveKey(derived, derived.size(), tuple.purpose, (byte *)password.data(), password.size(), (byte *)salt.data(), salt.size(), tuple.iterations);
bool fail = memcmp(derived, derivedKey.data(), derived.size()) != 0;
bool fail = !VerifyBufsEqual(derived, reinterpret_cast<const unsigned char*>(derivedKey.data()), derived.size());
pass = pass && !fail;
HexEncoder enc(new FileSink(cout));