Modified validation suite to use VerifyBufsEqual rather than memcmp. VerifyBufsEqual is a constant time compare, so it serves to educate users on the function to call to use

validat1.cpp

@@ -4,6 +4,7 @@
 
 #define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1
 #include "files.h"
+#include "misc.h"
 #include "hex.h"
 #include "base32.h"
 #include "base64.h"
@@ -435,11 +436,11 @@ bool BlockTransformationTest(const CipherFactory &cg, BufferedTransformation &va
 
 		apbt transE = cg.NewEncryption(key);
 		transE->ProcessBlock(plain, out);
-		fail = memcmp(out, cipher, cg.BlockSize()) != 0;
+		fail = !VerifyBufsEqual(out, cipher, cg.BlockSize());
 
 		apbt transD = cg.NewDecryption(key);
 		transD->ProcessBlock(out, outplain);
-		fail=fail || memcmp(outplain, plain, cg.BlockSize());
+		fail=fail || !VerifyBufsEqual(outplain, plain, cg.BlockSize());
 
 		pass = pass && !fail;
 
@@ -703,7 +704,7 @@ bool ValidateCipherModes()
 		modeE.SetStolenIV(stolenIV);
 		fail = !TestFilter(StreamTransformationFilter(modeE).Ref(),
 			plain, 3, encrypted, sizeof(encrypted));
-		fail = memcmp(stolenIV, decryptionIV, 8) != 0 || fail;
+		fail = !VerifyBufsEqual(stolenIV, decryptionIV, 8) || fail;
 		pass = pass && !fail;
 		cout << (fail ? "FAILED   " : "passed   ") << "CBC encryption with ciphertext and IV stealing" << endl;
 		
@@ -899,11 +900,11 @@ bool ValidateRC2()
 
 		apbt transE(new RC2Encryption(key, keyLen, effectiveLen));
 		transE->ProcessBlock(plain, out);
-		fail = memcmp(out, cipher, RC2Encryption::BLOCKSIZE) != 0;
+		fail = !VerifyBufsEqual(out, cipher, RC2Encryption::BLOCKSIZE);
 
 		apbt transD(new RC2Decryption(key, keyLen, effectiveLen));
 		transD->ProcessBlock(out, outplain);
-		fail=fail || memcmp(outplain, plain, RC2Encryption::BLOCKSIZE);
+		fail=fail || !VerifyBufsEqual(outplain, plain, RC2Encryption::BLOCKSIZE);
 
 		pass = pass && !fail;
 
@@ -1053,13 +1054,13 @@ bool ValidateARC4()
 
 	arc4.reset(new Weak::ARC4(Key0, sizeof(Key0)));
 	arc4->ProcessString(Input0, sizeof(Input0));
-	fail = memcmp(Input0, Output0, sizeof(Input0)) != 0;
+	fail = !VerifyBufsEqual(Input0, Output0, sizeof(Input0));
 	cout << (fail ? "FAILED" : "passed") << "    Test 0" << endl;
 	pass = pass && !fail;
 
 	arc4.reset(new Weak::ARC4(Key1, sizeof(Key1)));
 	arc4->ProcessString(Key1, Input1, sizeof(Key1));
-	fail = memcmp(Output1, Key1, sizeof(Key1)) != 0;
+	fail = !VerifyBufsEqual(Output1, Key1, sizeof(Key1));
 	cout << (fail ? "FAILED" : "passed") << "    Test 1" << endl;
 	pass = pass && !fail;
 
@@ -1171,11 +1172,11 @@ bool ValidateBlowfish()
 	{
 		ECB_Mode<Blowfish>::Encryption enc((byte *)key[i], strlen(key[i]));
 		enc.ProcessData(out, plain[i], 8);
-		fail = memcmp(out, cipher[i], 8) != 0;
+		fail = !VerifyBufsEqual(out, cipher[i], 8);
 
 		ECB_Mode<Blowfish>::Decryption dec((byte *)key[i], strlen(key[i]));
 		dec.ProcessData(outplain, cipher[i], 8);
-		fail = fail || memcmp(outplain, plain[i], 8);
+		fail = fail || !VerifyBufsEqual(outplain, plain[i], 8);
 		pass = pass && !fail;
 
 		cout << (fail ? "FAILED    " : "passed    ");
@@ -1273,7 +1274,7 @@ bool ValidateSEAL()
 	seal.Seek(1);
 	output[1] = seal.ProcessByte(output[1]);
 	seal.ProcessString(output+2, size-2);
-	pass = pass && memcmp(output+1, input+1, size-1) == 0;
+	pass = pass && VerifyBufsEqual(output+1, input+1, size-1);
 
 	cout << (pass ? "passed" : "FAILED") << endl;
 	return pass;

validat2.cpp

@@ -20,6 +20,7 @@
 #include "ec2n.h"
 #include "asn.h"
 #include "rng.h"
+#include "misc.h"
 #include "files.h"
 #include "hex.h"
 #include "oids.h"
@@ -69,7 +70,7 @@ bool ValidateBBS()
 	byte buf[20];
 
 	bbs.GenerateBlock(buf, 20);
-	fail = memcmp(output1, buf, 20) != 0;
+	fail = !VerifyBufsEqual(output1, buf, 20);
 	pass = pass && !fail;
 
 	cout << (fail ? "FAILED    " : "passed    ");
@@ -79,7 +80,7 @@ bool ValidateBBS()
 
 	bbs.Seek(10);
 	bbs.GenerateBlock(buf, 10);
-	fail = memcmp(output1+10, buf, 10) != 0;
+	fail = !VerifyBufsEqual(output1+10, buf, 10);
 	pass = pass && !fail;
 
 	cout << (fail ? "FAILED    " : "passed    ");
@@ -89,7 +90,7 @@ bool ValidateBBS()
 
 	bbs.Seek(1234567);
 	bbs.GenerateBlock(buf, 20);
-	fail = memcmp(output2, buf, 20) != 0;
+	fail = !VerifyBufsEqual(output2, buf, 20);
 	pass = pass && !fail;
 
 	cout << (fail ? "FAILED    " : "passed    ");
@@ -133,7 +134,7 @@ bool SignatureValidate(PK_Signer &priv, PK_Verifier &pub, bool thorough = false)
 		signatureLength = priv.SignMessageWithRecovery(GlobalRNG(), message, messageLen, NULL, 0, signature);
 		SecByteBlock recovered(priv.MaxRecoverableLengthFromSignatureLength(signatureLength));
 		DecodingResult result = pub.RecoverMessage(recovered, NULL, 0, signature, signatureLength);
-		fail = !(result.isValidCoding && result.messageLength == messageLen && memcmp(recovered, message, messageLen) == 0);
+		fail = !(result.isValidCoding && result.messageLength == messageLen && VerifyBufsEqual(recovered, message, messageLen));
 		pass = pass && !fail;
 
 		cout << (fail ? "FAILED    " : "passed    ");
@@ -168,7 +169,7 @@ bool CryptoSystemValidate(PK_Decryptor &priv, PK_Encryptor &pub, bool thorough =
 
 	pub.Encrypt(GlobalRNG(), message, messageLen, ciphertext);
 	fail = priv.Decrypt(GlobalRNG(), ciphertext, priv.CiphertextLength(messageLen), plaintext) != DecodingResult(messageLen);
-	fail = fail || memcmp(message, plaintext, messageLen);
+	fail = fail || !VerifyBufsEqual(message, plaintext, messageLen);
 	pass = pass && !fail;
 
 	cout << (fail ? "FAILED    " : "passed    ");
@@ -203,7 +204,7 @@ bool SimpleKeyAgreementValidate(SimpleKeyAgreementDomain &d)
 		return false;
 	}
 
-	if (memcmp(val1.begin(), val2.begin(), d.AgreedValueLength()))
+	if (!VerifyBufsEqual(val1.begin(), val2.begin(), d.AgreedValueLength()))
 	{
 		cout << "FAILED    simple agreed values not equal" << endl;
 		return false;
@@ -243,7 +244,7 @@ bool AuthenticatedKeyAgreementValidate(AuthenticatedKeyAgreementDomain &d)
 		return false;
 	}
 
-	if (memcmp(val1.begin(), val2.begin(), d.AgreedValueLength()))
+	if (!VerifyBufsEqual(val1.begin(), val2.begin(), d.AgreedValueLength()))
 	{
 		cout << "FAILED    authenticated agreed values not equal" << endl;
 		return false;
@@ -273,7 +274,7 @@ bool ValidateRSA()
 		Weak::RSASSA_PKCS1v15_MD2_Verifier rsaPub(rsaPriv);
 
 		size_t signatureLength = rsaPriv.SignMessage(GlobalRNG(), (byte *)plain, strlen(plain), out);
-		fail = memcmp(signature, out, 64) != 0;
+		fail = !VerifyBufsEqual(signature, out, 64);
 		pass = pass && !fail;
 
 		cout << (fail ? "FAILED    " : "passed    ");
@@ -330,7 +331,7 @@ bool ValidateRSA()
 		memset(outPlain, 0, 8);
 		rsaPub.Encrypt(rng, plain, 8, out);
 		DecodingResult result = rsaPriv.FixedLengthDecrypt(GlobalRNG(), encrypted, outPlain);
-		fail = !result.isValidCoding || (result.messageLength!=8) || memcmp(out, encrypted, 50) || memcmp(plain, outPlain, 8);
+		fail = !result.isValidCoding || (result.messageLength!=8) || !VerifyBufsEqual(out, encrypted, 50) || !VerifyBufsEqual(plain, outPlain, 8);
 		pass = pass && !fail;
 
 		cout << (fail ? "FAILED    " : "passed    ");
@@ -515,12 +516,25 @@ bool ValidateRabin()
 bool ValidateRW()
 {
 	cout << "\nRW validation suite running...\n\n";
+	bool pass=true;
 
+	{
 		FileSource f("TestData/rw1024.dat", true, new HexDecoder);
 		RWSS<PSSR, SHA>::Signer priv(f);
 		RWSS<PSSR, SHA>::Verifier pub(priv);
+		pass = pass && SignatureValidate(priv, pub);
+	}
+	{
+		cout << "Turning off blinding..." << endl;
 
-	return SignatureValidate(priv, pub);
+		FileSource f("TestData/rw1024.dat", true, new HexDecoder);
+		RWSS<PSSR, SHA>::Signer priv(f);
+		priv.AccessKey().SetEnableBlinding(false);
+		RWSS<PSSR, SHA>::Verifier pub(priv);
+		pass = pass && SignatureValidate(priv, pub);
+	}
+
+	return pass;
 }
 
 /*

validat3.cpp

@@ -21,6 +21,7 @@
 #include "pwdbased.h"
 #include "filters.h"
 #include "hex.h"
+#include "misc.h"
 #include "files.h"
 
 #include <iostream>
@@ -54,7 +55,7 @@ bool HashModuleTest(HashTransformation &md, const HashTestTuple *testSet, unsign
 		for (j=0; j<testSet[i].repeatTimes; j++)
 			md.Update(testSet[i].input, testSet[i].inputLen);
 		md.Final(digest);
-		fail = memcmp(digest, testSet[i].output, md.DigestSize()) != 0;
+		fail = !VerifyBufsEqual(digest, testSet[i].output, md.DigestSize());
 		pass = pass && !fail;
 
 		cout << (fail ? "FAILED   " : "passed   ");
@@ -377,7 +378,7 @@ bool ValidateMD5MAC()
 		{
 			mac.Update((byte *)TestVals[i], strlen(TestVals[i]));
 			mac.Final(digest);
-			fail = memcmp(digest, output[k][i], MD5MAC::DIGESTSIZE)
+			fail = !VerifyBufsEqual(digest, output[k][i], MD5MAC::DIGESTSIZE)
 				 || !mac.VerifyDigest(output[k][i], (byte *)TestVals[i], strlen(TestVals[i]));
 			pass = pass && !fail;
 			cout << (fail ? "FAILED   " : "passed   ");
@@ -448,7 +449,7 @@ bool ValidateXMACC()
 		{
 			mac.Update((byte *)TestVals[i], strlen(TestVals[i]));
 			mac.Final(digest);
-			fail = memcmp(digest, output[k][i], XMACC_MD5::DIGESTSIZE)
+			fail = !VerifyBufsEqual(digest, output[k][i], XMACC_MD5::DIGESTSIZE)
 				 || !mac.VerifyDigest(output[k][i], (byte *)TestVals[i], strlen(TestVals[i]));
 			pass = pass && !fail;
 			cout << (fail ? "FAILED   " : "passed   ");
@@ -498,7 +499,7 @@ bool ValidateTTMAC()
 	{
 		mac.Update((byte *)TestVals[k], strlen(TestVals[k]));
 		mac.Final(digest);
-		fail = memcmp(digest, output[k], TTMAC::DIGESTSIZE)
+		fail = !VerifyBufsEqual(digest, output[k], TTMAC::DIGESTSIZE)
 			|| !mac.VerifyDigest(output[k], (byte *)TestVals[k], strlen(TestVals[k]));
 		pass = pass && !fail;
 		cout << (fail ? "FAILED   " : "passed   ");
@@ -532,7 +533,7 @@ bool TestPBKDF(PasswordBasedKeyDerivationFunction &pbkdf, const PBKDF_TestTuple
 
 		SecByteBlock derived(derivedKey.size());
 		pbkdf.DeriveKey(derived, derived.size(), tuple.purpose, (byte *)password.data(), password.size(), (byte *)salt.data(), salt.size(), tuple.iterations);
-		bool fail = memcmp(derived, derivedKey.data(), derived.size()) != 0;
+		bool fail = !VerifyBufsEqual(derived, reinterpret_cast<const unsigned char*>(derivedKey.data()), derived.size());
 		pass = pass && !fail;
 
 		HexEncoder enc(new FileSink(cout));