1 // validat9.cpp - originally written and placed in the public domain by Wei Dai
2 // CryptoPP::Test namespace added by JW in February 2017.
3 // Source files split in July 2018 to expedite compiles.
4
5 #include "pch.h"
6
7 #define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1
8
9 #include "cryptlib.h"
10 #include "cpu.h"
11 #include "validate.h"
12
13 #include "asn.h"
14 #include "oids.h"
15
16 #include "md2.h"
17 #include "md4.h"
18 #include "md5.h"
19
20 #include "sha.h"
21 #include "sha3.h"
22 #include "pssr.h"
23 #include "ripemd.h"
24 #include "whrlpool.h"
25
26 #include "rw.h"
27 #include "dsa.h"
28 #include "luc.h"
29 #include "rsa.h"
30 #include "esign.h"
31 #include "rabin.h"
32 #include "pubkey.h"
33 #include "eccrypto.h"
34
35 // Curve25519
36 #include "xed25519.h"
37 #include "donna.h"
38 #include "naclite.h"
39
40 #include <iostream>
41 #include <iomanip>
42 #include <sstream>
43
44 // Aggressive stack checking with VS2005 SP1 and above.
45 #if (_MSC_FULL_VER >= 140050727)
46 # pragma strict_gs_check (on)
47 #endif
48
49 #if CRYPTOPP_MSC_VERSION
50 # pragma warning(disable: 4505 4355)
51 #endif
52
53 NAMESPACE_BEGIN(CryptoPP)
NAMESPACE_BEGIN(Test)54 NAMESPACE_BEGIN(Test)
55
56 bool ValidateRSA_Sign()
57 {
58 // Must be large enough for RSA-3072 to test SHA3_256
59 byte out[256];
60 bool pass = true, fail;
61
62 {
63 const char plain[] = "Everyone gets Friday off.";
64 const byte signature[] =
65 "\x05\xfa\x6a\x81\x2f\xc7\xdf\x8b\xf4\xf2\x54\x25\x09\xe0\x3e\x84"
66 "\x6e\x11\xb9\xc6\x20\xbe\x20\x09\xef\xb4\x40\xef\xbc\xc6\x69\x21"
67 "\x69\x94\xac\x04\xf3\x41\xb5\x7d\x05\x20\x2d\x42\x8f\xb2\xa2\x7b"
68 "\x5c\x77\xdf\xd9\xb1\x5b\xfc\x3d\x55\x93\x53\x50\x34\x10\xc1\xe1";
69
70 FileSource keys(DataDir("TestData/rsa512a.dat").c_str(), true, new HexDecoder);
71 Weak::RSASSA_PKCS1v15_MD2_Signer rsaPriv(keys);
72 Weak::RSASSA_PKCS1v15_MD2_Verifier rsaPub(rsaPriv);
73
74 size_t signatureLength = rsaPriv.SignMessage(GlobalRNG(), (byte *)plain, strlen(plain), out);
75 CRYPTOPP_ASSERT(signatureLength <= sizeof(out));
76 fail = memcmp(signature, out, signatureLength) != 0;
77 pass = pass && !fail;
78
79 std::cout << (fail ? "FAILED " : "passed ");
80 std::cout << "signature check against test vector\n";
81
82 fail = !rsaPub.VerifyMessage((byte *)plain, strlen(plain), out, signatureLength);
83 pass = pass && !fail;
84
85 std::cout << (fail ? "FAILED " : "passed ");
86 std::cout << "verification check against test vector\n";
87
88 out[10]++;
89 fail = rsaPub.VerifyMessage((byte *)plain, strlen(plain), out, signatureLength);
90 pass = pass && !fail;
91
92 std::cout << (fail ? "FAILED " : "passed ");
93 std::cout << "invalid signature verification\n";
94 }
95 /////
96 {
97 const char plain[] = "Everyone gets Friday off.";
98 const byte signature[] =
99 "\x2e\x87\xda\x1f\xe4\xda\x1d\x7a\xb7\xf2\x42\x36\xe9\xc0\x4e\xab\x3f\x03\x71\xe1"
100 "\x2b\xc5\x3c\xbf\x21\x21\xa8\xd6\x28\xb0\x08\xfd\x9c\xf6\x94\xbd\x37\x32\xda\xfc"
101 "\x42\x1c\x8e\xdb\x8a\x81\x90\x46\x45\xb4\xde\x9e\xce\x90\xfe\xa1\xfd\xbc\x5a\xce"
102 "\xca\x59\x89\x93\xc0\x0f\x2f\xf1\x13\xb0\xf5\x3d\xa3\x9a\x85\xb7\x40\xd9\x34\x88"
103 "\x29\xb2\x4a\x0f\x9b\xbe\x22\x3a\x5b\x54\x51\xb7\xf0\x10\x72\x50\xc4\x2a\xe9\xe4"
104 "\xc3\x82\xeb\x32\x33\x14\xb6\xf2\x7b\x30\x7a\xbf\xc2\xf3\x0f\x4d\x72\xa0\x8d\xa1"
105 "\xc6\xce\xd0\xa3\x3c\xf7\x23\x4b\xb7\x2c\x5e\xca\x83\x01\xc7\x5c\xd5\xd0\xd1\x94"
106 "\x43\xf0\xad\xa2\xe6\x72\x2b\x13\x39\xb2\x4b\x25\x91\x3a\x4f\x53\x05\x00\x8c\xc7"
107 "\xcf\x4f\x11\x64\xe6\xf4\x1a\x4d\x90\x7e\xf1\xfe\xed\xec\x8d\xbb\x00\x31\x2e\x03"
108 "\xbe\x87\x84\x60\xfb\x5e\xef\x9d\x18\x2c\x28\x3d\xaa\x67\x80\xa3\x62\x07\x06\x5e"
109 "\xce\xee\x3b\xd0\x78\xb5\x98\x38\x1e\xe8\x62\x19\x9c\xc3\xd4\xf7\xc2\xc5\x00\xf0"
110 "\xeb\x89\x65\x53\x35\xe7\x13\x7e\xbb\x26\xb0\x76\x9c\xf2\x80\xaa\xe1\xb1\x0a\xa6"
111 "\x47\xfc\x5f\xe0\x7f\x82\xd7\x83\x41\xc3\x50\xa1\xe0\x0e\x1a\xe4";
112
113 FileSource keys(DataDir("TestData/rsa2048a.dat").c_str(), true, new HexDecoder);
114 RSASS<PKCS1v15, SHA3_256>::Signer rsaPriv(keys);
115 RSASS<PKCS1v15, SHA3_256>::Verifier rsaPub(rsaPriv);
116
117 size_t signatureLength = rsaPriv.SignMessage(GlobalRNG(), (byte *)plain, strlen(plain), out);
118 CRYPTOPP_ASSERT(signatureLength <= sizeof(out));
119 fail = memcmp(signature, out, signatureLength) != 0;
120 pass = pass && !fail;
121
122 std::cout << (fail ? "FAILED " : "passed ");
123 std::cout << "signature check against test vector\n";
124
125 fail = !rsaPub.VerifyMessage((byte *)plain, strlen(plain), out, signatureLength);
126 pass = pass && !fail;
127
128 std::cout << (fail ? "FAILED " : "passed ");
129 std::cout << "verification check against test vector\n";
130
131 out[10]++;
132 fail = rsaPub.VerifyMessage((byte *)plain, strlen(plain), out, signatureLength);
133 pass = pass && !fail;
134
135 std::cout << (fail ? "FAILED " : "passed ");
136 std::cout << "invalid signature verification\n";
137 }
138
139 return pass;
140 }
141
ValidateNR()142 bool ValidateNR()
143 {
144 std::cout << "\nNR validation suite running...\n\n";
145 bool pass = true;
146 {
147 FileSource f(DataDir("TestData/nr2048.dat").c_str(), true, new HexDecoder);
148 NR<SHA1>::Signer privS(f);
149 privS.AccessKey().Precompute();
150 NR<SHA1>::Verifier pubS(privS);
151
152 pass = SignatureValidate(privS, pubS) && pass;
153 }
154 {
155 std::cout << "Generating new signature key..." << std::endl;
156 NR<SHA1>::Signer privS(GlobalRNG(), 256);
157 NR<SHA1>::Verifier pubS(privS);
158
159 pass = SignatureValidate(privS, pubS) && pass;
160 }
161 return pass;
162 }
163
ValidateDSA(bool thorough)164 bool ValidateDSA(bool thorough)
165 {
166 std::cout << "\nDSA validation suite running...\n\n";
167
168 bool pass = true;
169 FileSource fs1(DataDir("TestData/dsa1024.dat").c_str(), true, new HexDecoder);
170 DSA::Signer priv(fs1);
171 DSA::Verifier pub(priv);
172 FileSource fs2(DataDir("TestData/dsa1024b.dat").c_str(), true, new HexDecoder);
173 DSA::Verifier pub1(fs2);
174 CRYPTOPP_ASSERT(pub.GetKey() == pub1.GetKey());
175 pass = SignatureValidate(priv, pub, thorough) && pass;
176
177 return pass;
178 }
179
ValidateLUC_Sign()180 bool ValidateLUC_Sign()
181 {
182 FileSource f(DataDir("TestData/luc1024.dat").c_str(), true, new HexDecoder);
183 LUCSSA_PKCS1v15_SHA_Signer priv(f);
184 LUCSSA_PKCS1v15_SHA_Verifier pub(priv);
185 return SignatureValidate(priv, pub);
186 }
187
ValidateLUC_DL_Sign()188 bool ValidateLUC_DL_Sign()
189 {
190 std::cout << "\nLUC-HMP validation suite running...\n\n";
191
192 FileSource f(DataDir("TestData/lucs512.dat").c_str(), true, new HexDecoder);
193 LUC_HMP<SHA1>::Signer privS(f);
194 LUC_HMP<SHA1>::Verifier pubS(privS);
195 return SignatureValidate(privS, pubS);
196 }
197
ValidateRabin_Sign()198 bool ValidateRabin_Sign()
199 {
200 FileSource f(DataDir("TestData/rabi1024.dat").c_str(), true, new HexDecoder);
201 RabinSS<PSSR, SHA1>::Signer priv(f);
202 RabinSS<PSSR, SHA1>::Verifier pub(priv);
203 return SignatureValidate(priv, pub);
204 }
205
ValidateRW()206 bool ValidateRW()
207 {
208 std::cout << "\nRW validation suite running...\n\n";
209
210 FileSource f(DataDir("TestData/rw1024.dat").c_str(), true, new HexDecoder);
211 RWSS<PSSR, SHA1>::Signer priv(f);
212 RWSS<PSSR, SHA1>::Verifier pub(priv);
213
214 return SignatureValidate(priv, pub);
215 }
216
ValidateECP_Sign()217 bool ValidateECP_Sign()
218 {
219 ECDSA<ECP, SHA1>::Signer spriv(GlobalRNG(), ASN1::secp192r1());
220 ECDSA<ECP, SHA1>::Verifier spub(spriv);
221 ByteQueue bq;
222 spriv.GetKey().DEREncode(bq);
223 spub.AccessKey().AccessGroupParameters().SetEncodeAsOID(true);
224 spub.GetKey().DEREncode(bq);
225 spriv.AccessKey().BERDecode(bq);
226 spub.AccessKey().BERDecode(bq);
227
228 spriv.AccessKey().Precompute();
229 ByteQueue queue;
230 spriv.AccessKey().SavePrecomputation(queue);
231 spriv.AccessKey().LoadPrecomputation(queue);
232
233 return SignatureValidate(spriv, spub);
234 }
235
ValidateEC2N_Sign()236 bool ValidateEC2N_Sign()
237 {
238 // DEREncode() changed to Save() at Issue 569.
239 ECDSA<EC2N, SHA1>::Signer spriv(GlobalRNG(), ASN1::sect193r1());
240 ECDSA<EC2N, SHA1>::Verifier spub(spriv);
241 ByteQueue bq;
242 spriv.AccessMaterial().Save(bq);
243 spub.AccessKey().AccessGroupParameters().SetEncodeAsOID(true);
244 spub.AccessMaterial().Save(bq);
245 spriv.AccessMaterial().Load(bq);
246 spub.AccessMaterial().Load(bq);
247
248 spriv.AccessKey().Precompute();
249 ByteQueue queue;
250 spriv.AccessKey().SavePrecomputation(queue);
251 spriv.AccessKey().LoadPrecomputation(queue);
252
253 return SignatureValidate(spriv, spub);
254 }
255
ValidateECDSA()256 bool ValidateECDSA()
257 {
258 std::cout << "\nECDSA validation suite running...\n\n";
259
260 // from Sample Test Vectors for P1363
261 GF2NT gf2n(191, 9, 0);
262 byte a[]="\x28\x66\x53\x7B\x67\x67\x52\x63\x6A\x68\xF5\x65\x54\xE1\x26\x40\x27\x6B\x64\x9E\xF7\x52\x62\x67";
263 byte b[]="\x2E\x45\xEF\x57\x1F\x00\x78\x6F\x67\xB0\x08\x1B\x94\x95\xA3\xD9\x54\x62\xF5\xDE\x0A\xA1\x85\xEC";
264 EC2N ec(gf2n, PolynomialMod2(a,24), PolynomialMod2(b,24));
265
266 EC2N::Point P;
267 bool result = ec.DecodePoint(P, (byte *)"\x04\x36\xB3\xDA\xF8\xA2\x32\x06\xF9\xC4\xF2\x99\xD7\xB2\x1A\x9C\x36\x91\x37\xF2\xC8\x4A\xE1\xAA\x0D"
268 "\x76\x5B\xE7\x34\x33\xB3\xF9\x5E\x33\x29\x32\xE7\x0E\xA2\x45\xCA\x24\x18\xEA\x0E\xF9\x80\x18\xFB", ec.EncodedPointSize());
269 CRYPTOPP_ASSERT(result); CRYPTOPP_UNUSED(result);
270
271 Integer n("40000000000000000000000004a20e90c39067c893bbb9a5H");
272 Integer d("340562e1dda332f9d2aec168249b5696ee39d0ed4d03760fH");
273 EC2N::Point Q(ec.Multiply(d, P));
274 ECDSA<EC2N, SHA1>::Signer priv(ec, P, n, d);
275 ECDSA<EC2N, SHA1>::Verifier pub(priv);
276
277 Integer h("A9993E364706816ABA3E25717850C26C9CD0D89DH");
278 Integer k("3eeace72b4919d991738d521879f787cb590aff8189d2b69H");
279 const byte sig[]="\x03\x8e\x5a\x11\xfb\x55\xe4\xc6\x54\x71\xdc\xd4\x99\x84\x52\xb1\xe0\x2d\x8a\xf7\x09\x9b\xb9\x30"
280 "\x0c\x9a\x08\xc3\x44\x68\xc2\x44\xb4\xe5\xd6\xb2\x1b\x3c\x68\x36\x28\x07\x41\x60\x20\x32\x8b\x6e";
281 Integer r(sig, 24);
282 Integer s(sig+24, 24);
283
284 Integer rOut, sOut;
285 bool fail, pass=true;
286
287 priv.RawSign(k, h, rOut, sOut);
288 fail = (rOut != r) || (sOut != s);
289 pass = pass && !fail;
290
291 std::cout << (fail ? "FAILED " : "passed ");
292 std::cout << "signature check against test vector\n";
293
294 fail = !pub.VerifyMessage((byte *)"abc", 3, sig, sizeof(sig));
295 pass = pass && !fail;
296
297 std::cout << (fail ? "FAILED " : "passed ");
298 std::cout << "verification check against test vector\n";
299
300 fail = pub.VerifyMessage((byte *)"xyz", 3, sig, sizeof(sig));
301 pass = pass && !fail;
302
303 pass = SignatureValidate(priv, pub) && pass;
304
305 return pass;
306 }
307
ValidateECDSA_RFC6979()308 bool ValidateECDSA_RFC6979()
309 {
310 std::cout << "\nRFC6979 deterministic ECDSA validation suite running...\n\n";
311
312 DL_Algorithm_ECDSA_RFC6979<ECP, SHA256> sign;
313
314 const Integer x("09A4D6792295A7F730FC3F2B49CBC0F62E862272Fh");
315 const Integer e("AF2BDBE1AA9B6EC1E2ADE1D694F41FC71A831D0268E9891562113D8A62ADD1BFh");
316 const Integer q("4000000000000000000020108A2E0CC0D99F8A5EFh");
317 const Integer k("23AF4074C90A02B3FE61D286D5C87F425E6BDD81Bh");
318 const Integer &k_out = sign.GenerateRandom(x, q, e);
319
320 bool pass = (k_out == k);
321
322 std::cout << (pass ? "passed " : "FAILED ");
323 std::cout << "deterministic k generation against test vector\n";
324
325 return pass;
326 }
327
328 // from http://www.teletrust.de/fileadmin/files/oid/ecgdsa_final.pdf
ValidateECGDSA(bool thorough)329 bool ValidateECGDSA(bool thorough)
330 {
331 std::cout << "\nECGDSA validation suite running...\n\n";
332
333 bool fail, pass=true;
334
335 // 2.4.1 Examples of ECGDSA over GF(p) with the hash function RIPEMD-160 (p. 10)
336 if (thorough)
337 {
338 const OID oid = ASN1::brainpoolP192r1();
339 DL_GroupParameters_EC<ECP> params(oid);
340 Integer x("0x 80F2425E 89B4F585 F27F3536 ED834D68 E3E492DE 08FE84B9");
341 ECGDSA<ECP, RIPEMD160>::Signer signer(params, x);
342 ECGDSA<ECP, RIPEMD160>::Verifier verifier(signer);
343
344 Integer e("0x 00000000 577EF842 B32FDE45 79727FFF 02F7A280 74ADC4EF");
345 Integer k("0x 22C17C2A 367DD85A B8A365ED 06F19C43 F9ED1834 9A9BC044");
346
347 Integer r, s;
348 signer.RawSign(k, e, r, s);
349
350 Integer rExp("0x 2D017BE7 F117FF99 4ED6FC63 CA5B4C7A 0430E9FA 095DAFC4");
351 Integer sExp("0x C02B5CC5 C51D5411 060BF024 5049F824 839F671D 78A1BBF1");
352
353 fail = (r != rExp) || (s != sExp);
354 pass = pass && !fail;
355
356 const byte msg[] = "Example of ECGDSA with the hash function RIPEMD-160";
357 const size_t len = strlen((char*)msg);
358
359 byte signature[48];
360 r.Encode(signature+0, 24);
361 s.Encode(signature+24, 24);
362
363 fail = !verifier.VerifyMessage(msg, len, signature, sizeof(signature));
364 pass = pass && !fail;
365
366 std::cout << (fail ? "FAILED " : "passed ");
367 std::cout << "brainpoolP192r1 using RIPEMD-160\n";
368
369 fail = !SignatureValidate(signer, verifier);
370 pass = pass && !fail;
371 }
372
373 // 2.4.1 Examples of ECGDSA over GF(p) with the hash function RIPEMD-160 (p. 13)
374 if (thorough)
375 {
376 const OID oid = ASN1::brainpoolP256r1();
377 DL_GroupParameters_EC<ECP> params(oid);
378 Integer x("0x 47B3A278 62DEF037 49ACF0D6 00E69F9B 851D01ED AEFA531F 4D168E78 7307F4D8");
379 ECGDSA<ECP, RIPEMD160>::Signer signer(params, x);
380 ECGDSA<ECP, RIPEMD160>::Verifier verifier(signer);
381
382 Integer e("0x 00000000 00000000 00000000 577EF842 B32FDE45 79727FFF 02F7A280 74ADC4EF");
383 Integer k("0x 908E3099 776261A4 558FF7A9 FA6DFFE0 CA6BB3F9 CB35C2E4 E1DC73FD 5E8C08A3");
384
385 Integer r, s;
386 signer.RawSign(k, e, r, s);
387
388 Integer rExp("0x 62CCD1D2 91E62F6A 4FFBD966 C66C85AA BA990BB6 AB0C087D BD54A456 CCC84E4C");
389 Integer sExp("0x 9119719B 08EEA0D6 BC56E4D1 D37369BC F3768445 EF65CAE4 A37BF6D4 3BD01646");
390
391 fail = (r != rExp) || (s != sExp);
392 pass = pass && !fail;
393
394 const byte msg[] = "Example of ECGDSA with the hash function RIPEMD-160";
395 const size_t len = strlen((char*)msg);
396
397 byte signature[64];
398 r.Encode(signature+0, 32);
399 s.Encode(signature+32, 32);
400
401 fail = !verifier.VerifyMessage(msg, len, signature, sizeof(signature));
402 pass = pass && !fail;
403
404 std::cout << (fail ? "FAILED " : "passed ");
405 std::cout << "brainpoolP256r1 using RIPEMD-160\n";
406
407 fail = !SignatureValidate(signer, verifier);
408 pass = pass && !fail;
409 }
410
411 // 2.4.1 Examples of ECGDSA over GF(p) with the hash function RIPEMD-160 (p. 16)
412 if (thorough)
413 {
414 const OID oid = ASN1::brainpoolP320r1();
415 DL_GroupParameters_EC<ECP> params(oid);
416 Integer x("0x 48683594 5A3A284F FC52629A D48D8F37 F4B2E993 9C52BC72 362A9961 40192AEF 7D2AAFF0 C73A51C5");
417 ECGDSA<ECP, RIPEMD160>::Signer signer(params, x);
418 ECGDSA<ECP, RIPEMD160>::Verifier verifier(signer);
419
420 Integer e("0x 00000000 00000000 00000000 00000000 00000000 577EF842 B32FDE45 79727FFF 02F7A280 74ADC4EF");
421 Integer k("0x C70BC00A 77AD7872 5D36CEEC 27D6F956 FB546EEF 6DC90E35 31452BD8 7ECE8A4A 7AD730AD C299D81B");
422
423 Integer r, s;
424 signer.RawSign(k, e, r, s);
425
426 Integer rExp("0x 3C925969 FAB22F7A E7B8CC5D 50CB0867 DFDB2CF4 FADA3D49 0DF75D72 F7563186 419494C9 8F9C82A6");
427 Integer sExp("0x 06AB5250 B31A8E93 56194894 61733200 E4FD5C12 75C0AB37 E7E41149 5BAAE145 41DF6DE6 66B8CA56");
428
429 fail = (r != rExp) || (s != sExp);
430 pass = pass && !fail;
431
432 const byte msg[] = "Example of ECGDSA with the hash function RIPEMD-160";
433 const size_t len = strlen((char*)msg);
434
435 byte signature[80];
436 r.Encode(signature+0, 40);
437 s.Encode(signature+40, 40);
438
439 fail = !verifier.VerifyMessage(msg, len, signature, sizeof(signature));
440 pass = pass && !fail;
441
442 std::cout << (fail ? "FAILED " : "passed ");
443 std::cout << "brainpoolP320r1 using RIPEMD-160\n";
444
445 fail = !SignatureValidate(signer, verifier);
446 pass = pass && !fail;
447 }
448
449 // 2.4.1 Examples of ECGDSA over GF(p) with the hash function SHA-1 (p. 19)
450 {
451 const OID oid = ASN1::brainpoolP192r1();
452 DL_GroupParameters_EC<ECP> params(oid);
453 Integer x("0x 80F2425E 89B4F585 F27F3536 ED834D68 E3E492DE 08FE84B9");
454 ECGDSA<ECP, SHA1>::Signer signer(params, x);
455 ECGDSA<ECP, SHA1>::Verifier verifier(signer);
456
457 Integer e("0x 00000000 CF00CD42 CAA80DDF 8DDEBDFD 32F2DA15 11B53F29");
458 Integer k("0x 22C17C2A 367DD85A B8A365ED 06F19C43 F9ED1834 9A9BC044");
459
460 Integer r, s;
461 signer.RawSign(k, e, r, s);
462
463 Integer rExp("0x 2D017BE7 F117FF99 4ED6FC63 CA5B4C7A 0430E9FA 095DAFC4");
464 Integer sExp("0x 18FD604E 5F00F55B 3585C052 8C319A2B 05B8F2DD EE9CF1A6");
465
466 fail = (r != rExp) || (s != sExp);
467 pass = pass && !fail;
468
469 const byte msg[] = "Example of ECGDSA with the hash function SHA-1";
470 const size_t len = strlen((char*)msg);
471
472 byte signature[48];
473 r.Encode(signature+0, 24);
474 s.Encode(signature+24, 24);
475
476 fail = !verifier.VerifyMessage(msg, len, signature, sizeof(signature));
477 pass = pass && !fail;
478
479 std::cout << (fail ? "FAILED " : "passed ");
480 std::cout << "brainpoolP192r1 using SHA-1\n";
481
482 fail = !SignatureValidate(signer, verifier);
483 pass = pass && !fail;
484 }
485
486 // 2.4.1 Examples of ECGDSA over GF(p) with the hash function SHA-224 (p. 23)
487 {
488 const OID oid = ASN1::brainpoolP320r1();
489 DL_GroupParameters_EC<ECP> params(oid);
490 Integer x("0x 48683594 5A3A284F FC52629A D48D8F37 F4B2E993 9C52BC72 362A9961 40192AEF 7D2AAFF0 C73A51C5");
491 ECGDSA<ECP, SHA224>::Signer signer(params, x);
492 ECGDSA<ECP, SHA224>::Verifier verifier(signer);
493
494 Integer e("0x 00000000 00000000 00000000 92AE8A0E 8D08EADE E9426378 714FF3E0 1957587D 2876FA70 D40E3144");
495 Integer k("0x C70BC00A 77AD7872 5D36CEEC 27D6F956 FB546EEF 6DC90E35 31452BD8 7ECE8A4A 7AD730AD C299D81B");
496
497 Integer r, s;
498 signer.RawSign(k, e, r, s);
499
500 Integer rExp("0x 3C925969 FAB22F7A E7B8CC5D 50CB0867 DFDB2CF4 FADA3D49 0DF75D72 F7563186 419494C9 8F9C82A6");
501 Integer sExp("0x 6EA191CA 0D468AC3 E9568768 9338357C 7D0BACB3 F1D87E0D EC05F635 B7ADB842 75AA0086 60F812CF");
502
503 fail = (r != rExp) || (s != sExp);
504 pass = pass && !fail;
505
506 const byte msg[] = "Example of ECGDSA with the hash function SHA-224";
507 const size_t len = strlen((char*)msg);
508
509 byte signature[80];
510 r.Encode(signature+0, 40);
511 s.Encode(signature+40, 40);
512
513 fail = !verifier.VerifyMessage(msg, len, signature, sizeof(signature));
514 pass = pass && !fail;
515
516 std::cout << (fail ? "FAILED " : "passed ");
517 std::cout << "brainpoolP320r1 using SHA-224\n";
518
519 fail = !SignatureValidate(signer, verifier);
520 pass = pass && !fail;
521 }
522
523 // 2.4.1 Examples of ECGDSA over GF(p) with the hash function SHA-256 (p. 27)
524 {
525 const OID oid = ASN1::brainpoolP320r1();
526 DL_GroupParameters_EC<ECP> params(oid);
527 Integer x("0x 48683594 5A3A284F FC52629A D48D8F37 F4B2E993 9C52BC72 362A9961 40192AEF 7D2AAFF0 C73A51C5");
528 ECGDSA<ECP, SHA256>::Signer signer(params, x);
529 ECGDSA<ECP, SHA256>::Verifier verifier(signer);
530
531 Integer e("0x 00000000 00000000 37ED8AA9 4AE667DB BB753330 E050EB8E 12195807 ECDC4FB1 0E0662B4 22C219D7");
532 Integer k("0x C70BC00A 77AD7872 5D36CEEC 27D6F956 FB546EEF 6DC90E35 31452BD8 7ECE8A4A 7AD730AD C299D81B");
533
534 Integer r, s;
535 signer.RawSign(k, e, r, s);
536
537 Integer rExp("0x 3C925969 FAB22F7A E7B8CC5D 50CB0867 DFDB2CF4 FADA3D49 0DF75D72 F7563186 419494C9 8F9C82A6");
538 Integer sExp("0x 24370797 A9D11717 BBBB2B76 2E08ECD0 7DD7E033 F544E47C BF3C6D16 FD90B51D CC2E4DD8 E6ECD8CD");
539
540 fail = (r != rExp) || (s != sExp);
541 pass = pass && !fail;
542
543 const byte msg[] = "Example of ECGDSA with the hash function SHA-256";
544 const size_t len = strlen((char*)msg);
545
546 byte signature[80];
547 r.Encode(signature+0, 40);
548 s.Encode(signature+40, 40);
549
550 fail = !verifier.VerifyMessage(msg, len, signature, sizeof(signature));
551 pass = pass && !fail;
552
553 std::cout << (fail ? "FAILED " : "passed ");
554 std::cout << "brainpoolP320r1 using SHA-256\n";
555
556 fail = !SignatureValidate(signer, verifier);
557 pass = pass && !fail;
558 }
559
560 // 2.4.1 Examples of ECGDSA over GF(p) with the hash function SHA-384 (p. 34)
561 {
562 const OID oid = ASN1::brainpoolP512r1();
563 DL_GroupParameters_EC<ECP> params(oid);
564 Integer x("0x 92006A98 8AF96D91 57AADCF8 62716962 7CE2ECC4 C58ECE5C 1A0A8642 11AB764C 04236FA0 160857A7 8E71CCAE 4D79D52E 5A69A457 8AF50658 1F598FA9 B4F7DA68");
565 ECGDSA<ECP, SHA384>::Signer signer(params, x);
566 ECGDSA<ECP, SHA384>::Verifier verifier(signer);
567
568 Integer e("0x 00000000 00000000 00000000 00000000 68FEAB7D 8BF8A779 4466E447 5959946B 2136C084 A86090CA 8070C980 68B1250D 88213190 6B7E0CB8 475F9054 E9290C2E");
569 Integer k("0x 6942B01D 5901BEC1 506BB874 9618E22E C0FCD7F3 5159D51E D53BA77A 78752128 A58232AD 8E0E021A FDE1477F F4C74FDF FE88AE2D 15D89B56 F6D73C03 77631D2B");
570
571 Integer r, s;
572 signer.RawSign(k, e, r, s);
573
574 Integer rExp("0x 0104918B 2B32B1A5 49BD43C3 0092953B 4164CA01 A1A97B5B 0756EA06 3AC16B41 B88A1BAB 4538CD7D 8466180B 3E3F5C86 46AC4A45 F564E9B6 8FEE72ED 00C7AC48");
575 Integer sExp("0x 3D233E9F D9EB152E 889F4F7C F325B464 0894E5EA 44C51443 54305CD4 BF70D234 8257C2DB E06C5544 92CE9FDD 6861A565 77B53E5E E80E6062 31A4CF06 8FA1EC21");
576
577 fail = (r != rExp) || (s != sExp);
578 pass = pass && !fail;
579
580 const byte msg[] = "Example of ECGDSA with the hash function SHA-384";
581 const size_t len = strlen((char*)msg);
582
583 byte signature[128];
584 r.Encode(signature+0, 64);
585 s.Encode(signature+64, 64);
586
587 fail = !verifier.VerifyMessage(msg, len, signature, sizeof(signature));
588 pass = pass && !fail;
589
590 std::cout << (fail ? "FAILED " : "passed ");
591 std::cout << "brainpoolP512r1 using SHA-384\n";
592
593 fail = !SignatureValidate(signer, verifier);
594 pass = pass && !fail;
595 }
596
597 // 2.4.1 Examples of ECGDSA over GF(p) with the hash function SHA-512 (p. 38)
598 {
599 const OID oid = ASN1::brainpoolP512r1();
600 DL_GroupParameters_EC<ECP> params(oid);
601 Integer x("0x 92006A98 8AF96D91 57AADCF8 62716962 7CE2ECC4 C58ECE5C 1A0A8642 11AB764C 04236FA0 160857A7 8E71CCAE 4D79D52E 5A69A457 8AF50658 1F598FA9 B4F7DA68");
602 ECGDSA<ECP, SHA512>::Signer signer(params, x);
603 ECGDSA<ECP, SHA512>::Verifier verifier(signer);
604
605 Integer e("0x 1A95EF81 D213BD3B 8191E7FE 7F5BFD43 F51E3EE5 A4FD3D08 4A7C9BB5 411F4649 746AEBC6 623D4DEA 7E02DC5A 85E24AF2 96B5A555 AD470413 71E4BF64 380F3E34");
606 Integer k("0x 6942B01D 5901BEC1 506BB874 9618E22E C0FCD7F3 5159D51E D53BA77A 78752128 A58232AD 8E0E021A FDE1477F F4C74FDF FE88AE2D 15D89B56 F6D73C03 77631D2B");
607
608 Integer r, s;
609 signer.RawSign(k, e, r, s);
610
611 Integer rExp("0x 0104918B 2B32B1A5 49BD43C3 0092953B 4164CA01 A1A97B5B 0756EA06 3AC16B41 B88A1BAB 4538CD7D 8466180B 3E3F5C86 46AC4A45 F564E9B6 8FEE72ED 00C7AC48");
612 Integer sExp("0x 17A011F8 DD7B5665 2B27AA6D 6E7BDF3C 7C23B5FA 32910FBA A107E627 0E1CA8A7 A263F661 8E6098A0 D6CD6BA1 C03544C5 425875EC B3418AF5 A3EE3F32 143E48D2");
613
614 fail = (r != rExp) || (s != sExp);
615 pass = pass && !fail;
616
617 const byte msg[] = "Example of ECGDSA with the hash function SHA-512";
618 const size_t len = strlen((char*)msg);
619
620 byte signature[128];
621 r.Encode(signature+0, 64);
622 s.Encode(signature+64, 64);
623
624 fail = !verifier.VerifyMessage(msg, len, signature, sizeof(signature));
625 pass = pass && !fail;
626
627 std::cout << (fail ? "FAILED " : "passed ");
628 std::cout << "brainpoolP512r1 using SHA-512\n";
629
630 fail = !SignatureValidate(signer, verifier);
631 pass = pass && !fail;
632 }
633
634 return pass;
635 }
636
ValidateESIGN()637 bool ValidateESIGN()
638 {
639 std::cout << "\nESIGN validation suite running...\n\n";
640
641 bool pass = true, fail;
642
643 const char plain[] = "test";
644 const byte signature[] =
645 "\xA3\xE3\x20\x65\xDE\xDA\xE7\xEC\x05\xC1\xBF\xCD\x25\x79\x7D\x99\xCD\xD5\x73\x9D\x9D\xF3\xA4\xAA\x9A\xA4\x5A\xC8\x23\x3D\x0D\x37"
646 "\xFE\xBC\x76\x3F\xF1\x84\xF6\x59\x14\x91\x4F\x0C\x34\x1B\xAE\x9A\x5C\x2E\x2E\x38\x08\x78\x77\xCB\xDC\x3C\x7E\xA0\x34\x44\x5B\x0F"
647 "\x67\xD9\x35\x2A\x79\x47\x1A\x52\x37\x71\xDB\x12\x67\xC1\xB6\xC6\x66\x73\xB3\x40\x2E\xD6\xF2\x1A\x84\x0A\xB6\x7B\x0F\xEB\x8B\x88"
648 "\xAB\x33\xDD\xE4\x83\x21\x90\x63\x2D\x51\x2A\xB1\x6F\xAB\xA7\x5C\xFD\x77\x99\xF2\xE1\xEF\x67\x1A\x74\x02\x37\x0E\xED\x0A\x06\xAD"
649 "\xF4\x15\x65\xB8\xE1\xD1\x45\xAE\x39\x19\xB4\xFF\x5D\xF1\x45\x7B\xE0\xFE\x72\xED\x11\x92\x8F\x61\x41\x4F\x02\x00\xF2\x76\x6F\x7C"
650 "\x79\xA2\xE5\x52\x20\x5D\x97\x5E\xFE\x39\xAE\x21\x10\xFB\x35\xF4\x80\x81\x41\x13\xDD\xE8\x5F\xCA\x1E\x4F\xF8\x9B\xB2\x68\xFB\x28";
651
652 FileSource keys(DataDir("TestData/esig1536.dat").c_str(), true, new HexDecoder);
653 ESIGN<SHA1>::Signer signer(keys);
654 ESIGN<SHA1>::Verifier verifier(signer);
655
656 fail = !SignatureValidate(signer, verifier);
657 pass = pass && !fail;
658
659 fail = !verifier.VerifyMessage((byte *)plain, strlen(plain), signature, verifier.SignatureLength());
660 pass = pass && !fail;
661
662 std::cout << (fail ? "FAILED " : "passed ");
663 std::cout << "verification check against test vector\n";
664
665 std::cout << "Generating signature key from seed..." << std::endl;
666 signer.AccessKey().GenerateRandom(GlobalRNG(), MakeParameters("Seed", ConstByteArrayParameter((const byte *)"test", 4))("KeySize", 3*512));
667 verifier = signer;
668
669 fail = !SignatureValidate(signer, verifier);
670 pass = pass && !fail;
671
672 return pass;
673 }
674
ValidateEd25519()675 bool ValidateEd25519()
676 {
677 std::cout << "\ned25519 validation suite running...\n\n";
678 bool pass = true, fail;
679
680 const char plain[] = "test";
681 const byte signature[] =
682 "\x91\x12\x44\x91\xA5\x99\xF8\x49\xBA\xB2\xC4\xF2\xBA\x0B\xAA\x99"
683 "\xC8\xC5\xF5\x19\xDC\x07\xD4\x4C\xF7\x31\xDE\x2F\x2B\x81\xB2\x81"
684 "\xF6\xA7\xDE\x33\x29\xCA\x45\xAC\x69\x2A\x80\xB7\xDB\x7F\x07\x37"
685 "\x77\xC4\xBF\xC5\x45\x79\x3A\xAC\xB5\x16\xAE\x4E\xD9\x16\x95\x0E";
686
687 FileSource keys(DataDir("TestData/ed25519.dat").c_str(), true, new HexDecoder);
688 ed25519::Signer signer(keys);
689 ed25519::Verifier verifier(signer);
690
691 fail = !SignatureValidate(signer, verifier);
692 pass = pass && !fail;
693
694 fail = !verifier.VerifyMessage((byte *)plain, strlen(plain), signature, verifier.SignatureLength());
695 pass = pass && !fail;
696
697 std::cout << (fail ? "FAILED " : "passed ");
698 std::cout << "verification check against test vector\n";
699
700 return pass;
701 }
702
703 NAMESPACE_END // Test
704 NAMESPACE_END // CryptoPP
705