Security Scol plugin
fipstest.cpp
1// fipstest.cpp - originally written and placed in the public domain by Wei Dai
2
3#include "pch.h"
4#include "config.h"
5
6#ifndef CRYPTOPP_IMPORTS
7
8#define CRYPTOPP_DEFAULT_NO_DLL
9#include "dll.h"
10#include "cryptlib.h"
11#include "filters.h"
12#include "smartptr.h"
13#include "pkcspad.h"
14#include "misc.h"
15
16// Simply disable CRYPTOPP_WIN32_AVAILABLE for Windows Phone and Windows Store apps
17#ifdef CRYPTOPP_WIN32_AVAILABLE
18# if defined(WINAPI_FAMILY)
19# if !(WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP))
20# undef CRYPTOPP_WIN32_AVAILABLE
21# endif
22# endif
23#endif
24
25#ifdef CRYPTOPP_WIN32_AVAILABLE
26#ifndef _WIN32_WINNT
27#define _WIN32_WINNT 0x0400
28#endif
29
30#include <windows.h>
31
32#if defined(_MSC_VER) && _MSC_VER >= 1400
33# ifdef _M_IX86
34# define _CRT_DEBUGGER_HOOK _crt_debugger_hook
35# else
36# define _CRT_DEBUGGER_HOOK __crt_debugger_hook
37# endif
38# if _MSC_VER < 1900
39extern "C" {_CRTIMP void __cdecl _CRT_DEBUGGER_HOOK(int);}
40# else
41extern "C" {void __cdecl _CRT_DEBUGGER_HOOK(int); }
42# endif
43#endif
44#endif // CRYPTOPP_WIN32_AVAILABLE
45
46#include <sstream>
47#include <iostream>
48
49#if CRYPTOPP_MSC_VERSION
50# pragma warning(disable: 4100 4702)
51#endif
52
53NAMESPACE_BEGIN(CryptoPP)
54
55extern PowerUpSelfTestStatus g_powerUpSelfTestStatus;
56SecByteBlock g_actualMac;
57unsigned long g_macFileLocation = 0;
58
59// $ grep -iIR baseaddress *.*proj
60// cryptdll.vcxproj: <BaseAddress>0x42900000</BaseAddress>
61// cryptdll.vcxproj: <BaseAddress>0x42900000</BaseAddress>
62// cryptdll.vcxproj: <BaseAddress>0x42900000</BaseAddress>
63// cryptdll.vcxproj: <BaseAddress>0x42900000</BaseAddress>
64const void* g_BaseAddressOfMAC = reinterpret_cast<void*>(0x42900000);
65
66// use a random dummy string here, to be searched/replaced later with the real MAC
67static const byte s_moduleMac[CryptoPP::HMAC<CryptoPP::SHA1>::DIGESTSIZE] = CRYPTOPP_DUMMY_DLL_MAC;
68CRYPTOPP_COMPILE_ASSERT(sizeof(s_moduleMac) == CryptoPP::SHA1::DIGESTSIZE);
69
70#ifdef CRYPTOPP_WIN32_AVAILABLE
71static HMODULE s_hModule = NULLPTR;
72#endif
73
74const byte * CRYPTOPP_API GetActualMacAndLocation(unsigned int &macSize, unsigned int &fileLocation)
75{
76 macSize = (unsigned int)g_actualMac.size();
77 fileLocation = g_macFileLocation;
78 return g_actualMac;
79}
80
81void KnownAnswerTest(RandomNumberGenerator &rng, const char *output)
82{
83 EqualityComparisonFilter comparison;
84
85 RandomNumberStore(rng, strlen(output)/2).TransferAllTo(comparison, "0");
86 StringSource(output, true, new HexDecoder(new ChannelSwitch(comparison, "1")));
87
88 comparison.ChannelMessageSeriesEnd("0");
89 comparison.ChannelMessageSeriesEnd("1");
90}
91
92template <class CIPHER>
93void X917RNG_KnownAnswerTest(
94 const char *key,
95 const char *seed,
96 const char *deterministicTimeVector,
97 const char *output)
98{
99#ifdef OS_RNG_AVAILABLE
100 std::string decodedKey, decodedSeed, decodedDeterministicTimeVector;
101 StringSource(key, true, new HexDecoder(new StringSink(decodedKey)));
102 StringSource(seed, true, new HexDecoder(new StringSink(decodedSeed)));
103 StringSource(deterministicTimeVector, true, new HexDecoder(new StringSink(decodedDeterministicTimeVector)));
104
105 AutoSeededX917RNG<CIPHER> rng(false, false);
106 rng.Reseed((const byte *)decodedKey.data(), decodedKey.size(), (const byte *)decodedSeed.data(), (const byte *)decodedDeterministicTimeVector.data());
107 KnownAnswerTest(rng, output);
108#else
109 throw 0;
110#endif
111}
112
113void KnownAnswerTest(StreamTransformation &encryption, StreamTransformation &decryption, const char *plaintext, const char *ciphertext)
114{
115 EqualityComparisonFilter comparison;
116
117 StringSource(plaintext, true, new HexDecoder(new StreamTransformationFilter(encryption, new ChannelSwitch(comparison, "0"), StreamTransformationFilter::NO_PADDING)));
118 StringSource(ciphertext, true, new HexDecoder(new ChannelSwitch(comparison, "1")));
119
120 StringSource(ciphertext, true, new HexDecoder(new StreamTransformationFilter(decryption, new ChannelSwitch(comparison, "0"), StreamTransformationFilter::NO_PADDING)));
121 StringSource(plaintext, true, new HexDecoder(new ChannelSwitch(comparison, "1")));
122
123 comparison.ChannelMessageSeriesEnd("0");
124 comparison.ChannelMessageSeriesEnd("1");
125}
126
127template <class CIPHER>
128void SymmetricEncryptionKnownAnswerTest(
129 const char *key,
130 const char *hexIV,
131 const char *plaintext,
132 const char *ecb,
133 const char *cbc,
134 const char *cfb,
135 const char *ofb,
136 const char *ctr)
137{
138 std::string decodedKey;
139 StringSource(key, true, new HexDecoder(new StringSink(decodedKey)));
140
141 typename CIPHER::Encryption encryption((const byte *)decodedKey.data(), decodedKey.size());
142 typename CIPHER::Decryption decryption((const byte *)decodedKey.data(), decodedKey.size());
143
144 SecByteBlock iv(encryption.BlockSize());
145 StringSource(hexIV, true, new HexDecoder(new ArraySink(iv, iv.size())));
146
147 if (ecb)
148 KnownAnswerTest(ECB_Mode_ExternalCipher::Encryption(encryption).Ref(), ECB_Mode_ExternalCipher::Decryption(decryption).Ref(), plaintext, ecb);
149 if (cbc)
150 KnownAnswerTest(CBC_Mode_ExternalCipher::Encryption(encryption, iv).Ref(), CBC_Mode_ExternalCipher::Decryption(decryption, iv).Ref(), plaintext, cbc);
151 if (cfb)
152 KnownAnswerTest(CFB_Mode_ExternalCipher::Encryption(encryption, iv).Ref(), CFB_Mode_ExternalCipher::Decryption(encryption, iv).Ref(), plaintext, cfb);
153 if (ofb)
154 KnownAnswerTest(OFB_Mode_ExternalCipher::Encryption(encryption, iv).Ref(), OFB_Mode_ExternalCipher::Decryption(encryption, iv).Ref(), plaintext, ofb);
155 if (ctr)
156 KnownAnswerTest(CTR_Mode_ExternalCipher::Encryption(encryption, iv).Ref(), CTR_Mode_ExternalCipher::Decryption(encryption, iv).Ref(), plaintext, ctr);
157}
158
159void KnownAnswerTest(HashTransformation &hash, const char *message, const char *digest)
160{
161 EqualityComparisonFilter comparison;
162 StringSource(digest, true, new HexDecoder(new ChannelSwitch(comparison, "1")));
163 StringSource(message, true, new HashFilter(hash, new ChannelSwitch(comparison, "0")));
164
165 comparison.ChannelMessageSeriesEnd("0");
166 comparison.ChannelMessageSeriesEnd("1");
167}
168
169template <class HASH>
170void SecureHashKnownAnswerTest(const char *message, const char *digest)
171{
172 HASH hash;
173 KnownAnswerTest(hash, message, digest);
174}
175
176template <class MAC>
177void MAC_KnownAnswerTest(const char *key, const char *message, const char *digest)
178{
179 std::string decodedKey;
180 StringSource(key, true, new HexDecoder(new StringSink(decodedKey)));
181
182 MAC mac((const byte *)decodedKey.data(), decodedKey.size());
183 KnownAnswerTest(mac, message, digest);
184}
185
186template <class SCHEME>
187void SignatureKnownAnswerTest(const char *key, const char *message, const char *signature)
188{
189 typename SCHEME::Signer signer(StringSource(key, true, new HexDecoder).Ref());
190 typename SCHEME::Verifier verifier(signer);
191
192 RandomPool rng;
193 EqualityComparisonFilter comparison;
194
195 StringSource(message, true, new SignerFilter(rng, signer, new ChannelSwitch(comparison, "0")));
196 StringSource(signature, true, new HexDecoder(new ChannelSwitch(comparison, "1")));
197
198 comparison.ChannelMessageSeriesEnd("0");
199 comparison.ChannelMessageSeriesEnd("1");
200
202 StringSource(signature, true, new HexDecoder(new Redirector(verifierFilter, Redirector::DATA_ONLY)));
203 StringSource(message, true, new Redirector(verifierFilter));
204}
205
206void EncryptionPairwiseConsistencyTest(const PK_Encryptor &encryptor, const PK_Decryptor &decryptor)
207{
208 try
209 {
210 RandomPool rng;
211 const char *testMessage ="test message";
212 std::string ciphertext, decrypted;
213
215 testMessage,
216 true,
218 rng,
219 encryptor,
220 new StringSink(ciphertext)));
221
222 if (ciphertext == testMessage)
223 throw 0;
224
226 ciphertext,
227 true,
229 rng,
230 decryptor,
231 new StringSink(decrypted)));
232
233 if (decrypted != testMessage)
234 throw 0;
235 }
236 catch (...)
237 {
238 throw SelfTestFailure(encryptor.AlgorithmName() + ": pairwise consistency test failed");
239 }
240}
241
242void SignaturePairwiseConsistencyTest(const PK_Signer &signer, const PK_Verifier &verifier)
243{
244 try
245 {
246 RandomPool rng;
247
249 "test message",
250 true,
251 new SignerFilter(
252 rng,
253 signer,
255 true));
256 }
257 catch (...)
258 {
259 throw SelfTestFailure(signer.AlgorithmName() + ": pairwise consistency test failed");
260 }
261}
262
263template <class SCHEME>
264void SignaturePairwiseConsistencyTest(const char *key)
265{
266 typename SCHEME::Signer signer(StringSource(key, true, new HexDecoder).Ref());
267 typename SCHEME::Verifier verifier(signer);
268
269 SignaturePairwiseConsistencyTest(signer, verifier);
270}
271
273{
274 byte key[] = {0x47, 0x1E, 0x33, 0x96, 0x65, 0xB1, 0x6A, 0xED, 0x0B, 0xF8, 0x6B, 0xFD, 0x01, 0x65, 0x05, 0xCC};
275 return new HMAC<SHA1>(key, sizeof(key));
276}
277
278bool IntegrityCheckModule(const char *moduleFilename, const byte *expectedModuleMac, SecByteBlock *pActualMac, unsigned long *pMacFileLocation)
279{
281 unsigned int macSize = mac->DigestSize();
282
283 SecByteBlock tempMac;
284 SecByteBlock &actualMac = pActualMac ? *pActualMac : tempMac;
285 actualMac.resize(macSize);
286
287 unsigned long tempLocation = 0;
288 unsigned long &macFileLocation = pMacFileLocation ? *pMacFileLocation : tempLocation;
289 macFileLocation = 0;
290
291 MeterFilter verifier(new HashFilter(*mac, new ArraySink(actualMac, actualMac.size())));
292// MeterFilter verifier(new FileSink("c:\\dt.tmp"));
293 std::ifstream moduleStream;
294
295#ifdef CRYPTOPP_WIN32_AVAILABLE
296 HMODULE h = NULLPTR;
297 {
298 const size_t FIPS_MODULE_MAX_PATH = 2*MAX_PATH;
299 char moduleFilenameBuf[FIPS_MODULE_MAX_PATH] = "";
300 if (moduleFilename == NULLPTR)
301 {
302#if (_MSC_VER >= 1400 && !defined(_STLPORT_VERSION)) // ifstream doesn't support wide filename on other compilers
303 wchar_t wideModuleFilename[FIPS_MODULE_MAX_PATH];
304 if (GetModuleFileNameW(s_hModule, wideModuleFilename, FIPS_MODULE_MAX_PATH) > 0)
305 {
306 moduleStream.open(wideModuleFilename, std::ios::in | std::ios::binary);
307 h = GetModuleHandleW(wideModuleFilename);
308 }
309 else
310#endif
311 {
312 GetModuleFileNameA(s_hModule, moduleFilenameBuf, FIPS_MODULE_MAX_PATH);
313 moduleFilename = moduleFilenameBuf;
314 }
315 }
316#endif
317 if (moduleFilename != NULLPTR)
318 {
319 moduleStream.open(moduleFilename, std::ios::in | std::ios::binary);
320#ifdef CRYPTOPP_WIN32_AVAILABLE
321 h = GetModuleHandleA(moduleFilename);
322 moduleFilename = NULLPTR;
323 }
324#endif
325 }
326
327#ifdef CRYPTOPP_WIN32_AVAILABLE
328 if (h == g_BaseAddressOfMAC)
329 {
330 std::ostringstream oss;
331 oss << "Crypto++ DLL loaded at base address " << std::hex << h << ".\n";
332 OutputDebugStringA(oss.str().c_str());
333 }
334 else
335 {
336 std::ostringstream oss;
337 oss << "Crypto++ DLL integrity check may fail. Expected module base address is ";
338 oss << std::hex << g_BaseAddressOfMAC << ", but module loaded at " << h << ".\n";
339 OutputDebugStringA(oss.str().c_str());
340 }
341#endif
342
343 if (!moduleStream)
344 {
345#ifdef CRYPTOPP_WIN32_AVAILABLE
346 OutputDebugStringA("Crypto++ DLL integrity check failed. Cannot open file for reading.");
347#endif
348 return false;
349 }
350 FileStore file(moduleStream);
351
352#ifdef CRYPTOPP_WIN32_AVAILABLE
353 // try to hash from memory first
354 const byte *memBase = (const byte *)h;
355 const IMAGE_DOS_HEADER *ph = (IMAGE_DOS_HEADER *)memBase;
356 const IMAGE_NT_HEADERS *phnt = (IMAGE_NT_HEADERS *)(memBase + ph->e_lfanew);
357 const IMAGE_SECTION_HEADER *phs = IMAGE_FIRST_SECTION(phnt);
358 DWORD nSections = phnt->FileHeader.NumberOfSections;
359 size_t currentFilePos = 0;
360
361 size_t checksumPos = (byte *)&phnt->OptionalHeader.CheckSum - memBase;
362 size_t checksumSize = sizeof(phnt->OptionalHeader.CheckSum);
363 size_t certificateTableDirectoryPos = (byte *)&phnt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY] - memBase;
364 size_t certificateTableDirectorySize = sizeof(phnt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY]);
365 size_t certificateTablePos = phnt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY].VirtualAddress;
366 size_t certificateTableSize = phnt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY].Size;
367
368 verifier.AddRangeToSkip(0, checksumPos, checksumSize);
369 verifier.AddRangeToSkip(0, certificateTableDirectoryPos, certificateTableDirectorySize);
370 verifier.AddRangeToSkip(0, certificateTablePos, certificateTableSize);
371
372 while (nSections--)
373 {
374 switch (phs->Characteristics)
375 {
376 default:
377 break;
378 case IMAGE_SCN_CNT_CODE | IMAGE_SCN_MEM_EXECUTE | IMAGE_SCN_MEM_READ:
379 case IMAGE_SCN_CNT_INITIALIZED_DATA | IMAGE_SCN_MEM_READ:
380 unsigned int sectionSize = STDMIN(phs->SizeOfRawData, phs->Misc.VirtualSize);
381 const byte *sectionMemStart = memBase + phs->VirtualAddress;
382 unsigned int sectionFileStart = phs->PointerToRawData;
383 size_t subSectionStart = 0, nextSubSectionStart;
384
385 do
386 {
387 const byte *subSectionMemStart = sectionMemStart + subSectionStart;
388 size_t subSectionFileStart = sectionFileStart + subSectionStart;
389 size_t subSectionSize = sectionSize - subSectionStart;
390 nextSubSectionStart = 0;
391
392 unsigned int entriesToReadFromDisk[] = {IMAGE_DIRECTORY_ENTRY_IMPORT, IMAGE_DIRECTORY_ENTRY_IAT};
393 for (unsigned int i=0; i<sizeof(entriesToReadFromDisk)/sizeof(entriesToReadFromDisk[0]); i++)
394 {
395 const IMAGE_DATA_DIRECTORY &entry = phnt->OptionalHeader.DataDirectory[entriesToReadFromDisk[i]];
396 const byte *entryMemStart = memBase + entry.VirtualAddress;
397 if (subSectionMemStart <= entryMemStart && entryMemStart < subSectionMemStart + subSectionSize)
398 {
399 subSectionSize = entryMemStart - subSectionMemStart;
400 nextSubSectionStart = entryMemStart - sectionMemStart + entry.Size;
401 }
402 }
403
404 // Visual Studio 2019 is MSC_VER == 1920
405 // https://dev.to/yumetodo/list-of-mscver-and-mscfullver-8nds
406#if (_MSC_VER >= 1400 && _MSC_VER < 1920) && (defined(_M_IX86) || defined(_M_X64))
407 // first byte of _CRT_DEBUGGER_HOOK gets modified in memory by the debugger invisibly, so read it from file
408 if (IsDebuggerPresent())
409 {
410 if (subSectionMemStart <= (byte *)&_CRT_DEBUGGER_HOOK && (byte *)&_CRT_DEBUGGER_HOOK < subSectionMemStart + subSectionSize)
411 {
412 subSectionSize = (byte *)&_CRT_DEBUGGER_HOOK - subSectionMemStart;
413 nextSubSectionStart = (byte *)&_CRT_DEBUGGER_HOOK - sectionMemStart + 1;
414 }
415 }
416#endif
417
418 if (subSectionMemStart <= expectedModuleMac && expectedModuleMac < subSectionMemStart + subSectionSize)
419 {
420 // found stored MAC
421 macFileLocation = (unsigned long)(subSectionFileStart + (expectedModuleMac - subSectionMemStart));
422 verifier.AddRangeToSkip(0, macFileLocation, macSize);
423 }
424
425 file.TransferTo(verifier, subSectionFileStart - currentFilePos);
426 verifier.Put(subSectionMemStart, subSectionSize);
427 file.Skip(subSectionSize);
428 currentFilePos = subSectionFileStart + subSectionSize;
429 subSectionStart = nextSubSectionStart;
430 } while (nextSubSectionStart != 0);
431 }
432 phs++;
433 }
434#endif
435 file.TransferAllTo(verifier);
436
437#ifdef CRYPTOPP_WIN32_AVAILABLE
438 // if that fails (could be caused by debug breakpoints or DLL base relocation modifying image in memory),
439 // hash from disk instead
440 if (!VerifyBufsEqual(expectedModuleMac, actualMac, macSize))
441 {
442 OutputDebugStringA("Crypto++ DLL in-memory integrity check failed. This may be caused by debug breakpoints or DLL relocation.\n");
443 moduleStream.clear();
444 moduleStream.seekg(0);
445 verifier.Initialize(MakeParameters(Name::OutputBuffer(), ByteArrayParameter(actualMac, (unsigned int)actualMac.size())));
446// verifier.Initialize(MakeParameters(Name::OutputFileName(), (const char *)"c:\\dt2.tmp"));
447 verifier.AddRangeToSkip(0, checksumPos, checksumSize);
448 verifier.AddRangeToSkip(0, certificateTableDirectoryPos, certificateTableDirectorySize);
449 verifier.AddRangeToSkip(0, certificateTablePos, certificateTableSize);
450 verifier.AddRangeToSkip(0, macFileLocation, macSize);
451 FileStore(moduleStream).TransferAllTo(verifier);
452 }
453#endif
454
455 if (VerifyBufsEqual(expectedModuleMac, actualMac, macSize))
456 return true;
457
458#ifdef CRYPTOPP_WIN32_AVAILABLE
459 std::string hexMac;
460 HexEncoder(new StringSink(hexMac)).PutMessageEnd(actualMac, actualMac.size());
461 OutputDebugStringA((("Crypto++ DLL integrity check failed. Actual MAC is: " + hexMac) + ".\n").c_str());
462#endif
463 return false;
464}
465
466void DoPowerUpSelfTest(const char *moduleFilename, const byte *expectedModuleMac)
467{
468 g_powerUpSelfTestStatus = POWER_UP_SELF_TEST_NOT_DONE;
469 SetPowerUpSelfTestInProgressOnThisThread(true);
470
471 try
472 {
473 if (FIPS_140_2_ComplianceEnabled() || expectedModuleMac != NULLPTR)
474 {
475 if (!IntegrityCheckModule(moduleFilename, expectedModuleMac, &g_actualMac, &g_macFileLocation))
476 throw 0; // throw here so we break in the debugger, this will be caught right away
477 }
478
479 // algorithm tests
480
481 X917RNG_KnownAnswerTest<AES>(
482 "2b7e151628aed2a6abf7158809cf4f3c", // key
483 "000102030405060708090a0b0c0d0e0f", // seed
484 "00000000000000000000000000000001", // time vector
485 "D176EDD27493B0395F4D10546232B0693DC7061C03C3A554F09CECF6F6B46D945A"); // output
486
487 SymmetricEncryptionKnownAnswerTest<DES_EDE3>(
488 "385D7189A5C3D485E1370AA5D408082B5CCCCB5E19F2D90E",
489 "C141B5FCCD28DC8A",
490 "6E1BD7C6120947A464A6AAB293A0F89A563D8D40D3461B68",
491 "64EAAD4ACBB9CEAD6C7615E7C7E4792FE587D91F20C7D2F4",
492 "6235A461AFD312973E3B4F7AA7D23E34E03371F8E8C376C9",
493 "E26BA806A59B0330DE40CA38E77A3E494BE2B212F6DD624B",
494 "E26BA806A59B03307DE2BCC25A08BA40A8BA335F5D604C62",
495 "E26BA806A59B03303C62C2EFF32D3ACDD5D5F35EBCC53371");
496
497 SymmetricEncryptionKnownAnswerTest<SKIPJACK>(
498 "1555E5531C3A169B2D65",
499 "6EC9795701F49864",
500 "00AFA48E9621E52E8CBDA312660184EDDB1F33D9DACDA8DA",
501 "DBEC73562EFCAEB56204EB8AE9557EBF77473FBB52D17CD1",
502 "0C7B0B74E21F99B8F2C8DF37879F6C044967F42A796DCA8B",
503 "79FDDA9724E36CC2E023E9A5C717A8A8A7FDA465CADCBF63",
504 "79FDDA9724E36CC26CACBD83C1ABC06EAF5B249BE5B1E040",
505 "79FDDA9724E36CC211B0AEC607B95A96BCDA318440B82F49");
506
507 SymmetricEncryptionKnownAnswerTest<AES>(
508 "2b7e151628aed2a6abf7158809cf4f3c",
509 "000102030405060708090a0b0c0d0e0f",
510 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710", // plaintext
511 "3ad77bb40d7a3660a89ecaf32466ef97f5d3d58503b9699de785895a96fdbaaf43b1cd7f598ece23881b00e3ed0306887b0c785e27e8ad3f8223207104725dd4", // ecb
512 "7649abac8119b246cee98e9b12e9197d5086cb9b507219ee95db113a917678b273bed6b8e3c1743b7116e69e222295163ff1caa1681fac09120eca307586e1a7", // cbc
513 "3b3fd92eb72dad20333449f8e83cfb4ac8a64537a0b3a93fcde3cdad9f1ce58b26751f67a3cbb140b1808cf187a4f4dfc04b05357c5d1c0eeac4c66f9ff7f2e6", // cfb
514 "3b3fd92eb72dad20333449f8e83cfb4a7789508d16918f03f53c52dac54ed8259740051e9c5fecf64344f7a82260edcc304c6528f659c77866a510d9c1d6ae5e", // ofb
515 NULLPTR);
516
517 SymmetricEncryptionKnownAnswerTest<AES>(
518 "2b7e151628aed2a6abf7158809cf4f3c",
519 "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
520 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
521 NULLPTR,
522 NULLPTR,
523 NULLPTR,
524 NULLPTR,
525 "874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff5ae4df3edbd5d35e5b4f09020db03eab1e031dda2fbe03d1792170a0f3009cee"); // ctr
526
527
528 SecureHashKnownAnswerTest<SHA1>(
529 "abc",
530 "A9993E364706816ABA3E25717850C26C9CD0D89D");
531
532 SecureHashKnownAnswerTest<SHA224>(
533 "abc",
534 "23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7");
535
536 SecureHashKnownAnswerTest<SHA256>(
537 "abc",
538 "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad");
539
540 SecureHashKnownAnswerTest<SHA384>(
541 "abc",
542 "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7");
543
544 SecureHashKnownAnswerTest<SHA512>(
545 "abc",
546 "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f");
547
548 MAC_KnownAnswerTest<HMAC<SHA1> >(
549 "303132333435363738393a3b3c3d3e3f40414243",
550 "Sample #2",
551 "0922d3405faa3d194f82a45830737d5cc6c75d24");
552
553 const char *keyRSA1 =
554 "30820150020100300d06092a864886f70d01010105000482013a3082013602010002400a66791dc6988168de7ab77419bb7fb0"
555 "c001c62710270075142942e19a8d8c51d053b3e3782a1de5dc5af4ebe99468170114a1dfe67cdc9a9af55d655620bbab0203010001"
556 "02400123c5b61ba36edb1d3679904199a89ea80c09b9122e1400c09adcf7784676d01d23356a7d44d6bd8bd50e94bfc723fa"
557 "87d8862b75177691c11d757692df8881022033d48445c859e52340de704bcdda065fbb4058d740bd1d67d29e9c146c11cf61"
558 "0220335e8408866b0fd38dc7002d3f972c67389a65d5d8306566d5c4f2a5aa52628b0220045ec90071525325d3d46db79695e9af"
559 "acc4523964360e02b119baa366316241022015eb327360c7b60d12e5e2d16bdcd97981d17fba6b70db13b20b436e24eada590220"
560 "2ca6366d72781dfa24d34a9a24cbc2ae927a9958af426563ff63fb11658a461d";
561
562 const char *keyRSA2 =
563 "30820273020100300D06092A864886F70D01010105000482025D3082025902010002818100D40AF9"
564 "A2B713034249E5780056D70FC7DE75D76E44565AA6A6B8ED9646F3C19F9E254D72D7DE6E49DB2264"
565 "0C1D05AB9E2A5F901D8F3FE1F7AE02CEE2ECCE54A40ABAE55A004692752E70725AEEE7CDEA67628A"
566 "82A9239B4AB660C2BC56D9F01E90CBAAB9BF0FC8E17173CEFC5709A29391A7DDF3E0B758691AAF30"
567 "725B292F4F020111027F18C0BA087D082C45D75D3594E0767E4820818EB35612B80CEAB8C880ACA5"
568 "44B6876DFFEF85A576C0D45B551AFAA1FD63209CD745DF75C5A0F0B580296EA466CD0338207E4752"
569 "FF4E7DB724D8AE18CE5CF4153BB94C27869FBB50E64F02546E4B02997A0B8623E64017CC770759C6"
570 "695DB649EEFD829D688D441BCC4E7348F1024100EF86DD7AF3F32CDE8A9F6564E43A559A0C9F8BAD"
571 "36CC25330548B347AC158A345631FA90F7B873C36EFFAE2F7823227A3F580B5DD18304D5932751E7"
572 "43E9234F024100E2A039854B55688740E32A51DF4AF88613D91A371CF8DDD95D780A89D7CF2119A9"
573 "54F1AC0F3DCDB2F6959926E6D9D37D8BC07A4C634DE6F16315BD5F0DAC340102407ECEEDB9903572"
574 "1B76909F174BA6698DCA72953D957B22C0A871C8531EDE3A1BB52984A719BC010D1CA57A555DB83F"
575 "6DE54CBAB932AEC652F38D497A6F3F30CF024100854F30E4FF232E6DADB2CD99926855F484255AB7"
576 "01FBCDCB27EC426F33A7046972AA700ADBCA008763DF87440F52F4E070531AC385B55AAC1C2AE7DD"
577 "8F9278F1024100C313F4AF9E4A9DE1253C21080CE524251560C111550772FD08690F13FBE658342E"
578 "BD2D41C9DCB12374E871B1839E26CAE252E1AE3DAAD5F1EE1F42B4D0EE7581";
579
580 SignatureKnownAnswerTest<RSASS<PKCS1v15, SHA1> >(
581 keyRSA1,
582 "Everyone gets Friday off.",
583 "0610761F95FFD1B8F29DA34212947EC2AA0E358866A722F03CC3C41487ADC604A48FF54F5C6BEDB9FB7BD59F82D6E55D8F3174BA361B2214B2D74E8825E04E81");
584
585 SignatureKnownAnswerTest<RSASS_ISO<SHA1> >(
586 keyRSA2,
587 "test",
588 "32F6BA41C8930DE71EE67F2627172CC539EDE04267FDE03AC295E3C50311F26C3B275D3AF513AC96"
589 "8EE493BAB7DA3A754661D1A7C4A0D1A2B7EE8B313AACD8CB8BFBC5C15EFB0EF15C86A9334A1E87AD"
590 "291EB961B5CA0E84930429B28780816AA94F96FC2367B71E2D2E4866FA966795B147F00600E5207E"
591 "2F189C883B37477C");
592
593 SignaturePairwiseConsistencyTest<DSA>(
594 "3082014A0201003082012B06072A8648CE3804013082011E02818100F468699A6F6EBCC0120D3B34C8E007F125EC7D81F763B8D0F33869AE3BD6B9F2ECCC7DF34DF84C0307449E9B85D30D57194BCCEB310F48141914DD13A077AAF9B624A6CBE666BBA1D7EBEA95B5BA6F54417FD5D4E4220C601E071D316A24EA814E8B0122DBF47EE8AEEFD319EBB01DD95683F10DBB4FEB023F8262A07EAEB7FD02150082AD4E034DA6EEACDFDAE68C36F2BAD614F9E53B02818071AAF73361A26081529F7D84078ADAFCA48E031DB54AD57FB1A833ADBD8672328AABAA0C756247998D7A5B10DACA359D231332CE8120B483A784FE07D46EEBFF0D7D374A10691F78653E6DC29E27CCB1B174923960DFE5B959B919B2C3816C19251832AFD8E35D810E598F82877ABF7D40A041565168BD7F0E21E3FE2A8D8C1C0416021426EBA66E846E755169F84A1DA981D86502405DDF");
595
596 SignaturePairwiseConsistencyTest<ECDSA<EC2N, SHA1> >(
597 "302D020100301006072A8648CE3D020106052B8104000404163014020101040F0070337065E1E196980A9D00E37211");
598
599 SignaturePairwiseConsistencyTest<ECDSA<ECP, SHA1> >(
600 "3039020100301306072A8648CE3D020106082A8648CE3D030101041F301D02010104182BB8A13C8B867010BD9471D9E81FDB01ABD0538C64D6249A");
601
602 SignaturePairwiseConsistencyTest<RSASS<PSS, SHA1> >(keyRSA1);
603 }
604 catch (...)
605 {
606 g_powerUpSelfTestStatus = POWER_UP_SELF_TEST_FAILED;
607 goto done;
608 }
609
610 g_powerUpSelfTestStatus = POWER_UP_SELF_TEST_PASSED;
611
612done:
613 SetPowerUpSelfTestInProgressOnThisThread(false);
614 return;
615}
616
617#ifdef CRYPTOPP_WIN32_AVAILABLE
618
620{
621 CryptoPP::DoPowerUpSelfTest(NULLPTR, s_moduleMac);
622}
623
624#else
625
627{
628 throw NotImplemented("DoDllPowerUpSelfTest() only available on Windows");
629}
630
631#endif // #ifdef CRYPTOPP_WIN32_AVAILABLE
632
633NAMESPACE_END
634
635#ifdef CRYPTOPP_WIN32_AVAILABLE
636
637// DllMain needs to be in the global namespace
638BOOL APIENTRY DllMain(HANDLE hModule,
639 DWORD dwReason,
640 LPVOID /*lpReserved*/)
641{
642 if (dwReason == DLL_PROCESS_ATTACH)
643 {
644 CryptoPP::s_hModule = (HMODULE)hModule;
645 //CryptoPP::DoDllPowerUpSelfTest();
646 }
647 return TRUE;
648}
649
650#endif // #ifdef CRYPTOPP_WIN32_AVAILABLE
651
652#endif // #ifndef CRYPTOPP_IMPORTS
AlgorithmParameters MakeParameters(const char *name, const T &value, bool throwIfNotUsed=true)
Create an object that implements NameValuePairs.
Definition algparam.h:508
virtual std::string AlgorithmName() const
Provides the name of this algorithm.
Definition cryptlib.h:619
Copy input to a memory buffer.
Definition filters.h:1200
void TransferAllTo(BufferedTransformation &target, const std::string &channel=DEFAULT_CHANNEL)
Transfer all bytes from this object to another BufferedTransformation.
Definition cryptlib.h:2093
size_t PutMessageEnd(const byte *inString, size_t length, int propagation=-1, bool blocking=true)
Input multiple bytes for processing and signal the end of a message.
Definition cryptlib.h:1757
lword TransferTo(BufferedTransformation &target, lword transferMax=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL)
move transferMax bytes of the buffered output to target as input
Definition cryptlib.h:1991
size_t Put(byte inByte, bool blocking=true)
Input a byte for processing.
Definition cryptlib.h:1673
Used to pass byte array input as part of a NameValuePairs object.
Definition algparam.h:99
Route input to different and/or multiple channels based on channel ID.
Definition channels.h:97
Filter that checks messages on two channels for equality.
Definition mqueue.h:98
Implementation of Store interface.
Definition files.h:23
lword Skip(lword skipMax=ULONG_MAX)
Discard skipMax bytes from the output buffer.
Definition files.cpp:208
void Initialize(const NameValuePairs &parameters=g_nullNameValuePairs, int propagation=-1)
Initialize or reinitialize this object, with signal propagation.
Definition filters.cpp:71
HMAC.
Definition hmac.h:53
Filter wrapper for HashTransformation.
Definition filters.h:582
Interface for hash functions and data processing part of MACs.
Definition cryptlib.h:1113
Decode base 16 data back to bytes.
Definition hex.h:35
Converts given data to base 16.
Definition hex.h:16
Interface for message authentication codes.
Definition cryptlib.h:1299
Measure how many bytes and messages pass through the filter.
Definition filters.h:233
void AddRangeToSkip(unsigned int message, lword position, lword size, bool sortNow=true)
Adds a range to skip during processing.
Definition filters.cpp:166
A method was called which was not implemented.
Definition cryptlib.h:233
Filter wrapper for PK_Decryptor.
Definition filters.h:1110
Interface for public-key decryptors.
Definition cryptlib.h:2733
Filter wrapper for PK_Encryptor.
Definition filters.h:1095
Interface for public-key encryptors.
Definition cryptlib.h:2698
Interface for public-key signers.
Definition cryptlib.h:2877
Interface for public-key signature verifiers.
Definition cryptlib.h:2941
Interface for random number generators.
Definition cryptlib.h:1435
RNG-based implementation of Source interface.
Definition filters.h:1291
Randomness Pool based on AES-256.
Definition randpool.h:44
Redirect input to another BufferedTransformation without owning it.
Definition filters.h:884
@ DATA_ONLY
Pass data only.
Definition filters.h:891
size_type size() const
Provides the count of elements in the SecBlock.
Definition secblock.h:867
void resize(size_type newSize)
Change size and preserve contents.
Definition secblock.h:1198
Filter wrapper for PK_Verifier.
Definition filters.h:823
@ SIGNATURE_AT_BEGIN
The signature is at the beginning of the message (i.e., concatenation of signature+message)
Definition filters.h:840
@ THROW_EXCEPTION
The filter should throw a HashVerificationFailed if a failure is encountered.
Definition filters.h:848
Filter wrapper for PK_Signer.
Definition filters.h:794
Filter wrapper for StreamTransformation.
Definition filters.h:532
Interface for the data processing portion of stream ciphers.
Definition cryptlib.h:946
String-based implementation of the Source interface.
Definition filters.h:1459
Pointer that overloads operator ->
Definition smartptr.h:38
Library configuration file.
Abstract base classes that provide a uniform interface to this library.
Functions and definitions required for building the FIPS-140 DLL on Windows.
Implementation of BufferedTransformation's attachment interface.
CRYPTOPP_DLL MessageAuthenticationCode *CRYPTOPP_API NewIntegrityCheckingMAC()
Class object that calculates the MAC on the module.
Definition fipstest.cpp:272
CRYPTOPP_DLL void CRYPTOPP_API DoDllPowerUpSelfTest()
Performs the power-up self test on the DLL.
Definition fipstest.cpp:626
PowerUpSelfTestStatus
Status of the power-up self test.
Definition fips140.h:37
@ POWER_UP_SELF_TEST_NOT_DONE
The self tests have not been performed.
Definition fips140.h:40
@ POWER_UP_SELF_TEST_PASSED
The self tests were executed via DoPowerUpSelfTest() or DoDllPowerUpSelfTest(), and the result was su...
Definition fips140.h:46
@ POWER_UP_SELF_TEST_FAILED
The self tests were executed via DoPowerUpSelfTest() or DoDllPowerUpSelfTest(), but the result was fa...
Definition fips140.h:43
CRYPTOPP_DLL bool CRYPTOPP_API IntegrityCheckModule(const char *moduleFilename, const byte *expectedModuleMac, SecByteBlock *pActualMac=NULLPTR, unsigned long *pMacFileLocation=NULLPTR)
Verifies the MAC on the module.
Definition fipstest.cpp:278
CRYPTOPP_DLL void CRYPTOPP_API DoPowerUpSelfTest(const char *moduleFilename, const byte *expectedModuleMac)
Performs the power-up self test.
Definition fipstest.cpp:466
#define CRYPTOPP_DUMMY_DLL_MAC
The placeholder used prior to embedding the actual MAC in the module.
Definition fips140.h:108
Utility functions for the Crypto++ library.
const T & STDMIN(const T &a, const T &b)
Replacement function for std::min.
Definition misc.h:655
Precompiled header file.
Classes for PKCS padding schemes.
Classes for automatic resource management.
@ NO_PADDING
No padding added to a block.
Definition filters.h:504