diff options
| author | Jeffrey Walton <noloader@gmail.com> | 2019-08-05 03:51:58 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-08-05 03:51:58 -0400 |
| commit | c9ef9420e762b91cc06463d349cf06e04c749b9d (patch) | |
| tree | 69a074fcf855a9f8b04d12b359904217e9ea618f /validat7.cpp | |
| parent | b3eb4c6a690d6dfb342856f2a66a71dcec8c429b (diff) | |
| download | cryptopp-git-c9ef9420e762b91cc06463d349cf06e04c749b9d.tar.gz | |
Fix ECP leakage in Add() and Double() (GH #869, PR #871)
This check-in provides the fix for leaks in ECP's Add() and Double(). The fixes were taken from Joost Renes, Craig Costello, and Lejla Batina's [Complete addition formulas for prime order elliptic curves](https://eprint.iacr.org/2015/1060.pdf).
The Pull Request includes two additional changes that were related to testing the primary fix. First, an `AuthenticatedKeyAgreementWithRolesValidate` interface was added. It allows us to test key agreement when roles are involved. Roles are "client", "server", "initiator", "recipient", etc.
Second, `SetGlobalSeed` was added to `test.cpp` to help with reproducible results. We had code in two different places that set the seed value for the random number generator. But it was sloppy and doing a poor job since results could not be reproduced under some circumstances.
Diffstat (limited to 'validat7.cpp')
| -rw-r--r-- | validat7.cpp | 46 |
1 files changed, 38 insertions, 8 deletions
diff --git a/validat7.cpp b/validat7.cpp index 97f1f81b..3567b3c8 100644 --- a/validat7.cpp +++ b/validat7.cpp @@ -76,7 +76,7 @@ bool ValidateMQV() bool ValidateHMQV()
{
std::cout << "\nHMQV validation suite running...\n\n";
- bool success = true;
+ bool success = true, fail;
FileSource f256(DataDir("TestData/hmqv256.dat").c_str(), true, new HexDecoder);
FileSource f384(DataDir("TestData/hmqv384.dat").c_str(), true, new HexDecoder);
@@ -91,7 +91,12 @@ bool ValidateHMQV() const OID oid = ASN1::secp256r1();
ECHMQV< ECP >::Domain hmqvA256(oid, true /*client*/);
- success = AuthenticatedKeyAgreementWithRolesValidate(hmqvA256, hmqvB256) && success;
+ fail = !AuthenticatedKeyAgreementWithRolesValidate(hmqvA256, hmqvB256);
+ success = !fail && success;
+ if (fail == false)
+ std::cout << "passed authenticated key agreement" << std::endl;
+ else
+ std::cout << "FAILED authenticated key agreement" << std::endl;
/////////////////////////
@@ -102,7 +107,12 @@ bool ValidateHMQV() const OID oid384 = ASN1::secp384r1();
ECHMQV384 hmqvA384(oid384, true /*client*/);
- success = AuthenticatedKeyAgreementWithRolesValidate(hmqvA384, hmqvB384) && success;
+ fail = !AuthenticatedKeyAgreementWithRolesValidate(hmqvA384, hmqvB384);
+ success = !fail && success;
+ if (fail == false)
+ std::cout << "passed authenticated key agreement" << std::endl;
+ else
+ std::cout << "FAILED authenticated key agreement" << std::endl;
/////////////////////////
@@ -113,7 +123,12 @@ bool ValidateHMQV() const OID oid521 = ASN1::secp521r1();
ECHMQV512 hmqvA521(oid521, true /*client*/);
- success = AuthenticatedKeyAgreementWithRolesValidate(hmqvA521, hmqvB521) && success;
+ fail = !AuthenticatedKeyAgreementWithRolesValidate(hmqvA521, hmqvB521);
+ success = !fail && success;
+ if (fail == false)
+ std::cout << "passed authenticated key agreement" << std::endl;
+ else
+ std::cout << "FAILED authenticated key agreement" << std::endl;
return success;
}
@@ -121,7 +136,7 @@ bool ValidateHMQV() bool ValidateFHMQV()
{
std::cout << "\nFHMQV validation suite running...\n\n";
- bool success = true;
+ bool success = true, fail;
FileSource f256(DataDir("TestData/fhmqv256.dat").c_str(), true, new HexDecoder);
FileSource f384(DataDir("TestData/fhmqv384.dat").c_str(), true, new HexDecoder);
@@ -136,7 +151,12 @@ bool ValidateFHMQV() const OID oid = ASN1::secp256r1();
ECFHMQV< ECP >::Domain fhmqvA256(oid, true /*client*/);
- success = AuthenticatedKeyAgreementWithRolesValidate(fhmqvA256, fhmqvB256) && success;
+ fail = !AuthenticatedKeyAgreementWithRolesValidate(fhmqvA256, fhmqvB256);
+ success = !fail && success;
+ if (fail == false)
+ std::cout << "passed authenticated key agreement" << std::endl;
+ else
+ std::cout << "FAILED authenticated key agreement" << std::endl;
/////////////////////////
@@ -147,7 +167,12 @@ bool ValidateFHMQV() const OID oid384 = ASN1::secp384r1();
ECHMQV384 fhmqvA384(oid384, true /*client*/);
- success = AuthenticatedKeyAgreementWithRolesValidate(fhmqvA384, fhmqvB384) && success;
+ fail = !AuthenticatedKeyAgreementWithRolesValidate(fhmqvA384, fhmqvB384);
+ success = !fail && success;
+ if (fail == false)
+ std::cout << "passed authenticated key agreement" << std::endl;
+ else
+ std::cout << "FAILED authenticated key agreement" << std::endl;
/////////////////////////
@@ -158,7 +183,12 @@ bool ValidateFHMQV() const OID oid521 = ASN1::secp521r1();
ECHMQV512 fhmqvA521(oid521, true /*client*/);
- success = AuthenticatedKeyAgreementWithRolesValidate(fhmqvA521, fhmqvB521) && success;
+ fail = !AuthenticatedKeyAgreementWithRolesValidate(fhmqvA521, fhmqvB521);
+ success = !fail && success;
+ if (fail == false)
+ std::cout << "passed authenticated key agreement" << std::endl;
+ else
+ std::cout << "FAILED authenticated key agreement" << std::endl;
return success;
}
|