From 7eeb954b2338b0fbaf845e34d47a90cd5219809b Mon Sep 17 00:00:00 2001 From: Jeffrey Walton Date: Sat, 3 Aug 2019 16:32:36 -0400 Subject: Add AuthenticatedKeyAgreementValidateWithRoles free standing test function --- validat7.cpp | 213 ++++++++++------------------------------------------------- 1 file changed, 35 insertions(+), 178 deletions(-) (limited to 'validat7.cpp') diff --git a/validat7.cpp b/validat7.cpp index ad8bf755..db5e73f2 100644 --- a/validat7.cpp +++ b/validat7.cpp @@ -76,234 +76,91 @@ bool ValidateMQV() bool ValidateHMQV() { std::cout << "\nHMQV validation suite running...\n\n"; + bool success = true; - ECHMQV256 hmqvB(false); FileSource f256(DataDir("TestData/hmqv256.dat").c_str(), true, new HexDecoder); FileSource f384(DataDir("TestData/hmqv384.dat").c_str(), true, new HexDecoder); FileSource f512(DataDir("TestData/hmqv512.dat").c_str(), true, new HexDecoder); - hmqvB.AccessGroupParameters().BERDecode(f256); - std::cout << "HMQV with NIST P-256 and SHA-256:" << std::endl; + ///////////////////////// - if (hmqvB.GetCryptoParameters().Validate(GlobalRNG(), 3)) - std::cout << "passed authenticated key agreement domain parameters validation (server)" << std::endl; - else - { - std::cout << "FAILED authenticated key agreement domain parameters invalid (server)" << std::endl; - return false; - } + std::cout << "HMQV with NIST P-256 and SHA-256:" << std::endl; + ECHMQV256 hmqvB256(false); + hmqvB256.AccessGroupParameters().BERDecode(f256); const OID oid = ASN1::secp256r1(); - ECHMQV< ECP >::Domain hmqvA(oid, true /*client*/); - - if (hmqvA.GetCryptoParameters().Validate(GlobalRNG(), 3)) - std::cout << "passed authenticated key agreement domain parameters validation (client)" << std::endl; - else - { - std::cout << "FAILED authenticated key agreement domain parameters invalid (client)" << std::endl; - return false; - } - - SecByteBlock sprivA(hmqvA.StaticPrivateKeyLength()), sprivB(hmqvB.StaticPrivateKeyLength()); - SecByteBlock eprivA(hmqvA.EphemeralPrivateKeyLength()), eprivB(hmqvB.EphemeralPrivateKeyLength()); - SecByteBlock spubA(hmqvA.StaticPublicKeyLength()), spubB(hmqvB.StaticPublicKeyLength()); - SecByteBlock epubA(hmqvA.EphemeralPublicKeyLength()), epubB(hmqvB.EphemeralPublicKeyLength()); - SecByteBlock valA(hmqvA.AgreedValueLength()), valB(hmqvB.AgreedValueLength()); - - hmqvA.GenerateStaticKeyPair(GlobalRNG(), sprivA, spubA); - hmqvB.GenerateStaticKeyPair(GlobalRNG(), sprivB, spubB); - hmqvA.GenerateEphemeralKeyPair(GlobalRNG(), eprivA, epubA); - hmqvB.GenerateEphemeralKeyPair(GlobalRNG(), eprivB, epubB); - - std::memset(valA.begin(), 0x00, valA.size()); - std::memset(valB.begin(), 0x11, valB.size()); + ECHMQV< ECP >::Domain hmqvA256(oid, true /*client*/); - if (!(hmqvA.Agree(valA, sprivA, eprivA, spubB, epubB) && hmqvB.Agree(valB, sprivB, eprivB, spubA, epubA))) - { - std::cout << "FAILED authenticated key agreement failed" << std::endl; - return false; - } + success = AuthenticatedKeyAgreementValidateWithRoles(hmqvA256, hmqvB256) && success; - if (memcmp(valA.begin(), valB.begin(), hmqvA.AgreedValueLength())) - { - std::cout << "FAILED authenticated agreed values not equal" << std::endl; - return false; - } + ///////////////////////// - std::cout << "passed authenticated key agreement" << std::endl; - - // Now test HMQV with NIST P-384 curve and SHA384 hash - std::cout << std::endl; std::cout << "HMQV with NIST P-384 and SHA-384:" << std::endl; ECHMQV384 hmqvB384(false); hmqvB384.AccessGroupParameters().BERDecode(f384); - - if (hmqvB384.GetCryptoParameters().Validate(GlobalRNG(), 3)) - std::cout << "passed authenticated key agreement domain parameters validation (server)" << std::endl; - else - { - std::cout << "FAILED authenticated key agreement domain parameters invalid (server)" << std::endl; - return false; - } - const OID oid384 = ASN1::secp384r1(); ECHMQV384 hmqvA384(oid384, true /*client*/); - if (hmqvA384.GetCryptoParameters().Validate(GlobalRNG(), 3)) - std::cout << "passed authenticated key agreement domain parameters validation (client)" << std::endl; - else - { - std::cout << "FAILED authenticated key agreement domain parameters invalid (client)" << std::endl; - return false; - } - - SecByteBlock sprivA384(hmqvA384.StaticPrivateKeyLength()), sprivB384(hmqvB384.StaticPrivateKeyLength()); - SecByteBlock eprivA384(hmqvA384.EphemeralPrivateKeyLength()), eprivB384(hmqvB384.EphemeralPrivateKeyLength()); - SecByteBlock spubA384(hmqvA384.StaticPublicKeyLength()), spubB384(hmqvB384.StaticPublicKeyLength()); - SecByteBlock epubA384(hmqvA384.EphemeralPublicKeyLength()), epubB384(hmqvB384.EphemeralPublicKeyLength()); - SecByteBlock valA384(hmqvA384.AgreedValueLength()), valB384(hmqvB384.AgreedValueLength()); + success = AuthenticatedKeyAgreementValidateWithRoles(hmqvA384, hmqvB384) && success; - hmqvA384.GenerateStaticKeyPair(GlobalRNG(), sprivA384, spubA384); - hmqvB384.GenerateStaticKeyPair(GlobalRNG(), sprivB384, spubB384); - hmqvA384.GenerateEphemeralKeyPair(GlobalRNG(), eprivA384, epubA384); - hmqvB384.GenerateEphemeralKeyPair(GlobalRNG(), eprivB384, epubB384); + ///////////////////////// - std::memset(valA384.begin(), 0x00, valA384.size()); - std::memset(valB384.begin(), 0x11, valB384.size()); + std::cout << "HMQV with NIST P-521 and SHA-512:" << std::endl; - if (!(hmqvA384.Agree(valA384, sprivA384, eprivA384, spubB384, epubB384) && hmqvB384.Agree(valB384, sprivB384, eprivB384, spubA384, epubA384))) - { - std::cout << "FAILED authenticated key agreement failed" << std::endl; - return false; - } - - if (memcmp(valA384.begin(), valB384.begin(), hmqvA384.AgreedValueLength())) - { - std::cout << "FAILED authenticated agreed values not equal" << std::endl; - return false; - } + ECHMQV512 hmqvB521(false); + hmqvB521.AccessGroupParameters().BERDecode(f512); + const OID oid521 = ASN1::secp521r1(); + ECHMQV512 hmqvA521(oid521, true /*client*/); - std::cout << "passed authenticated key agreement" << std::endl; + success = AuthenticatedKeyAgreementValidateWithRoles(hmqvA521, hmqvB521) && success; - return true; + return success; } bool ValidateFHMQV() { -std::cout << "\nFHMQV validation suite running...\n\n"; + std::cout << "\nFHMQV validation suite running...\n\n"; + bool success = true; - //ECFHMQV< ECP >::Domain fhmqvB(false /*server*/); - ECFHMQV256 fhmqvB(false); FileSource f256(DataDir("TestData/fhmqv256.dat").c_str(), true, new HexDecoder); FileSource f384(DataDir("TestData/fhmqv384.dat").c_str(), true, new HexDecoder); FileSource f512(DataDir("TestData/fhmqv512.dat").c_str(), true, new HexDecoder); - fhmqvB.AccessGroupParameters().BERDecode(f256); - std::cout << "FHMQV with NIST P-256 and SHA-256:" << std::endl; + ///////////////////////// - if (fhmqvB.GetCryptoParameters().Validate(GlobalRNG(), 3)) - std::cout << "passed authenticated key agreement domain parameters validation (server)" << std::endl; - else - { - std::cout << "FAILED authenticated key agreement domain parameters invalid (server)" << std::endl; - return false; - } + std::cout << "FHMQV with NIST P-256 and SHA-256:" << std::endl; + ECFHMQV256 fhmqvB256(false); + fhmqvB256.AccessGroupParameters().BERDecode(f256); const OID oid = ASN1::secp256r1(); - ECFHMQV< ECP >::Domain fhmqvA(oid, true /*client*/); - - if (fhmqvA.GetCryptoParameters().Validate(GlobalRNG(), 3)) - std::cout << "passed authenticated key agreement domain parameters validation (client)" << std::endl; - else - { - std::cout << "FAILED authenticated key agreement domain parameters invalid (client)" << std::endl; - return false; - } - - SecByteBlock sprivA(fhmqvA.StaticPrivateKeyLength()), sprivB(fhmqvB.StaticPrivateKeyLength()); - SecByteBlock eprivA(fhmqvA.EphemeralPrivateKeyLength()), eprivB(fhmqvB.EphemeralPrivateKeyLength()); - SecByteBlock spubA(fhmqvA.StaticPublicKeyLength()), spubB(fhmqvB.StaticPublicKeyLength()); - SecByteBlock epubA(fhmqvA.EphemeralPublicKeyLength()), epubB(fhmqvB.EphemeralPublicKeyLength()); - SecByteBlock valA(fhmqvA.AgreedValueLength()), valB(fhmqvB.AgreedValueLength()); - - fhmqvA.GenerateStaticKeyPair(GlobalRNG(), sprivA, spubA); - fhmqvB.GenerateStaticKeyPair(GlobalRNG(), sprivB, spubB); - fhmqvA.GenerateEphemeralKeyPair(GlobalRNG(), eprivA, epubA); - fhmqvB.GenerateEphemeralKeyPair(GlobalRNG(), eprivB, epubB); - - std::memset(valA.begin(), 0x00, valA.size()); - std::memset(valB.begin(), 0x11, valB.size()); + ECFHMQV< ECP >::Domain fhmqvA256(oid, true /*client*/); - if (!(fhmqvA.Agree(valA, sprivA, eprivA, spubB, epubB) && fhmqvB.Agree(valB, sprivB, eprivB, spubA, epubA))) - { - std::cout << "FAILED authenticated key agreement failed" << std::endl; - return false; - } + success = AuthenticatedKeyAgreementValidateWithRoles(fhmqvA256, fhmqvB256) && success; - if (memcmp(valA.begin(), valB.begin(), fhmqvA.AgreedValueLength())) - { - std::cout << "FAILED authenticated agreed values not equal" << std::endl; - return false; - } + ///////////////////////// - std::cout << "passed authenticated key agreement" << std::endl; - - // Now test FHMQV with NIST P-384 curve and SHA384 hash - std::cout << std::endl; std::cout << "FHMQV with NIST P-384 and SHA-384:" << std::endl; ECHMQV384 fhmqvB384(false); fhmqvB384.AccessGroupParameters().BERDecode(f384); - - if (fhmqvB384.GetCryptoParameters().Validate(GlobalRNG(), 3)) - std::cout << "passed authenticated key agreement domain parameters validation (server)" << std::endl; - else - { - std::cout << "FAILED authenticated key agreement domain parameters invalid (server)" << std::endl; - return false; - } - const OID oid384 = ASN1::secp384r1(); ECHMQV384 fhmqvA384(oid384, true /*client*/); - if (fhmqvA384.GetCryptoParameters().Validate(GlobalRNG(), 3)) - std::cout << "passed authenticated key agreement domain parameters validation (client)" << std::endl; - else - { - std::cout << "FAILED authenticated key agreement domain parameters invalid (client)" << std::endl; - return false; - } - - SecByteBlock sprivA384(fhmqvA384.StaticPrivateKeyLength()), sprivB384(fhmqvB384.StaticPrivateKeyLength()); - SecByteBlock eprivA384(fhmqvA384.EphemeralPrivateKeyLength()), eprivB384(fhmqvB384.EphemeralPrivateKeyLength()); - SecByteBlock spubA384(fhmqvA384.StaticPublicKeyLength()), spubB384(fhmqvB384.StaticPublicKeyLength()); - SecByteBlock epubA384(fhmqvA384.EphemeralPublicKeyLength()), epubB384(fhmqvB384.EphemeralPublicKeyLength()); - SecByteBlock valA384(fhmqvA384.AgreedValueLength()), valB384(fhmqvB384.AgreedValueLength()); + success = AuthenticatedKeyAgreementValidateWithRoles(fhmqvA384, fhmqvB384) && success; - fhmqvA384.GenerateStaticKeyPair(GlobalRNG(), sprivA384, spubA384); - fhmqvB384.GenerateStaticKeyPair(GlobalRNG(), sprivB384, spubB384); - fhmqvA384.GenerateEphemeralKeyPair(GlobalRNG(), eprivA384, epubA384); - fhmqvB384.GenerateEphemeralKeyPair(GlobalRNG(), eprivB384, epubB384); + ///////////////////////// - std::memset(valA384.begin(), 0x00, valA384.size()); - std::memset(valB384.begin(), 0x11, valB384.size()); + std::cout << "FHMQV with NIST P-521 and SHA-512:" << std::endl; - if (!(fhmqvA384.Agree(valA384, sprivA384, eprivA384, spubB384, epubB384) && fhmqvB384.Agree(valB384, sprivB384, eprivB384, spubA384, epubA384))) - { - std::cout << "FAILED authenticated key agreement failed" << std::endl; - return false; - } - - if (memcmp(valA384.begin(), valB384.begin(), fhmqvA384.AgreedValueLength())) - { - std::cout << "FAILED authenticated agreed values not equal" << std::endl; - return false; - } + ECHMQV512 fhmqvB521(false); + fhmqvB521.AccessGroupParameters().BERDecode(f512); + const OID oid521 = ASN1::secp521r1(); + ECHMQV512 fhmqvA521(oid521, true /*client*/); - std::cout << "passed authenticated key agreement" << std::endl; + success = AuthenticatedKeyAgreementValidateWithRoles(fhmqvA521, fhmqvB521) && success; - return true; + return success; } bool ValidateLUC_DH() -- cgit v1.2.1