|
1
by weidai
Initial revision |
1 |
// fipstest.cpp - written and placed in the public domain by Wei Dai
|
2 |
||
3 |
#include "pch.h" |
|
|
75
by weidai
create DLL version, fix GetNextIV() bug in CTR and OFB modes |
4 |
|
5 |
#ifndef CRYPTOPP_IMPORTS
|
|
6 |
||
|
80
by weidai
fix GCC compile |
7 |
#define CRYPTOPP_DEFAULT_NO_DLL
|
|
75
by weidai
create DLL version, fix GetNextIV() bug in CTR and OFB modes |
8 |
#include "dll.h" |
|
78
by weidai
merge in 5.0.4 changes (exclude DES and SHA-2 from DLL), |
9 |
|
10 |
#ifdef CRYPTOPP_WIN32_AVAILABLE
|
|
|
218
by weidai
change DLL integrity self-test to allow DLL to be Authenticode signed |
11 |
#define _WIN32_WINNT 0x0400
|
|
75
by weidai
create DLL version, fix GetNextIV() bug in CTR and OFB modes |
12 |
#include <windows.h> |
|
218
by weidai
change DLL integrity self-test to allow DLL to be Authenticode signed |
13 |
|
|
232
by weidai
port to GCC 4, reorganize implementations of SetKey |
14 |
#if defined(_MSC_VER) && _MSC_VER >= 1400
|
|
218
by weidai
change DLL integrity self-test to allow DLL to be Authenticode signed |
15 |
#ifdef _M_IX86
|
16 |
#define _CRT_DEBUGGER_HOOK _crt_debugger_hook
|
|
17 |
#else
|
|
18 |
#define _CRT_DEBUGGER_HOOK __crt_debugger_hook
|
|
19 |
#endif
|
|
20 |
extern "C" {_CRTIMP void __cdecl _CRT_DEBUGGER_HOOK(int);} |
|
21 |
#endif
|
|
|
78
by weidai
merge in 5.0.4 changes (exclude DES and SHA-2 from DLL), |
22 |
#endif
|
|
1
by weidai
Initial revision |
23 |
|
|
318
by weidai
change default FIPS RNG to use AES instead of DES_EDE |
24 |
#include <iostream> |
25 |
||
|
1
by weidai
Initial revision |
26 |
NAMESPACE_BEGIN(CryptoPP) |
27 |
||
28 |
extern PowerUpSelfTestStatus g_powerUpSelfTestStatus; |
|
|
75
by weidai
create DLL version, fix GetNextIV() bug in CTR and OFB modes |
29 |
SecByteBlock g_actualMac; |
30 |
unsigned long g_macFileLocation = 0; |
|
31 |
||
|
222
by weidai
fix self-test when installed into unicode paths |
32 |
// use a random dummy string here, to be searched/replaced later with the real MAC
|
33 |
static const byte s_moduleMac[CryptoPP::HMAC<CryptoPP::SHA1>::DIGESTSIZE] = CRYPTOPP_DUMMY_DLL_MAC; |
|
34 |
CRYPTOPP_COMPILE_ASSERT(sizeof(s_moduleMac) == CryptoPP::SHA1::DIGESTSIZE); |
|
35 |
||
36 |
#ifdef CRYPTOPP_WIN32_AVAILABLE
|
|
37 |
static HMODULE s_hModule = NULL; |
|
38 |
#endif
|
|
39 |
||
|
75
by weidai
create DLL version, fix GetNextIV() bug in CTR and OFB modes |
40 |
const byte * CRYPTOPP_API GetActualMacAndLocation(unsigned int &macSize, unsigned int &fileLocation) |
41 |
{
|
|
|
184
by weidai
port to MSVC .NET 2005 beta 2 |
42 |
macSize = (unsigned int)g_actualMac.size(); |
|
75
by weidai
create DLL version, fix GetNextIV() bug in CTR and OFB modes |
43 |
fileLocation = g_macFileLocation; |
44 |
return g_actualMac; |
|
45 |
}
|
|
|
1
by weidai
Initial revision |
46 |
|
|
7
by weidai
bug fixes and KAT for X9.17 RNG |
47 |
void KnownAnswerTest(RandomNumberGenerator &rng, const char *output) |
48 |
{
|
|
49 |
EqualityComparisonFilter comparison; |
|
50 |
||
51 |
RandomNumberStore(rng, strlen(output)/2).TransferAllTo(comparison, "0"); |
|
52 |
StringSource(output, true, new HexDecoder(new ChannelSwitch(comparison, "1"))); |
|
53 |
||
54 |
comparison.ChannelMessageSeriesEnd("0"); |
|
55 |
comparison.ChannelMessageSeriesEnd("1"); |
|
56 |
}
|
|
57 |
||
58 |
template <class CIPHER> |
|
59 |
void X917RNG_KnownAnswerTest( |
|
60 |
const char *key, |
|
61 |
const char *seed, |
|
|
181
by weidai
changes done for FIPS-140 lab code drop |
62 |
const char *deterministicTimeVector, |
|
7
by weidai
bug fixes and KAT for X9.17 RNG |
63 |
const char *output, |
64 |
CIPHER *dummy = NULL) |
|
65 |
{
|
|
|
43
by weidai
fix bug in Grouper |
66 |
#ifdef OS_RNG_AVAILABLE
|
|
181
by weidai
changes done for FIPS-140 lab code drop |
67 |
std::string decodedKey, decodedSeed, decodedDeterministicTimeVector; |
|
7
by weidai
bug fixes and KAT for X9.17 RNG |
68 |
StringSource(key, true, new HexDecoder(new StringSink(decodedKey))); |
69 |
StringSource(seed, true, new HexDecoder(new StringSink(decodedSeed))); |
|
|
181
by weidai
changes done for FIPS-140 lab code drop |
70 |
StringSource(deterministicTimeVector, true, new HexDecoder(new StringSink(decodedDeterministicTimeVector))); |
|
7
by weidai
bug fixes and KAT for X9.17 RNG |
71 |
|
72 |
AutoSeededX917RNG<CIPHER> rng; |
|
|
181
by weidai
changes done for FIPS-140 lab code drop |
73 |
rng.Reseed((const byte *)decodedKey.data(), decodedKey.size(), (const byte *)decodedSeed.data(), (const byte *)decodedDeterministicTimeVector.data()); |
|
7
by weidai
bug fixes and KAT for X9.17 RNG |
74 |
KnownAnswerTest(rng, output); |
|
43
by weidai
fix bug in Grouper |
75 |
#else
|
76 |
throw 0; |
|
77 |
#endif
|
|
|
7
by weidai
bug fixes and KAT for X9.17 RNG |
78 |
}
|
79 |
||
|
1
by weidai
Initial revision |
80 |
void KnownAnswerTest(StreamTransformation &encryption, StreamTransformation &decryption, const char *plaintext, const char *ciphertext) |
81 |
{
|
|
82 |
EqualityComparisonFilter comparison; |
|
83 |
||
84 |
StringSource(plaintext, true, new HexDecoder(new StreamTransformationFilter(encryption, new ChannelSwitch(comparison, "0"), StreamTransformationFilter::NO_PADDING))); |
|
85 |
StringSource(ciphertext, true, new HexDecoder(new ChannelSwitch(comparison, "1"))); |
|
86 |
||
87 |
StringSource(ciphertext, true, new HexDecoder(new StreamTransformationFilter(decryption, new ChannelSwitch(comparison, "0"), StreamTransformationFilter::NO_PADDING))); |
|
88 |
StringSource(plaintext, true, new HexDecoder(new ChannelSwitch(comparison, "1"))); |
|
89 |
||
90 |
comparison.ChannelMessageSeriesEnd("0"); |
|
91 |
comparison.ChannelMessageSeriesEnd("1"); |
|
92 |
}
|
|
93 |
||
94 |
template <class CIPHER> |
|
95 |
void SymmetricEncryptionKnownAnswerTest( |
|
96 |
const char *key, |
|
97 |
const char *hexIV, |
|
98 |
const char *plaintext, |
|
99 |
const char *ecb, |
|
100 |
const char *cbc, |
|
101 |
const char *cfb, |
|
102 |
const char *ofb, |
|
103 |
const char *ctr, |
|
104 |
CIPHER *dummy = NULL) |
|
105 |
{
|
|
106 |
std::string decodedKey; |
|
107 |
StringSource(key, true, new HexDecoder(new StringSink(decodedKey))); |
|
108 |
||
109 |
typename CIPHER::Encryption encryption((const byte *)decodedKey.data(), decodedKey.size()); |
|
110 |
typename CIPHER::Decryption decryption((const byte *)decodedKey.data(), decodedKey.size()); |
|
111 |
||
112 |
SecByteBlock iv(encryption.BlockSize()); |
|
113 |
StringSource(hexIV, true, new HexDecoder(new ArraySink(iv, iv.size()))); |
|
114 |
||
115 |
if (ecb) |
|
116 |
KnownAnswerTest(ECB_Mode_ExternalCipher::Encryption(encryption).Ref(), ECB_Mode_ExternalCipher::Decryption(decryption).Ref(), plaintext, ecb); |
|
117 |
if (cbc) |
|
118 |
KnownAnswerTest(CBC_Mode_ExternalCipher::Encryption(encryption, iv).Ref(), CBC_Mode_ExternalCipher::Decryption(decryption, iv).Ref(), plaintext, cbc); |
|
119 |
if (cfb) |
|
120 |
KnownAnswerTest(CFB_Mode_ExternalCipher::Encryption(encryption, iv).Ref(), CFB_Mode_ExternalCipher::Decryption(encryption, iv).Ref(), plaintext, cfb); |
|
121 |
if (ofb) |
|
122 |
KnownAnswerTest(OFB_Mode_ExternalCipher::Encryption(encryption, iv).Ref(), OFB_Mode_ExternalCipher::Decryption(encryption, iv).Ref(), plaintext, ofb); |
|
123 |
if (ctr) |
|
124 |
KnownAnswerTest(CTR_Mode_ExternalCipher::Encryption(encryption, iv).Ref(), CTR_Mode_ExternalCipher::Decryption(encryption, iv).Ref(), plaintext, ctr); |
|
125 |
}
|
|
126 |
||
127 |
void KnownAnswerTest(HashTransformation &hash, const char *message, const char *digest) |
|
128 |
{
|
|
129 |
EqualityComparisonFilter comparison; |
|
|
75
by weidai
create DLL version, fix GetNextIV() bug in CTR and OFB modes |
130 |
StringSource(digest, true, new HexDecoder(new ChannelSwitch(comparison, "1"))); |
|
1
by weidai
Initial revision |
131 |
StringSource(message, true, new HashFilter(hash, new ChannelSwitch(comparison, "0"))); |
132 |
||
133 |
comparison.ChannelMessageSeriesEnd("0"); |
|
134 |
comparison.ChannelMessageSeriesEnd("1"); |
|
135 |
}
|
|
136 |
||
137 |
template <class HASH> |
|
|
75
by weidai
create DLL version, fix GetNextIV() bug in CTR and OFB modes |
138 |
void SecureHashKnownAnswerTest(const char *message, const char *digest, HASH *dummy = NULL) |
|
1
by weidai
Initial revision |
139 |
{
|
140 |
HASH hash; |
|
141 |
KnownAnswerTest(hash, message, digest); |
|
142 |
}
|
|
143 |
||
144 |
template <class MAC> |
|
|
75
by weidai
create DLL version, fix GetNextIV() bug in CTR and OFB modes |
145 |
void MAC_KnownAnswerTest(const char *key, const char *message, const char *digest, MAC *dummy = NULL) |
|
1
by weidai
Initial revision |
146 |
{
|
147 |
std::string decodedKey; |
|
148 |
StringSource(key, true, new HexDecoder(new StringSink(decodedKey))); |
|
149 |
||
150 |
MAC mac((const byte *)decodedKey.data(), decodedKey.size()); |
|
151 |
KnownAnswerTest(mac, message, digest); |
|
152 |
}
|
|
153 |
||
154 |
template <class SCHEME> |
|
155 |
void SignatureKnownAnswerTest(const char *key, const char *message, const char *signature, SCHEME *dummy = NULL) |
|
156 |
{
|
|
|
43
by weidai
fix bug in Grouper |
157 |
#ifdef OS_RNG_AVAILABLE
|
|
318
by weidai
change default FIPS RNG to use AES instead of DES_EDE |
158 |
DefaultAutoSeededRNG rng; |
|
43
by weidai
fix bug in Grouper |
159 |
#else
|
160 |
RandomNumberGenerator &rng = NullRNG(); |
|
161 |
#endif
|
|
162 |
||
|
1
by weidai
Initial revision |
163 |
typename SCHEME::Signer signer(StringSource(key, true, new HexDecoder).Ref()); |
164 |
typename SCHEME::Verifier verifier(signer); |
|
165 |
||
166 |
EqualityComparisonFilter comparison; |
|
167 |
||
|
43
by weidai
fix bug in Grouper |
168 |
StringSource(message, true, new SignerFilter(rng, signer, new ChannelSwitch(comparison, "0"))); |
|
1
by weidai
Initial revision |
169 |
StringSource(signature, true, new HexDecoder(new ChannelSwitch(comparison, "1"))); |
170 |
||
171 |
comparison.ChannelMessageSeriesEnd("0"); |
|
172 |
comparison.ChannelMessageSeriesEnd("1"); |
|
173 |
||
174 |
VerifierFilter verifierFilter(verifier, NULL, VerifierFilter::SIGNATURE_AT_BEGIN | VerifierFilter::THROW_EXCEPTION); |
|
|
43
by weidai
fix bug in Grouper |
175 |
StringSource(signature, true, new HexDecoder(new Redirector(verifierFilter, Redirector::DATA_ONLY))); |
|
1
by weidai
Initial revision |
176 |
StringSource(message, true, new Redirector(verifierFilter)); |
177 |
}
|
|
178 |
||
179 |
void EncryptionPairwiseConsistencyTest(const PK_Encryptor &encryptor, const PK_Decryptor &decryptor) |
|
180 |
{
|
|
181 |
try
|
|
182 |
{
|
|
183 |
#ifdef OS_RNG_AVAILABLE
|
|
|
318
by weidai
change default FIPS RNG to use AES instead of DES_EDE |
184 |
DefaultAutoSeededRNG rng; |
|
1
by weidai
Initial revision |
185 |
#else
|
186 |
RandomNumberGenerator &rng = NullRNG(); |
|
187 |
#endif
|
|
188 |
const char *testMessage ="test message"; |
|
|
133
by weidai
fix bug in EncryptionPairwiseConsistencyTest |
189 |
std::string ciphertext, decrypted; |
|
1
by weidai
Initial revision |
190 |
|
191 |
StringSource( |
|
192 |
testMessage, |
|
193 |
true, |
|
194 |
new PK_EncryptorFilter( |
|
195 |
rng, |
|
196 |
encryptor, |
|
|
133
by weidai
fix bug in EncryptionPairwiseConsistencyTest |
197 |
new StringSink(ciphertext))); |
198 |
||
199 |
if (ciphertext == testMessage) |
|
200 |
throw 0; |
|
201 |
||
202 |
StringSource( |
|
203 |
ciphertext, |
|
204 |
true, |
|
205 |
new PK_DecryptorFilter( |
|
206 |
rng, |
|
207 |
decryptor, |
|
208 |
new StringSink(decrypted))); |
|
209 |
||
210 |
if (decrypted != testMessage) |
|
211 |
throw 0; |
|
|
1
by weidai
Initial revision |
212 |
}
|
213 |
catch (...) |
|
214 |
{
|
|
215 |
throw SelfTestFailure(encryptor.AlgorithmName() + ": pairwise consistency test failed"); |
|
216 |
}
|
|
217 |
}
|
|
218 |
||
219 |
void SignaturePairwiseConsistencyTest(const PK_Signer &signer, const PK_Verifier &verifier) |
|
220 |
{
|
|
221 |
try
|
|
222 |
{
|
|
223 |
#ifdef OS_RNG_AVAILABLE
|
|
|
318
by weidai
change default FIPS RNG to use AES instead of DES_EDE |
224 |
DefaultAutoSeededRNG rng; |
|
1
by weidai
Initial revision |
225 |
#else
|
226 |
RandomNumberGenerator &rng = NullRNG(); |
|
227 |
#endif
|
|
228 |
||
229 |
StringSource( |
|
230 |
"test message", |
|
231 |
true, |
|
232 |
new SignerFilter( |
|
233 |
rng, |
|
234 |
signer, |
|
235 |
new VerifierFilter(verifier, NULL, VerifierFilter::THROW_EXCEPTION), |
|
236 |
true)); |
|
237 |
}
|
|
238 |
catch (...) |
|
239 |
{
|
|
240 |
throw SelfTestFailure(signer.AlgorithmName() + ": pairwise consistency test failed"); |
|
241 |
}
|
|
242 |
}
|
|
243 |
||
244 |
template <class SCHEME> |
|
245 |
void SignaturePairwiseConsistencyTest(const char *key, SCHEME *dummy = NULL) |
|
246 |
{
|
|
247 |
typename SCHEME::Signer signer(StringSource(key, true, new HexDecoder).Ref()); |
|
248 |
typename SCHEME::Verifier verifier(signer); |
|
249 |
||
250 |
SignaturePairwiseConsistencyTest(signer, verifier); |
|
251 |
}
|
|
252 |
||
|
75
by weidai
create DLL version, fix GetNextIV() bug in CTR and OFB modes |
253 |
MessageAuthenticationCode * NewIntegrityCheckingMAC() |
254 |
{
|
|
255 |
byte key[] = {0x47, 0x1E, 0x33, 0x96, 0x65, 0xB1, 0x6A, 0xED, 0x0B, 0xF8, 0x6B, 0xFD, 0x01, 0x65, 0x05, 0xCC}; |
|
256 |
return new HMAC<SHA1>(key, sizeof(key)); |
|
257 |
}
|
|
258 |
||
259 |
bool IntegrityCheckModule(const char *moduleFilename, const byte *expectedModuleMac, SecByteBlock *pActualMac, unsigned long *pMacFileLocation) |
|
260 |
{
|
|
261 |
std::auto_ptr<MessageAuthenticationCode> mac(NewIntegrityCheckingMAC()); |
|
262 |
unsigned int macSize = mac->DigestSize(); |
|
263 |
||
264 |
SecByteBlock tempMac; |
|
265 |
SecByteBlock &actualMac = pActualMac ? *pActualMac : tempMac; |
|
266 |
actualMac.resize(macSize); |
|
267 |
||
268 |
unsigned long tempLocation; |
|
269 |
unsigned long &macFileLocation = pMacFileLocation ? *pMacFileLocation : tempLocation; |
|
270 |
macFileLocation = 0; |
|
271 |
||
|
218
by weidai
change DLL integrity self-test to allow DLL to be Authenticode signed |
272 |
MeterFilter verifier(new HashFilter(*mac, new ArraySink(actualMac, actualMac.size()))); |
273 |
// MeterFilter verifier(new FileSink("c:\\dt.tmp"));
|
|
|
222
by weidai
fix self-test when installed into unicode paths |
274 |
std::ifstream moduleStream; |
275 |
||
276 |
#ifdef CRYPTOPP_WIN32_AVAILABLE
|
|
277 |
HMODULE h; |
|
278 |
{
|
|
279 |
char moduleFilenameBuf[MAX_PATH] = ""; |
|
280 |
if (moduleFilename == NULL) |
|
281 |
{
|
|
|
374
by weidai
fix compile with fix compile for for STLport 5.1.3 and MSVC 2005 |
282 |
#if (_MSC_VER >= 1400 && !defined(_STLPORT_VERSION)) // ifstream doesn't support wide filename on other compilers |
|
222
by weidai
fix self-test when installed into unicode paths |
283 |
wchar_t wideModuleFilename[MAX_PATH]; |
284 |
if (GetModuleFileNameW(s_hModule, wideModuleFilename, MAX_PATH) > 0) |
|
285 |
{
|
|
286 |
moduleStream.open(wideModuleFilename, std::ios::in | std::ios::binary); |
|
287 |
h = GetModuleHandleW(wideModuleFilename); |
|
288 |
}
|
|
289 |
else
|
|
|
230
by weidai
cygwin workaround |
290 |
#endif
|
|
222
by weidai
fix self-test when installed into unicode paths |
291 |
{
|
292 |
GetModuleFileNameA(s_hModule, moduleFilenameBuf, MAX_PATH); |
|
293 |
moduleFilename = moduleFilenameBuf; |
|
294 |
}
|
|
295 |
}
|
|
296 |
#endif
|
|
297 |
if (moduleFilename != NULL) |
|
298 |
{
|
|
299 |
moduleStream.open(moduleFilename, std::ios::in | std::ios::binary); |
|
300 |
#ifdef CRYPTOPP_WIN32_AVAILABLE
|
|
301 |
h = GetModuleHandleA(moduleFilename); |
|
302 |
moduleFilename = NULL; |
|
303 |
}
|
|
304 |
#endif
|
|
305 |
}
|
|
306 |
||
307 |
if (!moduleStream) |
|
308 |
{
|
|
309 |
#ifdef CRYPTOPP_WIN32_AVAILABLE
|
|
310 |
OutputDebugString("Crypto++ DLL integrity check failed. Cannot open file for reading."); |
|
311 |
#endif
|
|
312 |
return false; |
|
313 |
}
|
|
314 |
FileStore file(moduleStream); |
|
|
75
by weidai
create DLL version, fix GetNextIV() bug in CTR and OFB modes |
315 |
|
316 |
#ifdef CRYPTOPP_WIN32_AVAILABLE
|
|
317 |
// try to hash from memory first
|
|
|
89
by weidai
fix in-memory integrity check on Win 9x |
318 |
const byte *memBase = (const byte *)h; |
|
218
by weidai
change DLL integrity self-test to allow DLL to be Authenticode signed |
319 |
const IMAGE_DOS_HEADER *ph = (IMAGE_DOS_HEADER *)memBase; |
320 |
const IMAGE_NT_HEADERS *phnt = (IMAGE_NT_HEADERS *)(memBase + ph->e_lfanew); |
|
321 |
const IMAGE_SECTION_HEADER *phs = IMAGE_FIRST_SECTION(phnt); |
|
|
75
by weidai
create DLL version, fix GetNextIV() bug in CTR and OFB modes |
322 |
DWORD nSections = phnt->FileHeader.NumberOfSections; |
|
184
by weidai
port to MSVC .NET 2005 beta 2 |
323 |
size_t currentFilePos = 0; |
|
75
by weidai
create DLL version, fix GetNextIV() bug in CTR and OFB modes |
324 |
|
|
218
by weidai
change DLL integrity self-test to allow DLL to be Authenticode signed |
325 |
size_t checksumPos = (byte *)&phnt->OptionalHeader.CheckSum - memBase; |
326 |
size_t checksumSize = sizeof(phnt->OptionalHeader.CheckSum); |
|
327 |
size_t certificateTableDirectoryPos = (byte *)&phnt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY] - memBase; |
|
328 |
size_t certificateTableDirectorySize = sizeof(phnt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY]); |
|
329 |
size_t certificateTablePos = phnt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY].VirtualAddress; |
|
330 |
size_t certificateTableSize = phnt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY].Size; |
|
331 |
||
332 |
verifier.AddRangeToSkip(0, checksumPos, checksumSize); |
|
333 |
verifier.AddRangeToSkip(0, certificateTableDirectoryPos, certificateTableDirectorySize); |
|
334 |
verifier.AddRangeToSkip(0, certificateTablePos, certificateTableSize); |
|
335 |
||
|
75
by weidai
create DLL version, fix GetNextIV() bug in CTR and OFB modes |
336 |
while (nSections--) |
337 |
{
|
|
338 |
switch (phs->Characteristics) |
|
339 |
{
|
|
340 |
default: |
|
341 |
break; |
|
342 |
case IMAGE_SCN_CNT_CODE | IMAGE_SCN_MEM_EXECUTE | IMAGE_SCN_MEM_READ: |
|
343 |
case IMAGE_SCN_CNT_INITIALIZED_DATA | IMAGE_SCN_MEM_READ: |
|
|
89
by weidai
fix in-memory integrity check on Win 9x |
344 |
unsigned int sectionSize = STDMIN(phs->SizeOfRawData, phs->Misc.VirtualSize); |
345 |
const byte *sectionMemStart = memBase + phs->VirtualAddress; |
|
346 |
unsigned int sectionFileStart = phs->PointerToRawData; |
|
|
184
by weidai
port to MSVC .NET 2005 beta 2 |
347 |
size_t subSectionStart = 0, nextSubSectionStart; |
|
89
by weidai
fix in-memory integrity check on Win 9x |
348 |
|
349 |
do
|
|
350 |
{
|
|
351 |
const byte *subSectionMemStart = sectionMemStart + subSectionStart; |
|
|
184
by weidai
port to MSVC .NET 2005 beta 2 |
352 |
size_t subSectionFileStart = sectionFileStart + subSectionStart; |
353 |
size_t subSectionSize = sectionSize - subSectionStart; |
|
|
89
by weidai
fix in-memory integrity check on Win 9x |
354 |
nextSubSectionStart = 0; |
355 |
||
356 |
unsigned int entriesToReadFromDisk[] = {IMAGE_DIRECTORY_ENTRY_IMPORT, IMAGE_DIRECTORY_ENTRY_IAT}; |
|
357 |
for (unsigned int i=0; i<sizeof(entriesToReadFromDisk)/sizeof(entriesToReadFromDisk[0]); i++) |
|
358 |
{
|
|
359 |
const IMAGE_DATA_DIRECTORY &entry = phnt->OptionalHeader.DataDirectory[entriesToReadFromDisk[i]]; |
|
360 |
const byte *entryMemStart = memBase + entry.VirtualAddress; |
|
361 |
if (subSectionMemStart <= entryMemStart && entryMemStart < subSectionMemStart + subSectionSize) |
|
362 |
{
|
|
363 |
subSectionSize = entryMemStart - subSectionMemStart; |
|
364 |
nextSubSectionStart = entryMemStart - sectionMemStart + entry.Size; |
|
365 |
}
|
|
366 |
}
|
|
367 |
||
|
232
by weidai
port to GCC 4, reorganize implementations of SetKey |
368 |
#if defined(_MSC_VER) && _MSC_VER >= 1400
|
|
218
by weidai
change DLL integrity self-test to allow DLL to be Authenticode signed |
369 |
// first byte of _CRT_DEBUGGER_HOOK gets modified in memory by the debugger invisibly, so read it from file
|
370 |
if (IsDebuggerPresent()) |
|
371 |
{
|
|
372 |
if (subSectionMemStart <= (byte *)&_CRT_DEBUGGER_HOOK && (byte *)&_CRT_DEBUGGER_HOOK < subSectionMemStart + subSectionSize) |
|
373 |
{
|
|
374 |
subSectionSize = (byte *)&_CRT_DEBUGGER_HOOK - subSectionMemStart; |
|
375 |
nextSubSectionStart = (byte *)&_CRT_DEBUGGER_HOOK - sectionMemStart + 1; |
|
376 |
}
|
|
377 |
}
|
|
378 |
#endif
|
|
379 |
||
|
89
by weidai
fix in-memory integrity check on Win 9x |
380 |
if (subSectionMemStart <= expectedModuleMac && expectedModuleMac < subSectionMemStart + subSectionSize) |
381 |
{
|
|
|
218
by weidai
change DLL integrity self-test to allow DLL to be Authenticode signed |
382 |
// found stored MAC
|
|
184
by weidai
port to MSVC .NET 2005 beta 2 |
383 |
macFileLocation = (unsigned long)(subSectionFileStart + (expectedModuleMac - subSectionMemStart)); |
|
218
by weidai
change DLL integrity self-test to allow DLL to be Authenticode signed |
384 |
verifier.AddRangeToSkip(0, macFileLocation, macSize); |
|
89
by weidai
fix in-memory integrity check on Win 9x |
385 |
}
|
|
218
by weidai
change DLL integrity self-test to allow DLL to be Authenticode signed |
386 |
|
387 |
file.TransferTo(verifier, subSectionFileStart - currentFilePos); |
|
388 |
verifier.Put(subSectionMemStart, subSectionSize); |
|
|
89
by weidai
fix in-memory integrity check on Win 9x |
389 |
file.Skip(subSectionSize); |
390 |
currentFilePos = subSectionFileStart + subSectionSize; |
|
391 |
subSectionStart = nextSubSectionStart; |
|
392 |
} while (nextSubSectionStart != 0); |
|
|
75
by weidai
create DLL version, fix GetNextIV() bug in CTR and OFB modes |
393 |
}
|
394 |
phs++; |
|
395 |
}
|
|
396 |
#endif
|
|
397 |
file.TransferAllTo(verifier); |
|
398 |
||
399 |
#ifdef CRYPTOPP_WIN32_AVAILABLE
|
|
400 |
// if that fails (could be caused by debug breakpoints or DLL base relocation modifying image in memory),
|
|
401 |
// hash from disk instead
|
|
|
412
by weidai
changes for 5.6: |
402 |
if (!VerifyBufsEqual(expectedModuleMac, actualMac, macSize)) |
|
75
by weidai
create DLL version, fix GetNextIV() bug in CTR and OFB modes |
403 |
{
|
404 |
OutputDebugString("In memory integrity check failed. This may be caused by debug breakpoints or DLL relocation.\n"); |
|
|
222
by weidai
fix self-test when installed into unicode paths |
405 |
moduleStream.clear(); |
406 |
moduleStream.seekg(0); |
|
|
218
by weidai
change DLL integrity self-test to allow DLL to be Authenticode signed |
407 |
verifier.Initialize(MakeParameters(Name::OutputBuffer(), ByteArrayParameter(actualMac, (unsigned int)actualMac.size()))); |
408 |
// verifier.Initialize(MakeParameters(Name::OutputFileName(), (const char *)"c:\\dt2.tmp"));
|
|
409 |
verifier.AddRangeToSkip(0, checksumPos, checksumSize); |
|
410 |
verifier.AddRangeToSkip(0, certificateTableDirectoryPos, certificateTableDirectorySize); |
|
411 |
verifier.AddRangeToSkip(0, certificateTablePos, certificateTableSize); |
|
412 |
verifier.AddRangeToSkip(0, macFileLocation, macSize); |
|
|
222
by weidai
fix self-test when installed into unicode paths |
413 |
FileStore(moduleStream).TransferAllTo(verifier); |
|
75
by weidai
create DLL version, fix GetNextIV() bug in CTR and OFB modes |
414 |
}
|
415 |
#endif
|
|
416 |
||
|
412
by weidai
changes for 5.6: |
417 |
if (VerifyBufsEqual(expectedModuleMac, actualMac, macSize)) |
|
75
by weidai
create DLL version, fix GetNextIV() bug in CTR and OFB modes |
418 |
return true; |
419 |
||
420 |
#ifdef CRYPTOPP_WIN32_AVAILABLE
|
|
421 |
std::string hexMac; |
|
422 |
HexEncoder(new StringSink(hexMac)).PutMessageEnd(actualMac, actualMac.size()); |
|
|
222
by weidai
fix self-test when installed into unicode paths |
423 |
OutputDebugString((("Crypto++ DLL integrity check failed. Actual MAC is: " + hexMac) + "\n").c_str()); |
|
75
by weidai
create DLL version, fix GetNextIV() bug in CTR and OFB modes |
424 |
#endif
|
425 |
return false; |
|
426 |
}
|
|
427 |
||
428 |
void DoPowerUpSelfTest(const char *moduleFilename, const byte *expectedModuleMac) |
|
|
1
by weidai
Initial revision |
429 |
{
|
430 |
g_powerUpSelfTestStatus = POWER_UP_SELF_TEST_NOT_DONE; |
|
431 |
SetPowerUpSelfTestInProgressOnThisThread(true); |
|
432 |
||
433 |
try
|
|
434 |
{
|
|
|
222
by weidai
fix self-test when installed into unicode paths |
435 |
if (FIPS_140_2_ComplianceEnabled() || expectedModuleMac != NULL) |
|
1
by weidai
Initial revision |
436 |
{
|
|
75
by weidai
create DLL version, fix GetNextIV() bug in CTR and OFB modes |
437 |
if (!IntegrityCheckModule(moduleFilename, expectedModuleMac, &g_actualMac, &g_macFileLocation)) |
|
1
by weidai
Initial revision |
438 |
throw 0; // throw here so we break in the debugger, this will be caught right away |
439 |
}
|
|
440 |
||
441 |
// algorithm tests
|
|
442 |
||
|
318
by weidai
change default FIPS RNG to use AES instead of DES_EDE |
443 |
X917RNG_KnownAnswerTest<AES>( |
444 |
"2b7e151628aed2a6abf7158809cf4f3c", // key |
|
445 |
"000102030405060708090a0b0c0d0e0f", // seed |
|
446 |
"00000000000000000000000000000001", // time vector |
|
447 |
"D176EDD27493B0395F4D10546232B0693DC7061C03C3A554F09CECF6F6B46D945A"); // output |
|
|
7
by weidai
bug fixes and KAT for X9.17 RNG |
448 |
|
|
1
by weidai
Initial revision |
449 |
SymmetricEncryptionKnownAnswerTest<DES_EDE3>( |
450 |
"385D7189A5C3D485E1370AA5D408082B5CCCCB5E19F2D90E", |
|
451 |
"C141B5FCCD28DC8A", |
|
452 |
"6E1BD7C6120947A464A6AAB293A0F89A563D8D40D3461B68", |
|
453 |
"64EAAD4ACBB9CEAD6C7615E7C7E4792FE587D91F20C7D2F4", |
|
454 |
"6235A461AFD312973E3B4F7AA7D23E34E03371F8E8C376C9", |
|
455 |
"E26BA806A59B0330DE40CA38E77A3E494BE2B212F6DD624B", |
|
456 |
"E26BA806A59B03307DE2BCC25A08BA40A8BA335F5D604C62", |
|
457 |
"E26BA806A59B03303C62C2EFF32D3ACDD5D5F35EBCC53371"); |
|
458 |
||
459 |
SymmetricEncryptionKnownAnswerTest<SKIPJACK>( |
|
460 |
"1555E5531C3A169B2D65", |
|
461 |
"6EC9795701F49864", |
|
462 |
"00AFA48E9621E52E8CBDA312660184EDDB1F33D9DACDA8DA", |
|
463 |
"DBEC73562EFCAEB56204EB8AE9557EBF77473FBB52D17CD1", |
|
464 |
"0C7B0B74E21F99B8F2C8DF37879F6C044967F42A796DCA8B", |
|
465 |
"79FDDA9724E36CC2E023E9A5C717A8A8A7FDA465CADCBF63", |
|
466 |
"79FDDA9724E36CC26CACBD83C1ABC06EAF5B249BE5B1E040", |
|
467 |
"79FDDA9724E36CC211B0AEC607B95A96BCDA318440B82F49"); |
|
468 |
||
469 |
SymmetricEncryptionKnownAnswerTest<AES>( |
|
470 |
"2b7e151628aed2a6abf7158809cf4f3c", |
|
471 |
"000102030405060708090a0b0c0d0e0f", |
|
472 |
"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710", // plaintext |
|
473 |
"3ad77bb40d7a3660a89ecaf32466ef97f5d3d58503b9699de785895a96fdbaaf43b1cd7f598ece23881b00e3ed0306887b0c785e27e8ad3f8223207104725dd4", // ecb |
|
474 |
"7649abac8119b246cee98e9b12e9197d5086cb9b507219ee95db113a917678b273bed6b8e3c1743b7116e69e222295163ff1caa1681fac09120eca307586e1a7", // cbc |
|
475 |
"3b3fd92eb72dad20333449f8e83cfb4ac8a64537a0b3a93fcde3cdad9f1ce58b26751f67a3cbb140b1808cf187a4f4dfc04b05357c5d1c0eeac4c66f9ff7f2e6", // cfb |
|
476 |
"3b3fd92eb72dad20333449f8e83cfb4a7789508d16918f03f53c52dac54ed8259740051e9c5fecf64344f7a82260edcc304c6528f659c77866a510d9c1d6ae5e", // ofb |
|
477 |
NULL); |
|
478 |
||
479 |
SymmetricEncryptionKnownAnswerTest<AES>( |
|
480 |
"2b7e151628aed2a6abf7158809cf4f3c", |
|
481 |
"f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", |
|
482 |
"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710", |
|
483 |
NULL, |
|
484 |
NULL, |
|
485 |
NULL, |
|
486 |
NULL, |
|
487 |
"874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff5ae4df3edbd5d35e5b4f09020db03eab1e031dda2fbe03d1792170a0f3009cee"); // ctr |
|
488 |
||
489 |
||
|
181
by weidai
changes done for FIPS-140 lab code drop |
490 |
SecureHashKnownAnswerTest<SHA1>( |
|
1
by weidai
Initial revision |
491 |
"abc", |
492 |
"A9993E364706816ABA3E25717850C26C9CD0D89D"); |
|
|
181
by weidai
changes done for FIPS-140 lab code drop |
493 |
|
494 |
SecureHashKnownAnswerTest<SHA224>( |
|
495 |
"abc", |
|
496 |
"23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7"); |
|
497 |
||
|
75
by weidai
create DLL version, fix GetNextIV() bug in CTR and OFB modes |
498 |
SecureHashKnownAnswerTest<SHA256>( |
499 |
"abc", |
|
500 |
"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"); |
|
501 |
||
502 |
SecureHashKnownAnswerTest<SHA384>( |
|
503 |
"abc", |
|
504 |
"cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7"); |
|
505 |
||
506 |
SecureHashKnownAnswerTest<SHA512>( |
|
507 |
"abc", |
|
508 |
"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f"); |
|
|
181
by weidai
changes done for FIPS-140 lab code drop |
509 |
|
510 |
MAC_KnownAnswerTest<HMAC<SHA1> >( |
|
|
1
by weidai
Initial revision |
511 |
"303132333435363738393a3b3c3d3e3f40414243", |
512 |
"Sample #2", |
|
513 |
"0922d3405faa3d194f82a45830737d5cc6c75d24"); |
|
|
181
by weidai
changes done for FIPS-140 lab code drop |
514 |
|
515 |
const char *keyRSA1 = |
|
|
1
by weidai
Initial revision |
516 |
"30820150020100300d06092a864886f70d01010105000482013a3082013602010002400a66791dc6988168de7ab77419bb7fb0"
|
517 |
"c001c62710270075142942e19a8d8c51d053b3e3782a1de5dc5af4ebe99468170114a1dfe67cdc9a9af55d655620bbab0203010001"
|
|
518 |
"02400123c5b61ba36edb1d3679904199a89ea80c09b9122e1400c09adcf7784676d01d23356a7d44d6bd8bd50e94bfc723fa"
|
|
519 |
"87d8862b75177691c11d757692df8881022033d48445c859e52340de704bcdda065fbb4058d740bd1d67d29e9c146c11cf61"
|
|
520 |
"0220335e8408866b0fd38dc7002d3f972c67389a65d5d8306566d5c4f2a5aa52628b0220045ec90071525325d3d46db79695e9af"
|
|
521 |
"acc4523964360e02b119baa366316241022015eb327360c7b60d12e5e2d16bdcd97981d17fba6b70db13b20b436e24eada590220"
|
|
|
181
by weidai
changes done for FIPS-140 lab code drop |
522 |
"2ca6366d72781dfa24d34a9a24cbc2ae927a9958af426563ff63fb11658a461d"; |
523 |
||
524 |
const char *keyRSA2 = |
|
525 |
"30820273020100300D06092A864886F70D01010105000482025D3082025902010002818100D40AF9"
|
|
526 |
"A2B713034249E5780056D70FC7DE75D76E44565AA6A6B8ED9646F3C19F9E254D72D7DE6E49DB2264"
|
|
527 |
"0C1D05AB9E2A5F901D8F3FE1F7AE02CEE2ECCE54A40ABAE55A004692752E70725AEEE7CDEA67628A"
|
|
528 |
"82A9239B4AB660C2BC56D9F01E90CBAAB9BF0FC8E17173CEFC5709A29391A7DDF3E0B758691AAF30"
|
|
529 |
"725B292F4F020111027F18C0BA087D082C45D75D3594E0767E4820818EB35612B80CEAB8C880ACA5"
|
|
530 |
"44B6876DFFEF85A576C0D45B551AFAA1FD63209CD745DF75C5A0F0B580296EA466CD0338207E4752"
|
|
531 |
"FF4E7DB724D8AE18CE5CF4153BB94C27869FBB50E64F02546E4B02997A0B8623E64017CC770759C6"
|
|
532 |
"695DB649EEFD829D688D441BCC4E7348F1024100EF86DD7AF3F32CDE8A9F6564E43A559A0C9F8BAD"
|
|
533 |
"36CC25330548B347AC158A345631FA90F7B873C36EFFAE2F7823227A3F580B5DD18304D5932751E7"
|
|
534 |
"43E9234F024100E2A039854B55688740E32A51DF4AF88613D91A371CF8DDD95D780A89D7CF2119A9"
|
|
535 |
"54F1AC0F3DCDB2F6959926E6D9D37D8BC07A4C634DE6F16315BD5F0DAC340102407ECEEDB9903572"
|
|
536 |
"1B76909F174BA6698DCA72953D957B22C0A871C8531EDE3A1BB52984A719BC010D1CA57A555DB83F"
|
|
537 |
"6DE54CBAB932AEC652F38D497A6F3F30CF024100854F30E4FF232E6DADB2CD99926855F484255AB7"
|
|
538 |
"01FBCDCB27EC426F33A7046972AA700ADBCA008763DF87440F52F4E070531AC385B55AAC1C2AE7DD"
|
|
539 |
"8F9278F1024100C313F4AF9E4A9DE1253C21080CE524251560C111550772FD08690F13FBE658342E"
|
|
540 |
"BD2D41C9DCB12374E871B1839E26CAE252E1AE3DAAD5F1EE1F42B4D0EE7581"; |
|
541 |
||
542 |
SignatureKnownAnswerTest<RSASS<PKCS1v15, SHA1> >( |
|
543 |
keyRSA1, |
|
|
1
by weidai
Initial revision |
544 |
"Everyone gets Friday off.", |
545 |
"0610761F95FFD1B8F29DA34212947EC2AA0E358866A722F03CC3C41487ADC604A48FF54F5C6BEDB9FB7BD59F82D6E55D8F3174BA361B2214B2D74E8825E04E81"); |
|
546 |
||
|
181
by weidai
changes done for FIPS-140 lab code drop |
547 |
SignatureKnownAnswerTest<RSASS_ISO<SHA1> >( |
548 |
keyRSA2, |
|
549 |
"test", |
|
550 |
"32F6BA41C8930DE71EE67F2627172CC539EDE04267FDE03AC295E3C50311F26C3B275D3AF513AC96"
|
|
551 |
"8EE493BAB7DA3A754661D1A7C4A0D1A2B7EE8B313AACD8CB8BFBC5C15EFB0EF15C86A9334A1E87AD"
|
|
552 |
"291EB961B5CA0E84930429B28780816AA94F96FC2367B71E2D2E4866FA966795B147F00600E5207E"
|
|
553 |
"2F189C883B37477C"); |
|
554 |
||
|
1
by weidai
Initial revision |
555 |
SignaturePairwiseConsistencyTest<DSA>( |
556 |
"3082014A0201003082012B06072A8648CE3804013082011E02818100F468699A6F6EBCC0120D3B34C8E007F125EC7D81F763B8D0F33869AE3BD6B9F2ECCC7DF34DF84C0307449E9B85D30D57194BCCEB310F48141914DD13A077AAF9B624A6CBE666BBA1D7EBEA95B5BA6F54417FD5D4E4220C601E071D316A24EA814E8B0122DBF47EE8AEEFD319EBB01DD95683F10DBB4FEB023F8262A07EAEB7FD02150082AD4E034DA6EEACDFDAE68C36F2BAD614F9E53B02818071AAF73361A26081529F7D84078ADAFCA48E031DB54AD57FB1A833ADBD8672328AABAA0C756247998D7A5B10DACA359D231332CE8120B483A784FE07D46EEBFF0D7D374A10691F78653E6DC29E27CCB1B174923960DFE5B959B919B2C3816C19251832AFD8E35D810E598F82877ABF7D40A041565168BD7F0E21E3FE2A8D8C1C0416021426EBA66E846E755169F84A1DA981D86502405DDF"); |
|
557 |
||
|
181
by weidai
changes done for FIPS-140 lab code drop |
558 |
SignaturePairwiseConsistencyTest<ECDSA<EC2N, SHA1> >( |
|
1
by weidai
Initial revision |
559 |
"302D020100301006072A8648CE3D020106052B8104000404163014020101040F0070337065E1E196980A9D00E37211"); |
560 |
||
|
181
by weidai
changes done for FIPS-140 lab code drop |
561 |
SignaturePairwiseConsistencyTest<ECDSA<ECP, SHA1> >( |
|
1
by weidai
Initial revision |
562 |
"3039020100301306072A8648CE3D020106082A8648CE3D030101041F301D02010104182BB8A13C8B867010BD9471D9E81FDB01ABD0538C64D6249A"); |
|
181
by weidai
changes done for FIPS-140 lab code drop |
563 |
|
564 |
SignaturePairwiseConsistencyTest<RSASS<PSS, SHA1> >(keyRSA1); |
|
|
1
by weidai
Initial revision |
565 |
}
|
566 |
catch (...) |
|
567 |
{
|
|
568 |
g_powerUpSelfTestStatus = POWER_UP_SELF_TEST_FAILED; |
|
569 |
goto done; |
|
570 |
}
|
|
571 |
||
572 |
g_powerUpSelfTestStatus = POWER_UP_SELF_TEST_PASSED; |
|
573 |
||
574 |
done: |
|
575 |
SetPowerUpSelfTestInProgressOnThisThread(false); |
|
576 |
return; |
|
577 |
}
|
|
578 |
||
|
125
by weidai
reduce source file dependencies |
579 |
#ifdef CRYPTOPP_WIN32_AVAILABLE
|
580 |
||
581 |
void DoDllPowerUpSelfTest() |
|
582 |
{
|
|
|
222
by weidai
fix self-test when installed into unicode paths |
583 |
CryptoPP::DoPowerUpSelfTest(NULL, s_moduleMac); |
|
125
by weidai
reduce source file dependencies |
584 |
}
|
585 |
||
586 |
#else
|
|
587 |
||
588 |
void DoDllPowerUpSelfTest() |
|
589 |
{
|
|
590 |
throw NotImplemented("DoDllPowerUpSelfTest() only available on Windows"); |
|
591 |
}
|
|
592 |
||
593 |
#endif // #ifdef CRYPTOPP_WIN32_AVAILABLE |
|
594 |
||
|
1
by weidai
Initial revision |
595 |
NAMESPACE_END
|
|
75
by weidai
create DLL version, fix GetNextIV() bug in CTR and OFB modes |
596 |
|
|
125
by weidai
reduce source file dependencies |
597 |
#ifdef CRYPTOPP_WIN32_AVAILABLE
|
598 |
||
599 |
// DllMain needs to be in the global namespace
|
|
600 |
BOOL APIENTRY DllMain(HANDLE hModule, |
|
601 |
DWORD ul_reason_for_call, |
|
602 |
LPVOID lpReserved) |
|
603 |
{
|
|
604 |
if (ul_reason_for_call == DLL_PROCESS_ATTACH) |
|
605 |
{
|
|
606 |
CryptoPP::s_hModule = (HMODULE)hModule; |
|
607 |
CryptoPP::DoDllPowerUpSelfTest(); |
|
608 |
}
|
|
609 |
return TRUE; |
|
610 |
}
|
|
611 |
||
612 |
#endif // #ifdef CRYPTOPP_WIN32_AVAILABLE |
|
613 |
||
614 |
#endif // #ifndef CRYPTOPP_IMPORTS |