Test::Result PK_Key_Agreement_Test::run_one_test(const std::string& header, const VarMap& vars) { const std::vector<uint8_t> shared = get_req_bin(vars, "K"); const std::string kdf = get_opt_str(vars, "KDF", default_kdf(vars)); Test::Result result(algo_name() + "/" + kdf + (header.empty() ? header : " " + header) + " key agreement"); std::unique_ptr<Botan::Private_Key> privkey = load_our_key(header, vars); const std::vector<uint8_t> pubkey = load_their_key(header, vars); const size_t key_len = get_opt_sz(vars, "OutLen", 0); for(auto const& provider : possible_providers(algo_name())) { std::unique_ptr<Botan::PK_Key_Agreement> kas; try { kas.reset(new Botan::PK_Key_Agreement(*privkey, Test::rng(), kdf, provider)); result.test_eq(provider, "agreement", kas->derive_key(key_len, pubkey).bits_of(), shared); } catch(Botan::Lookup_Error&) { //result.test_note("Skipping key agreement with with " + provider); } } return result; }
Test::Result PK_Signature_NonVerification_Test::run_one_test(const std::string& pad_hdr, const VarMap& vars) { const std::string padding = choose_padding(vars, pad_hdr); const std::vector<uint8_t> message = get_req_bin(vars, "Msg"); std::unique_ptr<Botan::Public_Key> pubkey = load_public_key(vars); const std::vector<uint8_t> invalid_signature = get_req_bin(vars, "InvalidSignature"); Test::Result result(algo_name() + "/" + padding + " verify invalid signature"); for(auto const& verify_provider : possible_providers(algo_name())) { std::unique_ptr<Botan::PK_Verifier> verifier; try { verifier.reset(new Botan::PK_Verifier(*pubkey, padding, Botan::IEEE_1363, verify_provider)); result.test_eq("incorrect signature rejected", verifier->verify_message(message, invalid_signature), false); } catch(Botan::Lookup_Error&) { result.test_note("Skipping verifying with " + verify_provider); } } return result; }
Test::Result PK_Signature_Generation_Test::run_one_test(const std::string& pad_hdr, const VarMap& vars) { const std::vector<uint8_t> message = get_req_bin(vars, "Msg"); const std::vector<uint8_t> signature = get_req_bin(vars, "Signature"); const std::string padding = choose_padding(vars, pad_hdr); Test::Result result(algo_name() + "/" + padding + " signature generation"); std::unique_ptr<Botan::Private_Key> privkey; try { privkey = load_private_key(vars); } catch(Botan::Lookup_Error& e) { result.note_missing(e.what()); return result; } std::unique_ptr<Botan::Public_Key> pubkey(Botan::X509::load_key(Botan::X509::BER_encode(*privkey))); std::vector<std::unique_ptr<Botan::PK_Verifier>> verifiers; for(auto const& verify_provider : possible_providers(algo_name())) { std::unique_ptr<Botan::PK_Verifier> verifier; try { verifier.reset(new Botan::PK_Verifier(*pubkey, padding, Botan::IEEE_1363, verify_provider)); } catch(Botan::Lookup_Error&) { //result.test_note("Skipping verifying with " + verify_provider); continue; } result.test_eq("KAT signature valid", verifier->verify_message(message, signature), true); check_invalid_signatures(result, *verifier, message, signature); verifiers.push_back(std::move(verifier)); } for(auto const& sign_provider : possible_providers(algo_name())) { std::unique_ptr<Botan::RandomNumberGenerator> rng; if(vars.count("Nonce")) { rng.reset(test_rng(get_req_bin(vars, "Nonce"))); } std::unique_ptr<Botan::PK_Signer> signer; std::vector<uint8_t> generated_signature; try { signer.reset(new Botan::PK_Signer(*privkey, Test::rng(), padding, Botan::IEEE_1363, sign_provider)); generated_signature = signer->sign_message(message, rng ? *rng : Test::rng()); } catch(Botan::Lookup_Error&) { //result.test_note("Skipping signing with " + sign_provider); continue; } if(sign_provider == "base") { result.test_eq("generated signature matches KAT", generated_signature, signature); } else if(generated_signature != signature) { for(std::unique_ptr<Botan::PK_Verifier>& verifier : verifiers) { if(!result.test_eq("generated signature valid", verifier->verify_message(message, generated_signature), true)) { result.test_failure("generated signature", generated_signature); } } } } return result; }
std::vector<Test::Result> PK_Key_Generation_Test::run() { std::vector<Test::Result> results; for(auto const& param : keygen_params()) { const std::string report_name = algo_name() + (param.empty() ? param : " " + param); Test::Result result(report_name + " keygen"); const std::vector<std::string> providers = possible_providers(algo_name()); if(providers.empty()) { result.note_missing("provider key generation " + algo_name()); } result.start_timer(); for(auto&& prov : providers) { std::unique_ptr<Botan::Private_Key> key_p = Botan::create_private_key(algo_name(), Test::rng(), param, prov); const Botan::Private_Key& key = *key_p; try { result.confirm("Key passes self tests", key.check_key(Test::rng(), true)); } catch(Botan::Lookup_Error&) {} result.test_gte("Key has reasonable estimated strength (lower)", key.estimated_strength(), 64); result.test_lt("Key has reasonable estimated strength (upper)", key.estimated_strength(), 512); // Test PEM public key round trips OK try { Botan::DataSource_Memory data_src(Botan::X509::PEM_encode(key)); std::unique_ptr<Botan::Public_Key> loaded(Botan::X509::load_key(data_src)); result.confirm("recovered public key from private", loaded.get() != nullptr); result.test_eq("public key has same type", loaded->algo_name(), key.algo_name()); try { result.test_eq("public key passes checks", loaded->check_key(Test::rng(), false), true); } catch(Botan::Lookup_Error&) {} } catch(std::exception& e) { result.test_failure("roundtrip PEM public key", e.what()); } // Test DER public key round trips OK try { Botan::DataSource_Memory data_src(Botan::X509::BER_encode(key)); std::unique_ptr<Botan::Public_Key> loaded(Botan::X509::load_key(data_src)); result.confirm("recovered public key from private", loaded.get() != nullptr); result.test_eq("public key has same type", loaded->algo_name(), key.algo_name()); try { result.confirm("public key passes self tests", loaded->check_key(Test::rng(), true)); } catch(Botan::Lookup_Error&) {} } catch(std::exception& e) { result.test_failure("roundtrip BER public key", e.what()); } // Test PEM private key round trips OK try { Botan::DataSource_Memory data_src(Botan::PKCS8::PEM_encode(key)); std::unique_ptr<Botan::Private_Key> loaded( Botan::PKCS8::load_key(data_src, Test::rng())); result.confirm("recovered private key from PEM blob", loaded.get() != nullptr); result.test_eq("reloaded key has same type", loaded->algo_name(), key.algo_name()); try { result.confirm("private key passes self tests", loaded->check_key(Test::rng(), true)); } catch(Botan::Lookup_Error&) {} } catch(std::exception& e) { result.test_failure("roundtrip PEM private key", e.what()); } try { Botan::DataSource_Memory data_src(Botan::PKCS8::BER_encode(key)); std::unique_ptr<Botan::Public_Key> loaded(Botan::PKCS8::load_key(data_src, Test::rng())); result.confirm("recovered public key from private", loaded.get() != nullptr); result.test_eq("public key has same type", loaded->algo_name(), key.algo_name()); try { result.confirm("private key passes self tests", loaded->check_key(Test::rng(), true)); } catch(Botan::Lookup_Error&) {} } catch(std::exception& e) { result.test_failure("roundtrip BER private key", e.what()); } #if defined(BOTAN_HAS_PKCS5_PBE2) && defined(BOTAN_HAS_AES) && defined(BOTAN_HAS_SHA2_32) const std::string pbe_algo = "PBE-PKCS5v20(AES-128,SHA-256)"; const std::string passphrase = Test::random_password(); try { Botan::DataSource_Memory data_src( Botan::PKCS8::PEM_encode(key, Test::rng(), passphrase, std::chrono::milliseconds(10), pbe_algo)); std::unique_ptr<Botan::Private_Key> loaded( Botan::PKCS8::load_key(data_src, Test::rng(), passphrase)); result.confirm("recovered private key from encrypted blob", loaded.get() != nullptr); result.test_eq("reloaded key has same type", loaded->algo_name(), key.algo_name()); try { result.confirm("private key passes self tests", loaded->check_key(Test::rng(), true)); } catch(Botan::Lookup_Error&) {} } catch(std::exception& e) { result.test_failure("roundtrip encrypted PEM private key", e.what()); } try { Botan::DataSource_Memory data_src( Botan::PKCS8::BER_encode(key, Test::rng(), passphrase, std::chrono::milliseconds(10), pbe_algo)); std::unique_ptr<Botan::Private_Key> loaded( Botan::PKCS8::load_key(data_src, Test::rng(), passphrase)); result.confirm("recovered private key from BER blob", loaded.get() != nullptr); result.test_eq("reloaded key has same type", loaded->algo_name(), key.algo_name()); try { result.confirm("private key passes self tests", loaded->check_key(Test::rng(), true)); } catch(Botan::Lookup_Error&) {} } catch(std::exception& e) { result.test_failure("roundtrip encrypted BER private key", e.what()); } #endif } result.end_timer(); results.push_back(result); } return results; }
Test::Result PK_Encryption_Decryption_Test::run_one_test(const std::string& pad_hdr, const VarMap& vars) { const std::vector<uint8_t> plaintext = get_req_bin(vars, "Msg"); const std::vector<uint8_t> ciphertext = get_req_bin(vars, "Ciphertext"); const std::string padding = choose_padding(vars, pad_hdr); Test::Result result(algo_name() + (padding.empty() ? padding : "/" + padding) + " decryption"); std::unique_ptr<Botan::Private_Key> privkey = load_private_key(vars); // instead slice the private key to work around elgamal test inputs //std::unique_ptr<Botan::Public_Key> pubkey(Botan::X509::load_key(Botan::X509::BER_encode(*privkey))); Botan::Public_Key* pubkey = privkey.get(); std::vector<std::unique_ptr<Botan::PK_Decryptor>> decryptors; for(auto const& dec_provider : possible_providers(algo_name())) { std::unique_ptr<Botan::PK_Decryptor> decryptor; try { decryptor.reset(new Botan::PK_Decryptor_EME(*privkey, Test::rng(), padding, dec_provider)); } catch(Botan::Lookup_Error&) { continue; } Botan::secure_vector<uint8_t> decrypted; try { decrypted = decryptor->decrypt(ciphertext); } catch(Botan::Exception& e) { result.test_failure("Failed to decrypt KAT ciphertext", e.what()); } result.test_eq(dec_provider, "decryption of KAT", decrypted, plaintext); check_invalid_ciphertexts(result, *decryptor, plaintext, ciphertext); } for(auto const& enc_provider : possible_providers(algo_name())) { std::unique_ptr<Botan::PK_Encryptor> encryptor; try { encryptor.reset(new Botan::PK_Encryptor_EME(*pubkey, Test::rng(), padding, enc_provider)); } catch(Botan::Lookup_Error&) { continue; } std::unique_ptr<Botan::RandomNumberGenerator> kat_rng; if(vars.count("Nonce")) { kat_rng.reset(test_rng(get_req_bin(vars, "Nonce"))); } if(padding == "Raw") { /* Hack for RSA with no padding since sometimes one more bit will fit in but maximum_input_size rounds down to nearest byte */ result.test_lte("Input within accepted bounds", plaintext.size(), encryptor->maximum_input_size() + 1); } else { result.test_lte("Input within accepted bounds", plaintext.size(), encryptor->maximum_input_size()); } const std::vector<uint8_t> generated_ciphertext = encryptor->encrypt(plaintext, kat_rng ? *kat_rng : Test::rng()); if(enc_provider == "base") { result.test_eq(enc_provider, "generated ciphertext matches KAT", generated_ciphertext, ciphertext); } else if(generated_ciphertext != ciphertext) { for(std::unique_ptr<Botan::PK_Decryptor>& dec : decryptors) { result.test_eq("decryption of generated ciphertext", dec->decrypt(generated_ciphertext), plaintext); } } } return result; }
Test::Result run_one_test(const std::string& algo, const VarMap& vars) override { const std::vector<uint8_t> key = get_req_bin(vars, "Key"); const std::vector<uint8_t> nonce = get_opt_bin(vars, "Nonce"); const std::vector<uint8_t> input = get_req_bin(vars, "In"); const std::vector<uint8_t> expected = get_req_bin(vars, "Out"); Test::Result result(algo); const std::vector<std::string> providers = possible_providers(algo); if(providers.empty()) { result.note_missing("cipher mode " + algo); return result; } for(auto&& provider_ask : providers) { std::unique_ptr<Botan::Cipher_Mode> enc(Botan::get_cipher_mode( algo, Botan::ENCRYPTION, provider_ask)); std::unique_ptr<Botan::Cipher_Mode> dec(Botan::get_cipher_mode( algo, Botan::DECRYPTION, provider_ask)); if(!enc || !dec) { result.note_missing(algo); return result; } result.test_is_nonempty("provider", enc->provider()); result.test_eq("name", enc->name(), algo); result.test_eq("mode not authenticated", enc->authenticated(), false); // Test to make sure reset() resets what we need it to enc->set_key(mutate_vec(key)); Botan::secure_vector<uint8_t> garbage = Test::rng().random_vec(enc->update_granularity()); enc->start(mutate_vec(nonce)); enc->update(garbage); enc->reset(); enc->set_key(key); enc->start(nonce); Botan::secure_vector<uint8_t> buf(input.begin(), input.end()); // TODO: should first update if possible enc->finish(buf); result.test_eq("encrypt", buf, expected); // additionally test process() if possible size_t update_granularity = enc->update_granularity(); size_t input_length = input.size(); size_t min_final_bytes = enc->minimum_final_size(); if(input_length > (update_granularity + min_final_bytes)) { // reset state first enc->reset(); enc->start(nonce); buf.assign(input.begin(), input.end()); // we can process at max input_length const size_t max_blocks_to_process = (input_length - min_final_bytes) / update_granularity; const size_t bytes_to_process = max_blocks_to_process * update_granularity; const size_t bytes_written = enc->process(buf.data(), bytes_to_process); result.test_eq("correct number of bytes processed", bytes_written, bytes_to_process); enc->finish(buf, bytes_to_process); result.test_eq("encrypt", buf, expected); } // decryption buf.assign(expected.begin(), expected.end()); // Test to make sure reset() resets what we need it to dec->set_key(mutate_vec(key)); garbage = Test::rng().random_vec(dec->update_granularity()); dec->start(mutate_vec(nonce)); dec->update(garbage); dec->reset(); dec->set_key(key); dec->start(nonce); dec->finish(buf); result.test_eq("decrypt", buf, input); // additionally test process() if possible update_granularity = dec->update_granularity(); input_length = expected.size(); min_final_bytes = dec->minimum_final_size(); if(input_length > (update_granularity + min_final_bytes)) { // reset state first dec->reset(); dec->start(nonce); buf.assign(expected.begin(), expected.end()); // we can process at max input_length const size_t max_blocks_to_process = (input_length - min_final_bytes) / update_granularity; const size_t bytes_to_process = max_blocks_to_process * update_granularity; const size_t bytes_written = dec->process(buf.data(), bytes_to_process); result.test_eq("correct number of bytes processed", bytes_written, bytes_to_process); dec->finish(buf, bytes_to_process); result.test_eq("decrypt", buf, input); } enc->clear(); dec->clear(); } return result; }