diff options
author | René Korthaus <[email protected]> | 2016-06-16 13:03:23 +0200 |
---|---|---|
committer | Daniel Neus <[email protected]> | 2016-06-17 14:36:16 +0200 |
commit | 960adccc86396f5d2ef9ec1a7374bcc9de70b85a (patch) | |
tree | d8891721e294437b3a2b510a41861925a95d7d13 | |
parent | 6816c9e71e01432792a997ad9a5d561b9cd94a48 (diff) |
fix test failures and seg faults when Botan is configured with --module-policy bsi
-rw-r--r-- | src/lib/pubkey/dsa/dsa.cpp | 2 | ||||
-rw-r--r-- | src/lib/pubkey/dsa/info.txt | 2 | ||||
-rw-r--r-- | src/lib/pubkey/ecdsa/ecdsa.cpp | 2 | ||||
-rw-r--r-- | src/lib/pubkey/ecdsa/info.txt | 2 | ||||
-rw-r--r-- | src/lib/pubkey/ecgdsa/ecgdsa.cpp | 2 | ||||
-rw-r--r-- | src/lib/pubkey/ecgdsa/info.txt | 2 | ||||
-rw-r--r-- | src/lib/pubkey/rsa/info.txt | 2 | ||||
-rw-r--r-- | src/lib/pubkey/rsa/rsa.cpp | 2 | ||||
-rw-r--r-- | src/tests/test_rfc6979.cpp | 11 | ||||
-rw-r--r-- | src/tests/test_rng.cpp | 31 | ||||
-rw-r--r-- | src/tests/unit_ecdh.cpp | 30 | ||||
-rw-r--r-- | src/tests/unit_ecdsa.cpp | 26 |
12 files changed, 85 insertions, 29 deletions
diff --git a/src/lib/pubkey/dsa/dsa.cpp b/src/lib/pubkey/dsa/dsa.cpp index c7d44c73a..c2d4b3454 100644 --- a/src/lib/pubkey/dsa/dsa.cpp +++ b/src/lib/pubkey/dsa/dsa.cpp @@ -69,7 +69,7 @@ bool DSA_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const if(!strong) return true; - return KeyPair::signature_consistency_check(rng, *this, "EMSA1(SHA-1)"); + return KeyPair::signature_consistency_check(rng, *this, "EMSA1(SHA-256)"); } namespace { diff --git a/src/lib/pubkey/dsa/info.txt b/src/lib/pubkey/dsa/info.txt index 94802ed59..855363789 100644 --- a/src/lib/pubkey/dsa/info.txt +++ b/src/lib/pubkey/dsa/info.txt @@ -5,4 +5,6 @@ dl_algo dl_group keypair numbertheory +emsa1 +sha2_32 </requires> diff --git a/src/lib/pubkey/ecdsa/ecdsa.cpp b/src/lib/pubkey/ecdsa/ecdsa.cpp index 53b5982e0..35a119420 100644 --- a/src/lib/pubkey/ecdsa/ecdsa.cpp +++ b/src/lib/pubkey/ecdsa/ecdsa.cpp @@ -26,7 +26,7 @@ bool ECDSA_PrivateKey::check_key(RandomNumberGenerator& rng, if(!strong) return true; - return KeyPair::signature_consistency_check(rng, *this, "EMSA1(SHA-1)"); + return KeyPair::signature_consistency_check(rng, *this, "EMSA1(SHA-256)"); } namespace { diff --git a/src/lib/pubkey/ecdsa/info.txt b/src/lib/pubkey/ecdsa/info.txt index e98913897..3b12bff0d 100644 --- a/src/lib/pubkey/ecdsa/info.txt +++ b/src/lib/pubkey/ecdsa/info.txt @@ -7,4 +7,6 @@ ecc_key keypair numbertheory rng +emsa1 +sha2_32 </requires> diff --git a/src/lib/pubkey/ecgdsa/ecgdsa.cpp b/src/lib/pubkey/ecgdsa/ecgdsa.cpp index b28e3fe96..3e14aa8f4 100644 --- a/src/lib/pubkey/ecgdsa/ecgdsa.cpp +++ b/src/lib/pubkey/ecgdsa/ecgdsa.cpp @@ -20,7 +20,7 @@ bool ECGDSA_PrivateKey::check_key(RandomNumberGenerator& rng, if(!strong) return true; - return KeyPair::signature_consistency_check(rng, *this, "EMSA1(SHA-1)"); + return KeyPair::signature_consistency_check(rng, *this, "EMSA1(SHA-256)"); } namespace { diff --git a/src/lib/pubkey/ecgdsa/info.txt b/src/lib/pubkey/ecgdsa/info.txt index 6c18a1440..79dec3199 100644 --- a/src/lib/pubkey/ecgdsa/info.txt +++ b/src/lib/pubkey/ecgdsa/info.txt @@ -8,4 +8,6 @@ ecc_key keypair numbertheory rng +emsa1 +sha2_32 </requires> diff --git a/src/lib/pubkey/rsa/info.txt b/src/lib/pubkey/rsa/info.txt index 264ff7c62..91eec565a 100644 --- a/src/lib/pubkey/rsa/info.txt +++ b/src/lib/pubkey/rsa/info.txt @@ -4,4 +4,6 @@ define RSA 20131128 if_algo keypair numbertheory +emsa_pssr +sha2_32 </requires> diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp index e12586014..6a645ec88 100644 --- a/src/lib/pubkey/rsa/rsa.cpp +++ b/src/lib/pubkey/rsa/rsa.cpp @@ -58,7 +58,7 @@ bool RSA_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const if((m_e * m_d) % lcm(m_p - 1, m_q - 1) != 1) return false; - return KeyPair::signature_consistency_check(rng, *this, "EMSA4(SHA-1)"); + return KeyPair::signature_consistency_check(rng, *this, "EMSA4(SHA-256)"); } namespace { diff --git a/src/tests/test_rfc6979.cpp b/src/tests/test_rfc6979.cpp index 30846c9e3..1b8e91377 100644 --- a/src/tests/test_rfc6979.cpp +++ b/src/tests/test_rfc6979.cpp @@ -11,6 +11,8 @@ #include <botan/hex.h> #endif +#include <botan/hash.h> + namespace Botan_Tests { namespace { @@ -31,6 +33,15 @@ class RFC6979_KAT_Tests : public Text_Based_Test const BigInt K = get_req_bn(vars, "K"); Test::Result result("RFC 6979 nonce generation"); + + auto hash_func = Botan::HashFunction::create(hash); + + if(!hash_func) + { + result.test_note("Skipping due to missing: " + hash); + return result; + } + result.test_eq("vector matches", Botan::generate_rfc6979_nonce(X, Q, H, hash), K); Botan::RFC6979_Nonce_Generator gen(hash, Q, X); diff --git a/src/tests/test_rng.cpp b/src/tests/test_rng.cpp index 6a9580345..7f1c1f123 100644 --- a/src/tests/test_rng.cpp +++ b/src/tests/test_rng.cpp @@ -40,15 +40,31 @@ Botan::RandomNumberGenerator* get_rng(const std::string& algo_str, const std::ve #if defined(BOTAN_HAS_HMAC_DRBG) if(rng_name == "HMAC_DRBG") - return new Botan::HMAC_DRBG( - Botan::MessageAuthenticationCode::create("HMAC(" + algo_name[1] + ")").release(), - new AllOnce_RNG(ikm)); + { + auto mac = Botan::MessageAuthenticationCode::create("HMAC(" + algo_name[1] + ")"); + + if(!mac) + { + return nullptr; + } + + return new Botan::HMAC_DRBG(mac.release(), new AllOnce_RNG(ikm)); + } + #endif #if defined(BOTAN_HAS_X931_RNG) if(rng_name == "X9.31-RNG") - return new Botan::ANSI_X931_RNG(Botan::BlockCipher::create(algo_name[1]).release(), - new Fixed_Output_RNG(ikm)); + { + auto bc = Botan::BlockCipher::create(algo_name[1]); + + if(!bc) + { + return nullptr; + } + + return new Botan::ANSI_X931_RNG(bc.release(), new Fixed_Output_RNG(ikm)); + } #endif return nullptr; @@ -72,6 +88,11 @@ class X931_RNG_Tests : public Text_Based_Test result.test_eq("length", L, expected.size()); std::unique_ptr<Botan::RandomNumberGenerator> rng(get_rng(algo, ikm)); + if(!rng) + { + result.note_missing("RNG " + algo); + return result; + } result.test_eq("rng", rng->random_vec(L), expected); diff --git a/src/tests/unit_ecdh.cpp b/src/tests/unit_ecdh.cpp index 0368a53d1..40a10203a 100644 --- a/src/tests/unit_ecdh.cpp +++ b/src/tests/unit_ecdh.cpp @@ -41,24 +41,30 @@ class ECDH_Unit_Tests : public Test std::vector<std::string> oids = { "1.2.840.10045.3.1.7", "1.3.132.0.8", "1.2.840.10045.3.1.1" }; - - for(auto&& oid : oids) + try { - Botan::EC_Group dom_pars(Botan::OIDS::lookup(oid)); - Botan::ECDH_PrivateKey private_a(Test::rng(), dom_pars); - Botan::ECDH_PrivateKey private_b(Test::rng(), dom_pars); + for(auto&& oid : oids) + { + Botan::EC_Group dom_pars(Botan::OIDS::lookup(oid)); + Botan::ECDH_PrivateKey private_a(Test::rng(), dom_pars); + Botan::ECDH_PrivateKey private_b(Test::rng(), dom_pars); - Botan::PK_Key_Agreement ka(private_a, "KDF2(SHA-1)"); - Botan::PK_Key_Agreement kb(private_b, "KDF2(SHA-1)"); + Botan::PK_Key_Agreement ka(private_a, "KDF2(SHA-512)"); + Botan::PK_Key_Agreement kb(private_b, "KDF2(SHA-512)"); - Botan::SymmetricKey alice_key = ka.derive_key(32, private_b.public_value()); - Botan::SymmetricKey bob_key = kb.derive_key(32, private_a.public_value()); + Botan::SymmetricKey alice_key = ka.derive_key(32, private_b.public_value()); + Botan::SymmetricKey bob_key = kb.derive_key(32, private_a.public_value()); - if(!result.test_eq("same derived key", alice_key.bits_of(), bob_key.bits_of())) - { - result.test_note("Keys where " + alice_key.as_string() + " and " + bob_key.as_string()); + if(!result.test_eq("same derived key", alice_key.bits_of(), bob_key.bits_of())) + { + result.test_note("Keys where " + alice_key.as_string() + " and " + bob_key.as_string()); + } } } + catch(Botan::Lookup_Error&) + { + result.test_note("Skipping due to missing KFD2 or SHA-512"); + } return result; } diff --git a/src/tests/unit_ecdsa.cpp b/src/tests/unit_ecdsa.cpp index ecafb3c7f..2ad341e5e 100644 --- a/src/tests/unit_ecdsa.cpp +++ b/src/tests/unit_ecdsa.cpp @@ -17,6 +17,7 @@ #include <botan/ec_group.h> #include <botan/oids.h> #include <botan/pkcs8.h> + #include <botan/hash.h> #endif #if defined(BOTAN_HAS_X509_CERTIFICATES) @@ -49,6 +50,15 @@ Test::Result test_hash_larger_than_n() for(size_t i = 0; i != message.size(); ++i) message[i] = i; + auto sha1 = Botan::HashFunction::create("SHA-1"); + auto sha224 = Botan::HashFunction::create("SHA-224"); + + if(!sha1 || !sha224) + { + result.test_note("Skipping due to missing SHA-1 or SHA-224"); + return result; + } + Botan::PK_Signer pk_signer_160(priv_key, "EMSA1_BSI(SHA-1)"); Botan::PK_Verifier pk_verifier_160(priv_key, "EMSA1_BSI(SHA-1)"); @@ -130,12 +140,12 @@ Test::Result test_sign_then_ver() Botan::EC_Group dom_pars(Botan::OID("1.3.132.0.8")); Botan::ECDSA_PrivateKey ecdsa(Test::rng(), dom_pars); - Botan::PK_Signer signer(ecdsa, "EMSA1(SHA-1)"); + Botan::PK_Signer signer(ecdsa, "EMSA1(SHA-256)"); auto msg = Botan::hex_decode("12345678901234567890abcdef12"); std::vector<byte> sig = signer.sign_message(msg, Test::rng()); - Botan::PK_Verifier verifier(ecdsa, "EMSA1(SHA-1)"); + Botan::PK_Verifier verifier(ecdsa, "EMSA1(SHA-256)"); result.confirm("signature verifies", verifier.verify_message(msg, sig)); @@ -205,7 +215,7 @@ Test::Result test_ecdsa_create_save_load() Botan::EC_Group dom_pars(Botan::OID("1.3.132.0.8")); Botan::ECDSA_PrivateKey key(Test::rng(), dom_pars); - Botan::PK_Signer signer(key, "EMSA1(SHA-1)"); + Botan::PK_Signer signer(key, "EMSA1(SHA-256)"); msg_signature = signer.sign_message(msg, Test::rng()); ecc_private_key_pem = Botan::PKCS8::PEM_encode(key); @@ -220,7 +230,7 @@ Test::Result test_ecdsa_create_save_load() Botan::ECDSA_PrivateKey* loaded_ec_key = dynamic_cast<Botan::ECDSA_PrivateKey*>(loaded_key.get()); result.confirm("the loaded key could be converted into an ECDSA_PrivateKey", loaded_ec_key); - Botan::PK_Verifier verifier(*loaded_ec_key, "EMSA1(SHA-1)"); + Botan::PK_Verifier verifier(*loaded_ec_key, "EMSA1(SHA-256)"); result.confirm("generated signature valid", verifier.verify_message(msg, msg_signature)); @@ -268,8 +278,8 @@ Test::Result test_read_pkcs8() Botan::ECDSA_PrivateKey* ecdsa_nodp = dynamic_cast<Botan::ECDSA_PrivateKey*>(loaded_key_nodp.get()); result.confirm("key loaded", ecdsa_nodp); - Botan::PK_Signer signer(*ecdsa_nodp, "EMSA1(SHA-1)"); - Botan::PK_Verifier verifier(*ecdsa_nodp, "EMSA1(SHA-1)"); + Botan::PK_Signer signer(*ecdsa_nodp, "EMSA1(SHA-256)"); + Botan::PK_Verifier verifier(*ecdsa_nodp, "EMSA1(SHA-256)"); std::vector<byte> signature_nodp = signer.sign_message(msg, Test::rng()); @@ -335,8 +345,8 @@ Test::Result test_curve_registry() Botan::EC_Group dom_pars(oid); Botan::ECDSA_PrivateKey ecdsa(Test::rng(), dom_pars); - Botan::PK_Signer signer(ecdsa, "EMSA1(SHA-1)"); - Botan::PK_Verifier verifier(ecdsa, "EMSA1(SHA-1)"); + Botan::PK_Signer signer(ecdsa, "EMSA1(SHA-256)"); + Botan::PK_Verifier verifier(ecdsa, "EMSA1(SHA-256)"); auto msg = Botan::hex_decode("12345678901234567890abcdef12"); std::vector<byte> sig = signer.sign_message(msg, Test::rng()); |