diff options
| author | Philipp Weber <[email protected]> | 2016-05-30 12:37:11 +0200 |
|---|---|---|
| committer | Philipp Weber <[email protected]> | 2016-05-30 12:37:11 +0200 |
| commit | 5716a2556a8ff66f6eff7d28659bebdb1e8aedc1 (patch) | |
| tree | 7af21b8745763707552fde57beb910fd936a7a17 | |
| parent | b9c1cccda47aec29c7795f3df559caa55adfcb25 (diff) | |
| parent | fdfeeca157b36a4d4d4ab47dadba2bb785e17747 (diff) | |
Merge remote-tracking branch 'remotes/origin/master' into ecies
41 files changed, 272 insertions, 143 deletions
diff --git a/.gitignore b/.gitignore index 2c4639d6c..691fab8d2 100644 --- a/.gitignore +++ b/.gitignore @@ -5,6 +5,8 @@ libbotan*.so.* *.dylib *.exp *.lib +*.pdb +*.ilk *.dll *.exe *.manifest diff --git a/botan_version.py b/botan_version.py index b92681d93..e5e2b811a 100644 --- a/botan_version.py +++ b/botan_version.py @@ -1,7 +1,7 @@ release_major = 1 release_minor = 11 -release_patch = 29 +release_patch = 30 release_so_abi_rev = release_patch # These are set by the distribution script diff --git a/doc/news.rst b/doc/news.rst index fe6b5c4b7..0087782d3 100644 --- a/doc/news.rst +++ b/doc/news.rst @@ -9,6 +9,28 @@ Version 1.11.30, Not Yet Released a MAC failure. Records like this are used by OpenSSL in TLS 1.0 connections in order to randomize the IV. +* A bug in GCM caused incorrect results if the 32-bit counter field + overflowed. With a 96-bit nonce, this could only occur if 2**32 + 128-bit blocks were encrypted. This actually exceeds the maximum + allowable length of a GCM plaintext. + + However if a GCM nonce of any other size is used, the bug triggers + randomly, with increasing probability on longer messages. For + instance when encrypting 256 MiB of data under a random 128 bit + nonce, an incorrect result would be produced about 1/256 of the + time. With 1 MiB texts, the probability of error reduced to 1/65536. + +* The Transform and Keyed_Transform interfaces has been removed. The + two concrete implementations of these interfaces were Cipher_Mode + and the Compressor_tkk. The Cipher_Mode interface remains unchanged + as the Transform and Keyed_Transform signatures have moved to it; + no changes to Cipher_Mode usage should be necessary. Any uses of + Transform& or Keyed_Transform& to refer to a cipher should be replaced + by Cipher_Mode&. The compression algorithm interface has changed; the start + function now takes the per-message compression ratio to use. Previously the + compression level to use had to be set once, at creation time, and + the required `secure_vector` argument to start was required to be empty. + * Add IETF versions of the ChaCha20Poly1305 TLS ciphersuites from draft-ietf-tls-chacha20-poly1305-04. The previously implemented (non-standard) ChaCha20Poly1305 ciphersuites from @@ -19,10 +41,32 @@ Version 1.11.30, Not Yet Released previous versions of the draft, and the ciphersuite numbers used for the (still experimental) OCB ciphersuites have changed. +* Previously an unknown critical extension caused X.509 certificate + parsing to fail; such a cert could not be created at all. Now + parsing succeeds and the certificate validation fails with + an error indicating an unknown critical extension. GH #469 + +* X509_CRL previously had an option to cause it to ignore unknown + critical extensions. This has been removed. + +* Added support for ChaCha stream cipher with 12 rounds. + +* Add ECGDSA signature algorithm (GH #479) + +* Add NIST SP800-108 and 56C KDFs (GH #481) + * A bug in the IETF version of ChaCha20Poly1305 (with 96 bit nonces) caused incorrect computation when the plaintext or AAD was exactly a multiple of 16 bytes. +* Fix return type of TLS_Reader::get_u32bit, which was truncated to + 16 bits. This only affected decoding of session ticket lifetimes. + GH #478 + +* Fix OS X dylib naming problem (GH #468 #467) + +* Fix bcrypt function under Python 3 (GH #461) + Version 1.10.13, 2016-04-23 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/doc/security.rst b/doc/security.rst index c2858cb0a..23b46f30d 100644 --- a/doc/security.rst +++ b/doc/security.rst @@ -27,7 +27,7 @@ Advisories information about the nonce to eventually recover the ECDSA secret key. Found by Sean Devlin. - Introduced in 1.7.15, fixed in 1.11.29 + Introduced in 1.7.15, fixed in 1.10.13 and 1.11.29 * 2016-03-17 (CVE-2016-2850): Failure to enforce TLS policy @@ -158,7 +158,7 @@ Advisories time blocks with ctgrind (https://github.com/agl/ctgrind) were added to PKCS #1 decoding among other areas. Found in a review by Sirrix AG and 3curity GmbH. - Fixed in 1.11.22. Affected all previous versions. + Fixed in 1.11.22 and 1.10.13. Affected all previous versions. * 2015-08-03 (CVE-2015-5726): Crash in BER decoder diff --git a/doc/todo.rst b/doc/todo.rst index 4d33731ea..930c23fbd 100644 --- a/doc/todo.rst +++ b/doc/todo.rst @@ -14,8 +14,11 @@ CLI for an example * `encrypt` / `decrypt` tools providing password and/or public key based file encryption +* `bcrypt` cmdlet +* Make help output more helpful * More microbenchmarks in `speed`: modular exponentiation, ECC point multiplication, other BigInt operations +* Compute cycles/byte estimates for benchmark output TLS ---------------------------------------- @@ -81,6 +84,7 @@ Symmetric Algorithms, Hashes, ... * Bitsliced AES or Camellia * Compressed tables for AES * AES using vector permutes for NEON, AltiVec +* Use ARMv8 crypto: AES, SHA * Camellia with AES-NI * Serpent using AVX2 * Serpent using SSSE3 pshufb for sboxes @@ -112,7 +116,6 @@ Library Infrastructure * Add logging callbacks * Add latency tracing framework -* Compute cycles/byte estimates for benchmark output Build ---------------------------------------- diff --git a/readme.rst b/readme.rst index ff8f769c0..0fe50df7c 100644 --- a/readme.rst +++ b/readme.rst @@ -5,10 +5,13 @@ Botan (Japanese for peony) is a cryptography library written in C++11 and released under the permissive `Simplified BSD <http://botan.randombit.net/license.txt>`_ license. -It provides TLS, X.509 certificates, OCSP, ECDSA, AES, GCM, ChaCha20Poly1305, -McEliece, bcrypt, and quite a few other things. It also provides a `botan` -command line tool for various cryptographic operations, the source for which -also helps demonstrate usage of the library. +It contains TLS client and server implementation, X.509 certificates, +ECDSA, AES, GCM, ChaCha20Poly1305, McEliece, bcrypt and other useful +tools. + +As part of the build there is also a `botan` program built for command +line usage (similar to `openssl`). The sources for these are intended to +act as good examples of library usage. Development is coordinated on `GitHub <https://github.com/randombit/botan>`_ and contributions are welcome. Read `doc/contributing.rst` for more @@ -40,18 +43,16 @@ think you've found a security bug, read the `security page <http://botan.randombit.net/security.html>`_ for contact information and procedures. -The `GitHub wiki <https://github.com/randombit/botan/wiki>`_ -and `Doxygen docs <https://botan.randombit.net/doxygen>`_ -may also prove as useful resources. - In addition to C++, botan has a C89 API specifically designed to be easy to call from other languages. A Python binding using ctypes is included, there are also partial bindings for `Node.js <https://github.com/justinfreitag/node-botan>`_ and `OCaml <https://github.com/randombit/botan-ocaml>`_ among others. -There is also a third party open source implementation of -`SSHv2 <https://github.com/cdesjardins/cppssh>`_ using the library. +There is no support for the SSH protocol in Botan but there is a +seperately developed C++11 SSH library by `cdesjardins +<https://github.com/cdesjardins/cppssh>`_ which uses Botan for crypto +operations. .. image:: https://travis-ci.org/randombit/botan.svg?branch=master :target: https://travis-ci.org/randombit/botan @@ -188,9 +189,9 @@ Hash functions and MACs * SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512 * SHA-3 winner Keccak-1600 -* SHA-3 candidate Skein-512 -* Authentication codes HMAC, CMAC, Poly1305, SipHash +* Skein-512, BLAKE2b * RIPEMD-160, Tiger, Whirlpool, GOST 34.11 +* Authentication codes HMAC, CMAC, Poly1305, SipHash * Hash function combiners (Parallel and Comb4P) * Non-cryptographic checksums Adler32, CRC24, CRC32 * Obsolete algorithms MD5, MD4, CBC-MAC, X9.19 DES-MAC diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in index 6412fdcdf..d6201be19 100644 --- a/src/build-data/buildh.in +++ b/src/build-data/buildh.in @@ -226,12 +226,6 @@ Each poll generates 32 bit entropy %{target_compiler_defines} -#if defined(_MSC_VER) - // 4250: inherits via dominance (diamond inheritence issue) - // 4251: needs DLL interface (STL DLL exports) - #pragma warning(disable: 4250 4251) -#endif - /* * Compile-time deprecatation warnings */ diff --git a/src/build-data/cc/msvc.txt b/src/build-data/cc/msvc.txt index 02e33bfab..8231c0429 100644 --- a/src/build-data/cc/msvc.txt +++ b/src/build-data/cc/msvc.txt @@ -19,7 +19,7 @@ optimization_flags "/O2" debug_info_flags "/Zi /FS" lang_flags "/EHs /GR" -warning_flags "/W3 /wd4275 /wd4267" +warning_flags "/W4 /wd4250 /wd4251 /wd4275" visibility_build_flags "/DBOTAN_DLL=__declspec(dllexport)" visibility_attribute "__declspec(dllimport)" diff --git a/src/cli/main.cpp b/src/cli/main.cpp index f6bbcc30e..f63de8fa2 100644 --- a/src/cli/main.cpp +++ b/src/cli/main.cpp @@ -21,11 +21,13 @@ std::string main_help() std::ostringstream oss; oss << "Usage: botan <cmd> <cmd-options>\n"; - oss << "Available commands: "; - std::copy(avail_commands.begin(), - avail_commands.end(), - std::ostream_iterator<std::string>(oss, " ")); - oss << "\n"; + oss << "Available commands:\n"; + + for(auto& cmd_name : avail_commands) + { + auto cmd = Botan_CLI::Command::get_cmd(cmd_name); + oss << cmd->cmd_spec() << "\n"; + } return oss.str(); } diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 595b4bd20..c6149bf68 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -6,6 +6,7 @@ */ #include "cli.h" + #include <sstream> #include <iomanip> #include <chrono> @@ -36,6 +37,10 @@ #include <botan/x931_rng.h> #endif +#if defined(BOTAN_HAS_FPE_FE1) + #include <botan/fpe_fe1.h> +#endif + #if defined(BOTAN_HAS_COMPRESSION) #include <botan/compression.h> #endif @@ -398,6 +403,13 @@ class Speed final : public Command bench_inverse_mod(msec); } #endif + +#if defined(BOTAN_HAS_FPE_FE1) + else if(algo == "fpe_fe1") + { + bench_fpe_fe1(msec); + } +#endif else if(algo == "RNG") { Botan::AutoSeeded_RNG auto_rng; @@ -639,6 +651,41 @@ class Speed final : public Command } } +#if defined(BOTAN_HAS_FPE_FE1) + + void bench_fpe_fe1(const std::chrono::milliseconds runtime) + { + const Botan::BigInt n = 1000000000000000; + + Timer enc_timer("FPE_FE1 encrypt"); + Timer dec_timer("FPE_FE1 decrypt"); + + const Botan::SymmetricKey key(rng(), 32); + const std::vector<uint8_t> tweak(8); // 8 zeros + + Botan::BigInt x = 1; + + while(enc_timer.under(runtime)) + { + enc_timer.start(); + x = Botan::FPE::fe1_encrypt(n, x, key, tweak); + enc_timer.stop(); + } + + for(size_t i = 0; i != enc_timer.events(); ++i) + { + dec_timer.start(); + x = Botan::FPE::fe1_decrypt(n, x, key, tweak); + dec_timer.stop(); + } + + BOTAN_ASSERT(x == 1, "FPE works"); + + output() << Timer::result_string_ops(enc_timer); + output() << Timer::result_string_ops(dec_timer); + } +#endif + #if defined(BOTAN_HAS_NUMBERTHEORY) void bench_inverse_mod(const std::chrono::milliseconds runtime) diff --git a/src/lib/asn1/ber_dec.h b/src/lib/asn1/ber_dec.h index 8a5c9ca45..8c1491851 100644 --- a/src/lib/asn1/ber_dec.h +++ b/src/lib/asn1/ber_dec.h @@ -86,7 +86,7 @@ class BOTAN_DLL BER_Decoder ASN1_Tag type_tag, ASN1_Tag class_tag = CONTEXT_SPECIFIC) { - out = decode_constrained_integer(type_tag, class_tag, sizeof(out)); + out = static_cast<T>(decode_constrained_integer(type_tag, class_tag, sizeof(out))); return (*this); } diff --git a/src/lib/cert/x509/x509_ext.cpp b/src/lib/cert/x509/x509_ext.cpp index b54c82b87..85d40bf21 100644 --- a/src/lib/cert/x509/x509_ext.cpp +++ b/src/lib/cert/x509/x509_ext.cpp @@ -246,7 +246,7 @@ void Basic_Constraints::decode_inner(const std::vector<byte>& in) void Basic_Constraints::contents_to(Data_Store& subject, Data_Store&) const { subject.add("X509v3.BasicConstraints.is_ca", (m_is_ca ? 1 : 0)); - subject.add("X509v3.BasicConstraints.path_constraint", m_path_limit); + subject.add("X509v3.BasicConstraints.path_constraint", static_cast<u32bit>(m_path_limit)); } /* @@ -744,7 +744,7 @@ void CRL_Number::decode_inner(const std::vector<byte>& in) */ void CRL_Number::contents_to(Data_Store& info, Data_Store&) const { - info.add("X509v3.CRLNumber", m_crl_number); + info.add("X509v3.CRLNumber", static_cast<u32bit>(m_crl_number)); } /* diff --git a/src/lib/cert/x509/x509_ext.h b/src/lib/cert/x509/x509_ext.h index caefcb855..8ea2f2da6 100644 --- a/src/lib/cert/x509/x509_ext.h +++ b/src/lib/cert/x509/x509_ext.h @@ -490,7 +490,7 @@ class BOTAN_DLL Unknown_Critical_Extension final : public Certificate_Extension std::string oid_name() const override { return "Unknown OID name"; } - bool should_encode() const { return false; } + bool should_encode() const override { return false; } std::vector<byte> encode_inner() const override; void decode_inner(const std::vector<byte>&) override; void contents_to(Data_Store&, Data_Store&) const override; diff --git a/src/lib/cert/x509/x509cert.cpp b/src/lib/cert/x509/x509cert.cpp index f68956859..d7da00af0 100644 --- a/src/lib/cert/x509/x509cert.cpp +++ b/src/lib/cert/x509/x509cert.cpp @@ -159,7 +159,7 @@ void X509_Certificate::force_decode() if(tbs_cert.more_items()) throw Decoding_Error("TBSCertificate has more items that expected"); - m_subject.add("X509.Certificate.version", version); + m_subject.add("X509.Certificate.version", static_cast<u32bit>(version)); m_subject.add("X509.Certificate.serial", BigInt::encode(serial_bn)); m_subject.add("X509.Certificate.start", start.to_string()); m_subject.add("X509.Certificate.end", end.to_string()); @@ -182,7 +182,7 @@ void X509_Certificate::force_decode() const size_t limit = (x509_version() < 3) ? Cert_Extension::NO_CERT_PATH_LIMIT : 0; - m_subject.add("X509v3.BasicConstraints.path_constraint", limit); + m_subject.add("X509v3.BasicConstraints.path_constraint", static_cast<u32bit>(limit)); } } diff --git a/src/lib/cert/x509/x509opt.cpp b/src/lib/cert/x509/x509opt.cpp index 158f4c779..2dd2098fe 100644 --- a/src/lib/cert/x509/x509opt.cpp +++ b/src/lib/cert/x509/x509opt.cpp @@ -62,19 +62,6 @@ void X509_Cert_Options::CA_key(size_t limit) } /* -* Do basic sanity checks -*/ -void X509_Cert_Options::sanity_check() const - { - if(common_name.empty() || country.empty()) - throw Encoding_Error("X.509 certificate: name and country MUST be set"); - if(country.size() != 2) - throw Encoding_Error("Invalid ISO country code: " + country); - if(start >= end) - throw Encoding_Error("X509_Cert_Options: invalid time constraints"); - } - -/* * Initialize the certificate options */ X509_Cert_Options::X509_Cert_Options(const std::string& initial_opts, diff --git a/src/lib/cert/x509/x509self.cpp b/src/lib/cert/x509/x509self.cpp index 7d1c01c37..8b9aeda09 100644 --- a/src/lib/cert/x509/x509self.cpp +++ b/src/lib/cert/x509/x509self.cpp @@ -49,8 +49,6 @@ X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts, X509_DN subject_dn; AlternativeName subject_alt; - opts.sanity_check(); - std::vector<byte> pub_key = X509::BER_encode(key); std::unique_ptr<PK_Signer> signer(choose_sig_format(key, hash_fn, sig_algo)); load_info(opts, subject_dn, subject_alt); @@ -95,8 +93,6 @@ PKCS10_Request create_cert_req(const X509_Cert_Options& opts, X509_DN subject_dn; AlternativeName subject_alt; - opts.sanity_check(); - std::vector<byte> pub_key = X509::BER_encode(key); std::unique_ptr<PK_Signer> signer(choose_sig_format(key, hash_fn, sig_algo)); load_info(opts, subject_dn, subject_alt); diff --git a/src/lib/cert/x509/x509self.h b/src/lib/cert/x509/x509self.h index a4bbad214..401b2eb2f 100644 --- a/src/lib/cert/x509/x509self.h +++ b/src/lib/cert/x509/x509self.h @@ -115,11 +115,6 @@ class BOTAN_DLL X509_Cert_Options std::vector<OID> ex_constraints; /** - * Check the options set in this object for validity. - */ - void sanity_check() const; - - /** * Mark the certificate as a CA certificate and set the path limit. * @param limit the path limit to be set in the BasicConstraints extension. */ diff --git a/src/lib/math/ec_gfp/curve_nistp.cpp b/src/lib/math/ec_gfp/curve_nistp.cpp index c153340e9..176409dbf 100644 --- a/src/lib/math/ec_gfp/curve_nistp.cpp +++ b/src/lib/math/ec_gfp/curve_nistp.cpp @@ -94,7 +94,7 @@ inline u32bit get_u32bit(const BigInt& x, size_t i) #if (BOTAN_MP_WORD_BITS == 32) return x.word_at(i); #elif (BOTAN_MP_WORD_BITS == 64) - return (x.word_at(i/2) >> ((i % 2)*32)); + return static_cast<u32bit>(x.word_at(i/2) >> ((i % 2)*32)); #else #error "Not implemented" #endif diff --git a/src/lib/math/numbertheory/make_prm.cpp b/src/lib/math/numbertheory/make_prm.cpp index 3d82adf06..acd187063 100644 --- a/src/lib/math/numbertheory/make_prm.cpp +++ b/src/lib/math/numbertheory/make_prm.cpp @@ -66,7 +66,7 @@ BigInt random_prime(RandomNumberGenerator& rng, secure_vector<u16bit> sieve(sieve_size); for(size_t j = 0; j != sieve.size(); ++j) - sieve[j] = p % PRIMES[j]; + sieve[j] = static_cast<u16bit>(p % PRIMES[j]); size_t counter = 0; while(true) diff --git a/src/lib/math/numbertheory/numthry.cpp b/src/lib/math/numbertheory/numthry.cpp index ae2d33524..6c3d2c931 100644 --- a/src/lib/math/numbertheory/numthry.cpp +++ b/src/lib/math/numbertheory/numthry.cpp @@ -446,7 +446,7 @@ bool is_prime(const BigInt& n, RandomNumberGenerator& rng, // Fast path testing for small numbers (<= 65521) if(n <= PRIMES[PRIME_TABLE_SIZE-1]) { - const u16bit num = n.word_at(0); + const u16bit num = static_cast<u16bit>(n.word_at(0)); return std::binary_search(PRIMES, PRIMES + PRIME_TABLE_SIZE, num); } diff --git a/src/lib/modes/aead/ccm/ccm.cpp b/src/lib/modes/aead/ccm/ccm.cpp index df33685f3..1f528769e 100644 --- a/src/lib/modes/aead/ccm/ccm.cpp +++ b/src/lib/modes/aead/ccm/ccm.cpp @@ -81,8 +81,8 @@ void CCM_Mode::set_associated_data(const byte ad[], size_t length) // FIXME: support larger AD using length encoding rules BOTAN_ASSERT(length < (0xFFFF - 0xFF), "Supported CCM AD length"); - m_ad_buf.push_back(get_byte<u16bit>(0, length)); - m_ad_buf.push_back(get_byte<u16bit>(1, length)); + m_ad_buf.push_back(get_byte(0, static_cast<u16bit>(length))); + m_ad_buf.push_back(get_byte(1, static_cast<u16bit>(length))); m_ad_buf += std::make_pair(ad, length); while(m_ad_buf.size() % BS) m_ad_buf.push_back(0); // pad with zeros to full block size diff --git a/src/lib/modes/aead/gcm/gcm.cpp b/src/lib/modes/aead/gcm/gcm.cpp index 1dc5efe4f..e23551cb4 100644 --- a/src/lib/modes/aead/gcm/gcm.cpp +++ b/src/lib/modes/aead/gcm/gcm.cpp @@ -168,7 +168,7 @@ GCM_Mode::GCM_Mode(BlockCipher* cipher, size_t tag_size) : m_ghash.reset(new GHASH); - m_ctr.reset(new CTR_BE(cipher)); // CTR_BE takes ownership of cipher + m_ctr.reset(new CTR_BE(cipher, 4)); // CTR_BE takes ownership of cipher if(m_tag_size != 8 && m_tag_size != 16) throw Invalid_Argument(name() + ": Bad tag size " + std::to_string(m_tag_size)); diff --git a/src/lib/modes/mode_pad/mode_pad.cpp b/src/lib/modes/mode_pad/mode_pad.cpp index ecf241821..0f1df9e8a 100644 --- a/src/lib/modes/mode_pad/mode_pad.cpp +++ b/src/lib/modes/mode_pad/mode_pad.cpp @@ -37,7 +37,7 @@ void PKCS7_Padding::add_padding(secure_vector<byte>& buffer, size_t last_byte_pos, size_t block_size) const { - const byte pad_value = block_size - last_byte_pos; + const byte pad_value = static_cast<byte>(block_size - last_byte_pos); for(size_t i = 0; i != pad_value; ++i) buffer.push_back(pad_value); @@ -67,7 +67,7 @@ void ANSI_X923_Padding::add_padding(secure_vector<byte>& buffer, size_t last_byte_pos, size_t block_size) const { - const byte pad_value = block_size - last_byte_pos; + const byte pad_value = static_cast<byte>(block_size - last_byte_pos); for(size_t i = last_byte_pos; i < block_size; ++i) buffer.push_back(0); diff --git a/src/lib/pubkey/workfactor.cpp b/src/lib/pubkey/workfactor.cpp index 5cbd17f09..8be64bef3 100644 --- a/src/lib/pubkey/workfactor.cpp +++ b/src/lib/pubkey/workfactor.cpp @@ -51,7 +51,7 @@ size_t dl_exponent_size(size_t bits) const double strength = 1.92 * std::pow(log_p, 1.0/3.0) * std::pow(std::log(log_p), 2.0/3.0); - return 2 * std::max<size_t>(MIN_WORKFACTOR, log2_e * strength); + return 2 * std::max<size_t>(MIN_WORKFACTOR, static_cast<size_t>(log2_e * strength)); } } diff --git a/src/lib/rng/hmac_rng/hmac_rng.cpp b/src/lib/rng/hmac_rng/hmac_rng.cpp index 0b80de7bd..7a9e4dbc5 100644 --- a/src/lib/rng/hmac_rng/hmac_rng.cpp +++ b/src/lib/rng/hmac_rng/hmac_rng.cpp @@ -165,7 +165,7 @@ size_t HMAC_RNG::reseed_with_sources(Entropy_Sources& srcs, m_counter = 0; m_collected_entropy_estimate = - std::min<size_t>(m_collected_entropy_estimate + bits_collected, + std::min<size_t>(m_collected_entropy_estimate + static_cast<size_t>(bits_collected), m_extractor->output_length() * 8); m_output_since_reseed = 0; diff --git a/src/lib/stream/ctr/ctr.cpp b/src/lib/stream/ctr/ctr.cpp index e90bb43a4..f5301c099 100644 --- a/src/lib/stream/ctr/ctr.cpp +++ b/src/lib/stream/ctr/ctr.cpp @@ -23,10 +23,23 @@ CTR_BE::CTR_BE(BlockCipher* ciph) : m_cipher(ciph), m_counter(m_cipher->parallel_bytes()), m_pad(m_counter.size()), + m_ctr_size(m_cipher->block_size()), m_pad_pos(0) { } +CTR_BE::CTR_BE(BlockCipher* cipher, size_t ctr_size) : + m_cipher(cipher), + m_counter(m_cipher->parallel_bytes()), + m_pad(m_counter.size()), + m_ctr_size(ctr_size), + m_pad_pos(0) + { + //BOTAN_CHECK_ARG(m_ctr_size > 0 && m_ctr_size <= cipher->block_size(), "Invalid CTR size"); + if(m_ctr_size == 0 || m_ctr_size > m_cipher->block_size()) + throw Invalid_Argument("Invalid CTR-BE counter size"); + } + void CTR_BE::clear() { m_cipher->clear(); @@ -79,7 +92,7 @@ void CTR_BE::set_iv(const byte iv[], size_t iv_len) { buffer_insert(m_counter, i*bs, &m_counter[(i-1)*bs], bs); - for(size_t j = 0; j != bs; ++j) + for(size_t j = 0; j != m_ctr_size; ++j) if(++m_counter[i*bs + (bs - 1 - j)]) break; } @@ -98,8 +111,8 @@ void CTR_BE::increment_counter() for(size_t i = 0; i != n_wide; ++i) { - uint16_t carry = n_wide; - for(size_t j = 0; carry && j != bs; ++j) + uint16_t carry = static_cast<uint16_t>(n_wide); + for(size_t j = 0; carry && j != m_ctr_size; ++j) { const size_t off = i*bs + (bs-1-j); const uint16_t cnt = static_cast<uint16_t>(m_counter[off]) + carry; diff --git a/src/lib/stream/ctr/ctr.h b/src/lib/stream/ctr/ctr.h index 8e931605c..003297b92 100644 --- a/src/lib/stream/ctr/ctr.h +++ b/src/lib/stream/ctr/ctr.h @@ -44,12 +44,15 @@ class BOTAN_DLL CTR_BE final : public StreamCipher * @param cipher the underlying block cipher to use */ explicit CTR_BE(BlockCipher* cipher); + + CTR_BE(BlockCipher* cipher, size_t ctr_size); private: void key_schedule(const byte key[], size_t key_len) override; void increment_counter(); std::unique_ptr<BlockCipher> m_cipher; secure_vector<byte> m_counter, m_pad; + size_t m_ctr_size; size_t m_pad_pos; }; diff --git a/src/lib/tls/msg_cert_verify.cpp b/src/lib/tls/msg_cert_verify.cpp index 0d157dc57..2598255eb 100644 --- a/src/lib/tls/msg_cert_verify.cpp +++ b/src/lib/tls/msg_cert_verify.cpp @@ -65,7 +65,7 @@ std::vector<byte> Certificate_Verify::serialize() const buf.push_back(Signature_Algorithms::sig_algo_code(m_sig_algo)); } - const u16bit sig_len = m_signature.size(); + const u16bit sig_len = static_cast<u16bit>(m_signature.size()); buf.push_back(get_byte(0, sig_len)); buf.push_back(get_byte(1, sig_len)); buf += m_signature; diff --git a/src/lib/tls/msg_certificate.cpp b/src/lib/tls/msg_certificate.cpp index 5be9379bd..32e3e17f0 100644 --- a/src/lib/tls/msg_certificate.cpp +++ b/src/lib/tls/msg_certificate.cpp @@ -73,14 +73,14 @@ std::vector<byte> Certificate::serialize() const const size_t cert_size = raw_cert.size(); for(size_t j = 0; j != 3; ++j) { - buf.push_back(get_byte<u32bit>(j+1, cert_size)); + buf.push_back(get_byte(j+1, static_cast<u32bit>(cert_size))); } buf += raw_cert; } const size_t buf_size = buf.size() - 3; for(size_t i = 0; i != 3; ++i) - buf[i] = get_byte<u32bit>(i+1, buf_size); + buf[i] = get_byte(i+1, static_cast<u32bit>(buf_size)); return buf; } diff --git a/src/lib/tls/tls_channel.cpp b/src/lib/tls/tls_channel.cpp index 2cf351c80..5afdd6074 100644 --- a/src/lib/tls/tls_channel.cpp +++ b/src/lib/tls/tls_channel.cpp @@ -122,7 +122,7 @@ Handshake_State& Channel::create_handshake_state(Protocol_Version version) io.reset(new Datagram_Handshake_IO( std::bind(&Channel::send_record_under_epoch, this, _1, _2, _3), sequence_numbers(), - m_policy.dtls_default_mtu(), + static_cast<u16bit>(m_policy.dtls_default_mtu()), m_policy.dtls_initial_timeout(), m_policy.dtls_maximum_timeout())); } @@ -630,8 +630,8 @@ SymmetricKey Channel::key_material_export(const std::string& label, size_t context_size = context.length(); if(context_size > 0xFFFF) throw Exception("key_material_export context is too long"); - salt.push_back(get_byte<u16bit>(0, context_size)); - salt.push_back(get_byte<u16bit>(1, context_size)); + salt.push_back(get_byte(0, static_cast<u16bit>(context_size))); + salt.push_back(get_byte(1, static_cast<u16bit>(context_size))); salt += to_byte_vector(context); } @@ -644,4 +644,3 @@ SymmetricKey Channel::key_material_export(const std::string& label, } } - diff --git a/src/lib/tls/tls_extensions.cpp b/src/lib/tls/tls_extensions.cpp index 8befb2fbc..3ea97203c 100644 --- a/src/lib/tls/tls_extensions.cpp +++ b/src/lib/tls/tls_extensions.cpp @@ -99,13 +99,13 @@ std::vector<byte> Extensions::serialize() const buf.push_back(get_byte(0, extn_code)); buf.push_back(get_byte(1, extn_code)); - buf.push_back(get_byte<u16bit>(0, extn_val.size())); - buf.push_back(get_byte<u16bit>(1, extn_val.size())); + buf.push_back(get_byte(0, static_cast<u16bit>(extn_val.size()))); + buf.push_back(get_byte(1, static_cast<u16bit>(extn_val.size()))); buf += extn_val; } - const u16bit extn_size = buf.size() - 2; + const u16bit extn_size = static_cast<u16bit>(buf.size() - 2); buf[0] = get_byte(0, extn_size); buf[1] = get_byte(1, extn_size); @@ -147,7 +147,7 @@ Server_Name_Indicator::Server_Name_Indicator(TLS_Data_Reader& reader, if(name_type == 0) // DNS { m_sni_host_name = reader.get_string(2, 1, 65535); - name_bytes -= (2 + m_sni_host_name.size()); + name_bytes -= static_cast<u16bit>(2 + m_sni_host_name.size()); } else // some other unknown name type { @@ -163,12 +163,12 @@ std::vector<byte> Server_Name_Indicator::serialize() const size_t name_len = m_sni_host_name.size(); - buf.push_back(get_byte<u16bit>(0, name_len+3)); - buf.push_back(get_byte<u16bit>(1, name_len+3)); + buf.push_back(get_byte(0, static_cast<u16bit>(name_len+3))); + buf.push_back(get_byte(1, static_cast<u16bit>(name_len+3))); buf.push_back(0); // DNS - buf.push_back(get_byte<u16bit>(0, name_len)); - buf.push_back(get_byte<u16bit>(1, name_len)); + buf.push_back(get_byte(0, static_cast<u16bit>(name_len))); + buf.push_back(get_byte(1, static_cast<u16bit>(name_len))); buf += std::make_pair( reinterpret_cast<const byte*>(m_sni_host_name.data()), @@ -264,8 +264,8 @@ std::vector<byte> Application_Layer_Protocol_Notification::serialize() const 1); } - buf[0] = get_byte<u16bit>(0, buf.size()-2); - buf[1] = get_byte<u16bit>(1, buf.size()-2); + buf[0] = get_byte(0, static_cast<u16bit>(buf.size()-2)); + buf[1] = get_byte(1, static_cast<u16bit>(buf.size()-2)); return buf; } @@ -320,8 +320,8 @@ std::vector<byte> Supported_Elliptic_Curves::serialize() const buf.push_back(get_byte(1, id)); } - buf[0] = get_byte<u16bit>(0, buf.size()-2); - buf[1] = get_byte<u16bit>(1, buf.size()-2); + buf[0] = get_byte(0, static_cast<u16bit>(buf.size()-2)); + buf[1] = get_byte(1, static_cast<u16bit>(buf.size()-2)); return buf; } @@ -435,8 +435,8 @@ std::vector<byte> Signature_Algorithms::serialize() const {} } - buf[0] = get_byte<u16bit>(0, buf.size()-2); - buf[1] = get_byte<u16bit>(1, buf.size()-2); + buf[0] = get_byte(0, static_cast<u16bit>(buf.size()-2)); + buf[1] = get_byte(1, static_cast<u16bit>(buf.size()-2)); return buf; } @@ -492,7 +492,7 @@ std::vector<byte> SRTP_Protection_Profiles::serialize() const { std::vector<byte> buf; - const u16bit pp_len = m_pp.size() * 2; + const u16bit pp_len = static_cast<u16bit>(m_pp.size() * 2); buf.push_back(get_byte(0, pp_len)); buf.push_back(get_byte(1, pp_len)); diff --git a/src/lib/tls/tls_handshake_io.cpp b/src/lib/tls/tls_handshake_io.cpp index f39c9f84e..ed7b1487d 100644 --- a/src/lib/tls/tls_handshake_io.cpp +++ b/src/lib/tls/tls_handshake_io.cpp @@ -28,9 +28,9 @@ inline size_t load_be24(const byte q[3]) void store_be24(byte out[3], size_t val) { - out[0] = get_byte<u32bit>(1, val); - out[1] = get_byte<u32bit>(2, val); - out[2] = get_byte<u32bit>(3, val); + out[0] = get_byte(1, static_cast<u32bit>(val)); + out[1] = get_byte(2, static_cast<u32bit>(val)); + out[2] = get_byte(3, static_cast<u32bit>(val)); } u64bit steady_clock_ms() @@ -376,7 +376,7 @@ Datagram_Handshake_IO::format_w_seq(const std::vector<byte>& msg, Handshake_Type type, u16bit msg_sequence) const { - return format_fragment(msg.data(), msg.size(), 0, msg.size(), type, msg_sequence); + return format_fragment(msg.data(), msg.size(), 0, static_cast<u16bit>(msg.size()), type, msg_sequence); } std::vector<byte> @@ -441,8 +441,8 @@ std::vector<byte> Datagram_Handshake_IO::send_message(u16bit msg_seq, HANDSHAKE, format_fragment(&msg_bits[frag_offset], frag_len, - frag_offset, - msg_bits.size(), + static_cast<u16bit>(frag_offset), + static_cast<u16bit>(msg_bits.size()), msg_type, msg_seq)); diff --git a/src/lib/tls/tls_handshake_state.cpp b/src/lib/tls/tls_handshake_state.cpp index 67ba43265..afc32ba87 100644 --- a/src/lib/tls/tls_handshake_state.cpp +++ b/src/lib/tls/tls_handshake_state.cpp @@ -287,7 +287,7 @@ void Handshake_State::confirm_transition_to(Handshake_Type handshake_msg) m_hand_received_mask |= mask; - const bool ok = (m_hand_expecting_mask & mask); // overlap? + const bool ok = (m_hand_expecting_mask & mask) != 0; // overlap? if(!ok) throw Unexpected_Message("Unexpected state transition in handshake, got type " + @@ -311,14 +311,14 @@ bool Handshake_State::received_handshake_msg(Handshake_Type handshake_msg) const { const u32bit mask = bitmask_for_handshake_type(handshake_msg); - return (m_hand_received_mask & mask); + return (m_hand_received_mask & mask) != 0; } std::pair<Handshake_Type, std::vector<byte>> Handshake_State::get_next_handshake_msg() { const bool expecting_ccs = - (bitmask_for_handshake_type(HANDSHAKE_CCS) & m_hand_expecting_mask); + (bitmask_for_handshake_type(HANDSHAKE_CCS) & m_hand_expecting_mask) != 0; return m_handshake_io->get_next_record(expecting_ccs); } diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index f8262cdee..999ba2887 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -290,7 +290,7 @@ class BOTAN_DLL Text_Policy : public Policy { return get_bool("hide_unknown_users", Policy::hide_unknown_users()); } u32bit session_ticket_lifetime() const override - { return get_len("session_ticket_lifetime", Policy::session_ticket_lifetime()); } + { return static_cast<u32bit>(get_len("session_ticket_lifetime", Policy::session_ticket_lifetime())); } bool send_fallback_scsv(Protocol_Version version) const override { return get_bool("send_fallback_scsv", false) ? Policy::send_fallback_scsv(version) : false; } diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp index 8af6587e3..eacf313a8 100644 --- a/src/lib/tls/tls_record.cpp +++ b/src/lib/tls/tls_record.cpp @@ -172,8 +172,8 @@ void write_record(secure_vector<byte>& output, if(!cs) // initial unencrypted handshake records { - output.push_back(get_byte<u16bit>(0, msg_length)); - output.push_back(get_byte<u16bit>(1, msg_length)); + output.push_back(get_byte(0, static_cast<u16bit>(msg_length))); + output.push_back(get_byte(1, static_cast<u16bit>(msg_length))); output.insert(output.end(), msg, msg + msg_length); @@ -190,10 +190,10 @@ void write_record(secure_vector<byte>& output, const size_t rec_size = ctext_size + cs->nonce_bytes_from_record(); BOTAN_ASSERT(rec_size <= 0xFFFF, "Ciphertext length fits in field"); - output.push_back(get_byte<u16bit>(0, rec_size)); - output.push_back(get_byte<u16bit>(1, rec_size)); + output.push_back(get_byte(0, static_cast<u16bit>(rec_size))); + output.push_back(get_byte(1, static_cast<u16bit>(rec_size))); - aead->set_ad(cs->format_ad(seq, msg_type, version, msg_length)); + aead->set_ad(cs->format_ad(seq, msg_type, version, static_cast<u16bit>(msg_length))); if(cs->nonce_bytes_from_record() > 0) { @@ -213,7 +213,7 @@ void write_record(secure_vector<byte>& output, return; } - cs->mac()->update(cs->format_ad(seq, msg_type, version, msg_length)); + cs->mac()->update(cs->format_ad(seq, msg_type, version, static_cast<u16bit>(msg_length))); cs->mac()->update(msg, msg_length); @@ -228,8 +228,8 @@ void write_record(secure_vector<byte>& output, if(buf_size > MAX_CIPHERTEXT_SIZE) throw Internal_Error("Output record is larger than allowed by protocol"); - output.push_back(get_byte<u16bit>(0, buf_size)); - output.push_back(get_byte<u16bit>(1, buf_size)); + output.push_back(get_byte(0, static_cast<u16bit>(buf_size))); + output.push_back(get_byte(1, static_cast<u16bit>(buf_size))); const size_t header_size = output.size(); @@ -250,7 +250,7 @@ void write_record(secure_vector<byte>& output, buf_size - (iv_size + msg_length + mac_size + 1); for(size_t i = 0; i != pad_val + 1; ++i) - output.push_back(pad_val); + output.push_back(static_cast<byte>(pad_val)); } if(buf_size > MAX_CIPHERTEXT_SIZE) @@ -331,7 +331,7 @@ u16bit tls_padding_check(const byte record[], size_t record_len) for(size_t i = 0; i != record_len; ++i) { const size_t left = record_len - i - 2; - const byte delim_mask = CT::is_less<u16bit>(left, pad_byte) & 0xFF; + const byte delim_mask = CT::is_less<u16bit>(static_cast<u16bit>(left), pad_byte) & 0xFF; pad_invalid |= (delim_mask & (record[i] ^ pad_byte)); } @@ -389,7 +389,7 @@ void decrypt_record(secure_vector<byte>& output, const size_t ptext_size = aead->output_length(msg_length); aead->set_associated_data_vec( - cs.format_ad(record_sequence, record_type, record_version, ptext_size) + cs.format_ad(record_sequence, record_type, record_version, static_cast<u16bit>(ptext_size)) ); output += aead->start(nonce); @@ -421,7 +421,7 @@ void decrypt_record(secure_vector<byte>& output, u16bit pad_size = tls_padding_check(record_contents, record_len); // This mask is zero if there is not enough room in the packet - const u16bit size_ok_mask = CT::is_lte<u16bit>(mac_size + pad_size + iv_size, record_len); + const u16bit size_ok_mask = CT::is_lte<u16bit>(static_cast<u16bit>(mac_size + pad_size + iv_size), static_cast<u16bit>(record_len)); pad_size &= size_ok_mask; CT::unpoison(record_contents, record_len); @@ -433,7 +433,7 @@ void decrypt_record(secure_vector<byte>& output, CT::unpoison(pad_size); const byte* plaintext_block = &record_contents[iv_size]; - const u16bit plaintext_length = record_len - mac_size - iv_size - pad_size; + const u16bit plaintext_length = static_cast<u16bit>(record_len - mac_size - iv_size - pad_size); cs.mac()->update(cs.format_ad(record_sequence, record_type, record_version, plaintext_length)); cs.mac()->update(plaintext_block, plaintext_length); diff --git a/src/lib/tls/tls_session.cpp b/src/lib/tls/tls_session.cpp index 6d5fc1a7b..18c9b357c 100644 --- a/src/lib/tls/tls_session.cpp +++ b/src/lib/tls/tls_session.cpp @@ -106,11 +106,11 @@ Session::Session(const byte ber[], size_t ber_len) m_version = Protocol_Version(major_version, minor_version); m_start_time = std::chrono::system_clock::from_time_t(start_time); m_connection_side = static_cast<Connection_Side>(side_code); - m_srtp_profile = srtp_profile; + m_srtp_profile = static_cast<u16bit>(srtp_profile); m_server_info = Server_Information(server_hostname.value(), server_service.value(), - server_port); + static_cast<u16bit>(server_port)); m_srp_identifier = srp_identifier_str.value(); @@ -218,4 +218,3 @@ Session Session::decrypt(const byte in[], size_t in_len, const SymmetricKey& key } } - diff --git a/src/lib/utils/loadstor.h b/src/lib/utils/loadstor.h index a6c2b7969..9ae9fda0e 100644 --- a/src/lib/utils/loadstor.h +++ b/src/lib/utils/loadstor.h @@ -47,7 +47,7 @@ namespace Botan { template<typename T> inline byte get_byte(size_t byte_num, T input) { return static_cast<byte>( - input >> ((sizeof(T)-1-(byte_num&(sizeof(T)-1))) << 3) + input >> (((~byte_num)&(sizeof(T)-1)) << 3) ); } diff --git a/src/scripts/ci/appveyor.yml b/src/scripts/ci/appveyor.yml index d0f59c920..58e04eea9 100644 --- a/src/scripts/ci/appveyor.yml +++ b/src/scripts/ci/appveyor.yml @@ -24,9 +24,8 @@ install: ) - cl # check compiler version -# always build via amalgamation due to build time constraints on appveyor build_script: - - python configure.py --cc=msvc --via-amalgamation --cpu=%PLATFORM% %MODE% + - python configure.py --cc=msvc --cpu=%PLATFORM% %MODE% - nmake - botan-test - nmake install diff --git a/src/scripts/dist.py b/src/scripts/dist.py index 224f01395..9ec0e6738 100755 --- a/src/scripts/dist.py +++ b/src/scripts/dist.py @@ -3,7 +3,7 @@ """ Release script for botan (http://botan.randombit.net/) -(C) 2011, 2012, 2013, 2015 Jack Lloyd +(C) 2011, 2012, 2013, 2015, 2016 Jack Lloyd Botan is released under the Simplified BSD License (see license.txt) """ @@ -218,30 +218,51 @@ def main(args = None): version_file = os.path.join(output_basename, 'botan_version.py') - if os.access(version_file, os.R_OK): - # rewrite botan_version.py - - contents = open(version_file).readlines() - - def content_rewriter(): - for line in contents: - if line == 'release_vc_rev = None\n': - yield 'release_vc_rev = \'git:%s\'\n' % (rev_id) - elif line == 'release_datestamp = 0\n': - yield 'release_datestamp = %d\n' % (rel_date) - elif line == "release_type = \'unreleased\'\n": - if args[0] == 'snapshot': - yield "release_type = 'snapshot'\n" - else: - yield "release_type = 'released'\n" - else: - yield line - - open(version_file, 'w').write(''.join(list(content_rewriter()))) - else: + if os.access(version_file, os.R_OK) == False: logging.error('Cannot read %s' % (version_file)) return 2 + # rewrite botan_version.py + + contents = open(version_file).readlines() + + version_re = re.compile('release_(major|minor|patch) = ([0-9]+)') + version_parts = target_version.split('.') + assert len(version_parts) == 3 + + def content_rewriter(): + for line in contents: + + if target_version != 'HEAD': + match = version_re.match(line) + if match: + name_to_idx = { + 'major': 0, + 'minor': 1, + 'patch': 2 + } + in_tag = int(version_parts[name_to_idx[match.group(1)]]) + in_file = int(match.group(2)) + + if in_tag != in_file: + logging.error('Version number part "%s" in botan_version.py does not match tag %s' % + (match.group(1), target_version)) + raise Exception('Bad botan_version.py') + + if line == 'release_vc_rev = None\n': + yield 'release_vc_rev = \'git:%s\'\n' % (rev_id) + elif line == 'release_datestamp = 0\n': + yield 'release_datestamp = %d\n' % (rel_date) + elif line == "release_type = \'unreleased\'\n": + if args[0] == 'snapshot': + yield "release_type = 'snapshot'\n" + else: + yield "release_type = 'released'\n" + else: + yield line + + open(version_file, 'w').write(''.join(list(content_rewriter()))) + try: os.makedirs(options.output_dir) except OSError as e: @@ -323,5 +344,5 @@ if __name__ == '__main__': except Exception as e: logging.error(e) import traceback - logging.info(traceback.format_exc()) + logging.debug(traceback.format_exc()) sys.exit(1) diff --git a/src/tests/data/aead/gcm.vec b/src/tests/data/aead/gcm.vec index 21bc3a53e..516e828ec 100644 --- a/src/tests/data/aead/gcm.vec +++ b/src/tests/data/aead/gcm.vec @@ -38,6 +38,29 @@ In = D9313225F88406E5A55909C5AFF5269A86A7A9531534F7DA2E4C303D8A318A721C3C0C9 AD = FEEDFACEDEADBEEFFEEDFACEDEADBEEFABADDAD2 Out = 8CE24998625615B603A033ACA13FB894BE9112A5C3A211A8BA262A3CCA7E2CA701E4A9A4FBA43C90CCDCB281D48C7C6FD62875D2ACA417034C34AEE5619CC5AEFFFE0BFA462AF43C1699D050 +# GCM vectors generated by OpenSSL via Python cryptography +# +# These GCM nonces are not 96 bits and so are hashed with GHASH to +# produce the counter value. For these inputs the CTR value is +# very near 2^32, which exposed a bug in GCM when the counter overflowed + +Key = 00000000000000000000000000000000 +Nonce = 0AAC82F3E53C2756034F7BD5827C9EDD +In = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Out = 38C21B6430D9A3E4BC6749405765653AE91051E96CE0D076141DD7B515EC150FDB8A65EE988D206C9F64874664CDBF61257FFAE521B9A5EB5B35E3745F4232025B269A6CD7DCFE19153ECF7341CE2C6A6A87F95F2109841350DA3D24EEED4E4E32D2BED880737670FFE8ED76DB890FD72A0076300E50914984A777C9F2BC843977396C602B24E7A045F04D15CD2EAC01AD8808064CFE5A2DC1AE9FFFA4BF0A6F0C07668097DEEB9C5CA5EC1F9A52F96A403B73FEA2DBBF44473D355553EE7FB1B4D6630777DAF67804BE213089B9F78652CE970C582FD813F87FF0ECBACCE1CA46247E20D09F3E0B4EF6BFCD13244C6877F25E6646252CAD6EB7DBBA3476AAAC83BC3285FF70B50D6CDEDC8E5921944A + +Key = 00000000000000000000000000000000 +Nonce = 63ADFF969337DB7AAA3D862A8A827558 +In = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Out = E7813D2279516D5EE54E03371B0192FE2B66EF4BF3C7F741D2B8E1809CA5C1805908ADEFE6C5884736DF98B7EBCB08110B58C384E4A2FF25644CDFEAA2104FA3B33F00B689319EF7F09B2F066AEC96DC + +Key = 00000000000000000000000000000000 +Nonce = E60108DFED8198FB286E0A77E699DA7B +In = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Out = A833DCC2EC04BEF5ED9E7E7FB08D61244CD795C21FEE194E7AAF7D9BD66B324F39FFC46DB5A7B9E1D6703F95290027DE6AC274CAE11C632F16261B71CE97EEA6CBE8A82B4F55F5A8B5CE1B268A7B35D8 + + + [AES-192/GCM] # Nist | Test Case 7 Key = 000000000000000000000000000000000000000000000000 diff --git a/src/tests/test_bigint.cpp b/src/tests/test_bigint.cpp index 95ce8be08..a7e00498f 100644 --- a/src/tests/test_bigint.cpp +++ b/src/tests/test_bigint.cpp @@ -10,6 +10,7 @@ #include <botan/bigint.h> #include <botan/numthry.h> #include <botan/reducer.h> + #include <cmath> #endif namespace Botan_Tests { |