aboutsummaryrefslogtreecommitdiffstats
path: root/src/cli
diff options
context:
space:
mode:
authorJack Lloyd <lloyd@randombit.net>2016-08-31 12:58:58 -0400
committerJack Lloyd <lloyd@randombit.net>2016-08-31 12:58:58 -0400
commitdfab07a7bc00dc00f98ab86c70d536306073f34f (patch)
treed3dbb140764f259c932171d6f229d033dee685ca /src/cli
parente29024608fca1b811aa72a7aafd930a42740b968 (diff)
parent1b9cf39063194fe91dc8e5d78f73d7251c5d16fc (diff)
Merge master into this branch, resolving conflicts with #457/#576
which recently landed on master.
Diffstat (limited to 'src/cli')
-rw-r--r--src/cli/cli.h7
-rw-r--r--src/cli/credentials.h2
-rw-r--r--src/cli/speed.cpp98
-rw-r--r--src/cli/tls_client.cpp38
-rw-r--r--src/cli/tls_proxy.cpp18
-rw-r--r--src/cli/utils.cpp40
6 files changed, 136 insertions, 67 deletions
diff --git a/src/cli/cli.h b/src/cli/cli.h
index 11cc8add7..7e2d49f0f 100644
--- a/src/cli/cli.h
+++ b/src/cli/cli.h
@@ -10,7 +10,10 @@
#include <botan/build.h>
#include <botan/parsing.h>
#include <botan/rng.h>
-#include <botan/auto_rng.h>
+
+#if defined(BOTAN_HAS_AUTO_SEEDING_RNG)
+ #include <botan/auto_rng.h>
+#endif
#if defined(BOTAN_HAS_SYSTEM_RNG)
#include <botan/system_rng.h>
@@ -471,7 +474,9 @@ class Command
if(rng_type == "auto")
{
+#if defined(BOTAN_HAS_AUTO_SEEDING_RNG)
m_rng.reset(new Botan::AutoSeeded_RNG);
+#endif
}
if(!m_rng)
diff --git a/src/cli/credentials.h b/src/cli/credentials.h
index 11bfd3de1..95bbd5aa4 100644
--- a/src/cli/credentials.h
+++ b/src/cli/credentials.h
@@ -62,7 +62,7 @@ class Basic_Credentials_Manager : public Botan::Credentials_Manager
try
{
// TODO: make path configurable
- const std::vector<std::string> paths = { "/usr/share/ca-certificates" };
+ const std::vector<std::string> paths = { "/etc/ssl/certs", "/usr/share/ca-certificates" };
for(auto&& path : paths)
{
diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp
index 595b4bd20..222a98d3f 100644
--- a/src/cli/speed.cpp
+++ b/src/cli/speed.cpp
@@ -6,6 +6,8 @@
*/
#include "cli.h"
+#include "../tests/test_rng.h" // FIXME
+
#include <sstream>
#include <iomanip>
#include <chrono>
@@ -17,9 +19,12 @@
#include <botan/hash.h>
#include <botan/mac.h>
#include <botan/cipher_mode.h>
-#include <botan/auto_rng.h>
#include <botan/entropy_src.h>
+#if defined(BOTAN_HAS_AUTO_SEEDING_RNG)
+ #include <botan/auto_rng.h>
+#endif
+
#if defined(BOTAN_HAS_SYSTEM_RNG)
#include <botan/system_rng.h>
#endif
@@ -36,6 +41,10 @@
#include <botan/x931_rng.h>
#endif
+#if defined(BOTAN_HAS_FPE_FE1)
+ #include <botan/fpe_fe1.h>
+#endif
+
#if defined(BOTAN_HAS_COMPRESSION)
#include <botan/compression.h>
#endif
@@ -398,10 +407,19 @@ class Speed final : public Command
bench_inverse_mod(msec);
}
#endif
+
+#if defined(BOTAN_HAS_FPE_FE1)
+ else if(algo == "fpe_fe1")
+ {
+ bench_fpe_fe1(msec);
+ }
+#endif
else if(algo == "RNG")
{
+#if defined(BOTAN_HAS_AUTO_SEEDING_RNG)
Botan::AutoSeeded_RNG auto_rng;
bench_rng(auto_rng, "AutoSeeded_RNG (periodic reseed)", msec, buf_size);
+#endif
#if defined(BOTAN_HAS_SYSTEM_RNG)
bench_rng(Botan::system_rng(), "System_RNG", msec, buf_size);
@@ -415,12 +433,15 @@ class Speed final : public Command
#if defined(BOTAN_HAS_HMAC_DRBG)
for(std::string hash : { "SHA-256", "SHA-384", "SHA-512" })
{
-
- auto hmac = Botan::MessageAuthenticationCode::create("HMAC(" + hash + ")");
- Botan::HMAC_DRBG hmac_drbg(hmac->clone());
+ Botan::HMAC_DRBG hmac_drbg(hash);
bench_rng(hmac_drbg, hmac_drbg.name(), msec, buf_size);
+ }
+#endif
- Botan::HMAC_RNG hmac_rng(hmac->clone(), hmac->clone());
+#if defined(BOTAN_HAS_HMAC_RNG)
+ for(std::string hash : { "SHA-256", "SHA-384", "SHA-512" })
+ {
+ Botan::HMAC_RNG hmac_rng(Botan::MessageAuthenticationCode::create("HMAC(" + hash + ")"));
bench_rng(hmac_rng, hmac_rng.name(), msec, buf_size);
}
#endif
@@ -579,38 +600,26 @@ class Speed final : public Command
{
Botan::secure_vector<uint8_t> buffer(buf_size);
- rng.add_entropy(buffer.data(), buffer.size());
- rng.reseed(256);
+#if defined(BOTAN_HAS_SYSTEM_RNG)
+ rng.reseed_from_rng(Botan::system_rng(), 256);
+#endif
Timer timer(rng_name, "", "generate", buffer.size());
timer.run_until_elapsed(runtime, [&] { rng.randomize(buffer.data(), buffer.size()); });
output() << Timer::result_string_bps(timer);
}
- void bench_entropy_sources(const std::chrono::milliseconds runtime)
+ void bench_entropy_sources(const std::chrono::milliseconds)
{
Botan::Entropy_Sources& srcs = Botan::Entropy_Sources::global_sources();
- typedef std::chrono::system_clock clock;
-
- auto deadline = clock::now() + runtime;
-
for(auto src : srcs.enabled_sources())
{
- double entropy_bits = 0.0;
- size_t samples = 0;
- std::vector<size_t> entropy;
-
- Botan::Entropy_Accumulator accum(
- [&](const uint8_t buf[], size_t buf_len, double buf_entropy) -> bool {
- entropy.insert(entropy.end(), buf, buf + buf_len);
- entropy_bits += buf_entropy;
- samples += 1;
- return (samples > 1024 || entropy_bits > 1024 || clock::now() > deadline);
- });
+ size_t entropy_bits = 0;
+ Botan_Tests::SeedCapturing_RNG rng;
Timer timer(src, "", "bytes");
- timer.run([&] { srcs.poll_just(accum, src); });
+ timer.run([&] { entropy_bits = srcs.poll_just(rng, src); });
#if defined(BOTAN_HAS_COMPRESSION)
std::unique_ptr<Botan::Compression_Algorithm> comp(Botan::make_compressor("zlib"));
@@ -618,13 +627,13 @@ class Speed final : public Command
if(comp)
{
- compressed.assign(entropy.begin(), entropy.end());
+ compressed.assign(rng.seed_material().begin(), rng.seed_material().end());
comp->start(9);
comp->finish(compressed);
}
#endif
- output() << "Entropy source " << src << " output " << entropy.size() << " bytes"
+ output() << "Entropy source " << src << " output " << rng.seed_material().size() << " bytes"
<< " estimated entropy " << entropy_bits
<< " in " << timer.milliseconds() << " ms";
@@ -635,10 +644,45 @@ class Speed final : public Command
}
#endif
- output() << " total samples " << samples << "\n";
+ output() << " total samples " << rng.samples() << "\n";
}
}
+#if defined(BOTAN_HAS_FPE_FE1)
+
+ void bench_fpe_fe1(const std::chrono::milliseconds runtime)
+ {
+ const Botan::BigInt n = 1000000000000000;
+
+ Timer enc_timer("FPE_FE1 encrypt");
+ Timer dec_timer("FPE_FE1 decrypt");
+
+ const Botan::SymmetricKey key(rng(), 32);
+ const std::vector<uint8_t> tweak(8); // 8 zeros
+
+ Botan::BigInt x = 1;
+
+ while(enc_timer.under(runtime))
+ {
+ enc_timer.start();
+ x = Botan::FPE::fe1_encrypt(n, x, key, tweak);
+ enc_timer.stop();
+ }
+
+ for(size_t i = 0; i != enc_timer.events(); ++i)
+ {
+ dec_timer.start();
+ x = Botan::FPE::fe1_decrypt(n, x, key, tweak);
+ dec_timer.stop();
+ }
+
+ BOTAN_ASSERT(x == 1, "FPE works");
+
+ output() << Timer::result_string_ops(enc_timer);
+ output() << Timer::result_string_ops(dec_timer);
+ }
+#endif
+
#if defined(BOTAN_HAS_NUMBERTHEORY)
void bench_inverse_mod(const std::chrono::milliseconds runtime)
diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp
index 6af2f56f8..caf7d4a1f 100644
--- a/src/cli/tls_client.cpp
+++ b/src/cli/tls_client.cpp
@@ -1,5 +1,6 @@
/*
* (C) 2014,2015 Jack Lloyd
+* 2016 Matthias Gierlings
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
@@ -35,7 +36,7 @@
namespace Botan_CLI {
-class TLS_Client final : public Command
+class TLS_Client final : public Command, public Botan::TLS::Callbacks
{
public:
TLS_Client() : Command("tls_client host --port=443 --print-certs --policy= "
@@ -98,15 +99,10 @@ class TLS_Client final : public Command
const std::vector<std::string> protocols_to_offer = Botan::split_on("next-protocols", ',');
- int sockfd = connect_to_host(host, port, use_tcp);
+ m_sockfd = connect_to_host(host, port, use_tcp);
using namespace std::placeholders;
- auto socket_write =
- use_tcp ?
- std::bind(stream_socket_write, sockfd, _1, _2) :
- std::bind(dgram_socket_write, sockfd, _1, _2);
-
auto version = policy->latest_supported_version(!use_tcp);
if(flag_set("tls1.0"))
@@ -118,10 +114,7 @@ class TLS_Client final : public Command
version = Botan::TLS::Protocol_Version::TLS_V11;
}
- Botan::TLS::Client client(socket_write,
- std::bind(&TLS_Client::process_data, this, _1, _2),
- std::bind(&TLS_Client::alert_received, this, _1, _2, _3),
- std::bind(&TLS_Client::handshake_complete, this, _1),
+ Botan::TLS::Client client(*this,
*session_mgr,
creds,
*policy,
@@ -136,7 +129,7 @@ class TLS_Client final : public Command
{
fd_set readfds;
FD_ZERO(&readfds);
- FD_SET(sockfd, &readfds);
+ FD_SET(m_sockfd, &readfds);
if(client.is_active())
{
@@ -152,13 +145,13 @@ class TLS_Client final : public Command
struct timeval timeout = { 1, 0 };
- ::select(sockfd + 1, &readfds, nullptr, nullptr, &timeout);
+ ::select(m_sockfd + 1, &readfds, nullptr, nullptr, &timeout);
- if(FD_ISSET(sockfd, &readfds))
+ if(FD_ISSET(m_sockfd, &readfds))
{
uint8_t buf[4*1024] = { 0 };
- ssize_t got = ::read(sockfd, buf, sizeof(buf));
+ ssize_t got = ::read(m_sockfd, buf, sizeof(buf));
if(got == 0)
{
@@ -216,7 +209,7 @@ class TLS_Client final : public Command
}
}
- ::close(sockfd);
+ ::close(m_sockfd);
}
private:
@@ -256,7 +249,7 @@ class TLS_Client final : public Command
return fd;
}
- bool handshake_complete(const Botan::TLS::Session& session)
+ bool tls_session_established(const Botan::TLS::Session& session) override
{
output() << "Handshake complete, " << session.version().to_string()
<< " using " << session.ciphersuite().to_string() << "\n";
@@ -290,13 +283,13 @@ class TLS_Client final : public Command
throw CLI_Error("Socket write failed errno=" + std::to_string(errno));
}
- static void stream_socket_write(int sockfd, const uint8_t buf[], size_t length)
+ void tls_emit_data(const uint8_t buf[], size_t length) override
{
size_t offset = 0;
while(length)
{
- ssize_t sent = ::send(sockfd, (const char*)buf + offset,
+ ssize_t sent = ::send(m_sockfd, (const char*)buf + offset,
length, MSG_NOSIGNAL);
if(sent == -1)
@@ -312,16 +305,19 @@ class TLS_Client final : public Command
}
}
- void alert_received(Botan::TLS::Alert alert, const uint8_t [], size_t )
+ void tls_alert(Botan::TLS::Alert alert) override
{
output() << "Alert: " << alert.type_string() << "\n";
}
- void process_data(const uint8_t buf[], size_t buf_size)
+ void tls_record_received(uint64_t /*seq_no*/, const uint8_t buf[], size_t buf_size) override
{
for(size_t i = 0; i != buf_size; ++i)
output() << buf[i];
}
+
+ private:
+ int m_sockfd;
};
BOTAN_REGISTER_COMMAND("tls_client", TLS_Client);
diff --git a/src/cli/tls_proxy.cpp b/src/cli/tls_proxy.cpp
index 2929e473d..5140654de 100644
--- a/src/cli/tls_proxy.cpp
+++ b/src/cli/tls_proxy.cpp
@@ -1,6 +1,7 @@
/*
* TLS Server Proxy
* (C) 2014,2015 Jack Lloyd
+* (C) 2016 Matthias Gierlings
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
@@ -59,7 +60,7 @@ void log_text_message(const char* where, const uint8_t buf[], size_t buf_len)
//std::cout << where << ' ' << std::string(c, c + buf_len) << std::endl;
}
-class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_session>
+class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_session>, public Botan::TLS::Callbacks
{
public:
enum { readbuf_size = 4 * 1024 };
@@ -111,10 +112,7 @@ class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_sessio
m_server_endpoints(endpoints),
m_client_socket(io),
m_server_socket(io),
- m_tls(boost::bind(&tls_proxy_session::tls_proxy_write_to_client, this, _1, _2),
- boost::bind(&tls_proxy_session::tls_client_write_to_proxy, this, _1, _2),
- boost::bind(&tls_proxy_session::tls_alert_cb, this, _1, _2, _3),
- boost::bind(&tls_proxy_session::tls_handshake_complete, this, _1),
+ m_tls(*this,
session_manager,
credentials,
policy,
@@ -167,7 +165,7 @@ class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_sessio
{
m_client_socket.close();
}
- tls_proxy_write_to_client(nullptr, 0); // initiate another write if needed
+ tls_emit_data(nullptr, 0); // initiate another write if needed
}
void handle_server_write_completion(const boost::system::error_code& error)
@@ -183,13 +181,13 @@ class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_sessio
proxy_write_to_server(nullptr, 0); // initiate another write if needed
}
- void tls_client_write_to_proxy(const uint8_t buf[], size_t buf_len)
+ void tls_record_received(uint64_t /*rec_no*/, const uint8_t buf[], size_t buf_len) override
{
// Immediately bounce message to server
proxy_write_to_server(buf, buf_len);
}
- void tls_proxy_write_to_client(const uint8_t buf[], size_t buf_len)
+ void tls_emit_data(const uint8_t buf[], size_t buf_len) override
{
if(buf_len > 0)
m_p2c_pending.insert(m_p2c_pending.end(), buf, buf + buf_len);
@@ -268,7 +266,7 @@ class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_sessio
boost::asio::placeholders::bytes_transferred)));
}
- bool tls_handshake_complete(const Botan::TLS::Session& session)
+ bool tls_session_established(const Botan::TLS::Session& session) override
{
//std::cout << "Handshake from client complete" << std::endl;
@@ -292,7 +290,7 @@ class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_sessio
return true;
}
- void tls_alert_cb(Botan::TLS::Alert alert, const uint8_t[], size_t)
+ void tls_alert(Botan::TLS::Alert alert) override
{
if(alert.type() == Botan::TLS::Alert::CLOSE_NOTIFY)
{
diff --git a/src/cli/utils.cpp b/src/cli/utils.cpp
index 199a7894f..5ec8f295e 100644
--- a/src/cli/utils.cpp
+++ b/src/cli/utils.cpp
@@ -7,7 +7,6 @@
#include "cli.h"
#include <botan/version.h>
-#include <botan/auto_rng.h>
#include <botan/hash.h>
#include <botan/cpuid.h>
#include <botan/hex.h>
@@ -16,10 +15,18 @@
#include <botan/base64.h>
#endif
+#if defined(BOTAN_HAS_AUTO_SEEDING_RNG)
+ #include <botan/auto_rng.h>
+#endif
+
#if defined(BOTAN_HAS_SYSTEM_RNG)
#include <botan/system_rng.h>
#endif
+#if defined(BOTAN_HAS_RDRAND_RNG)
+ #include <botan/rdrand_rng.h>
+#endif
+
#if defined(BOTAN_HAS_HTTP_UTIL)
#include <botan/http_util.h>
#endif
@@ -149,24 +156,43 @@ BOTAN_REGISTER_COMMAND("hash", Hash);
class RNG final : public Command
{
public:
- RNG() : Command("rng bytes --system") {}
+ RNG() : Command("rng --system --rdrand *bytes") {}
void go() override
{
- const size_t bytes = get_arg_sz("bytes");
+ std::unique_ptr<Botan::RNG> rng;
if(flag_set("system"))
{
#if defined(BOTAN_HAS_SYSTEM_RNG)
- output() << Botan::hex_encode(Botan::system_rng().random_vec(bytes)) << "\n";
+ rng.reset(new Botan::System_RNG);
#else
error_output() << "system_rng disabled in build\n";
+ return;
+#endif
+ }
+ else if(flag_set("rdrand"))
+ {
+#if defined(BOTAN_HAS_RDRAND_RNG)
+ rng.reset(new Botan::RDRAND_RNG);
+#else
+ error_output() << "rdrand_rng disabled in build\n";
+ return;
#endif
}
else
{
- Botan::AutoSeeded_RNG rng;
- output() << Botan::hex_encode(rng.random_vec(bytes)) << "\n";
+#if defined(BOTAN_HAS_AUTO_SEEDING_RNG)
+ rng.reset(new Botan::AutoSeeded_RNG);
+#else
+ error_output() << "auto_rng disabled in build\n";
+ return;
+#endif
+ }
+
+ for(const std::string& req : get_arg_list("bytes"))
+ {
+ output() << Botan::hex_encode(rng->random_vec(Botan::to_u32bit(req))) << "\n";
}
}
};
@@ -240,7 +266,7 @@ class Generate_Bcrypt final : public Command
void go() override
{
const std::string password = get_arg("password");
- const size_t wf = get_arg_sz("work_factor");
+ const size_t wf = get_arg_sz("work-factor");
output() << Botan::generate_bcrypt(password, rng(), wf) << "\n";
}