diff options
author | Jack Lloyd <lloyd@randombit.net> | 2016-08-31 12:58:58 -0400 |
---|---|---|
committer | Jack Lloyd <lloyd@randombit.net> | 2016-08-31 12:58:58 -0400 |
commit | dfab07a7bc00dc00f98ab86c70d536306073f34f (patch) | |
tree | d3dbb140764f259c932171d6f229d033dee685ca /src/cli | |
parent | e29024608fca1b811aa72a7aafd930a42740b968 (diff) | |
parent | 1b9cf39063194fe91dc8e5d78f73d7251c5d16fc (diff) |
Merge master into this branch, resolving conflicts with #457/#576
which recently landed on master.
Diffstat (limited to 'src/cli')
-rw-r--r-- | src/cli/cli.h | 7 | ||||
-rw-r--r-- | src/cli/credentials.h | 2 | ||||
-rw-r--r-- | src/cli/speed.cpp | 98 | ||||
-rw-r--r-- | src/cli/tls_client.cpp | 38 | ||||
-rw-r--r-- | src/cli/tls_proxy.cpp | 18 | ||||
-rw-r--r-- | src/cli/utils.cpp | 40 |
6 files changed, 136 insertions, 67 deletions
diff --git a/src/cli/cli.h b/src/cli/cli.h index 11cc8add7..7e2d49f0f 100644 --- a/src/cli/cli.h +++ b/src/cli/cli.h @@ -10,7 +10,10 @@ #include <botan/build.h> #include <botan/parsing.h> #include <botan/rng.h> -#include <botan/auto_rng.h> + +#if defined(BOTAN_HAS_AUTO_SEEDING_RNG) + #include <botan/auto_rng.h> +#endif #if defined(BOTAN_HAS_SYSTEM_RNG) #include <botan/system_rng.h> @@ -471,7 +474,9 @@ class Command if(rng_type == "auto") { +#if defined(BOTAN_HAS_AUTO_SEEDING_RNG) m_rng.reset(new Botan::AutoSeeded_RNG); +#endif } if(!m_rng) diff --git a/src/cli/credentials.h b/src/cli/credentials.h index 11bfd3de1..95bbd5aa4 100644 --- a/src/cli/credentials.h +++ b/src/cli/credentials.h @@ -62,7 +62,7 @@ class Basic_Credentials_Manager : public Botan::Credentials_Manager try { // TODO: make path configurable - const std::vector<std::string> paths = { "/usr/share/ca-certificates" }; + const std::vector<std::string> paths = { "/etc/ssl/certs", "/usr/share/ca-certificates" }; for(auto&& path : paths) { diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 595b4bd20..222a98d3f 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -6,6 +6,8 @@ */ #include "cli.h" +#include "../tests/test_rng.h" // FIXME + #include <sstream> #include <iomanip> #include <chrono> @@ -17,9 +19,12 @@ #include <botan/hash.h> #include <botan/mac.h> #include <botan/cipher_mode.h> -#include <botan/auto_rng.h> #include <botan/entropy_src.h> +#if defined(BOTAN_HAS_AUTO_SEEDING_RNG) + #include <botan/auto_rng.h> +#endif + #if defined(BOTAN_HAS_SYSTEM_RNG) #include <botan/system_rng.h> #endif @@ -36,6 +41,10 @@ #include <botan/x931_rng.h> #endif +#if defined(BOTAN_HAS_FPE_FE1) + #include <botan/fpe_fe1.h> +#endif + #if defined(BOTAN_HAS_COMPRESSION) #include <botan/compression.h> #endif @@ -398,10 +407,19 @@ class Speed final : public Command bench_inverse_mod(msec); } #endif + +#if defined(BOTAN_HAS_FPE_FE1) + else if(algo == "fpe_fe1") + { + bench_fpe_fe1(msec); + } +#endif else if(algo == "RNG") { +#if defined(BOTAN_HAS_AUTO_SEEDING_RNG) Botan::AutoSeeded_RNG auto_rng; bench_rng(auto_rng, "AutoSeeded_RNG (periodic reseed)", msec, buf_size); +#endif #if defined(BOTAN_HAS_SYSTEM_RNG) bench_rng(Botan::system_rng(), "System_RNG", msec, buf_size); @@ -415,12 +433,15 @@ class Speed final : public Command #if defined(BOTAN_HAS_HMAC_DRBG) for(std::string hash : { "SHA-256", "SHA-384", "SHA-512" }) { - - auto hmac = Botan::MessageAuthenticationCode::create("HMAC(" + hash + ")"); - Botan::HMAC_DRBG hmac_drbg(hmac->clone()); + Botan::HMAC_DRBG hmac_drbg(hash); bench_rng(hmac_drbg, hmac_drbg.name(), msec, buf_size); + } +#endif - Botan::HMAC_RNG hmac_rng(hmac->clone(), hmac->clone()); +#if defined(BOTAN_HAS_HMAC_RNG) + for(std::string hash : { "SHA-256", "SHA-384", "SHA-512" }) + { + Botan::HMAC_RNG hmac_rng(Botan::MessageAuthenticationCode::create("HMAC(" + hash + ")")); bench_rng(hmac_rng, hmac_rng.name(), msec, buf_size); } #endif @@ -579,38 +600,26 @@ class Speed final : public Command { Botan::secure_vector<uint8_t> buffer(buf_size); - rng.add_entropy(buffer.data(), buffer.size()); - rng.reseed(256); +#if defined(BOTAN_HAS_SYSTEM_RNG) + rng.reseed_from_rng(Botan::system_rng(), 256); +#endif Timer timer(rng_name, "", "generate", buffer.size()); timer.run_until_elapsed(runtime, [&] { rng.randomize(buffer.data(), buffer.size()); }); output() << Timer::result_string_bps(timer); } - void bench_entropy_sources(const std::chrono::milliseconds runtime) + void bench_entropy_sources(const std::chrono::milliseconds) { Botan::Entropy_Sources& srcs = Botan::Entropy_Sources::global_sources(); - typedef std::chrono::system_clock clock; - - auto deadline = clock::now() + runtime; - for(auto src : srcs.enabled_sources()) { - double entropy_bits = 0.0; - size_t samples = 0; - std::vector<size_t> entropy; - - Botan::Entropy_Accumulator accum( - [&](const uint8_t buf[], size_t buf_len, double buf_entropy) -> bool { - entropy.insert(entropy.end(), buf, buf + buf_len); - entropy_bits += buf_entropy; - samples += 1; - return (samples > 1024 || entropy_bits > 1024 || clock::now() > deadline); - }); + size_t entropy_bits = 0; + Botan_Tests::SeedCapturing_RNG rng; Timer timer(src, "", "bytes"); - timer.run([&] { srcs.poll_just(accum, src); }); + timer.run([&] { entropy_bits = srcs.poll_just(rng, src); }); #if defined(BOTAN_HAS_COMPRESSION) std::unique_ptr<Botan::Compression_Algorithm> comp(Botan::make_compressor("zlib")); @@ -618,13 +627,13 @@ class Speed final : public Command if(comp) { - compressed.assign(entropy.begin(), entropy.end()); + compressed.assign(rng.seed_material().begin(), rng.seed_material().end()); comp->start(9); comp->finish(compressed); } #endif - output() << "Entropy source " << src << " output " << entropy.size() << " bytes" + output() << "Entropy source " << src << " output " << rng.seed_material().size() << " bytes" << " estimated entropy " << entropy_bits << " in " << timer.milliseconds() << " ms"; @@ -635,10 +644,45 @@ class Speed final : public Command } #endif - output() << " total samples " << samples << "\n"; + output() << " total samples " << rng.samples() << "\n"; } } +#if defined(BOTAN_HAS_FPE_FE1) + + void bench_fpe_fe1(const std::chrono::milliseconds runtime) + { + const Botan::BigInt n = 1000000000000000; + + Timer enc_timer("FPE_FE1 encrypt"); + Timer dec_timer("FPE_FE1 decrypt"); + + const Botan::SymmetricKey key(rng(), 32); + const std::vector<uint8_t> tweak(8); // 8 zeros + + Botan::BigInt x = 1; + + while(enc_timer.under(runtime)) + { + enc_timer.start(); + x = Botan::FPE::fe1_encrypt(n, x, key, tweak); + enc_timer.stop(); + } + + for(size_t i = 0; i != enc_timer.events(); ++i) + { + dec_timer.start(); + x = Botan::FPE::fe1_decrypt(n, x, key, tweak); + dec_timer.stop(); + } + + BOTAN_ASSERT(x == 1, "FPE works"); + + output() << Timer::result_string_ops(enc_timer); + output() << Timer::result_string_ops(dec_timer); + } +#endif + #if defined(BOTAN_HAS_NUMBERTHEORY) void bench_inverse_mod(const std::chrono::milliseconds runtime) diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp index 6af2f56f8..caf7d4a1f 100644 --- a/src/cli/tls_client.cpp +++ b/src/cli/tls_client.cpp @@ -1,5 +1,6 @@ /* * (C) 2014,2015 Jack Lloyd +* 2016 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -35,7 +36,7 @@ namespace Botan_CLI { -class TLS_Client final : public Command +class TLS_Client final : public Command, public Botan::TLS::Callbacks { public: TLS_Client() : Command("tls_client host --port=443 --print-certs --policy= " @@ -98,15 +99,10 @@ class TLS_Client final : public Command const std::vector<std::string> protocols_to_offer = Botan::split_on("next-protocols", ','); - int sockfd = connect_to_host(host, port, use_tcp); + m_sockfd = connect_to_host(host, port, use_tcp); using namespace std::placeholders; - auto socket_write = - use_tcp ? - std::bind(stream_socket_write, sockfd, _1, _2) : - std::bind(dgram_socket_write, sockfd, _1, _2); - auto version = policy->latest_supported_version(!use_tcp); if(flag_set("tls1.0")) @@ -118,10 +114,7 @@ class TLS_Client final : public Command version = Botan::TLS::Protocol_Version::TLS_V11; } - Botan::TLS::Client client(socket_write, - std::bind(&TLS_Client::process_data, this, _1, _2), - std::bind(&TLS_Client::alert_received, this, _1, _2, _3), - std::bind(&TLS_Client::handshake_complete, this, _1), + Botan::TLS::Client client(*this, *session_mgr, creds, *policy, @@ -136,7 +129,7 @@ class TLS_Client final : public Command { fd_set readfds; FD_ZERO(&readfds); - FD_SET(sockfd, &readfds); + FD_SET(m_sockfd, &readfds); if(client.is_active()) { @@ -152,13 +145,13 @@ class TLS_Client final : public Command struct timeval timeout = { 1, 0 }; - ::select(sockfd + 1, &readfds, nullptr, nullptr, &timeout); + ::select(m_sockfd + 1, &readfds, nullptr, nullptr, &timeout); - if(FD_ISSET(sockfd, &readfds)) + if(FD_ISSET(m_sockfd, &readfds)) { uint8_t buf[4*1024] = { 0 }; - ssize_t got = ::read(sockfd, buf, sizeof(buf)); + ssize_t got = ::read(m_sockfd, buf, sizeof(buf)); if(got == 0) { @@ -216,7 +209,7 @@ class TLS_Client final : public Command } } - ::close(sockfd); + ::close(m_sockfd); } private: @@ -256,7 +249,7 @@ class TLS_Client final : public Command return fd; } - bool handshake_complete(const Botan::TLS::Session& session) + bool tls_session_established(const Botan::TLS::Session& session) override { output() << "Handshake complete, " << session.version().to_string() << " using " << session.ciphersuite().to_string() << "\n"; @@ -290,13 +283,13 @@ class TLS_Client final : public Command throw CLI_Error("Socket write failed errno=" + std::to_string(errno)); } - static void stream_socket_write(int sockfd, const uint8_t buf[], size_t length) + void tls_emit_data(const uint8_t buf[], size_t length) override { size_t offset = 0; while(length) { - ssize_t sent = ::send(sockfd, (const char*)buf + offset, + ssize_t sent = ::send(m_sockfd, (const char*)buf + offset, length, MSG_NOSIGNAL); if(sent == -1) @@ -312,16 +305,19 @@ class TLS_Client final : public Command } } - void alert_received(Botan::TLS::Alert alert, const uint8_t [], size_t ) + void tls_alert(Botan::TLS::Alert alert) override { output() << "Alert: " << alert.type_string() << "\n"; } - void process_data(const uint8_t buf[], size_t buf_size) + void tls_record_received(uint64_t /*seq_no*/, const uint8_t buf[], size_t buf_size) override { for(size_t i = 0; i != buf_size; ++i) output() << buf[i]; } + + private: + int m_sockfd; }; BOTAN_REGISTER_COMMAND("tls_client", TLS_Client); diff --git a/src/cli/tls_proxy.cpp b/src/cli/tls_proxy.cpp index 2929e473d..5140654de 100644 --- a/src/cli/tls_proxy.cpp +++ b/src/cli/tls_proxy.cpp @@ -1,6 +1,7 @@ /* * TLS Server Proxy * (C) 2014,2015 Jack Lloyd +* (C) 2016 Matthias Gierlings * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -59,7 +60,7 @@ void log_text_message(const char* where, const uint8_t buf[], size_t buf_len) //std::cout << where << ' ' << std::string(c, c + buf_len) << std::endl; } -class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_session> +class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_session>, public Botan::TLS::Callbacks { public: enum { readbuf_size = 4 * 1024 }; @@ -111,10 +112,7 @@ class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_sessio m_server_endpoints(endpoints), m_client_socket(io), m_server_socket(io), - m_tls(boost::bind(&tls_proxy_session::tls_proxy_write_to_client, this, _1, _2), - boost::bind(&tls_proxy_session::tls_client_write_to_proxy, this, _1, _2), - boost::bind(&tls_proxy_session::tls_alert_cb, this, _1, _2, _3), - boost::bind(&tls_proxy_session::tls_handshake_complete, this, _1), + m_tls(*this, session_manager, credentials, policy, @@ -167,7 +165,7 @@ class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_sessio { m_client_socket.close(); } - tls_proxy_write_to_client(nullptr, 0); // initiate another write if needed + tls_emit_data(nullptr, 0); // initiate another write if needed } void handle_server_write_completion(const boost::system::error_code& error) @@ -183,13 +181,13 @@ class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_sessio proxy_write_to_server(nullptr, 0); // initiate another write if needed } - void tls_client_write_to_proxy(const uint8_t buf[], size_t buf_len) + void tls_record_received(uint64_t /*rec_no*/, const uint8_t buf[], size_t buf_len) override { // Immediately bounce message to server proxy_write_to_server(buf, buf_len); } - void tls_proxy_write_to_client(const uint8_t buf[], size_t buf_len) + void tls_emit_data(const uint8_t buf[], size_t buf_len) override { if(buf_len > 0) m_p2c_pending.insert(m_p2c_pending.end(), buf, buf + buf_len); @@ -268,7 +266,7 @@ class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_sessio boost::asio::placeholders::bytes_transferred))); } - bool tls_handshake_complete(const Botan::TLS::Session& session) + bool tls_session_established(const Botan::TLS::Session& session) override { //std::cout << "Handshake from client complete" << std::endl; @@ -292,7 +290,7 @@ class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_sessio return true; } - void tls_alert_cb(Botan::TLS::Alert alert, const uint8_t[], size_t) + void tls_alert(Botan::TLS::Alert alert) override { if(alert.type() == Botan::TLS::Alert::CLOSE_NOTIFY) { diff --git a/src/cli/utils.cpp b/src/cli/utils.cpp index 199a7894f..5ec8f295e 100644 --- a/src/cli/utils.cpp +++ b/src/cli/utils.cpp @@ -7,7 +7,6 @@ #include "cli.h" #include <botan/version.h> -#include <botan/auto_rng.h> #include <botan/hash.h> #include <botan/cpuid.h> #include <botan/hex.h> @@ -16,10 +15,18 @@ #include <botan/base64.h> #endif +#if defined(BOTAN_HAS_AUTO_SEEDING_RNG) + #include <botan/auto_rng.h> +#endif + #if defined(BOTAN_HAS_SYSTEM_RNG) #include <botan/system_rng.h> #endif +#if defined(BOTAN_HAS_RDRAND_RNG) + #include <botan/rdrand_rng.h> +#endif + #if defined(BOTAN_HAS_HTTP_UTIL) #include <botan/http_util.h> #endif @@ -149,24 +156,43 @@ BOTAN_REGISTER_COMMAND("hash", Hash); class RNG final : public Command { public: - RNG() : Command("rng bytes --system") {} + RNG() : Command("rng --system --rdrand *bytes") {} void go() override { - const size_t bytes = get_arg_sz("bytes"); + std::unique_ptr<Botan::RNG> rng; if(flag_set("system")) { #if defined(BOTAN_HAS_SYSTEM_RNG) - output() << Botan::hex_encode(Botan::system_rng().random_vec(bytes)) << "\n"; + rng.reset(new Botan::System_RNG); #else error_output() << "system_rng disabled in build\n"; + return; +#endif + } + else if(flag_set("rdrand")) + { +#if defined(BOTAN_HAS_RDRAND_RNG) + rng.reset(new Botan::RDRAND_RNG); +#else + error_output() << "rdrand_rng disabled in build\n"; + return; #endif } else { - Botan::AutoSeeded_RNG rng; - output() << Botan::hex_encode(rng.random_vec(bytes)) << "\n"; +#if defined(BOTAN_HAS_AUTO_SEEDING_RNG) + rng.reset(new Botan::AutoSeeded_RNG); +#else + error_output() << "auto_rng disabled in build\n"; + return; +#endif + } + + for(const std::string& req : get_arg_list("bytes")) + { + output() << Botan::hex_encode(rng->random_vec(Botan::to_u32bit(req))) << "\n"; } } }; @@ -240,7 +266,7 @@ class Generate_Bcrypt final : public Command void go() override { const std::string password = get_arg("password"); - const size_t wf = get_arg_sz("work_factor"); + const size_t wf = get_arg_sz("work-factor"); output() << Botan::generate_bcrypt(password, rng(), wf) << "\n"; } |