diff options
author | lloyd <[email protected]> | 2015-02-16 20:12:38 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2015-02-16 20:12:38 +0000 |
commit | 3b9a0c1535e40f8f9fc4cfbc734144ee229df65d (patch) | |
tree | 30c1d4363b4c85561204d26344f40de3e78f6d9d /src/scripts/examples | |
parent | 85caef829c9eeb7c224ad3b2e3ffbcfe981c2428 (diff) |
Add new module `ffi` which provides a plain C interface, plus a new
ctypes Python wrapper that uses it. The API is intentionally designed
to have a very simple ABI (extern "C", all structs are opaque, no
memory ownership passing the FFI boundary, limited set of simple types
as args) so the ctypes wrapper is quite simple.
Currently ffi provides ciphers, hashes, MACs, RNGs, PBKDF, KDF,
bcrypt, and most public key operations.
Remove the old boost.python wrapper and all the build code for it.
Diffstat (limited to 'src/scripts/examples')
-rwxr-xr-x | src/scripts/examples/cipher.py | 44 | ||||
-rwxr-xr-x | src/scripts/examples/cryptobox.py | 36 | ||||
-rwxr-xr-x | src/scripts/examples/nisttest.py | 61 | ||||
-rw-r--r-- | src/scripts/examples/results.vec | 60 | ||||
-rwxr-xr-x | src/scripts/examples/rng_test.py | 22 | ||||
-rwxr-xr-x | src/scripts/examples/rsa.py | 47 |
6 files changed, 0 insertions, 270 deletions
diff --git a/src/scripts/examples/cipher.py b/src/scripts/examples/cipher.py deleted file mode 100755 index 1be2759ae..000000000 --- a/src/scripts/examples/cipher.py +++ /dev/null @@ -1,44 +0,0 @@ -#!/usr/bin/python - -import botan -import sys - -def encrypt(input, passphrase): - rng = botan.RandomNumberGenerator() - - # Use as both EAX IV and PBKDF2 salt - salt = rng.gen_random(10) - - iterations = 10000 - output_size = 16 - - key = botan.pbkdf2(passphrase, salt, iterations, output_size, "SHA-1") - - encryptor = botan.Cipher("AES-128/EAX", "encrypt", key) - - ciphertext = encryptor.cipher(input, salt) - return (ciphertext, salt) - -def decrypt(input, salt, passphrase): - iterations = 10000 - output_size = 16 - - key = botan.pbkdf2(passphrase, salt, iterations, output_size, "SHA-1") - - decryptor = botan.Cipher("AES-128/EAX", "decrypt", key) - - return decryptor.cipher(input, salt) - -def main(args = None): - if args is None: - args = sys.argv - - passphrase = args[1] - input = ''.join(open(args[2]).readlines()) - - (ciphertext, salt) = encrypt(input, passphrase) - - print decrypt(ciphertext, salt, passphrase) - -if __name__ == '__main__': - sys.exit(main()) diff --git a/src/scripts/examples/cryptobox.py b/src/scripts/examples/cryptobox.py deleted file mode 100755 index f76ed6bc3..000000000 --- a/src/scripts/examples/cryptobox.py +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/python - -import sys -import botan - -def main(args = None): - if args is None: - args = sys.argv - - if len(args) != 3: - raise Exception("Usage: <password> <input>"); - - password = args[1] - input = ''.join(open(args[2]).readlines()) - - rng = botan.RandomNumberGenerator() - - ciphertext = botan.cryptobox_encrypt(input, password, rng) - - print ciphertext - - plaintext = '' - - try: - plaintext = botan.cryptobox_decrypt(ciphertext, password + 'FAIL') - except Exception, e: - print "Good news: bad password caused exception: " - print e - - plaintext = botan.cryptobox_decrypt(ciphertext, password) - - print "Original input was: " - print plaintext - -if __name__ == '__main__': - sys.exit(main()) diff --git a/src/scripts/examples/nisttest.py b/src/scripts/examples/nisttest.py deleted file mode 100755 index 1260b1226..000000000 --- a/src/scripts/examples/nisttest.py +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/python - -import sys, os, botan -from os.path import join; - -def validate(ca_certs, certs, crls, ee_certs): - store = botan.X509_Store() - for cert in certs: - if cert not in ee_certs: - store.add_cert(botan.X509_Certificate(cert), cert in ca_certs) - - for crl in crls: - r = store.add_crl(botan.X509_CRL(crl)) - if r != botan.verify_result.verified: - return r - - for ee in ee_certs: - r = store.validate(botan.X509_Certificate(ee)) - if r != botan.verify_result.verified: - return r - - return botan.verify_result.verified - -def run_test(files, rootdir, testname, expected): - crls = [join(rootdir,x) for x in files if x.endswith(".crl")] - certs = [join(rootdir,x) for x in files if x.endswith(".crt")] - end_entity = [x for x in certs if x.find("end.crt") != -1] - ca_certs = [x for x in certs if x.find("root.crt") != -1] - - print "%s..." % testname, - - result = validate(ca_certs, certs, crls, end_entity) - result = repr(result).replace('botan._botan.verify_result.', '') - - if result != expected: - print "FAILED: got %s, expected %s" % (result, expected) - else: - print "passed" - -def main(): - def load_results(file): - results = {} - for line in open(file, 'r'): - line = line[0:line.find('#')].strip() - if line: - test,result = line.split(' ') - results[test] = result - return results - - results = load_results('results.vec') - - for root, dirs, files in os.walk('../../checks/nist_tests/tests'): - if files: - thistest = root[root.rfind('/')+1:] - if thistest in results: - run_test(files, root, thistest, results[thistest]) - else: - print "%s... skipping - no expected result set" % thistest - -if __name__ == "__main__": - sys.exit(main()) diff --git a/src/scripts/examples/results.vec b/src/scripts/examples/results.vec deleted file mode 100644 index 7a3824001..000000000 --- a/src/scripts/examples/results.vec +++ /dev/null @@ -1,60 +0,0 @@ -# This is the file of expected results for nisttest.py -test01 verified -test02 signature_error -test03 signature_error -test04 verified -test05 cert_not_yet_valid -test06 cert_not_yet_valid -test07 verified -test08 cert_not_yet_valid -test09 cert_has_expired -test10 cert_has_expired -test11 cert_has_expired -test12 verified -test13 cert_issuer_not_found -test14 cert_issuer_not_found -test15 verified -test16 verified -test17 verified -test18 verified -# changed; should be no_revocation_data_available, but I don't want to -# force people to use CRLs -test19 verified -test20 cert_is_revoked -test21 cert_is_revoked -test22 ca_cert_not_for_cert_issuer -test23 ca_cert_not_for_cert_issuer -test24 verified -test25 ca_cert_not_for_cert_issuer -test26 verified -test27 verified -test28 ca_cert_not_for_cert_issuer -test29 ca_cert_not_for_cert_issuer -test30 verified -test31 ca_cert_not_for_crl_issuer -test32 ca_cert_not_for_crl_issuer -test33 verified -test54 cert_chain_too_long -test55 cert_chain_too_long -test56 verified -test57 verified -test58 cert_chain_too_long -test59 cert_chain_too_long -test60 cert_chain_too_long -test61 cert_chain_too_long -test62 verified -test63 verified -test64 signature_error -# changed; I have no idea why this test is supposed to fail -test65 verified -test66 crl_issuer_not_found -# changed; one of the CRLs has an unknown creator, so we fail -# prior to getting to the end-entity check -test67 crl_issuer_not_found -test68 cert_is_revoked -test69 cert_is_revoked -test70 cert_is_revoked -test71 cert_is_revoked -test72 crl_has_expired -test73 crl_has_expired -test74 verified diff --git a/src/scripts/examples/rng_test.py b/src/scripts/examples/rng_test.py deleted file mode 100755 index 06c79b84e..000000000 --- a/src/scripts/examples/rng_test.py +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/python - -import botan - -rng = botan.RandomNumberGenerator() - -print "name", rng.name() - -rng.add_entropy("blah") - -print "random 16", rng.gen_random(16).encode("hex") -print "random 32", rng.gen_random(32).encode("base64"), - -rng.reseed() - -for i in range(0, 10): - print rng.gen_random_byte(), -print - -rng.add_entropy("blah") - -print "random 16", rng.gen_random(16).encode("hex") diff --git a/src/scripts/examples/rsa.py b/src/scripts/examples/rsa.py deleted file mode 100755 index 998b72b7b..000000000 --- a/src/scripts/examples/rsa.py +++ /dev/null @@ -1,47 +0,0 @@ -#!/usr/bin/python - -import botan - -def make_into_c_array(ber): - output = 'static unsigned char key_data[%d] = {\n\t' % (len(ber)) - - for (idx,c) in zip(range(len(ber)), ber): - if idx != 0 and idx % 8 == 0: - output += "\n\t" - output += "0x%s, " % (c.encode('hex')) - - output += "\n};\n" - - return output - -rng = botan.RandomNumberGenerator() - -rsa_priv = botan.RSA_PrivateKey(1024, rng) - -print rsa_priv.to_string() -print int(rsa_priv.get_N()) -print int(rsa_priv.get_E()) - -rsa_pub = botan.RSA_PublicKey(rsa_priv) - -print make_into_c_array(rsa_pub.to_ber()) -#print make_into_c_array(rsa_priv.to_ber()) - -key = rng.gen_random(20) - -ciphertext = rsa_pub.encrypt(key, 'EME1(SHA-1)', rng) - -print ciphertext.encode('hex') - -plaintext = rsa_priv.decrypt(ciphertext, 'EME1(SHA-1)') - -print plaintext == key - -signature = rsa_priv.sign(key, 'EMSA4(SHA-256)', rng) - -print rsa_pub.verify(key, signature, 'EMSA4(SHA-256)') - -# Corrupt the signature, make sure it doesn't verify -signature = signature.replace(signature[0], '0') - -print rsa_pub.verify(key, signature, 'EMSA4(SHA-256)') |