diff options
author | Jack Lloyd <[email protected]> | 2017-02-26 15:48:35 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2017-02-26 15:48:35 -0500 |
commit | 8bbec86f8984b52b5d0cce8cd1309563d2b294cc (patch) | |
tree | 3c7b7c6aa275b66d3f3ae7c67e24ba64222591a4 /src/tests | |
parent | 70d9d062d095242bcfe8df25fc57fb88eadec3a9 (diff) |
Add ability to specify iterations when encrypting a private key
GH #896
Diffstat (limited to 'src/tests')
-rw-r--r-- | src/tests/test_ffi.cpp | 28 |
1 files changed, 8 insertions, 20 deletions
diff --git a/src/tests/test_ffi.cpp b/src/tests/test_ffi.cpp index 3e272d9cb..455318ce8 100644 --- a/src/tests/test_ffi.cpp +++ b/src/tests/test_ffi.cpp @@ -400,6 +400,8 @@ class FFI_Unit_Tests : public Test private: void ffi_test_pubkey_export(Test::Result& result, botan_pubkey_t pub, botan_privkey_t priv, botan_rng_t rng) { + const size_t pbkdf_iter = 1000; + // export public key size_t pubkey_len = 0; TEST_FFI_RC(BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE, botan_pubkey_export, (pub, nullptr, &pubkey_len, BOTAN_PRIVKEY_EXPORT_FLAG_DER)); @@ -417,24 +419,10 @@ class FFI_Unit_Tests : public Test std::vector<uint8_t> privkey; size_t privkey_len = 0; - /* - * botan_privkey_export is bogus for several reasons. first it hardcodes a 300 msec - * pbkdf, instead of taking that as an argument. secondly, calling it twice not only - * returns different results (due to the encryption) but they may have different sizes, - * if the number of PBKDF iterations that is used in the two runs differs greatly, and - * ends up encoding as fewer bytes in the variable length ASN.1 encoding used in PKCS #8 - * private key encryption. - * - * here request the size but then add a few bytes. this is an attempt to avoid occasional - * cases on CI where the above case occurs, and the build fails because on the second - * call, more space was required than the first call had returned. - */ - const size_t privkey_size_slop = 64; - // call with nullptr to query the length TEST_FFI_RC(BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE, botan_privkey_export, (priv, nullptr, &privkey_len, BOTAN_PRIVKEY_EXPORT_FLAG_DER)); - privkey.resize(privkey_len + privkey_size_slop); + privkey.resize(privkey_len); privkey_len = privkey.size(); // set buffer size TEST_FFI_OK(botan_privkey_export, (priv, privkey.data(), &privkey_len, BOTAN_PRIVKEY_EXPORT_FLAG_DER)); @@ -453,18 +441,18 @@ class FFI_Unit_Tests : public Test // export private key encrypted privkey_len = 0; - TEST_FFI_RC(BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE, botan_privkey_export_encrypted, (priv, nullptr, &privkey_len, rng, "password", "", BOTAN_PRIVKEY_EXPORT_FLAG_DER)); + TEST_FFI_RC(BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE, botan_privkey_export_encrypted_pbkdf_iter, (priv, nullptr, &privkey_len, rng, "password", pbkdf_iter, "", "", BOTAN_PRIVKEY_EXPORT_FLAG_DER)); - privkey.resize(privkey_len + privkey_size_slop); + privkey.resize(privkey_len); privkey_len = privkey.size(); - TEST_FFI_OK(botan_privkey_export_encrypted, (priv, privkey.data(), &privkey_len, rng, "password", "", BOTAN_PRIVKEY_EXPORT_FLAG_DER)); + TEST_FFI_OK(botan_privkey_export_encrypted_pbkdf_iter, (priv, privkey.data(), &privkey_len, rng, "password", pbkdf_iter, "", "", BOTAN_PRIVKEY_EXPORT_FLAG_DER)); privkey_len = 0; - TEST_FFI_RC(BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE, botan_privkey_export_encrypted, (priv, nullptr, &privkey_len, rng, "password", "", BOTAN_PRIVKEY_EXPORT_FLAG_PEM)); + TEST_FFI_RC(BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE, botan_privkey_export_encrypted_pbkdf_iter, (priv, nullptr, &privkey_len, rng, "password", pbkdf_iter, "", "", BOTAN_PRIVKEY_EXPORT_FLAG_PEM)); privkey.resize(privkey_len); - TEST_FFI_OK(botan_privkey_export_encrypted, (priv, privkey.data(), &privkey_len, rng, "password", "", BOTAN_PRIVKEY_EXPORT_FLAG_PEM)); + TEST_FFI_OK(botan_privkey_export_encrypted_pbkdf_iter, (priv, privkey.data(), &privkey_len, rng, "password", pbkdf_iter, "", "", BOTAN_PRIVKEY_EXPORT_FLAG_PEM)); // calculate fingerprint size_t strength = 0; |