aboutsummaryrefslogtreecommitdiffstats
path: root/src/tests
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-02-26 15:48:35 -0500
committerJack Lloyd <[email protected]>2017-02-26 15:48:35 -0500
commit8bbec86f8984b52b5d0cce8cd1309563d2b294cc (patch)
tree3c7b7c6aa275b66d3f3ae7c67e24ba64222591a4 /src/tests
parent70d9d062d095242bcfe8df25fc57fb88eadec3a9 (diff)
Add ability to specify iterations when encrypting a private key
GH #896
Diffstat (limited to 'src/tests')
-rw-r--r--src/tests/test_ffi.cpp28
1 files changed, 8 insertions, 20 deletions
diff --git a/src/tests/test_ffi.cpp b/src/tests/test_ffi.cpp
index 3e272d9cb..455318ce8 100644
--- a/src/tests/test_ffi.cpp
+++ b/src/tests/test_ffi.cpp
@@ -400,6 +400,8 @@ class FFI_Unit_Tests : public Test
private:
void ffi_test_pubkey_export(Test::Result& result, botan_pubkey_t pub, botan_privkey_t priv, botan_rng_t rng)
{
+ const size_t pbkdf_iter = 1000;
+
// export public key
size_t pubkey_len = 0;
TEST_FFI_RC(BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE, botan_pubkey_export, (pub, nullptr, &pubkey_len, BOTAN_PRIVKEY_EXPORT_FLAG_DER));
@@ -417,24 +419,10 @@ class FFI_Unit_Tests : public Test
std::vector<uint8_t> privkey;
size_t privkey_len = 0;
- /*
- * botan_privkey_export is bogus for several reasons. first it hardcodes a 300 msec
- * pbkdf, instead of taking that as an argument. secondly, calling it twice not only
- * returns different results (due to the encryption) but they may have different sizes,
- * if the number of PBKDF iterations that is used in the two runs differs greatly, and
- * ends up encoding as fewer bytes in the variable length ASN.1 encoding used in PKCS #8
- * private key encryption.
- *
- * here request the size but then add a few bytes. this is an attempt to avoid occasional
- * cases on CI where the above case occurs, and the build fails because on the second
- * call, more space was required than the first call had returned.
- */
- const size_t privkey_size_slop = 64;
-
// call with nullptr to query the length
TEST_FFI_RC(BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE, botan_privkey_export, (priv, nullptr, &privkey_len, BOTAN_PRIVKEY_EXPORT_FLAG_DER));
- privkey.resize(privkey_len + privkey_size_slop);
+ privkey.resize(privkey_len);
privkey_len = privkey.size(); // set buffer size
TEST_FFI_OK(botan_privkey_export, (priv, privkey.data(), &privkey_len, BOTAN_PRIVKEY_EXPORT_FLAG_DER));
@@ -453,18 +441,18 @@ class FFI_Unit_Tests : public Test
// export private key encrypted
privkey_len = 0;
- TEST_FFI_RC(BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE, botan_privkey_export_encrypted, (priv, nullptr, &privkey_len, rng, "password", "", BOTAN_PRIVKEY_EXPORT_FLAG_DER));
+ TEST_FFI_RC(BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE, botan_privkey_export_encrypted_pbkdf_iter, (priv, nullptr, &privkey_len, rng, "password", pbkdf_iter, "", "", BOTAN_PRIVKEY_EXPORT_FLAG_DER));
- privkey.resize(privkey_len + privkey_size_slop);
+ privkey.resize(privkey_len);
privkey_len = privkey.size();
- TEST_FFI_OK(botan_privkey_export_encrypted, (priv, privkey.data(), &privkey_len, rng, "password", "", BOTAN_PRIVKEY_EXPORT_FLAG_DER));
+ TEST_FFI_OK(botan_privkey_export_encrypted_pbkdf_iter, (priv, privkey.data(), &privkey_len, rng, "password", pbkdf_iter, "", "", BOTAN_PRIVKEY_EXPORT_FLAG_DER));
privkey_len = 0;
- TEST_FFI_RC(BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE, botan_privkey_export_encrypted, (priv, nullptr, &privkey_len, rng, "password", "", BOTAN_PRIVKEY_EXPORT_FLAG_PEM));
+ TEST_FFI_RC(BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE, botan_privkey_export_encrypted_pbkdf_iter, (priv, nullptr, &privkey_len, rng, "password", pbkdf_iter, "", "", BOTAN_PRIVKEY_EXPORT_FLAG_PEM));
privkey.resize(privkey_len);
- TEST_FFI_OK(botan_privkey_export_encrypted, (priv, privkey.data(), &privkey_len, rng, "password", "", BOTAN_PRIVKEY_EXPORT_FLAG_PEM));
+ TEST_FFI_OK(botan_privkey_export_encrypted_pbkdf_iter, (priv, privkey.data(), &privkey_len, rng, "password", pbkdf_iter, "", "", BOTAN_PRIVKEY_EXPORT_FLAG_PEM));
// calculate fingerprint
size_t strength = 0;