aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2019-10-16 09:38:25 -0400
committerJack Lloyd <[email protected]>2019-10-16 09:38:25 -0400
commit5261274ea193f64deb27e88ed57d0830d8815913 (patch)
tree3921b8376c11dd4d04f4bce82a8c08236bfa6af4 /src
parent26354d668b6b1c27aa40ea2dd13ff0dffe09134d (diff)
parent760419ef719721fd8ee8d7d8bb77d27bd66801fa (diff)
Merge GH #2143 Add Roughtime
Diffstat (limited to 'src')
-rw-r--r--src/cli/roughtime.cpp215
-rw-r--r--src/fuzzer/uri.cpp20
-rw-r--r--src/lib/misc/roughtime/info.txt10
-rw-r--r--src/lib/misc/roughtime/roughtime.cpp457
-rw-r--r--src/lib/misc/roughtime/roughtime.h164
-rw-r--r--src/lib/utils/exceptn.h2
-rw-r--r--src/lib/utils/mem_ops.h22
-rw-r--r--src/lib/utils/os_utils.cpp1
-rw-r--r--src/lib/utils/socket/info.txt2
-rw-r--r--src/lib/utils/socket/socket.cpp16
-rw-r--r--src/lib/utils/socket/socket_udp.cpp337
-rw-r--r--src/lib/utils/socket/socket_udp.h73
-rw-r--r--src/lib/utils/socket/uri.cpp183
-rw-r--r--src/lib/utils/socket/uri.h49
-rwxr-xr-xsrc/scripts/test_cli.py155
-rw-r--r--src/tests/data/misc/roughtime_nonce_from_blind.vec9
-rw-r--r--src/tests/data/misc/roughtime_request.vec7
-rw-r--r--src/tests/data/misc/roughtime_response.vec67
-rw-r--r--src/tests/test_roughtime.cpp264
-rw-r--r--src/tests/test_uri.cpp120
-rw-r--r--src/tests/tests.cpp16
-rw-r--r--src/tests/tests.h1
22 files changed, 2179 insertions, 11 deletions
diff --git a/src/cli/roughtime.cpp b/src/cli/roughtime.cpp
new file mode 100644
index 000000000..ff38fe1c4
--- /dev/null
+++ b/src/cli/roughtime.cpp
@@ -0,0 +1,215 @@
+/*
+* Roughtime
+* (C) 2019 Nuno Goncalves <[email protected]>
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#include "cli.h"
+
+#if defined(BOTAN_HAS_ROUGHTIME)
+
+#include <botan/roughtime.h>
+#include <botan/hex.h>
+#include <botan/rng.h>
+#include <botan/base64.h>
+#include <botan/ed25519.h>
+#include <botan/hash.h>
+#include <botan/calendar.h>
+
+#include <iomanip>
+#include <fstream>
+
+namespace Botan_CLI {
+
+class RoughtimeCheck final : public Command
+ {
+ public:
+ RoughtimeCheck() : Command("roughtime_check --raw-time chain-file") {}
+
+ std::string group() const override
+ {
+ return "misc";
+ }
+
+ std::string description() const override
+ {
+ return "Parse and validate Roughtime chain file";
+ }
+
+ void go() override
+ {
+ const auto chain = Botan::Roughtime::Chain(slurp_file_as_str(get_arg("chain-file")));
+ unsigned i = 0;
+ for(const auto& response : chain.responses())
+ {
+ output() << std::setw(3) << ++i << ": UTC ";
+ if(flag_set("raw-time"))
+ { output() << Botan::Roughtime::Response::sys_microseconds64(response.utc_midpoint()).time_since_epoch().count(); }
+ else
+ { output() << Botan::calendar_value(response.utc_midpoint()).to_string(); }
+ output() << " (+-" << Botan::Roughtime::Response::microseconds32(response.utc_radius()).count() << "us)\n";
+ }
+ }
+ };
+
+BOTAN_REGISTER_COMMAND("roughtime_check", RoughtimeCheck);
+
+class Roughtime final : public Command
+ {
+ public:
+ Roughtime() :
+ Command("roughtime --raw-time --chain-file=roughtime-chain --max-chain-size=128 --check-local-clock=60 --host= --pubkey= --servers-file=") {}
+
+ std::string help_text() const override
+ {
+ return Command::help_text() + R"(
+
+--servers-file=<filename>
+ List of servers that will queried in sequence.
+
+ File contents syntax:
+ <name> <key type> <base 64 encoded public key> <protocol> <host:port>
+
+ Example servers:
+ Cloudflare-Roughtime ed25519 gD63hSj3ScS+wuOeGrubXlq35N1c5Lby/S+T7MNTjxo= udp roughtime.cloudflare.com:2002
+ Google-Sandbox-Roughtime ed25519 etPaaIxcBMY1oUeGpwvPMCJMwlRVNxv51KK/tktoJTQ= udp roughtime.sandbox.google.com:2002
+
+--chain-file=<filename>
+ Succesfull queries are appended to this file.
+ If limit of --max-chain-size records is reached, the oldest records are truncated.
+ This queries records can be replayed using command roughtime_check <chain-file>.
+
+ File contents syntax:
+ <key type> <base 64 encoded public key> <base 64 encoded blind or nonce> <base 64 encoded server response>
+)";
+ }
+
+ std::string group() const override
+ {
+ return "misc";
+ }
+
+ std::string description() const override
+ {
+ return "Retrieve time from Roughtime server";
+ }
+
+ void query(std::unique_ptr<Botan::Roughtime::Chain>& chain,
+ const size_t max_chain_size,
+ const std::string& address,
+ const Botan::Ed25519_PublicKey& public_key)
+ {
+ Botan::Roughtime::Nonce nonce;
+ Botan::Roughtime::Nonce blind;
+ if(chain)
+ {
+ blind = Botan::Roughtime::Nonce(rng());
+ nonce = chain->next_nonce(blind);
+ }
+ else
+ {
+ nonce = Botan::Roughtime::Nonce(rng());
+ }
+ const auto response_raw = Botan::Roughtime::online_request(address, nonce, std::chrono::seconds(5));
+ const auto response = Botan::Roughtime::Response::from_bits(response_raw, nonce);
+ if(flag_set("raw-time"))
+ { output() << "UTC " << Botan::Roughtime::Response::sys_microseconds64(response.utc_midpoint()).time_since_epoch().count(); }
+ else
+ { output() << "UTC " << Botan::calendar_value(response.utc_midpoint()).to_string(); }
+ output() << " (+-" << Botan::Roughtime::Response::microseconds32(response.utc_radius()).count() << "us)";
+ if(!response.validate(public_key))
+ {
+ error_output() << "ERROR: Public key does not match!\n";
+ set_return_code(1);
+ return;
+ }
+ const auto tolerance = get_arg_sz("check-local-clock");
+ if(tolerance)
+ {
+ const auto now = std::chrono::system_clock::now();
+ const auto diff_abs = now >= response.utc_midpoint() ? now - response.utc_midpoint() : response.utc_midpoint() - now;
+ if(diff_abs > (response.utc_radius() + std::chrono::seconds(tolerance)))
+ {
+ error_output() << "ERROR: Local clock mismatch\n";
+ set_return_code(1);
+ return;
+ }
+ output() << " Local clock match";
+ }
+ if(chain)
+ chain->append({response_raw, public_key, blind}, max_chain_size);
+ output() << '\n';
+ }
+
+ void go() override
+ {
+
+ const auto max_chain_size = get_arg_sz("max-chain-size");
+ const auto chain_file = get_arg("chain-file");
+ const auto servers_file = get_arg_or("servers-file", "");
+ const auto host = get_arg_or("host", "");
+ const auto pk = get_arg_or("pubkey", "");
+
+ std::unique_ptr<Botan::Roughtime::Chain> chain;
+ if(!chain_file.empty() && max_chain_size >= 1)
+ {
+ try
+ {
+ chain.reset(new Botan::Roughtime::Chain(slurp_file_as_str(chain_file)));
+ }
+ catch(const CLI_IO_Error&)
+ {
+ chain.reset(new Botan::Roughtime::Chain()); //file is to still be created
+ }
+ }
+
+ const bool from_servers_file = !servers_file.empty();
+ const bool from_host_and_pk = !host.empty() && !pk.empty();
+ if(from_servers_file == from_host_and_pk)
+ {
+ error_output() << "Please specify either --servers-file or --host and --pubkey\n";
+ set_return_code(1);
+ return;
+ }
+
+ if(!servers_file.empty())
+ {
+ const auto servers = Botan::Roughtime::servers_from_str(slurp_file_as_str(servers_file));
+
+ for(const auto& s : servers)
+ {
+ output() << std::setw(25) << std::left << s.name() << ": ";
+ for(const auto& a : s.addresses())
+ {
+ try
+ {
+ query(chain, max_chain_size, a, s.public_key());
+ break;
+ }
+ catch(const std::exception& ex) //network error, try next address
+ {
+ error_output() << ex.what() << '\n';
+ }
+ }
+ }
+
+ }
+ else
+ {
+ query(chain, max_chain_size, host, Botan::Ed25519_PublicKey(Botan::base64_decode(pk)));
+ }
+
+ if(chain)
+ {
+ std::ofstream out(chain_file);
+ out << chain->to_string();
+ }
+ }
+ };
+
+BOTAN_REGISTER_COMMAND("roughtime", Roughtime);
+
+}
+
+#endif
diff --git a/src/fuzzer/uri.cpp b/src/fuzzer/uri.cpp
new file mode 100644
index 000000000..89066d283
--- /dev/null
+++ b/src/fuzzer/uri.cpp
@@ -0,0 +1,20 @@
+/*
+* (C) 2019 Nuno Goncalves <[email protected]>
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#include "fuzzers.h"
+#include <botan/internal/uri.h>
+
+void fuzz(const uint8_t in[], size_t len)
+ {
+ if(len > max_fuzzer_input_size)
+ return;
+
+ try
+ {
+ Botan::URI::fromAny(std::string(reinterpret_cast<const char*>(in), len));
+ }
+ catch(Botan::Exception& e) { }
+ }
diff --git a/src/lib/misc/roughtime/info.txt b/src/lib/misc/roughtime/info.txt
new file mode 100644
index 000000000..560f52666
--- /dev/null
+++ b/src/lib/misc/roughtime/info.txt
@@ -0,0 +1,10 @@
+<defines>
+ROUGHTIME -> 20190220
+</defines>
+
+<requires>
+ed25519
+rng
+sha2_64
+socket
+</requires>
diff --git a/src/lib/misc/roughtime/roughtime.cpp b/src/lib/misc/roughtime/roughtime.cpp
new file mode 100644
index 000000000..94a9a6b82
--- /dev/null
+++ b/src/lib/misc/roughtime/roughtime.cpp
@@ -0,0 +1,457 @@
+/*
+* Roughtime
+* (C) 2019 Nuno Goncalves <[email protected]>
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#include <botan/roughtime.h>
+
+#include <botan/base64.h>
+#include <botan/hash.h>
+#include <botan/internal/socket_udp.h>
+#include <botan/pubkey.h>
+#include <botan/rng.h>
+
+#include <cmath>
+#include <map>
+#include <sstream>
+
+namespace Botan {
+
+namespace {
+
+template< bool B, class T = void >
+using enable_if_t = typename std::enable_if<B,T>::type;
+
+template<class T>
+struct is_array : std::false_type {};
+
+template<class T, std::size_t N>
+struct is_array<std::array<T,N>>:std::true_type{};
+
+template<typename T>
+T from_little_endian(const uint8_t* t, size_t N = sizeof(T))
+ {
+ static_assert(sizeof(T)<=sizeof(int64_t),"");
+ return (N == 0) ? T(0) : (T(static_cast<int64_t>(t[N-1]) << ((N-1)*8)) + from_little_endian<T>(t,N-1));
+ }
+
+template<typename T, enable_if_t<is_array<T>::value>* = nullptr>
+T copy(const uint8_t* t)
+ {
+ return typecast_copy<T>(t); //arrays are endianess indepedent, so we do a memcpy
+ }
+
+template<typename T, enable_if_t<!is_array<T>::value>* = nullptr>
+T copy(const uint8_t* t)
+ {
+ return from_little_endian<T>(t); //other types are arithmetic, so we account that roughtime serializes as little endian
+ }
+
+template<typename T>
+std::map<std::string, std::vector<uint8_t>> unpack_roughtime_packet(T bytes)
+ {
+ if(bytes.size() < 8)
+ { throw Roughtime::Roughtime_Error("Map length is under minimum of 8 bytes"); }
+ const auto buf = bytes.data();
+ const uint32_t num_tags = buf[0];
+ const uint32_t start_content = num_tags * 8;
+ if(start_content > bytes.size())
+ { throw Roughtime::Roughtime_Error("Map length too small to contain all tags"); }
+ uint32_t start = start_content;
+ std::map<std::string, std::vector<uint8_t>> tags;
+ for(uint32_t i=0; i<num_tags; ++i)
+ {
+ const uint32_t end = ((i+1) == num_tags) ? bytes.size() : start_content + from_little_endian<uint32_t>(buf + 4 + i*4);
+ if(end > bytes.size())
+ { throw Roughtime::Roughtime_Error("Tag end index out of bounds"); }
+ if(end < start)
+ { throw Roughtime::Roughtime_Error("Tag offset must be more than previous tag offset"); }
+ const char* label_ptr = cast_uint8_ptr_to_char(buf) + (num_tags+i)*4;
+ const char label[] = {label_ptr[0], label_ptr[1], label_ptr[2], label_ptr[3], 0};
+ auto ret = tags.emplace(label, std::vector<uint8_t>(buf+start, buf+end));
+ if(!ret.second)
+ { throw Roughtime::Roughtime_Error(std::string("Map has duplicated tag: ") + label); }
+ start = end;
+ }
+ return tags;
+ }
+
+template<typename T>
+T get(const std::map<std::string, std::vector<uint8_t>>& map, const std::string& label)
+ {
+ const auto& tag = map.find(label);
+ if(tag == map.end())
+ { throw Roughtime::Roughtime_Error("Tag " + label + " not found"); }
+ if(tag->second.size() != sizeof(T))
+ { throw Roughtime::Roughtime_Error("Tag " + label + " has unexpected size"); }
+ return copy<T>(tag->second.data());
+ }
+
+const std::vector<uint8_t>& get_v(const std::map<std::string, std::vector<uint8_t>>& map, const std::string& label)
+ {
+ const auto& tag = map.find(label);
+ if(tag == map.end())
+ { throw Roughtime::Roughtime_Error("Tag " + label + " not found"); }
+ return tag->second;
+ }
+
+bool verify_signature(const std::array<uint8_t, 32>& pk, const std::vector<uint8_t>& payload,
+ const std::array<uint8_t, 64>& signature)
+ {
+ const char context[] = "RoughTime v1 response signature";
+ Ed25519_PublicKey key(std::vector<uint8_t>(pk.data(), pk.data()+pk.size()));
+ PK_Verifier verifier(key, "Pure");
+ verifier.update(cast_char_ptr_to_uint8(context), sizeof(context)); //add context including \0
+ verifier.update(payload);
+ return verifier.check_signature(signature.data(), signature.size());
+ }
+
+std::array<uint8_t, 64> hashLeaf(const std::array<uint8_t, 64>& leaf)
+ {
+ std::array<uint8_t, 64> ret;
+ std::unique_ptr<HashFunction> hash(HashFunction::create_or_throw("SHA-512"));
+ hash->update(0);
+ hash->update(leaf.data(), leaf.size());
+ hash->final(ret.data());
+ return ret;
+ }
+
+void hashNode(std::array<uint8_t, 64>& hash, const std::array<uint8_t, 64>& node, bool reverse)
+ {
+ std::unique_ptr<HashFunction> h(HashFunction::create_or_throw("SHA-512"));
+ h->update(1);
+ if(reverse)
+ {
+ h->update(node.data(), node.size());
+ h->update(hash.data(), hash.size());
+ }
+ else
+ {
+ h->update(hash.data(), hash.size());
+ h->update(node.data(), node.size());
+ }
+ h->final(hash.data());
+ }
+
+template<size_t N, typename T>
+std::array<uint8_t, N> vector_to_array(std::vector<uint8_t,T> vec)
+ {
+ if(vec.size() != N)
+ { throw std::logic_error("Invalid vector size"); }
+ return typecast_copy<std::array<uint8_t, N>>(vec.data());
+ }
+}
+
+namespace Roughtime {
+
+Nonce::Nonce(const std::vector<uint8_t>& nonce)
+ {
+ if(nonce.size() != 64)
+ { throw Invalid_Argument("Nonce lenght must be 64"); }
+ m_nonce = typecast_copy<std::array<uint8_t, 64>>(nonce.data());
+ }
+Nonce::Nonce(RandomNumberGenerator& rng)
+ {
+ rng.randomize(m_nonce.data(), m_nonce.size());
+ }
+
+std::array<uint8_t, request_min_size> encode_request(const Nonce& nonce)
+ {
+ std::array<uint8_t, request_min_size> buf = {2, 0, 0, 0, 64, 0, 0, 0, 'N', 'O', 'N', 'C', 'P', 'A', 'D', 0xff};
+ std::memcpy(buf.data() + 16, nonce.get_nonce().data(), nonce.get_nonce().size());
+ std::memset(buf.data() + 16 + nonce.get_nonce().size(), 0, buf.size() - 16 - nonce.get_nonce().size());
+ return buf;
+ }
+
+Response Response::from_bits(const std::vector<uint8_t>& response,
+ const Nonce& nonce)
+ {
+ const auto response_v = unpack_roughtime_packet(response);
+ const auto cert = unpack_roughtime_packet(get_v(response_v, "CERT"));
+ const auto cert_dele = get<std::array<uint8_t, 72>>(cert, "DELE");
+ const auto cert_sig = get<std::array<uint8_t, 64>>(cert, "SIG");
+ const auto cert_dele_v = unpack_roughtime_packet(cert_dele);
+ const auto srep = get_v(response_v, "SREP");
+ const auto srep_v = unpack_roughtime_packet(srep);
+
+ const auto cert_dele_pubk = get<std::array<uint8_t, 32>>(cert_dele_v, "PUBK");
+ const auto sig = get<std::array<uint8_t, 64>>(response_v, "SIG");
+ if(!verify_signature(cert_dele_pubk, srep, sig))
+ { throw Roughtime_Error("Response signature invalid"); }
+
+ const auto indx = get<uint32_t>(response_v, "INDX");
+ const auto path = get_v(response_v, "PATH");
+ const auto srep_root = get<std::array<uint8_t, 64>>(srep_v, "ROOT");
+ const auto size = path.size();
+ const auto levels = size/64;
+
+ if(size % 64)
+ { throw Roughtime_Error("Merkle tree path size must be multiple of 64 bytes"); }
+ if(indx >= (1u << levels))
+ { throw Roughtime_Error("Merkle tree path is too short"); }
+
+ auto hash = hashLeaf(nonce.get_nonce());
+ auto index = indx;
+ auto level = 0u;
+ while(level < levels)
+ {
+ hashNode(hash, typecast_copy<std::array<uint8_t, 64>>(path.data() + level*64), index&1);
+ ++level;
+ index>>=1;
+ }
+
+ if(srep_root != hash)
+ { throw Roughtime_Error("Nonce verification failed"); }
+
+ const auto cert_dele_maxt = sys_microseconds64(get<microseconds64>(cert_dele_v, "MAXT"));
+ const auto cert_dele_mint = sys_microseconds64(get<microseconds64>(cert_dele_v, "MINT"));
+ const auto srep_midp = sys_microseconds64(get<microseconds64>(srep_v, "MIDP"));
+ const auto srep_radi = get<microseconds32>(srep_v, "RADI");
+ if(srep_midp < cert_dele_mint)
+ { throw Roughtime_Error("Midpoint earlier than delegation start"); }
+ if(srep_midp > cert_dele_maxt)
+ { throw Roughtime_Error("Midpoint later than delegation end"); }
+ return {cert_dele, cert_sig, srep_midp, srep_radi};
+ }
+
+bool Response::validate(const Ed25519_PublicKey& pk) const
+ {
+ const char context[] = "RoughTime v1 delegation signature--";
+ PK_Verifier verifier(pk, "Pure");
+ verifier.update(cast_char_ptr_to_uint8(context), sizeof(context)); //add context including \0
+ verifier.update(m_cert_dele.data(), m_cert_dele.size());
+ return verifier.check_signature(m_cert_sig.data(), m_cert_sig.size());
+ }
+
+Nonce nonce_from_blind(const std::vector<uint8_t>& previous_response,
+ const Nonce& blind)
+ {
+ std::array<uint8_t, 64> ret;
+ const auto blind_arr = blind.get_nonce();
+ std::unique_ptr<Botan::HashFunction> hash(Botan::HashFunction::create_or_throw("SHA-512"));
+ hash->update(previous_response);
+ hash->update(hash->final());
+ hash->update(blind_arr.data(), blind_arr.size());
+ hash->final(ret.data());
+
+ return ret;
+ }
+
+Chain::Chain(const std::string& str)
+ {
+ std::stringstream ss(str);
+ const std::string ERROR_MESSAGE = "Line does not have 4 space separated fields";
+ for(std::string s; std::getline(ss, s);)
+ {
+ size_t start = 0, end = 0;
+ end = s.find(' ', start);
+ if(end == std::string::npos)
+ {
+ throw Decoding_Error(ERROR_MESSAGE);
+ }
+ const auto publicKeyType = s.substr(start, end-start);
+ if(publicKeyType != "ed25519")
+ { throw Not_Implemented("Only ed25519 publicKeyType is implemented"); }
+
+ start = end + 1;
+ end = s.find(' ', start);
+ if(end == std::string::npos)
+ {
+ throw Decoding_Error(ERROR_MESSAGE);
+ }
+ const auto serverPublicKey = Botan::Ed25519_PublicKey(Botan::base64_decode(s.substr(start, end-start)));
+
+ start = end + 1;
+ end = s.find(' ', start);
+ if(end == std::string::npos)
+ {
+ throw Decoding_Error(ERROR_MESSAGE);
+ }
+ if((end - start) != 88)
+ {
+ throw Decoding_Error("Nonce has invalid length");
+ }
+ const auto vec = Botan::base64_decode(s.substr(start, end-start));
+ const auto nonceOrBlind = Nonce(vector_to_array<64>(Botan::base64_decode(s.substr(start, end-start))));
+
+ start = end + 1;
+ end = s.find(' ', start);
+ if(end != std::string::npos)
+ {
+ throw Decoding_Error(ERROR_MESSAGE);
+ }
+ const auto response = Botan::unlock(Botan::base64_decode(s.substr(start)));
+
+ m_links.push_back({response, serverPublicKey, nonceOrBlind});
+ }
+ }
+std::vector<Response> Chain::responses() const
+ {
+ std::vector<Response> responses;
+ for(unsigned i = 0; i < m_links.size(); ++i)
+ {
+ const auto& l = m_links[i];
+ const auto nonce = i ? nonce_from_blind(m_links[i-1].response(), l.nonce_or_blind()) : l.nonce_or_blind();
+ const auto response = Response::from_bits(l.response(), nonce);
+ if(!response.validate(l.public_key()))
+ { throw Roughtime_Error("Invalid signature or public key"); }
+ responses.push_back(response);
+ }
+ return responses;
+ }
+Nonce Chain::next_nonce(const Nonce& blind) const
+ {
+ return m_links.empty()
+ ? blind
+ : nonce_from_blind(m_links.back().response(), blind);
+ }
+void Chain::append(const Link& new_link, size_t max_chain_size)
+ {
+ if(max_chain_size <= 0)
+ { throw Invalid_Argument("Max chain size must be positive"); }
+
+ while(m_links.size() >= max_chain_size)
+ {
+ if(m_links.size() == 1)
+ {
+ auto new_link_updated = new_link;
+ new_link_updated.nonce_or_blind() =
+ nonce_from_blind(m_links[0].response(), new_link.nonce_or_blind()); //we need to convert blind to nonce
+ m_links.clear();
+ m_links.push_back(new_link_updated);
+ return;
+ }
+ if(m_links.size() >= 2)
+ {
+ m_links[1].nonce_or_blind() =
+ nonce_from_blind(m_links[0].response(), m_links[1].nonce_or_blind()); //we need to convert blind to nonce
+ }
+ m_links.erase(m_links.begin());
+ }
+ m_links.push_back(new_link);
+ }
+
+std::string Chain::to_string() const
+ {
+ std::string s;
+ s.reserve((7+1 + 88+1 + 44+1 + 480)*m_links.size());
+ for(const auto& link : m_links)
+ {
+ s += "ed25519";
+ s += ' ';
+ s += Botan::base64_encode(link.public_key().get_public_key());
+ s += ' ';
+ s += Botan::base64_encode(link.nonce_or_blind().get_nonce().data(), link.nonce_or_blind().get_nonce().size());
+ s += ' ';
+ s += Botan::base64_encode(link.response());
+ s += '\n';
+ }
+ return s;
+ }
+
+std::vector<uint8_t> online_request(const std::string& uri,
+ const Nonce& nonce,
+ std::chrono::milliseconds timeout)
+ {
+ const std::chrono::system_clock::time_point start_time = std::chrono::system_clock::now();
+ auto socket = OS::open_socket_udp(uri, timeout);
+ if(!socket)
+ { throw Not_Implemented("No socket support enabled in build"); }
+
+ const auto encoded = encode_request(nonce);
+ socket->write(encoded.data(), encoded.size());
+
+ if(std::chrono::system_clock::now() - start_time > timeout)
+ { throw System_Error("Timeout during socket write"); }
+
+ std::vector<uint8_t> buffer;
+ buffer.resize(360+64*10+1); //response basic size is 360 bytes + 64 bytes for each level of merkle tree
+ //add one additional byte to be able to differentiate if datagram got truncated
+ const auto n = socket->read(buffer.data(), buffer.size());
+
+ if(!n || std::chrono::system_clock::now() - start_time > timeout)
+ { throw System_Error("Timeout waiting for response"); }
+
+ if(n == buffer.size())
+ { throw System_Error("Buffer too small"); }
+
+ buffer.resize(n);
+ return buffer;
+ }
+
+std::vector<Server_Information> servers_from_str(const std::string& str)
+ {
+ std::vector<Server_Information> servers;
+ std::stringstream ss(str);
+ const std::string ERROR_MESSAGE = "Line does not have at least 5 space separated fields";
+ for(std::string s; std::getline(ss, s);)
+ {
+ size_t start = 0, end = 0;
+ end = s.find(' ', start);
+ if(end == std::string::npos)
+ {
+ throw Decoding_Error(ERROR_MESSAGE);
+ }
+ const auto name = s.substr(start, end-start);
+
+ start = end + 1;
+ end = s.find(' ', start);
+ if(end == std::string::npos)
+ {
+ throw Decoding_Error(ERROR_MESSAGE);
+ }
+ const auto publicKeyType = s.substr(start, end-start);
+ if(publicKeyType != "ed25519")
+ { throw Not_Implemented("Only ed25519 publicKeyType is implemented"); }
+
+ start = end + 1;
+ end = s.find(' ', start);
+
+ if(end == std::string::npos)
+ {
+ throw Decoding_Error(ERROR_MESSAGE);
+ }
+ const auto publicKeyBase64 = s.substr(start, end-start);
+ const auto publicKey = Botan::Ed25519_PublicKey(Botan::base64_decode(publicKeyBase64));
+
+ start = end + 1;
+ end = s.find(' ', start);
+ if(end == std::string::npos)
+ {
+ throw Decoding_Error(ERROR_MESSAGE);
+ }
+ const auto protocol = s.substr(start, end-start);
+ if(protocol != "udp")
+ { throw Not_Implemented("Only UDP protocol is implemented"); }
+
+ const auto addresses = [&]()
+ {
+ std::vector<std::string> addresses;
+ for(;;)
+ {
+ start = end + 1;
+ end = s.find(' ', start);
+ const auto address = s.substr(start, (end == std::string::npos) ? std::string::npos : end-start);
+ if(address.empty())
+ { return addresses; }
+ addresses.push_back(address);
+ if(end == std::string::npos)
+ { return addresses; }
+ }
+ }
+ ();
+ if(addresses.size() == 0)
+ {
+ throw Decoding_Error(ERROR_MESSAGE);
+ }
+
+ servers.push_back({name, publicKey, std::move(addresses)});
+ }
+ return servers;
+ }
+
+}
+
+}
diff --git a/src/lib/misc/roughtime/roughtime.h b/src/lib/misc/roughtime/roughtime.h
new file mode 100644
index 000000000..595e693b9
--- /dev/null
+++ b/src/lib/misc/roughtime/roughtime.h
@@ -0,0 +1,164 @@
+/*
+* Roughtime
+* (C) 2019 Nuno Goncalves <[email protected]>
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#ifndef BOTAN_ROUGHTIME_H_
+#define BOTAN_ROUGHTIME_H_
+
+#include <array>
+#include <chrono>
+#include <vector>
+
+#include <botan/ed25519.h>
+
+namespace Botan {
+
+class RandomNumberGenerator;
+
+namespace Roughtime {
+
+constexpr unsigned request_min_size = 1024;
+
+class BOTAN_PUBLIC_API(2, 13) Roughtime_Error final : public Decoding_Error
+ {
+ public:
+ explicit Roughtime_Error(const std::string& s) : Decoding_Error("Roughtime " + s) {}
+ ErrorType error_type() const noexcept override { return ErrorType::RoughtimeError; }
+ };
+
+class BOTAN_PUBLIC_API(2, 13) Nonce final
+ {
+ public:
+ Nonce() = default;
+ Nonce(const std::vector<uint8_t>& nonce);
+ Nonce(RandomNumberGenerator& rng);
+ Nonce(const std::array<uint8_t, 64>& nonce)
+ {
+ m_nonce = nonce;
+ }
+ bool operator==(const Nonce& rhs) const { return m_nonce == rhs.m_nonce; }
+ const std::array<uint8_t, 64>& get_nonce() const { return m_nonce; }
+ private:
+ std::array<uint8_t, 64> m_nonce;
+ };
+
+
+/**
+* An Roughtime request.
+*/
+BOTAN_PUBLIC_API(2, 13)
+std::array<uint8_t, request_min_size> encode_request(const Nonce& nonce);
+
+/**
+* An Roughtime response.
+*/
+class BOTAN_PUBLIC_API(2, 13) Response final
+ {
+ public:
+ using microseconds32 = std::chrono::duration<uint32_t, std::micro>;
+ using microseconds64 = std::chrono::duration<uint64_t, std::micro>;
+ using sys_microseconds64 = std::chrono::time_point<std::chrono::system_clock, microseconds64>;
+
+ static Response from_bits(const std::vector<uint8_t>& response, const Nonce& nonce);
+
+ bool validate(const Ed25519_PublicKey& pk) const;
+
+ sys_microseconds64 utc_midpoint() const { return m_utc_midpoint; }
+
+ microseconds32 utc_radius() const { return m_utc_radius; }
+ private:
+ Response(std::array<uint8_t, 72> dele, std::array<uint8_t, 64> sig, sys_microseconds64 utc_midp,
+ microseconds32 utc_radius)
+ : m_cert_dele(dele)
+ , m_cert_sig(sig)
+ , m_utc_midpoint {utc_midp}
+ , m_utc_radius {utc_radius}
+ {}
+ const std::array<uint8_t, 72> m_cert_dele;
+ const std::array<uint8_t, 64> m_cert_sig;
+ const sys_microseconds64 m_utc_midpoint;
+ const microseconds32 m_utc_radius;
+ };
+
+class BOTAN_PUBLIC_API(2, 13) Link final
+ {
+ public:
+ Link(const std::vector<uint8_t>& response,
+ const Ed25519_PublicKey& public_key,
+ const Nonce& nonce_or_blind)
+ : m_response{response}
+ , m_public_key{public_key}
+ , m_nonce_or_blind{nonce_or_blind}
+ {}
+ const std::vector<uint8_t>& response() const { return m_response; }
+ const Ed25519_PublicKey& public_key() const { return m_public_key; }
+ const Nonce& nonce_or_blind() const { return m_nonce_or_blind; }
+ Nonce& nonce_or_blind() { return m_nonce_or_blind; }
+
+ private:
+ std::vector<uint8_t> m_response;
+ Ed25519_PublicKey m_public_key;
+ Nonce m_nonce_or_blind;
+ };
+
+class BOTAN_PUBLIC_API(2, 13) Chain final
+ {
+ public:
+ Chain() = default; //empty
+ Chain(const std::string& str);
+ const std::vector<Link>& links() const { return m_links; }
+ std::vector<Response> responses() const;
+ Nonce next_nonce(const Nonce& blind) const;
+ void append(const Link& new_link, size_t max_chain_size);
+ std::string to_string() const;
+ private:
+ std::vector<Link> m_links;
+ };
+
+/**
+*/
+BOTAN_PUBLIC_API(2, 13)
+Nonce nonce_from_blind(const std::vector<uint8_t>& previous_response,
+ const Nonce& blind);
+
+/**
+* Makes an online Roughtime request via UDP and returns the Roughtime response.
+* @param url Roughtime server UDP endpoint (host:port)
+* @param timeout a timeout on the UDP request
+* @return Roughtime response
+*/
+BOTAN_PUBLIC_API(2, 13)
+std::vector<uint8_t> online_request(const std::string& uri,
+ const Nonce& nonce,
+ std::chrono::milliseconds timeout = std::chrono::seconds(3));
+
+struct BOTAN_PUBLIC_API(2, 13) Server_Information final
+ {
+public:
+ Server_Information(const std::string& name,
+ const Botan::Ed25519_PublicKey& public_key,
+ const std::vector<std::string>& addresses)
+ : m_name { name }
+ , m_public_key { public_key }
+ , m_addresses { addresses }
+ {}
+ const std::string& name() const {return m_name;}
+ const Botan::Ed25519_PublicKey& public_key() const {return m_public_key;}
+ const std::vector<std::string>& addresses() const {return m_addresses;}
+
+private:
+ std::string m_name;
+ Botan::Ed25519_PublicKey m_public_key;
+ std::vector<std::string> m_addresses;
+ };
+
+BOTAN_PUBLIC_API(2, 13)
+std::vector<Server_Information> servers_from_str(const std::string& str);
+
+}
+}
+
+#endif
diff --git a/src/lib/utils/exceptn.h b/src/lib/utils/exceptn.h
index 0259a225b..442ec91e6 100644
--- a/src/lib/utils/exceptn.h
+++ b/src/lib/utils/exceptn.h
@@ -53,6 +53,8 @@ enum class ErrorType {
HttpError,
/** A message with an invalid authentication tag was detected */
InvalidTag,
+ /** An error during Roughtime validation */
+ RoughtimeError,
/** An error when calling OpenSSL */
OpenSSLError = 200,
diff --git a/src/lib/utils/mem_ops.h b/src/lib/utils/mem_ops.h
index 569cb409b..4206875b2 100644
--- a/src/lib/utils/mem_ops.h
+++ b/src/lib/utils/mem_ops.h
@@ -10,6 +10,7 @@
#include <botan/types.h>
#include <cstring>
+#include <type_traits>
#include <vector>
namespace Botan {
@@ -113,6 +114,15 @@ template<typename T> inline void clear_mem(T* ptr, size_t n)
clear_bytes(ptr, sizeof(T)*n);
}
+
+
+// is_trivially_copyable is missing in g++ < 5.0
+#if !__clang__ && __GNUG__ && __GNUC__ < 5
+#define IS_TRIVIALLY_COPYABLE(T) true
+#else
+#define IS_TRIVIALLY_COPYABLE(T) std::is_trivially_copyable<T>::value
+#endif
+
/**
* Copy memory
* @param out the destination array
@@ -121,6 +131,7 @@ template<typename T> inline void clear_mem(T* ptr, size_t n)
*/
template<typename T> inline void copy_mem(T* out, const T* in, size_t n)
{
+ static_assert(std::is_trivial<typename std::decay<T>::type>::value, "");
if(n > 0)
{
std::memmove(out, in, sizeof(T)*n);
@@ -129,11 +140,13 @@ template<typename T> inline void copy_mem(T* out, const T* in, size_t n)
template<typename T> inline void typecast_copy(uint8_t out[], T in[], size_t N)
{
+ static_assert(IS_TRIVIALLY_COPYABLE(T), "");
std::memcpy(out, in, sizeof(T)*N);
}
template<typename T> inline void typecast_copy(T out[], const uint8_t in[], size_t N)
{
+ static_assert(std::is_trivial<T>::value, "");
std::memcpy(out, in, sizeof(T)*N);
}
@@ -144,9 +157,18 @@ template<typename T> inline void typecast_copy(uint8_t out[], T in)
template<typename T> inline void typecast_copy(T& out, const uint8_t in[])
{
+ static_assert(std::is_trivial<typename std::decay<T>::type>::value, "");
typecast_copy(&out, in, 1);
}
+template <class To, class From> inline To typecast_copy(const From *src) noexcept
+ {
+ static_assert(IS_TRIVIALLY_COPYABLE(From) && std::is_trivial<To>::value, "");
+ To dst;
+ std::memcpy(&dst, src, sizeof(To));
+ return dst;
+ }
+
/**
* Set memory to a fixed value
* @param ptr a pointer to an array of bytes
diff --git a/src/lib/utils/os_utils.cpp b/src/lib/utils/os_utils.cpp
index a27e9117f..84a2d0ebe 100644
--- a/src/lib/utils/os_utils.cpp
+++ b/src/lib/utils/os_utils.cpp
@@ -47,6 +47,7 @@
#if defined(BOTAN_TARGET_OS_HAS_WIN32)
#define NOMINMAX 1
+ #define _WINSOCKAPI_ // stop windows.h including winsock.h
#include <windows.h>
#endif
diff --git a/src/lib/utils/socket/info.txt b/src/lib/utils/socket/info.txt
index 330e784c5..ceeaa18ee 100644
--- a/src/lib/utils/socket/info.txt
+++ b/src/lib/utils/socket/info.txt
@@ -3,7 +3,9 @@ SOCKETS -> 20171216
</defines>
<header:internal>
+uri.h
socket.h
+socket_udp.h
</header:internal>
<libs>
diff --git a/src/lib/utils/socket/socket.cpp b/src/lib/utils/socket/socket.cpp
index 41177809e..54033bc55 100644
--- a/src/lib/utils/socket/socket.cpp
+++ b/src/lib/utils/socket/socket.cpp
@@ -31,10 +31,7 @@
#include <fcntl.h>
#elif defined(BOTAN_TARGET_OS_HAS_WINSOCK2)
- #define NOMINMAX 1
- #include <winsock2.h>
#include <ws2tcpip.h>
- #include <windows.h>
#endif
namespace Botan {
@@ -72,7 +69,7 @@ class Asio_Socket final : public OS::Socket
if(ec)
throw boost::system::system_error(ec);
- if(ec || m_tcp.is_open() == false)
+ if(m_tcp.is_open() == false)
throw System_Error("Connection to host " + hostname + " failed");
}
@@ -82,8 +79,8 @@ class Asio_Socket final : public OS::Socket
boost::system::error_code ec = boost::asio::error::would_block;
- boost::asio::async_write(m_tcp, boost::asio::buffer(buf, len),
- [&ec](boost::system::error_code e, size_t) { ec = e; });
+ m_tcp.async_send(boost::asio::buffer(buf, len),
+ [&ec](boost::system::error_code e, size_t) { ec = e; });
while(ec == boost::asio::error::would_block) { m_io.run_one(); }
@@ -100,11 +97,8 @@ class Asio_Socket final : public OS::Socket
boost::system::error_code ec = boost::asio::error::would_block;
size_t got = 0;
- auto read_cb = [&](const boost::system::error_code cb_ec, size_t cb_got) {
- ec = cb_ec; got = cb_got;
- };
-
- m_tcp.async_read_some(boost::asio::buffer(buf, len), read_cb);
+ m_tcp.async_read_some(boost::asio::buffer(buf, len),
+ [&](boost::system::error_code cb_ec, size_t cb_got) { ec = cb_ec; got = cb_got; });
while(ec == boost::asio::error::would_block) { m_io.run_one(); }
diff --git a/src/lib/utils/socket/socket_udp.cpp b/src/lib/utils/socket/socket_udp.cpp
new file mode 100644
index 000000000..651fe1b0c
--- /dev/null
+++ b/src/lib/utils/socket/socket_udp.cpp
@@ -0,0 +1,337 @@
+/*
+* (C) 2015,2016,2017 Jack Lloyd
+* (C) 2016 Daniel Neus
+* (C) 2019 Nuno Goncalves <[email protected]>
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#include <botan/internal/socket_udp.h>
+#include <botan/internal/uri.h>
+#include <botan/exceptn.h>
+#include <botan/mem_ops.h>
+#include <chrono>
+
+#if defined(BOTAN_HAS_BOOST_ASIO)
+ /*
+ * We don't need serial port support anyway, and asking for it
+ * causes macro conflicts with Darwin's termios.h when this
+ * file is included in the amalgamation. GH #350
+ */
+ #define BOOST_ASIO_DISABLE_SERIAL_PORT
+ #include <boost/asio.hpp>
+ #include <boost/asio/system_timer.hpp>
+#elif defined(BOTAN_TARGET_OS_HAS_SOCKETS)
+ #include <sys/socket.h>
+ #include <sys/time.h>
+ #include <netinet/in.h>
+ #include <netdb.h>
+ #include <string.h>
+ #include <unistd.h>
+ #include <errno.h>
+ #include <fcntl.h>
+
+#elif defined(BOTAN_TARGET_OS_HAS_WINSOCK2)
+ #include <ws2tcpip.h>
+#endif
+
+namespace Botan {
+
+namespace {
+
+#if defined(BOTAN_HAS_BOOST_ASIO)
+class Asio_SocketUDP final : public OS::SocketUDP
+ {
+ public:
+ Asio_SocketUDP(const std::string& hostname,
+ const std::string& service,
+ std::chrono::microseconds timeout) :
+ m_timeout(timeout), m_timer(m_io), m_udp(m_io)
+ {
+ m_timer.expires_from_now(m_timeout);
+ check_timeout();
+
+ boost::asio::ip::udp::resolver resolver(m_io);
+ boost::asio::ip::udp::resolver::query query(hostname, service);
+ boost::asio::ip::udp::resolver::iterator dns_iter = resolver.resolve(query);
+
+ boost::system::error_code ec = boost::asio::error::would_block;
+
+ auto connect_cb = [&ec](const boost::system::error_code& e,
+ boost::asio::ip::udp::resolver::iterator) { ec = e; };
+
+ boost::asio::async_connect(m_udp, dns_iter, connect_cb);
+
+ while(ec == boost::asio::error::would_block)
+ {
+ m_io.run_one();
+ }
+
+ if(ec)
+ { throw boost::system::system_error(ec); }
+ if(m_udp.is_open() == false)
+ { throw System_Error("Connection to host " + hostname + " failed"); }
+ }
+
+ void write(const uint8_t buf[], size_t len) override
+ {
+ m_timer.expires_from_now(m_timeout);
+
+ boost::system::error_code ec = boost::asio::error::would_block;
+
+ m_udp.async_send(boost::asio::buffer(buf, len),
+ [&ec](boost::system::error_code e, size_t) { ec = e; });
+
+ while(ec == boost::asio::error::would_block)
+ {
+ m_io.run_one();
+ }
+
+ if(ec)
+ {
+ throw boost::system::system_error(ec);
+ }
+ }
+
+ size_t read(uint8_t buf[], size_t len) override
+ {
+ m_timer.expires_from_now(m_timeout);
+
+ boost::system::error_code ec = boost::asio::error::would_block;
+ size_t got = 0;
+
+ m_udp.async_receive(boost::asio::buffer(buf, len),
+ [&](boost::system::error_code cb_ec, size_t cb_got) { ec = cb_ec; got = cb_got; });
+
+ while(ec == boost::asio::error::would_block)
+ {
+ m_io.run_one();
+ }
+
+ if(ec)
+ {
+ if(ec == boost::asio::error::eof)
+ { return 0; }
+ throw boost::system::system_error(ec); // Some other error.
+ }
+
+ return got;
+ }
+
+ private:
+ void check_timeout()
+ {
+ if(m_udp.is_open() && m_timer.expires_at() < std::chrono::system_clock::now())
+ {
+ boost::system::error_code err;
+ m_udp.close(err);
+ }
+
+ m_timer.async_wait(std::bind(&Asio_SocketUDP::check_timeout, this));
+ }
+
+ const std::chrono::microseconds m_timeout;
+ boost::asio::io_service m_io;
+ boost::asio::system_timer m_timer;
+ boost::asio::ip::udp::socket m_udp;
+ };
+#elif defined(BOTAN_TARGET_OS_HAS_SOCKETS) || defined(BOTAN_TARGET_OS_HAS_WINSOCK2)
+class BSD_SocketUDP final : public OS::SocketUDP
+ {
+ public:
+ BSD_SocketUDP(const std::string& hostname,
+ const std::string& service,
+ std::chrono::microseconds timeout) : m_timeout(timeout)
+ {
+ socket_init();
+
+ m_socket = invalid_socket();
+
+ addrinfo* res;
+ addrinfo hints;
+ clear_mem(&hints, 1);
+ hints.ai_family = AF_UNSPEC;
+ hints.ai_socktype = SOCK_DGRAM;
+
+ int rc = ::getaddrinfo(hostname.c_str(), service.c_str(), &hints, &res);
+
+ if(rc != 0)
+ {
+ throw System_Error("Name resolution failed for " + hostname, rc);
+ }
+
+ for(addrinfo* rp = res; (m_socket == invalid_socket()) && (rp != nullptr); rp = rp->ai_next)
+ {
+ if(rp->ai_family != AF_INET && rp->ai_family != AF_INET6)
+ { continue; }
+
+ m_socket = ::socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol);
+
+ if(m_socket == invalid_socket())
+ {
+ // unsupported socket type?
+ continue;
+ }
+
+ set_nonblocking(m_socket);
+ memcpy(&sa, res->ai_addr, res->ai_addrlen);
+ salen=res->ai_addrlen;
+ }
+
+ ::freeaddrinfo(res);
+
+ if(m_socket == invalid_socket())
+ {
+ throw System_Error("Connecting to " + hostname +
+ " for service " + service + " failed", errno);
+ }
+ }
+
+ ~BSD_SocketUDP()
+ {
+ close_socket(m_socket);
+ m_socket = invalid_socket();
+ socket_fini();
+ }
+
+ void write(const uint8_t buf[], size_t len) override
+ {
+ fd_set write_set;
+ FD_ZERO(&write_set);
+ FD_SET(m_socket, &write_set);
+
+ size_t sent_so_far = 0;
+ while(sent_so_far != len)
+ {
+ struct timeval timeout = make_timeout_tv();
+ int active = ::select(m_socket + 1, nullptr, &write_set, nullptr, &timeout);
+
+ if(active == 0)
+ { throw System_Error("Timeout during socket write"); }
+
+ const size_t left = len - sent_so_far;
+ socket_op_ret_type sent = ::sendto(m_socket, cast_uint8_ptr_to_char(buf + sent_so_far), left, 0, (sockaddr*)&sa, salen);
+ if(sent < 0)
+ { throw System_Error("Socket write failed", errno); }
+ else
+ { sent_so_far += static_cast<size_t>(sent); }
+ }
+ }
+
+ size_t read(uint8_t buf[], size_t len) override
+ {
+ fd_set read_set;
+ FD_ZERO(&read_set);
+ FD_SET(m_socket, &read_set);
+
+ struct timeval timeout = make_timeout_tv();
+ int active = ::select(m_socket + 1, &read_set, nullptr, nullptr, &timeout);
+
+ if(active == 0)
+ { throw System_Error("Timeout during socket read"); }
+
+ socket_op_ret_type got = ::recvfrom(m_socket, cast_uint8_ptr_to_char(buf), len, 0, nullptr, nullptr);
+
+ if(got < 0)
+ { throw System_Error("Socket read failed", errno); }
+
+ return static_cast<size_t>(got);
+ }
+
+ private:
+#if defined(BOTAN_TARGET_OS_HAS_WINSOCK2)
+ typedef SOCKET socket_type;
+ typedef int socket_op_ret_type;
+ static socket_type invalid_socket() { return INVALID_SOCKET; }
+ static void close_socket(socket_type s) { ::closesocket(s); }
+ static std::string get_last_socket_error() { return std::to_string(::WSAGetLastError()); }
+
+ static bool nonblocking_connect_in_progress()
+ {
+ return (::WSAGetLastError() == WSAEWOULDBLOCK);
+ }
+
+ static void set_nonblocking(socket_type s)
+ {
+ u_long nonblocking = 1;
+ ::ioctlsocket(s, FIONBIO, &nonblocking);
+ }
+
+ static void socket_init()
+ {
+ WSAData wsa_data;
+ WORD wsa_version = MAKEWORD(2, 2);
+
+ if(::WSAStartup(wsa_version, &wsa_data) != 0)
+ {
+ throw System_Error("WSAStartup() failed", WSAGetLastError());
+ }
+
+ if(LOBYTE(wsa_data.wVersion) != 2 || HIBYTE(wsa_data.wVersion) != 2)
+ {
+ ::WSACleanup();
+ throw System_Error("Could not find a usable version of Winsock.dll");
+ }
+ }
+
+ static void socket_fini()
+ {
+ ::WSACleanup();
+ }
+#else
+ typedef int socket_type;
+ typedef ssize_t socket_op_ret_type;
+ static socket_type invalid_socket() { return -1; }
+ static void close_socket(socket_type s) { ::close(s); }
+ static std::string get_last_socket_error() { return ::strerror(errno); }
+ static bool nonblocking_connect_in_progress() { return (errno == EINPROGRESS); }
+ static void set_nonblocking(socket_type s)
+ {
+ if(::fcntl(s, F_SETFL, O_NONBLOCK) < 0)
+ { throw System_Error("Setting socket to non-blocking state failed", errno); }
+ }
+
+ static void socket_init() {}
+ static void socket_fini() {}
+#endif
+ sockaddr_storage sa;
+ socklen_t salen;
+ struct timeval make_timeout_tv() const
+ {
+ struct timeval tv;
+ tv.tv_sec = m_timeout.count() / 1000000;
+ tv.tv_usec = m_timeout.count() % 1000000;
+ return tv;
+ }
+
+ const std::chrono::microseconds m_timeout;
+ socket_type m_socket;
+ };
+#endif
+}
+
+std::unique_ptr<OS::SocketUDP>
+OS::open_socket_udp(const std::string& hostname,
+ const std::string& service,
+ std::chrono::microseconds timeout)
+ {
+#if defined(BOTAN_HAS_BOOST_ASIO)
+ return std::unique_ptr<OS::SocketUDP>(new Asio_SocketUDP(hostname, service, timeout));
+#elif defined(BOTAN_TARGET_OS_HAS_SOCKETS) || defined(BOTAN_TARGET_OS_HAS_WINSOCK2)
+ return std::unique_ptr<OS::SocketUDP>(new BSD_SocketUDP(hostname, service, timeout));
+#else
+ return std::unique_ptr<OS::SocketUDP>();
+#endif
+ }
+
+std::unique_ptr<OS::SocketUDP>
+OS::open_socket_udp(const std::string& uri_string,
+ std::chrono::microseconds timeout)
+ {
+ const auto uri = URI::fromAny(uri_string);
+ if(uri.port == 0)
+ { throw Invalid_Argument("UDP port not specified"); }
+ return open_socket_udp(uri.host, std::to_string(uri.port), timeout);
+ }
+
+}
diff --git a/src/lib/utils/socket/socket_udp.h b/src/lib/utils/socket/socket_udp.h
new file mode 100644
index 000000000..4a9346c2b
--- /dev/null
+++ b/src/lib/utils/socket/socket_udp.h
@@ -0,0 +1,73 @@
+/*
+* (C) 2015,2016,2017 Jack Lloyd
+* (C) 2019 Nuno Goncalves <[email protected]>
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#ifndef BOTAN_SOCKET_UDP_H_
+#define BOTAN_SOCKET_UDP_H_
+
+#include <botan/types.h>
+#include <string>
+#include <chrono>
+
+namespace Botan {
+
+namespace OS {
+
+/*
+* This header is internal (not installed) and these functions are not
+* intended to be called by applications. However they are given public
+* visibility (using BOTAN_TEST_API macro) for the tests. This also probably
+* allows them to be overridden by the application on ELF systems, but
+* this hasn't been tested.
+*/
+
+
+/**
+* A wrapper around a simple blocking UDP socket
+*/
+class BOTAN_TEST_API SocketUDP
+ {
+ public:
+ /**
+ * The socket will be closed upon destruction
+ */
+ virtual ~SocketUDP() = default;
+
+ /**
+ * Write to the socket. Returns immediately.
+ * Throws on error.
+ */
+ virtual void write(const uint8_t buf[], size_t len) = 0;
+
+ /**
+ * Reads up to len bytes, returns bytes written to buf.
+ * Returns 0 on EOF. Throws on error.
+ */
+ virtual size_t read(uint8_t buf[], size_t len) = 0;
+ };
+
+/**
+* Open up a socket. Will throw on error. Returns null if sockets are
+* not available on this platform.
+*/
+std::unique_ptr<SocketUDP>
+BOTAN_TEST_API open_socket_udp(const std::string& hostname,
+ const std::string& service,
+ std::chrono::microseconds timeout);
+
+/**
+* Open up a socket. Will throw on error. Returns null if sockets are
+* not available on this platform.
+*/
+std::unique_ptr<SocketUDP>
+BOTAN_TEST_API open_socket_udp(const std::string& uri,
+ std::chrono::microseconds timeout);
+
+
+} // OS
+} // Botan
+
+#endif
diff --git a/src/lib/utils/socket/uri.cpp b/src/lib/utils/socket/uri.cpp
new file mode 100644
index 000000000..ea7188b31
--- /dev/null
+++ b/src/lib/utils/socket/uri.cpp
@@ -0,0 +1,183 @@
+/*
+* (C) 2019 Nuno Goncalves <[email protected]>
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#include <botan/internal/uri.h>
+#include <botan/exceptn.h>
+
+#include <regex>
+
+#if defined(BOTAN_TARGET_OS_HAS_SOCKETS)
+ #include <arpa/inet.h>
+#elif defined(BOTAN_TARGET_OS_HAS_WINSOCK2)
+ #include <ws2tcpip.h>
+#endif
+
+#if defined(BOTAN_TARGET_OS_HAS_SOCKETS) || defined(BOTAN_TARGET_OS_HAS_WINSOCK2)
+
+namespace {
+
+constexpr bool isdigit(char ch)
+ {
+ return ch >= '0' && ch <= '9';
+ }
+
+bool isDomain(const std::string& domain)
+ {
+#if defined(__GLIBCXX__) && (__GLIBCXX__ < 20160726) //GCC 4.8 does not support regex
+ return true;
+#endif
+ std::regex re(
+ R"(^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$)");
+ std::cmatch m;
+ return std::regex_match(domain.c_str(), m, re);
+ }
+
+bool isIPv4(const std::string& ip)
+ {
+ sockaddr_storage inaddr;
+ return !!inet_pton(AF_INET, ip.c_str(), &inaddr);
+ }
+
+bool isIPv6(const std::string& ip)
+ {
+ sockaddr_storage in6addr;
+ return !!inet_pton(AF_INET6, ip.c_str(), &in6addr);
+ }
+}
+
+namespace Botan {
+
+URI URI::fromDomain(const std::string& uri)
+ {
+ unsigned port = 0;
+ const auto port_pos = uri.find(':');
+ if(port_pos != std::string::npos)
+ {
+ for(char c : uri.substr(port_pos+1))
+ {
+ if(!isdigit(c))
+ { throw Invalid_Argument("invalid"); }
+ port = port*10 + c - '0';
+ if(port > 65535)
+ { throw Invalid_Argument("invalid"); }
+ }
+ }
+ const auto domain = uri.substr(0, port_pos);
+ if(isIPv4(domain))
+ { throw Invalid_Argument("invalid"); }
+ if(!isDomain(domain))
+ { throw Invalid_Argument("invalid"); }
+ return {Type::Domain, domain, uint16_t(port)};
+ }
+
+URI URI::fromIPv4(const std::string& uri)
+ {
+ unsigned port = 0;
+ const auto port_pos = uri.find(':');
+ if(port_pos != std::string::npos)
+ {
+ for(char c : uri.substr(port_pos+1))
+ {
+ if(!isdigit(c))
+ { throw Invalid_Argument("invalid"); }
+ port = port*10 + c - '0';
+ if(port > 65535)
+ { throw Invalid_Argument("invalid"); }
+ }
+ }
+ const auto ip = uri.substr(0, port_pos);
+ if(!isIPv4(ip))
+ { throw Invalid_Argument("invalid"); }
+ return { Type::IPv4, ip, uint16_t(port) };
+ }
+
+URI URI::fromIPv6(const std::string& uri)
+ {
+ unsigned port = 0;
+ const auto port_pos = uri.find(']');
+ const bool with_braces = (port_pos != std::string::npos);
+ if((uri[0]=='[') != with_braces)
+ { throw Invalid_Argument("invalid"); }
+
+ if(with_braces && (uri.size() > port_pos + 1))
+ {
+ if(uri[port_pos+1]!=':')
+ { throw Invalid_Argument("invalid"); }
+ for(char c : uri.substr(port_pos+2))
+ {
+ if(!isdigit(c))
+ { throw Invalid_Argument("invalid"); }
+ port = port*10 + c - '0';
+ if(port > 65535)
+ { throw Invalid_Argument("invalid"); }
+ }
+ }
+ const auto ip = uri.substr((with_braces ? 1 : 0), port_pos - with_braces);
+ if(!isIPv6(ip))
+ { throw Invalid_Argument("invalid"); }
+ return { Type::IPv6, ip, uint16_t(port) };
+ }
+
+URI URI::fromAny(const std::string& uri)
+ {
+
+ bool colon_seen=false;
+ bool non_number=false;
+ if(uri[0]=='[')
+ { return fromIPv6(uri); }
+ for(auto c : uri)
+ {
+ if(c == ':')
+ {
+ if(colon_seen) //seen two ':'
+ { return fromIPv6(uri); }
+ colon_seen = true;
+ }
+ else if(!isdigit(c) && c != '.')
+ {
+ non_number=true;
+ }
+ }
+ if(!non_number)
+ {
+ if(isIPv4(uri.substr(0, uri.find(':'))))
+ {
+ return fromIPv4(uri);
+ }
+ }
+ return fromDomain(uri);
+ }
+
+std::string URI::to_string() const
+ {
+ if(type == Type::NotSet)
+ {
+ throw Invalid_Argument("not set");
+ }
+
+ if(port != 0)
+ {
+ if(type == Type::IPv6)
+ { return "[" + host + "]:" + std::to_string(port); }
+ return host + ":" + std::to_string(port);
+ }
+ return host;
+ }
+
+}
+
+#else
+
+namespace Botan {
+
+URI URI::fromDomain(const std::string&) {throw Not_Implemented("No socket support enabled in build");}
+URI URI::fromIPv4(const std::string&) {throw Not_Implemented("No socket support enabled in build");}
+URI URI::fromIPv6(const std::string&) {throw Not_Implemented("No socket support enabled in build");}
+URI URI::fromAny(const std::string&) {throw Not_Implemented("No socket support enabled in build");}
+
+}
+
+#endif
diff --git a/src/lib/utils/socket/uri.h b/src/lib/utils/socket/uri.h
new file mode 100644
index 000000000..a9f68ac41
--- /dev/null
+++ b/src/lib/utils/socket/uri.h
@@ -0,0 +1,49 @@
+/*
+* (C) 2019 Nuno Goncalves <[email protected]>
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#ifndef BOTAN_URI_H_
+#define BOTAN_URI_H_
+
+#include <cstdint>
+#include <string>
+
+#include <botan/build.h>
+
+namespace Botan {
+
+struct BOTAN_TEST_API URI
+ {
+ enum class Type : uint8_t
+ {
+ NotSet,
+ IPv4,
+ IPv6,
+ Domain,
+ };
+ static URI fromAny(const std::string& uri);
+ static URI fromIPv4(const std::string& uri);
+ static URI fromIPv6(const std::string& uri);
+ static URI fromDomain(const std::string& uri);
+ URI() = default;
+ URI(Type type, const std::string& host, unsigned short port)
+ : type { type }
+ , host { host }
+ , port { port }
+ {}
+ bool operator==(const URI& a) const
+ {
+ return type == a.type && host == a.host && port == a.port;
+ }
+ std::string to_string() const;
+
+ const Type type{Type::NotSet};
+ const std::string host{};
+ const uint16_t port{};
+ };
+
+}
+
+#endif
diff --git a/src/scripts/test_cli.py b/src/scripts/test_cli.py
index ae3ceed18..96732a2ad 100755
--- a/src/scripts/test_cli.py
+++ b/src/scripts/test_cli.py
@@ -496,6 +496,159 @@ def cli_rng_tests(_tmp_dir):
if hex_10.match(output) is None:
logging.error('Unexpected RNG output %s' % (output))
+def cli_roughtime_check_tests(tmp_dir):
+ # pylint: disable=line-too-long
+ if not check_for_command("roughtime_check"):
+ return
+ chain = os.path.join(tmp_dir, 'roughtime-chain')
+
+ with open(chain, 'w') as f:
+ f.write("""\
+ed25519 bbT+RPS7zKX6w71ssPibzmwWqU9ffRV5oj2OresSmhE= eu9yhsJfVfguVSqGZdE8WKIxaBBM0ZG3Vmuc+IyZmG2YVmrIktUByDdwIFw6F4rZqmSFsBO85ljoVPz5bVPCOw== BQAAAEAAAABAAAAApAAAADwBAABTSUcAUEFUSFNSRVBDRVJUSU5EWBnGOEajOwPA6G7oL47seBP4C7eEpr57H43C2/fK/kMA0UGZVUdf4KNX8oxOK6JIcsbVk8qhghTwA70qtwpYmQkDAAAABAAAAAwAAABSQURJTUlEUFJPT1RAQg8AJrA8tEqPBQAqisiuAxgy2Pj7UJAiWbCdzGz1xcCnja3T+AqhC8fwpeIwW4GPy/vEb/awXW2DgSLKJfzWIAz+2lsR7t4UjNPvAgAAAEAAAABTSUcAREVMRes9Ch4X0HIw5KdOTB8xK4VDFSJBD/G9t7Et/CU7UW61OiTBXYYQTG2JekWZmGa0OHX1JPGG+APkpbsNw0BKUgYDAAAAIAAAACgAAABQVUJLTUlOVE1BWFR/9BWjpsWTQ1f6iUJea3EfZ1MkX3ftJiV3ABqNLpncFwAAAAAAAAAA//////////8AAAAA
+ed25519 gD63hSj3ScS+wuOeGrubXlq35N1c5Lby/S+T7MNTjxo= uLeTON9D+2HqJMzK6sYWLNDEdtBl9t/9yw1cVAOm0/sONH5Oqdq9dVPkC9syjuWbglCiCPVF+FbOtcxCkrgMmA== BQAAAEAAAABAAAAApAAAADwBAABTSUcAUEFUSFNSRVBDRVJUSU5EWOw1jl0uSiBEH9HE8/6r7zxoSc01f48vw+UzH8+VJoPelnvVJBj4lnH8uRLh5Aw0i4Du7XM1dp2u0r/I5PzhMQoDAAAABAAAAAwAAABSQURJTUlEUFJPT1RAQg8AUBo+tEqPBQC47l77to7ESFTVhlw1SC74P5ssx6gpuJ6eP+1916GuUiySGE/x3Fp0c3otUGAdsRQou5p9PDTeane/YEeVq4/8AgAAAEAAAABTSUcAREVMRe5T1ml8wHyWAcEtHP/U5Rg/jFXTEXOSglngSa4aI/CECVdy4ZNWeP6vv+2//ZW7lQsrWo7ZkXpvm9BdBONRSQIDAAAAIAAAACgAAABQVUJLTUlOVE1BWFQpXlenV0OfVisvp9jDHXLw8vymZVK9Pgw9k6Edf8ZEhUgSGEc5jwUASHLvZE2PBQAAAAAA
+ed25519 etPaaIxcBMY1oUeGpwvPMCJMwlRVNxv51KK/tktoJTQ= U53wX99JzZwy4BXa9C6R04bPu4yqFB5w5/wTgG8Mw5wm+VLrY70ECxJ9ZHnpdHVHaLEU3aeLnQFZyZPRAEOCyw== BQAAAEAAAABAAAAApAAAADwBAABTSUcAUEFUSFNSRVBDRVJUSU5EWMh3mPWCCbOlX8xDWbU9qdfKoReJX/XLsivom8bJJYmcC7T03tyXrtWUheEJweHtg4qMgSyifQS1MjHJSy1jPAsDAAAABAAAAAwAAABSQURJTUlEUFJPT1RAQg8Akxw/tEqPBQBfOsOuciR7jiAW5itQ39y8yVr/ZJmgMwvTjqaU4/wA05ZqG4RqoLdvDXh5bCNySL6LrrnBNSAHwn5COt0CItNuAgAAAEAAAABTSUcAREVMRVP3BIOzsZmuxqMi+ScIBPyKtzFfK7ZlPFNP0JrNwln2QYtAcQFIKywDdNAAL+n8i3dz1p99K50FJjCkCl2J6AMDAAAAIAAAACgAAABQVUJLTUlOVE1BWFQKC/kZVdjiNT2NCSGfnpot4eqipyMFsyMjiIQmqqqXqQCAa245jwUAAGCgA56PBQAAAAAA
+ed25519 AW5uAoTSTDfG5NfY1bTh08GUnOqlRb+HVhbJ3ODJvsE= IcZcXFuaLKYYhWcK3sT/6PrVeXMmabCRbf9hvVfkMkqEW1PFL++ZnHJ1/m+G8azITxvktwsfP1YAOOxWdbf9XQ== BQAAAEAAAABAAAAApAAAADwBAABTSUcAUEFUSFNSRVBDRVJUSU5EWL5DAl8GPNUQ/mSXl0tI4N9yZAO+PiXTodJOTDL+WU/x26iqgyyQRikSSocRMzAEVLDGasdyW19mVC6H/6vfXggDAAAABAAAAAwAAABSQURJTUlEUFJPT1RAQg8Av/JAtEqPBQBIP346SHhCdDfughzeH+uYSbxngDYxqHzBDtZt0obUKrzxfRWzD1oR61B1reLvoPVCKSfzEngi/g1NSQjTrzNMAgAAAEAAAABTSUcAREVMRTQLLplQv0rN4p77Bo59qT8bbquV6MKSwILI/Tw2LLGo9noaZegUFmM+rNu1d1AVOEVQ01j6/2xDmBvp0d6MZgEDAAAAIAAAACgAAABQVUJLTUlOVE1BWFS4a1dYoIB5u/zkbR3sIteuhVrQkszzj+Gng9ywo6O9VgAAAAAAAAAA//////////8AAAAA
+ed25519 cj8GsiNlRkqiDElAeNMSBBMwrAl15hYPgX50+GWX/lA= Tsy82BBU2xxVqNe1ip11OyEGoKWhKoSggWjBmDTSBmKbTs7bPPCEidYc5TQ23sQUWe62G35fQOVU28q+Eq5uhQ== BQAAAEAAAABAAAAApAAAADwBAABTSUcAUEFUSFNSRVBDRVJUSU5EWDAmi7zgXAqLgQXVfbjeqnUZRiXCZI64QIoAKFL83CQHbyXgB4cNwHfQ9mSg0hYxTp1M8QxOuzusnUpk05DIRwwDAAAABAAAAAwAAABSQURJTUlEUFJPT1RAQg8AcOBCtEqPBQBhsr1mKOxxCf4VDFzAtYB4Nhs332AN1LrJU/8+VqktzfPd2R7awJHEVEWugvSvOrr+9d332mQObAkYfKfDtbSFAgAAAEAAAABTSUcAREVMRUjnhDvkIjFzTEYtgHOfMpRHtnNZj4P31RFtapkwzGjOtc93pYDd7zqQCw2AVcfbSnPqa8k26z96Q9fVRzq0pw8DAAAAIAAAACgAAABQVUJLTUlOVE1BWFR7qp2oerjpbN8Y23nUGARIlsgkodW4owH29ZKhxDMn8AAAAAAAAAAA//////////8AAAAA
+""")
+
+ test_cli("roughtime_check", chain, """\
+1: UTC 2019-08-04T13:38:17 (+-1000000us)
+ 2: UTC 2019-08-04T13:38:17 (+-1000000us)
+ 3: UTC 2019-08-04T13:38:17 (+-1000000us)
+ 4: UTC 2019-08-04T13:38:18 (+-1000000us)
+ 5: UTC 2019-08-04T13:38:18 (+-1000000us)""")
+
+ with open(chain, 'w') as f:
+ f.write("ed25519 bbT+RPS7zKX6w71ssPibzmwWqU9ffRV5oj2OresSmhE= eu9yhsJfVfguVSqGZdE8WKIxaBBM0ZG3Vmuc+IyZmG2YVmrIktUByDdwIFw6F4rZqmSFsBO85ljoVPz5bVPCOw== BQAAAEAAAABAAAAApAAAADwBAABTSUcAUEFUSFNSRVBDRVJUSU5EWBnGOEajOwPA6G7oL47seBP4C7eEpr57H43C2/fK/kMA0UGZVUdf4KNX8oxOK6JIcsbVk8qhghTwA70qtwpYmQkDAAAABAAAAAwAAABSQURJTUlEUFJPT1RAQg8AJrA8tEqPBQAqisiuAxgy2Pj7UJAiWbCdzGz1xcCnja3T+AqhC8fwpeIwW4GPy/vEb/awXW2DgSLKJfzWIAz+2lsR7t4UjNPvAgAAAEAAAABTSUcAREVMRes9Ch4X0HIw5KdOTB8xK4VDFSJBD/G9t7Et/CU7UW61OiTBXYYQTG2JekWZmGa0OHX1JPGG+APkpbsNw0BKUgYDAAAAIAAAACgAAABQVUJLTUlOVE1BWFR/9BWjpsWTQ1f6iUJea3EfZ1MkX3ftJiV3ABqNLpncFwAAAAAAAAAA//////////8AAAAA")
+ test_cli("roughtime_check", [chain, "--raw-time"], "1: UTC 1564925897781286 (+-1000000us)")
+
+ with open(chain, 'w') as f:
+ f.write("ed25519 cbT+RPS7zKX6w71ssPibzmwWqU9ffRV5oj2OresSmhE= eu9yhsJfVfguVSqGZdE8WKIxaBBM0ZG3Vmuc+IyZmG2YVmrIktUByDdwIFw6F4rZqmSFsBO85ljoVPz5bVPCOw== BQAAAEAAAABAAAAApAAAADwBAABTSUcAUEFUSFNSRVBDRVJUSU5EWBnGOEajOwPA6G7oL47seBP4C7eEpr57H43C2/fK/kMA0UGZVUdf4KNX8oxOK6JIcsbVk8qhghTwA70qtwpYmQkDAAAABAAAAAwAAABSQURJTUlEUFJPT1RAQg8AJrA8tEqPBQAqisiuAxgy2Pj7UJAiWbCdzGz1xcCnja3T+AqhC8fwpeIwW4GPy/vEb/awXW2DgSLKJfzWIAz+2lsR7t4UjNPvAgAAAEAAAABTSUcAREVMRes9Ch4X0HIw5KdOTB8xK4VDFSJBD/G9t7Et/CU7UW61OiTBXYYQTG2JekWZmGa0OHX1JPGG+APkpbsNw0BKUgYDAAAAIAAAACgAAABQVUJLTUlOVE1BWFR/9BWjpsWTQ1f6iUJea3EfZ1MkX3ftJiV3ABqNLpncFwAAAAAAAAAA//////////8AAAAA")
+ test_cli("roughtime_check", chain, expected_stderr=b'Error: Roughtime Invalid signature or public key\n')
+
+def cli_roughtime_tests(tmp_dir):
+ # pylint: disable=line-too-long
+ # pylint: disable=too-many-locals
+ import socket
+ import base64
+ import threading
+
+ if not check_for_command("roughtime"):
+ return
+
+ fixed_drbg_seed = "802" * 32
+ server_port = random_port_number()
+ chain_file = os.path.join(tmp_dir, 'roughtime-chain')
+ ecosystem = os.path.join(tmp_dir, 'ecosystem')
+
+ def run_udp_server():
+ sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+ server_address = ('127.0.0.1', server_port)
+ sock.bind(server_address)
+
+ while True:
+ data, address = sock.recvfrom(4096)
+
+ if data:
+ if data != base64.b64decode(server_request):
+ logging.error("unexpected request")
+
+ sock.sendto(base64.b64decode(server_response), address)
+
+ udp_thread = threading.Thread(target=run_udp_server)
+ udp_thread.daemon = True
+ udp_thread.start()
+
+ chain = [
+ """\
+ed25519 gD63hSj3ScS+wuOeGrubXlq35N1c5Lby/S+T7MNTjxo= 2A+I9q2+ZayxDDYC5n2YW8Bn/zBm4D3mwS5qMwADRDcbFpBcf3yPOyeZiqpLBTkxo8GT8zMQFeApv4ScffjC8A== BQAAAEAAAABAAAAApAAAADwBAABTSUcAUEFUSFNSRVBDRVJUSU5EWDwlo/AkUnTrecAW4Ci5Tkh3KOqs6R7KLTsFtq16RXN5F7G5ckGv11UtzHoZTbKbEk03a6ogAOK54Q2CI/7XGA8DAAAABAAAAAwAAABSQURJTUlEUFJPT1RAQg8AWDLihlaSBQAoq/5gEjRCrhfH16X2GYjQJSG/CgSuGhYeCsrw7XkphLI3cxw2unJRDW8DAJrYqEGaW0NPKZk7bbpPjU/Q6Es1AgAAAEAAAABTSUcAREVMRUJbs67Sb5Wx/jzWyT1PhWR0c4kg59tjSGofo8R3eHzcA9CGwavuRdxOArhVWWODG99gYgfmjcRLgt9/jH+99w4DAAAAIAAAACgAAABQVUJLTUlOVE1BWFRXRfQ1RHLWGOgqABUTYfVBDZrv3OL2nPLYve9ldfNVLOjdPVFFkgUA6D0Vb1mSBQAAAAAA
+""",
+ """\
+ed25519 gD63hSj3ScS+wuOeGrubXlq35N1c5Lby/S+T7MNTjxo= 2A+I9q2+ZayxDDYC5n2YW8Bn/zBm4D3mwS5qMwADRDcbFpBcf3yPOyeZiqpLBTkxo8GT8zMQFeApv4ScffjC8A== BQAAAEAAAABAAAAApAAAADwBAABTSUcAUEFUSFNSRVBDRVJUSU5EWDwlo/AkUnTrecAW4Ci5Tkh3KOqs6R7KLTsFtq16RXN5F7G5ckGv11UtzHoZTbKbEk03a6ogAOK54Q2CI/7XGA8DAAAABAAAAAwAAABSQURJTUlEUFJPT1RAQg8AWDLihlaSBQAoq/5gEjRCrhfH16X2GYjQJSG/CgSuGhYeCsrw7XkphLI3cxw2unJRDW8DAJrYqEGaW0NPKZk7bbpPjU/Q6Es1AgAAAEAAAABTSUcAREVMRUJbs67Sb5Wx/jzWyT1PhWR0c4kg59tjSGofo8R3eHzcA9CGwavuRdxOArhVWWODG99gYgfmjcRLgt9/jH+99w4DAAAAIAAAACgAAABQVUJLTUlOVE1BWFRXRfQ1RHLWGOgqABUTYfVBDZrv3OL2nPLYve9ldfNVLOjdPVFFkgUA6D0Vb1mSBQAAAAAA
+ed25519 gD63hSj3ScS+wuOeGrubXlq35N1c5Lby/S+T7MNTjxo= 2A+I9q2+ZayxDDYC5n2YW8Bn/zBm4D3mwS5qMwADRDcbFpBcf3yPOyeZiqpLBTkxo8GT8zMQFeApv4ScffjC8A== BQAAAEAAAABAAAAApAAAADwBAABTSUcAUEFUSFNSRVBDRVJUSU5EWHH5Ofs4HciIFXjE9egjDbistJptoMXIC7ugCgHhI4NPJqfYY256NpULXKc9c30ul7oHXQyKLfGd84mIAxC3UwQDAAAABAAAAAwAAABSQURJTUlEUFJPT1RAQg8AuOoUh1aSBQANeC4gGGG3a23PpmF+y6CrUS9VWjyj0Ydpl2tMVDLaK2vd5QtYKKJ3UOyprGKk0D/aPn4E3Bk2rE3BKBZRXM1AAgAAAEAAAABTSUcAREVMRci9uvioJssgd8txxFlqz9RqPx+YLVMkHmm24fMUtYGWF/nhkoEYVGT7O+tXSfHHY/KHcUZjVaZpEt/tmXlXBAUDAAAAIAAAACgAAABQVUJLTUlOVE1BWFSxhKhavdriTvCAtNVcK5yr0cAbsWp2MsrwUV5YTc+7V0CsaLZSkgUAQAxA1GaSBQAAAAAA
+""",
+ """\
+ed25519 gD63hSj3ScS+wuOeGrubXlq35N1c5Lby/S+T7MNTjxo= SbWKPilWYrt+1vgFU3jlxGNOH6I/1npX8wl+KoraN3S6VDsyM6EfCV+JPEK8BsNoM2VIpMcSdjcVna/GwXwZkg== BQAAAEAAAABAAAAApAAAADwBAABTSUcAUEFUSFNSRVBDRVJUSU5EWHH5Ofs4HciIFXjE9egjDbistJptoMXIC7ugCgHhI4NPJqfYY256NpULXKc9c30ul7oHXQyKLfGd84mIAxC3UwQDAAAABAAAAAwAAABSQURJTUlEUFJPT1RAQg8AuOoUh1aSBQANeC4gGGG3a23PpmF+y6CrUS9VWjyj0Ydpl2tMVDLaK2vd5QtYKKJ3UOyprGKk0D/aPn4E3Bk2rE3BKBZRXM1AAgAAAEAAAABTSUcAREVMRci9uvioJssgd8txxFlqz9RqPx+YLVMkHmm24fMUtYGWF/nhkoEYVGT7O+tXSfHHY/KHcUZjVaZpEt/tmXlXBAUDAAAAIAAAACgAAABQVUJLTUlOVE1BWFSxhKhavdriTvCAtNVcK5yr0cAbsWp2MsrwUV5YTc+7V0CsaLZSkgUAQAxA1GaSBQAAAAAA
+ed25519 gD63hSj3ScS+wuOeGrubXlq35N1c5Lby/S+T7MNTjxo= 2A+I9q2+ZayxDDYC5n2YW8Bn/zBm4D3mwS5qMwADRDcbFpBcf3yPOyeZiqpLBTkxo8GT8zMQFeApv4ScffjC8A== BQAAAEAAAABAAAAApAAAADwBAABTSUcAUEFUSFNSRVBDRVJUSU5EWN5Y0b2irPS1JgqJFQMciPg4aWd9qj1ZqcJc5bGXe1m4ZdAXa5OIhXa0+680MgpyhEHhqYJDIwH1XRa1OZx5YAUDAAAABAAAAAwAAABSQURJTUlEUFJPT1RAQg8AgBW3iFaSBQD9WI+Qr6NOZsDmP0PsnCo66mstM3ac5ZON+I+ZeEK8lZWBASvsD2JIfq3v4d1QH5g4STs3wOazQPc25Puy659ZAgAAAEAAAABTSUcAREVMRUJbs67Sb5Wx/jzWyT1PhWR0c4kg59tjSGofo8R3eHzcA9CGwavuRdxOArhVWWODG99gYgfmjcRLgt9/jH+99w4DAAAAIAAAACgAAABQVUJLTUlOVE1BWFRXRfQ1RHLWGOgqABUTYfVBDZrv3OL2nPLYve9ldfNVLOjdPVFFkgUA6D0Vb1mSBQAAAAAA
+""",
+ ]
+ request = [
+ "AgAAAEAAAABOT05DUEFE/9gPiPatvmWssQw2AuZ9mFvAZ/8wZuA95sEuajMAA0Q3GxaQXH98jzsnmYqqSwU5MaPBk/MzEBXgKb+EnH34wvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==",
+ "AgAAAEAAAABOT05DUEFE/0m1ij4pVmK7ftb4BVN45cRjTh+iP9Z6V/MJfiqK2jd0ulQ7MjOhHwlfiTxCvAbDaDNlSKTHEnY3FZ2vxsF8GZIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==",
+ "AgAAAEAAAABOT05DUEFE/0AcDP0F/L7NTiOCQlHovyMlovVtG4lBRqAgydNYk9WOoanOwclZuV8z2b/SCHj5thxbSNxuLNZoDQ2b6TWgPfsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==",
+ ]
+ response = [
+ "BQAAAEAAAABAAAAApAAAADwBAABTSUcAUEFUSFNSRVBDRVJUSU5EWDwlo/AkUnTrecAW4Ci5Tkh3KOqs6R7KLTsFtq16RXN5F7G5ckGv11UtzHoZTbKbEk03a6ogAOK54Q2CI/7XGA8DAAAABAAAAAwAAABSQURJTUlEUFJPT1RAQg8AWDLihlaSBQAoq/5gEjRCrhfH16X2GYjQJSG/CgSuGhYeCsrw7XkphLI3cxw2unJRDW8DAJrYqEGaW0NPKZk7bbpPjU/Q6Es1AgAAAEAAAABTSUcAREVMRUJbs67Sb5Wx/jzWyT1PhWR0c4kg59tjSGofo8R3eHzcA9CGwavuRdxOArhVWWODG99gYgfmjcRLgt9/jH+99w4DAAAAIAAAACgAAABQVUJLTUlOVE1BWFRXRfQ1RHLWGOgqABUTYfVBDZrv3OL2nPLYve9ldfNVLOjdPVFFkgUA6D0Vb1mSBQAAAAAA",
+ "BQAAAEAAAABAAAAApAAAADwBAABTSUcAUEFUSFNSRVBDRVJUSU5EWHH5Ofs4HciIFXjE9egjDbistJptoMXIC7ugCgHhI4NPJqfYY256NpULXKc9c30ul7oHXQyKLfGd84mIAxC3UwQDAAAABAAAAAwAAABSQURJTUlEUFJPT1RAQg8AuOoUh1aSBQANeC4gGGG3a23PpmF+y6CrUS9VWjyj0Ydpl2tMVDLaK2vd5QtYKKJ3UOyprGKk0D/aPn4E3Bk2rE3BKBZRXM1AAgAAAEAAAABTSUcAREVMRci9uvioJssgd8txxFlqz9RqPx+YLVMkHmm24fMUtYGWF/nhkoEYVGT7O+tXSfHHY/KHcUZjVaZpEt/tmXlXBAUDAAAAIAAAACgAAABQVUJLTUlOVE1BWFSxhKhavdriTvCAtNVcK5yr0cAbsWp2MsrwUV5YTc+7V0CsaLZSkgUAQAxA1GaSBQAAAAAA",
+ "BQAAAEAAAABAAAAApAAAADwBAABTSUcAUEFUSFNSRVBDRVJUSU5EWN5Y0b2irPS1JgqJFQMciPg4aWd9qj1ZqcJc5bGXe1m4ZdAXa5OIhXa0+680MgpyhEHhqYJDIwH1XRa1OZx5YAUDAAAABAAAAAwAAABSQURJTUlEUFJPT1RAQg8AgBW3iFaSBQD9WI+Qr6NOZsDmP0PsnCo66mstM3ac5ZON+I+ZeEK8lZWBASvsD2JIfq3v4d1QH5g4STs3wOazQPc25Puy659ZAgAAAEAAAABTSUcAREVMRUJbs67Sb5Wx/jzWyT1PhWR0c4kg59tjSGofo8R3eHzcA9CGwavuRdxOArhVWWODG99gYgfmjcRLgt9/jH+99w4DAAAAIAAAACgAAABQVUJLTUlOVE1BWFRXRfQ1RHLWGOgqABUTYfVBDZrv3OL2nPLYve9ldfNVLOjdPVFFkgUA6D0Vb1mSBQAAAAAA",
+ ]
+
+ server_request = request[0]
+ server_response = response[0]
+ test_cli("roughtime", [], expected_stderr=b'Please specify either --servers-file or --host and --pubkey\n')
+
+ with open(ecosystem, 'w') as f:
+ f.write("Cloudflare-Roughtime ed25519 gD63hSj4ScS+wuOeGrubXlq35N1c5Lby/S+T7MNTjxo= udp 127.0.0.1:" + str(server_port))
+
+ test_cli("roughtime", [
+ "--rng-type=drbg", "--drbg-seed=" + fixed_drbg_seed,
+ "--check-local-clock=0",
+ "--chain-file=",
+ "--servers-file=" + ecosystem]
+ , expected_stderr=b'ERROR: Public key does not match!\n')
+
+ with open(ecosystem, 'w') as f:
+ f.write("Cloudflare-Roughtime ed25519 gD63hSj3ScS+wuOeGrubXlq35N1c5Lby/S+T7MNTjxo= udp 127.0.0.1:" + str(server_port))
+
+ test_cli("roughtime", [
+ "--rng-type=drbg", "--drbg-seed=" + fixed_drbg_seed,
+ "--chain-file=",
+ "--servers-file=" + ecosystem]
+ , expected_stderr=b'ERROR: Local clock mismatch\n')
+
+ test_cli("roughtime", [
+ "--rng-type=drbg", "--drbg-seed=" + fixed_drbg_seed,
+ "--check-local-clock=0",
+ "--chain-file=" + chain_file,
+ "--servers-file=" + ecosystem]
+ , "Cloudflare-Roughtime : UTC 2019-09-12T08:00:11 (+-1000000us)")
+
+ with open(chain_file, 'r') as f:
+ read_data = f.read()
+ if read_data != chain[0]:
+ logging.error("unexpected chain")
+
+ server_request = request[1]
+ server_response = response[1]
+ test_cli("roughtime", [
+ "--rng-type=drbg", "--drbg-seed=" + fixed_drbg_seed,
+ "--check-local-clock=0",
+ "--chain-file=" + chain_file,
+ "--host=127.0.0.1:" + str(server_port),
+ "--pubkey=gD63hSj3ScS+wuOeGrubXlq35N1c5Lby/S+T7MNTjxo=",
+ "--raw-time"]
+ , "UTC 1568275214691000 (+-1000000us)")
+
+ with open(chain_file, 'r') as f:
+ read_data = f.read()
+ if read_data != chain[1]:
+ logging.error("unexpected chain")
+
+ server_request = request[2]
+ server_response = response[2]
+ test_cli("roughtime", [
+ "--rng-type=drbg", "--drbg-seed=" + fixed_drbg_seed,
+ "--check-local-clock=0",
+ "--chain-file=" + chain_file,
+ "--host=127.0.0.1:" + str(server_port),
+ "--pubkey=gD63hSj3ScS+wuOeGrubXlq35N1c5Lby/S+T7MNTjxo=",
+ "--max-chain-size=2"]
+ , "UTC 2019-09-12T08:00:42 (+-1000000us)")
+
+ with open(chain_file, 'r') as f:
+ read_data = f.read()
+ if read_data != chain[2]:
+ logging.error("unexpected chain")
def cli_pk_workfactor_tests(_tmp_dir):
test_cli("pk_workfactor", "1024", "80")
@@ -1106,6 +1259,8 @@ def main(args=None):
cli_pk_workfactor_tests,
cli_psk_db_tests,
cli_rng_tests,
+ cli_roughtime_check_tests,
+ cli_roughtime_tests,
cli_speed_tests,
cli_timing_test_tests,
cli_tls_ciphersuite_tests,
diff --git a/src/tests/data/misc/roughtime_nonce_from_blind.vec b/src/tests/data/misc/roughtime_nonce_from_blind.vec
new file mode 100644
index 000000000..3705f30ae
--- /dev/null
+++ b/src/tests/data/misc/roughtime_nonce_from_blind.vec
@@ -0,0 +1,9 @@
+[Valid]
+Response = 050000004000000040000000A40000003C01000053494700504154485352455043455254494E4458030878C605DE2F4234E53D659CC362EEEDC0CE19F25F0A115E51ED2EFB90B3C0474892929324EA4A262838CDAE5A4209512532B21DD0E05E2A00B7044DB9950E03000000040000000C000000524144494D494450524F4F5440420F00AC8139619F8205003504CBB433EF121955E1E7F3441C9EBFB213824480EA54890147638F3F6425A6DFA8A2FC3703628880D9255E6261BA642CC4BA35315787EC7DE079E7C752B97902000000400000005349470044454C45340B2E9950BF4ACDE29EFB068E7DA93F1B6EAB95E8C292C082C8FD3C362CB1A8F67A1A65E81416633EACDBB5775015384550D358FAFF6C43981BE9D1DE8C66010300000020000000280000005055424B4D494E544D415854B86B5758A08079BBFCE46D1DEC22D7AE855AD092CCF38FE1A783DCB0A3A3BD560000000000000000FFFFFFFFFFFFFFFF00000000
+Blind = D1659ADE0A96C925178B12D8E421FC476F11B2095AD5486668754BA7D134E83C9296DE312B63751FDA3D65B134CBCFD177F0397A68B301111CB538FC53304DD4
+Nonce = E2E1C752DDEDBD766DDB32E9598D9E97C34BFBC4C6C2D46E4470AC68BF00E3FC505A0EBDDF93ADCE5195A22D97F71F13F1EDB5569D89AE8CD0ABA16B4E0F1507
+
+[Invalid]
+Response = 050000004000000040000000A40000003C01000053494700504154485352455043455254494E4458030878C605DE2F4234E53D659CC362EEEDC0CE19F25F0A115E51ED2EFB90B3C0474892929324EA4A262838CDAE5A4209512532B21DD0E05E2A00B7044DB9950E03000000040000000C000000524144494D494450524F4F5440420F00AC8139619F8205003504CBB433EF121955E1E7F3441C9EBFB213824480EA54890147638F3F6425A6DFA8A2FC3703628880D9255E6261BA642CC4BA35315787EC7DE079E7C752B97902000000400000005349470044454C45340B2E9950BF4ACDE29EFB068E7DA93F1B6EAB95E8C292C082C8FD3C362CB1A8F67A1A65E81416633EACDBB5775015384550D358FAFF6C43981BE9D1DE8C66010300000020000000280000005055424B4D494E544D415854B86B5758A08079BBFCE46D1DEC22D7AE855AD092CCF38FE1A783DCB0A3A3BD560000000000000000FFFFFFFFFFFFFFFF00000000
+Blind = D2659ADE0A96C925178B12D8E421FC476F11B2095AD5486668754BA7D134E83C9296DE312B63751FDA3D65B134CBCFD177F0397A68B301111CB538FC53304DD4
+Nonce = E2E1C752DDEDBD766DDB32E9598D9E97C34BFBC4C6C2D46E4470AC68BF00E3FC505A0EBDDF93ADCE5195A22D97F71F13F1EDB5569D89AE8CD0ABA16B4E0F1507
diff --git a/src/tests/data/misc/roughtime_request.vec b/src/tests/data/misc/roughtime_request.vec
new file mode 100644
index 000000000..637346097
--- /dev/null
+++ b/src/tests/data/misc/roughtime_request.vec
@@ -0,0 +1,7 @@
+[Valid]
+Nonce = 83ED2ACE13F29CF02EFB939A6EC79A4BBB7BE7D9E5854FD083FDB01E64BBDBDFEDA23A9FB9EA4BD02F469FFAD10CDD58D049D44E1EB74FA5697A098674546D6D
+Request = 02000000400000004E4F4E43504144FF83ED2ACE13F29CF02EFB939A6EC79A4BBB7BE7D9E5854FD083FDB01E64BBDBDFEDA23A9FB9EA4BD02F469FFAD10CDD58D049D44E1EB74FA5697A098674546D6D0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+
+[Invalid]
+Nonce = 83ED2ACE13F29CF02EFB939A6EC79A4BBB7BE7D9E5854FD083FDB01E64BBDBDFEDA23A9FB9EA4BD02F469FFAD10CDD58D049D44E1EB74FA5697A098674546D6D
+Request = 03000000400000004E4F4E43504144FF83ED2ACE13F29CF02EFB939A6EC79A4BBB7BE7D9E5854FD083FDB01E64BBDBDFEDA23A9FB9EA4BD02F469FFAD10CDD58D049D44E1EB74FA5697A098674546D6D0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
diff --git a/src/tests/data/misc/roughtime_response.vec b/src/tests/data/misc/roughtime_response.vec
new file mode 100644
index 000000000..1166c185d
--- /dev/null
+++ b/src/tests/data/misc/roughtime_response.vec
@@ -0,0 +1,67 @@
+[Invalid]
+# Botan::Invalid_Argument:tag not found
+Response = 040000004000000040000000A40000003C01000053494700504154485352455043455254494E445889AD80EC2EF7E507FD68E4B88F6DB48020807749BCAE886FE8221D31B5EC070FEB25E401FD746D9C2C995B354FFED67F8FC05B56F4844502F632EAD44FD7140E03000000040000000C000000524144494D494450524F4F5440420F0038596D5D678205008DC2277E99668AF765D3D7372D915B904AD6CEB0BAA4262E194C894C0634936DA2CCD92ADBA30FF286ADF5EBF68A5E7BE43559A6226BD3500DDA16083C11C2A202000000400000005349470044454C45A82675D99316586079BDDF8965030CEA112DAAC1D9EADE089CFB7B7C9ABF7D9F87FFDFBB958FCBAC5BE082FBFC110E8B75E11ECEA3DD6D91348AFADCC045260A0300000020000000280000005055424B4D494E544D41585468B3FAF25B844DE2860ECC833283DEBE12A2852E195758B03AA8E39B5247F35E30DFFF4B5E820500303FD7697282050000000000
+
+# Botan::Invalid_Argument:tag not found
+Response = 050000004000000040000000A40000003C01000054494700504154485352455043455254494E445889AD80EC2EF7E507FD68E4B88F6DB48020807749BCAE886FE8221D31B5EC070FEB25E401FD746D9C2C995B354FFED67F8FC05B56F4844502F632EAD44FD7140E03000000040000000C000000524144494D494450524F4F5440420F0038596D5D678205008DC2277E99668AF765D3D7372D915B904AD6CEB0BAA4262E194C894C0634936DA2CCD92ADBA30FF286ADF5EBF68A5E7BE43559A6226BD3500DDA16083C11C2A202000000400000005349470044454C45A82675D99316586079BDDF8965030CEA112DAAC1D9EADE089CFB7B7C9ABF7D9F87FFDFBB958FCBAC5BE082FBFC110E8B75E11ECEA3DD6D91348AFADCC045260A0300000020000000280000005055424B4D494E544D41585468B3FAF25B844DE2860ECC833283DEBE12A2852E195758B03AA8E39B5247F35E30DFFF4B5E820500303FD7697282050000000000
+
+# Botan::Invalid_Argument:invalid structure
+Response = 05000000400000
+
+# Botan::Invalid_Argument:invalid structure
+Response = 050000004000000050000000A40000003C01000053494700504154485352455043455254494E445889AD80EC2EF7E507FD68E4B88F6DB48020807749BCAE886FE8221D31B5EC070FEB25E401FD746D9C2C995B354FFED67F8FC05B56F4844502F632EAD44FD7140E03000000040000000C000000524144494D494450524F4F5440420F0038596D5D678205008DC2277E99668AF765D3D7372D915B904AD6CEB0BAA4262E194C894C0634936DA2CCD92ADBA30FF286ADF5EBF68A5E7BE43559A6226BD3500DDA16083C11C2A202000000400000005349470044454C45A82675D99316586079BDDF8965030CEA112DAAC1D9EADE089CFB7B7C9ABF7D9F87FFDFBB958FCBAC5BE082FBFC110E8B75E11ECEA3DD6D91348AFADCC045260A0300000020000000280000005055424B4D494E544D41585468B3FAF25B844DE2860ECC833283DEBE12A2852E195758B03AA8E39B5247F35E30DFFF4B5E820500303FD7697282050000000000
+
+# Botan::Invalid_Argument:invalid structure
+Response = 050000004000000040000000A40000004C01000053494700504154485352455043455254494E445889AD80EC2EF7E507FD68E4B88F6DB48020807749BCAE886FE8221D31B5EC070FEB25E401FD746D9C2C995B354FFED67F8FC05B56F4844502F632EAD44FD7140E03000000040000000C000000524144494D494450524F4F5440420F0038596D5D678205008DC2277E99668AF765D3D7372D915B904AD6CEB0BAA4262E194C894C0634936DA2CCD92ADBA30FF286ADF5EBF68A5E7BE43559A6226BD3500DDA16083C11C2A202000000400000005349470044454C45A82675D99316586079BDDF8965030CEA112DAAC1D9EADE089CFB7B7C9ABF7D9F87FFDFBB958FCBAC5BE082FBFC110E8B75E11ECEA3DD6D91348AFADCC045260A0300000020000000280000005055424B4D494E544D41585468B3FAF25B844DE2860ECC833283DEBE12A2852E195758B03AA8E39B5247F35E30DFFF4B5E820500303FD7697282050000000000
+
+# Botan::Invalid_Argument:invalid structure
+Response = 050000005000000040000000A40000003C01000053494700504154485352455043455254494E445889AD80EC2EF7E507FD68E4B88F6DB48020807749BCAE886FE8221D31B5EC070FEB25E401FD746D9C2C995B354FFED67F8FC05B56F4844502F632EAD44FD7140E03000000040000000C000000524144494D494450524F4F5440420F0038596D5D678205008DC2277E99668AF765D3D7372D915B904AD6CEB0BAA4262E194C894C0634936DA2CCD92ADBA30FF286ADF5EBF68A5E7BE43559A6226BD3500DDA16083C11C2A202000000400000005349470044454C45A82675D99316586079BDDF8965030CEA112DAAC1D9EADE089CFB7B7C9ABF7D9F87FFDFBB958FCBAC5BE082FBFC110E8B75E11ECEA3DD6D91348AFADCC045260A0300000020000000280000005055424B4D494E544D41585468B3FAF25B844DE2860ECC833283DEBE12A2852E195758B03AA8E39B5247F35E30DFFF4B5E820500303FD7697282050000000000
+
+# Botan::Invalid_Argument:nonce verification failed
+Response = 050000004000000040000000A40000003C01000053494700504154485352455043455254494E445889AD80EC2EF7E507FD68E4B88F6DB48020807749BCAE886FE8221D31B5EC070FEB25E401FD746D9C2C995B354FFED67F8FC05B56F4844502F632EAD44FD7140E03000000040000000C000000524144494D494450524F4F5440420F0038596D5D678205008DC2277E99668AF765D3D7372D915B904AD6CEB0BAA4262E194C894C0634936DA2CCD92ADBA30FF286ADF5EBF68A5E7BE43559A6226BD3500DDA16083C11C2A202000000400000005349470044454C45A82675D99316586079BDDF8965030CEA112DAAC1D9EADE089CFB7B7C9ABF7D9F87FFDFBB958FCBAC5BE082FBFC110E8B75E11ECEA3DD6D91348AFADCC045260A0300000020000000280000005055424B4D494E544D41585468B3FAF25B844DE2860ECC833283DEBE12A2852E195758B03AA8E39B5247F35E30DFFF4B5E820500303FD7697292050000000000
+
+# Botan::Invalid_Argument:tag content wrong size
+Response = 050000004000000040000000A40000003C01000050415448534947005352455043455254494E445889AD80EC2EF7E507FD68E4B88F6DB48020807749BCAE886FE8221D31B5EC070FEB25E401FD746D9C2C995B354FFED67F8FC05B56F4844502F632EAD44FD7140E03000000040000000C000000524144494D494450524F4F5440420F0038596D5D678205008DC2277E99668AF765D3D7372D915B904AD6CEB0BAA4262E194C894C0634936DA2CCD92ADBA30FF286ADF5EBF68A5E7BE43559A6226BD3500DDA16083C11C2A202000000400000005349470044454C45A82675D99316586079BDDF8965030CEA112DAAC1D9EADE089CFB7B7C9ABF7D9F87FFDFBB958FCBAC5BE082FBFC110E8B75E11ECEA3DD6D91348AFADCC045260A0300000020000000280000005055424B4D494E544D41585468B3FAF25B844DE2860ECC833283DEBE12A2852E195758B03AA8E39B5247F35E30DFFF4B5E820500303FD7697282050000000000
+
+# Botan::Invalid_Argument:Merkle tree path is too short
+Response = 050000004000000040000000A40000003C01000053494700504154485352455043455254494E445889AD80EC2EF7E507FD68E4B88F6DB48020807749BCAE886FE8221D31B5EC070FEB25E401FD746D9C2C995B354FFED67F8FC05B56F4844502F632EAD44FD7140E03000000040000000C000000524144494D494450524F4F5440420F0038596D5D678205008DC2277E99668AF765D3D7372D915B904AD6CEB0BAA4262E194C894C0634936DA2CCD92ADBA30FF286ADF5EBF68A5E7BE43559A6226BD3500DDA16083C11C2A202000000400000005349470044454C45A82675D99316586079BDDF8965030CEA112DAAC1D9EADE089CFB7B7C9ABF7D9F87FFDFBB958FCBAC5BE082FBFC110E8B75E11ECEA3DD6D91348AFADCC045260A0300000020000000280000005055424B4D494E544D41585468B3FAF25B844DE2860ECC833283DEBE12A2852E195758B03AA8E39B5247F35E30DFFF4B5E820500303FD7697282050000000001
+
+# Botan::Invalid_Argument:response signature invalid
+Response = 050000004000000040000000A40000003C01000053494700504154485352455043455254494E445889AD80EC2EF7E507FD68E4B88F6D148020807749BCAE886FE8221D31B5EC070FEB25E401FD746D9C2C995B354FFED67F8FC05B56F4844502F632EAD44FD7140E03000000040000000C000000524144494D494450524F4F5440420F0038596D5D678205008DC2277E99668AF765D3D7372D915B904AD6CEB0BAA4262E194C894C0634936DA2CCD92ADBA30FF286ADF5EBF68A5E7BE43559A6226BD3500DDA16083C11C2A202000000400000005349470044454C45A82675D99316586079BDDF8965030CEA112DAAC1D9EADE089CFB7B7C9ABF7D9F87FFDFBB958FCBAC5BE082FBFC110E8B75E11ECEA3DD6D91348AFADCC045260A0300000020000000280000005055424B4D494E544D41585468B3FAF25B844DE2860ECC833283DEBE12A2852E195758B03AA8E39B5247F35E30DFFF4B5E820500303FD7697282050000000000
+
+# Botan::Invalid_Argument:Merkle tree path size must be multiple of 64 bytes
+Response = 0500000040000000C100000025010000BD01000053494700504154485352455043455254494E44583C6348F53968422316DEF44BAAB1D0C55C695B12FA0DC12955DD41768CAE75171C411AB3F39B9B39A0A5F55739B23DA8C9C8AA13EFAFFA36C53B3A5D4C9EB30911709B0F0EA767A0A40ECC06F9AD5D0EE93C4DC95E19A43EF2A92851E3D5CD92EE16FF096C0AC926BBEC6226CF7A15D2C6AB7154D2D4638E17CB01CAE047B9B412B367367A74718F21F1A12318E1EC8FDAAE1D3912F9588EF42A8C2F3F2EF27D45DB472770465181672BB9BC1E306D4767E6EE9D3542C603200127E2D8EBF5C29903000000040000000C000000524144494D494450524F4F5440420F00ABB836DD78820500D85F9F5E8879DD9D5F5130E4F3A8B250FAC244754BA536D2C24D08E59C5CEADA79966B39C10E8678C94529F7790421C4AD490FA43A208D9AEF0BB1DE4252F94202000000400000005349470044454C457865CA05DFFED083CF78A50A24A7D00E7AC2AC27449C9A8CFDA496DBE8ACC74C2C7B766449CBD085AE88C40627EAE8D0F9D07EC30F4D8F37ABB17842ABDC380A0300000020000000280000005055424B4D494E544D415854A9600D58ECE49A48410ABB4F20FDA858ADF5BE3CCCFF09B4ED028DC76A5956560000000000000000FFFFFFFFFFFFFFFF02000000
+
+# Botan::Invalid_Argument:midpoint earlier than delegation start
+Nonce = 71BEFBF21751C7431F05AF1384D4C2355D20E5E9193D2236B2D385A70DEC6AD92B2E8D84178A1E44D94DEB6F2DB1644BE72155DACBEFF00C5E1A69B0E1B11BE3
+Response = 050000004000000040000000A40000003C01000053494700504154485352455043455254494E445812E94D200CED7E281CF5197E7C2955019F75087D03C70E3C5365CF9D3328F55F63631CADA236A7A505D32D18AD3D6158A9D0723ECDB11698CE602C88294E360503000000040000000C000000524144494D494450524F4F5440420F00B529B0DFF08205003FD6E7B379BE6CC4D6F104ACAAA2115B773E9D649A16C93689FC3945DF538DC7178E75F6DC2FD348B51ADCB1FA86B445039EF827C61727870B2269A6845CF31902000000400000005349470044454C45FD37B5E344698F85D818C61B1F39D3F2F4E876CE60D62F8B5ED3F892EBC01816A11AF3FBF2D55CCF245876EDBBBD636A701241F4B241AF52EF9020D93D0398000300000020000000280000005055424B4D494E544D4158546A42F3AD4043A8AC60D47A7283EB9EE9D462672483F08E34F8B46C6681D283C730BF9D0EF10F090030BF9D0EF10F090000000000
+
+# Botan::Invalid_Argument:midpoint later than delegation end
+Nonce = A6E107D0F1C7A63620B4696BEC16C9DA19186205F96DA7FD9D2FA6E36C9D5A0C35413CD004F3398DC09A8635A669211DFEEF0F9EC20F2DC8BA5D51BF6314C6C5
+Response = 050000004000000040000000A40000003C01000053494700504154485352455043455254494E445850838432248595410821CBD39AA022BBE4AC9AF8F815D0EEF738215C386F9594D71A4DDF7D8AD73C50B4AE28DC6691344C6E869EFC0ACAAA7D74DF4F6398CA0003000000040000000C000000524144494D494450524F4F5440420F004EFF0EDAF082050012532E7C04D6EE62DDB4BC04877D1EBD30B9811858315EBBD011721194A5DD0BE73BE8E06390443D3D3C85E56DF471AFD461DC28FBBEC9C5A0DAF54B982B167802000000400000005349470044454C452DB049AE5FF4411953AC87E783EE9B36A3CF784B57C0BDA954EDE55AC95B1D1756CD55D1CC4F0911E89396A82BBF1F53B71E401C3C244DD81B2A11E8D7D83D000300000020000000280000005055424B4D494E544D41585476AAAB18DD9FA7643796A4E5FCB4F1CE7BF36AB3B8D4CB1B507D935F9F882A2D303FD76972820500303FD7697282050000000000
+
+# fail_validation
+Nonce = 83ED2ACE13F29CF02EFB939A6EC79A4BBB7BE7D9E5854FD083FDB01E64BBDBDFEDA23A9FB9EA4BD02F469FFAD10CDD58D049D44E1EB74FA5697A098674546D6D
+Pubkey = 503eb78528f749c4bec2e39e1abb9b5e5ab7e4dd5ce4b6f2fd2f93ecc3538f1a
+Response = 050000004000000040000000A40000003C01000053494700504154485352455043455254494E445889AD80EC2EF7E507FD68E4B88F6DB48020807749BCAE886FE8221D31B5EC070FEB25E401FD746D9C2C995B354FFED67F8FC05B56F4844502F632EAD44FD7140E03000000040000000C000000524144494D494450524F4F5440420F0038596D5D678205008DC2277E99668AF765D3D7372D915B904AD6CEB0BAA4262E194C894C0634936DA2CCD92ADBA30FF286ADF5EBF68A5E7BE43559A6226BD3500DDA16083C11C2A202000000400000005349470044454C45A82675D99316586079BDDF8965030CEA112DAAC1D9EADE089CFB7B7C9ABF7D9F87FFDFBB958FCBAC5BE082FBFC110E8B75E11ECEA3DD6D91348AFADCC045260A0300000020000000280000005055424B4D494E544D41585468B3FAF25B844DE2860ECC833283DEBE12A2852E195758B03AA8E39B5247F35E30DFFF4B5E820500303FD7697282050000000000
+
+[Valid]
+Nonce = 83ED2ACE13F29CF02EFB939A6EC79A4BBB7BE7D9E5854FD083FDB01E64BBDBDFEDA23A9FB9EA4BD02F469FFAD10CDD58D049D44E1EB74FA5697A098674546D6D
+Pubkey = 803eb78528f749c4bec2e39e1abb9b5e5ab7e4dd5ce4b6f2fd2f93ecc3538f1a
+MidpointMicroSeconds = 1550755344243000
+RadiusMicroSeconds = 1000000
+Response = 050000004000000040000000A40000003C01000053494700504154485352455043455254494E445889AD80EC2EF7E507FD68E4B88F6DB48020807749BCAE886FE8221D31B5EC070FEB25E401FD746D9C2C995B354FFED67F8FC05B56F4844502F632EAD44FD7140E03000000040000000C000000524144494D494450524F4F5440420F0038596D5D678205008DC2277E99668AF765D3D7372D915B904AD6CEB0BAA4262E194C894C0634936DA2CCD92ADBA30FF286ADF5EBF68A5E7BE43559A6226BD3500DDA16083C11C2A202000000400000005349470044454C45A82675D99316586079BDDF8965030CEA112DAAC1D9EADE089CFB7B7C9ABF7D9F87FFDFBB958FCBAC5BE082FBFC110E8B75E11ECEA3DD6D91348AFADCC045260A0300000020000000280000005055424B4D494E544D41585468B3FAF25B844DE2860ECC833283DEBE12A2852E195758B03AA8E39B5247F35E30DFFF4B5E820500303FD7697282050000000000
+
+# Merkle tree 2 leafs
+Nonce = 8FEBCFDCB149EA09E96405547F5360A2C243169F3243B8BA16B962CC94EF62E5E1A619EA25A18B8F324A63B85B615285A17065BE94592D8C1FDF3FAFF279A6E8
+Pubkey = 6f79ced1b4d650a7bb23325b68a9866da2cf33ffd89f073933a5a6107d55aca1
+MidpointMicroSeconds = 1550830411384409
+RadiusMicroSeconds = 1000000
+Response = 050000004000000080000000E40000007C01000053494700504154485352455043455254494E4458357CD0583B97ADFFB7AB5EFD932661366EEFD6AB5B204FAB2CBD9F1CFBE2314FD953CCC66E280307BB30C004A838202EE12BBAC5CA6BE0D179C13441072A8102FD2915F34A58CB40516E2731B2884051482D829F7A996EC3D1BF7367CE40AB8EF28C8BD6A04063F0BE45FBBBF3C79332CCE35E82E783800B6B1E814ECE7C815903000000040000000C000000524144494D494450524F4F5440420F005906C7D778820500FB6AF62DD67A7EFA90E64E26DE4B93FB6A3455DA1C73ABE30CFA6FA0BCAD1E56F4C133BAE1FE959EECFF6F674A8FFC95148E723C8D08510C2394326A3C595D9202000000400000005349470044454C457865CA05DFFED083CF78A50A24A7D00E7AC2AC27449C9A8CFDA496DBE8ACC74C2C7B766449CBD085AE88C40627EAE8D0F9D07EC30F4D8F37ABB17842ABDC380A0300000020000000280000005055424B4D494E544D415854A9600D58ECE49A48410ABB4F20FDA858ADF5BE3CCCFF09B4ED028DC76A5956560000000000000000FFFFFFFFFFFFFFFF01000000
+
+# Merkle tree 4 leafs
+Nonce = 92DD76EC9302DA565A14D4B7C71AF005DBB51DFE50A931E4BF25925BB9667066E4E593EB8332A57F4CFA14074210AAC5D43A9E4CC13FE5889E9DE0C428AA9D5D
+Pubkey = 6f79ced1b4d650a7bb23325b68a9866da2cf33ffd89f073933a5a6107d55aca1
+MidpointMicroSeconds = 1550830502590635
+RadiusMicroSeconds = 1000000
+Response = 0500000040000000C000000024010000BC01000053494700504154485352455043455254494E44583C6348F53968422316DEF44BAAB1D0C55C695B12FA0DC12955DD41768CAE75171C411AB3F39B9B39A0A5F55739B23DA8C9C8AA13EFAFFA36C53B3A5D4C9EB309709B0F0EA767A0A40ECC06F9AD5D0EE93C4DC95E19A43EF2A92851E3D5CD92EE16FF096C0AC926BBEC6226CF7A15D2C6AB7154D2D4638E17CB01CAE047B9B412B367367A74718F21F1A12318E1EC8FDAAE1D3912F9588EF42A8C2F3F2EF27D45DB472770465181672BB9BC1E306D4767E6EE9D3542C603200127E2D8EBF5C29903000000040000000C000000524144494D494450524F4F5440420F00ABB836DD78820500D85F9F5E8879DD9D5F5130E4F3A8B250FAC244754BA536D2C24D08E59C5CEADA79966B39C10E8678C94529F7790421C4AD490FA43A208D9AEF0BB1DE4252F94202000000400000005349470044454C457865CA05DFFED083CF78A50A24A7D00E7AC2AC27449C9A8CFDA496DBE8ACC74C2C7B766449CBD085AE88C40627EAE8D0F9D07EC30F4D8F37ABB17842ABDC380A0300000020000000280000005055424B4D494E544D415854A9600D58ECE49A48410ABB4F20FDA858ADF5BE3CCCFF09B4ED028DC76A5956560000000000000000FFFFFFFFFFFFFFFF02000000
diff --git a/src/tests/test_roughtime.cpp b/src/tests/test_roughtime.cpp
new file mode 100644
index 000000000..65bd671bb
--- /dev/null
+++ b/src/tests/test_roughtime.cpp
@@ -0,0 +1,264 @@
+/*
+* (C) 2019 Nuno Goncalves <[email protected]>
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#include "tests.h"
+
+#include <cassert>
+
+#include "test_rng.h"
+
+#if defined(BOTAN_HAS_BIGINT)
+ #include <botan/bigint.h>
+#endif
+
+#if defined(BOTAN_HAS_ROUGHTIME)
+ #include <botan/base64.h>
+ #include <botan/ed25519.h>
+ #include <botan/hex.h>
+ #include <botan/roughtime.h>
+#endif
+namespace Botan_Tests {
+
+#if defined(BOTAN_HAS_ROUGHTIME)
+
+class Roughtime_Request_Tests final : public Text_Based_Test
+ {
+ public:
+ Roughtime_Request_Tests() :
+ Text_Based_Test("misc/roughtime_request.vec", "Nonce,Request") {}
+
+ Test::Result run_one_test(const std::string& type, const VarMap& vars) override
+ {
+ Test::Result result("roughtime request");
+
+ const auto nonce = vars.get_req_bin("Nonce");
+ const auto request_v = vars.get_req_bin("Request");
+
+ const auto request = Botan::Roughtime::encode_request(nonce);
+ result.test_eq(
+ "encode",
+ type == "Valid",
+ request == Botan::typecast_copy<std::array<uint8_t, 1024>>(request_v.data()));
+
+ return result;
+ }
+ };
+
+BOTAN_REGISTER_TEST("roughtime_request", Roughtime_Request_Tests);
+
+
+class Roughtime_Response_Tests final : public Text_Based_Test
+ {
+ public:
+ Roughtime_Response_Tests() :
+ Text_Based_Test("misc/roughtime_response.vec",
+ "Response",
+ "Nonce,Pubkey,MidpointMicroSeconds,RadiusMicroSeconds") {}
+
+ Test::Result run_one_test(const std::string& type, const VarMap& vars) override
+ {
+ Test::Result result("roughtime response");
+
+ const auto response_v = vars.get_req_bin("Response");
+ const auto n = vars.has_key("Nonce") ? vars.get_req_bin("Nonce") : std::vector<uint8_t>(64);
+ assert(n.size() == 64);
+ const Botan::Roughtime::Nonce nonce(n);
+ try
+ {
+ const auto response = Botan::Roughtime::Response::from_bits(response_v, nonce);
+
+ const auto pubkey = vars.get_req_bin("Pubkey");
+ assert(pubkey.size() == 32);
+
+ if(!response.validate(Botan::Ed25519_PublicKey(pubkey)))
+ {
+ result.confirm("fail_validation", type == "Invalid");
+ }
+ else
+ {
+ const auto midpoint = Botan::Roughtime::Response::sys_microseconds64(
+ std::chrono::microseconds(
+ vars.get_req_u64("MidpointMicroSeconds")));
+ const auto radius = std::chrono::microseconds(
+ vars.get_req_u32("RadiusMicroSeconds"));
+
+ result.confirm("midpoint", response.utc_midpoint() == midpoint);
+ result.confirm("radius", response.utc_radius() == radius);
+ result.confirm("OK", type == "Valid");
+ }
+ }
+ catch(const Botan::Roughtime::Roughtime_Error& e)
+ {
+ result.confirm(e.what(), type == "Invalid");
+ }
+
+ return result;
+ }
+ };
+
+BOTAN_REGISTER_TEST("roughtime_response", Roughtime_Response_Tests);
+
+class Roughtime_nonce_from_blind_Tests final : public Text_Based_Test
+ {
+ public:
+ Roughtime_nonce_from_blind_Tests() :
+ Text_Based_Test("misc/roughtime_nonce_from_blind.vec", "Response,Blind,Nonce") {}
+
+ Test::Result run_one_test(const std::string& type, const VarMap& vars) override
+ {
+ Test::Result result("roughtime nonce_from_blind");
+
+ const auto response = vars.get_req_bin("Response");
+ const auto blind = vars.get_req_bin("Blind");
+ const auto nonce = vars.get_req_bin("Nonce");
+
+ result.test_eq("fail_validation",
+ Botan::Roughtime::nonce_from_blind(response, blind) == nonce,
+ type == "Valid");
+
+ return result;
+ }
+ };
+
+BOTAN_REGISTER_TEST("roughtime_nonce_from_blind", Roughtime_nonce_from_blind_Tests);
+
+
+
+class Roughtime final : public Test
+ {
+ Test::Result test_nonce()
+ {
+ Test::Result result("roughtime nonce");
+
+ auto rand64 = Botan::unlock(Test::rng().random_vec(64));;
+ Botan::Roughtime::Nonce nonce_v(rand64);
+ result.confirm("nonce from vector", nonce_v.get_nonce() == Botan::typecast_copy<std::array<uint8_t, 64>>
+ (rand64.data()));
+ Botan::Roughtime::Nonce nonce_a(Botan::typecast_copy<std::array<uint8_t, 64>>(rand64.data()));
+ result.confirm("nonce from array", nonce_v.get_nonce() == Botan::typecast_copy<std::array<uint8_t, 64>>(rand64.data()));
+ rand64.push_back(10);
+ result.test_throws("vector oversize", [&rand64]() {Botan::Roughtime::Nonce nonce_v(rand64);}); //size 65
+ rand64.pop_back();
+ rand64.pop_back();
+ result.test_throws("vector undersize", [&rand64]() {Botan::Roughtime::Nonce nonce_v(rand64);}); //size 63
+
+ return result;
+ }
+
+ Test::Result test_chain()
+ {
+ Test::Result result("roughtime chain");
+
+ Botan::Roughtime::Chain c1;
+ result.confirm("default constructed is empty", c1.links().empty() && c1.responses().empty());
+
+ auto rand64 = Botan::unlock(Test::rng().random_vec(64));;
+ Botan::Roughtime::Nonce nonce_v(rand64);
+ result.confirm("empty chain nonce is blind",
+ c1.next_nonce(nonce_v).get_nonce() == Botan::typecast_copy<std::array<uint8_t, 64>>(rand64.data()));
+
+ const std::string chain_str =
+ "ed25519 bbT+RPS7zKX6w71ssPibzmwWqU9ffRV5oj2OresSmhE= eu9yhsJfVfguVSqGZdE8WKIxaBBM0ZG3Vmuc+IyZmG2YVmrIktUByDdwIFw6F4rZqmSFsBO85ljoVPz5bVPCOw== BQAAAEAAAABAAAAApAAAADwBAABTSUcAUEFUSFNSRVBDRVJUSU5EWBnGOEajOwPA6G7oL47seBP4C7eEpr57H43C2/fK/kMA0UGZVUdf4KNX8oxOK6JIcsbVk8qhghTwA70qtwpYmQkDAAAABAAAAAwAAABSQURJTUlEUFJPT1RAQg8AJrA8tEqPBQAqisiuAxgy2Pj7UJAiWbCdzGz1xcCnja3T+AqhC8fwpeIwW4GPy/vEb/awXW2DgSLKJfzWIAz+2lsR7t4UjNPvAgAAAEAAAABTSUcAREVMRes9Ch4X0HIw5KdOTB8xK4VDFSJBD/G9t7Et/CU7UW61OiTBXYYQTG2JekWZmGa0OHX1JPGG+APkpbsNw0BKUgYDAAAAIAAAACgAAABQVUJLTUlOVE1BWFR/9BWjpsWTQ1f6iUJea3EfZ1MkX3ftJiV3ABqNLpncFwAAAAAAAAAA//////////8AAAAA\n"
+ "ed25519 gD63hSj3ScS+wuOeGrubXlq35N1c5Lby/S+T7MNTjxo= uLeTON9D+2HqJMzK6sYWLNDEdtBl9t/9yw1cVAOm0/sONH5Oqdq9dVPkC9syjuWbglCiCPVF+FbOtcxCkrgMmA== BQAAAEAAAABAAAAApAAAADwBAABTSUcAUEFUSFNSRVBDRVJUSU5EWOw1jl0uSiBEH9HE8/6r7zxoSc01f48vw+UzH8+VJoPelnvVJBj4lnH8uRLh5Aw0i4Du7XM1dp2u0r/I5PzhMQoDAAAABAAAAAwAAABSQURJTUlEUFJPT1RAQg8AUBo+tEqPBQC47l77to7ESFTVhlw1SC74P5ssx6gpuJ6eP+1916GuUiySGE/x3Fp0c3otUGAdsRQou5p9PDTeane/YEeVq4/8AgAAAEAAAABTSUcAREVMRe5T1ml8wHyWAcEtHP/U5Rg/jFXTEXOSglngSa4aI/CECVdy4ZNWeP6vv+2//ZW7lQsrWo7ZkXpvm9BdBONRSQIDAAAAIAAAACgAAABQVUJLTUlOVE1BWFQpXlenV0OfVisvp9jDHXLw8vymZVK9Pgw9k6Edf8ZEhUgSGEc5jwUASHLvZE2PBQAAAAAA\n";
+
+ Botan::Roughtime::Chain c2(chain_str);
+ result.confirm("have two elements", c2.links().size() == 2 && c2.responses().size() == 2);
+ result.confirm("serialize loopback", c2.to_string() == chain_str);
+
+ c1.append(c2.links()[0], 1);
+ result.confirm("append ok", c1.links().size() == 1 && c1.responses().size() == 1);
+ c1.append(c2.links()[1], 1);
+ result.confirm("max size", c1.links().size() == 1 && c1.responses().size() == 1);
+
+ result.test_throws("non-positive max chain size", [&]() {c1.append(c2.links()[1], 0);});
+ result.test_throws("1 field", [&]() {Botan::Roughtime::Chain a("ed25519");});
+ result.test_throws("2 fields", [&]() {Botan::Roughtime::Chain a("ed25519 bbT+RPS7zKX6w71ssPibzmwWqU9ffRV5oj2OresSmhE=");});
+ result.test_throws("3 fields", [&]() {Botan::Roughtime::Chain a("ed25519 bbT+RPS7zKX6w71ssPibzmwWqU9ffRV5oj2OresSmhE= eu9yhsJfVfguVSqGZdE8WKIxaBBM0ZG3Vmuc+IyZmG2YVmrIktUByDdwIFw6F4rZqmSFsBO85ljoVPz5bVPCOw==");});
+ result.test_throws("5 fields", [&]() {Botan::Roughtime::Chain a("ed25519 bbT+RPS7zKX6w71ssPibzmwWqU9ffRV5oj2OresSmhE= eu9yhsJfVfguVSqGZdE8WKIxaBBM0ZG3Vmuc+IyZmG2YVmrIktUByDdwIFw6F4rZqmSFsBO85ljoVPz5bVPCOw== BQAAAEAAAABAAAAApAAAADwBAABTSUcAUEFUSFNSRVBDRVJUSU5EWBnGOEajOwPA6G7oL47seBP4C7eEpr57H43C2/fK/kMA0UGZVUdf4KNX8oxOK6JIcsbVk8qhghTwA70qtwpYmQkDAAAABAAAAAwAAABSQURJTUlEUFJPT1RAQg8AJrA8tEqPBQAqisiuAxgy2Pj7UJAiWbCdzGz1xcCnja3T+AqhC8fwpeIwW4GPy/vEb/awXW2DgSLKJfzWIAz+2lsR7t4UjNPvAgAAAEAAAABTSUcAREVMRes9Ch4X0HIw5KdOTB8xK4VDFSJBD/G9t7Et/CU7UW61OiTBXYYQTG2JekWZmGa0OHX1JPGG+APkpbsNw0BKUgYDAAAAIAAAACgAAABQVUJLTUlOVE1BWFR/9BWjpsWTQ1f6iUJea3EfZ1MkX3ftJiV3ABqNLpncFwAAAAAAAAAA//////////8AAAAA abc");});
+ result.test_throws("invalid key type", [&]() {Botan::Roughtime::Chain a("rsa bbT+RPS7zKX6w71ssPibzmwWqU9ffRV5oj2OresSmhE= eu9yhsJfVfguVSqGZdE8WKIxaBBM0ZG3Vmuc+IyZmG2YVmrIktUByDdwIFw6F4rZqmSFsBO85ljoVPz5bVPCOw== BQAAAEAAAABAAAAApAAAADwBAABTSUcAUEFUSFNSRVBDRVJUSU5EWBnGOEajOwPA6G7oL47seBP4C7eEpr57H43C2/fK/kMA0UGZVUdf4KNX8oxOK6JIcsbVk8qhghTwA70qtwpYmQkDAAAABAAAAAwAAABSQURJTUlEUFJPT1RAQg8AJrA8tEqPBQAqisiuAxgy2Pj7UJAiWbCdzGz1xcCnja3T+AqhC8fwpeIwW4GPy/vEb/awXW2DgSLKJfzWIAz+2lsR7t4UjNPvAgAAAEAAAABTSUcAREVMRes9Ch4X0HIw5KdOTB8xK4VDFSJBD/G9t7Et/CU7UW61OiTBXYYQTG2JekWZmGa0OHX1JPGG+APkpbsNw0BKUgYDAAAAIAAAACgAAABQVUJLTUlOVE1BWFR/9BWjpsWTQ1f6iUJea3EfZ1MkX3ftJiV3ABqNLpncFwAAAAAAAAAA//////////8AAAAA");});
+ result.test_throws("invalid key", [&]() {Botan::Roughtime::Chain a("ed25519 bbT+RPS7zKX6wssPibzmwWqU9ffRV5oj2OresSmhE= eu9yhsJfVfguVSqGZdE8WKIxaBBM0ZG3Vmuc+IyZmG2YVmrIktUByDdwIFw6F4rZqmSFsBO85ljoVPz5bVPCOw== BQAAAEAAAABAAAAApAAAADwBAABTSUcAUEFUSFNSRVBDRVJUSU5EWBnGOEajOwPA6G7oL47seBP4C7eEpr57H43C2/fK/kMA0UGZVUdf4KNX8oxOK6JIcsbVk8qhghTwA70qtwpYmQkDAAAABAAAAAwAAABSQURJTUlEUFJPT1RAQg8AJrA8tEqPBQAqisiuAxgy2Pj7UJAiWbCdzGz1xcCnja3T+AqhC8fwpeIwW4GPy/vEb/awXW2DgSLKJfzWIAz+2lsR7t4UjNPvAgAAAEAAAABTSUcAREVMRes9Ch4X0HIw5KdOTB8xK4VDFSJBD/G9t7Et/CU7UW61OiTBXYYQTG2JekWZmGa0OHX1JPGG+APkpbsNw0BKUgYDAAAAIAAAACgAAABQVUJLTUlOVE1BWFR/9BWjpsWTQ1f6iUJea3EfZ1MkX3ftJiV3ABqNLpncFwAAAAAAAAAA//////////8AAAAA");});
+ result.test_throws("invalid nonce", [&]() {Botan::Roughtime::Chain a("ed25519 bbT+RPS7zKX6w71ssPibzmwWqU9ffRV5oj2OresSmhE= eu9yhsJfVfguVSqGZdE8WKIxaBBM0ZG3Vmuc+IyZmG2UByDdwIFw6F4rZqmSFsBO85ljoVPz5bVPCOw== BQAAAEAAAABAAAAApAAAADwBAABTSUcAUEFUSFNSRVBDRVJUSU5EWBnGOEajOwPA6G7oL47seBP4C7eEpr57H43C2/fK/kMA0UGZVUdf4KNX8oxOK6JIcsbVk8qhghTwA70qtwpYmQkDAAAABAAAAAwAAABSQURJTUlEUFJPT1RAQg8AJrA8tEqPBQAqisiuAxgy2Pj7UJAiWbCdzGz1xcCnja3T+AqhC8fwpeIwW4GPy/vEb/awXW2DgSLKJfzWIAz+2lsR7t4UjNPvAgAAAEAAAABTSUcAREVMRes9Ch4X0HIw5KdOTB8xK4VDFSJBD/G9t7Et/CU7UW61OiTBXYYQTG2JekWZmGa0OHX1JPGG+APkpbsNw0BKUgYDAAAAIAAAACgAAABQVUJLTUlOVE1BWFR/9BWjpsWTQ1f6iUJea3EfZ1MkX3ftJiV3ABqNLpncFwAAAAAAAAAA//////////8AAAAA");});
+
+ return result;
+ }
+
+ Test::Result test_server_information()
+ {
+ Test::Result result("roughtime server_information");
+
+ const auto servers = Botan::Roughtime::servers_from_str(
+ "Chainpoint-Roughtime ed25519 bbT+RPS7zKX6w71ssPibzmwWqU9ffRV5oj2OresSmhE= udp roughtime.chainpoint.org:2002\n"
+ "Cloudflare-Roughtime ed25519 gD63hSj3ScS+wuOeGrubXlq35N1c5Lby/S+T7MNTjxo= udp roughtime.cloudflare.com:2002\n"
+ "Google-Sandbox-Roughtime ed25519 etPaaIxcBMY1oUeGpwvPMCJMwlRVNxv51KK/tktoJTQ= udp roughtime.sandbox.google.com:2002\n"
+ "int08h-Roughtime ed25519 AW5uAoTSTDfG5NfY1bTh08GUnOqlRb+HVhbJ3ODJvsE= udp roughtime.int08h.com:2002\n"
+ "ticktock ed25519 cj8GsiNlRkqiDElAeNMSBBMwrAl15hYPgX50+GWX/lA= udp ticktock.mixmin.net:5333\n"
+ );
+
+ result.confirm("size", servers.size() == 5);
+ result.test_eq("name", servers[0].name(), "Chainpoint-Roughtime");
+ result.test_eq("name", servers[4].name(), "ticktock");
+ result.confirm("public key", servers[0].public_key().get_public_key() == Botan::Ed25519_PublicKey(
+ Botan::base64_decode("bbT+RPS7zKX6w71ssPibzmwWqU9ffRV5oj2OresSmhE=")).get_public_key());
+ result.confirm("single address", servers[0].addresses().size()==1);
+ result.test_eq("address", servers[0].addresses()[0], "roughtime.chainpoint.org:2002");
+
+ result.test_throws("1 field", [&]() {Botan::Roughtime::servers_from_str("A");});
+ result.test_throws("2 fields", [&]() {Botan::Roughtime::servers_from_str("A ed25519");});
+ result.test_throws("3 fields", [&]() {Botan::Roughtime::servers_from_str("A ed25519 bbT+RPS7zKX6w71ssPibzmwWqU9ffRV5oj2OresSmhE=");});
+ result.test_throws("4 fields", [&]() {Botan::Roughtime::servers_from_str("A ed25519 bbT+RPS7zKX6w71ssPibzmwWqU9ffRV5oj2OresSmhE= udp");});
+ result.test_throws("invalid address", [&]() {Botan::Roughtime::servers_from_str("A ed25519 bbT+RPS7zKX6w71ssPibzmwWqU9ffRV5oj2OresSmhE= udp ");});
+ result.test_throws("invalid key type", [&]() {Botan::Roughtime::servers_from_str("A rsa bbT+RPS7zKX6w71ssPibzmwWqU9ffRV5oj2OresSmhE= udp roughtime.chainpoint.org:2002");});
+ result.test_throws("invalid key", [&]() {Botan::Roughtime::servers_from_str("A ed25519 bbT+RP7zKX6w71ssPibzmwWqU9ffRV5oj2OresSmhE= udp roughtime.chainpoint.org:2002");});
+ result.test_throws("invalid protocol", [&]() {Botan::Roughtime::servers_from_str("A ed25519 bbT+RPS7zKX6w71ssPibzmwWqU9ffRV5oj2OresSmhE= tcp roughtime.chainpoint.org:2002");});
+
+ return result;
+ }
+
+ Test::Result test_request_online()
+ {
+ Test::Result result("roughtime request online");
+
+ Botan::Roughtime::Nonce nonce(Test::rng());
+ try
+ {
+ const auto response_raw = Botan::Roughtime::online_request("roughtime.cloudflare.com:2002", nonce,
+ std::chrono::seconds(5));
+ const auto now = std::chrono::system_clock::now();
+ const auto response = Botan::Roughtime::Response::from_bits(response_raw, nonce);
+ std::chrono::milliseconds local_clock_max_error(1000);
+ const auto diff_abs = now >= response.utc_midpoint() ? now - response.utc_midpoint() : response.utc_midpoint() - now;
+ result.confirm("online", diff_abs <= (response.utc_radius() + local_clock_max_error));
+ }
+ catch(const std::exception& e)
+ {
+ result.test_failure(e.what());
+ }
+ return result;
+ }
+
+
+ public:
+ std::vector<Test::Result> run() override
+ {
+ std::vector<Test::Result> results;
+ results.push_back(test_nonce());
+ results.push_back(test_chain());
+ results.push_back(test_server_information());
+
+ if(Test::options().run_online_tests())
+ {
+ results.push_back(test_request_online());
+ }
+
+ return results;
+ }
+ };
+
+BOTAN_REGISTER_TEST("roughtime", Roughtime);
+
+#endif
+
+}
diff --git a/src/tests/test_uri.cpp b/src/tests/test_uri.cpp
new file mode 100644
index 000000000..c2dd7144e
--- /dev/null
+++ b/src/tests/test_uri.cpp
@@ -0,0 +1,120 @@
+/*
+* (C) 2019 Nuno Goncalves <[email protected]>
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#include "tests.h"
+
+#if defined(BOTAN_HAS_SOCKETS) && (defined(BOTAN_TARGET_OS_HAS_SOCKETS) || defined(BOTAN_TARGET_OS_HAS_WINSOCK2))
+
+#include <botan/internal/uri.h>
+
+namespace Botan_Tests {
+
+class URI_Tests final : public Test
+ {
+ void test_uri_ctor(std::vector<Test::Result>& results)
+ {
+ Test::Result result("uri constructors");
+ Botan::URI uri(Botan::URI::Type::Domain, "localhost", 80);
+ result.confirm("type", uri.type == Botan::URI::Type::Domain);
+ result.test_eq("host", uri.host, "localhost");
+ result.confirm("post", uri.port == 80);
+ results.push_back(result);
+ }
+
+ void test_uri_tostring(std::vector<Test::Result>& results)
+ {
+ Test::Result result("uri to_string");
+
+ result.test_eq("domain", Botan::URI(Botan::URI::Type::Domain, "localhost", 80).to_string(), "localhost:80");
+ result.test_eq("IPv4", Botan::URI(Botan::URI::Type::IPv4, "192.168.1.1", 80).to_string(), "192.168.1.1:80");
+ result.test_eq("IPv6", Botan::URI(Botan::URI::Type::IPv6, "::1", 80).to_string(), "[::1]:80");
+ result.test_eq("IPv6 no port", Botan::URI(Botan::URI::Type::IPv6, "::1", 0).to_string(), "::1");
+ result.test_throws("invalid", []() {Botan::URI(Botan::URI::Type::NotSet, "", 0).to_string();});
+
+ results.push_back(result);
+ }
+
+ void test_uri_factories(std::vector<Test::Result>& results)
+ {
+ Test::Result result("uri factories");
+
+ struct
+ {
+ std::string uri;
+ Botan::URI::Type type;
+ std::string host;
+ unsigned port;
+ } tests []
+ {
+ {"localhost::80", Botan::URI::Type::NotSet, {}, 0},
+ {"localhost:70000", Botan::URI::Type::NotSet, {}, 0},
+ {"[::1]:a", Botan::URI::Type::NotSet, {}, 0},
+ {"[::1]:70000", Botan::URI::Type::NotSet, {}, 0},
+ {"localhost:80", Botan::URI::Type::Domain, "localhost", 80},
+ {"www.example.com", Botan::URI::Type::Domain, "www.example.com", 0},
+ {"192.168.1.1", Botan::URI::Type::IPv4, "192.168.1.1", 0},
+ {"192.168.1.1:34567", Botan::URI::Type::IPv4, "192.168.1.1", 34567},
+ {"[::1]:61234", Botan::URI::Type::IPv6, "::1", 61234},
+ };
+
+ for(const auto t : tests)
+ {
+ auto test_URI = [&result](const Botan::URI& uri, const std::string& host, const unsigned port)
+ {
+ result.test_eq("host", uri.host, host);
+ result.confirm("port", uri.port==port);
+ };
+
+ if(t.type!=Botan::URI::Type::IPv4)
+ result.test_throws("invalid", [&t]() {Botan::URI::fromIPv4(t.uri);});
+ if(t.type!=Botan::URI::Type::IPv6)
+ result.test_throws("invalid", [&t]() {Botan::URI::fromIPv6(t.uri);});
+ if(t.type!=Botan::URI::Type::Domain)
+ result.test_throws("invalid", [&t]() {Botan::URI::fromDomain(t.uri);});
+ if(t.type==Botan::URI::Type::NotSet)
+ {
+ result.test_throws("invalid", [&t]() {Botan::URI::fromAny(t.uri);});
+ }
+ else
+ {
+ const auto any = Botan::URI::fromAny(t.uri);
+ result.confirm("type any", any.type == t.type);
+ test_URI(any, t.host, t.port);
+ if(t.type == Botan::URI::Type::Domain)
+ { test_URI(Botan::URI::fromDomain(t.uri), t.host, t.port); }
+ else if(t.type == Botan::URI::Type::IPv4)
+ { test_URI(Botan::URI::fromIPv4(t.uri), t.host, t.port); }
+ else if(t.type == Botan::URI::Type::IPv6)
+ { test_URI(Botan::URI::fromIPv6(t.uri), t.host, t.port); }
+ }
+ }
+
+ //since GCC 4.8 does not support regex this would possibly be acceped as valid domains,
+ //but we just want to test IPv6 parsing, so the test needs to be individual
+ result.test_throws("invalid IPv6", [](){ Botan::URI::fromIPv6("]"); });
+ result.test_throws("invalid IPv6", [](){ Botan::URI::fromIPv6("[::1]1"); });
+
+ results.push_back(result);
+ }
+
+ public:
+ std::vector<Test::Result> run() override
+ {
+ std::vector<Test::Result> results;
+
+ test_uri_ctor(results);
+ test_uri_tostring(results);
+ test_uri_factories(results);
+
+ return results;
+ }
+ };
+
+BOTAN_REGISTER_TEST("uri", URI_Tests);
+
+} // namespace Botan_Tests
+
+#endif
diff --git a/src/tests/tests.cpp b/src/tests/tests.cpp
index cbc1a3426..5a3379cee 100644
--- a/src/tests/tests.cpp
+++ b/src/tests/tests.cpp
@@ -749,6 +749,22 @@ uint32_t VarMap::get_req_u32(const std::string& key) const
return static_cast<uint32_t>(get_req_sz(key));
}
+uint64_t VarMap::get_req_u64(const std::string& key) const
+ {
+ auto i = m_vars.find(key);
+ if(i == m_vars.end())
+ {
+ throw Test_Error("Test missing variable " + key);
+ }
+ try
+ {
+ return std::stoull(i->second);
+ }
+ catch(std::exception&)
+ {
+ throw Test_Error("Invalid u64 value '" + i->second + "'");
+ }
+ }
size_t VarMap::get_opt_sz(const std::string& key, const size_t def_value) const
{
diff --git a/src/tests/tests.h b/src/tests/tests.h
index bff479605..632af9508 100644
--- a/src/tests/tests.h
+++ b/src/tests/tests.h
@@ -580,6 +580,7 @@ class VarMap
uint8_t get_req_u8(const std::string& key) const;
uint32_t get_req_u32(const std::string& key) const;
+ uint64_t get_req_u64(const std::string& key) const;
size_t get_opt_sz(const std::string& key, const size_t def_value) const;