aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/lib/ffi/ffi.cpp134
-rw-r--r--src/lib/ffi/ffi.h107
-rw-r--r--src/lib/ffi/info.txt3
-rwxr-xr-xsrc/python/botan.py84
4 files changed, 272 insertions, 56 deletions
diff --git a/src/lib/ffi/ffi.cpp b/src/lib/ffi/ffi.cpp
index 608bd291b..27dcc6015 100644
--- a/src/lib/ffi/ffi.cpp
+++ b/src/lib/ffi/ffi.cpp
@@ -20,6 +20,8 @@
#include <botan/hex.h>
#include <botan/mem_ops.h>
#include <botan/x509_key.h>
+#include <botan/tls_client.h>
+#include <botan/tls_server.h>
#include <cstring>
#include <memory>
@@ -39,6 +41,15 @@
#include <botan/curve25519.h>
#endif
+#if defined(BOTAN_HAS_MCELIECE)
+ #include <botan/mceliece.h>
+#endif
+
+#if defined(BOTAN_HAS_MCEIES)
+ #include <botan/mceies.h>
+#endif
+
+
#if defined(BOTAN_HAS_BCRYPT)
#include <botan/bcrypt.h>
#endif
@@ -72,6 +83,12 @@ void log_exception(const char* func_name, const char* what)
fprintf(stderr, "%s: %s\n", func_name, what);
}
+int ffi_error_exception_thrown(const char* exn)
+ {
+ printf("exception %s\n", exn);
+ return BOTAN_FFI_ERROR_EXCEPTION_THROWN;
+ }
+
template<typename T, uint32_t M>
T& safe_get(botan_struct<T,M>* p)
{
@@ -108,15 +125,19 @@ int apply_fn(botan_struct<T, M>* o, const char* func_name, F func)
inline int write_output(uint8_t out[], size_t* out_len, const uint8_t buf[], size_t buf_len)
{
- Botan::clear_mem(out, *out_len);
const size_t avail = *out_len;
*out_len = buf_len;
+
if(avail >= buf_len)
{
Botan::copy_mem(out, buf, buf_len);
return 0;
}
- return -1;
+ else
+ {
+ Botan::clear_mem(out, avail);
+ return BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE;
+ }
}
template<typename Alloc>
@@ -164,6 +185,7 @@ BOTAN_FFI_DECLARE_STRUCT(botan_pk_op_verify_struct, Botan::PK_Verifier, 0x2B91F9
BOTAN_FFI_DECLARE_STRUCT(botan_pk_op_ka_struct, Botan::PK_Key_Agreement, 0x2939CAB1);
BOTAN_FFI_DECLARE_STRUCT(botan_x509_cert_struct, Botan::X509_Certificate, 0x8F628937);
+BOTAN_FFI_DECLARE_STRUCT(botan_tls_channel_struct, Botan::TLS::Channel, 0x0212FE99);
/*
* Versioning
@@ -185,7 +207,7 @@ uint32_t botan_version_datestamp() { return Botan::version_datestamp(); }
int botan_same_mem(const uint8_t* x, const uint8_t* y, size_t len)
{
- return Botan::same_mem(x, y, len) ? 0 : 1;
+ return Botan::same_mem(x, y, len) ? 0 : -1;
}
int botan_hex_encode(const uint8_t* in, size_t len, char* out, uint32_t flags)
@@ -681,10 +703,12 @@ int botan_bcrypt_is_valid(const char* pass, const char* hash)
{
try
{
- #define BOTAN_
+#if defined(BOTAN_HAS_BCRYPT)
if(Botan::check_bcrypt(pass, hash))
return 0; // success
- return 1;
+#else
+ return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
+#endif
}
catch(std::exception& e)
{
@@ -714,6 +738,8 @@ int botan_privkey_create_rsa(botan_privkey_t* key_obj, botan_rng_t rng_obj, size
std::unique_ptr<Botan::Private_Key> key(new Botan::RSA_PrivateKey(rng, n_bits));
*key_obj = new botan_privkey_struct(key.release());
return 0;
+#else
+ return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}
catch(std::exception& e)
@@ -740,6 +766,8 @@ int botan_privkey_create_ecdsa(botan_privkey_t* key_obj, botan_rng_t rng_obj, co
std::unique_ptr<Botan::Private_Key> key(new Botan::ECDSA_PrivateKey(rng, grp));
*key_obj = new botan_privkey_struct(key.release());
return 0;
+#else
+ return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
#endif
}
catch(std::exception& e)
@@ -750,6 +778,31 @@ int botan_privkey_create_ecdsa(botan_privkey_t* key_obj, botan_rng_t rng_obj, co
return BOTAN_FFI_ERROR_EXCEPTION_THROWN;
}
+int botan_privkey_create_mceliece(botan_privkey_t* key_obj, botan_rng_t rng_obj, size_t n, size_t t)
+ {
+ try
+ {
+ if(key_obj == nullptr || rng_obj == nullptr || n == 0 || t == 0)
+ return -1;
+
+ *key_obj = nullptr;
+
+#if defined(BOTAN_HAS_MCELIECE)
+ Botan::RandomNumberGenerator& rng = safe_get(rng_obj);
+ std::unique_ptr<Botan::Private_Key> key(new Botan::McEliece_PrivateKey(rng, n, t));
+ *key_obj = new botan_privkey_struct(key.release());
+ return 0;
+#else
+ return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
+#endif
+ }
+ catch(std::exception& e)
+ {
+ log_exception(BOTAN_CURRENT_FUNCTION, e.what());
+ return BOTAN_FFI_ERROR_EXCEPTION_THROWN;
+ }
+ }
+
int botan_privkey_create_ecdh(botan_privkey_t* key_obj, botan_rng_t rng_obj, const char* param_str)
{
try
@@ -1250,8 +1303,7 @@ int botan_x509_cert_path_verify(botan_x509_cert_t cert, const char* dir)
int botan_x509_cert_get_public_key(botan_x509_cert_t cert, botan_pubkey_t* key)
{
- *key = nullptr;
- return -1;
+ return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
//return BOTAN_FFI_DO(Botan::X509_Certificate, cert, { return write_vec_output(out, out_len, cert.subject_public_key_bits()); });
}
@@ -1284,5 +1336,73 @@ int botan_x509_cert_allowed_usage(botan_x509_cert_t cert, unsigned int key_usage
});
}
+int botan_mceies_decrypt(botan_privkey_t mce_key_obj,
+ const char* aead,
+ const uint8_t ct[], size_t ct_len,
+ const uint8_t ad[], size_t ad_len,
+ uint8_t out[], size_t* out_len)
+ {
+ try
+ {
+ Botan::Private_Key& key = safe_get(mce_key_obj);
+
+#if defined(BOTAN_HAS_MCELIECE) && defined(BOTAN_HAS_MCEIES)
+ Botan::McEliece_PrivateKey* mce = dynamic_cast<Botan::McEliece_PrivateKey*>(&key);
+ if(!mce)
+ return -2;
+
+ const Botan::secure_vector<uint8_t> pt = mceies_decrypt(*mce, ct, ct_len, ad, ad_len, aead);
+ return write_vec_output(out, out_len, pt);
+#else
+ return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
+#endif
+ }
+ catch(std::exception& e)
+ {
+ return ffi_error_exception_thrown(e.what());
+ }
+ }
+
+int botan_mceies_encrypt(botan_pubkey_t mce_key_obj,
+ botan_rng_t rng_obj,
+ const char* aead,
+ const uint8_t pt[], size_t pt_len,
+ const uint8_t ad[], size_t ad_len,
+ uint8_t out[], size_t* out_len)
+ {
+ try
+ {
+ Botan::Public_Key& key = safe_get(mce_key_obj);
+ Botan::RandomNumberGenerator& rng = safe_get(rng_obj);
+
+#if defined(BOTAN_HAS_MCELIECE) && defined(BOTAN_HAS_MCEIES)
+ Botan::McEliece_PublicKey* mce = dynamic_cast<Botan::McEliece_PublicKey*>(&key);
+ if(!mce)
+ return -2;
+
+ Botan::secure_vector<uint8_t> ct = mceies_encrypt(*mce, pt, pt_len, ad, ad_len, rng, aead);
+ return write_vec_output(out, out_len, ct);
+#else
+ return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
+#endif
+ }
+ catch(std::exception& e)
+ {
+ return ffi_error_exception_thrown(e.what());
+ }
+ }
+
+/*
+int botan_tls_channel_init_client(botan_tls_channel_t* channel,
+ botan_tls_channel_output_fn output_fn,
+ botan_tls_channel_data_cb data_cb,
+ botan_tls_channel_alert_cb alert_cb,
+ botan_tls_channel_session_established session_cb,
+ const char* server_name)
+ {
+
+ }
+*/
+
}
diff --git a/src/lib/ffi/ffi.h b/src/lib/ffi/ffi.h
index 1402ec129..18a41938b 100644
--- a/src/lib/ffi/ffi.h
+++ b/src/lib/ffi/ffi.h
@@ -13,10 +13,14 @@ extern "C" {
#endif
/*
-This header exports some of botan's functionality via a C89 interface. The API
-is intended to be as easy as possible to call from other languages, which often
-have easy ways to call C, because C. But some C code is easier to deal with than
-others, so to make things easy this API follows a few simple rules:
+This header exports some of botan's functionality via a C89
+interface. This API is uesd by the Python and OCaml bindings via those
+languages respective ctypes libraries.
+
+The API is intended to be as easy as possible to call from other
+languages, which often have easy ways to call C, because C. But some C
+code is easier to deal with than others, so to make things easy this
+API follows a few simple rules:
- All interactions are via pointers to opaque structs. No need to worry about
structure padding issues and the like.
@@ -24,20 +28,25 @@ others, so to make things easy this API follows a few simple rules:
- All functions return an int error code (except the version calls, which are
assumed to always have something to say).
-- No ownership of memory transfers across the API boundary. The API will write
- to buffers provided by the caller, or return opaque pointers which may not be
- dereferenced.
+- Use simple types: size_t for lengths, const char* NULL terminated strings,
+ uint8_t for binary.
+
+- No ownership of memory transfers across the API boundary. The API will
+ consume data from const pointers, and will produce output by writing to
+ variables provided by the caller.
- If exporting a value (a string or a blob) the function takes a pointer to the
- output array and a read/write pointer to the length. If it is insufficient, an
- error is returned. So passing nullptr/0
+ output array and a read/write pointer to the length. If the length is insufficient, an
+ error is returned. So passing nullptr/0 allows querying the final value.
-This API is uesd by the Python and OCaml bindings via those languages respective
-ctypes libraries.
+ Note this does not apply to all functions, like `botan_hash_final`
+ which is not idempotent and are documented specially. But it's a
+ general theory of operation.
-The API is not currently documented, nor should it be considered stable. It is
-buggy as heck, most likely. However the goal is to provide a long term API
-usable for language bindings, or for use by systems written in C. Suggestions on
+The API is not currently documented, nor should it be considered
+stable. It is buggy as heck, most likely, and error handling is a
+mess. However the goal is to provide a long term API usable for
+language bindings, or for use by systems written in C. Suggestions on
how to provide the cleanest API for such users would be most welcome.
* TODO:
@@ -68,6 +77,7 @@ BOTAN_DLL uint32_t botan_version_datestamp();
*
* Some way of exporting these values to other languages would be useful
+
THIS FUNCTION ASSUMES BOTH ARGUMENTS ARE LITERAL STRINGS
so it retains only the pointers and does not make a copy.
@@ -77,14 +87,26 @@ int botan_make_error(const char* msg, const char* func, int line);
normally called like
return botan_make_error(BOTAN_ERROR_STRING_NOT_IMPLEMENTED, BOTAN_FUNCTION, __LINE__);
+// This would seem to require both saving the message permanently
+catch(std::exception& e) {
+return botan_make_error_from_transient_string(e.what(), BOTAN_FUNCTION, __LINE__);
+}
+
#define botan_make_error_inf(s) return botan_make_error(s, BOTAN_FUNCTION, __LINE__);
+Easier to return a const char* from each function directly? However,
+
+catch(std::exception& e) { return e.what(); }
+
+doesn't exactly work well either!
+
*
* Later call:
* const char* botan_get_error_str(int);
* To recover the msg, func, and line
*/
+#define BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE (-10)
#define BOTAN_FFI_ERROR_EXCEPTION_THROWN (-20)
#define BOTAN_FFI_ERROR_BAD_FLAG (-30)
#define BOTAN_FFI_ERROR_NULL_POINTER (-31)
@@ -93,7 +115,7 @@ int botan_make_error(const char* msg, const char* func, int line);
//const char* botan_error_description(int err);
/*
-* Utility
+* Returns 0 if x[0..len] == y[0..len], or otherwise -1
*/
BOTAN_DLL int botan_same_mem(const uint8_t* x, const uint8_t* y, size_t len);
@@ -271,7 +293,8 @@ BOTAN_DLL int botan_privkey_create_rsa(botan_privkey_t* key, botan_rng_t rng, si
//BOTAN_DLL int botan_privkey_create_dh(botan_privkey_t* key, botan_rng_t rng, size_t p_bits);
BOTAN_DLL int botan_privkey_create_ecdsa(botan_privkey_t* key, botan_rng_t rng, const char* params);
BOTAN_DLL int botan_privkey_create_ecdh(botan_privkey_t* key, botan_rng_t rng, const char* params);
-//BOTAN_DLL int botan_privkey_create_mceliece(botan_privkey_t* key, botan_rng_t rng, size_t n, size_t t);
+BOTAN_DLL int botan_privkey_create_mceliece(botan_privkey_t* key, botan_rng_t rng, size_t n, size_t t);
+
/*
* Input currently assumed to be PKCS #8 structure;
@@ -406,6 +429,26 @@ BOTAN_DLL int botan_pk_op_key_agreement(botan_pk_op_ka_t op,
const uint8_t salt[], size_t salt_len);
+/*
+*
+* @param mce_key must be a McEliece key
+* ct_len should be pt_len + n/8 + a few?
+*/
+BOTAN_DLL int botan_mceies_encrypt(botan_pubkey_t mce_key,
+ botan_rng_t rng,
+ const char* aead,
+ const uint8_t pt[], size_t pt_len,
+ const uint8_t ad[], size_t ad_len,
+ uint8_t ct[], size_t* ct_len);
+
+BOTAN_DLL int botan_mceies_decrypt(botan_privkey_t mce_key,
+ const char* aead,
+ const uint8_t ct[], size_t ct_len,
+ const uint8_t ad[], size_t ad_len,
+ uint8_t pt[], size_t* pt_len);
+
+
+
typedef struct botan_x509_cert_struct* botan_x509_cert_t;
BOTAN_DLL int botan_x509_cert_load(botan_x509_cert_t* cert_obj, const uint8_t cert[], size_t cert_len);
BOTAN_DLL int botan_x509_cert_load_file(botan_x509_cert_t* cert_obj, const char* filename);
@@ -439,7 +482,6 @@ BOTAN_DLL int botan_x509_cert_get_issuer_dn(botan_x509_cert_t cert,
const char* key, size_t index,
uint8_t out[], size_t* out_len);
-
BOTAN_DLL int botan_x509_cert_get_subject_dn(botan_x509_cert_t cert,
const char* key, size_t index,
uint8_t out[], size_t* out_len);
@@ -469,17 +511,29 @@ BOTAN_DLL int botan_x509_cert_allowed_usage(botan_x509_cert_t cert, unsigned int
typedef struct botan_tls_session_struct* botan_tls_session_t;
-BOTAN_DLL int botan_tls_session_get_version(botan_tls_session_t* session, uint16_t* tls_version);
-BOTAN_DLL int botan_tls_session_get_ciphersuite(botan_tls_session_t* session, uint16_t* ciphersuite);
-BOTAN_DLL int botan_tls_session
+BOTAN_DLL int botan_tls_session_decrypt(botan_tls_session_t* session,
+ const byte key[], size_t key_len,
+ const byte blob[], size_t blob_len);
+
+BOTAN_DLL int botan_tls_session_get_version(botan_tls_session_t session, uint16_t* tls_version);
+BOTAN_DLL int botan_tls_session_get_ciphersuite(botan_tls_session_t session, uint16_t* ciphersuite);
+BOTAN_DLL int botan_tls_session_encrypt(botan_tls_session_t session, botan_rng_t rng, byte key[], size_t* key_len);
+
+BOTAN_DLL int botan_tls_session_get_peer_certs(botan_tls_session_t session, botan_x509_cert_t certs[], size_t* cert_len);
+
// TODO: peer certs, validation, ...
typedef struct botan_tls_channel_struct* botan_tls_channel_t;
-typedef void (*botan_tls_channel_output_fn)(void*, const uint8_t*, size_t);
-typedef void (*botan_tls_channel_data_cb)(void*, const uint8_t*, size_t);
-typedef void (*botan_tls_channel_alert_cb)(void*, uint16_t, const char*);
-typedef void (*botan_tls_channel_session_established)(void*, botan_tls_session_t);
+typedef void (*botan_tls_channel_output_fn)(void* application_data, const uint8_t* data, size_t data_len);
+
+typedef void (*botan_tls_channel_data_cb)(void* application_data, const uint8_t* data, size_t data_len);
+
+typedef void (*botan_tls_channel_alert_cb)(void* application_data, uint16_t alert_code);
+
+typedef void (*botan_tls_channel_session_established)(void* application_data,
+ botan_tls_channel_t channel,
+ botan_tls_session_t session);
BOTAN_DLL int botan_tls_channel_init_client(botan_tls_channel_t* channel,
botan_tls_channel_output_fn output_fn,
@@ -497,6 +551,11 @@ BOTAN_DLL int botan_tls_channel_init_server(botan_tls_channel_t* channel,
BOTAN_DLL int botan_tls_channel_received_data(botan_tls_channel_t chan,
const uint8_t input[], size_t len);
+/**
+* Returns 0 for client, 1 for server, negative for error
+*/
+BOTAN_DLL int botan_tls_channel_type(botan_tls_channel_t chan);
+
BOTAN_DLL int botan_tls_channel_send(botan_tls_channel_t chan,
const uint8_t input[], size_t len);
diff --git a/src/lib/ffi/info.txt b/src/lib/ffi/info.txt
index 52885e8e1..8d6c5237e 100644
--- a/src/lib/ffi/info.txt
+++ b/src/lib/ffi/info.txt
@@ -1,4 +1,4 @@
-define FFI 20150210
+define FFI 20151001
<requires>
aead
@@ -7,6 +7,7 @@ kdf
pbkdf
pubkey
x509
+#tls
auto_rng
system_rng
</requires>
diff --git a/src/python/botan.py b/src/python/botan.py
index 054130b80..04e574746 100755
--- a/src/python/botan.py
+++ b/src/python/botan.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python2
"""
Python wrapper of the botan crypto library
@@ -44,7 +44,7 @@ def _call_fn_returning_string(guess, fn):
raise Exception("Call failed: %d" % (rc))
assert buf_len.value <= len(buf)
- return buf.raw[0:buf_len.value]
+ return str(buf.raw[0:buf_len.value])
def _call_fn_returning_vec(guess, fn):
@@ -357,6 +357,16 @@ class public_key(object):
botan.botan_pubkey_algo_name.argtypes = [c_void_p, POINTER(c_char), POINTER(c_size_t)]
return _call_fn_returning_string(32, lambda b,bl: botan.botan_pubkey_algo_name(self.pubkey, b, bl))
+ def encoding(self, pem = False):
+ botan.botan_pubkey_export.argtypes = [c_void_p, POINTER(c_char), POINTER(c_size_t), c_uint32]
+
+ flag = 1 if pem else 0
+
+ if pem:
+ return _call_fn_returning_string(0, lambda b,bl: botan.botan_pubkey_export(self.pubkey, b, bl, 1))
+ else:
+ return _call_fn_returning_string(0, lambda b,bl: botan.botan_pubkey_export(self.pubkey, b, bl, 0))
+
def fingerprint(self, hash = 'SHA-256'):
botan.botan_pubkey_fingerprint.argtypes = [c_void_p, c_char_p,
POINTER(c_char), POINTER(c_size_t)]
@@ -375,6 +385,7 @@ class private_key(object):
botan.botan_privkey_create_rsa.argtypes = [c_void_p, c_void_p, c_size_t]
botan.botan_privkey_create_ecdsa.argtypes = [c_void_p, c_void_p, c_char_p]
botan.botan_privkey_create_ecdh.argtypes = [c_void_p, c_void_p, c_char_p]
+ botan.botan_privkey_create_mceliece.argtypes = [c_void_p, c_void_p, c_size_t, c_size_t]
self.privkey = c_void_p(0)
if alg == 'rsa':
@@ -383,6 +394,8 @@ class private_key(object):
botan.botan_privkey_create_ecdsa(byref(self.privkey), rng.rng, param)
elif alg == 'ecdh':
botan.botan_privkey_create_ecdh(byref(self.privkey), rng.rng, param)
+ elif alg in ['mce', 'mceliece']:
+ botan.botan_privkey_create_mceliece(byref(self.privkey), rng.rng, param[0], param[1])
else:
raise Exception('Unknown public key algo ' + alg)
@@ -524,6 +537,24 @@ class pk_op_verify(object):
return True
return False
+"""
+MCEIES encryption
+Must be used with McEliece keys
+"""
+def mceies_encrypt(mce, rng, aead, pt, ad):
+ botan.botan_mceies_encrypt.argtypes = [c_void_p, c_void_p, c_char_p, POINTER(c_char), c_size_t,
+ POINTER(c_char), c_size_t, POINTER(c_char), POINTER(c_size_t)]
+
+ return _call_fn_returning_string(0, lambda b,bl:
+ botan.botan_mceies_encrypt(mce.pubkey, rng.rng, aead, pt, len(pt), ad, len(ad), b, bl))
+
+def mceies_decrypt(mce, aead, pt, ad):
+ botan.botan_mceies_decrypt.argtypes = [c_void_p, c_char_p, POINTER(c_char), c_size_t,
+ POINTER(c_char), c_size_t, POINTER(c_char), POINTER(c_size_t)]
+
+ return _call_fn_returning_string(0, lambda b,bl:
+ botan.botan_mceies_decrypt(mce.privkey, aead, pt, len(pt), ad, len(ad), b, bl))
+
class pk_op_key_agreement(object):
def __init__(self, key, kdf):
botan.botan_pk_op_key_agreement_create.argtypes = [c_void_p, c_void_p, c_char_p, c_uint32]
@@ -534,10 +565,7 @@ class pk_op_key_agreement(object):
if not self.op:
raise Exception("No key agreement for you")
- pub = create_string_buffer(4096)
- pub_len = c_size_t(len(pub))
- botan.botan_pk_op_key_agreement_export_public(key.privkey, pub, byref(pub_len))
- self.m_public_value = pub.raw[0:pub_len.value]
+ self.m_public_value = _call_fn_returning_string(0, lambda b, bl: botan.botan_pk_op_key_agreement_export_public(key.privkey, b, bl))
def __del__(self):
botan.botan_pk_op_key_agreement_destroy.argtypes = [c_void_p]
@@ -550,16 +578,10 @@ class pk_op_key_agreement(object):
botan.botan_pk_op_key_agreement.argtypes = [c_void_p, POINTER(c_char), POINTER(c_size_t),
POINTER(c_char), c_size_t, POINTER(c_char), c_size_t]
- outbuf_sz = c_size_t(key_len)
- outbuf = create_string_buffer(outbuf_sz.value)
- rc = botan.botan_pk_op_key_agreement(self.op, outbuf, byref(outbuf_sz),
- other, len(other), salt, len(salt))
-
- if rc == -1 and outbuf_sz.value > len(outbuf):
- outbuf = create_string_buffer(outbuf_sz.value)
- botan.botan_pk_op_key_agreement(self.op, outbuf, byref(outbuf_sz),
- other, len(other), salt, len(salt))
- return outbuf.raw[0:outbuf_sz.value]
+ return _call_fn_returning_string(key_len,
+ lambda b,bl: botan.botan_pk_op_key_agreement(self.op, b, bl,
+ other, len(other),
+ salt, len(salt)))
class x509_cert(object):
def __init__(self, filename):
@@ -640,12 +662,8 @@ def test():
(salt,iterations,psk) = pbkdf_timed('PBKDF2(SHA-256)'.encode('ascii'),
'xyz'.encode('utf-8'), 32, 200)
- if sys.version_info[0] < 3:
- print("PBKDF2(SHA-256) x=timed, y=iterated; salt = %s (len=%d) #iterations = %d\n" %
- (hexlify(salt), len(salt), iterations) )
- else:
- print("PBKDF2(SHA-256) x=timed, y=iterated; salt = %s (len=%d) #iterations = %d\n" %
- (hexlify(salt).decode('ascii'), len(salt), iterations) )
+ print("PBKDF2(SHA-256) x=timed, y=iterated; salt = %s (len=%d) #iterations = %d\n" %
+ (hexlify(salt).decode('ascii'), len(salt), iterations))
print('x %s' % hexlify(psk).decode('utf-8'))
print('y %s\n' %
@@ -718,13 +736,31 @@ def test():
print("OCB pt %s %d" % (hexlify(pt).decode('utf-8'), len(pt)))
print("OCB de %s %d\n" % (hexlify(dec).decode('utf-8'), len(dec)))
+
+ mce_priv = private_key('mce', [2960,57], r)
+ mce_pub = mce_priv.get_public_key()
+
+ mce_plaintext = 'mce plaintext'
+ mce_ad = 'mce AD'
+ mce_ciphertext = mceies_encrypt(mce_pub, r, 'ChaCha20Poly1305', mce_plaintext, mce_ad)
+
+ print "mce", len(mce_plaintext), len(mce_ciphertext)
+
+ mce_decrypt = mceies_decrypt(mce_priv, 'ChaCha20Poly1305', mce_ciphertext, mce_ad)
+
+ print("mce_pub %s/SHA-1 fingerprint: %s (estimated strength %s) (len %d)" %
+ (mce_pub.algo_name().decode('utf-8'), mce_pub.fingerprint("SHA-1").decode('utf-8'),
+ mce_pub.estimated_strength(), len(mce_pub.encoding())
+ )
+ )
+
rsapriv = private_key('rsa', 1536, r)
rsapub = rsapriv.get_public_key()
- print("rsapub %s/SHA-1 fingerprint: %s (estimated strength %s)" %
+ print("rsapub %s SHA-1 fingerprint: %s estimated strength %d len %d" %
(rsapub.algo_name().decode('utf-8'), rsapub.fingerprint("SHA-1").decode('utf-8'),
- rsapub.estimated_strength()
+ rsapub.estimated_strength(), len(rsapub.encoding())
)
)