aboutsummaryrefslogtreecommitdiffstats
path: root/checks/validate.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'checks/validate.cpp')
-rw-r--r--checks/validate.cpp138
1 files changed, 138 insertions, 0 deletions
diff --git a/checks/validate.cpp b/checks/validate.cpp
index dd23eadc3..9acf73419 100644
--- a/checks/validate.cpp
+++ b/checks/validate.cpp
@@ -23,10 +23,18 @@
#include <botan/passhash9.h>
#endif
+#if defined(BOTAN_HAS_BCRYPT)
+ #include <botan/bcrypt.h>
+#endif
+
#if defined(BOTAN_HAS_CRYPTO_BOX)
#include <botan/cryptobox.h>
#endif
+#if defined(BOTAN_HAS_RFC3394_KEYWRAP)
+ #include <botan/rfc3394.h>
+#endif
+
using namespace Botan;
#include "validate.h"
@@ -94,6 +102,124 @@ bool test_cryptobox(RandomNumberGenerator& rng)
return true;
}
+bool keywrap_test(const char* key_str,
+ const char* expected_str,
+ const char* kek_str)
+ {
+ std::cout << '.' << std::flush;
+
+ bool ok = true;
+
+ try
+ {
+ SymmetricKey key(key_str);
+ SymmetricKey expected(expected_str);
+ SymmetricKey kek(kek_str);
+
+ Algorithm_Factory& af = global_state().algorithm_factory();
+
+ SecureVector<byte> enc = rfc3394_keywrap(key.bits_of(), kek, af);
+
+ if(enc != expected.bits_of())
+ {
+ std::cout << "NIST key wrap encryption failure: "
+ << hex_encode(enc) << " != " << hex_encode(expected.bits_of()) << "\n";
+ ok = false;
+ }
+
+ SecureVector<byte> dec = rfc3394_keyunwrap(expected.bits_of(), kek, af);
+
+ if(dec != key.bits_of())
+ {
+ std::cout << "NIST key wrap decryption failure: "
+ << hex_encode(dec) << " != " << hex_encode(key.bits_of()) << "\n";
+ ok = false;
+ }
+ }
+ catch(std::exception& e)
+ {
+ std::cout << e.what() << "\n";
+ }
+
+ return ok;
+ }
+
+bool test_keywrap()
+ {
+ std::cout << "Testing NIST keywrap: " << std::flush;
+
+ bool ok = true;
+
+ ok &= keywrap_test("00112233445566778899AABBCCDDEEFF",
+ "1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5",
+ "000102030405060708090A0B0C0D0E0F");
+
+ ok &= keywrap_test("00112233445566778899AABBCCDDEEFF",
+ "96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D",
+ "000102030405060708090A0B0C0D0E0F1011121314151617");
+
+ ok &= keywrap_test("00112233445566778899AABBCCDDEEFF",
+ "64E8C3F9CE0F5BA263E9777905818A2A93C8191E7D6E8AE7",
+ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F");
+
+ ok &= keywrap_test("00112233445566778899AABBCCDDEEFF0001020304050607",
+ "031D33264E15D33268F24EC260743EDCE1C6C7DDEE725A936BA814915C6762D2",
+ "000102030405060708090A0B0C0D0E0F1011121314151617");
+
+ ok &= keywrap_test("00112233445566778899AABBCCDDEEFF0001020304050607",
+ "A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1",
+ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F");
+
+ ok &= keywrap_test("00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F",
+ "28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21",
+ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F");
+
+ std::cout << "\n";
+ return ok;
+ }
+
+bool test_bcrypt(RandomNumberGenerator& rng)
+ {
+#if defined(BOTAN_HAS_BCRYPT)
+ std::cout << "Testing Bcrypt: " << std::flush;
+
+ const std::string input = "abc";
+
+ // Generated by jBCrypt 0.3
+ const std::string fixed_hash =
+ "$2a$05$DfPyLs.G6.To9fXEFgUL1O6HpYw3jIXgPcl/L3Qt3jESuWmhxtmpS";
+
+ std::cout << "." << std::flush;
+
+ bool ok = true;
+
+ if(!check_bcrypt(input, fixed_hash))
+ {
+ std::cout << "Fixed bcrypt test failed\n";
+ ok = false;
+ }
+
+ std::cout << "." << std::flush;
+
+ for(u16bit level = 1; level != 5; ++level)
+ {
+ std::string gen_hash = generate_bcrypt(input, rng, level);
+
+ if(!check_bcrypt(input, gen_hash))
+ {
+ std::cout << "Gen and check for bcrypt failed: "
+ << gen_hash << " not valid\n";
+ ok = false;
+ }
+
+ std::cout << "." << std::flush;
+ }
+
+ std::cout << std::endl;
+ return ok;
+#endif
+ }
+
bool test_passhash(RandomNumberGenerator& rng)
{
#if defined(BOTAN_HAS_PASSHASH9)
@@ -265,6 +391,18 @@ u32bit do_validation_tests(const std::string& filename,
errors++;
}
+ if(should_pass && !test_bcrypt(rng))
+ {
+ std::cout << "BCrypt tests failed" << std::endl;
+ errors++;
+ }
+
+ if(should_pass && !test_keywrap())
+ {
+ std::cout << "NIST keywrap tests failed" << std::endl;
+ errors++;
+ }
+
if(should_pass && !test_cryptobox(rng))
{
std::cout << "Cryptobox tests failed" << std::endl;