diff options
Diffstat (limited to 'checks/validate.cpp')
-rw-r--r-- | checks/validate.cpp | 138 |
1 files changed, 138 insertions, 0 deletions
diff --git a/checks/validate.cpp b/checks/validate.cpp index dd23eadc3..9acf73419 100644 --- a/checks/validate.cpp +++ b/checks/validate.cpp @@ -23,10 +23,18 @@ #include <botan/passhash9.h> #endif +#if defined(BOTAN_HAS_BCRYPT) + #include <botan/bcrypt.h> +#endif + #if defined(BOTAN_HAS_CRYPTO_BOX) #include <botan/cryptobox.h> #endif +#if defined(BOTAN_HAS_RFC3394_KEYWRAP) + #include <botan/rfc3394.h> +#endif + using namespace Botan; #include "validate.h" @@ -94,6 +102,124 @@ bool test_cryptobox(RandomNumberGenerator& rng) return true; } +bool keywrap_test(const char* key_str, + const char* expected_str, + const char* kek_str) + { + std::cout << '.' << std::flush; + + bool ok = true; + + try + { + SymmetricKey key(key_str); + SymmetricKey expected(expected_str); + SymmetricKey kek(kek_str); + + Algorithm_Factory& af = global_state().algorithm_factory(); + + SecureVector<byte> enc = rfc3394_keywrap(key.bits_of(), kek, af); + + if(enc != expected.bits_of()) + { + std::cout << "NIST key wrap encryption failure: " + << hex_encode(enc) << " != " << hex_encode(expected.bits_of()) << "\n"; + ok = false; + } + + SecureVector<byte> dec = rfc3394_keyunwrap(expected.bits_of(), kek, af); + + if(dec != key.bits_of()) + { + std::cout << "NIST key wrap decryption failure: " + << hex_encode(dec) << " != " << hex_encode(key.bits_of()) << "\n"; + ok = false; + } + } + catch(std::exception& e) + { + std::cout << e.what() << "\n"; + } + + return ok; + } + +bool test_keywrap() + { + std::cout << "Testing NIST keywrap: " << std::flush; + + bool ok = true; + + ok &= keywrap_test("00112233445566778899AABBCCDDEEFF", + "1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5", + "000102030405060708090A0B0C0D0E0F"); + + ok &= keywrap_test("00112233445566778899AABBCCDDEEFF", + "96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D", + "000102030405060708090A0B0C0D0E0F1011121314151617"); + + ok &= keywrap_test("00112233445566778899AABBCCDDEEFF", + "64E8C3F9CE0F5BA263E9777905818A2A93C8191E7D6E8AE7", + "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"); + + ok &= keywrap_test("00112233445566778899AABBCCDDEEFF0001020304050607", + "031D33264E15D33268F24EC260743EDCE1C6C7DDEE725A936BA814915C6762D2", + "000102030405060708090A0B0C0D0E0F1011121314151617"); + + ok &= keywrap_test("00112233445566778899AABBCCDDEEFF0001020304050607", + "A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1", + "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"); + + ok &= keywrap_test("00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F", + "28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21", + "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"); + + std::cout << "\n"; + return ok; + } + +bool test_bcrypt(RandomNumberGenerator& rng) + { +#if defined(BOTAN_HAS_BCRYPT) + std::cout << "Testing Bcrypt: " << std::flush; + + const std::string input = "abc"; + + // Generated by jBCrypt 0.3 + const std::string fixed_hash = + "$2a$05$DfPyLs.G6.To9fXEFgUL1O6HpYw3jIXgPcl/L3Qt3jESuWmhxtmpS"; + + std::cout << "." << std::flush; + + bool ok = true; + + if(!check_bcrypt(input, fixed_hash)) + { + std::cout << "Fixed bcrypt test failed\n"; + ok = false; + } + + std::cout << "." << std::flush; + + for(u16bit level = 1; level != 5; ++level) + { + std::string gen_hash = generate_bcrypt(input, rng, level); + + if(!check_bcrypt(input, gen_hash)) + { + std::cout << "Gen and check for bcrypt failed: " + << gen_hash << " not valid\n"; + ok = false; + } + + std::cout << "." << std::flush; + } + + std::cout << std::endl; + return ok; +#endif + } + bool test_passhash(RandomNumberGenerator& rng) { #if defined(BOTAN_HAS_PASSHASH9) @@ -265,6 +391,18 @@ u32bit do_validation_tests(const std::string& filename, errors++; } + if(should_pass && !test_bcrypt(rng)) + { + std::cout << "BCrypt tests failed" << std::endl; + errors++; + } + + if(should_pass && !test_keywrap()) + { + std::cout << "NIST keywrap tests failed" << std::endl; + errors++; + } + if(should_pass && !test_cryptobox(rng)) { std::cout << "Cryptobox tests failed" << std::endl; |