aboutsummaryrefslogtreecommitdiffstats
path: root/src/scripts
diff options
context:
space:
mode:
Diffstat (limited to 'src/scripts')
-rwxr-xr-xsrc/scripts/examples/cipher.py44
-rwxr-xr-xsrc/scripts/examples/cryptobox.py36
-rwxr-xr-xsrc/scripts/examples/nisttest.py61
-rw-r--r--src/scripts/examples/results.vec60
-rwxr-xr-xsrc/scripts/examples/rng_test.py22
-rwxr-xr-xsrc/scripts/examples/rsa.py47
6 files changed, 270 insertions, 0 deletions
diff --git a/src/scripts/examples/cipher.py b/src/scripts/examples/cipher.py
new file mode 100755
index 000000000..1be2759ae
--- /dev/null
+++ b/src/scripts/examples/cipher.py
@@ -0,0 +1,44 @@
+#!/usr/bin/python
+
+import botan
+import sys
+
+def encrypt(input, passphrase):
+ rng = botan.RandomNumberGenerator()
+
+ # Use as both EAX IV and PBKDF2 salt
+ salt = rng.gen_random(10)
+
+ iterations = 10000
+ output_size = 16
+
+ key = botan.pbkdf2(passphrase, salt, iterations, output_size, "SHA-1")
+
+ encryptor = botan.Cipher("AES-128/EAX", "encrypt", key)
+
+ ciphertext = encryptor.cipher(input, salt)
+ return (ciphertext, salt)
+
+def decrypt(input, salt, passphrase):
+ iterations = 10000
+ output_size = 16
+
+ key = botan.pbkdf2(passphrase, salt, iterations, output_size, "SHA-1")
+
+ decryptor = botan.Cipher("AES-128/EAX", "decrypt", key)
+
+ return decryptor.cipher(input, salt)
+
+def main(args = None):
+ if args is None:
+ args = sys.argv
+
+ passphrase = args[1]
+ input = ''.join(open(args[2]).readlines())
+
+ (ciphertext, salt) = encrypt(input, passphrase)
+
+ print decrypt(ciphertext, salt, passphrase)
+
+if __name__ == '__main__':
+ sys.exit(main())
diff --git a/src/scripts/examples/cryptobox.py b/src/scripts/examples/cryptobox.py
new file mode 100755
index 000000000..f76ed6bc3
--- /dev/null
+++ b/src/scripts/examples/cryptobox.py
@@ -0,0 +1,36 @@
+#!/usr/bin/python
+
+import sys
+import botan
+
+def main(args = None):
+ if args is None:
+ args = sys.argv
+
+ if len(args) != 3:
+ raise Exception("Usage: <password> <input>");
+
+ password = args[1]
+ input = ''.join(open(args[2]).readlines())
+
+ rng = botan.RandomNumberGenerator()
+
+ ciphertext = botan.cryptobox_encrypt(input, password, rng)
+
+ print ciphertext
+
+ plaintext = ''
+
+ try:
+ plaintext = botan.cryptobox_decrypt(ciphertext, password + 'FAIL')
+ except Exception, e:
+ print "Good news: bad password caused exception: "
+ print e
+
+ plaintext = botan.cryptobox_decrypt(ciphertext, password)
+
+ print "Original input was: "
+ print plaintext
+
+if __name__ == '__main__':
+ sys.exit(main())
diff --git a/src/scripts/examples/nisttest.py b/src/scripts/examples/nisttest.py
new file mode 100755
index 000000000..1260b1226
--- /dev/null
+++ b/src/scripts/examples/nisttest.py
@@ -0,0 +1,61 @@
+#!/usr/bin/python
+
+import sys, os, botan
+from os.path import join;
+
+def validate(ca_certs, certs, crls, ee_certs):
+ store = botan.X509_Store()
+ for cert in certs:
+ if cert not in ee_certs:
+ store.add_cert(botan.X509_Certificate(cert), cert in ca_certs)
+
+ for crl in crls:
+ r = store.add_crl(botan.X509_CRL(crl))
+ if r != botan.verify_result.verified:
+ return r
+
+ for ee in ee_certs:
+ r = store.validate(botan.X509_Certificate(ee))
+ if r != botan.verify_result.verified:
+ return r
+
+ return botan.verify_result.verified
+
+def run_test(files, rootdir, testname, expected):
+ crls = [join(rootdir,x) for x in files if x.endswith(".crl")]
+ certs = [join(rootdir,x) for x in files if x.endswith(".crt")]
+ end_entity = [x for x in certs if x.find("end.crt") != -1]
+ ca_certs = [x for x in certs if x.find("root.crt") != -1]
+
+ print "%s..." % testname,
+
+ result = validate(ca_certs, certs, crls, end_entity)
+ result = repr(result).replace('botan._botan.verify_result.', '')
+
+ if result != expected:
+ print "FAILED: got %s, expected %s" % (result, expected)
+ else:
+ print "passed"
+
+def main():
+ def load_results(file):
+ results = {}
+ for line in open(file, 'r'):
+ line = line[0:line.find('#')].strip()
+ if line:
+ test,result = line.split(' ')
+ results[test] = result
+ return results
+
+ results = load_results('results.vec')
+
+ for root, dirs, files in os.walk('../../checks/nist_tests/tests'):
+ if files:
+ thistest = root[root.rfind('/')+1:]
+ if thistest in results:
+ run_test(files, root, thistest, results[thistest])
+ else:
+ print "%s... skipping - no expected result set" % thistest
+
+if __name__ == "__main__":
+ sys.exit(main())
diff --git a/src/scripts/examples/results.vec b/src/scripts/examples/results.vec
new file mode 100644
index 000000000..7a3824001
--- /dev/null
+++ b/src/scripts/examples/results.vec
@@ -0,0 +1,60 @@
+# This is the file of expected results for nisttest.py
+test01 verified
+test02 signature_error
+test03 signature_error
+test04 verified
+test05 cert_not_yet_valid
+test06 cert_not_yet_valid
+test07 verified
+test08 cert_not_yet_valid
+test09 cert_has_expired
+test10 cert_has_expired
+test11 cert_has_expired
+test12 verified
+test13 cert_issuer_not_found
+test14 cert_issuer_not_found
+test15 verified
+test16 verified
+test17 verified
+test18 verified
+# changed; should be no_revocation_data_available, but I don't want to
+# force people to use CRLs
+test19 verified
+test20 cert_is_revoked
+test21 cert_is_revoked
+test22 ca_cert_not_for_cert_issuer
+test23 ca_cert_not_for_cert_issuer
+test24 verified
+test25 ca_cert_not_for_cert_issuer
+test26 verified
+test27 verified
+test28 ca_cert_not_for_cert_issuer
+test29 ca_cert_not_for_cert_issuer
+test30 verified
+test31 ca_cert_not_for_crl_issuer
+test32 ca_cert_not_for_crl_issuer
+test33 verified
+test54 cert_chain_too_long
+test55 cert_chain_too_long
+test56 verified
+test57 verified
+test58 cert_chain_too_long
+test59 cert_chain_too_long
+test60 cert_chain_too_long
+test61 cert_chain_too_long
+test62 verified
+test63 verified
+test64 signature_error
+# changed; I have no idea why this test is supposed to fail
+test65 verified
+test66 crl_issuer_not_found
+# changed; one of the CRLs has an unknown creator, so we fail
+# prior to getting to the end-entity check
+test67 crl_issuer_not_found
+test68 cert_is_revoked
+test69 cert_is_revoked
+test70 cert_is_revoked
+test71 cert_is_revoked
+test72 crl_has_expired
+test73 crl_has_expired
+test74 verified
diff --git a/src/scripts/examples/rng_test.py b/src/scripts/examples/rng_test.py
new file mode 100755
index 000000000..06c79b84e
--- /dev/null
+++ b/src/scripts/examples/rng_test.py
@@ -0,0 +1,22 @@
+#!/usr/bin/python
+
+import botan
+
+rng = botan.RandomNumberGenerator()
+
+print "name", rng.name()
+
+rng.add_entropy("blah")
+
+print "random 16", rng.gen_random(16).encode("hex")
+print "random 32", rng.gen_random(32).encode("base64"),
+
+rng.reseed()
+
+for i in range(0, 10):
+ print rng.gen_random_byte(),
+print
+
+rng.add_entropy("blah")
+
+print "random 16", rng.gen_random(16).encode("hex")
diff --git a/src/scripts/examples/rsa.py b/src/scripts/examples/rsa.py
new file mode 100755
index 000000000..998b72b7b
--- /dev/null
+++ b/src/scripts/examples/rsa.py
@@ -0,0 +1,47 @@
+#!/usr/bin/python
+
+import botan
+
+def make_into_c_array(ber):
+ output = 'static unsigned char key_data[%d] = {\n\t' % (len(ber))
+
+ for (idx,c) in zip(range(len(ber)), ber):
+ if idx != 0 and idx % 8 == 0:
+ output += "\n\t"
+ output += "0x%s, " % (c.encode('hex'))
+
+ output += "\n};\n"
+
+ return output
+
+rng = botan.RandomNumberGenerator()
+
+rsa_priv = botan.RSA_PrivateKey(1024, rng)
+
+print rsa_priv.to_string()
+print int(rsa_priv.get_N())
+print int(rsa_priv.get_E())
+
+rsa_pub = botan.RSA_PublicKey(rsa_priv)
+
+print make_into_c_array(rsa_pub.to_ber())
+#print make_into_c_array(rsa_priv.to_ber())
+
+key = rng.gen_random(20)
+
+ciphertext = rsa_pub.encrypt(key, 'EME1(SHA-1)', rng)
+
+print ciphertext.encode('hex')
+
+plaintext = rsa_priv.decrypt(ciphertext, 'EME1(SHA-1)')
+
+print plaintext == key
+
+signature = rsa_priv.sign(key, 'EMSA4(SHA-256)', rng)
+
+print rsa_pub.verify(key, signature, 'EMSA4(SHA-256)')
+
+# Corrupt the signature, make sure it doesn't verify
+signature = signature.replace(signature[0], '0')
+
+print rsa_pub.verify(key, signature, 'EMSA4(SHA-256)')