diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/build-data/policy/bsi.txt | 156 | ||||
-rw-r--r-- | src/build-data/policy/sane.txt | 120 | ||||
-rw-r--r-- | src/lib/mac/mac.h | 2 | ||||
-rw-r--r-- | src/lib/pubkey/dlies/dlies.cpp | 2 | ||||
-rw-r--r-- | src/tests/test_dlies.cpp | 21 | ||||
-rw-r--r-- | src/tests/test_fuzzer.cpp | 6 |
6 files changed, 298 insertions, 9 deletions
diff --git a/src/build-data/policy/bsi.txt b/src/build-data/policy/bsi.txt new file mode 100644 index 000000000..9ab68a921 --- /dev/null +++ b/src/build-data/policy/bsi.txt @@ -0,0 +1,156 @@ +<required> +# block +aes + +# modes +gcm +cbc +mode_pad + +# stream +ctr + +# hash +sha2_32 +sha2_64 +keccak + +# mac +cmac +hmac + +# pk_pad +eme_oaep +emsa_pssr + +# pubkey +dlies +dh +rsa +dsa +ecdsa +ecdh + +# rng +auto_rng +hmac_rng +hmac_drbg +</required> + +<if_available> +# block +aes_ni +aes_ssse3 + +# modes +clmul + +# entropy sources +beos_stats +darwin_secrandom +egd +proc_walk +unix_procs +rdrand +rdseed +hres_timer +dev_random +system_rng +cryptoapi_rng +win32_stats + +# utils +locking_allocator +simd_altivec +simd_scalar +simd_sse2 +</if_available> + +<prohibited> +# block +blowfish +camellia +cascade +cast +gost_28147 +idea +idea_sse2 +kasumi +lion +mars +misty1 +noekeon +noekeon_simd +rc2 +rc5 +rc6 +safer +seed +serpent +serpent_simd +tea +threefish +threefish_avx2 +twofish +xtea +xtea_simd + +# modes +ccm +chacha20poly1305 +eax +ocb +siv +cfb +ecb + +# stream +chacha +ofb +rc4 +salsa20 + +# pubkey +curve25519 +elgamal +gost_3410 +mce +mceies +nr +rw + +# pk_pad +#eme_pkcs1 // needed for tls +eme_raw +#emsa_pkcs1 // needed for tls +emsa_raw +emsa_x931 +emsa1 +emsa1_bsi + +# hash +blake2 +comb4p +gost_3411 +has160 +md2 +md4 +#md5 // needed for tls +rmd128 +rmd160 +#sha1 // needed for tls +#sha1_sse2 // needed for tls +skein +tiger +whirlpool + +# mac +cbc_mac +poly1305 +siphash +x919_mac + +# rng +x931_rng + +</prohibited> diff --git a/src/build-data/policy/sane.txt b/src/build-data/policy/sane.txt new file mode 100644 index 000000000..3482296d6 --- /dev/null +++ b/src/build-data/policy/sane.txt @@ -0,0 +1,120 @@ +<required> +aes +serpent +threefish +chacha + +sha2_32 +sha2_64 +blake2 +skein +keccak + +gcm +ocb +chacha20poly1305 + +kdf2 +hkdf +cmac +hmac +poly1305 +siphash + +pbkdf2 + +# required for private key encryption +pbes2 + +# required for TLS +prf_tls + +curve25519 +ecdh +ecdsa +rsa + +eme_oaep +emsa_pssr +emsa1 + +auto_rng +hmac_rng + +ffi +</required> + +<prohibited> +cast +des +gost_28147 +idea +idea_sse2 +kasumi +lion +mars +misty1 +rc2 +rc4 +rc5 +rc6 +safer +seed +tea +xtea +xtea_simd + +cbc_mac +x919_mac + +# MD5 and SHA1 are broken but not prohibited. They are widely in use +# in non-crypto contexts and are required by TLS currently +md2 +md4 +rmd128 +has160 +gost_3411 + +cfb +ecb +ofb + +elgamal +rw +nr +gost_3410 + +emsa_x931 +pbkdf1 +prf_x942 +x931_rng + +passhash9 +cryptobox +unix_procs +</prohibited> + +<if_available> +clmul +locking_allocator + +sha1_sse2 +aes_ni +aes_ssse3 +noekeon_simd +serpent_simd +threefish_avx2 + +simd_scalar +simd_sse2 +simd_altivec + +# entropy sources +rdrand +rdseed +hres_timer +dev_random +system_rng +cryptoapi_rng +win32_stats +</if_available> diff --git a/src/lib/mac/mac.h b/src/lib/mac/mac.h index 90ef4db15..fe3388f3b 100644 --- a/src/lib/mac/mac.h +++ b/src/lib/mac/mac.h @@ -53,6 +53,8 @@ class BOTAN_DLL MessageAuthenticationCode : public Buffered_Computation, virtual MessageAuthenticationCode* clone() const = 0; }; +typedef MessageAuthenticationCode MAC; + } #endif diff --git a/src/lib/pubkey/dlies/dlies.cpp b/src/lib/pubkey/dlies/dlies.cpp index 86cd51e19..ba890ac3d 100644 --- a/src/lib/pubkey/dlies/dlies.cpp +++ b/src/lib/pubkey/dlies/dlies.cpp @@ -21,6 +21,8 @@ DLIES_Encryptor::DLIES_Encryptor(const PK_Key_Agreement_Key& key, m_mac(mac_obj), m_mac_keylen(mac_kl) { + BOTAN_ASSERT_NONNULL(kdf_obj); + BOTAN_ASSERT_NONNULL(mac_obj); m_my_key = key.public_value(); } diff --git a/src/tests/test_dlies.cpp b/src/tests/test_dlies.cpp index 1c7327ab4..ba8142dcb 100644 --- a/src/tests/test_dlies.cpp +++ b/src/tests/test_dlies.cpp @@ -42,20 +42,29 @@ class DLIES_KAT_Tests : public Text_Based_Test Botan::DH_PrivateKey from(Test::rng(), domain, x1); Botan::DH_PrivateKey to(Test::rng(), domain, x2); - const std::string kdf = "KDF2(SHA-1)"; - const std::string mac = "HMAC(SHA-1)"; + const std::string kdf_algo = "KDF2(SHA-1)"; + const std::string mac_algo = "HMAC(SHA-1)"; const size_t mac_key_len = 16; Test::Result result("DLIES"); + std::unique_ptr<Botan::KDF> kdf(Botan::KDF::create(kdf_algo)); + std::unique_ptr<Botan::MAC> mac(Botan::MAC::create(mac_algo)); + + if(!kdf || !mac) + { + result.test_note("Skipping due to missing KDF or MAC algo"); + return result; + } + Botan::DLIES_Encryptor encryptor(from, - Botan::KDF::create(kdf).release(), - Botan::MessageAuthenticationCode::create(mac).release(), + kdf->clone(), + mac->clone(), mac_key_len); Botan::DLIES_Decryptor decryptor(to, - Botan::KDF::create(kdf).release(), - Botan::MessageAuthenticationCode::create(mac).release(), + kdf.release(), + mac.release(), mac_key_len); encryptor.set_other_key(to.public_value()); diff --git a/src/tests/test_fuzzer.cpp b/src/tests/test_fuzzer.cpp index 18516a68c..2be8e7c08 100644 --- a/src/tests/test_fuzzer.cpp +++ b/src/tests/test_fuzzer.cpp @@ -6,12 +6,12 @@ #include "tests.h" #include <chrono> +#include <botan/internal/filesystem.h> #if defined(BOTAN_HAS_X509_CERTIFICATES) #include <botan/x509cert.h> #include <botan/x509_crl.h> #include <botan/base64.h> - #include <botan/internal/filesystem.h> #endif #if defined(BOTAN_HAS_PUBLIC_KEY_CRYPTO) @@ -61,8 +61,8 @@ class Fuzzer_Input_Tests : public Test { try { - std::unique_ptr<Botan::Private_Key> key(Botan::PKCS8::load_key(vec_file, Test::rng())); - Botan::X509_Certificate cert(vec_file); + std::unique_ptr<Botan::Private_Key> key( + Botan::PKCS8::load_key(vec_file, Test::rng())); } catch(std::exception&) {} |