aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/build-data/policy/bsi.txt156
-rw-r--r--src/build-data/policy/sane.txt120
-rw-r--r--src/lib/mac/mac.h2
-rw-r--r--src/lib/pubkey/dlies/dlies.cpp2
-rw-r--r--src/tests/test_dlies.cpp21
-rw-r--r--src/tests/test_fuzzer.cpp6
6 files changed, 298 insertions, 9 deletions
diff --git a/src/build-data/policy/bsi.txt b/src/build-data/policy/bsi.txt
new file mode 100644
index 000000000..9ab68a921
--- /dev/null
+++ b/src/build-data/policy/bsi.txt
@@ -0,0 +1,156 @@
+<required>
+# block
+aes
+
+# modes
+gcm
+cbc
+mode_pad
+
+# stream
+ctr
+
+# hash
+sha2_32
+sha2_64
+keccak
+
+# mac
+cmac
+hmac
+
+# pk_pad
+eme_oaep
+emsa_pssr
+
+# pubkey
+dlies
+dh
+rsa
+dsa
+ecdsa
+ecdh
+
+# rng
+auto_rng
+hmac_rng
+hmac_drbg
+</required>
+
+<if_available>
+# block
+aes_ni
+aes_ssse3
+
+# modes
+clmul
+
+# entropy sources
+beos_stats
+darwin_secrandom
+egd
+proc_walk
+unix_procs
+rdrand
+rdseed
+hres_timer
+dev_random
+system_rng
+cryptoapi_rng
+win32_stats
+
+# utils
+locking_allocator
+simd_altivec
+simd_scalar
+simd_sse2
+</if_available>
+
+<prohibited>
+# block
+blowfish
+camellia
+cascade
+cast
+gost_28147
+idea
+idea_sse2
+kasumi
+lion
+mars
+misty1
+noekeon
+noekeon_simd
+rc2
+rc5
+rc6
+safer
+seed
+serpent
+serpent_simd
+tea
+threefish
+threefish_avx2
+twofish
+xtea
+xtea_simd
+
+# modes
+ccm
+chacha20poly1305
+eax
+ocb
+siv
+cfb
+ecb
+
+# stream
+chacha
+ofb
+rc4
+salsa20
+
+# pubkey
+curve25519
+elgamal
+gost_3410
+mce
+mceies
+nr
+rw
+
+# pk_pad
+#eme_pkcs1 // needed for tls
+eme_raw
+#emsa_pkcs1 // needed for tls
+emsa_raw
+emsa_x931
+emsa1
+emsa1_bsi
+
+# hash
+blake2
+comb4p
+gost_3411
+has160
+md2
+md4
+#md5 // needed for tls
+rmd128
+rmd160
+#sha1 // needed for tls
+#sha1_sse2 // needed for tls
+skein
+tiger
+whirlpool
+
+# mac
+cbc_mac
+poly1305
+siphash
+x919_mac
+
+# rng
+x931_rng
+
+</prohibited>
diff --git a/src/build-data/policy/sane.txt b/src/build-data/policy/sane.txt
new file mode 100644
index 000000000..3482296d6
--- /dev/null
+++ b/src/build-data/policy/sane.txt
@@ -0,0 +1,120 @@
+<required>
+aes
+serpent
+threefish
+chacha
+
+sha2_32
+sha2_64
+blake2
+skein
+keccak
+
+gcm
+ocb
+chacha20poly1305
+
+kdf2
+hkdf
+cmac
+hmac
+poly1305
+siphash
+
+pbkdf2
+
+# required for private key encryption
+pbes2
+
+# required for TLS
+prf_tls
+
+curve25519
+ecdh
+ecdsa
+rsa
+
+eme_oaep
+emsa_pssr
+emsa1
+
+auto_rng
+hmac_rng
+
+ffi
+</required>
+
+<prohibited>
+cast
+des
+gost_28147
+idea
+idea_sse2
+kasumi
+lion
+mars
+misty1
+rc2
+rc4
+rc5
+rc6
+safer
+seed
+tea
+xtea
+xtea_simd
+
+cbc_mac
+x919_mac
+
+# MD5 and SHA1 are broken but not prohibited. They are widely in use
+# in non-crypto contexts and are required by TLS currently
+md2
+md4
+rmd128
+has160
+gost_3411
+
+cfb
+ecb
+ofb
+
+elgamal
+rw
+nr
+gost_3410
+
+emsa_x931
+pbkdf1
+prf_x942
+x931_rng
+
+passhash9
+cryptobox
+unix_procs
+</prohibited>
+
+<if_available>
+clmul
+locking_allocator
+
+sha1_sse2
+aes_ni
+aes_ssse3
+noekeon_simd
+serpent_simd
+threefish_avx2
+
+simd_scalar
+simd_sse2
+simd_altivec
+
+# entropy sources
+rdrand
+rdseed
+hres_timer
+dev_random
+system_rng
+cryptoapi_rng
+win32_stats
+</if_available>
diff --git a/src/lib/mac/mac.h b/src/lib/mac/mac.h
index 90ef4db15..fe3388f3b 100644
--- a/src/lib/mac/mac.h
+++ b/src/lib/mac/mac.h
@@ -53,6 +53,8 @@ class BOTAN_DLL MessageAuthenticationCode : public Buffered_Computation,
virtual MessageAuthenticationCode* clone() const = 0;
};
+typedef MessageAuthenticationCode MAC;
+
}
#endif
diff --git a/src/lib/pubkey/dlies/dlies.cpp b/src/lib/pubkey/dlies/dlies.cpp
index 86cd51e19..ba890ac3d 100644
--- a/src/lib/pubkey/dlies/dlies.cpp
+++ b/src/lib/pubkey/dlies/dlies.cpp
@@ -21,6 +21,8 @@ DLIES_Encryptor::DLIES_Encryptor(const PK_Key_Agreement_Key& key,
m_mac(mac_obj),
m_mac_keylen(mac_kl)
{
+ BOTAN_ASSERT_NONNULL(kdf_obj);
+ BOTAN_ASSERT_NONNULL(mac_obj);
m_my_key = key.public_value();
}
diff --git a/src/tests/test_dlies.cpp b/src/tests/test_dlies.cpp
index 1c7327ab4..ba8142dcb 100644
--- a/src/tests/test_dlies.cpp
+++ b/src/tests/test_dlies.cpp
@@ -42,20 +42,29 @@ class DLIES_KAT_Tests : public Text_Based_Test
Botan::DH_PrivateKey from(Test::rng(), domain, x1);
Botan::DH_PrivateKey to(Test::rng(), domain, x2);
- const std::string kdf = "KDF2(SHA-1)";
- const std::string mac = "HMAC(SHA-1)";
+ const std::string kdf_algo = "KDF2(SHA-1)";
+ const std::string mac_algo = "HMAC(SHA-1)";
const size_t mac_key_len = 16;
Test::Result result("DLIES");
+ std::unique_ptr<Botan::KDF> kdf(Botan::KDF::create(kdf_algo));
+ std::unique_ptr<Botan::MAC> mac(Botan::MAC::create(mac_algo));
+
+ if(!kdf || !mac)
+ {
+ result.test_note("Skipping due to missing KDF or MAC algo");
+ return result;
+ }
+
Botan::DLIES_Encryptor encryptor(from,
- Botan::KDF::create(kdf).release(),
- Botan::MessageAuthenticationCode::create(mac).release(),
+ kdf->clone(),
+ mac->clone(),
mac_key_len);
Botan::DLIES_Decryptor decryptor(to,
- Botan::KDF::create(kdf).release(),
- Botan::MessageAuthenticationCode::create(mac).release(),
+ kdf.release(),
+ mac.release(),
mac_key_len);
encryptor.set_other_key(to.public_value());
diff --git a/src/tests/test_fuzzer.cpp b/src/tests/test_fuzzer.cpp
index 18516a68c..2be8e7c08 100644
--- a/src/tests/test_fuzzer.cpp
+++ b/src/tests/test_fuzzer.cpp
@@ -6,12 +6,12 @@
#include "tests.h"
#include <chrono>
+#include <botan/internal/filesystem.h>
#if defined(BOTAN_HAS_X509_CERTIFICATES)
#include <botan/x509cert.h>
#include <botan/x509_crl.h>
#include <botan/base64.h>
- #include <botan/internal/filesystem.h>
#endif
#if defined(BOTAN_HAS_PUBLIC_KEY_CRYPTO)
@@ -61,8 +61,8 @@ class Fuzzer_Input_Tests : public Test
{
try
{
- std::unique_ptr<Botan::Private_Key> key(Botan::PKCS8::load_key(vec_file, Test::rng()));
- Botan::X509_Certificate cert(vec_file);
+ std::unique_ptr<Botan::Private_Key> key(
+ Botan::PKCS8::load_key(vec_file, Test::rng()));
}
catch(std::exception&) {}