From 385dd2fb263aeec795476243cd9fb5905932d77f Mon Sep 17 00:00:00 2001 From: Nuno Goncalves Date: Sat, 13 Jul 2019 14:51:16 +0200 Subject: Add additional typecast and several static_asserts Signed-off-by: Nuno Goncalves --- src/lib/utils/mem_ops.h | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'src/lib') diff --git a/src/lib/utils/mem_ops.h b/src/lib/utils/mem_ops.h index 569cb409b..4206875b2 100644 --- a/src/lib/utils/mem_ops.h +++ b/src/lib/utils/mem_ops.h @@ -10,6 +10,7 @@ #include #include +#include #include namespace Botan { @@ -113,6 +114,15 @@ template inline void clear_mem(T* ptr, size_t n) clear_bytes(ptr, sizeof(T)*n); } + + +// is_trivially_copyable is missing in g++ < 5.0 +#if !__clang__ && __GNUG__ && __GNUC__ < 5 +#define IS_TRIVIALLY_COPYABLE(T) true +#else +#define IS_TRIVIALLY_COPYABLE(T) std::is_trivially_copyable::value +#endif + /** * Copy memory * @param out the destination array @@ -121,6 +131,7 @@ template inline void clear_mem(T* ptr, size_t n) */ template inline void copy_mem(T* out, const T* in, size_t n) { + static_assert(std::is_trivial::type>::value, ""); if(n > 0) { std::memmove(out, in, sizeof(T)*n); @@ -129,11 +140,13 @@ template inline void copy_mem(T* out, const T* in, size_t n) template inline void typecast_copy(uint8_t out[], T in[], size_t N) { + static_assert(IS_TRIVIALLY_COPYABLE(T), ""); std::memcpy(out, in, sizeof(T)*N); } template inline void typecast_copy(T out[], const uint8_t in[], size_t N) { + static_assert(std::is_trivial::value, ""); std::memcpy(out, in, sizeof(T)*N); } @@ -144,9 +157,18 @@ template inline void typecast_copy(uint8_t out[], T in) template inline void typecast_copy(T& out, const uint8_t in[]) { + static_assert(std::is_trivial::type>::value, ""); typecast_copy(&out, in, 1); } +template inline To typecast_copy(const From *src) noexcept + { + static_assert(IS_TRIVIALLY_COPYABLE(From) && std::is_trivial::value, ""); + To dst; + std::memcpy(&dst, src, sizeof(To)); + return dst; + } + /** * Set memory to a fixed value * @param ptr a pointer to an array of bytes -- cgit v1.2.3 From 418cc99ffd56b0f5e2c753355fc8f29672fb82ba Mon Sep 17 00:00:00 2001 From: Nuno Goncalves Date: Sat, 13 Jul 2019 14:52:40 +0200 Subject: Add missing define of _WINSOCKAPI_ to avoid unintentional of winsock Signed-off-by: Nuno Goncalves --- src/lib/utils/os_utils.cpp | 1 + 1 file changed, 1 insertion(+) (limited to 'src/lib') diff --git a/src/lib/utils/os_utils.cpp b/src/lib/utils/os_utils.cpp index a27e9117f..84a2d0ebe 100644 --- a/src/lib/utils/os_utils.cpp +++ b/src/lib/utils/os_utils.cpp @@ -47,6 +47,7 @@ #if defined(BOTAN_TARGET_OS_HAS_WIN32) #define NOMINMAX 1 + #define _WINSOCKAPI_ // stop windows.h including winsock.h #include #endif -- cgit v1.2.3 From eed3adbba406221fbb6c5d932b48c813c41429f8 Mon Sep 17 00:00:00 2001 From: Nuno Goncalves Date: Fri, 1 Mar 2019 17:17:17 +0100 Subject: Style fix * remove always false ec check * make write and read some similar: use asio member functions and anonymous lambda in both --- src/lib/utils/socket/socket.cpp | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) (limited to 'src/lib') diff --git a/src/lib/utils/socket/socket.cpp b/src/lib/utils/socket/socket.cpp index 41177809e..54033bc55 100644 --- a/src/lib/utils/socket/socket.cpp +++ b/src/lib/utils/socket/socket.cpp @@ -31,10 +31,7 @@ #include #elif defined(BOTAN_TARGET_OS_HAS_WINSOCK2) - #define NOMINMAX 1 - #include #include - #include #endif namespace Botan { @@ -72,7 +69,7 @@ class Asio_Socket final : public OS::Socket if(ec) throw boost::system::system_error(ec); - if(ec || m_tcp.is_open() == false) + if(m_tcp.is_open() == false) throw System_Error("Connection to host " + hostname + " failed"); } @@ -82,8 +79,8 @@ class Asio_Socket final : public OS::Socket boost::system::error_code ec = boost::asio::error::would_block; - boost::asio::async_write(m_tcp, boost::asio::buffer(buf, len), - [&ec](boost::system::error_code e, size_t) { ec = e; }); + m_tcp.async_send(boost::asio::buffer(buf, len), + [&ec](boost::system::error_code e, size_t) { ec = e; }); while(ec == boost::asio::error::would_block) { m_io.run_one(); } @@ -100,11 +97,8 @@ class Asio_Socket final : public OS::Socket boost::system::error_code ec = boost::asio::error::would_block; size_t got = 0; - auto read_cb = [&](const boost::system::error_code cb_ec, size_t cb_got) { - ec = cb_ec; got = cb_got; - }; - - m_tcp.async_read_some(boost::asio::buffer(buf, len), read_cb); + m_tcp.async_read_some(boost::asio::buffer(buf, len), + [&](boost::system::error_code cb_ec, size_t cb_got) { ec = cb_ec; got = cb_got; }); while(ec == boost::asio::error::would_block) { m_io.run_one(); } -- cgit v1.2.3 From 5a02e9c100ca49c580ac50bfb88d101d88553972 Mon Sep 17 00:00:00 2001 From: Nuno Goncalves Date: Sun, 3 Mar 2019 21:45:01 +0100 Subject: Add URI class to parse IPv4, IPv6 and domain names together with port number Signed-off-by: Nuno Goncalves --- src/fuzzer/uri.cpp | 20 +++++ src/lib/utils/socket/uri.cpp | 183 +++++++++++++++++++++++++++++++++++++++++++ src/lib/utils/socket/uri.h | 49 ++++++++++++ src/tests/test_uri.cpp | 120 ++++++++++++++++++++++++++++ 4 files changed, 372 insertions(+) create mode 100644 src/fuzzer/uri.cpp create mode 100644 src/lib/utils/socket/uri.cpp create mode 100644 src/lib/utils/socket/uri.h create mode 100644 src/tests/test_uri.cpp (limited to 'src/lib') diff --git a/src/fuzzer/uri.cpp b/src/fuzzer/uri.cpp new file mode 100644 index 000000000..89066d283 --- /dev/null +++ b/src/fuzzer/uri.cpp @@ -0,0 +1,20 @@ +/* +* (C) 2019 Nuno Goncalves +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include "fuzzers.h" +#include + +void fuzz(const uint8_t in[], size_t len) + { + if(len > max_fuzzer_input_size) + return; + + try + { + Botan::URI::fromAny(std::string(reinterpret_cast(in), len)); + } + catch(Botan::Exception& e) { } + } diff --git a/src/lib/utils/socket/uri.cpp b/src/lib/utils/socket/uri.cpp new file mode 100644 index 000000000..ea7188b31 --- /dev/null +++ b/src/lib/utils/socket/uri.cpp @@ -0,0 +1,183 @@ +/* +* (C) 2019 Nuno Goncalves +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include +#include + +#include + +#if defined(BOTAN_TARGET_OS_HAS_SOCKETS) + #include +#elif defined(BOTAN_TARGET_OS_HAS_WINSOCK2) + #include +#endif + +#if defined(BOTAN_TARGET_OS_HAS_SOCKETS) || defined(BOTAN_TARGET_OS_HAS_WINSOCK2) + +namespace { + +constexpr bool isdigit(char ch) + { + return ch >= '0' && ch <= '9'; + } + +bool isDomain(const std::string& domain) + { +#if defined(__GLIBCXX__) && (__GLIBCXX__ < 20160726) //GCC 4.8 does not support regex + return true; +#endif + std::regex re( + R"(^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$)"); + std::cmatch m; + return std::regex_match(domain.c_str(), m, re); + } + +bool isIPv4(const std::string& ip) + { + sockaddr_storage inaddr; + return !!inet_pton(AF_INET, ip.c_str(), &inaddr); + } + +bool isIPv6(const std::string& ip) + { + sockaddr_storage in6addr; + return !!inet_pton(AF_INET6, ip.c_str(), &in6addr); + } +} + +namespace Botan { + +URI URI::fromDomain(const std::string& uri) + { + unsigned port = 0; + const auto port_pos = uri.find(':'); + if(port_pos != std::string::npos) + { + for(char c : uri.substr(port_pos+1)) + { + if(!isdigit(c)) + { throw Invalid_Argument("invalid"); } + port = port*10 + c - '0'; + if(port > 65535) + { throw Invalid_Argument("invalid"); } + } + } + const auto domain = uri.substr(0, port_pos); + if(isIPv4(domain)) + { throw Invalid_Argument("invalid"); } + if(!isDomain(domain)) + { throw Invalid_Argument("invalid"); } + return {Type::Domain, domain, uint16_t(port)}; + } + +URI URI::fromIPv4(const std::string& uri) + { + unsigned port = 0; + const auto port_pos = uri.find(':'); + if(port_pos != std::string::npos) + { + for(char c : uri.substr(port_pos+1)) + { + if(!isdigit(c)) + { throw Invalid_Argument("invalid"); } + port = port*10 + c - '0'; + if(port > 65535) + { throw Invalid_Argument("invalid"); } + } + } + const auto ip = uri.substr(0, port_pos); + if(!isIPv4(ip)) + { throw Invalid_Argument("invalid"); } + return { Type::IPv4, ip, uint16_t(port) }; + } + +URI URI::fromIPv6(const std::string& uri) + { + unsigned port = 0; + const auto port_pos = uri.find(']'); + const bool with_braces = (port_pos != std::string::npos); + if((uri[0]=='[') != with_braces) + { throw Invalid_Argument("invalid"); } + + if(with_braces && (uri.size() > port_pos + 1)) + { + if(uri[port_pos+1]!=':') + { throw Invalid_Argument("invalid"); } + for(char c : uri.substr(port_pos+2)) + { + if(!isdigit(c)) + { throw Invalid_Argument("invalid"); } + port = port*10 + c - '0'; + if(port > 65535) + { throw Invalid_Argument("invalid"); } + } + } + const auto ip = uri.substr((with_braces ? 1 : 0), port_pos - with_braces); + if(!isIPv6(ip)) + { throw Invalid_Argument("invalid"); } + return { Type::IPv6, ip, uint16_t(port) }; + } + +URI URI::fromAny(const std::string& uri) + { + + bool colon_seen=false; + bool non_number=false; + if(uri[0]=='[') + { return fromIPv6(uri); } + for(auto c : uri) + { + if(c == ':') + { + if(colon_seen) //seen two ':' + { return fromIPv6(uri); } + colon_seen = true; + } + else if(!isdigit(c) && c != '.') + { + non_number=true; + } + } + if(!non_number) + { + if(isIPv4(uri.substr(0, uri.find(':')))) + { + return fromIPv4(uri); + } + } + return fromDomain(uri); + } + +std::string URI::to_string() const + { + if(type == Type::NotSet) + { + throw Invalid_Argument("not set"); + } + + if(port != 0) + { + if(type == Type::IPv6) + { return "[" + host + "]:" + std::to_string(port); } + return host + ":" + std::to_string(port); + } + return host; + } + +} + +#else + +namespace Botan { + +URI URI::fromDomain(const std::string&) {throw Not_Implemented("No socket support enabled in build");} +URI URI::fromIPv4(const std::string&) {throw Not_Implemented("No socket support enabled in build");} +URI URI::fromIPv6(const std::string&) {throw Not_Implemented("No socket support enabled in build");} +URI URI::fromAny(const std::string&) {throw Not_Implemented("No socket support enabled in build");} + +} + +#endif diff --git a/src/lib/utils/socket/uri.h b/src/lib/utils/socket/uri.h new file mode 100644 index 000000000..a9f68ac41 --- /dev/null +++ b/src/lib/utils/socket/uri.h @@ -0,0 +1,49 @@ +/* +* (C) 2019 Nuno Goncalves +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_URI_H_ +#define BOTAN_URI_H_ + +#include +#include + +#include + +namespace Botan { + +struct BOTAN_TEST_API URI + { + enum class Type : uint8_t + { + NotSet, + IPv4, + IPv6, + Domain, + }; + static URI fromAny(const std::string& uri); + static URI fromIPv4(const std::string& uri); + static URI fromIPv6(const std::string& uri); + static URI fromDomain(const std::string& uri); + URI() = default; + URI(Type type, const std::string& host, unsigned short port) + : type { type } + , host { host } + , port { port } + {} + bool operator==(const URI& a) const + { + return type == a.type && host == a.host && port == a.port; + } + std::string to_string() const; + + const Type type{Type::NotSet}; + const std::string host{}; + const uint16_t port{}; + }; + +} + +#endif diff --git a/src/tests/test_uri.cpp b/src/tests/test_uri.cpp new file mode 100644 index 000000000..c2dd7144e --- /dev/null +++ b/src/tests/test_uri.cpp @@ -0,0 +1,120 @@ +/* +* (C) 2019 Nuno Goncalves +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include "tests.h" + +#if defined(BOTAN_HAS_SOCKETS) && (defined(BOTAN_TARGET_OS_HAS_SOCKETS) || defined(BOTAN_TARGET_OS_HAS_WINSOCK2)) + +#include + +namespace Botan_Tests { + +class URI_Tests final : public Test + { + void test_uri_ctor(std::vector& results) + { + Test::Result result("uri constructors"); + Botan::URI uri(Botan::URI::Type::Domain, "localhost", 80); + result.confirm("type", uri.type == Botan::URI::Type::Domain); + result.test_eq("host", uri.host, "localhost"); + result.confirm("post", uri.port == 80); + results.push_back(result); + } + + void test_uri_tostring(std::vector& results) + { + Test::Result result("uri to_string"); + + result.test_eq("domain", Botan::URI(Botan::URI::Type::Domain, "localhost", 80).to_string(), "localhost:80"); + result.test_eq("IPv4", Botan::URI(Botan::URI::Type::IPv4, "192.168.1.1", 80).to_string(), "192.168.1.1:80"); + result.test_eq("IPv6", Botan::URI(Botan::URI::Type::IPv6, "::1", 80).to_string(), "[::1]:80"); + result.test_eq("IPv6 no port", Botan::URI(Botan::URI::Type::IPv6, "::1", 0).to_string(), "::1"); + result.test_throws("invalid", []() {Botan::URI(Botan::URI::Type::NotSet, "", 0).to_string();}); + + results.push_back(result); + } + + void test_uri_factories(std::vector& results) + { + Test::Result result("uri factories"); + + struct + { + std::string uri; + Botan::URI::Type type; + std::string host; + unsigned port; + } tests [] + { + {"localhost::80", Botan::URI::Type::NotSet, {}, 0}, + {"localhost:70000", Botan::URI::Type::NotSet, {}, 0}, + {"[::1]:a", Botan::URI::Type::NotSet, {}, 0}, + {"[::1]:70000", Botan::URI::Type::NotSet, {}, 0}, + {"localhost:80", Botan::URI::Type::Domain, "localhost", 80}, + {"www.example.com", Botan::URI::Type::Domain, "www.example.com", 0}, + {"192.168.1.1", Botan::URI::Type::IPv4, "192.168.1.1", 0}, + {"192.168.1.1:34567", Botan::URI::Type::IPv4, "192.168.1.1", 34567}, + {"[::1]:61234", Botan::URI::Type::IPv6, "::1", 61234}, + }; + + for(const auto t : tests) + { + auto test_URI = [&result](const Botan::URI& uri, const std::string& host, const unsigned port) + { + result.test_eq("host", uri.host, host); + result.confirm("port", uri.port==port); + }; + + if(t.type!=Botan::URI::Type::IPv4) + result.test_throws("invalid", [&t]() {Botan::URI::fromIPv4(t.uri);}); + if(t.type!=Botan::URI::Type::IPv6) + result.test_throws("invalid", [&t]() {Botan::URI::fromIPv6(t.uri);}); + if(t.type!=Botan::URI::Type::Domain) + result.test_throws("invalid", [&t]() {Botan::URI::fromDomain(t.uri);}); + if(t.type==Botan::URI::Type::NotSet) + { + result.test_throws("invalid", [&t]() {Botan::URI::fromAny(t.uri);}); + } + else + { + const auto any = Botan::URI::fromAny(t.uri); + result.confirm("type any", any.type == t.type); + test_URI(any, t.host, t.port); + if(t.type == Botan::URI::Type::Domain) + { test_URI(Botan::URI::fromDomain(t.uri), t.host, t.port); } + else if(t.type == Botan::URI::Type::IPv4) + { test_URI(Botan::URI::fromIPv4(t.uri), t.host, t.port); } + else if(t.type == Botan::URI::Type::IPv6) + { test_URI(Botan::URI::fromIPv6(t.uri), t.host, t.port); } + } + } + + //since GCC 4.8 does not support regex this would possibly be acceped as valid domains, + //but we just want to test IPv6 parsing, so the test needs to be individual + result.test_throws("invalid IPv6", [](){ Botan::URI::fromIPv6("]"); }); + result.test_throws("invalid IPv6", [](){ Botan::URI::fromIPv6("[::1]1"); }); + + results.push_back(result); + } + + public: + std::vector run() override + { + std::vector results; + + test_uri_ctor(results); + test_uri_tostring(results); + test_uri_factories(results); + + return results; + } + }; + +BOTAN_REGISTER_TEST("uri", URI_Tests); + +} // namespace Botan_Tests + +#endif -- cgit v1.2.3 From 8f8c88c3291c5bbe28d8bdb6aff7b8093ca85ae7 Mon Sep 17 00:00:00 2001 From: Nuno Goncalves Date: Sun, 16 Jun 2019 08:48:15 +0200 Subject: Add UDP client Signed-off-by: Nuno Goncalves --- src/lib/utils/socket/info.txt | 2 + src/lib/utils/socket/socket_udp.cpp | 337 ++++++++++++++++++++++++++++++++++++ src/lib/utils/socket/socket_udp.h | 73 ++++++++ 3 files changed, 412 insertions(+) create mode 100644 src/lib/utils/socket/socket_udp.cpp create mode 100644 src/lib/utils/socket/socket_udp.h (limited to 'src/lib') diff --git a/src/lib/utils/socket/info.txt b/src/lib/utils/socket/info.txt index 330e784c5..ceeaa18ee 100644 --- a/src/lib/utils/socket/info.txt +++ b/src/lib/utils/socket/info.txt @@ -3,7 +3,9 @@ SOCKETS -> 20171216 +uri.h socket.h +socket_udp.h diff --git a/src/lib/utils/socket/socket_udp.cpp b/src/lib/utils/socket/socket_udp.cpp new file mode 100644 index 000000000..651fe1b0c --- /dev/null +++ b/src/lib/utils/socket/socket_udp.cpp @@ -0,0 +1,337 @@ +/* +* (C) 2015,2016,2017 Jack Lloyd +* (C) 2016 Daniel Neus +* (C) 2019 Nuno Goncalves +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include +#include +#include +#include +#include + +#if defined(BOTAN_HAS_BOOST_ASIO) + /* + * We don't need serial port support anyway, and asking for it + * causes macro conflicts with Darwin's termios.h when this + * file is included in the amalgamation. GH #350 + */ + #define BOOST_ASIO_DISABLE_SERIAL_PORT + #include + #include +#elif defined(BOTAN_TARGET_OS_HAS_SOCKETS) + #include + #include + #include + #include + #include + #include + #include + #include + +#elif defined(BOTAN_TARGET_OS_HAS_WINSOCK2) + #include +#endif + +namespace Botan { + +namespace { + +#if defined(BOTAN_HAS_BOOST_ASIO) +class Asio_SocketUDP final : public OS::SocketUDP + { + public: + Asio_SocketUDP(const std::string& hostname, + const std::string& service, + std::chrono::microseconds timeout) : + m_timeout(timeout), m_timer(m_io), m_udp(m_io) + { + m_timer.expires_from_now(m_timeout); + check_timeout(); + + boost::asio::ip::udp::resolver resolver(m_io); + boost::asio::ip::udp::resolver::query query(hostname, service); + boost::asio::ip::udp::resolver::iterator dns_iter = resolver.resolve(query); + + boost::system::error_code ec = boost::asio::error::would_block; + + auto connect_cb = [&ec](const boost::system::error_code& e, + boost::asio::ip::udp::resolver::iterator) { ec = e; }; + + boost::asio::async_connect(m_udp, dns_iter, connect_cb); + + while(ec == boost::asio::error::would_block) + { + m_io.run_one(); + } + + if(ec) + { throw boost::system::system_error(ec); } + if(m_udp.is_open() == false) + { throw System_Error("Connection to host " + hostname + " failed"); } + } + + void write(const uint8_t buf[], size_t len) override + { + m_timer.expires_from_now(m_timeout); + + boost::system::error_code ec = boost::asio::error::would_block; + + m_udp.async_send(boost::asio::buffer(buf, len), + [&ec](boost::system::error_code e, size_t) { ec = e; }); + + while(ec == boost::asio::error::would_block) + { + m_io.run_one(); + } + + if(ec) + { + throw boost::system::system_error(ec); + } + } + + size_t read(uint8_t buf[], size_t len) override + { + m_timer.expires_from_now(m_timeout); + + boost::system::error_code ec = boost::asio::error::would_block; + size_t got = 0; + + m_udp.async_receive(boost::asio::buffer(buf, len), + [&](boost::system::error_code cb_ec, size_t cb_got) { ec = cb_ec; got = cb_got; }); + + while(ec == boost::asio::error::would_block) + { + m_io.run_one(); + } + + if(ec) + { + if(ec == boost::asio::error::eof) + { return 0; } + throw boost::system::system_error(ec); // Some other error. + } + + return got; + } + + private: + void check_timeout() + { + if(m_udp.is_open() && m_timer.expires_at() < std::chrono::system_clock::now()) + { + boost::system::error_code err; + m_udp.close(err); + } + + m_timer.async_wait(std::bind(&Asio_SocketUDP::check_timeout, this)); + } + + const std::chrono::microseconds m_timeout; + boost::asio::io_service m_io; + boost::asio::system_timer m_timer; + boost::asio::ip::udp::socket m_udp; + }; +#elif defined(BOTAN_TARGET_OS_HAS_SOCKETS) || defined(BOTAN_TARGET_OS_HAS_WINSOCK2) +class BSD_SocketUDP final : public OS::SocketUDP + { + public: + BSD_SocketUDP(const std::string& hostname, + const std::string& service, + std::chrono::microseconds timeout) : m_timeout(timeout) + { + socket_init(); + + m_socket = invalid_socket(); + + addrinfo* res; + addrinfo hints; + clear_mem(&hints, 1); + hints.ai_family = AF_UNSPEC; + hints.ai_socktype = SOCK_DGRAM; + + int rc = ::getaddrinfo(hostname.c_str(), service.c_str(), &hints, &res); + + if(rc != 0) + { + throw System_Error("Name resolution failed for " + hostname, rc); + } + + for(addrinfo* rp = res; (m_socket == invalid_socket()) && (rp != nullptr); rp = rp->ai_next) + { + if(rp->ai_family != AF_INET && rp->ai_family != AF_INET6) + { continue; } + + m_socket = ::socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol); + + if(m_socket == invalid_socket()) + { + // unsupported socket type? + continue; + } + + set_nonblocking(m_socket); + memcpy(&sa, res->ai_addr, res->ai_addrlen); + salen=res->ai_addrlen; + } + + ::freeaddrinfo(res); + + if(m_socket == invalid_socket()) + { + throw System_Error("Connecting to " + hostname + + " for service " + service + " failed", errno); + } + } + + ~BSD_SocketUDP() + { + close_socket(m_socket); + m_socket = invalid_socket(); + socket_fini(); + } + + void write(const uint8_t buf[], size_t len) override + { + fd_set write_set; + FD_ZERO(&write_set); + FD_SET(m_socket, &write_set); + + size_t sent_so_far = 0; + while(sent_so_far != len) + { + struct timeval timeout = make_timeout_tv(); + int active = ::select(m_socket + 1, nullptr, &write_set, nullptr, &timeout); + + if(active == 0) + { throw System_Error("Timeout during socket write"); } + + const size_t left = len - sent_so_far; + socket_op_ret_type sent = ::sendto(m_socket, cast_uint8_ptr_to_char(buf + sent_so_far), left, 0, (sockaddr*)&sa, salen); + if(sent < 0) + { throw System_Error("Socket write failed", errno); } + else + { sent_so_far += static_cast(sent); } + } + } + + size_t read(uint8_t buf[], size_t len) override + { + fd_set read_set; + FD_ZERO(&read_set); + FD_SET(m_socket, &read_set); + + struct timeval timeout = make_timeout_tv(); + int active = ::select(m_socket + 1, &read_set, nullptr, nullptr, &timeout); + + if(active == 0) + { throw System_Error("Timeout during socket read"); } + + socket_op_ret_type got = ::recvfrom(m_socket, cast_uint8_ptr_to_char(buf), len, 0, nullptr, nullptr); + + if(got < 0) + { throw System_Error("Socket read failed", errno); } + + return static_cast(got); + } + + private: +#if defined(BOTAN_TARGET_OS_HAS_WINSOCK2) + typedef SOCKET socket_type; + typedef int socket_op_ret_type; + static socket_type invalid_socket() { return INVALID_SOCKET; } + static void close_socket(socket_type s) { ::closesocket(s); } + static std::string get_last_socket_error() { return std::to_string(::WSAGetLastError()); } + + static bool nonblocking_connect_in_progress() + { + return (::WSAGetLastError() == WSAEWOULDBLOCK); + } + + static void set_nonblocking(socket_type s) + { + u_long nonblocking = 1; + ::ioctlsocket(s, FIONBIO, &nonblocking); + } + + static void socket_init() + { + WSAData wsa_data; + WORD wsa_version = MAKEWORD(2, 2); + + if(::WSAStartup(wsa_version, &wsa_data) != 0) + { + throw System_Error("WSAStartup() failed", WSAGetLastError()); + } + + if(LOBYTE(wsa_data.wVersion) != 2 || HIBYTE(wsa_data.wVersion) != 2) + { + ::WSACleanup(); + throw System_Error("Could not find a usable version of Winsock.dll"); + } + } + + static void socket_fini() + { + ::WSACleanup(); + } +#else + typedef int socket_type; + typedef ssize_t socket_op_ret_type; + static socket_type invalid_socket() { return -1; } + static void close_socket(socket_type s) { ::close(s); } + static std::string get_last_socket_error() { return ::strerror(errno); } + static bool nonblocking_connect_in_progress() { return (errno == EINPROGRESS); } + static void set_nonblocking(socket_type s) + { + if(::fcntl(s, F_SETFL, O_NONBLOCK) < 0) + { throw System_Error("Setting socket to non-blocking state failed", errno); } + } + + static void socket_init() {} + static void socket_fini() {} +#endif + sockaddr_storage sa; + socklen_t salen; + struct timeval make_timeout_tv() const + { + struct timeval tv; + tv.tv_sec = m_timeout.count() / 1000000; + tv.tv_usec = m_timeout.count() % 1000000; + return tv; + } + + const std::chrono::microseconds m_timeout; + socket_type m_socket; + }; +#endif +} + +std::unique_ptr +OS::open_socket_udp(const std::string& hostname, + const std::string& service, + std::chrono::microseconds timeout) + { +#if defined(BOTAN_HAS_BOOST_ASIO) + return std::unique_ptr(new Asio_SocketUDP(hostname, service, timeout)); +#elif defined(BOTAN_TARGET_OS_HAS_SOCKETS) || defined(BOTAN_TARGET_OS_HAS_WINSOCK2) + return std::unique_ptr(new BSD_SocketUDP(hostname, service, timeout)); +#else + return std::unique_ptr(); +#endif + } + +std::unique_ptr +OS::open_socket_udp(const std::string& uri_string, + std::chrono::microseconds timeout) + { + const auto uri = URI::fromAny(uri_string); + if(uri.port == 0) + { throw Invalid_Argument("UDP port not specified"); } + return open_socket_udp(uri.host, std::to_string(uri.port), timeout); + } + +} diff --git a/src/lib/utils/socket/socket_udp.h b/src/lib/utils/socket/socket_udp.h new file mode 100644 index 000000000..4a9346c2b --- /dev/null +++ b/src/lib/utils/socket/socket_udp.h @@ -0,0 +1,73 @@ +/* +* (C) 2015,2016,2017 Jack Lloyd +* (C) 2019 Nuno Goncalves +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_SOCKET_UDP_H_ +#define BOTAN_SOCKET_UDP_H_ + +#include +#include +#include + +namespace Botan { + +namespace OS { + +/* +* This header is internal (not installed) and these functions are not +* intended to be called by applications. However they are given public +* visibility (using BOTAN_TEST_API macro) for the tests. This also probably +* allows them to be overridden by the application on ELF systems, but +* this hasn't been tested. +*/ + + +/** +* A wrapper around a simple blocking UDP socket +*/ +class BOTAN_TEST_API SocketUDP + { + public: + /** + * The socket will be closed upon destruction + */ + virtual ~SocketUDP() = default; + + /** + * Write to the socket. Returns immediately. + * Throws on error. + */ + virtual void write(const uint8_t buf[], size_t len) = 0; + + /** + * Reads up to len bytes, returns bytes written to buf. + * Returns 0 on EOF. Throws on error. + */ + virtual size_t read(uint8_t buf[], size_t len) = 0; + }; + +/** +* Open up a socket. Will throw on error. Returns null if sockets are +* not available on this platform. +*/ +std::unique_ptr +BOTAN_TEST_API open_socket_udp(const std::string& hostname, + const std::string& service, + std::chrono::microseconds timeout); + +/** +* Open up a socket. Will throw on error. Returns null if sockets are +* not available on this platform. +*/ +std::unique_ptr +BOTAN_TEST_API open_socket_udp(const std::string& uri, + std::chrono::microseconds timeout); + + +} // OS +} // Botan + +#endif -- cgit v1.2.3 From bbad5e1eadff2f985fbc4b905eedb83017c8116e Mon Sep 17 00:00:00 2001 From: Nuno Goncalves Date: Sat, 15 Jun 2019 18:30:43 +0200 Subject: Add roughtime protocol Signed-off-by: Nuno Goncalves --- doc/api_ref/roughtime.rst | 6 + src/lib/misc/roughtime/info.txt | 10 + src/lib/misc/roughtime/roughtime.cpp | 429 +++++++++++++++++++++ src/lib/misc/roughtime/roughtime.h | 164 ++++++++ src/lib/utils/exceptn.h | 2 + src/tests/data/misc/roughtime_nonce_from_blind.vec | 9 + src/tests/data/misc/roughtime_request.vec | 7 + src/tests/data/misc/roughtime_response.vec | 67 ++++ src/tests/test_roughtime.cpp | 264 +++++++++++++ 9 files changed, 958 insertions(+) create mode 100644 doc/api_ref/roughtime.rst create mode 100644 src/lib/misc/roughtime/info.txt create mode 100644 src/lib/misc/roughtime/roughtime.cpp create mode 100644 src/lib/misc/roughtime/roughtime.h create mode 100644 src/tests/data/misc/roughtime_nonce_from_blind.vec create mode 100644 src/tests/data/misc/roughtime_request.vec create mode 100644 src/tests/data/misc/roughtime_response.vec create mode 100644 src/tests/test_roughtime.cpp (limited to 'src/lib') diff --git a/doc/api_ref/roughtime.rst b/doc/api_ref/roughtime.rst new file mode 100644 index 000000000..ada53c6c8 --- /dev/null +++ b/doc/api_ref/roughtime.rst @@ -0,0 +1,6 @@ +Roughtime +=========== + +.. versionadded:: 2.12.0 + +Botan includes a Roughtime client, available in ``botan/roughtime.h`` \ No newline at end of file diff --git a/src/lib/misc/roughtime/info.txt b/src/lib/misc/roughtime/info.txt new file mode 100644 index 000000000..560f52666 --- /dev/null +++ b/src/lib/misc/roughtime/info.txt @@ -0,0 +1,10 @@ + +ROUGHTIME -> 20190220 + + + +ed25519 +rng +sha2_64 +socket + diff --git a/src/lib/misc/roughtime/roughtime.cpp b/src/lib/misc/roughtime/roughtime.cpp new file mode 100644 index 000000000..c9767546a --- /dev/null +++ b/src/lib/misc/roughtime/roughtime.cpp @@ -0,0 +1,429 @@ +/* +* Roughtime +* (C) 2019 Nuno Goncalves +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include + +#include +#include +#include +#include +#include + +#include +#include +#include + +namespace Botan { + +namespace { + +template +std::map> unpack_roughtime_packet(T bytes) + { + if(bytes.size() < 8) + { throw Roughtime::Roughtime_Error("Map length is under minimum of 8 bytes"); } + const auto buf = bytes.data(); + const uint32_t num_tags = buf[0]; + const uint32_t start_content = num_tags * 8; + if(start_content > bytes.size()) + { throw Roughtime::Roughtime_Error("Map length too small to contain all tags"); } + uint32_t start = start_content; + std::map> tags; + for(uint32_t i=0; i(buf + 4 + i*4); + if(end > bytes.size()) + { throw Roughtime::Roughtime_Error("Tag end index out of bounds"); } + if(end < start) + { throw Roughtime::Roughtime_Error("Tag offset must be more than previous tag offset"); } + const char* label_ptr = cast_uint8_ptr_to_char(buf) + (num_tags+i)*4; + const char label[] = {label_ptr[0], label_ptr[1], label_ptr[2], label_ptr[3], 0}; + auto ret = tags.emplace(label, std::vector(buf+start, buf+end)); + if(!ret.second) + { throw Roughtime::Roughtime_Error(std::string("Map has duplicated tag: ") + label); } + start = end; + } + return tags; + } + +template +T get(const std::map>& map, const std::string& label) + { + const auto& tag = map.find(label); + if(tag == map.end()) + { throw Roughtime::Roughtime_Error("Tag " + label + " not found"); } + if(tag->second.size() != sizeof(T)) + { throw Roughtime::Roughtime_Error("Tag " + label + " has unexpected size"); } + return typecast_copy(tag->second.data()); + } + +const std::vector& get_v(const std::map>& map, const std::string& label) + { + const auto& tag = map.find(label); + if(tag == map.end()) + { throw Roughtime::Roughtime_Error("Tag " + label + " not found"); } + return tag->second; + } + +bool verify_signature(const std::array& pk, const std::vector& payload, + const std::array& signature) + { + const char context[] = "RoughTime v1 response signature"; + Ed25519_PublicKey key(std::vector(pk.data(), pk.data()+pk.size())); + PK_Verifier verifier(key, "Pure"); + verifier.update(cast_char_ptr_to_uint8(context), sizeof(context)); //add context including \0 + verifier.update(payload); + return verifier.check_signature(signature.data(), signature.size()); + } + +std::array hashLeaf(const std::array& leaf) + { + std::array ret; + std::unique_ptr hash(HashFunction::create_or_throw("SHA-512")); + hash->update(0); + hash->update(leaf.data(), leaf.size()); + hash->final(ret.data()); + return ret; + } + +void hashNode(std::array& hash, const std::array& node, bool reverse) + { + std::unique_ptr h(HashFunction::create_or_throw("SHA-512")); + h->update(1); + if(reverse) + { + h->update(node.data(), node.size()); + h->update(hash.data(), hash.size()); + } + else + { + h->update(hash.data(), hash.size()); + h->update(node.data(), node.size()); + } + h->final(hash.data()); + } + +template +std::array vector_to_array(std::vector vec) + { + if(vec.size() != N) + { throw std::logic_error("Invalid vector size"); } + return typecast_copy>(vec.data()); + } +} + +namespace Roughtime { + +Nonce::Nonce(const std::vector& nonce) + { + if(nonce.size() != 64) + { throw Invalid_Argument("Nonce lenght must be 64"); } + m_nonce = typecast_copy>(nonce.data()); + } +Nonce::Nonce(RandomNumberGenerator& rng) + { + rng.randomize(m_nonce.data(), m_nonce.size()); + } + +std::array encode_request(const Nonce& nonce) + { + std::array buf = {2, 0, 0, 0, 64, 0, 0, 0, 'N', 'O', 'N', 'C', 'P', 'A', 'D', 0xff}; + std::memcpy(buf.data() + 16, nonce.get_nonce().data(), nonce.get_nonce().size()); + std::memset(buf.data() + 16 + nonce.get_nonce().size(), 0, buf.size() - 16 - nonce.get_nonce().size()); + return buf; + } + +Response Response::from_bits(const std::vector& response, + const Nonce& nonce) + { + const auto response_v = unpack_roughtime_packet(response); + const auto cert = unpack_roughtime_packet(get_v(response_v, "CERT")); + const auto cert_dele = get>(cert, "DELE"); + const auto cert_sig = get>(cert, "SIG"); + const auto cert_dele_v = unpack_roughtime_packet(cert_dele); + const auto srep = get_v(response_v, "SREP"); + const auto srep_v = unpack_roughtime_packet(srep); + + const auto cert_dele_pubk = get>(cert_dele_v, "PUBK"); + const auto sig = get>(response_v, "SIG"); + if(!verify_signature(cert_dele_pubk, srep, sig)) + { throw Roughtime_Error("Response signature invalid"); } + + const auto indx = get(response_v, "INDX"); + const auto path = get_v(response_v, "PATH"); + const auto srep_root = get>(srep_v, "ROOT"); + const auto size = path.size(); + const auto levels = size/64; + + if(size % 64) + { throw Roughtime_Error("Merkle tree path size must be multiple of 64 bytes"); } + if(indx >= (1u << levels)) + { throw Roughtime_Error("Merkle tree path is too short"); } + + auto hash = hashLeaf(nonce.get_nonce()); + auto index = indx; + auto level = 0u; + while(level < levels) + { + hashNode(hash, typecast_copy>(path.data() + level*64), index&1); + ++level; + index>>=1; + } + + if(srep_root != hash) + { throw Roughtime_Error("Nonce verification failed"); } + + const auto cert_dele_maxt = sys_microseconds64(get(cert_dele_v, "MAXT")); + const auto cert_dele_mint = sys_microseconds64(get(cert_dele_v, "MINT")); + const auto srep_midp = sys_microseconds64(get(srep_v, "MIDP")); + const auto srep_radi = get(srep_v, "RADI"); + if(srep_midp < cert_dele_mint) + { throw Roughtime_Error("Midpoint earlier than delegation start"); } + if(srep_midp > cert_dele_maxt) + { throw Roughtime_Error("Midpoint later than delegation end"); } + return {cert_dele, cert_sig, srep_midp, srep_radi}; + } + +bool Response::validate(const Ed25519_PublicKey& pk) const + { + const char context[] = "RoughTime v1 delegation signature--"; + PK_Verifier verifier(pk, "Pure"); + verifier.update(cast_char_ptr_to_uint8(context), sizeof(context)); //add context including \0 + verifier.update(m_cert_dele.data(), m_cert_dele.size()); + return verifier.check_signature(m_cert_sig.data(), m_cert_sig.size()); + } + +Nonce nonce_from_blind(const std::vector& previous_response, + const Nonce& blind) + { + std::array ret; + const auto blind_arr = blind.get_nonce(); + std::unique_ptr hash(Botan::HashFunction::create_or_throw("SHA-512")); + hash->update(previous_response); + hash->update(hash->final()); + hash->update(blind_arr.data(), blind_arr.size()); + hash->final(ret.data()); + + return ret; + } + +Chain::Chain(const std::string& str) + { + std::stringstream ss(str); + const std::string ERROR_MESSAGE = "Line does not have 4 space separated fields"; + for(std::string s; std::getline(ss, s);) + { + size_t start = 0, end = 0; + end = s.find(' ', start); + if(end == std::string::npos) + { + throw Decoding_Error(ERROR_MESSAGE); + } + const auto publicKeyType = s.substr(start, end-start); + if(publicKeyType != "ed25519") + { throw Not_Implemented("Only ed25519 publicKeyType is implemented"); } + + start = end + 1; + end = s.find(' ', start); + if(end == std::string::npos) + { + throw Decoding_Error(ERROR_MESSAGE); + } + const auto serverPublicKey = Botan::Ed25519_PublicKey(Botan::base64_decode(s.substr(start, end-start))); + + start = end + 1; + end = s.find(' ', start); + if(end == std::string::npos) + { + throw Decoding_Error(ERROR_MESSAGE); + } + if((end - start) != 88) + { + throw Decoding_Error("Nonce has invalid length"); + } + const auto vec = Botan::base64_decode(s.substr(start, end-start)); + const auto nonceOrBlind = Nonce(vector_to_array<64>(Botan::base64_decode(s.substr(start, end-start)))); + + start = end + 1; + end = s.find(' ', start); + if(end != std::string::npos) + { + throw Decoding_Error(ERROR_MESSAGE); + } + const auto response = Botan::unlock(Botan::base64_decode(s.substr(start))); + + m_links.push_back({response, serverPublicKey, nonceOrBlind}); + } + } +std::vector Chain::responses() const + { + std::vector responses; + for(unsigned i = 0; i < m_links.size(); ++i) + { + const auto& l = m_links[i]; + const auto nonce = i ? nonce_from_blind(m_links[i-1].response(), l.nonce_or_blind()) : l.nonce_or_blind(); + const auto response = Response::from_bits(l.response(), nonce); + if(!response.validate(l.public_key())) + { throw Roughtime_Error("Invalid signature or public key"); } + responses.push_back(response); + } + return responses; + } +Nonce Chain::next_nonce(const Nonce& blind) const + { + return m_links.empty() + ? blind + : nonce_from_blind(m_links.back().response(), blind); + } +void Chain::append(const Link& new_link, size_t max_chain_size) + { + if(max_chain_size <= 0) + { throw Invalid_Argument("Max chain size must be positive"); } + + while(m_links.size() >= max_chain_size) + { + if(m_links.size() == 1) + { + auto new_link_updated = new_link; + new_link_updated.nonce_or_blind() = + nonce_from_blind(m_links[0].response(), new_link.nonce_or_blind()); //we need to convert blind to nonce + m_links.clear(); + m_links.push_back(new_link_updated); + return; + } + if(m_links.size() >= 2) + { + m_links[1].nonce_or_blind() = + nonce_from_blind(m_links[0].response(), m_links[1].nonce_or_blind()); //we need to convert blind to nonce + } + m_links.erase(m_links.begin()); + } + m_links.push_back(new_link); + } + +std::string Chain::to_string() const + { + std::string s; + s.reserve((7+1 + 88+1 + 44+1 + 480)*m_links.size()); + for(const auto& link : m_links) + { + s += "ed25519"; + s += ' '; + s += Botan::base64_encode(link.public_key().get_public_key()); + s += ' '; + s += Botan::base64_encode(link.nonce_or_blind().get_nonce().data(), link.nonce_or_blind().get_nonce().size()); + s += ' '; + s += Botan::base64_encode(link.response()); + s += '\n'; + } + return s; + } + +std::vector online_request(const std::string& uri, + const Nonce& nonce, + std::chrono::milliseconds timeout) + { + const std::chrono::system_clock::time_point start_time = std::chrono::system_clock::now(); + auto socket = OS::open_socket_udp(uri, timeout); + if(!socket) + { throw Not_Implemented("No socket support enabled in build"); } + + const auto encoded = encode_request(nonce); + socket->write(encoded.data(), encoded.size()); + + if(std::chrono::system_clock::now() - start_time > timeout) + { throw System_Error("Timeout during socket write"); } + + std::vector buffer; + buffer.resize(360+64*10+1); //response basic size is 360 bytes + 64 bytes for each level of merkle tree + //add one additional byte to be able to differentiate if datagram got truncated + const auto n = socket->read(buffer.data(), buffer.size()); + + if(!n || std::chrono::system_clock::now() - start_time > timeout) + { throw System_Error("Timeout waiting for response"); } + + if(n == buffer.size()) + { throw System_Error("Buffer too small"); } + + buffer.resize(n); + return buffer; + } + +std::vector servers_from_str(const std::string& str) + { + std::vector servers; + std::stringstream ss(str); + const std::string ERROR_MESSAGE = "Line does not have at least 5 space separated fields"; + for(std::string s; std::getline(ss, s);) + { + size_t start = 0, end = 0; + end = s.find(' ', start); + if(end == std::string::npos) + { + throw Decoding_Error(ERROR_MESSAGE); + } + const auto name = s.substr(start, end-start); + + start = end + 1; + end = s.find(' ', start); + if(end == std::string::npos) + { + throw Decoding_Error(ERROR_MESSAGE); + } + const auto publicKeyType = s.substr(start, end-start); + if(publicKeyType != "ed25519") + { throw Not_Implemented("Only ed25519 publicKeyType is implemented"); } + + start = end + 1; + end = s.find(' ', start); + + if(end == std::string::npos) + { + throw Decoding_Error(ERROR_MESSAGE); + } + const auto publicKeyBase64 = s.substr(start, end-start); + const auto publicKey = Botan::Ed25519_PublicKey(Botan::base64_decode(publicKeyBase64)); + + start = end + 1; + end = s.find(' ', start); + if(end == std::string::npos) + { + throw Decoding_Error(ERROR_MESSAGE); + } + const auto protocol = s.substr(start, end-start); + if(protocol != "udp") + { throw Not_Implemented("Only UDP protocol is implemented"); } + + const auto addresses = [&]() + { + std::vector addresses; + for(;;) + { + start = end + 1; + end = s.find(' ', start); + const auto address = s.substr(start, (end == std::string::npos) ? std::string::npos : end-start); + if(address.empty()) + { return addresses; } + addresses.push_back(address); + if(end == std::string::npos) + { return addresses; } + } + } + (); + if(addresses.size() == 0) + { + throw Decoding_Error(ERROR_MESSAGE); + } + + servers.push_back({name, publicKey, std::move(addresses)}); + } + return servers; + } + +} + +} diff --git a/src/lib/misc/roughtime/roughtime.h b/src/lib/misc/roughtime/roughtime.h new file mode 100644 index 000000000..595e693b9 --- /dev/null +++ b/src/lib/misc/roughtime/roughtime.h @@ -0,0 +1,164 @@ +/* +* Roughtime +* (C) 2019 Nuno Goncalves +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_ROUGHTIME_H_ +#define BOTAN_ROUGHTIME_H_ + +#include +#include +#include + +#include + +namespace Botan { + +class RandomNumberGenerator; + +namespace Roughtime { + +constexpr unsigned request_min_size = 1024; + +class BOTAN_PUBLIC_API(2, 13) Roughtime_Error final : public Decoding_Error + { + public: + explicit Roughtime_Error(const std::string& s) : Decoding_Error("Roughtime " + s) {} + ErrorType error_type() const noexcept override { return ErrorType::RoughtimeError; } + }; + +class BOTAN_PUBLIC_API(2, 13) Nonce final + { + public: + Nonce() = default; + Nonce(const std::vector& nonce); + Nonce(RandomNumberGenerator& rng); + Nonce(const std::array& nonce) + { + m_nonce = nonce; + } + bool operator==(const Nonce& rhs) const { return m_nonce == rhs.m_nonce; } + const std::array& get_nonce() const { return m_nonce; } + private: + std::array m_nonce; + }; + + +/** +* An Roughtime request. +*/ +BOTAN_PUBLIC_API(2, 13) +std::array encode_request(const Nonce& nonce); + +/** +* An Roughtime response. +*/ +class BOTAN_PUBLIC_API(2, 13) Response final + { + public: + using microseconds32 = std::chrono::duration; + using microseconds64 = std::chrono::duration; + using sys_microseconds64 = std::chrono::time_point; + + static Response from_bits(const std::vector& response, const Nonce& nonce); + + bool validate(const Ed25519_PublicKey& pk) const; + + sys_microseconds64 utc_midpoint() const { return m_utc_midpoint; } + + microseconds32 utc_radius() const { return m_utc_radius; } + private: + Response(std::array dele, std::array sig, sys_microseconds64 utc_midp, + microseconds32 utc_radius) + : m_cert_dele(dele) + , m_cert_sig(sig) + , m_utc_midpoint {utc_midp} + , m_utc_radius {utc_radius} + {} + const std::array m_cert_dele; + const std::array m_cert_sig; + const sys_microseconds64 m_utc_midpoint; + const microseconds32 m_utc_radius; + }; + +class BOTAN_PUBLIC_API(2, 13) Link final + { + public: + Link(const std::vector& response, + const Ed25519_PublicKey& public_key, + const Nonce& nonce_or_blind) + : m_response{response} + , m_public_key{public_key} + , m_nonce_or_blind{nonce_or_blind} + {} + const std::vector& response() const { return m_response; } + const Ed25519_PublicKey& public_key() const { return m_public_key; } + const Nonce& nonce_or_blind() const { return m_nonce_or_blind; } + Nonce& nonce_or_blind() { return m_nonce_or_blind; } + + private: + std::vector m_response; + Ed25519_PublicKey m_public_key; + Nonce m_nonce_or_blind; + }; + +class BOTAN_PUBLIC_API(2, 13) Chain final + { + public: + Chain() = default; //empty + Chain(const std::string& str); + const std::vector& links() const { return m_links; } + std::vector responses() const; + Nonce next_nonce(const Nonce& blind) const; + void append(const Link& new_link, size_t max_chain_size); + std::string to_string() const; + private: + std::vector m_links; + }; + +/** +*/ +BOTAN_PUBLIC_API(2, 13) +Nonce nonce_from_blind(const std::vector& previous_response, + const Nonce& blind); + +/** +* Makes an online Roughtime request via UDP and returns the Roughtime response. +* @param url Roughtime server UDP endpoint (host:port) +* @param timeout a timeout on the UDP request +* @return Roughtime response +*/ +BOTAN_PUBLIC_API(2, 13) +std::vector online_request(const std::string& uri, + const Nonce& nonce, + std::chrono::milliseconds timeout = std::chrono::seconds(3)); + +struct BOTAN_PUBLIC_API(2, 13) Server_Information final + { +public: + Server_Information(const std::string& name, + const Botan::Ed25519_PublicKey& public_key, + const std::vector& addresses) + : m_name { name } + , m_public_key { public_key } + , m_addresses { addresses } + {} + const std::string& name() const {return m_name;} + const Botan::Ed25519_PublicKey& public_key() const {return m_public_key;} + const std::vector& addresses() const {return m_addresses;} + +private: + std::string m_name; + Botan::Ed25519_PublicKey m_public_key; + std::vector m_addresses; + }; + +BOTAN_PUBLIC_API(2, 13) +std::vector servers_from_str(const std::string& str); + +} +} + +#endif diff --git a/src/lib/utils/exceptn.h b/src/lib/utils/exceptn.h index 0259a225b..442ec91e6 100644 --- a/src/lib/utils/exceptn.h +++ b/src/lib/utils/exceptn.h @@ -53,6 +53,8 @@ enum class ErrorType { HttpError, /** A message with an invalid authentication tag was detected */ InvalidTag, + /** An error during Roughtime validation */ + RoughtimeError, /** An error when calling OpenSSL */ OpenSSLError = 200, diff --git a/src/tests/data/misc/roughtime_nonce_from_blind.vec b/src/tests/data/misc/roughtime_nonce_from_blind.vec new file mode 100644 index 000000000..3705f30ae --- /dev/null +++ b/src/tests/data/misc/roughtime_nonce_from_blind.vec @@ -0,0 +1,9 @@ +[Valid] +Response = 050000004000000040000000A40000003C01000053494700504154485352455043455254494E4458030878C605DE2F4234E53D659CC362EEEDC0CE19F25F0A115E51ED2EFB90B3C0474892929324EA4A262838CDAE5A4209512532B21DD0E05E2A00B7044DB9950E03000000040000000C000000524144494D494450524F4F5440420F00AC8139619F8205003504CBB433EF121955E1E7F3441C9EBFB213824480EA54890147638F3F6425A6DFA8A2FC3703628880D9255E6261BA642CC4BA35315787EC7DE079E7C752B97902000000400000005349470044454C45340B2E9950BF4ACDE29EFB068E7DA93F1B6EAB95E8C292C082C8FD3C362CB1A8F67A1A65E81416633EACDBB5775015384550D358FAFF6C43981BE9D1DE8C66010300000020000000280000005055424B4D494E544D415854B86B5758A08079BBFCE46D1DEC22D7AE855AD092CCF38FE1A783DCB0A3A3BD560000000000000000FFFFFFFFFFFFFFFF00000000 +Blind = D1659ADE0A96C925178B12D8E421FC476F11B2095AD5486668754BA7D134E83C9296DE312B63751FDA3D65B134CBCFD177F0397A68B301111CB538FC53304DD4 +Nonce = E2E1C752DDEDBD766DDB32E9598D9E97C34BFBC4C6C2D46E4470AC68BF00E3FC505A0EBDDF93ADCE5195A22D97F71F13F1EDB5569D89AE8CD0ABA16B4E0F1507 + +[Invalid] +Response = 050000004000000040000000A40000003C01000053494700504154485352455043455254494E4458030878C605DE2F4234E53D659CC362EEEDC0CE19F25F0A115E51ED2EFB90B3C0474892929324EA4A262838CDAE5A4209512532B21DD0E05E2A00B7044DB9950E03000000040000000C000000524144494D494450524F4F5440420F00AC8139619F8205003504CBB433EF121955E1E7F3441C9EBFB213824480EA54890147638F3F6425A6DFA8A2FC3703628880D9255E6261BA642CC4BA35315787EC7DE079E7C752B97902000000400000005349470044454C45340B2E9950BF4ACDE29EFB068E7DA93F1B6EAB95E8C292C082C8FD3C362CB1A8F67A1A65E81416633EACDBB5775015384550D358FAFF6C43981BE9D1DE8C66010300000020000000280000005055424B4D494E544D415854B86B5758A08079BBFCE46D1DEC22D7AE855AD092CCF38FE1A783DCB0A3A3BD560000000000000000FFFFFFFFFFFFFFFF00000000 +Blind = D2659ADE0A96C925178B12D8E421FC476F11B2095AD5486668754BA7D134E83C9296DE312B63751FDA3D65B134CBCFD177F0397A68B301111CB538FC53304DD4 +Nonce = E2E1C752DDEDBD766DDB32E9598D9E97C34BFBC4C6C2D46E4470AC68BF00E3FC505A0EBDDF93ADCE5195A22D97F71F13F1EDB5569D89AE8CD0ABA16B4E0F1507 diff --git a/src/tests/data/misc/roughtime_request.vec b/src/tests/data/misc/roughtime_request.vec new file mode 100644 index 000000000..637346097 --- /dev/null +++ b/src/tests/data/misc/roughtime_request.vec @@ -0,0 +1,7 @@ +[Valid] +Nonce = 83ED2ACE13F29CF02EFB939A6EC79A4BBB7BE7D9E5854FD083FDB01E64BBDBDFEDA23A9FB9EA4BD02F469FFAD10CDD58D049D44E1EB74FA5697A098674546D6D +Request = 02000000400000004E4F4E43504144FF83ED2ACE13F29CF02EFB939A6EC79A4BBB7BE7D9E5854FD083FDB01E64BBDBDFEDA23A9FB9EA4BD02F469FFAD10CDD58D049D44E1EB74FA5697A098674546D6D0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 + +[Invalid] +Nonce = 83ED2ACE13F29CF02EFB939A6EC79A4BBB7BE7D9E5854FD083FDB01E64BBDBDFEDA23A9FB9EA4BD02F469FFAD10CDD58D049D44E1EB74FA5697A098674546D6D +Request = 03000000400000004E4F4E43504144FF83ED2ACE13F29CF02EFB939A6EC79A4BBB7BE7D9E5854FD083FDB01E64BBDBDFEDA23A9FB9EA4BD02F469FFAD10CDD58D049D44E1EB74FA5697A098674546D6D0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 diff --git a/src/tests/data/misc/roughtime_response.vec b/src/tests/data/misc/roughtime_response.vec new file mode 100644 index 000000000..1166c185d --- /dev/null +++ b/src/tests/data/misc/roughtime_response.vec @@ -0,0 +1,67 @@ +[Invalid] +# Botan::Invalid_Argument:tag not found +Response = 040000004000000040000000A40000003C01000053494700504154485352455043455254494E445889AD80EC2EF7E507FD68E4B88F6DB48020807749BCAE886FE8221D31B5EC070FEB25E401FD746D9C2C995B354FFED67F8FC05B56F4844502F632EAD44FD7140E03000000040000000C000000524144494D494450524F4F5440420F0038596D5D678205008DC2277E99668AF765D3D7372D915B904AD6CEB0BAA4262E194C894C0634936DA2CCD92ADBA30FF286ADF5EBF68A5E7BE43559A6226BD3500DDA16083C11C2A202000000400000005349470044454C45A82675D99316586079BDDF8965030CEA112DAAC1D9EADE089CFB7B7C9ABF7D9F87FFDFBB958FCBAC5BE082FBFC110E8B75E11ECEA3DD6D91348AFADCC045260A0300000020000000280000005055424B4D494E544D41585468B3FAF25B844DE2860ECC833283DEBE12A2852E195758B03AA8E39B5247F35E30DFFF4B5E820500303FD7697282050000000000 + +# Botan::Invalid_Argument:tag not found +Response = 050000004000000040000000A40000003C01000054494700504154485352455043455254494E445889AD80EC2EF7E507FD68E4B88F6DB48020807749BCAE886FE8221D31B5EC070FEB25E401FD746D9C2C995B354FFED67F8FC05B56F4844502F632EAD44FD7140E03000000040000000C000000524144494D494450524F4F5440420F0038596D5D678205008DC2277E99668AF765D3D7372D915B904AD6CEB0BAA4262E194C894C0634936DA2CCD92ADBA30FF286ADF5EBF68A5E7BE43559A6226BD3500DDA16083C11C2A202000000400000005349470044454C45A82675D99316586079BDDF8965030CEA112DAAC1D9EADE089CFB7B7C9ABF7D9F87FFDFBB958FCBAC5BE082FBFC110E8B75E11ECEA3DD6D91348AFADCC045260A0300000020000000280000005055424B4D494E544D41585468B3FAF25B844DE2860ECC833283DEBE12A2852E195758B03AA8E39B5247F35E30DFFF4B5E820500303FD7697282050000000000 + +# Botan::Invalid_Argument:invalid structure +Response = 05000000400000 + +# Botan::Invalid_Argument:invalid structure +Response = 050000004000000050000000A40000003C01000053494700504154485352455043455254494E445889AD80EC2EF7E507FD68E4B88F6DB48020807749BCAE886FE8221D31B5EC070FEB25E401FD746D9C2C995B354FFED67F8FC05B56F4844502F632EAD44FD7140E03000000040000000C000000524144494D494450524F4F5440420F0038596D5D678205008DC2277E99668AF765D3D7372D915B904AD6CEB0BAA4262E194C894C0634936DA2CCD92ADBA30FF286ADF5EBF68A5E7BE43559A6226BD3500DDA16083C11C2A202000000400000005349470044454C45A82675D99316586079BDDF8965030CEA112DAAC1D9EADE089CFB7B7C9ABF7D9F87FFDFBB958FCBAC5BE082FBFC110E8B75E11ECEA3DD6D91348AFADCC045260A0300000020000000280000005055424B4D494E544D41585468B3FAF25B844DE2860ECC833283DEBE12A2852E195758B03AA8E39B5247F35E30DFFF4B5E820500303FD7697282050000000000 + +# Botan::Invalid_Argument:invalid structure +Response = 050000004000000040000000A40000004C01000053494700504154485352455043455254494E445889AD80EC2EF7E507FD68E4B88F6DB48020807749BCAE886FE8221D31B5EC070FEB25E401FD746D9C2C995B354FFED67F8FC05B56F4844502F632EAD44FD7140E03000000040000000C000000524144494D494450524F4F5440420F0038596D5D678205008DC2277E99668AF765D3D7372D915B904AD6CEB0BAA4262E194C894C0634936DA2CCD92ADBA30FF286ADF5EBF68A5E7BE43559A6226BD3500DDA16083C11C2A202000000400000005349470044454C45A82675D99316586079BDDF8965030CEA112DAAC1D9EADE089CFB7B7C9ABF7D9F87FFDFBB958FCBAC5BE082FBFC110E8B75E11ECEA3DD6D91348AFADCC045260A0300000020000000280000005055424B4D494E544D41585468B3FAF25B844DE2860ECC833283DEBE12A2852E195758B03AA8E39B5247F35E30DFFF4B5E820500303FD7697282050000000000 + +# Botan::Invalid_Argument:invalid structure +Response = 050000005000000040000000A40000003C01000053494700504154485352455043455254494E445889AD80EC2EF7E507FD68E4B88F6DB48020807749BCAE886FE8221D31B5EC070FEB25E401FD746D9C2C995B354FFED67F8FC05B56F4844502F632EAD44FD7140E03000000040000000C000000524144494D494450524F4F5440420F0038596D5D678205008DC2277E99668AF765D3D7372D915B904AD6CEB0BAA4262E194C894C0634936DA2CCD92ADBA30FF286ADF5EBF68A5E7BE43559A6226BD3500DDA16083C11C2A202000000400000005349470044454C45A82675D99316586079BDDF8965030CEA112DAAC1D9EADE089CFB7B7C9ABF7D9F87FFDFBB958FCBAC5BE082FBFC110E8B75E11ECEA3DD6D91348AFADCC045260A0300000020000000280000005055424B4D494E544D41585468B3FAF25B844DE2860ECC833283DEBE12A2852E195758B03AA8E39B5247F35E30DFFF4B5E820500303FD7697282050000000000 + +# Botan::Invalid_Argument:nonce verification failed +Response = 050000004000000040000000A40000003C01000053494700504154485352455043455254494E445889AD80EC2EF7E507FD68E4B88F6DB48020807749BCAE886FE8221D31B5EC070FEB25E401FD746D9C2C995B354FFED67F8FC05B56F4844502F632EAD44FD7140E03000000040000000C000000524144494D494450524F4F5440420F0038596D5D678205008DC2277E99668AF765D3D7372D915B904AD6CEB0BAA4262E194C894C0634936DA2CCD92ADBA30FF286ADF5EBF68A5E7BE43559A6226BD3500DDA16083C11C2A202000000400000005349470044454C45A82675D99316586079BDDF8965030CEA112DAAC1D9EADE089CFB7B7C9ABF7D9F87FFDFBB958FCBAC5BE082FBFC110E8B75E11ECEA3DD6D91348AFADCC045260A0300000020000000280000005055424B4D494E544D41585468B3FAF25B844DE2860ECC833283DEBE12A2852E195758B03AA8E39B5247F35E30DFFF4B5E820500303FD7697292050000000000 + +# Botan::Invalid_Argument:tag content wrong size +Response = 050000004000000040000000A40000003C01000050415448534947005352455043455254494E445889AD80EC2EF7E507FD68E4B88F6DB48020807749BCAE886FE8221D31B5EC070FEB25E401FD746D9C2C995B354FFED67F8FC05B56F4844502F632EAD44FD7140E03000000040000000C000000524144494D494450524F4F5440420F0038596D5D678205008DC2277E99668AF765D3D7372D915B904AD6CEB0BAA4262E194C894C0634936DA2CCD92ADBA30FF286ADF5EBF68A5E7BE43559A6226BD3500DDA16083C11C2A202000000400000005349470044454C45A82675D99316586079BDDF8965030CEA112DAAC1D9EADE089CFB7B7C9ABF7D9F87FFDFBB958FCBAC5BE082FBFC110E8B75E11ECEA3DD6D91348AFADCC045260A0300000020000000280000005055424B4D494E544D41585468B3FAF25B844DE2860ECC833283DEBE12A2852E195758B03AA8E39B5247F35E30DFFF4B5E820500303FD7697282050000000000 + +# Botan::Invalid_Argument:Merkle tree path is too short +Response = 050000004000000040000000A40000003C01000053494700504154485352455043455254494E445889AD80EC2EF7E507FD68E4B88F6DB48020807749BCAE886FE8221D31B5EC070FEB25E401FD746D9C2C995B354FFED67F8FC05B56F4844502F632EAD44FD7140E03000000040000000C000000524144494D494450524F4F5440420F0038596D5D678205008DC2277E99668AF765D3D7372D915B904AD6CEB0BAA4262E194C894C0634936DA2CCD92ADBA30FF286ADF5EBF68A5E7BE43559A6226BD3500DDA16083C11C2A202000000400000005349470044454C45A82675D99316586079BDDF8965030CEA112DAAC1D9EADE089CFB7B7C9ABF7D9F87FFDFBB958FCBAC5BE082FBFC110E8B75E11ECEA3DD6D91348AFADCC045260A0300000020000000280000005055424B4D494E544D41585468B3FAF25B844DE2860ECC833283DEBE12A2852E195758B03AA8E39B5247F35E30DFFF4B5E820500303FD7697282050000000001 + +# Botan::Invalid_Argument:response signature invalid +Response = 050000004000000040000000A40000003C01000053494700504154485352455043455254494E445889AD80EC2EF7E507FD68E4B88F6D148020807749BCAE886FE8221D31B5EC070FEB25E401FD746D9C2C995B354FFED67F8FC05B56F4844502F632EAD44FD7140E03000000040000000C000000524144494D494450524F4F5440420F0038596D5D678205008DC2277E99668AF765D3D7372D915B904AD6CEB0BAA4262E194C894C0634936DA2CCD92ADBA30FF286ADF5EBF68A5E7BE43559A6226BD3500DDA16083C11C2A202000000400000005349470044454C45A82675D99316586079BDDF8965030CEA112DAAC1D9EADE089CFB7B7C9ABF7D9F87FFDFBB958FCBAC5BE082FBFC110E8B75E11ECEA3DD6D91348AFADCC045260A0300000020000000280000005055424B4D494E544D41585468B3FAF25B844DE2860ECC833283DEBE12A2852E195758B03AA8E39B5247F35E30DFFF4B5E820500303FD7697282050000000000 + +# Botan::Invalid_Argument:Merkle tree path size must be multiple of 64 bytes +Response = 0500000040000000C100000025010000BD01000053494700504154485352455043455254494E44583C6348F53968422316DEF44BAAB1D0C55C695B12FA0DC12955DD41768CAE75171C411AB3F39B9B39A0A5F55739B23DA8C9C8AA13EFAFFA36C53B3A5D4C9EB30911709B0F0EA767A0A40ECC06F9AD5D0EE93C4DC95E19A43EF2A92851E3D5CD92EE16FF096C0AC926BBEC6226CF7A15D2C6AB7154D2D4638E17CB01CAE047B9B412B367367A74718F21F1A12318E1EC8FDAAE1D3912F9588EF42A8C2F3F2EF27D45DB472770465181672BB9BC1E306D4767E6EE9D3542C603200127E2D8EBF5C29903000000040000000C000000524144494D494450524F4F5440420F00ABB836DD78820500D85F9F5E8879DD9D5F5130E4F3A8B250FAC244754BA536D2C24D08E59C5CEADA79966B39C10E8678C94529F7790421C4AD490FA43A208D9AEF0BB1DE4252F94202000000400000005349470044454C457865CA05DFFED083CF78A50A24A7D00E7AC2AC27449C9A8CFDA496DBE8ACC74C2C7B766449CBD085AE88C40627EAE8D0F9D07EC30F4D8F37ABB17842ABDC380A0300000020000000280000005055424B4D494E544D415854A9600D58ECE49A48410ABB4F20FDA858ADF5BE3CCCFF09B4ED028DC76A5956560000000000000000FFFFFFFFFFFFFFFF02000000 + +# Botan::Invalid_Argument:midpoint earlier than delegation start +Nonce = 71BEFBF21751C7431F05AF1384D4C2355D20E5E9193D2236B2D385A70DEC6AD92B2E8D84178A1E44D94DEB6F2DB1644BE72155DACBEFF00C5E1A69B0E1B11BE3 +Response = 050000004000000040000000A40000003C01000053494700504154485352455043455254494E445812E94D200CED7E281CF5197E7C2955019F75087D03C70E3C5365CF9D3328F55F63631CADA236A7A505D32D18AD3D6158A9D0723ECDB11698CE602C88294E360503000000040000000C000000524144494D494450524F4F5440420F00B529B0DFF08205003FD6E7B379BE6CC4D6F104ACAAA2115B773E9D649A16C93689FC3945DF538DC7178E75F6DC2FD348B51ADCB1FA86B445039EF827C61727870B2269A6845CF31902000000400000005349470044454C45FD37B5E344698F85D818C61B1F39D3F2F4E876CE60D62F8B5ED3F892EBC01816A11AF3FBF2D55CCF245876EDBBBD636A701241F4B241AF52EF9020D93D0398000300000020000000280000005055424B4D494E544D4158546A42F3AD4043A8AC60D47A7283EB9EE9D462672483F08E34F8B46C6681D283C730BF9D0EF10F090030BF9D0EF10F090000000000 + +# Botan::Invalid_Argument:midpoint later than delegation end +Nonce = A6E107D0F1C7A63620B4696BEC16C9DA19186205F96DA7FD9D2FA6E36C9D5A0C35413CD004F3398DC09A8635A669211DFEEF0F9EC20F2DC8BA5D51BF6314C6C5 +Response = 050000004000000040000000A40000003C01000053494700504154485352455043455254494E445850838432248595410821CBD39AA022BBE4AC9AF8F815D0EEF738215C386F9594D71A4DDF7D8AD73C50B4AE28DC6691344C6E869EFC0ACAAA7D74DF4F6398CA0003000000040000000C000000524144494D494450524F4F5440420F004EFF0EDAF082050012532E7C04D6EE62DDB4BC04877D1EBD30B9811858315EBBD011721194A5DD0BE73BE8E06390443D3D3C85E56DF471AFD461DC28FBBEC9C5A0DAF54B982B167802000000400000005349470044454C452DB049AE5FF4411953AC87E783EE9B36A3CF784B57C0BDA954EDE55AC95B1D1756CD55D1CC4F0911E89396A82BBF1F53B71E401C3C244DD81B2A11E8D7D83D000300000020000000280000005055424B4D494E544D41585476AAAB18DD9FA7643796A4E5FCB4F1CE7BF36AB3B8D4CB1B507D935F9F882A2D303FD76972820500303FD7697282050000000000 + +# fail_validation +Nonce = 83ED2ACE13F29CF02EFB939A6EC79A4BBB7BE7D9E5854FD083FDB01E64BBDBDFEDA23A9FB9EA4BD02F469FFAD10CDD58D049D44E1EB74FA5697A098674546D6D +Pubkey = 503eb78528f749c4bec2e39e1abb9b5e5ab7e4dd5ce4b6f2fd2f93ecc3538f1a +Response = 050000004000000040000000A40000003C01000053494700504154485352455043455254494E445889AD80EC2EF7E507FD68E4B88F6DB48020807749BCAE886FE8221D31B5EC070FEB25E401FD746D9C2C995B354FFED67F8FC05B56F4844502F632EAD44FD7140E03000000040000000C000000524144494D494450524F4F5440420F0038596D5D678205008DC2277E99668AF765D3D7372D915B904AD6CEB0BAA4262E194C894C0634936DA2CCD92ADBA30FF286ADF5EBF68A5E7BE43559A6226BD3500DDA16083C11C2A202000000400000005349470044454C45A82675D99316586079BDDF8965030CEA112DAAC1D9EADE089CFB7B7C9ABF7D9F87FFDFBB958FCBAC5BE082FBFC110E8B75E11ECEA3DD6D91348AFADCC045260A0300000020000000280000005055424B4D494E544D41585468B3FAF25B844DE2860ECC833283DEBE12A2852E195758B03AA8E39B5247F35E30DFFF4B5E820500303FD7697282050000000000 + +[Valid] +Nonce = 83ED2ACE13F29CF02EFB939A6EC79A4BBB7BE7D9E5854FD083FDB01E64BBDBDFEDA23A9FB9EA4BD02F469FFAD10CDD58D049D44E1EB74FA5697A098674546D6D +Pubkey = 803eb78528f749c4bec2e39e1abb9b5e5ab7e4dd5ce4b6f2fd2f93ecc3538f1a +MidpointMicroSeconds = 1550755344243000 +RadiusMicroSeconds = 1000000 +Response = 050000004000000040000000A40000003C01000053494700504154485352455043455254494E445889AD80EC2EF7E507FD68E4B88F6DB48020807749BCAE886FE8221D31B5EC070FEB25E401FD746D9C2C995B354FFED67F8FC05B56F4844502F632EAD44FD7140E03000000040000000C000000524144494D494450524F4F5440420F0038596D5D678205008DC2277E99668AF765D3D7372D915B904AD6CEB0BAA4262E194C894C0634936DA2CCD92ADBA30FF286ADF5EBF68A5E7BE43559A6226BD3500DDA16083C11C2A202000000400000005349470044454C45A82675D99316586079BDDF8965030CEA112DAAC1D9EADE089CFB7B7C9ABF7D9F87FFDFBB958FCBAC5BE082FBFC110E8B75E11ECEA3DD6D91348AFADCC045260A0300000020000000280000005055424B4D494E544D41585468B3FAF25B844DE2860ECC833283DEBE12A2852E195758B03AA8E39B5247F35E30DFFF4B5E820500303FD7697282050000000000 + +# Merkle tree 2 leafs +Nonce = 8FEBCFDCB149EA09E96405547F5360A2C243169F3243B8BA16B962CC94EF62E5E1A619EA25A18B8F324A63B85B615285A17065BE94592D8C1FDF3FAFF279A6E8 +Pubkey = 6f79ced1b4d650a7bb23325b68a9866da2cf33ffd89f073933a5a6107d55aca1 +MidpointMicroSeconds = 1550830411384409 +RadiusMicroSeconds = 1000000 +Response = 050000004000000080000000E40000007C01000053494700504154485352455043455254494E4458357CD0583B97ADFFB7AB5EFD932661366EEFD6AB5B204FAB2CBD9F1CFBE2314FD953CCC66E280307BB30C004A838202EE12BBAC5CA6BE0D179C13441072A8102FD2915F34A58CB40516E2731B2884051482D829F7A996EC3D1BF7367CE40AB8EF28C8BD6A04063F0BE45FBBBF3C79332CCE35E82E783800B6B1E814ECE7C815903000000040000000C000000524144494D494450524F4F5440420F005906C7D778820500FB6AF62DD67A7EFA90E64E26DE4B93FB6A3455DA1C73ABE30CFA6FA0BCAD1E56F4C133BAE1FE959EECFF6F674A8FFC95148E723C8D08510C2394326A3C595D9202000000400000005349470044454C457865CA05DFFED083CF78A50A24A7D00E7AC2AC27449C9A8CFDA496DBE8ACC74C2C7B766449CBD085AE88C40627EAE8D0F9D07EC30F4D8F37ABB17842ABDC380A0300000020000000280000005055424B4D494E544D415854A9600D58ECE49A48410ABB4F20FDA858ADF5BE3CCCFF09B4ED028DC76A5956560000000000000000FFFFFFFFFFFFFFFF01000000 + +# Merkle tree 4 leafs +Nonce = 92DD76EC9302DA565A14D4B7C71AF005DBB51DFE50A931E4BF25925BB9667066E4E593EB8332A57F4CFA14074210AAC5D43A9E4CC13FE5889E9DE0C428AA9D5D +Pubkey = 6f79ced1b4d650a7bb23325b68a9866da2cf33ffd89f073933a5a6107d55aca1 +MidpointMicroSeconds = 1550830502590635 +RadiusMicroSeconds = 1000000 +Response = 0500000040000000C000000024010000BC01000053494700504154485352455043455254494E44583C6348F53968422316DEF44BAAB1D0C55C695B12FA0DC12955DD41768CAE75171C411AB3F39B9B39A0A5F55739B23DA8C9C8AA13EFAFFA36C53B3A5D4C9EB309709B0F0EA767A0A40ECC06F9AD5D0EE93C4DC95E19A43EF2A92851E3D5CD92EE16FF096C0AC926BBEC6226CF7A15D2C6AB7154D2D4638E17CB01CAE047B9B412B367367A74718F21F1A12318E1EC8FDAAE1D3912F9588EF42A8C2F3F2EF27D45DB472770465181672BB9BC1E306D4767E6EE9D3542C603200127E2D8EBF5C29903000000040000000C000000524144494D494450524F4F5440420F00ABB836DD78820500D85F9F5E8879DD9D5F5130E4F3A8B250FAC244754BA536D2C24D08E59C5CEADA79966B39C10E8678C94529F7790421C4AD490FA43A208D9AEF0BB1DE4252F94202000000400000005349470044454C457865CA05DFFED083CF78A50A24A7D00E7AC2AC27449C9A8CFDA496DBE8ACC74C2C7B766449CBD085AE88C40627EAE8D0F9D07EC30F4D8F37ABB17842ABDC380A0300000020000000280000005055424B4D494E544D415854A9600D58ECE49A48410ABB4F20FDA858ADF5BE3CCCFF09B4ED028DC76A5956560000000000000000FFFFFFFFFFFFFFFF02000000 diff --git a/src/tests/test_roughtime.cpp b/src/tests/test_roughtime.cpp new file mode 100644 index 000000000..65bd671bb --- /dev/null +++ b/src/tests/test_roughtime.cpp @@ -0,0 +1,264 @@ +/* +* (C) 2019 Nuno Goncalves +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include "tests.h" + +#include + +#include "test_rng.h" + +#if defined(BOTAN_HAS_BIGINT) + #include +#endif + +#if defined(BOTAN_HAS_ROUGHTIME) + #include + #include + #include + #include +#endif +namespace Botan_Tests { + +#if defined(BOTAN_HAS_ROUGHTIME) + +class Roughtime_Request_Tests final : public Text_Based_Test + { + public: + Roughtime_Request_Tests() : + Text_Based_Test("misc/roughtime_request.vec", "Nonce,Request") {} + + Test::Result run_one_test(const std::string& type, const VarMap& vars) override + { + Test::Result result("roughtime request"); + + const auto nonce = vars.get_req_bin("Nonce"); + const auto request_v = vars.get_req_bin("Request"); + + const auto request = Botan::Roughtime::encode_request(nonce); + result.test_eq( + "encode", + type == "Valid", + request == Botan::typecast_copy>(request_v.data())); + + return result; + } + }; + +BOTAN_REGISTER_TEST("roughtime_request", Roughtime_Request_Tests); + + +class Roughtime_Response_Tests final : public Text_Based_Test + { + public: + Roughtime_Response_Tests() : + Text_Based_Test("misc/roughtime_response.vec", + "Response", + "Nonce,Pubkey,MidpointMicroSeconds,RadiusMicroSeconds") {} + + Test::Result run_one_test(const std::string& type, const VarMap& vars) override + { + Test::Result result("roughtime response"); + + const auto response_v = vars.get_req_bin("Response"); + const auto n = vars.has_key("Nonce") ? vars.get_req_bin("Nonce") : std::vector(64); + assert(n.size() == 64); + const Botan::Roughtime::Nonce nonce(n); + try + { + const auto response = Botan::Roughtime::Response::from_bits(response_v, nonce); + + const auto pubkey = vars.get_req_bin("Pubkey"); + assert(pubkey.size() == 32); + + if(!response.validate(Botan::Ed25519_PublicKey(pubkey))) + { + result.confirm("fail_validation", type == "Invalid"); + } + else + { + const auto midpoint = Botan::Roughtime::Response::sys_microseconds64( + std::chrono::microseconds( + vars.get_req_u64("MidpointMicroSeconds"))); + const auto radius = std::chrono::microseconds( + vars.get_req_u32("RadiusMicroSeconds")); + + result.confirm("midpoint", response.utc_midpoint() == midpoint); + result.confirm("radius", response.utc_radius() == radius); + result.confirm("OK", type == "Valid"); + } + } + catch(const Botan::Roughtime::Roughtime_Error& e) + { + result.confirm(e.what(), type == "Invalid"); + } + + return result; + } + }; + +BOTAN_REGISTER_TEST("roughtime_response", Roughtime_Response_Tests); + +class Roughtime_nonce_from_blind_Tests final : public Text_Based_Test + { + public: + Roughtime_nonce_from_blind_Tests() : + Text_Based_Test("misc/roughtime_nonce_from_blind.vec", "Response,Blind,Nonce") {} + + Test::Result run_one_test(const std::string& type, const VarMap& vars) override + { + Test::Result result("roughtime nonce_from_blind"); + + const auto response = vars.get_req_bin("Response"); + const auto blind = vars.get_req_bin("Blind"); + const auto nonce = vars.get_req_bin("Nonce"); + + result.test_eq("fail_validation", + Botan::Roughtime::nonce_from_blind(response, blind) == nonce, + type == "Valid"); + + return result; + } + }; + +BOTAN_REGISTER_TEST("roughtime_nonce_from_blind", Roughtime_nonce_from_blind_Tests); + + + +class Roughtime final : public Test + { + Test::Result test_nonce() + { + Test::Result result("roughtime nonce"); + + auto rand64 = Botan::unlock(Test::rng().random_vec(64));; + Botan::Roughtime::Nonce nonce_v(rand64); + result.confirm("nonce from vector", nonce_v.get_nonce() == Botan::typecast_copy> + (rand64.data())); + Botan::Roughtime::Nonce nonce_a(Botan::typecast_copy>(rand64.data())); + result.confirm("nonce from array", nonce_v.get_nonce() == Botan::typecast_copy>(rand64.data())); + rand64.push_back(10); + result.test_throws("vector oversize", [&rand64]() {Botan::Roughtime::Nonce nonce_v(rand64);}); //size 65 + rand64.pop_back(); + rand64.pop_back(); + result.test_throws("vector undersize", [&rand64]() {Botan::Roughtime::Nonce nonce_v(rand64);}); //size 63 + + return result; + } + + Test::Result test_chain() + { + Test::Result result("roughtime chain"); + + Botan::Roughtime::Chain c1; + result.confirm("default constructed is empty", c1.links().empty() && c1.responses().empty()); + + auto rand64 = Botan::unlock(Test::rng().random_vec(64));; + Botan::Roughtime::Nonce nonce_v(rand64); + result.confirm("empty chain nonce is blind", + c1.next_nonce(nonce_v).get_nonce() == Botan::typecast_copy>(rand64.data())); + + const std::string chain_str = + "ed25519 bbT+RPS7zKX6w71ssPibzmwWqU9ffRV5oj2OresSmhE= eu9yhsJfVfguVSqGZdE8WKIxaBBM0ZG3Vmuc+IyZmG2YVmrIktUByDdwIFw6F4rZqmSFsBO85ljoVPz5bVPCOw== BQAAAEAAAABAAAAApAAAADwBAABTSUcAUEFUSFNSRVBDRVJUSU5EWBnGOEajOwPA6G7oL47seBP4C7eEpr57H43C2/fK/kMA0UGZVUdf4KNX8oxOK6JIcsbVk8qhghTwA70qtwpYmQkDAAAABAAAAAwAAABSQURJTUlEUFJPT1RAQg8AJrA8tEqPBQAqisiuAxgy2Pj7UJAiWbCdzGz1xcCnja3T+AqhC8fwpeIwW4GPy/vEb/awXW2DgSLKJfzWIAz+2lsR7t4UjNPvAgAAAEAAAABTSUcAREVMRes9Ch4X0HIw5KdOTB8xK4VDFSJBD/G9t7Et/CU7UW61OiTBXYYQTG2JekWZmGa0OHX1JPGG+APkpbsNw0BKUgYDAAAAIAAAACgAAABQVUJLTUlOVE1BWFR/9BWjpsWTQ1f6iUJea3EfZ1MkX3ftJiV3ABqNLpncFwAAAAAAAAAA//////////8AAAAA\n" + "ed25519 gD63hSj3ScS+wuOeGrubXlq35N1c5Lby/S+T7MNTjxo= uLeTON9D+2HqJMzK6sYWLNDEdtBl9t/9yw1cVAOm0/sONH5Oqdq9dVPkC9syjuWbglCiCPVF+FbOtcxCkrgMmA== BQAAAEAAAABAAAAApAAAADwBAABTSUcAUEFUSFNSRVBDRVJUSU5EWOw1jl0uSiBEH9HE8/6r7zxoSc01f48vw+UzH8+VJoPelnvVJBj4lnH8uRLh5Aw0i4Du7XM1dp2u0r/I5PzhMQoDAAAABAAAAAwAAABSQURJTUlEUFJPT1RAQg8AUBo+tEqPBQC47l77to7ESFTVhlw1SC74P5ssx6gpuJ6eP+1916GuUiySGE/x3Fp0c3otUGAdsRQou5p9PDTeane/YEeVq4/8AgAAAEAAAABTSUcAREVMRe5T1ml8wHyWAcEtHP/U5Rg/jFXTEXOSglngSa4aI/CECVdy4ZNWeP6vv+2//ZW7lQsrWo7ZkXpvm9BdBONRSQIDAAAAIAAAACgAAABQVUJLTUlOVE1BWFQpXlenV0OfVisvp9jDHXLw8vymZVK9Pgw9k6Edf8ZEhUgSGEc5jwUASHLvZE2PBQAAAAAA\n"; + + Botan::Roughtime::Chain c2(chain_str); + result.confirm("have two elements", c2.links().size() == 2 && c2.responses().size() == 2); + result.confirm("serialize loopback", c2.to_string() == chain_str); + + c1.append(c2.links()[0], 1); + result.confirm("append ok", c1.links().size() == 1 && c1.responses().size() == 1); + c1.append(c2.links()[1], 1); + result.confirm("max size", c1.links().size() == 1 && c1.responses().size() == 1); + + result.test_throws("non-positive max chain size", [&]() {c1.append(c2.links()[1], 0);}); + result.test_throws("1 field", [&]() {Botan::Roughtime::Chain a("ed25519");}); + result.test_throws("2 fields", [&]() {Botan::Roughtime::Chain a("ed25519 bbT+RPS7zKX6w71ssPibzmwWqU9ffRV5oj2OresSmhE=");}); + result.test_throws("3 fields", [&]() {Botan::Roughtime::Chain a("ed25519 bbT+RPS7zKX6w71ssPibzmwWqU9ffRV5oj2OresSmhE= eu9yhsJfVfguVSqGZdE8WKIxaBBM0ZG3Vmuc+IyZmG2YVmrIktUByDdwIFw6F4rZqmSFsBO85ljoVPz5bVPCOw==");}); + result.test_throws("5 fields", [&]() {Botan::Roughtime::Chain a("ed25519 bbT+RPS7zKX6w71ssPibzmwWqU9ffRV5oj2OresSmhE= eu9yhsJfVfguVSqGZdE8WKIxaBBM0ZG3Vmuc+IyZmG2YVmrIktUByDdwIFw6F4rZqmSFsBO85ljoVPz5bVPCOw== BQAAAEAAAABAAAAApAAAADwBAABTSUcAUEFUSFNSRVBDRVJUSU5EWBnGOEajOwPA6G7oL47seBP4C7eEpr57H43C2/fK/kMA0UGZVUdf4KNX8oxOK6JIcsbVk8qhghTwA70qtwpYmQkDAAAABAAAAAwAAABSQURJTUlEUFJPT1RAQg8AJrA8tEqPBQAqisiuAxgy2Pj7UJAiWbCdzGz1xcCnja3T+AqhC8fwpeIwW4GPy/vEb/awXW2DgSLKJfzWIAz+2lsR7t4UjNPvAgAAAEAAAABTSUcAREVMRes9Ch4X0HIw5KdOTB8xK4VDFSJBD/G9t7Et/CU7UW61OiTBXYYQTG2JekWZmGa0OHX1JPGG+APkpbsNw0BKUgYDAAAAIAAAACgAAABQVUJLTUlOVE1BWFR/9BWjpsWTQ1f6iUJea3EfZ1MkX3ftJiV3ABqNLpncFwAAAAAAAAAA//////////8AAAAA abc");}); + result.test_throws("invalid key type", [&]() {Botan::Roughtime::Chain a("rsa bbT+RPS7zKX6w71ssPibzmwWqU9ffRV5oj2OresSmhE= eu9yhsJfVfguVSqGZdE8WKIxaBBM0ZG3Vmuc+IyZmG2YVmrIktUByDdwIFw6F4rZqmSFsBO85ljoVPz5bVPCOw== BQAAAEAAAABAAAAApAAAADwBAABTSUcAUEFUSFNSRVBDRVJUSU5EWBnGOEajOwPA6G7oL47seBP4C7eEpr57H43C2/fK/kMA0UGZVUdf4KNX8oxOK6JIcsbVk8qhghTwA70qtwpYmQkDAAAABAAAAAwAAABSQURJTUlEUFJPT1RAQg8AJrA8tEqPBQAqisiuAxgy2Pj7UJAiWbCdzGz1xcCnja3T+AqhC8fwpeIwW4GPy/vEb/awXW2DgSLKJfzWIAz+2lsR7t4UjNPvAgAAAEAAAABTSUcAREVMRes9Ch4X0HIw5KdOTB8xK4VDFSJBD/G9t7Et/CU7UW61OiTBXYYQTG2JekWZmGa0OHX1JPGG+APkpbsNw0BKUgYDAAAAIAAAACgAAABQVUJLTUlOVE1BWFR/9BWjpsWTQ1f6iUJea3EfZ1MkX3ftJiV3ABqNLpncFwAAAAAAAAAA//////////8AAAAA");}); + result.test_throws("invalid key", [&]() {Botan::Roughtime::Chain a("ed25519 bbT+RPS7zKX6wssPibzmwWqU9ffRV5oj2OresSmhE= eu9yhsJfVfguVSqGZdE8WKIxaBBM0ZG3Vmuc+IyZmG2YVmrIktUByDdwIFw6F4rZqmSFsBO85ljoVPz5bVPCOw== BQAAAEAAAABAAAAApAAAADwBAABTSUcAUEFUSFNSRVBDRVJUSU5EWBnGOEajOwPA6G7oL47seBP4C7eEpr57H43C2/fK/kMA0UGZVUdf4KNX8oxOK6JIcsbVk8qhghTwA70qtwpYmQkDAAAABAAAAAwAAABSQURJTUlEUFJPT1RAQg8AJrA8tEqPBQAqisiuAxgy2Pj7UJAiWbCdzGz1xcCnja3T+AqhC8fwpeIwW4GPy/vEb/awXW2DgSLKJfzWIAz+2lsR7t4UjNPvAgAAAEAAAABTSUcAREVMRes9Ch4X0HIw5KdOTB8xK4VDFSJBD/G9t7Et/CU7UW61OiTBXYYQTG2JekWZmGa0OHX1JPGG+APkpbsNw0BKUgYDAAAAIAAAACgAAABQVUJLTUlOVE1BWFR/9BWjpsWTQ1f6iUJea3EfZ1MkX3ftJiV3ABqNLpncFwAAAAAAAAAA//////////8AAAAA");}); + result.test_throws("invalid nonce", [&]() {Botan::Roughtime::Chain a("ed25519 bbT+RPS7zKX6w71ssPibzmwWqU9ffRV5oj2OresSmhE= eu9yhsJfVfguVSqGZdE8WKIxaBBM0ZG3Vmuc+IyZmG2UByDdwIFw6F4rZqmSFsBO85ljoVPz5bVPCOw== BQAAAEAAAABAAAAApAAAADwBAABTSUcAUEFUSFNSRVBDRVJUSU5EWBnGOEajOwPA6G7oL47seBP4C7eEpr57H43C2/fK/kMA0UGZVUdf4KNX8oxOK6JIcsbVk8qhghTwA70qtwpYmQkDAAAABAAAAAwAAABSQURJTUlEUFJPT1RAQg8AJrA8tEqPBQAqisiuAxgy2Pj7UJAiWbCdzGz1xcCnja3T+AqhC8fwpeIwW4GPy/vEb/awXW2DgSLKJfzWIAz+2lsR7t4UjNPvAgAAAEAAAABTSUcAREVMRes9Ch4X0HIw5KdOTB8xK4VDFSJBD/G9t7Et/CU7UW61OiTBXYYQTG2JekWZmGa0OHX1JPGG+APkpbsNw0BKUgYDAAAAIAAAACgAAABQVUJLTUlOVE1BWFR/9BWjpsWTQ1f6iUJea3EfZ1MkX3ftJiV3ABqNLpncFwAAAAAAAAAA//////////8AAAAA");}); + + return result; + } + + Test::Result test_server_information() + { + Test::Result result("roughtime server_information"); + + const auto servers = Botan::Roughtime::servers_from_str( + "Chainpoint-Roughtime ed25519 bbT+RPS7zKX6w71ssPibzmwWqU9ffRV5oj2OresSmhE= udp roughtime.chainpoint.org:2002\n" + "Cloudflare-Roughtime ed25519 gD63hSj3ScS+wuOeGrubXlq35N1c5Lby/S+T7MNTjxo= udp roughtime.cloudflare.com:2002\n" + "Google-Sandbox-Roughtime ed25519 etPaaIxcBMY1oUeGpwvPMCJMwlRVNxv51KK/tktoJTQ= udp roughtime.sandbox.google.com:2002\n" + "int08h-Roughtime ed25519 AW5uAoTSTDfG5NfY1bTh08GUnOqlRb+HVhbJ3ODJvsE= udp roughtime.int08h.com:2002\n" + "ticktock ed25519 cj8GsiNlRkqiDElAeNMSBBMwrAl15hYPgX50+GWX/lA= udp ticktock.mixmin.net:5333\n" + ); + + result.confirm("size", servers.size() == 5); + result.test_eq("name", servers[0].name(), "Chainpoint-Roughtime"); + result.test_eq("name", servers[4].name(), "ticktock"); + result.confirm("public key", servers[0].public_key().get_public_key() == Botan::Ed25519_PublicKey( + Botan::base64_decode("bbT+RPS7zKX6w71ssPibzmwWqU9ffRV5oj2OresSmhE=")).get_public_key()); + result.confirm("single address", servers[0].addresses().size()==1); + result.test_eq("address", servers[0].addresses()[0], "roughtime.chainpoint.org:2002"); + + result.test_throws("1 field", [&]() {Botan::Roughtime::servers_from_str("A");}); + result.test_throws("2 fields", [&]() {Botan::Roughtime::servers_from_str("A ed25519");}); + result.test_throws("3 fields", [&]() {Botan::Roughtime::servers_from_str("A ed25519 bbT+RPS7zKX6w71ssPibzmwWqU9ffRV5oj2OresSmhE=");}); + result.test_throws("4 fields", [&]() {Botan::Roughtime::servers_from_str("A ed25519 bbT+RPS7zKX6w71ssPibzmwWqU9ffRV5oj2OresSmhE= udp");}); + result.test_throws("invalid address", [&]() {Botan::Roughtime::servers_from_str("A ed25519 bbT+RPS7zKX6w71ssPibzmwWqU9ffRV5oj2OresSmhE= udp ");}); + result.test_throws("invalid key type", [&]() {Botan::Roughtime::servers_from_str("A rsa bbT+RPS7zKX6w71ssPibzmwWqU9ffRV5oj2OresSmhE= udp roughtime.chainpoint.org:2002");}); + result.test_throws("invalid key", [&]() {Botan::Roughtime::servers_from_str("A ed25519 bbT+RP7zKX6w71ssPibzmwWqU9ffRV5oj2OresSmhE= udp roughtime.chainpoint.org:2002");}); + result.test_throws("invalid protocol", [&]() {Botan::Roughtime::servers_from_str("A ed25519 bbT+RPS7zKX6w71ssPibzmwWqU9ffRV5oj2OresSmhE= tcp roughtime.chainpoint.org:2002");}); + + return result; + } + + Test::Result test_request_online() + { + Test::Result result("roughtime request online"); + + Botan::Roughtime::Nonce nonce(Test::rng()); + try + { + const auto response_raw = Botan::Roughtime::online_request("roughtime.cloudflare.com:2002", nonce, + std::chrono::seconds(5)); + const auto now = std::chrono::system_clock::now(); + const auto response = Botan::Roughtime::Response::from_bits(response_raw, nonce); + std::chrono::milliseconds local_clock_max_error(1000); + const auto diff_abs = now >= response.utc_midpoint() ? now - response.utc_midpoint() : response.utc_midpoint() - now; + result.confirm("online", diff_abs <= (response.utc_radius() + local_clock_max_error)); + } + catch(const std::exception& e) + { + result.test_failure(e.what()); + } + return result; + } + + + public: + std::vector run() override + { + std::vector results; + results.push_back(test_nonce()); + results.push_back(test_chain()); + results.push_back(test_server_information()); + + if(Test::options().run_online_tests()) + { + results.push_back(test_request_online()); + } + + return results; + } + }; + +BOTAN_REGISTER_TEST("roughtime", Roughtime); + +#endif + +} -- cgit v1.2.3 From 760419ef719721fd8ee8d7d8bb77d27bd66801fa Mon Sep 17 00:00:00 2001 From: Nuno Goncalves Date: Wed, 9 Oct 2019 23:26:13 +0200 Subject: roughtime: decode integer values properly also on big endian arch (fix #2137) Signed-off-by: Nuno Goncalves --- src/lib/misc/roughtime/roughtime.cpp | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) (limited to 'src/lib') diff --git a/src/lib/misc/roughtime/roughtime.cpp b/src/lib/misc/roughtime/roughtime.cpp index c9767546a..94a9a6b82 100644 --- a/src/lib/misc/roughtime/roughtime.cpp +++ b/src/lib/misc/roughtime/roughtime.cpp @@ -21,6 +21,34 @@ namespace Botan { namespace { +template< bool B, class T = void > +using enable_if_t = typename std::enable_if::type; + +template +struct is_array : std::false_type {}; + +template +struct is_array>:std::true_type{}; + +template +T from_little_endian(const uint8_t* t, size_t N = sizeof(T)) + { + static_assert(sizeof(T)<=sizeof(int64_t),""); + return (N == 0) ? T(0) : (T(static_cast(t[N-1]) << ((N-1)*8)) + from_little_endian(t,N-1)); + } + +template::value>* = nullptr> +T copy(const uint8_t* t) + { + return typecast_copy(t); //arrays are endianess indepedent, so we do a memcpy + } + +template::value>* = nullptr> +T copy(const uint8_t* t) + { + return from_little_endian(t); //other types are arithmetic, so we account that roughtime serializes as little endian + } + template std::map> unpack_roughtime_packet(T bytes) { @@ -35,7 +63,7 @@ std::map> unpack_roughtime_packet(T bytes) std::map> tags; for(uint32_t i=0; i(buf + 4 + i*4); + const uint32_t end = ((i+1) == num_tags) ? bytes.size() : start_content + from_little_endian(buf + 4 + i*4); if(end > bytes.size()) { throw Roughtime::Roughtime_Error("Tag end index out of bounds"); } if(end < start) @@ -58,7 +86,7 @@ T get(const std::map>& map, const std::string& { throw Roughtime::Roughtime_Error("Tag " + label + " not found"); } if(tag->second.size() != sizeof(T)) { throw Roughtime::Roughtime_Error("Tag " + label + " has unexpected size"); } - return typecast_copy(tag->second.data()); + return copy(tag->second.data()); } const std::vector& get_v(const std::map>& map, const std::string& label) -- cgit v1.2.3