11380319839

Committed 17 Oct 2024 07:26AM UTC coverage: 91.126% (+0.007%) from 91.119%

Build # 11380319839

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #4384 from Rohde-Schwarz/refactor/x25519_x448_zero_rejection

Refactor: Centralize X25519/X448 all-zero result rejection

Run Details

91004 of 99866 relevant lines covered (91.13%)

9508010.62 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

89.66

/src/tests/test_x25519.cpp

/*
* (C) 2014,2015 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include "tests.h"

#if defined(BOTAN_HAS_X25519)
   #include "test_pubkey.h"
   #include <botan/data_src.h>
   #include <botan/pkcs8.h>
   #include <botan/x25519.h>
   #include <botan/x509_key.h>
#endif

namespace Botan_Tests {

#if defined(BOTAN_HAS_X25519)

class X25519_Agreement_Tests final : public PK_Key_Agreement_Test {
   public:
      X25519_Agreement_Tests() : PK_Key_Agreement_Test("X25519", "pubkey/x25519.vec", "Secret,CounterKey,K") {}

      bool agreement_should_fail(const std::string& /*unused*/, const VarMap& vars) const override {
         for(const auto byte : vars.get_req_bin("K")) {
            if(byte != 0) {
               return false;
            }
         }

         return true;
      }

      std::string default_kdf(const VarMap& /*unused*/) const override { return "Raw"; }

      std::unique_ptr<Botan::Private_Key> load_our_key(const std::string& /*header*/, const VarMap& vars) override {
         const std::vector<uint8_t> secret_vec = vars.get_req_bin("Secret");
         Botan::secure_vector<uint8_t> secret(secret_vec.begin(), secret_vec.end());
         return std::make_unique<Botan::X25519_PrivateKey>(secret);
      }

      std::vector<uint8_t> load_their_key(const std::string& /*header*/, const VarMap& vars) override {
         return vars.get_req_bin("CounterKey");
      }
};

BOTAN_REGISTER_TEST("pubkey", "x25519_agreement", X25519_Agreement_Tests);

class X25519_Roundtrip_Test final : public Test {
   public:
      std::vector<Test::Result> run() override {
         std::vector<Test::Result> results;

         for(size_t i = 0; i < 10; ++i) {
            Test::Result result("X25519 roundtrip");

            Botan::X25519_PrivateKey a_priv_gen(this->rng());
            Botan::X25519_PrivateKey b_priv_gen(this->rng());

   #if defined(BOTAN_HAS_PKCS5_PBES2) && defined(BOTAN_HAS_AES) && defined(BOTAN_HAS_AEAD_GCM) && \
      defined(BOTAN_HAS_SHA2_32)
            // Then serialize to encrypted storage

            const std::string a_pass = "alice pass";
            const std::string b_pass = "bob pass";
            const auto pbe_time = std::chrono::milliseconds(1);
            const std::string a_priv_pem = Botan::PKCS8::PEM_encode(a_priv_gen, this->rng(), a_pass, pbe_time);
            const std::string b_priv_pem = Botan::PKCS8::PEM_encode(b_priv_gen, this->rng(), b_pass, pbe_time);

            // Reload back into memory
            Botan::DataSource_Memory a_priv_ds(a_priv_pem);
            Botan::DataSource_Memory b_priv_ds(b_priv_pem);

            auto a_priv = Botan::PKCS8::load_key(a_priv_ds, [a_pass]() { return std::string(a_pass); });
            auto b_priv = Botan::PKCS8::load_key(b_priv_ds, b_pass);
   #else
            const std::string a_priv_pem = Botan::PKCS8::PEM_encode(a_priv_gen);
            const std::string b_priv_pem = Botan::PKCS8::PEM_encode(b_priv_gen);

            // Reload back into memory
            Botan::DataSource_Memory a_priv_ds(a_priv_pem);
            Botan::DataSource_Memory b_priv_ds(b_priv_pem);

            auto a_priv = Botan::PKCS8::load_key(a_priv_ds);
            auto b_priv = Botan::PKCS8::load_key(b_priv_ds);
   #endif

            // Export public keys as PEM
            const std::string a_pub_pem = Botan::X509::PEM_encode(*a_priv);
            const std::string b_pub_pem = Botan::X509::PEM_encode(*b_priv);

            Botan::DataSource_Memory a_pub_ds(a_pub_pem);
            Botan::DataSource_Memory b_pub_ds(b_pub_pem);

            auto a_pub = Botan::X509::load_key(a_pub_ds);
            auto b_pub = Botan::X509::load_key(b_pub_ds);

            Botan::X25519_PublicKey* a_pub_key = dynamic_cast<Botan::X25519_PublicKey*>(a_pub.get());
            Botan::X25519_PublicKey* b_pub_key = dynamic_cast<Botan::X25519_PublicKey*>(b_pub.get());

            if(a_pub_key && b_pub_key) {
               Botan::PK_Key_Agreement a_ka(*a_priv, this->rng(), "Raw");
               Botan::PK_Key_Agreement b_ka(*b_priv, this->rng(), "Raw");

               Botan::SymmetricKey a_key = a_ka.derive_key(32, b_pub_key->public_value());
               Botan::SymmetricKey b_key = b_ka.derive_key(32, a_pub_key->public_value());

               if(!result.test_eq("key agreement", a_key.bits_of(), b_key.bits_of())) {
                  result.test_note(a_priv_pem);
                  result.test_note(b_priv_pem);
               }
            } else {
               result.test_failure("Cast back to X25519 failed");
            }

            results.push_back(result);
         }

         return results;
      }
};

BOTAN_REGISTER_TEST("pubkey", "x25519_rt", X25519_Roundtrip_Test);

class X25519_Keygen_Tests final : public PK_Key_Generation_Test {
   public:
      std::vector<std::string> keygen_params() const override { return {""}; }

      std::string algo_name() const override { return "X25519"; }

      std::unique_ptr<Botan::Public_Key> public_key_from_raw(std::string_view /* keygen_params */,
                                                             std::string_view /* provider */,
                                                             std::span<const uint8_t> raw_pk) const override {
         return std::make_unique<Botan::X25519_PublicKey>(raw_pk);
      }
};

BOTAN_REGISTER_TEST("pubkey", "x25519_keygen", X25519_Keygen_Tests);

#endif

}  // namespace Botan_Tests

1	/*
2	* (C) 2014,2015 Jack Lloyd
3	*
4	* Botan is released under the Simplified BSD License (see license.txt)
5	*/
6
7	#include "tests.h"
8
9	#if defined(BOTAN_HAS_X25519)
10	#include "test_pubkey.h"
11	#include <botan/data_src.h>
12	#include <botan/pkcs8.h>
13	#include <botan/x25519.h>
14	#include <botan/x509_key.h>
15	#endif
16
17	namespace Botan_Tests {
18
19	#if defined(BOTAN_HAS_X25519)
20
21	class X25519_Agreement_Tests final : public PK_Key_Agreement_Test {
22	public:
23	X25519_Agreement_Tests() : PK_Key_Agreement_Test("X25519", "pubkey/x25519.vec", "Secret,CounterKey,K") {}	2✔
24
25	bool agreement_should_fail(const std::string& /unused/, const VarMap& vars) const override {	90✔
26	for(const auto byte : vars.get_req_bin("K")) {	599✔
27	if(byte != 0) {	585✔
28	return false;	76✔
29	}
30	}	76✔
31
32	return true;	14✔
33	}
34
35	std::string default_kdf(const VarMap& /unused/) const override { return "Raw"; }	90✔
36
37	std::unique_ptr<Botan::Private_Key> load_our_key(const std::string& /header/, const VarMap& vars) override {	90✔
38	const std::vector<uint8_t> secret_vec = vars.get_req_bin("Secret");	90✔
39	Botan::secure_vector<uint8_t> secret(secret_vec.begin(), secret_vec.end());	90✔
40	return std::make_unique<Botan::X25519_PrivateKey>(secret);	180✔
41	}	180✔
42
43	std::vector<uint8_t> load_their_key(const std::string& /header/, const VarMap& vars) override {	90✔
44	return vars.get_req_bin("CounterKey");	180✔
45	}
46	};
47
48	BOTAN_REGISTER_TEST("pubkey", "x25519_agreement", X25519_Agreement_Tests);
49
50	class X25519_Roundtrip_Test final : public Test {	×
51	public:
52	std::vector<Test::Result> run() override {	1✔
53	std::vector<Test::Result> results;	1✔
54
55	for(size_t i = 0; i < 10; ++i) {	11✔
56	Test::Result result("X25519 roundtrip");	10✔
57
58	Botan::X25519_PrivateKey a_priv_gen(this->rng());	10✔
59	Botan::X25519_PrivateKey b_priv_gen(this->rng());	10✔
60
61	#if defined(BOTAN_HAS_PKCS5_PBES2) && defined(BOTAN_HAS_AES) && defined(BOTAN_HAS_AEAD_GCM) && \
62	defined(BOTAN_HAS_SHA2_32)
63	// Then serialize to encrypted storage
64
65	const std::string a_pass = "alice pass";	10✔
66	const std::string b_pass = "bob pass";	10✔
67	const auto pbe_time = std::chrono::milliseconds(1);	10✔
68	const std::string a_priv_pem = Botan::PKCS8::PEM_encode(a_priv_gen, this->rng(), a_pass, pbe_time);	10✔
69	const std::string b_priv_pem = Botan::PKCS8::PEM_encode(b_priv_gen, this->rng(), b_pass, pbe_time);	10✔
70
71	// Reload back into memory
72	Botan::DataSource_Memory a_priv_ds(a_priv_pem);	10✔
73	Botan::DataSource_Memory b_priv_ds(b_priv_pem);	10✔
74
75	auto a_priv = Botan::PKCS8::load_key(a_priv_ds, [a_pass]() { return std::string(a_pass); });	60✔
76	auto b_priv = Botan::PKCS8::load_key(b_priv_ds, b_pass);	10✔
77	#else
78	const std::string a_priv_pem = Botan::PKCS8::PEM_encode(a_priv_gen);
79	const std::string b_priv_pem = Botan::PKCS8::PEM_encode(b_priv_gen);
80
81	// Reload back into memory
82	Botan::DataSource_Memory a_priv_ds(a_priv_pem);
83	Botan::DataSource_Memory b_priv_ds(b_priv_pem);
84
85	auto a_priv = Botan::PKCS8::load_key(a_priv_ds);
86	auto b_priv = Botan::PKCS8::load_key(b_priv_ds);
87	#endif
88
89	// Export public keys as PEM
90	const std::string a_pub_pem = Botan::X509::PEM_encode(*a_priv);	10✔
91	const std::string b_pub_pem = Botan::X509::PEM_encode(*b_priv);	10✔
92
93	Botan::DataSource_Memory a_pub_ds(a_pub_pem);	10✔
94	Botan::DataSource_Memory b_pub_ds(b_pub_pem);	10✔
95
96	auto a_pub = Botan::X509::load_key(a_pub_ds);	10✔
97	auto b_pub = Botan::X509::load_key(b_pub_ds);	10✔
98
99	Botan::X25519_PublicKey* a_pub_key = dynamic_cast<Botan::X25519_PublicKey*>(a_pub.get());	10✔
100	Botan::X25519_PublicKey* b_pub_key = dynamic_cast<Botan::X25519_PublicKey*>(b_pub.get());	10✔
101
102	if(a_pub_key && b_pub_key) {	10✔
103	Botan::PK_Key_Agreement a_ka(*a_priv, this->rng(), "Raw");	10✔
104	Botan::PK_Key_Agreement b_ka(*b_priv, this->rng(), "Raw");	10✔
105
106	Botan::SymmetricKey a_key = a_ka.derive_key(32, b_pub_key->public_value());	10✔
107	Botan::SymmetricKey b_key = b_ka.derive_key(32, a_pub_key->public_value());	10✔
108
109	if(!result.test_eq("key agreement", a_key.bits_of(), b_key.bits_of())) {	40✔
110	result.test_note(a_priv_pem);	×
111	result.test_note(b_priv_pem);	×
112	}
113	} else {	20✔
114	result.test_failure("Cast back to X25519 failed");	×
115	}
116
117	results.push_back(result);	10✔
118	}	80✔
119
120	return results;	1✔
121	}	×
122	};
123
124	BOTAN_REGISTER_TEST("pubkey", "x25519_rt", X25519_Roundtrip_Test);
125
126	class X25519_Keygen_Tests final : public PK_Key_Generation_Test {	×
127	public:
128	std::vector<std::string> keygen_params() const override { return {""}; }	1✔
129
130	std::string algo_name() const override { return "X25519"; }	1✔
131
132	std::unique_ptr<Botan::Public_Key> public_key_from_raw(std::string_view /* keygen_params */,	1✔
133	std::string_view /* provider */,
134	std::span<const uint8_t> raw_pk) const override {
135	return std::make_unique<Botan::X25519_PublicKey>(raw_pk);	1✔
136	}
137	};
138
139	BOTAN_REGISTER_TEST("pubkey", "x25519_keygen", X25519_Keygen_Tests);
140
141	#endif
142
143	} // namespace Botan_Tests

randombit / botan / 11380319839

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous