13345891044

Committed 15 Feb 2025 02:24PM UTC coverage: 91.637% (-0.002%) from 91.639%

Build # 13345891044

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #4690 from randombit/jack/prep-for-curve-preregistration

Modify tests to avoid implicitly creating EC_Groups

Run Details

94971 of 103638 relevant lines covered (91.64%)

11153236.5 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

94.55

/src/tests/test_ecies.cpp

/*
* (C) 2016 Philipp Weber
* (C) 2016 Daniel Neus
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include "tests.h"

#if defined(BOTAN_HAS_ECIES)
   #include <botan/ecdh.h>
   #include <botan/ecies.h>
#endif

namespace Botan_Tests {

namespace {

#if defined(BOTAN_HAS_ECIES) && defined(BOTAN_HAS_AES) && defined(BOTAN_HAS_MODE_CBC)

using Flags = Botan::ECIES_Flags;

Botan::EC_Point_Format get_compression_type(const std::string& format) {
   if(format == "uncompressed") {
      return Botan::EC_Point_Format::Uncompressed;
   } else if(format == "compressed") {
      return Botan::EC_Point_Format::Compressed;
   } else if(format == "hybrid") {
      return Botan::EC_Point_Format::Hybrid;
   }
   throw Botan::Invalid_Argument("invalid compression format");
}

Flags ecies_flags(bool cofactor_mode, bool old_cofactor_mode, bool check_mode, bool single_hash_mode) {
   return (cofactor_mode ? Flags::CofactorMode : Flags::None) |
          (single_hash_mode ? Flags::SingleHashMode : Flags::None) |
          (old_cofactor_mode ? Flags::OldCofactorMode : Flags::None) | (check_mode ? Flags::CheckMode : Flags::None);
}

void check_encrypt_decrypt(Test::Result& result,
                           const Botan::ECDH_PrivateKey& private_key,
                           const Botan::ECDH_PrivateKey& other_private_key,
                           const Botan::ECIES_System_Params& ecies_params,
                           const Botan::InitializationVector& iv,
                           const std::string& label,
                           const std::vector<uint8_t>& plaintext,
                           const std::vector<uint8_t>& ciphertext,
                           Botan::RandomNumberGenerator& rng) {
   try {
      Botan::ECIES_Encryptor ecies_enc(private_key, ecies_params, rng);
      ecies_enc.set_other_key(
         Botan::EC_AffinePoint(other_private_key.domain(), other_private_key.raw_public_key_bits()));
      Botan::ECIES_Decryptor ecies_dec(other_private_key, ecies_params, rng);
      if(!iv.bits_of().empty()) {
         ecies_enc.set_initialization_vector(iv);
         ecies_dec.set_initialization_vector(iv);
      }
      if(!label.empty()) {
         ecies_enc.set_label(label);
         ecies_dec.set_label(label);
      }

      const std::vector<uint8_t> encrypted = ecies_enc.encrypt(plaintext, rng);
      if(!ciphertext.empty()) {
         result.test_eq("encrypted data", encrypted, ciphertext);
      }
      const Botan::secure_vector<uint8_t> decrypted = ecies_dec.decrypt(encrypted);
      result.test_eq("decrypted data equals plaintext", decrypted, plaintext);

      std::vector<uint8_t> invalid_encrypted = encrypted;
      uint8_t& last_byte = invalid_encrypted[invalid_encrypted.size() - 1];
      last_byte = ~last_byte;
      result.test_throws("throw on invalid ciphertext",
                         [&ecies_dec, &invalid_encrypted] { ecies_dec.decrypt(invalid_encrypted); });
   } catch(Botan::Lookup_Error& e) {
      result.test_note(std::string("Test not executed: ") + e.what());
   }
}

void check_encrypt_decrypt(Test::Result& result,
                           const Botan::ECDH_PrivateKey& private_key,
                           const Botan::ECDH_PrivateKey& other_private_key,
                           const Botan::ECIES_System_Params& ecies_params,
                           size_t iv_length,
                           Botan::RandomNumberGenerator& rng) {
   const std::vector<uint8_t> plaintext{1, 2, 3};
   check_encrypt_decrypt(result,
                         private_key,
                         other_private_key,
                         ecies_params,
                         Botan::InitializationVector(std::vector<uint8_t>(iv_length, 0)),
                         "",
                         plaintext,
                         std::vector<uint8_t>(),
                         rng);
}

   #if defined(BOTAN_HAS_KDF1_18033) && defined(BOTAN_HAS_SHA1)

class ECIES_ISO_Tests final : public Text_Based_Test {
   public:
      ECIES_ISO_Tests() : Text_Based_Test("pubkey/ecies-18033.vec", "format,p,a,b,Order,Gx,Gy,Oid,hx,hy,x,r,C0,K") {}

      bool clear_between_callbacks() const override { return false; }

      bool skip_this_test(const std::string&, const VarMap&) override {
         return !Botan::EC_Group::supports_application_specific_group();
      }

      Test::Result run_one_test(const std::string& /*header*/, const VarMap& vars) override {
         Test::Result result("ECIES-ISO");

         // get test vectors defined by ISO 18033
         const Botan::EC_Point_Format compression_type = get_compression_type(vars.get_req_str("format"));
         const Botan::BigInt p = vars.get_req_bn("p");
         const Botan::BigInt a = vars.get_req_bn("a");
         const Botan::BigInt b = vars.get_req_bn("b");
         const Botan::BigInt order = vars.get_req_bn("Order");  // order
         const Botan::BigInt gx = vars.get_req_bn("Gx");        // base point x
         const Botan::BigInt gy = vars.get_req_bn("Gy");        // base point y
         const Botan::OID oid(vars.get_req_str("Oid"));
         const Botan::BigInt hx = vars.get_req_bn("hx");          // x of public point of bob
         const Botan::BigInt hy = vars.get_req_bn("hy");          // y of public point of bob
         const Botan::BigInt x = vars.get_req_bn("x");            // private key of bob
         const Botan::BigInt r = vars.get_req_bn("r");            // (ephemeral) private key of alice
         const std::vector<uint8_t> c0 = vars.get_req_bin("C0");  // expected encoded (ephemeral) public key
         const std::vector<uint8_t> k = vars.get_req_bin("K");    // expected derived secret

         const Botan::EC_Group domain(oid, p, a, b, gx, gy, order);

         // keys of bob
         const Botan::ECDH_PrivateKey other_private_key(this->rng(), domain, x);
         const auto other_public_key_point = Botan::EC_AffinePoint::from_bigint_xy(domain, hx, hy).value();
         const Botan::ECDH_PublicKey other_public_key(domain, other_public_key_point);

         // (ephemeral) keys of alice
         const Botan::ECDH_PrivateKey eph_private_key(this->rng(), domain, r);
         const auto eph_public_key_bin = eph_private_key.public_value(compression_type);
         result.test_eq("encoded (ephemeral) public key", eph_public_key_bin, c0);

         // test secret derivation: ISO 18033 test vectors use KDF1 from ISO 18033
         // no cofactor-/oldcofactor-/singlehash-/check-mode and 128 byte secret length
         Botan::ECIES_KA_Params ka_params(
            eph_private_key.domain(), "KDF1-18033(SHA-1)", 128, compression_type, Flags::None);
         const Botan::ECIES_KA_Operation ka(eph_private_key, ka_params, true, this->rng());
         const Botan::SymmetricKey secret_key = ka.derive_secret(eph_public_key_bin, other_public_key_point);
         result.test_eq("derived secret key", secret_key.bits_of(), k);

         // test encryption / decryption

         // TODO(Botan4) clean this up after removing cofactor support

         for(auto comp_type : {Botan::EC_Point_Format::Uncompressed,
                               Botan::EC_Point_Format::Compressed,
                               Botan::EC_Point_Format::Hybrid}) {
            for(bool cofactor_mode : {true, false}) {
               for(bool single_hash_mode : {true, false}) {
                  for(bool old_cofactor_mode : {true, false}) {
                     for(bool check_mode : {true, false}) {
                        Flags flags = ecies_flags(cofactor_mode, old_cofactor_mode, check_mode, single_hash_mode);

                        if(size_t(cofactor_mode) + size_t(check_mode) + size_t(old_cofactor_mode) > 1) {
                           auto onThrow = [&]() {
                              Botan::ECIES_System_Params(eph_private_key.domain(),
                                                         "KDF2(SHA-1)",
                                                         "AES-256/CBC",
                                                         32,
                                                         "HMAC(SHA-1)",
                                                         20,
                                                         comp_type,
                                                         flags);
                           };
                           result.test_throws("throw on invalid ECIES_Flags", onThrow);
                           continue;
                        }

                        Botan::ECIES_System_Params ecies_params(eph_private_key.domain(),
                                                                "KDF2(SHA-1)",
                                                                "AES-256/CBC",
                                                                32,
                                                                "HMAC(SHA-1)",
                                                                20,
                                                                comp_type,
                                                                flags);
                        check_encrypt_decrypt(
                           result, eph_private_key, other_private_key, ecies_params, 16, this->rng());
                     }
                  }
               }
            }
         }

         return result;
      }
};

BOTAN_REGISTER_TEST("pubkey", "ecies_iso", ECIES_ISO_Tests);

   #endif

class ECIES_Tests final : public Text_Based_Test {
   public:
      ECIES_Tests() :
            Text_Based_Test("pubkey/ecies.vec",
                            "Curve,PrivateKey,OtherPrivateKey,Kdf,Dem,DemKeyLen,Mac,MacKeyLen,Format,"
                            "CofactorMode,OldCofactorMode,CheckMode,SingleHashMode,Label,Plaintext,Ciphertext",
                            "Iv") {
         // In order to test cofactor handling flags some of the tests use secp112r2 which has a cofactor of 4
         // TODO(Botan4) kill it with fire
         if(Botan::EC_Group::supports_application_specific_group()) {
            auto p = Botan::BigInt::from_string("0xDB7C2ABF62E35E668076BEAD208B");
            auto a = Botan::BigInt::from_string("0x6127C24C05F38A0AAAF65C0EF02C");
            auto b = Botan::BigInt::from_string("0x51DEF1815DB5ED74FCC34C85D709");

            auto g_x = Botan::BigInt::from_string("0x4BA30AB5E892B4E1649DD0928643");
            auto g_y = Botan::BigInt::from_string("0xADCD46F5882E3747DEF36E956E97");
            auto order = Botan::BigInt::from_string("0x36DF0AAFD8B8D7597CA10520D04B");
            auto cofactor = Botan::BigInt::from_u64(4);
            m_secp112r2 = std::make_unique<Botan::EC_Group>(p, a, b, g_x, g_y, order, cofactor);
         }
      }

      bool skip_this_test(const std::string&, const VarMap& vars) override {
         const auto curve = vars.get_req_str("Curve");

         // TODO(Botan4) remove this since cofactors no longer supported
         if(curve == "secp112r2") {
            return !Botan::EC_Group::supports_application_specific_group();
         } else {
            return !Botan::EC_Group::supports_named_group(curve);
         }
      }

      Test::Result run_one_test(const std::string& /*header*/, const VarMap& vars) override {
         Test::Result result("ECIES");

         const std::string curve = vars.get_req_str("Curve");
         const Botan::BigInt private_key_value = vars.get_req_bn("PrivateKey");
         const Botan::BigInt other_private_key_value = vars.get_req_bn("OtherPrivateKey");
         const std::string kdf = vars.get_req_str("Kdf");
         const std::string dem = vars.get_req_str("Dem");
         const size_t dem_key_len = vars.get_req_sz("DemKeyLen");
         const Botan::InitializationVector iv = Botan::InitializationVector(vars.get_opt_bin("Iv"));
         const std::string mac = vars.get_req_str("Mac");
         const size_t mac_key_len = vars.get_req_sz("MacKeyLen");
         const Botan::EC_Point_Format compression_type = get_compression_type(vars.get_req_str("Format"));
         const bool cofactor_mode = vars.get_req_sz("CofactorMode") != 0;
         const bool old_cofactor_mode = vars.get_req_sz("OldCofactorMode") != 0;
         const bool check_mode = vars.get_req_sz("CheckMode") != 0;
         const bool single_hash_mode = vars.get_req_sz("SingleHashMode") != 0;
         const std::string label = vars.get_req_str("Label");
         const std::vector<uint8_t> plaintext = vars.get_req_bin("Plaintext");
         const std::vector<uint8_t> ciphertext = vars.get_req_bin("Ciphertext");

         const Flags flags = ecies_flags(cofactor_mode, old_cofactor_mode, check_mode, single_hash_mode);

         const auto group = [&]() {
            if(curve == "secp112r2") {
               return *m_secp112r2;
            } else {
               return Botan::EC_Group::from_name(curve);
            }
         }();

         const Botan::ECDH_PrivateKey private_key(this->rng(), group, private_key_value);
         const Botan::ECDH_PrivateKey other_private_key(this->rng(), group, other_private_key_value);

         const Botan::ECIES_System_Params ecies_params(
            private_key.domain(), kdf, dem, dem_key_len, mac, mac_key_len, compression_type, flags);
         check_encrypt_decrypt(
            result, private_key, other_private_key, ecies_params, iv, label, plaintext, ciphertext, this->rng());

         return result;
      }

   private:
      std::unique_ptr<Botan::EC_Group> m_secp112r2;
};

BOTAN_REGISTER_TEST("pubkey", "ecies", ECIES_Tests);

   #if defined(BOTAN_HAS_KDF1_18033) && defined(BOTAN_HAS_HMAC) && defined(BOTAN_HAS_AES) && defined(BOTAN_HAS_SHA2_64)

Test::Result test_other_key_not_set() {
   Test::Result result("ECIES other key not set");

   auto rng = Test::new_rng("ecies_other_key_not_set");

   const Flags flags = ecies_flags(false, false, false, true);
   const auto domain = Botan::EC_Group::from_name("secp521r1");

   const Botan::BigInt private_key_value(
      "405029866705438137604064977397053031159826489755682166267763407"
      "5002761777100287880684822948852132235484464537021197213998300006"
      "547176718172344447619746779823");

   const Botan::ECDH_PrivateKey private_key(*rng, domain, private_key_value);
   const Botan::ECIES_System_Params ecies_params(private_key.domain(),
                                                 "KDF1-18033(SHA-512)",
                                                 "AES-256/CBC",
                                                 32,
                                                 "HMAC(SHA-512)",
                                                 20,
                                                 Botan::EC_Point_Format::Compressed,
                                                 flags);

   Botan::ECIES_Encryptor ecies_enc(private_key, ecies_params, *rng);

   result.test_throws("encrypt not possible without setting other public key",
                      [&ecies_enc, &rng]() { ecies_enc.encrypt(std::vector<uint8_t>(8), *rng); });

   return result;
}

Test::Result test_kdf_not_found() {
   Test::Result result("ECIES kdf not found");

   auto rng = Test::new_rng("ecies_kdf_not_found");

   const Flags flags = ecies_flags(false, false, false, true);
   const auto domain = Botan::EC_Group::from_name("secp521r1");

   const Botan::BigInt private_key_value(
      "405029866705438137604064977397053031159826489755682166267763407"
      "5002761777100287880684822948852132235484464537021197213998300006"
      "547176718172344447619746779823");

   const Botan::ECDH_PrivateKey private_key(*rng, domain, private_key_value);
   const Botan::ECIES_System_Params ecies_params(private_key.domain(),
                                                 "KDF-XYZ(SHA-512)",
                                                 "AES-256/CBC",
                                                 32,
                                                 "HMAC(SHA-512)",
                                                 20,
                                                 Botan::EC_Point_Format::Compressed,
                                                 flags);

   result.test_throws("kdf not found", [&]() {
      Botan::ECIES_Encryptor ecies_enc(private_key, ecies_params, *rng);
      ecies_enc.encrypt(std::vector<uint8_t>(8), *rng);
   });

   return result;
}

Test::Result test_mac_not_found() {
   Test::Result result("ECIES mac not found");

   auto rng = Test::new_rng("ecies_mac_not_found");

   const Flags flags = ecies_flags(false, false, false, true);
   const auto domain = Botan::EC_Group::from_name("secp521r1");

   const Botan::BigInt private_key_value(
      "405029866705438137604064977397053031159826489755682166267763407"
      "5002761777100287880684822948852132235484464537021197213998300006"
      "547176718172344447619746779823");

   const Botan::ECDH_PrivateKey private_key(*rng, domain, private_key_value);
   const Botan::ECIES_System_Params ecies_params(private_key.domain(),
                                                 "KDF1-18033(SHA-512)",
                                                 "AES-256/CBC",
                                                 32,
                                                 "XYZMAC(SHA-512)",
                                                 20,
                                                 Botan::EC_Point_Format::Compressed,
                                                 flags);

   result.test_throws("mac not found", [&]() {
      Botan::ECIES_Encryptor ecies_enc(private_key, ecies_params, *rng);
      ecies_enc.encrypt(std::vector<uint8_t>(8), *rng);
   });

   return result;
}

Test::Result test_cipher_not_found() {
   Test::Result result("ECIES cipher not found");

   auto rng = Test::new_rng("ecies_cipher_not_found");

   const Flags flags = ecies_flags(false, false, false, true);
   const auto domain = Botan::EC_Group::from_name("secp521r1");

   const Botan::BigInt private_key_value(
      "405029866705438137604064977397053031159826489755682166267763407"
      "5002761777100287880684822948852132235484464537021197213998300006"
      "547176718172344447619746779823");

   const Botan::ECDH_PrivateKey private_key(*rng, domain, private_key_value);
   const Botan::ECIES_System_Params ecies_params(private_key.domain(),
                                                 "KDF1-18033(SHA-512)",
                                                 "AES-XYZ-256/CBC",
                                                 32,
                                                 "HMAC(SHA-512)",
                                                 20,
                                                 Botan::EC_Point_Format::Compressed,
                                                 flags);

   result.test_throws("cipher not found", [&]() {
      Botan::ECIES_Encryptor ecies_enc(private_key, ecies_params, *rng);
      ecies_enc.encrypt(std::vector<uint8_t>(8), *rng);
   });

   return result;
}

Test::Result test_system_params_short_ctor() {
   Test::Result result("ECIES short system params ctor");

   auto rng = Test::new_rng("ecies_params_short_ctor");

   const auto domain = Botan::EC_Group::from_name("secp521r1");
   const Botan::BigInt private_key_value(
      "405029866705438137604064977397053031159826489755682166267763407"
      "5002761777100287880684822948852132235484464537021197213998300006"
      "547176718172344447619746779823");

   const Botan::BigInt other_private_key_value(
      "2294226772740614508941417891614236736606752960073669253551166842"
      "5866095315090327914760325168219669828915074071456176066304457448"
      "25404691681749451640151380153");

   const Botan::ECDH_PrivateKey private_key(*rng, domain, private_key_value);
   const Botan::ECDH_PrivateKey other_private_key(*rng, domain, other_private_key_value);

   const Botan::ECIES_System_Params ecies_params(
      private_key.domain(), "KDF1-18033(SHA-512)", "AES-256/CBC", 32, "HMAC(SHA-512)", 16);

   const Botan::InitializationVector iv("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF");
   const std::string label = "Test";

   const std::vector<uint8_t> plaintext = Botan::hex_decode("000102030405060708090A0B0C0D0E0F");

   // generated with botan
   const std::vector<uint8_t> ciphertext = Botan::hex_decode(
      "0401519EAA0489FF9D51E98E4C22349463E2001CD06F8CE47D81D4007A"
      "79ACF98E92C814686477CEA666EFC277DC84E15FC95E38AFF8E16D478A"
      "44CD5C5F1517F8B1F300000591317F261C3D04A7207F01EAE3EC70F2360"
      "0F82C53CC0B85BE7AC9F6CE79EF2AB416E5934D61BA9D346385D7545C57F"
      "77C7EA7C58E18C70CBFB0A24AE1B9943EC5A8D0657522CCDF30BA95674D81"
      "B397635D215178CD13BD9504AE957A9888F4128FFC0F0D3F1CEC646AEC8CE"
      "3F2463D233B22A7A12B679F4C06501F584D4DEFF6D26592A8D873398BD892"
      "B477B3468813C053DA43C4F3D49009F7A12D6EF7");

   check_encrypt_decrypt(result, private_key, other_private_key, ecies_params, iv, label, plaintext, ciphertext, *rng);

   return result;
}

Test::Result test_ciphertext_too_short() {
   Test::Result result("ECIES ciphertext too short");

   const auto domain = Botan::EC_Group::from_name("secp521r1");
   const Botan::BigInt private_key_value(
      "405029866705438137604064977397053031159826489755682166267763407"
      "5002761777100287880684822948852132235484464537021197213998300006"
      "547176718172344447619746779823");

   const Botan::BigInt other_private_key_value(
      "2294226772740614508941417891614236736606752960073669253551166842"
      "5866095315090327914760325168219669828915074071456176066304457448"
      "25404691681749451640151380153");

   auto rng = Test::new_rng("ecies_ciphertext_too_short");

   const Botan::ECDH_PrivateKey private_key(*rng, domain, private_key_value);
   const Botan::ECDH_PrivateKey other_private_key(*rng, domain, other_private_key_value);

   const Botan::ECIES_System_Params ecies_params(
      private_key.domain(), "KDF1-18033(SHA-512)", "AES-256/CBC", 32, "HMAC(SHA-512)", 16);

   Botan::ECIES_Decryptor ecies_dec(other_private_key, ecies_params, *rng);

   result.test_throws("ciphertext too short",
                      [&ecies_dec]() { ecies_dec.decrypt(Botan::hex_decode("0401519EAA0489FF9D51E98E4C22349A")); });

   return result;
}

class ECIES_Unit_Tests final : public Test {
   public:
      std::vector<Test::Result> run() override {
         std::vector<Test::Result> results;

         std::vector<std::function<Test::Result()>> fns = {test_other_key_not_set,
                                                           test_kdf_not_found,
                                                           test_mac_not_found,
                                                           test_cipher_not_found,
                                                           test_system_params_short_ctor,
                                                           test_ciphertext_too_short};

         for(size_t i = 0; i != fns.size(); ++i) {
            try {
               results.emplace_back(fns[i]());
            } catch(std::exception& e) {
               results.emplace_back(Test::Result::Failure("ECIES unit tests " + std::to_string(i), e.what()));
            }
         }

         return results;
      }
};

BOTAN_REGISTER_TEST("pubkey", "ecies_unit", ECIES_Unit_Tests);

   #endif

#endif

}  // namespace

}  // namespace Botan_Tests

1	/*
2	* (C) 2016 Philipp Weber
3	* (C) 2016 Daniel Neus
4	*
5	* Botan is released under the Simplified BSD License (see license.txt)
6	*/
7
8	#include "tests.h"
9
10	#if defined(BOTAN_HAS_ECIES)
11	#include <botan/ecdh.h>
12	#include <botan/ecies.h>
13	#endif
14
15	namespace Botan_Tests {
16
17	namespace {
18
19	#if defined(BOTAN_HAS_ECIES) && defined(BOTAN_HAS_AES) && defined(BOTAN_HAS_MODE_CBC)
20
21	using Flags = Botan::ECIES_Flags;
22
23	Botan::EC_Point_Format get_compression_type(const std::string& format) {	13✔
24	if(format == "uncompressed") {	13✔
25	return Botan::EC_Point_Format::Uncompressed;
26	} else if(format == "compressed") {	6✔
27	return Botan::EC_Point_Format::Compressed;
28	} else if(format == "hybrid") {	×
29	return Botan::EC_Point_Format::Hybrid;
30	}
31	throw Botan::Invalid_Argument("invalid compression format");	×
32	}
33
34	Flags ecies_flags(bool cofactor_mode, bool old_cofactor_mode, bool check_mode, bool single_hash_mode) {	107✔
35	return (cofactor_mode ? Flags::CofactorMode : Flags::None) \|	107✔
36	(single_hash_mode ? Flags::SingleHashMode : Flags::None) \|
37	(old_cofactor_mode ? Flags::OldCofactorMode : Flags::None) \| (check_mode ? Flags::CheckMode : Flags::None);	214✔
38	}
39
40	void check_encrypt_decrypt(Test::Result& result,	60✔
41	const Botan::ECDH_PrivateKey& private_key,
42	const Botan::ECDH_PrivateKey& other_private_key,
43	const Botan::ECIES_System_Params& ecies_params,
44	const Botan::InitializationVector& iv,
45	const std::string& label,
46	const std::vector<uint8_t>& plaintext,
47	const std::vector<uint8_t>& ciphertext,
48	Botan::RandomNumberGenerator& rng) {
49	try {	60✔
50	Botan::ECIES_Encryptor ecies_enc(private_key, ecies_params, rng);	60✔
51	ecies_enc.set_other_key(	120✔
52	Botan::EC_AffinePoint(other_private_key.domain(), other_private_key.raw_public_key_bits()));	120✔
53	Botan::ECIES_Decryptor ecies_dec(other_private_key, ecies_params, rng);	60✔
54	if(!iv.bits_of().empty()) {	118✔
55	ecies_enc.set_initialization_vector(iv);	58✔
56	ecies_dec.set_initialization_vector(iv);	58✔
57	}
58	if(!label.empty()) {	60✔
59	ecies_enc.set_label(label);	10✔
60	ecies_dec.set_label(label);	10✔
61	}
62
63	const std::vector<uint8_t> encrypted = ecies_enc.encrypt(plaintext, rng);	60✔
64	if(!ciphertext.empty()) {	60✔
65	result.test_eq("encrypted data", encrypted, ciphertext);	24✔
66	}
67	const Botan::secure_vector<uint8_t> decrypted = ecies_dec.decrypt(encrypted);	60✔
68	result.test_eq("decrypted data equals plaintext", decrypted, plaintext);	120✔
69
70	std::vector<uint8_t> invalid_encrypted = encrypted;	60✔
71	uint8_t& last_byte = invalid_encrypted[invalid_encrypted.size() - 1];	60✔
72	last_byte = ~last_byte;	60✔
73	result.test_throws("throw on invalid ciphertext",	180✔
74	[&ecies_dec, &invalid_encrypted] { ecies_dec.decrypt(invalid_encrypted); });	120✔
75	} catch(Botan::Lookup_Error& e) {	180✔
76	result.test_note(std::string("Test not executed: ") + e.what());	×
77	}	×
78	}	60✔
79
80	void check_encrypt_decrypt(Test::Result& result,	48✔
81	const Botan::ECDH_PrivateKey& private_key,
82	const Botan::ECDH_PrivateKey& other_private_key,
83	const Botan::ECIES_System_Params& ecies_params,
84	size_t iv_length,
85	Botan::RandomNumberGenerator& rng) {
86	const std::vector<uint8_t> plaintext{1, 2, 3};	48✔
87	check_encrypt_decrypt(result,	96✔
88	private_key,
89	other_private_key,
90	ecies_params,
91	Botan::InitializationVector(std::vector<uint8_t>(iv_length, 0)),	144✔
92	"",
93	plaintext,
94	std::vector<uint8_t>(),	48✔
95	rng);
96	}	48✔
97
98	#if defined(BOTAN_HAS_KDF1_18033) && defined(BOTAN_HAS_SHA1)
99
100	class ECIES_ISO_Tests final : public Text_Based_Test {	×
101	public:
102	ECIES_ISO_Tests() : Text_Based_Test("pubkey/ecies-18033.vec", "format,p,a,b,Order,Gx,Gy,Oid,hx,hy,x,r,C0,K") {}	2✔
103
104	bool clear_between_callbacks() const override { return false; }	2✔
105
106	bool skip_this_test(const std::string&, const VarMap&) override {	2✔
107	return !Botan::EC_Group::supports_application_specific_group();	2✔
108	}
109
110	Test::Result run_one_test(const std::string& /header/, const VarMap& vars) override {	2✔
111	Test::Result result("ECIES-ISO");	2✔
112
113	// get test vectors defined by ISO 18033
114	const Botan::EC_Point_Format compression_type = get_compression_type(vars.get_req_str("format"));	2✔
115	const Botan::BigInt p = vars.get_req_bn("p");	2✔
116	const Botan::BigInt a = vars.get_req_bn("a");	2✔
117	const Botan::BigInt b = vars.get_req_bn("b");	2✔
118	const Botan::BigInt order = vars.get_req_bn("Order"); // order	2✔
119	const Botan::BigInt gx = vars.get_req_bn("Gx"); // base point x	2✔
120	const Botan::BigInt gy = vars.get_req_bn("Gy"); // base point y	2✔
121	const Botan::OID oid(vars.get_req_str("Oid"));	4✔
122	const Botan::BigInt hx = vars.get_req_bn("hx"); // x of public point of bob	2✔
123	const Botan::BigInt hy = vars.get_req_bn("hy"); // y of public point of bob	2✔
124	const Botan::BigInt x = vars.get_req_bn("x"); // private key of bob	2✔
125	const Botan::BigInt r = vars.get_req_bn("r"); // (ephemeral) private key of alice	2✔
126	const std::vector<uint8_t> c0 = vars.get_req_bin("C0"); // expected encoded (ephemeral) public key	2✔
127	const std::vector<uint8_t> k = vars.get_req_bin("K"); // expected derived secret	2✔
128
129	const Botan::EC_Group domain(oid, p, a, b, gx, gy, order);	2✔
130
131	// keys of bob
132	const Botan::ECDH_PrivateKey other_private_key(this->rng(), domain, x);	2✔
133	const auto other_public_key_point = Botan::EC_AffinePoint::from_bigint_xy(domain, hx, hy).value();	4✔
134	const Botan::ECDH_PublicKey other_public_key(domain, other_public_key_point);	2✔
135
136	// (ephemeral) keys of alice
137	const Botan::ECDH_PrivateKey eph_private_key(this->rng(), domain, r);	2✔
138	const auto eph_public_key_bin = eph_private_key.public_value(compression_type);	2✔
139	result.test_eq("encoded (ephemeral) public key", eph_public_key_bin, c0);	4✔
140
141	// test secret derivation: ISO 18033 test vectors use KDF1 from ISO 18033
142	// no cofactor-/oldcofactor-/singlehash-/check-mode and 128 byte secret length
143	Botan::ECIES_KA_Params ka_params(	2✔
144	eph_private_key.domain(), "KDF1-18033(SHA-1)", 128, compression_type, Flags::None);	2✔
145	const Botan::ECIES_KA_Operation ka(eph_private_key, ka_params, true, this->rng());	2✔
146	const Botan::SymmetricKey secret_key = ka.derive_secret(eph_public_key_bin, other_public_key_point);	2✔
147	result.test_eq("derived secret key", secret_key.bits_of(), k);	4✔
148
149	// test encryption / decryption
150
151	// TODO(Botan4) clean this up after removing cofactor support
152
153	for(auto comp_type : {Botan::EC_Point_Format::Uncompressed,	6✔
154	Botan::EC_Point_Format::Compressed,
155	Botan::EC_Point_Format::Hybrid}) {	8✔
156	for(bool cofactor_mode : {true, false}) {	18✔
157	for(bool single_hash_mode : {true, false}) {	36✔
158	for(bool old_cofactor_mode : {true, false}) {	72✔
159	for(bool check_mode : {true, false}) {	144✔
160	Flags flags = ecies_flags(cofactor_mode, old_cofactor_mode, check_mode, single_hash_mode);	96✔
161
162	if(size_t(cofactor_mode) + size_t(check_mode) + size_t(old_cofactor_mode) > 1) {	96✔
163	auto onThrow = [&]() {	96✔
164	Botan::ECIES_System_Params(eph_private_key.domain(),	48✔
165	"KDF2(SHA-1)",
166	"AES-256/CBC",
167	32,
168	"HMAC(SHA-1)",
169	20,
170	comp_type,
171	flags);
172	};	48✔
173	result.test_throws("throw on invalid ECIES_Flags", onThrow);	96✔
174	continue;	48✔
175	}	48✔
176
177	Botan::ECIES_System_Params ecies_params(eph_private_key.domain(),	48✔
178	"KDF2(SHA-1)",
179	"AES-256/CBC",
180	32,
181	"HMAC(SHA-1)",
182	20,
183	comp_type,
184	flags);	48✔
185	check_encrypt_decrypt(	48✔
186	result, eph_private_key, other_private_key, ecies_params, 16, this->rng());
187	}	48✔
188	}
189	}
190	}
191	}
192
193	return result;	4✔
194	}	10✔
195	};
196
197	BOTAN_REGISTER_TEST("pubkey", "ecies_iso", ECIES_ISO_Tests);
198
199	#endif
200
201	class ECIES_Tests final : public Text_Based_Test {
202	public:
203	ECIES_Tests() :	1✔
204	Text_Based_Test("pubkey/ecies.vec",
205	"Curve,PrivateKey,OtherPrivateKey,Kdf,Dem,DemKeyLen,Mac,MacKeyLen,Format,"
206	"CofactorMode,OldCofactorMode,CheckMode,SingleHashMode,Label,Plaintext,Ciphertext",
207	"Iv") {	2✔
208	// In order to test cofactor handling flags some of the tests use secp112r2 which has a cofactor of 4
209	// TODO(Botan4) kill it with fire
210	if(Botan::EC_Group::supports_application_specific_group()) {	1✔
211	auto p = Botan::BigInt::from_string("0xDB7C2ABF62E35E668076BEAD208B");	1✔
212	auto a = Botan::BigInt::from_string("0x6127C24C05F38A0AAAF65C0EF02C");	1✔
213	auto b = Botan::BigInt::from_string("0x51DEF1815DB5ED74FCC34C85D709");	1✔
214
215	auto g_x = Botan::BigInt::from_string("0x4BA30AB5E892B4E1649DD0928643");	1✔
216	auto g_y = Botan::BigInt::from_string("0xADCD46F5882E3747DEF36E956E97");	1✔
217	auto order = Botan::BigInt::from_string("0x36DF0AAFD8B8D7597CA10520D04B");	1✔
218	auto cofactor = Botan::BigInt::from_u64(4);	1✔
219	m_secp112r2 = std::make_unique<Botan::EC_Group>(p, a, b, g_x, g_y, order, cofactor);	1✔
220	}	1✔
221	}	1✔
222
223	bool skip_this_test(const std::string&, const VarMap& vars) override {	12✔
224	const auto curve = vars.get_req_str("Curve");	12✔
225
226	// TODO(Botan4) remove this since cofactors no longer supported
227	if(curve == "secp112r2") {	12✔
228	return !Botan::EC_Group::supports_application_specific_group();	4✔
229	} else {
230	return !Botan::EC_Group::supports_named_group(curve);	8✔
231	}
232	}	12✔
233
234	Test::Result run_one_test(const std::string& /header/, const VarMap& vars) override {	11✔
235	Test::Result result("ECIES");	11✔
236
237	const std::string curve = vars.get_req_str("Curve");	11✔
238	const Botan::BigInt private_key_value = vars.get_req_bn("PrivateKey");	11✔
239	const Botan::BigInt other_private_key_value = vars.get_req_bn("OtherPrivateKey");	11✔
240	const std::string kdf = vars.get_req_str("Kdf");	11✔
241	const std::string dem = vars.get_req_str("Dem");	11✔
242	const size_t dem_key_len = vars.get_req_sz("DemKeyLen");	11✔
243	const Botan::InitializationVector iv = Botan::InitializationVector(vars.get_opt_bin("Iv"));	20✔
244	const std::string mac = vars.get_req_str("Mac");	11✔
245	const size_t mac_key_len = vars.get_req_sz("MacKeyLen");	11✔
246	const Botan::EC_Point_Format compression_type = get_compression_type(vars.get_req_str("Format"));	11✔
247	const bool cofactor_mode = vars.get_req_sz("CofactorMode") != 0;	11✔
248	const bool old_cofactor_mode = vars.get_req_sz("OldCofactorMode") != 0;	11✔
249	const bool check_mode = vars.get_req_sz("CheckMode") != 0;	11✔
250	const bool single_hash_mode = vars.get_req_sz("SingleHashMode") != 0;	11✔
251	const std::string label = vars.get_req_str("Label");	11✔
252	const std::vector<uint8_t> plaintext = vars.get_req_bin("Plaintext");	11✔
253	const std::vector<uint8_t> ciphertext = vars.get_req_bin("Ciphertext");	11✔
254
255	const Flags flags = ecies_flags(cofactor_mode, old_cofactor_mode, check_mode, single_hash_mode);	11✔
256
257	const auto group = [&]() {	×
258	if(curve == "secp112r2") {	11✔
259	return *m_secp112r2;	4✔
260	} else {
261	return Botan::EC_Group::from_name(curve);	7✔
262	}
263	}();	11✔
264
265	const Botan::ECDH_PrivateKey private_key(this->rng(), group, private_key_value);	11✔
266	const Botan::ECDH_PrivateKey other_private_key(this->rng(), group, other_private_key_value);	11✔
267
268	const Botan::ECIES_System_Params ecies_params(	11✔
269	private_key.domain(), kdf, dem, dem_key_len, mac, mac_key_len, compression_type, flags);	11✔
270	check_encrypt_decrypt(	11✔
271	result, private_key, other_private_key, ecies_params, iv, label, plaintext, ciphertext, this->rng());
272
273	return result;	22✔
274	}	42✔
275
276	private:
277	std::unique_ptr<Botan::EC_Group> m_secp112r2;
278	};
279
280	BOTAN_REGISTER_TEST("pubkey", "ecies", ECIES_Tests);
281
282	#if defined(BOTAN_HAS_KDF1_18033) && defined(BOTAN_HAS_HMAC) && defined(BOTAN_HAS_AES) && defined(BOTAN_HAS_SHA2_64)
283
284	Test::Result test_other_key_not_set() {	1✔
285	Test::Result result("ECIES other key not set");	1✔
286
287	auto rng = Test::new_rng("ecies_other_key_not_set");	1✔
288
289	const Flags flags = ecies_flags(false, false, false, true);	1✔
290	const auto domain = Botan::EC_Group::from_name("secp521r1");	1✔
291
292	const Botan::BigInt private_key_value(	1✔
293	"405029866705438137604064977397053031159826489755682166267763407"
294	"5002761777100287880684822948852132235484464537021197213998300006"
295	"547176718172344447619746779823");	1✔
296
297	const Botan::ECDH_PrivateKey private_key(*rng, domain, private_key_value);	1✔
298	const Botan::ECIES_System_Params ecies_params(private_key.domain(),	1✔
299	"KDF1-18033(SHA-512)",
300	"AES-256/CBC",
301	32,
302	"HMAC(SHA-512)",
303	20,
304	Botan::EC_Point_Format::Compressed,
305	flags);	1✔
306
307	Botan::ECIES_Encryptor ecies_enc(private_key, ecies_params, *rng);	1✔
308
309	result.test_throws("encrypt not possible without setting other public key",	2✔
310	[&ecies_enc, &rng]() { ecies_enc.encrypt(std::vector<uint8_t>(8), *rng); });	2✔
311
312	return result;	2✔
313	}	2✔
314
315	Test::Result test_kdf_not_found() {	1✔
316	Test::Result result("ECIES kdf not found");	1✔
317
318	auto rng = Test::new_rng("ecies_kdf_not_found");	1✔
319
320	const Flags flags = ecies_flags(false, false, false, true);	1✔
321	const auto domain = Botan::EC_Group::from_name("secp521r1");	1✔
322
323	const Botan::BigInt private_key_value(	1✔
324	"405029866705438137604064977397053031159826489755682166267763407"
325	"5002761777100287880684822948852132235484464537021197213998300006"
326	"547176718172344447619746779823");	1✔
327
328	const Botan::ECDH_PrivateKey private_key(*rng, domain, private_key_value);	1✔
329	const Botan::ECIES_System_Params ecies_params(private_key.domain(),	1✔
330	"KDF-XYZ(SHA-512)",
331	"AES-256/CBC",
332	32,
333	"HMAC(SHA-512)",
334	20,
335	Botan::EC_Point_Format::Compressed,
336	flags);	1✔
337
338	result.test_throws("kdf not found", [&]() {	2✔
339	Botan::ECIES_Encryptor ecies_enc(private_key, ecies_params, *rng);	1✔
340	ecies_enc.encrypt(std::vector<uint8_t>(8), *rng);	2✔
341	});	1✔
342
343	return result;	2✔
344	}	2✔
345
346	Test::Result test_mac_not_found() {	1✔
347	Test::Result result("ECIES mac not found");	1✔
348
349	auto rng = Test::new_rng("ecies_mac_not_found");	1✔
350
351	const Flags flags = ecies_flags(false, false, false, true);	1✔
352	const auto domain = Botan::EC_Group::from_name("secp521r1");	1✔
353
354	const Botan::BigInt private_key_value(	1✔
355	"405029866705438137604064977397053031159826489755682166267763407"
356	"5002761777100287880684822948852132235484464537021197213998300006"
357	"547176718172344447619746779823");	1✔
358
359	const Botan::ECDH_PrivateKey private_key(*rng, domain, private_key_value);	1✔
360	const Botan::ECIES_System_Params ecies_params(private_key.domain(),	1✔
361	"KDF1-18033(SHA-512)",
362	"AES-256/CBC",
363	32,
364	"XYZMAC(SHA-512)",
365	20,
366	Botan::EC_Point_Format::Compressed,
367	flags);	1✔
368
369	result.test_throws("mac not found", [&]() {	2✔
370	Botan::ECIES_Encryptor ecies_enc(private_key, ecies_params, *rng);	1✔
371	ecies_enc.encrypt(std::vector<uint8_t>(8), *rng);	×
372	});	×
373
374	return result;	2✔
375	}	2✔
376
377	Test::Result test_cipher_not_found() {	1✔
378	Test::Result result("ECIES cipher not found");	1✔
379
380	auto rng = Test::new_rng("ecies_cipher_not_found");	1✔
381
382	const Flags flags = ecies_flags(false, false, false, true);	1✔
383	const auto domain = Botan::EC_Group::from_name("secp521r1");	1✔
384
385	const Botan::BigInt private_key_value(	1✔
386	"405029866705438137604064977397053031159826489755682166267763407"
387	"5002761777100287880684822948852132235484464537021197213998300006"
388	"547176718172344447619746779823");	1✔
389
390	const Botan::ECDH_PrivateKey private_key(*rng, domain, private_key_value);	1✔
391	const Botan::ECIES_System_Params ecies_params(private_key.domain(),	1✔
392	"KDF1-18033(SHA-512)",
393	"AES-XYZ-256/CBC",
394	32,
395	"HMAC(SHA-512)",
396	20,
397	Botan::EC_Point_Format::Compressed,
398	flags);	1✔
399
400	result.test_throws("cipher not found", [&]() {	2✔
401	Botan::ECIES_Encryptor ecies_enc(private_key, ecies_params, *rng);	1✔
402	ecies_enc.encrypt(std::vector<uint8_t>(8), *rng);	×
403	});	×
404
405	return result;	1✔
406	}	1✔
407
408	Test::Result test_system_params_short_ctor() {	1✔
409	Test::Result result("ECIES short system params ctor");	1✔
410
411	auto rng = Test::new_rng("ecies_params_short_ctor");	1✔
412
413	const auto domain = Botan::EC_Group::from_name("secp521r1");	1✔
414	const Botan::BigInt private_key_value(	1✔
415	"405029866705438137604064977397053031159826489755682166267763407"
416	"5002761777100287880684822948852132235484464537021197213998300006"
417	"547176718172344447619746779823");	1✔
418
419	const Botan::BigInt other_private_key_value(	1✔
420	"2294226772740614508941417891614236736606752960073669253551166842"
421	"5866095315090327914760325168219669828915074071456176066304457448"
422	"25404691681749451640151380153");	1✔
423
424	const Botan::ECDH_PrivateKey private_key(*rng, domain, private_key_value);	1✔
425	const Botan::ECDH_PrivateKey other_private_key(*rng, domain, other_private_key_value);	1✔
426
427	const Botan::ECIES_System_Params ecies_params(	1✔
428	private_key.domain(), "KDF1-18033(SHA-512)", "AES-256/CBC", 32, "HMAC(SHA-512)", 16);	1✔
429
430	const Botan::InitializationVector iv("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF");	1✔
431	const std::string label = "Test";	1✔
432
433	const std::vector<uint8_t> plaintext = Botan::hex_decode("000102030405060708090A0B0C0D0E0F");	1✔
434
435	// generated with botan
436	const std::vector<uint8_t> ciphertext = Botan::hex_decode(	1✔
437	"0401519EAA0489FF9D51E98E4C22349463E2001CD06F8CE47D81D4007A"
438	"79ACF98E92C814686477CEA666EFC277DC84E15FC95E38AFF8E16D478A"
439	"44CD5C5F1517F8B1F300000591317F261C3D04A7207F01EAE3EC70F2360"
440	"0F82C53CC0B85BE7AC9F6CE79EF2AB416E5934D61BA9D346385D7545C57F"
441	"77C7EA7C58E18C70CBFB0A24AE1B9943EC5A8D0657522CCDF30BA95674D81"
442	"B397635D215178CD13BD9504AE957A9888F4128FFC0F0D3F1CEC646AEC8CE"
443	"3F2463D233B22A7A12B679F4C06501F584D4DEFF6D26592A8D873398BD892"
444	"B477B3468813C053DA43C4F3D49009F7A12D6EF7");	1✔
445
446	check_encrypt_decrypt(result, private_key, other_private_key, ecies_params, iv, label, plaintext, ciphertext, *rng);	1✔
447
448	return result;	1✔
449	}	4✔
450
451	Test::Result test_ciphertext_too_short() {	1✔
452	Test::Result result("ECIES ciphertext too short");	1✔
453
454	const auto domain = Botan::EC_Group::from_name("secp521r1");	1✔
455	const Botan::BigInt private_key_value(	1✔
456	"405029866705438137604064977397053031159826489755682166267763407"
457	"5002761777100287880684822948852132235484464537021197213998300006"
458	"547176718172344447619746779823");	1✔
459
460	const Botan::BigInt other_private_key_value(	1✔
461	"2294226772740614508941417891614236736606752960073669253551166842"
462	"5866095315090327914760325168219669828915074071456176066304457448"
463	"25404691681749451640151380153");	1✔
464
465	auto rng = Test::new_rng("ecies_ciphertext_too_short");	1✔
466
467	const Botan::ECDH_PrivateKey private_key(*rng, domain, private_key_value);	1✔
468	const Botan::ECDH_PrivateKey other_private_key(*rng, domain, other_private_key_value);	1✔
469
470	const Botan::ECIES_System_Params ecies_params(	1✔
471	private_key.domain(), "KDF1-18033(SHA-512)", "AES-256/CBC", 32, "HMAC(SHA-512)", 16);	1✔
472
473	Botan::ECIES_Decryptor ecies_dec(other_private_key, ecies_params, *rng);	1✔
474
475	result.test_throws("ciphertext too short",	2✔
476	[&ecies_dec]() { ecies_dec.decrypt(Botan::hex_decode("0401519EAA0489FF9D51E98E4C22349A")); });	2✔
477
478	return result;	1✔
479	}	2✔
480
481	class ECIES_Unit_Tests final : public Test {	×
482	public:
483	std::vector<Test::Result> run() override {	1✔
484	std::vector<Test::Result> results;	1✔
485
486	std::vector<std::function<Test::Result()>> fns = {test_other_key_not_set,	1✔
487	test_kdf_not_found,
488	test_mac_not_found,
489	test_cipher_not_found,
490	test_system_params_short_ctor,
491	test_ciphertext_too_short};	7✔
492
493	for(size_t i = 0; i != fns.size(); ++i) {	7✔
494	try {	6✔
495	results.emplace_back(fns[i]());	12✔
496	} catch(std::exception& e) {	×
497	results.emplace_back(Test::Result::Failure("ECIES unit tests " + std::to_string(i), e.what()));	×
498	}	×
499	}
500
501	return results;	1✔
502	}	2✔
503	};
504
505	BOTAN_REGISTER_TEST("pubkey", "ecies_unit", ECIES_Unit_Tests);
506
507	#endif
508
509	#endif
510
511	} // namespace
512
513	} // namespace Botan_Tests

randombit / botan / 13345891044

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous