def test_dh():
a_rng = botan2.rng('user')
b_rng = botan2.rng('user')
for dh_grp in ['secp256r1', 'curve25519']:
dh_kdf = 'KDF2(SHA-384)'.encode('utf-8')
a_dh_priv = botan2.private_key('ecdh', dh_grp, botan2.rng())
b_dh_priv = botan2.private_key('ecdh', dh_grp, botan2.rng())
a_dh = botan2.pk_op_key_agreement(a_dh_priv, dh_kdf)
b_dh = botan2.pk_op_key_agreement(b_dh_priv, dh_kdf)
a_dh_pub = a_dh.public_value()
b_dh_pub = b_dh.public_value()
a_salt = a_rng.get(8)
b_salt = b_rng.get(8)
print("ecdh %s pubs:\n %s (salt %s)\n %s (salt %s)\n" %
(dh_grp,
hex_encode(a_dh_pub), hex_encode(a_salt),
hex_encode(b_dh_pub), hex_encode(b_salt)))
a_key = a_dh.agree(b_dh_pub, 32, a_salt + b_salt)
b_key = b_dh.agree(a_dh_pub, 32, a_salt + b_salt)
print("ecdh %s shared:\n %s\n %s\n" %
(dh_grp, hex_encode(a_key), hex_encode(b_key)))
def test_mceliece():
mce_priv = botan2.private_key('mce', [2960, 57], botan2.rng())
mce_pub = mce_priv.get_public_key()
mce_plaintext = 'mce plaintext'
mce_ad = 'mce AD'
mce_ciphertext = botan2.mceies_encrypt(mce_pub, botan2.rng(), 'ChaCha20Poly1305', mce_plaintext, mce_ad)
print("mceies len(pt)=%d len(ct)=%d" % (len(mce_plaintext), len(mce_ciphertext)))
mce_decrypt = botan2.mceies_decrypt(mce_priv, 'ChaCha20Poly1305', mce_ciphertext, mce_ad)
print(" mceies plaintext \'%s\' (%d)" % (mce_plaintext, len(mce_plaintext)))
# Since mceies_decrypt() returns bytes in Python3, the following line
# needs .decode('utf-8') to convert mce_decrypt from bytes to a
# text string (Unicode).
# You don't need to add .decode() if
# (a) your expected output is bytes rather than a text string, or
# (b) you are using Python2 rather than Python3.
print(" mceies decrypted \'%s\' (%d)" % (mce_decrypt.decode('utf-8'), len(mce_decrypt)))
print("mce_pub %s/SHA-1 fingerprint: %s\nEstimated strength %s bits (len %d)\n" % (
mce_pub.algo_name(), mce_pub.fingerprint("SHA-1"),
mce_pub.estimated_strength(), len(mce_pub.encoding())
))
def test_dh():
a_rng = botan2.rng('user')
b_rng = botan2.rng('user')
for dh_grp in ['secp256r1', 'curve25519']:
dh_kdf = 'KDF2(SHA-384)'.encode('utf-8')
a_dh_priv = botan2.private_key('ecdh', dh_grp, botan2.rng())
b_dh_priv = botan2.private_key('ecdh', dh_grp, botan2.rng())
a_dh = botan2.pk_op_key_agreement(a_dh_priv, dh_kdf)
b_dh = botan2.pk_op_key_agreement(b_dh_priv, dh_kdf)
a_dh_pub = a_dh.public_value()
b_dh_pub = b_dh.public_value()
a_salt = a_rng.get(8)
b_salt = b_rng.get(8)
print("ecdh %s pubs:\n %s (salt %s)\n %s (salt %s)\n" %
(dh_grp,
hex_encode(a_dh_pub), hex_encode(a_salt),
hex_encode(b_dh_pub), hex_encode(b_salt)))
a_key = a_dh.agree(b_dh_pub, 32, a_salt + b_salt)
b_key = b_dh.agree(a_dh_pub, 32, a_salt + b_salt)
print("ecdh %s shared:\n %s\n %s\n" %
(dh_grp, hex_encode(a_key), hex_encode(b_key)))
def test_mceliece():
mce_priv = botan2.private_key('mce', [2960, 57], botan2.rng())
mce_pub = mce_priv.get_public_key()
mce_plaintext = 'mce plaintext'
mce_ad = 'mce AD'
mce_ciphertext = botan2.mceies_encrypt(mce_pub, botan2.rng(), 'ChaCha20Poly1305', mce_plaintext, mce_ad)
print("mceies len(pt)=%d len(ct)=%d" % (len(mce_plaintext), len(mce_ciphertext)))
mce_decrypt = botan2.mceies_decrypt(mce_priv, 'ChaCha20Poly1305', mce_ciphertext, mce_ad)
print(" mceies plaintext \'%s\' (%d)" % (mce_plaintext, len(mce_plaintext)))
# Since mceies_decrypt() returns bytes in Python3, the following line
# needs .decode('utf-8') to convert mce_decrypt from bytes to a
# text string (Unicode).
# You don't need to add .decode() if
# (a) your expected output is bytes rather than a text string, or
# (b) you are using Python2 rather than Python3.
print(" mceies decrypted \'%s\' (%d)" % (mce_decrypt.decode('utf-8'), len(mce_decrypt)))
print("mce_pub %s/SHA-1 fingerprint: %s\nEstimated strength %s bits (len %d)\n" % (
mce_pub.algo_name(), mce_pub.fingerprint("SHA-1"),
mce_pub.estimated_strength(), len(mce_pub.encoding())
))
def test_mceliece(self):
rng = botan2.rng()
mce_priv = botan2.private_key('mce', [2960, 57], rng)
mce_pub = mce_priv.get_public_key()
self.assertEqual(mce_pub.estimated_strength(), 128)
mce_plaintext = rng.get(16)
mce_ad = rng.get(48)
mce_ciphertext = botan2.mceies_encrypt(mce_pub, botan2.rng(), 'ChaCha20Poly1305', mce_plaintext, mce_ad)
mce_decrypt = botan2.mceies_decrypt(mce_priv, 'ChaCha20Poly1305', mce_ciphertext, mce_ad)
self.assertEqual(mce_plaintext, mce_decrypt)
def test_cipher():
for mode in ['AES-128/CTR-BE', 'Serpent/GCM', 'ChaCha20Poly1305']:
enc = botan2.cipher(mode, encrypt=True)
(kmin, kmax) = enc.key_length()
print("%s: default nonce=%d update_size=%d key_min=%d key_max=%d" %
(mode, enc.default_nonce_length(), enc.update_granularity(), kmin, kmax))
rng = botan2.rng()
iv = rng.get(enc.default_nonce_length())
key = rng.get(kmax)
pt = rng.get(21)
print(" plaintext %s (%d)" % (hex_encode(pt), len(pt)))
enc.set_key(key)
enc.start(iv)
update_result = enc.update('')
assert not update_result
ct = enc.finish(pt)
print(" ciphertext %s (%d)" % (hex_encode(ct), len(ct)))
dec = botan2.cipher(mode, encrypt=False)
dec.set_key(key)
dec.start(iv)
decrypted = dec.finish(ct)
print(" decrypted %s (%d)\n" % (hex_encode(decrypted), len(decrypted)))
def test_cipher():
for mode in ['AES-128/CTR-BE', 'Serpent/GCM', 'ChaCha20Poly1305']:
enc = botan2.cipher(mode, encrypt=True)
(kmin, kmax) = enc.key_length()
print("%s: default nonce=%d update_size=%d key_min=%d key_max=%d" %
(mode, enc.default_nonce_length(), enc.update_granularity(), kmin, kmax))
rng = botan2.rng()
iv = rng.get(enc.default_nonce_length())
key = rng.get(kmax)
pt = rng.get(21)
print(" plaintext %s (%d)" % (hex_encode(pt), len(pt)))
enc.set_key(key)
enc.start(iv)
update_result = enc.update('')
assert not update_result
ct = enc.finish(pt)
print(" ciphertext %s (%d)" % (hex_encode(ct), len(ct)))
dec = botan2.cipher(mode, encrypt=False)
dec.set_key(key)
dec.start(iv)
decrypted = dec.finish(ct)
print(" decrypted %s (%d)\n" % (hex_encode(decrypted), len(decrypted)))
def test_cipher(self):
for mode in ['AES-128/CTR-BE', 'Serpent/GCM', 'ChaCha20Poly1305']:
enc = botan2.cipher(mode, encrypt=True)
if mode == 'AES-128/CTR-BE':
self.assertEqual(enc.algo_name(), 'CTR-BE(AES-128)')
elif mode == 'Serpent/GCM':
self.assertEqual(enc.algo_name(), 'Serpent/GCM(16)')
else:
self.assertEqual(enc.algo_name(), mode)
(kmin, kmax) = enc.key_length()
self.assertTrue(kmin <= kmax)
rng = botan2.rng()
iv = rng.get(enc.default_nonce_length())
key = rng.get(kmax)
pt = rng.get(21)
enc.set_key(key)
enc.start(iv)
update_result = enc.update('')
assert not update_result
ct = enc.finish(pt)
dec = botan2.cipher(mode, encrypt=False)
dec.set_key(key)
dec.start(iv)
decrypted = dec.finish(ct)
self.assertEqual(decrypted, pt)
def test_rng():
user_rng = botan2.rng("user")
print("rng output:\n\t%s\n\t%s\n\t%s\n" %
(hex_encode(user_rng.get(42)),
hex_encode(user_rng.get(13)),
hex_encode(user_rng.get(9))))
def test_bcrypt():
print("Testing Bcrypt...")
r = botan2.rng()
phash = botan2.bcrypt('testing', r)
print("bcrypt returned %s (%d bytes)" % (hex_encode(phash), len(phash)))
print("validating the hash produced: %r" % (botan2.check_bcrypt('testing', phash)))
print("\n")
def test_rng():
user_rng = botan2.rng("user")
print("rng output:\n\t%s\n\t%s\n\t%s\n" %
(hex_encode(user_rng.get(42)),
hex_encode(user_rng.get(13)),
hex_encode(user_rng.get(9))))
def test_bcrypt():
print("Testing Bcrypt...")
r = botan2.rng()
phash = botan2.bcrypt('testing', r)
print("bcrypt returned %s (%d bytes)" % (hex_encode(phash), len(phash)))
print("validating the hash produced: %r" % (botan2.check_bcrypt('testing', phash)))
print("\n")
def test_mceliece(self):
rng = botan2.rng()
mce_priv = botan2.private_key('mce', [2960, 57], rng)
mce_pub = mce_priv.get_public_key()
self.assertEqual(mce_pub.estimated_strength(), 128)
mce_plaintext = rng.get(16)
mce_ad = rng.get(48)
mce_ciphertext = botan2.mceies_encrypt(mce_pub, botan2.rng(),
'ChaCha20Poly1305',
mce_plaintext, mce_ad)
mce_decrypt = botan2.mceies_decrypt(mce_priv, 'ChaCha20Poly1305',
mce_ciphertext, mce_ad)
self.assertEqual(mce_plaintext, mce_decrypt)
def test_cipher(self):
for mode in ['AES-128/CTR-BE', 'Serpent/GCM', 'ChaCha20Poly1305']:
enc = botan2.cipher(mode, encrypt=True)
if mode == 'AES-128/CTR-BE':
self.assertEqual(enc.algo_name(), 'CTR-BE(AES-128)')
elif mode == 'Serpent/GCM':
self.assertEqual(enc.algo_name(), 'Serpent/GCM(16)')
else:
self.assertEqual(enc.algo_name(), mode)
(kmin, kmax) = enc.key_length()
self.assertTrue(kmin <= kmax)
rng = botan2.rng()
iv = rng.get(enc.default_nonce_length())
key = rng.get(kmax)
pt = rng.get(21)
enc.set_key(key)
enc.start(iv)
update_result = enc.update('')
assert not update_result
ct = enc.finish(pt)
dec = botan2.cipher(mode, encrypt=False)
dec.set_key(key)
dec.start(iv)
decrypted = dec.finish(ct)
self.assertEqual(decrypted, pt)
def test_rng(self):
user_rng = botan2.rng("user")
output1 = user_rng.get(32)
output2 = user_rng.get(32)
self.assertEqual(len(output1), 32)
self.assertEqual(len(output2), 32)
self.assertNotEqual(output1, output2)
output3 = user_rng.get(1021)
self.assertEqual(len(output3), 1021)
system_rng = botan2.rng('system')
user_rng.reseed_from_rng(system_rng, 256)
user_rng.add_entropy('seed material...')
def test_rng(self):
user_rng = botan2.rng("user")
output1 = user_rng.get(32)
output2 = user_rng.get(32)
self.assertEqual(len(output1), 32)
self.assertEqual(len(output2), 32)
self.assertNotEqual(output1, output2)
output3 = user_rng.get(1021)
self.assertEqual(len(output3), 1021)
system_rng = botan2.rng('system')
user_rng.reseed_from_rng(system_rng, 256)
user_rng.add_entropy('seed material...')
def test_bcrypt(self):
r = botan2.rng()
phash = botan2.bcrypt('testing', r)
self.assertTrue(isinstance(phash, str))
self.assertTrue(phash.startswith("$2a$"))
self.assertTrue(botan2.check_bcrypt('testing', phash))
self.assertFalse(botan2.check_bcrypt('live fire', phash))
self.assertTrue(botan2.check_bcrypt('test', '$2a$04$wjen1fAA.UW6UxthpKK.huyOoxvCR7ATRCVC4CBIEGVDOCtr8Oj1C'))
def test_dh(self):
a_rng = botan2.rng('user')
b_rng = botan2.rng('user')
for dh_grp in ['secp256r1', 'curve25519']:
dh_kdf = 'KDF2(SHA-384)'.encode('utf-8')
a_dh_priv = botan2.private_key('ecdh', dh_grp, a_rng)
b_dh_priv = botan2.private_key('ecdh', dh_grp, b_rng)
a_dh = botan2.pk_op_key_agreement(a_dh_priv, dh_kdf)
b_dh = botan2.pk_op_key_agreement(b_dh_priv, dh_kdf)
a_dh_pub = a_dh.public_value()
b_dh_pub = b_dh.public_value()
salt = a_rng.get(8) + b_rng.get(8)
a_key = a_dh.agree(b_dh_pub, 32, salt)
b_key = b_dh.agree(a_dh_pub, 32, salt)
self.assertEqual(a_key, b_key)
def test_rng(self):
user_rng = botan2.rng("user")
output1 = user_rng.get(32)
output2 = user_rng.get(32)
self.assertEqual(len(output1), 32)
self.assertEqual(len(output2), 32)
self.assertNotEqual(output1, output2)
output3 = user_rng.get(1021)
self.assertEqual(len(output3), 1021)
def test_dh(self):
a_rng = botan2.rng('user')
b_rng = botan2.rng('user')
for dh_grp in ['secp256r1', 'curve25519']:
dh_kdf = 'KDF2(SHA-384)'.encode('utf-8')
a_dh_priv = botan2.private_key('ecdh', dh_grp, a_rng)
b_dh_priv = botan2.private_key('ecdh', dh_grp, b_rng)
a_dh = botan2.pk_op_key_agreement(a_dh_priv, dh_kdf)
b_dh = botan2.pk_op_key_agreement(b_dh_priv, dh_kdf)
a_dh_pub = a_dh.public_value()
b_dh_pub = b_dh.public_value()
salt = a_rng.get(8) + b_rng.get(8)
a_key = a_dh.agree(b_dh_pub, 32, salt)
b_key = b_dh.agree(a_dh_pub, 32, salt)
self.assertEqual(a_key, b_key)
def test_rsa():
rsapriv = botan2.private_key('rsa', 1536, botan2.rng())
rsapub = rsapriv.get_public_key()
print("rsapub %s SHA-1 fingerprint: %s estimated strength %d (len %d)" % (
rsapub.algo_name(), rsapub.fingerprint("SHA-1"),
rsapub.estimated_strength(), len(rsapub.encoding())
))
dec = botan2.pk_op_decrypt(rsapriv, "EME1(SHA-256)")
enc = botan2.pk_op_encrypt(rsapub, "EME1(SHA-256)")
sys_rng = botan2.rng()
symkey = sys_rng.get(32)
ctext = enc.encrypt(symkey, sys_rng)
print("ptext \'%s\' (%d)" % (hex_encode(symkey), len(symkey)))
print("ctext \'%s\' (%d)" % (hex_encode(ctext), len(ctext)))
print("decrypt \'%s\' (%d)\n" % (hex_encode(dec.decrypt(ctext)),
len(dec.decrypt(ctext))))
signer = botan2.pk_op_sign(rsapriv, 'EMSA4(SHA-384)')
signer.update('messa')
signer.update('ge')
sig = signer.finish(botan2.rng())
print("EMSA4(SHA-384) signature: %s" % hex_encode(sig))
verify = botan2.pk_op_verify(rsapub, 'EMSA4(SHA-384)')
verify.update('mess')
verify.update('age')
print("good sig accepted? %s" % verify.check_signature(sig))
verify.update('mess of things')
verify.update('age')
print("bad sig accepted? %s" % verify.check_signature(sig))
verify.update('message')
print("good sig accepted? %s\n" % verify.check_signature(sig))
def test_rsa():
rsapriv = botan2.private_key('rsa', 1536, botan2.rng())
rsapub = rsapriv.get_public_key()
print("rsapub %s SHA-1 fingerprint: %s estimated strength %d (len %d)" % (
rsapub.algo_name(), rsapub.fingerprint("SHA-1"),
rsapub.estimated_strength(), len(rsapub.encoding())
))
dec = botan2.pk_op_decrypt(rsapriv, "EME1(SHA-256)")
enc = botan2.pk_op_encrypt(rsapub, "EME1(SHA-256)")
sys_rng = botan2.rng()
symkey = sys_rng.get(32)
ctext = enc.encrypt(symkey, sys_rng)
print("ptext \'%s\' (%d)" % (hex_encode(symkey), len(symkey)))
print("ctext \'%s\' (%d)" % (hex_encode(ctext), len(ctext)))
print("decrypt \'%s\' (%d)\n" % (hex_encode(dec.decrypt(ctext)),
len(dec.decrypt(ctext))))
signer = botan2.pk_op_sign(rsapriv, 'EMSA4(SHA-384)')
signer.update('messa')
signer.update('ge')
sig = signer.finish(botan2.rng())
print("EMSA4(SHA-384) signature: %s" % hex_encode(sig))
verify = botan2.pk_op_verify(rsapub, 'EMSA4(SHA-384)')
verify.update('mess')
verify.update('age')
print("good sig accepted? %s" % verify.check_signature(sig))
verify.update('mess of things')
verify.update('age')
print("bad sig accepted? %s" % verify.check_signature(sig))
verify.update('message')
print("good sig accepted? %s\n" % verify.check_signature(sig))
def test_bcrypt(self):
r = botan2.rng()
phash = botan2.bcrypt('testing', r)
self.assertTrue(isinstance(phash, str))
self.assertTrue(phash.startswith("$2a$"))
self.assertTrue(botan2.check_bcrypt('testing', phash))
self.assertFalse(botan2.check_bcrypt('live fire', phash))
self.assertTrue(
botan2.check_bcrypt(
'test',
'$2a$04$wjen1fAA.UW6UxthpKK.huyOoxvCR7ATRCVC4CBIEGVDOCtr8Oj1C')
)
def test_rsa(self):
rng = botan2.rng()
rsapriv = botan2.private_key('RSA', '1024', rng)
self.assertEqual(rsapriv.algo_name(), 'RSA')
rsapub = rsapriv.get_public_key()
self.assertEqual(rsapub.algo_name(), 'RSA')
self.assertEqual(rsapub.estimated_strength(), 80)
enc = botan2.pk_op_encrypt(rsapub, "OAEP(SHA-256)")
dec = botan2.pk_op_decrypt(rsapriv, "OAEP(SHA-256)")
symkey = rng.get(32)
ctext = enc.encrypt(symkey, rng)
ptext = dec.decrypt(ctext)
self.assertEqual(ptext, symkey)
signer = botan2.pk_op_sign(rsapriv, 'EMSA4(SHA-384)')
signer.update('messa')
signer.update('ge')
sig = signer.finish(botan2.rng())
verify = botan2.pk_op_verify(rsapub, 'EMSA4(SHA-384)')
verify.update('mess')
verify.update('age')
self.assertTrue(verify.check_signature(sig))
verify.update('mess of things')
verify.update('age')
self.assertFalse(verify.check_signature(sig))
verify.update('message')
self.assertTrue(verify.check_signature(sig))
def test_rsa(self):
rng = botan2.rng()
rsapriv = botan2.private_key('RSA', '1024', rng)
self.assertEqual(rsapriv.algo_name(), 'RSA')
rsapub = rsapriv.get_public_key()
self.assertEqual(rsapub.algo_name(), 'RSA')
self.assertEqual(rsapub.estimated_strength(), 80)
enc = botan2.pk_op_encrypt(rsapub, "OAEP(SHA-256)")
dec = botan2.pk_op_decrypt(rsapriv, "OAEP(SHA-256)")
symkey = rng.get(32)
ctext = enc.encrypt(symkey, rng)
ptext = dec.decrypt(ctext)
self.assertEqual(ptext, symkey)
signer = botan2.pk_op_sign(rsapriv, 'EMSA4(SHA-384)')
signer.update('messa')
signer.update('ge')
sig = signer.finish(botan2.rng())
verify = botan2.pk_op_verify(rsapub, 'EMSA4(SHA-384)')
verify.update('mess')
verify.update('age')
self.assertTrue(verify.check_signature(sig))
verify.update('mess of things')
verify.update('age')
self.assertFalse(verify.check_signature(sig))
verify.update('message')
self.assertTrue(verify.check_signature(sig))
