[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Emacs-diffs] scratch/tzz/nettle 28b19e1: WIP: GnuTLS: factor extract_da
|
From: |
Teodor Zlatanov |
|
Subject: |
[Emacs-diffs] scratch/tzz/nettle 28b19e1: WIP: GnuTLS: factor extract_data_from_object() out from secure_hash() |
|
Date: |
Mon, 17 Apr 2017 16:39:44 -0400 (EDT) |
branch: scratch/tzz/nettle
commit 28b19e1082156fe01068a3fb15e6eb79f7efb1f7
Author: Ted Zlatanov <address@hidden>
Commit: Ted Zlatanov <address@hidden>
WIP: GnuTLS: factor extract_data_from_object() out from secure_hash()
---
src/fns.c | 70 ++++++++++----
src/gnutls.c | 215 ++++++++++++++++++++++++++++++++----------
src/lisp.h | 3 +
test/lisp/net/gnutls-tests.el | 85 +++--------------
4 files changed, 234 insertions(+), 139 deletions(-)
diff --git a/src/fns.c b/src/fns.c
index a14d8ad..5c0f219 100644
--- a/src/fns.c
+++ b/src/fns.c
@@ -4740,22 +4740,24 @@ DEFUN ("secure-hash-algorithms",
Fsecure_hash_algorithms,
Qsha512);
}
-/* ALGORITHM is a symbol: md5, sha1, sha224 and so on. */
-
-static Lisp_Object
-secure_hash (Lisp_Object algorithm, Lisp_Object object, Lisp_Object start,
- Lisp_Object end, Lisp_Object coding_system, Lisp_Object noerror,
- Lisp_Object binary)
-{
- ptrdiff_t size, start_char = 0, start_byte, end_char = 0, end_byte;
+/* Extract data from a string or a buffer. SPEC is a list of
+(BUFFER-OR-STRING START END CODING-SYSTEM NOERROR) which behave as
+specified with `secure-hash'. */
+const char*
+extract_data_from_object (Lisp_Object spec,
+ ptrdiff_t *start_byte,
+ ptrdiff_t *end_byte)
+{
+ ptrdiff_t size, start_char = 0, end_char = 0;
register EMACS_INT b, e;
register struct buffer *bp;
EMACS_INT temp;
- int digest_size;
- void *(*hash_func) (const char *, size_t, void *);
- Lisp_Object digest;
- CHECK_SYMBOL (algorithm);
+ Lisp_Object object = Fnth (make_number (0), spec);
+ Lisp_Object start = Fnth (make_number (1), spec);
+ Lisp_Object end = Fnth (make_number (2), spec);
+ Lisp_Object coding_system = Fnth (make_number (3), spec);
+ Lisp_Object noerror = Fnth (make_number (4), spec);
if (STRINGP (object))
{
@@ -4786,10 +4788,10 @@ secure_hash (Lisp_Object algorithm, Lisp_Object object,
Lisp_Object start,
size = SCHARS (object);
validate_subarray (object, start, end, size, &start_char, &end_char);
- start_byte = !start_char ? 0 : string_char_to_byte (object, start_char);
- end_byte = (end_char == size
- ? SBYTES (object)
- : string_char_to_byte (object, end_char));
+ *start_byte = !start_char ? 0 : string_char_to_byte (object, start_char);
+ *end_byte = (end_char == size
+ ? SBYTES (object)
+ : string_char_to_byte (object, end_char));
}
else
{
@@ -4892,10 +4894,40 @@ secure_hash (Lisp_Object algorithm, Lisp_Object object,
Lisp_Object start,
if (STRING_MULTIBYTE (object))
object = code_convert_string (object, coding_system, Qnil, 1, 0, 0);
- start_byte = 0;
- end_byte = SBYTES (object);
+ *start_byte = 0;
+ *end_byte = SBYTES (object);
}
+ return SSDATA (object);
+}
+
+
+/* ALGORITHM is a symbol: md5, sha1, sha224 and so on. */
+
+static Lisp_Object
+secure_hash (Lisp_Object algorithm, Lisp_Object object, Lisp_Object start,
+ Lisp_Object end, Lisp_Object coding_system, Lisp_Object noerror,
+ Lisp_Object binary)
+{
+ ptrdiff_t start_byte, end_byte;
+ int digest_size;
+ void *(*hash_func) (const char *, size_t, void *);
+ Lisp_Object digest;
+
+ CHECK_SYMBOL (algorithm);
+
+ Lisp_Object spec = listn (CONSTYPE_HEAP, 5,
+ object,
+ start,
+ end,
+ coding_system,
+ noerror);
+
+ const char* input = extract_data_from_object (spec, &start_byte, &end_byte);
+
+ if (input == NULL)
+ error ("secure_hash: failed to extract data from object, aborting!");
+
if (EQ (algorithm, Qmd5))
{
digest_size = MD5_DIGEST_SIZE;
@@ -4933,7 +4965,7 @@ secure_hash (Lisp_Object algorithm, Lisp_Object object,
Lisp_Object start,
hexified value */
digest = make_uninit_string (digest_size * 2);
- hash_func (SSDATA (object) + start_byte,
+ hash_func (input + start_byte,
end_byte - start_byte,
SSDATA (digest));
diff --git a/src/gnutls.c b/src/gnutls.c
index ea17148..7836b1e 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -24,6 +24,7 @@ along with GNU Emacs. If not, see
<http://www.gnu.org/licenses/>. */
#include "process.h"
#include "gnutls.h"
#include "coding.h"
+#include "buffer.h"
#ifdef HAVE_GNUTLS
@@ -1743,8 +1744,11 @@ The alist key is the cipher name. */)
static Lisp_Object
gnutls_symmetric_aead (bool encrypting, gnutls_cipher_algorithm_t gca,
- Lisp_Object cipher, Lisp_Object key, Lisp_Object iv,
- Lisp_Object input, Lisp_Object aead_auth)
+ Lisp_Object cipher,
+ const char* kdata, size_t ksize,
+ const char* vdata, size_t vsize,
+ const char* idata, size_t isize,
+ Lisp_Object aead_auth)
{
#ifdef HAVE_GNUTLS3_AEAD
@@ -1752,7 +1756,7 @@ gnutls_symmetric_aead (bool encrypting,
gnutls_cipher_algorithm_t gca,
int ret = GNUTLS_E_SUCCESS;
gnutls_aead_cipher_hd_t acipher;
- gnutls_datum_t key_datum = { (unsigned char*) SSDATA (key), SCHARS (key) };
+ gnutls_datum_t key_datum = { (unsigned char*) kdata, ksize };
ret = gnutls_aead_cipher_init (&acipher, gca, &key_datum);
if (ret < GNUTLS_E_SUCCESS)
@@ -1765,17 +1769,31 @@ gnutls_symmetric_aead (bool encrypting,
gnutls_cipher_algorithm_t gca,
return Qnil;
}
- size_t storage_length = SCHARS (input) + gnutls_cipher_get_tag_size (gca);
+ size_t storage_length = isize + gnutls_cipher_get_tag_size (gca);
USE_SAFE_ALLOCA;
unsigned char *storage = SAFE_ALLOCA (storage_length);
const char* aead_auth_data = NULL;
size_t aead_auth_size = 0;
- if (STRINGP (aead_auth))
+ if (!NILP (aead_auth))
{
- aead_auth_data = SSDATA (aead_auth);
- aead_auth_size = SCHARS (aead_auth);
+ if (BUFFERP (aead_auth) || STRINGP (aead_auth))
+ aead_auth = list1 (aead_auth);
+
+ CHECK_CONS (aead_auth);
+
+ ptrdiff_t astart_byte, aend_byte;
+ const char* adata = extract_data_from_object (aead_auth, &astart_byte,
&aend_byte);
+
+ if (adata == NULL)
+ {
+ error ("GnuTLS AEAD cipher auth extraction failed");
+ return Qnil;
+ }
+
+ aead_auth_data = adata;
+ aead_auth_size = aend_byte - astart_byte;
}
size_t expected_remainder = 0;
@@ -1783,12 +1801,12 @@ gnutls_symmetric_aead (bool encrypting,
gnutls_cipher_algorithm_t gca,
if (!encrypting)
expected_remainder = gnutls_cipher_get_tag_size (gca);
- if ((SCHARS (input) - expected_remainder) % gnutls_cipher_get_block_size
(gca) != 0)
+ if ((isize - expected_remainder) % gnutls_cipher_get_block_size (gca) != 0)
{
error ("GnuTLS AEAD cipher %s/%s input block length %ld was not a "
"multiple of the required %ld plus the expected tag remainder
%ld",
gnutls_cipher_get_name (gca), desc,
- SCHARS (input), (long) gnutls_cipher_get_block_size (gca),
+ (long) isize, (long) gnutls_cipher_get_block_size (gca),
(long) expected_remainder);
return Qnil;
}
@@ -1796,28 +1814,24 @@ gnutls_symmetric_aead (bool encrypting,
gnutls_cipher_algorithm_t gca,
if (encrypting)
{
ret = gnutls_aead_cipher_encrypt (acipher,
- SSDATA (iv), SCHARS (iv),
+ vdata, vsize,
aead_auth_data, aead_auth_size,
gnutls_cipher_get_tag_size (gca),
- SSDATA (input), SCHARS (input),
+ idata, isize,
storage, &storage_length);
}
else
{
ret = gnutls_aead_cipher_decrypt (acipher,
- SSDATA (iv), SCHARS (iv),
+ vdata, vsize,
aead_auth_data, aead_auth_size,
gnutls_cipher_get_tag_size (gca),
- SSDATA (input), SCHARS (input),
+ idata, isize,
storage, &storage_length);
}
- Fclear_string (key);
- Fclear_string (iv);
- if (STRINGP (aead_auth))
- {
- Fclear_string (aead_auth);
- }
+ if (!NILP (aead_auth) && STRINGP (XCAR (aead_auth)))
+ Fclear_string (XCAR (aead_auth));
if (ret < GNUTLS_E_SUCCESS)
{
@@ -1851,9 +1865,21 @@ gnutls_symmetric (bool encrypting, Lisp_Object cipher,
Lisp_Object key, Lisp_Object iv,
Lisp_Object input, Lisp_Object aead_auth)
{
- CHECK_STRING (input);
- CHECK_STRING (key);
- CHECK_STRING (iv);
+ if (BUFFERP (key) || STRINGP (key))
+ key = list1 (key);
+
+ CHECK_CONS (key);
+
+ if (BUFFERP (input) || STRINGP (input))
+ input = list1 (input);
+
+ CHECK_CONS (input);
+
+ if (BUFFERP (iv) || STRINGP (iv))
+ iv = list1 (iv);
+
+ CHECK_CONS (iv);
+
const char* desc = (encrypting ? "encrypt" : "decrypt");
@@ -1895,41 +1921,78 @@ gnutls_symmetric (bool encrypting, Lisp_Object cipher,
return Qnil;
}
- if (SCHARS (key) != gnutls_cipher_get_key_size (gca))
+ ptrdiff_t kstart_byte, kend_byte;
+ const char* kdata = extract_data_from_object (key, &kstart_byte, &kend_byte);
+
+ if (kdata == NULL)
+ {
+ error ("GnuTLS cipher key extraction failed");
+ return Qnil;
+ }
+
+ if ((kend_byte - kstart_byte) != gnutls_cipher_get_key_size (gca))
{
error ("GnuTLS cipher %s/%s key length %ld was not equal to "
"the required %ld",
gnutls_cipher_get_name (gca), desc,
- SCHARS (key), (long) gnutls_cipher_get_key_size (gca));
+ kend_byte - kstart_byte, (long) gnutls_cipher_get_key_size (gca));
return Qnil;
}
- if (SCHARS (iv) != gnutls_cipher_get_iv_size (gca))
+ ptrdiff_t vstart_byte, vend_byte;
+ const char* vdata = extract_data_from_object (iv, &vstart_byte, &vend_byte);
+
+ if (vdata == NULL)
+ {
+ error ("GnuTLS cipher IV extraction failed");
+ return Qnil;
+ }
+
+ if ((vend_byte - vstart_byte) != gnutls_cipher_get_iv_size (gca))
{
error ("GnuTLS cipher %s/%s IV length %ld was not equal to "
"the required %ld",
gnutls_cipher_get_name (gca), desc,
- SCHARS (iv), (long) gnutls_cipher_get_iv_size (gca));
+ vend_byte - vstart_byte, (long) gnutls_cipher_get_iv_size (gca));
+ return Qnil;
+ }
+
+ ptrdiff_t istart_byte, iend_byte;
+ const char* idata = extract_data_from_object (input, &istart_byte,
&iend_byte);
+
+ if (idata == NULL)
+ {
+ error ("GnuTLS cipher input extraction failed");
return Qnil;
}
// Is this an AEAD cipher?
if (gnutls_cipher_get_tag_size (gca) > 0)
{
- return gnutls_symmetric_aead (encrypting, gca, cipher, key, iv, input,
aead_auth);
+ Lisp_Object aead_output =
+ gnutls_symmetric_aead (encrypting, gca, cipher,
+ kdata, kend_byte - kstart_byte,
+ vdata, vend_byte - vstart_byte,
+ idata, iend_byte - istart_byte,
+ aead_auth);
+ if (STRINGP (XCAR (key)))
+ Fclear_string (XCAR (key));
+ if (STRINGP (XCAR (iv)))
+ Fclear_string (XCAR (iv));
+ return aead_output;
}
- if (SCHARS (input) % gnutls_cipher_get_block_size (gca) != 0)
+ if ((iend_byte - istart_byte) % gnutls_cipher_get_block_size (gca) != 0)
{
error ("GnuTLS cipher %s/%s input block length %ld was not a multiple "
"of the required %ld",
gnutls_cipher_get_name (gca), desc,
- SCHARS (input), (long) gnutls_cipher_get_block_size (gca));
+ iend_byte - istart_byte, (long) gnutls_cipher_get_block_size
(gca));
return Qnil;
}
gnutls_cipher_hd_t hcipher;
- gnutls_datum_t key_datum = { (unsigned char*) SSDATA (key), SCHARS (key) };
+ gnutls_datum_t key_datum = { (unsigned char*) kdata, kend_byte - kstart_byte
};
ret = gnutls_cipher_init (&hcipher, gca, &key_datum, NULL);
@@ -1944,28 +2007,30 @@ gnutls_symmetric (bool encrypting, Lisp_Object cipher,
}
// TODO: support streaming block mode
- gnutls_cipher_set_iv (hcipher, SSDATA (iv), SCHARS (iv));
+ gnutls_cipher_set_iv (hcipher, (void*) vdata, vend_byte - vstart_byte);
// GnuTLS docs: "For the supported ciphers the encrypted data length
// will equal the plaintext size."
- size_t storage_length = SCHARS (input);
+ size_t storage_length = iend_byte - istart_byte;
Lisp_Object storage = make_uninit_string (storage_length);
if (encrypting)
{
ret = gnutls_cipher_encrypt2 (hcipher,
- SSDATA (input), SCHARS (input),
+ idata, iend_byte - istart_byte,
SSDATA (storage), storage_length);
}
else
{
ret = gnutls_cipher_decrypt2 (hcipher,
- SSDATA (input), SCHARS (input),
+ idata, iend_byte - istart_byte,
SSDATA (storage), storage_length);
}
- Fclear_string (key);
- Fclear_string (iv);
+ if (STRINGP (XCAR (key)))
+ Fclear_string (XCAR (key));
+ if (STRINGP (XCAR (iv)))
+ Fclear_string (XCAR (iv));
if (ret < GNUTLS_E_SUCCESS)
{
@@ -2010,7 +2075,15 @@ DEFUN ("gnutls-symmetric-decrypt",
Fgnutls_symmetric_decrypt, Sgnutls_symmetric_
Returns nil on error. INPUT, KEY, and IV should be unibyte
strings. AEAD_AUTH may be a unibyte string or omitted (nil).
-IV, KEY, and AEAD_AUTH will be wiped by the function.
+Returns nil on error. INPUT, KEY, and IV can be strings or buffers or
+lists.
+
+IV, KEY, and AEAD_AUTH will be wiped by the function if they are
+strings.
+
+INPUT and KEY and AEAD_AUTH can be a list in the format
+(BUFFER-OR-STRING INPUT-START INPUT-END CODING-SYSTEM NOERROR) and
+those elements are extracted and used as in `secure-hash' which see.
The alist of symmetric ciphers can be obtained with `gnutls-ciphers`.
The CIPHER may be a string or symbol matching a key in that alist, or
@@ -2097,11 +2170,15 @@ the digest-algorithm method name. */)
}
DEFUN ("gnutls-hash-mac", Fgnutls_hash_mac, Sgnutls_hash_mac, 3, 3, 0,
- doc: /* Hash INPUT string with HASH-METHOD and KEY string into a
unibyte string.
+ doc: /* Hash INPUT with HASH-METHOD and KEY into a unibyte string.
-Returns nil on error. INPUT and KEY should be unibyte strings.
+Returns nil on error. INPUT and KEY can be strings or buffers or lists.
-KEY will be wiped by the function.
+KEY will be wiped by the function if it's a string.
+
+INPUT and KEY can be a list in the format (BUFFER-OR-STRING INPUT-START
+INPUT-END CODING-SYSTEM NOERROR) and those elements are extracted and
+used as in `secure-hash' which see.
The alist of MAC algorithms can be obtained with `gnutls-macs`. The
HASH-METHOD may be a string or symbol matching a key in that alist, or
@@ -2109,8 +2186,15 @@ a plist with the `:mac-algorithm-id' numeric property,
or the number
itself. */)
(Lisp_Object hash_method, Lisp_Object key, Lisp_Object input)
{
- CHECK_STRING (input);
- CHECK_STRING (key);
+ if (BUFFERP (input) || STRINGP (input))
+ input = list1 (input);
+
+ CHECK_CONS (input);
+
+ if (BUFFERP (key) || STRINGP (key))
+ key = list1 (key);
+
+ CHECK_CONS (key);
int ret = GNUTLS_E_SUCCESS;
@@ -2150,8 +2234,17 @@ itself. */)
return Qnil;
}
+ ptrdiff_t kstart_byte, kend_byte;
+ const char* kdata = extract_data_from_object (key, &kstart_byte, &kend_byte);
gnutls_hmac_hd_t hmac;
- ret = gnutls_hmac_init (&hmac, gma, SSDATA (key), SCHARS (key));
+ ret = gnutls_hmac_init (&hmac, gma,
+ kdata + kstart_byte, kend_byte - kstart_byte);
+
+ if (kdata == NULL)
+ {
+ error ("GnuTLS MAC key extraction failed");
+ return Qnil;
+ }
if (ret < GNUTLS_E_SUCCESS)
{
@@ -2163,12 +2256,21 @@ itself. */)
return Qnil;
}
+ ptrdiff_t istart_byte, iend_byte;
+ const char* idata = extract_data_from_object (input, &istart_byte,
&iend_byte);
+ if (idata == NULL)
+ {
+ error ("GnuTLS MAC input extraction failed");
+ return Qnil;
+ }
+
size_t digest_length = gnutls_hmac_get_len (gma);
Lisp_Object digest = make_uninit_string (digest_length);
- ret = gnutls_hmac (hmac, SSDATA (input), SCHARS (input));
+ ret = gnutls_hmac (hmac, idata + istart_byte, iend_byte - istart_byte);
- Fclear_string (key);
+ if (STRINGP (XCAR (key)))
+ Fclear_string (XCAR (key));
if (ret < GNUTLS_E_SUCCESS)
{
@@ -2189,9 +2291,13 @@ itself. */)
}
DEFUN ("gnutls-hash-digest", Fgnutls_hash_digest, Sgnutls_hash_digest, 2, 2, 0,
- doc: /* Digest INPUT string with DIGEST-METHOD into a unibyte string.
+ doc: /* Digest INPUT with DIGEST-METHOD into a unibyte string.
-Returns nil on error. INPUT should be a unibyte string.
+Returns nil on error. INPUT can be a string or a buffer or a list.
+
+INPUT can be a list in the format (BUFFER-OR-STRING INPUT-START
+INPUT-END CODING-SYSTEM NOERROR) and those elements are extracted and
+used as in `secure-hash' which see.
The alist of digest algorithms can be obtained with `gnutls-digests`.
The DIGEST-METHOD may be a string or symbol matching a key in that
@@ -2199,7 +2305,10 @@ alist, or a plist with the `:digest-algorithm-id'
numeric property, or
the number itself. */)
(Lisp_Object digest_method, Lisp_Object input)
{
- CHECK_STRING (input);
+ if (BUFFERP (input) || STRINGP (input))
+ input = list1 (input);
+
+ CHECK_CONS (input);
int ret = GNUTLS_E_SUCCESS;
@@ -2254,7 +2363,15 @@ the number itself. */)
size_t digest_length = gnutls_hash_get_len (gda);
Lisp_Object digest = make_uninit_string (digest_length);
- ret = gnutls_hash (hash, SSDATA (input), SCHARS (input));
+ ptrdiff_t istart_byte, iend_byte;
+ const char* idata = extract_data_from_object (input, &istart_byte,
&iend_byte);
+ if (idata == NULL)
+ {
+ error ("GnuTLS digest input extraction failed");
+ return Qnil;
+ }
+
+ ret = gnutls_hash (hash, idata + istart_byte, iend_byte - istart_byte);
if (ret < GNUTLS_E_SUCCESS)
{
diff --git a/src/lisp.h b/src/lisp.h
index 678e261..b56b009 100644
--- a/src/lisp.h
+++ b/src/lisp.h
@@ -3379,6 +3379,9 @@ enum { NEXT_ALMOST_PRIME_LIMIT = 11 };
extern EMACS_INT next_almost_prime (EMACS_INT) ATTRIBUTE_CONST;
extern Lisp_Object larger_vector (Lisp_Object, ptrdiff_t, ptrdiff_t);
extern void sweep_weak_hash_tables (void);
+extern const char* extract_data_from_object (Lisp_Object spec,
+ ptrdiff_t *start_byte,
+ ptrdiff_t *end_byte);
EMACS_UINT hash_string (char const *, ptrdiff_t);
EMACS_UINT sxhash (Lisp_Object, int);
Lisp_Object make_hash_table (struct hash_table_test, EMACS_INT, float, float,
diff --git a/test/lisp/net/gnutls-tests.el b/test/lisp/net/gnutls-tests.el
index 32246d5..dc1c85f 100644
--- a/test/lisp/net/gnutls-tests.el
+++ b/test/lisp/net/gnutls-tests.el
@@ -103,6 +103,12 @@
(let ((plist (cdr (assq (cdr mcell) macs))))
(gnutls-tests-message "Checking digest MAC %S %S" mcell plist)
(dolist (input gnutls-tests-mondo-strings)
+ ;; Test buffer extraction
+ (with-temp-buffer
+ (insert input)
+ (should (gnutls-tests-hexstring-equal
+ (gnutls-hash-digest (cdr mcell) (current-buffer))
+ (secure-hash (car mcell) (current-buffer) nil nil t))))
(should (gnutls-tests-hexstring-equal
(gnutls-hash-digest (cdr mcell) input)
(secure-hash (car mcell) input nil nil t))))))))
@@ -122,11 +128,17 @@
("a9993e364706816aba3e25717850c26c9cd0d89d" "abc"
"SHA1"))) ; check string ID for digest
(destructuring-bind (hash input mac) test
(let ((plist (cdr (assq mac macs)))
- result)
+ result resultb)
(gnutls-tests-message "%s %S" mac plist)
(setq result (encode-hex-string (gnutls-hash-digest mac input)))
(gnutls-tests-message "%S => result %S" test result)
- (should (string-equal result hash)))))))
+ (should (string-equal result hash))
+ ;; Test buffer extraction
+ (with-temp-buffer
+ (insert input)
+ (setq resultb (encode-hex-string (gnutls-hash-digest mac
(current-buffer))))
+ (gnutls-tests-message "%S => result from buffer %S" test resultb)
+ (should (string-equal resultb hash))))))))
(ert-deftest test-gnutls-003-hashes-hmacs ()
"Test some predefined GnuTLS HMAC outputs for SHA256."
@@ -230,74 +242,5 @@
(should-not (gnutls-tests-hexstring-equal data reverse))
(should (gnutls-tests-hexstring-equal input reverse))))))))))
-;; (ert-deftest test-nettle-006-pbkdf2-RFC-6070 ()
-;; "Test the GnuTLS PBKDF2 SHA1 hashing with the RFC 6070 test set"
-;; (should (string-equal (encode-hex-string (nettle-pbkdf2 "pass\000word"
"sa\000lt" 4096 16 "sha1"))
-;; "56fa6aa75548099dcc37d7f03425e0c3"))
-;; (let ((tests
'("0c60c80f961f0e71f3a9b524af6012062fe037a6:password:salt:1:x:sha1"
-;;
"ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957:password:salt:2:x:sha1"
-;;
"4b007901b765489abead49d926f721d065a429c1:password:salt:4096:x:sha1"
-;; ;;
"eefe3d61cd4da4e4e9945b3d6ba2158c2634e984:password:salt:16777216:x:sha1" ;;
enable for a speed test :)
-;;
"3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038:passwordPASSWORDpassword:saltSALTsaltSALTsaltSALTsaltSALTsalt:4096:x:sha1"))
-;; test expected)
-;; (while (and tests (setq test (split-string (pop tests) ":")))
-;; (setq expected (pop test))
-;; (setf (nth 2 test) (string-to-number (nth 2 test)))
-;; (setf (nth 3 test) (length (decode-hex-string expected)))
-;; ;; (message "Testing 006-pbkdf2-RFC-6070 %S" test)
-;; (should (string-equal (encode-hex-string (apply 'nettle-pbkdf2
test))
-;; expected)))))
-
-;; (ert-deftest test-nettle-007-rsa-verify ()
-;; "Test the GnuTLS RSA signature verification"
-;; ;; signature too short
-;; (should-error (nettle-rsa-verify "Test the GnuTLS RSA signature"
-;; ""
-;; "Test the GnuTLS RSA signature"
-;; "sha1"))
-
-;; ;; key too short
-;; (should-error (nettle-rsa-verify "Test the GnuTLS RSA signature"
-;; "Test the GnuTLS RSA signature"
-;; ""
-;; "sha1"))
-
-;; ;; invalid hashing method
-;; (should-error (nettle-rsa-verify "Test the GnuTLS RSA signature"
-;; "Test the GnuTLS RSA signature"
-;; ""
-;; "no such method"))
-
-;; ;; key generated with:
-;; ;; openssl genrsa -out privkey.pem 2048
-;; ;; openssl rsa -in privkey.pem -pubout > pubkey.pem
-;; (let* ((key (substring "
-;; -----BEGIN PUBLIC KEY-----
-;; MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAreGA/Qky9W3izQV0kzba
-;; 7wKl/wzwxkbbQxvcUqUT1krgAbO/n1tYFjXdJZoWwbMO/qv7NRoMDY4yPWGpsQfY
-;; +PSIknAhTZVbgwXrm/wb37+hKRKax2UZ9A/Rx4vJZRYlkpvZ9LbBziseFNN7SMWW
-;; qkjBO/NeT8/I9mURDa+4RoYfT6ZwjTvt808PH7uIghk+MHAx9EMBAfafF1Jn9TqW
-;; y+Hgdqik9sZteMvCumvGK4grSwzdfPO5I05tt/0I7QVPxlXbHIk/bBsE7mpgOxur
-;; P0DAkFKtYDM7oZPBwB6X778ba2EEFKPpVIyzw/jlDPd9PB6gE6dixmax3Hlg69RI
-;; EwIDAQAB
-;; -----END PUBLIC KEY-----
-;; " 28 426))
-;; ;; 24 skipped bytes are the header
-;; (key-bitstring (substring (base64-decode-string key) 24)))
-;; ;; invalid signature, valid key
-;; (should-not (nettle-rsa-verify "Test the GnuTLS RSA signature"
-;; "Test the GnuTLS RSA signature"
-;; key-bitstring
-;; "sha1"))
-;; ;; valid signature, valid key
-;; ; doesn't work; generated with "openssl rsautl -sign -in /tmp/test
-inkey /tmp/privkey.pem" but contains other baggage
-;; (should (nettle-rsa-verify "Test the GnuTLS RSA signature"
-;; (decode-hex-string
"abf710d920de0a210167e62995d5cb06fb0ff6a3f81e2f1965dd3f4716883ab61b7dec40d1ebde89b0657473a434d0333177f183f71a9f4b84a49781b1e4bc440e042f2eb4441000ba07168cdb190c5aebba8c433420f6fc28b6997cbfee061170210bfa65294199e6d6c8c5e1a16421942371f6115d77263b859a75645b6b70d56f14ad378c8499318ff05eda9d24a61d854a3d7f6b67b037abb8d25e4b11ca3e42bdb823cfac34c70057ecd55cbb8449346c0824b46f6c668d14f1744bad7d05470953981df32fde24d2a1f27e58bf9e7d99b20b39b25844c539
[...]
-;; key-bitstring
-;; "sha1"))
-;; ))
-
-;; ;; (message (encode-hex-string (nettle-pbkdf2 "password" "salt" 1 20
"sha1")))
-
(provide 'gnutls-tests)
;;; gnutls-tests.el ends here
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Emacs-diffs] scratch/tzz/nettle 28b19e1: WIP: GnuTLS: factor extract_data_from_object() out from secure_hash(),
Teodor Zlatanov <=