diff options
| author | Jack Lloyd <[email protected]> | 2016-11-16 12:05:34 -0500 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2016-11-17 13:56:25 -0500 |
| commit | 74cf1686b727d9b41781df66f3f74d63b9c5cfe2 (patch) | |
| tree | c5127473f7676763202cf79837bd4328c903a21d /src/tests | |
| parent | 97df0c27b878d77799353ccc9eda9705b1ec1fa4 (diff) | |
Add CECPQ1 TLS ciphersuites
Tested against BoringSSL (as client + server) and google.com (as client).
Fix a stupid crashing bug in NewHope's BoringSSL mode.
Remove unneeded error return from curve25519_donna - always returned 0.
Default policy prefers ChaChaPoly1305 over GCM and CECPQ1 over ECDH/DH, which
means the default no-extra-configuration ciphersuite (for Botan client speaking
to Botan server) is a ciphersuite which is both implemented in constant time
on all platforms and (hopefully) provides post quantum security. Good Things.
Diffstat (limited to 'src/tests')
| -rw-r--r-- | src/tests/test_newhope.cpp | 4 | ||||
| -rw-r--r-- | src/tests/unit_tls.cpp | 4 |
2 files changed, 6 insertions, 2 deletions
diff --git a/src/tests/test_newhope.cpp b/src/tests/test_newhope.cpp index 894896777..95641bcaa 100644 --- a/src/tests/test_newhope.cpp +++ b/src/tests/test_newhope.cpp @@ -104,7 +104,7 @@ class NEWHOPE_Tests : public Text_Based_Test Botan::SHA_3_256 sha3; - std::vector<uint8_t> send_a(NEWHOPE_SENDABYTES); + std::vector<uint8_t> send_a(Botan::NEWHOPE_SENDABYTES); Botan::newhope_poly a_sk; Botan::newhope_keygen(send_a.data(), &a_sk, drbg_a); @@ -114,7 +114,7 @@ class NEWHOPE_Tests : public Text_Based_Test result.test_eq("Hash Output A", h_send_a, h_output_a); std::vector<uint8_t> sharedkey_b(32); - std::vector<uint8_t> send_b(NEWHOPE_SENDBBYTES); + std::vector<uint8_t> send_b(Botan::NEWHOPE_SENDBBYTES); Botan::newhope_sharedb(sharedkey_b.data(), send_b.data(), send_a.data(), drbg_b); result.test_eq("Key B", sharedkey_b, shared_key); diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp index 4ebc54252..e80fe5c63 100644 --- a/src/tests/unit_tls.cpp +++ b/src/tests/unit_tls.cpp @@ -978,6 +978,10 @@ class TLS_Unit_Tests : public Test test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDH", "AES-128/GCM", "AEAD", { { "signature_methods", "RSA" } }); +#if defined(BOTAN_HAS_CECPQ1) + test_modern_versions(results, *client_ses, *server_ses, *creds, "CECPQ1", "AES-256/GCM", "AEAD"); +#endif + test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDH", "AES-128/GCM", "AEAD", { { "use_ecc_point_compression", "true" } }); test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDH", "AES-128/GCM", "AEAD", |