aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Timing test suite with the mona timing libraryJuraj Somorovsky2016-11-2016-0/+589
|
* Merge GH #731 Add CLI docsJack Lloyd2016-11-193-12/+165
|\ | | | | | | [ci skip]
| * Minor changes and fixesJuraj Somorovsky2016-11-191-19/+23
| |
| * added CLI sectionNever2016-11-173-12/+161
| |
* | Add brainpool test to TLSJack Lloyd2016-11-191-1/+3
| |
* | Update newsJack Lloyd2016-11-191-0/+10
| |
* | Order default TLS ECC curve preferences by performanceJack Lloyd2016-11-192-6/+9
| | | | | | | | | | | | | | | | | | | | | | | | Moves x25519 to the front for best by-default side channel resistance, and orders remaining NIST/BP curves by performance rather than size. That means putting P-521 before P-384, since P-521 is much faster at least in Botan (due to much simpler modular reduction for P-521 prime), and Brainpools to the end due to being quite slow (no fast reductions). All of the supported curves seem strong enough, and if someone can break P-256 they can probably break P-384 as well so there doesn't seem much advantage in preferring slower curves by default.
* | Fix class vs struct declaration.Jack Lloyd2016-11-191-4/+6
| | | | | | | | | | Recent Clang complains about forward decl as 'class X' when X was actually declared as a struct.
* | Merge GH #729 Add CECPQ1 (x25519+NewHope) TLS ciphersuitesJack Lloyd2016-11-1919-46/+251
|\ \
| * | Add CECPQ1 TLS ciphersuitesJack Lloyd2016-11-1719-46/+251
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Tested against BoringSSL (as client + server) and google.com (as client). Fix a stupid crashing bug in NewHope's BoringSSL mode. Remove unneeded error return from curve25519_donna - always returned 0. Default policy prefers ChaChaPoly1305 over GCM and CECPQ1 over ECDH/DH, which means the default no-extra-configuration ciphersuite (for Botan client speaking to Botan server) is a ciphersuite which is both implemented in constant time on all platforms and (hopefully) provides post quantum security. Good Things.
* | | Add key_constraints_to_string, GOST-34.10 cert handlingJack Lloyd2016-11-186-75/+127
| | | | | | | | | | | | Add some try/catch blocks to the X.509 tests, and use create_private_key API
* | | Add X509_DN::emptyJack Lloyd2016-11-181-0/+2
| | |
* | | Don't force HMAC_DRBG to be enabledJack Lloyd2016-11-186-20/+27
| | | | | | | | | | | | | | | No need to strictly require it, and some applications may only want system RNG or RDRAND.
* | | Fix TLS testJack Lloyd2016-11-181-4/+4
|/ / | | | | | | | | It is allowable to request the maximum length, just not more than it. Found after about 22K runs of the TLS tests.
* | This range check was in the wrong directionJack Lloyd2016-11-171-1/+1
| |
* | Add OIDs for SHA-3 and SHA-3 signature algorithmsJack Lloyd2016-11-172-2/+77
| | | | | | | | | | Also CCM OIDS, and SHA-384/SHA-512 DSA OIDs. All from NIST: http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html
* | Don't strictly require ffi in modern policyJack Lloyd2016-11-171-3/+2
| |
* | Merge GH #727 Tests for KDF::nameJack Lloyd2016-11-1612-35/+36
|\ \
| * | KDF1 uses a hash function onlyRené Korthaus2016-11-161-1/+1
| | |
| * | Add a test for KDF::name()René Korthaus2016-11-1512-35/+36
| | | | | | | | | | | | | | | | | | This required fixing some test vectors that previously omitted the MAC, defaulting to HMAC, that used the SHA-1 alias to SHA-160, and fixing X942_PRF::name().
* | | Merge GH #721 Documentation reorg and expansionJack Lloyd2016-11-166-272/+943
|\ \ \ | | |/ | |/|
| * | added manual code examples and removed Nyberg-Rueppel, Rabin-Williams from docNever2016-11-161-37/+101
| | |
| * | Doc changes/additions: hash,symmetric crypto and pubkeyNever2016-11-116-272/+879
| | |
* | | Fix TLS client next protocol handlingJack Lloyd2016-11-161-1/+2
| | | | | | | | | | | | [ci skip]
* | | Fix incompatability with (some) common TLS stackJack Lloyd2016-11-164-15/+26
| | | | | | | | | | | | | | | | | | | | | | | | Several sites including oracle.com seem to send extension 11 (point format) even if we (the client) did not send it. Then the handshake fails. To workaround this problem, simply always send this extension as the client, instead of only sending it if we wished to support compressed points.
* | | Add a script to test TLS compat with major sitesJack Lloyd2016-11-163-0/+113
| | |
* | | Add new TLS callback for when session is activatedJack Lloyd2016-11-162-0/+8
| | | | | | | | | | | | | | | | | | The current session established cb happens before the session is activated, so it is not possible to send application data in response to the connection being made.
* | | Fix inverted conditionalJack Lloyd2016-11-161-1/+2
| | |
* | | Disable ffi on cross builds.Jack Lloyd2016-11-161-1/+1
| | | | | | | | | | | | | | | Not really needed (don't have a cross python to run) and avoids the unfortunate random test failures.
* | | Reword [ci skip]Jack Lloyd2016-11-161-1/+1
| | |
* | | Todo updates [ci skip]Jack Lloyd2016-11-161-1/+2
| | |
* | | Fix TLS corruption tests.Jack Lloyd2016-11-152-8/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | There is a simple bit flip corruption test for the TLS stack: we shouldn't negotiate correctly if any random bit gets flipped. But it turns out this is not entirely true as the record layer version field is effectively ignored except for distinguishing TLS vs DTLS. So a small bitflip in that field is sometimes ignored, causing the test to fail. Make sure we modify something in the body instead.
* | | Add negative tests for cipher mode paddingJack Lloyd2016-11-152-52/+107
| |/ |/|
* | Merge GH #724 Add ESP (IPsec) CBC padding modeJack Lloyd2016-11-154-1/+102
|\ \
| * | Update ISO standard for OneAndZeros_PaddingRené Korthaus2016-11-151-1/+1
| | |
| * | Check all padding bytes in ESP_Padding::unpad()René Korthaus2016-11-152-4/+24
| | |
| * | Check all ESP padding bytes during unpadRené Korthaus2016-11-141-12/+11
| | |
| * | Add ESP block cipher padding from RFC 4303René Korthaus2016-11-143-1/+83
| | | | | | | | | | | | | | | ESP padding is one of the recommended padding methods from BSI-TR-02102-1.
* | | Merge GH #723 Add HKDF_Extract and full HKDFJack Lloyd2016-11-154-31/+237
|\ \ \
| * | | Add test vectors for HKDF-Expand and HKDF-ExtractRené Korthaus2016-11-152-24/+142
| | | |
| * | | Add full HKDF implementationRené Korthaus2016-11-124-46/+134
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds the full HKDF as class HKDF, renames the existing HKDF, which only implemented the expansion step, to HKDF_Expand and adds the extraction step as HKDF_Extract. The latter two are usually only used seperately in protocols such as TLS. A normal user would go for the full HKDF.
* | | Update/reorg 1.11.34 notesJack Lloyd2016-11-151-45/+42
| | | | | | | | | | | | [ci skip]
* | | Move gen_bakefile IO call to end of mainJack Lloyd2016-11-151-9/+10
| | | | | | | | | | | | | | | | | | Previously ran inside of BuildConfigurationInformation's constructor [ci skip]
* | | Merge GH #725 Add PKCS11 docs [ci skip]Jack Lloyd2016-11-142-0/+1245
|\ \ \ | |/ / |/| |
| * | Add PKCS#11 documentationDaniel Neus2016-11-142-0/+1245
|/ /
* | Add params to XMSS test inputsJack Lloyd2016-11-123-47/+53
| | | | | | | | | | | | | | This prevents the test suite from globbing all the XMSS tests together under "XMSS/Raw"; since XMSS ignores the padding anyway, pretend the param string is the padding which causes the normal logic in the signature test code to do the right thing.
* | Remove unused Key_Type typedefsJack Lloyd2016-11-122-4/+0
| | | | | | | | [ci skip]
* | Update newsJack Lloyd2016-11-122-6/+12
| |
* | Remove unused variable from testsJack Lloyd2016-11-122-8/+0
| |
* | Basic speed test for XMSSJack Lloyd2016-11-121-0/+34
| |