aboutsummaryrefslogtreecommitdiffstats
path: root/checks
Commit message (Collapse)AuthorAgeFilesLines
* Split the AES vectors into 3 specifically named AES-128, AES-192, andlloyd2009-11-101-1651/+1650
| | | | | | AES-256 blocks, plus a handful remaining in a general AES block. This is necessary for any implementation which only supports a particular key size, since otherwise no tests at all will run on that implementation.
* In creating X.509 certificates and PKCS #10 requests, let (actually: require)lloyd2009-11-091-2/+8
| | | | | | | the user to specify the hash function to use, instead of always using SHA-1. This was a sensible default a few years ago, when there wasn't a ~2^60 attack on SHA-1 and support for SHA-2 was pretty much nil, but using something else makes a lot more sense these days.
* Add TEA and XTEA ECB vectorslloyd2009-10-231-0/+650
|
* Add test vectors for TEA and XTEA in CTR modelloyd2009-10-231-0/+1242
|
* Convert CTR_BE from a Filter to a StreamCipher. Must wrap in a ↵lloyd2009-10-141-0/+7
| | | | | | StreamCipher_Filter to pass it directly to a Pipe now.
* Remove unused arglloyd2009-10-091-3/+2
|
* Use the new selftest framework for testing hashes, MACs, and ciphers.lloyd2009-10-074-1490/+269
| | | | | | Remove the Decrypt direction cipher mode tests - now both directions are always tested for all modes. Also add IVs for Salsa20 (were implicit all-zeros) since that does not fly anymore in validate.dat
* Fix benchmarking of PK stufflloyd2009-09-291-1/+1
|
* Modify the self test program to use the builtin runtime benchmarking goop.lloyd2009-09-248-381/+223
| | | | | | | | | Features dropped: RNG benchmarking, the --bench-type option. New feature: Anything the library understands can be benchmarked using --bench-algo. Use 3DES and Serpent for mode benchmarking along with AES-128.
* Remove redundant SHA-1 test vector of empty inputlloyd2009-09-221-1/+0
|
* Add 4 test vectors for HMAC(BMW-512)lloyd2009-09-211-0/+41
|
* Update the implementation of Blue Midnight Wish to use the Round 2 tweakedlloyd2009-09-211-512/+1122
| | | | version.
* Split up util.h into 3 fileslloyd2009-09-171-1/+1
| | | | | | | - rounding.h (round_up, round_down) - workfactor.h (dl_work_factor) - timer.h (system_time) And update all users of the previous util.h
* Add an implementation of Blue Midnight Wish (512 bit version only)lloyd2009-09-152-1/+1915
|
* propagate from branch 'net.randombit.botan.1_8' (head ↵lloyd2009-09-156-63/+848
|\ | | | | | | | | | | ef51dd2869ed38dae3aeb1c3b931ca9d595580e1) to branch 'net.randombit.botan' (head fc1942640045423f411fd865cbd584090b28d7eb)
| * Add a couple of Serpent/XTS test vectors (SQLite data pages)lloyd2009-09-101-0/+273
| |
| * Wrap benchmark_rw call in BOTAN_HAS_RW macro checklloyd2009-09-041-0/+2
| |
| * Remove support for HTML benchmark output. Easier/simpler to parse thelloyd2009-08-144-63/+24
| | | | | | | | | | output with a script after the fact to generate such things, especially as often for HTML I want to do multiple side-by-side results.
| * Add some longer Serpent CTR vectorslloyd2009-08-121-0/+460
| |
| * Modify Keyed_Filter so it is a pure interfacelloyd2009-08-111-0/+89
| | | | | | | | | | | | | | | | | | | | Modify ECB to use parallel encryption/decryption where possible Add toggles in build.h specifying how many blocks to process in parallel. Defaults to 8 blocks for all modes, which is sufficient that any likely parallelism can be extracted (via SIMD or concurrent execution) but not so much as to seem likely to cause cache problems (8*128 bits = 128 bytes, or two x86 cache lines)
| * Change the BlockCipher interface to support multi-block encryption andlloyd2009-08-111-0/+2
| | | | | | | | | | | | | | | | | | decryption. Currently only used for counter mode. Doesn't offer much advantage as-is (though might help slightly, in terms of cache effects), but allows for SIMD implementations to process multiple blocks in parallel when possible. Particularly thinking here of Serpent; TEA/XTEA also seem promising in this sense, as is Threefish once that is implemented as a standalone block cipher.
* | Change Skein-512 to match the tweaked 1.2 specification. Round constantslloyd2009-09-151-18454/+1637
| | | | | | | | in the Threefish cipher have changed to increase diffusion.
* | Add a new option --no-autoload to configure.py. This will produce a minimallloyd2009-09-041-0/+2
|/ | | | | | | | | | | build (only libstate, utils, plus dependencies), which can be extended with use of --enable-modules. To add new modules to the set of always-loaded, use 'load_on always' in info.txt Also fix a few small build problems that popped up when doing a minimal build. Requested by a user.
* Add a set of Serpent/CTR tests. The primary reason for this is becauselloyd2009-08-101-0/+541
| | | | | Serpent seems very nicely suited to a SSE2 SIMD implementation, and CTR mode can handle multiple blocks in parallel. Input lens 1 to 128 bytes.
* Drop execute attributes on test fileslloyd2009-07-219-0/+0
|
* Return the test suite result code from main()lloyd2009-07-121-1/+1
|
* Return 1 to system if exception is caught in check proglloyd2009-07-121-0/+2
|
* Mark Skein_512 with the BOTAN_DLL macrolloyd2009-06-062-2/+23
| | | | | | | | | | | | | | Add a comment that the limitation of the personalization string being a maximum of 64 characters is due to the implementation and not the specification (but it makes it easy to implement, and in this particular case 64 characters is probably fine). Add some tests for the personalization option, generated by the Skein reference implementation. Disable stripping whitespace in checks/misc.cpp:strip - it strips the personalization tag, which breaks the test, and isn't needed otherwise because the test files are well-formed.
* Add an implementation of Skein-512lloyd2009-06-022-0/+26445
|
* Add XTS mode, from IEEE P1619lloyd2009-04-162-1/+369
|
* Add the GOST 34.11 hash function. Pretty slow, but functional.lloyd2009-04-072-0/+71
|
* Add a set of test vectors for GOST 28147-89 using the CryptoPro paramslloyd2009-04-011-0/+32
| | | | commonly used for the GOST 34.11 hash, generated by OpenSSL's GOST code.
* Use the full name for the GOST test vectorslloyd2009-03-311-1/+1
|
* GOST was using a completely non-standard set of sboxes. Change it to uselloyd2009-03-271-20/+59
| | | | | | | | | | | | | | | GostR3411_94_TestParamSet, this is compatible with the implementations in Crypto++ and OpenSSL. This is not backwards compatible, though once the implementation supports multiple param sets (which is required, unfortunately, for compatability with various standards by CryptoCom, who have defined not one but at least 4 (!!!) different sboxes to use with GOST), I may offer Botan's previous sbox set as an option. Since adding the GOST hash function (34.11) and signing algorithm (34.10) are on the long term agenda (request by Rickard Bondesson, as the Russian authorities want to use their local standards for their DNSSEC use), I renamed the block cipher class (which had been just 'GOST') to GOST_28147_89 to minimize future name clashes.
* Check in a branch with a major redesign on how entropy polling is performed.lloyd2009-01-271-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Combine the fast and slow polls, into a single poll() operation. Instead of being given a buffer to write output into, the EntropySource is passed an Entropy_Accumulator. This handles the RLE encoding that xor_into_buf used to do. It also contains a cached I/O buffer so entropy sources do not individually need to allocate memory for that with each poll. When data is added to the accumulator, the source specifies an estimate of the number of bits of entropy per byte, as a double. This is tracked in the accumulator. Once the estimated entropy hits a target (set by the constructor), the accumulator's member function predicate polling_goal_achieved flips to true. This signals to the PRNG that it can stop performing polling on sources, also polls that take a long time periodically check this flag and return immediately. The Win32 and BeOS entropy sources have been updated, but blindly; testing is needed. The test_es example program has been modified: now it polls twice and outputs the XOR of the two collected results. That helps show if the output is consistent across polls (not a good thing). I have noticed on the Unix entropy source, occasionally there are many 0x00 bytes in the output, which is not optimal. This also needs to be investigated. The RLE is not actually RLE anymore. It works well for non-random inputs (ASCII text, etc), but I noticed that when /dev/random output was fed into it, the output buffer would end up being RR01RR01RR01 where RR is a random byte and 00 is the byte count. The buffer sizing also needs to be examined carefully. It might be useful to choose a prime number for the size to XOR stuff into, to help ensure an even distribution of entropy across the entire buffer space. Or: feed it all into a hash function? This change should (perhaps with further modifications) help WRT the concerns Zack W raised about the RNG on the monotone-dev list.
* Add some test vectors for EMSA3(Raw) with RSA generated using Crypto++lloyd2008-11-301-0/+58
|
* Add verification tests for RSA/EMSA4 signatures generated by Crypto++ 5.5.2lloyd2008-11-281-0/+136
| | | | using SHA-224, SHA-256, and RIPEMD-160
* Add test vectors for RSA/EMSA2 generated by Crypto++ 5.5.2lloyd2008-11-281-0/+318
| | | | | using hashes SHA-224, SHA-256, SHA-384, SHA-512, RIPEMD-128, RIPEMD-160, and Whirlpool.
* Add test vectors for RSA EMSA3 with RIPEMD-160 and Tiger. Generated bylloyd2008-11-281-0/+153
| | | | Crypto++ 5.5.2 on motoko (x86-64 Gentoo)
* Add a set of test vectors for RSA/EMSA3 with SHA-1, SHA-224, SHA-256,lloyd2008-11-281-0/+337
| | | | SHA-384, and SHA-512 generated using Crypto++ 5.5.2
* Using SHA-1 as the check hash in the block cipher tests is messy b/c SHA-1lloyd2008-11-231-1/+1
| | | | | has many engine variants, etc. Instead use CRC32 which tends to work and not be surprising.
* Add a few test vectors for SHA-1 with longer inputslloyd2008-11-231-0/+129
|
* Move AutoSeeded_RNG decl before check for --help flag, so startup time is ↵lloyd2008-11-221-2/+2
| | | | easy to measure
* Disable ec_tests.cpp unless ECDSA is enabledlloyd2008-11-171-1/+13
|
* Reorganize all GF(p)/ECC tests to be called from pk.cpplloyd2008-11-174-11/+13
|
* Output that ECC tests are being run, and run them after GF(p) math tests ↵lloyd2008-11-172-2/+5
| | | | which is a reasonable ordering
* Tame ec_tests.cpp and integrate it into the test code.lloyd2008-11-173-1115/+1124
| | | | | | | | I'm seeing one failure on Core2. Have not diagnosed at all. A number of tests are #if'ed out. Many were rubbed out in the original InSiTo version, others I commented out due to changed/removed APIs.
* Add ec_test.cpp from InSiTo (low level ECC test cases)lloyd2008-11-171-0/+1202
|
* Fix mode benchmarkinglloyd2008-11-171-0/+2
|
* Use std::vector instead of SecureVector to hold random input for filter ↵lloyd2008-11-171-3/+3
| | | | benchmark