aboutsummaryrefslogtreecommitdiffstats
path: root/src/tests/data
Commit message (Collapse)AuthorAgeFilesLines
* Add more tests for modular inverseJack Lloyd2016-02-211-0/+468
| | | | | The result of fuzzing with AFL for a while, then running cmin on the result.
* Add tests and timings for inverse_modJack Lloyd2016-02-201-0/+21
|
* Split up BigInt testsJack Lloyd2016-02-1712-2600/+2160
| | | | | | Removes a fair number of the power mod test cases for size and test time. Would be better to add a randomized or fuzzer-based test. Otherwise no change.
* Fix two bugs in 1.11.27 which caused test failures.1.11.28Jack Lloyd2016-02-011-0/+5
| | | | | | | | | | | | | The check on each individual size in curve_mul is too strict since we rely on redc(x*1) during the on the curve computation. Fix an off by one in ressol which caused it to occasionally reject valid values. Updating version 1.11.28 since existing 1.11.27 tag already pushed :( Fix an off-by-one in ressol which would cause it to occasionly give up too early.
* Fix heap overflow in ECC point multiplicationJack Lloyd2016-02-011-0/+11
| | | | | | | | | | | | | | If affine coordinates larger than the prime modulus were given, a later multiplication could overflow the size of an allocated output buffer, which was sized based on the size of the prime. This will cause an overflow into either the system heap or if the mlock/mmap pool allocator is in use, then into the adjacent key material stored in the pool. Reported by Alex Gaynor who found it with AFL Also fix a one word overwrite in P-521 reduction. Found with AFL
* Fix (nearly) infinite loop in RESSOL (modular square root).Jack Lloyd2016-02-011-0/+13
| | | | | | | It first computed the first i for q**(2**i) == 1, then checked that i was smaller than s. Given a composite modulus (for which the algorithm does not work), the loop might do a very large amount of work before returning the failure.
* Blake2b: add 'abc' test vectorcynecx2016-01-261-0/+3
|
* Add Blake2b hash functioncynecx2016-01-261-0/+3111
|
* Add ECDH via OpenSSLJack Lloyd2016-01-041-50/+50
| | | | | | | | | | Expose provider param in PK_Key_Agreement API Handle multiple providers in key agreement tests Fix some funky formatting of P-521 EC points in ecdh.vec which was being rejected by OpenSSL; for whatever reason the CAVS file had the affine coords with far more leading zeros than necessary.
* Add some more secp256k1 point mult testsJack Lloyd2016-01-031-0/+184
|
* Add ECDH testsJack Lloyd2016-01-031-0/+508
| | | | Only has vectors for NIST curves (data taken from NIST CAVS file)
* Fix PointGFp multiplication bugJack Lloyd2016-01-031-1/+1054
| | | | | | There was a special case for small scalars which managed to forget that the integer 3 also fits into two bits. Found by adding a new set of ECC point mul tests for the NIST curves.
* Add generalized KEM interfaceJack Lloyd2015-12-261-0/+25
| | | | | | Convert McEliece KEM to use it Add RSA-KEM
* Update NIST X509 tests to handle --data-dir and read expected results from a ↵Jack Lloyd2015-12-231-0/+76
| | | | file
* Add all 18 Nist GCM testsSimon Warta2015-12-201-41/+122
| | | | | | | | This adds tests for key length 192 and 256. Test vector source: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm /gcm-spec.pdf Closes: #344
* Update and consolidate the test framework.Jack Lloyd2015-11-1121-5505/+2847
| | | | | | | | | | | The tests previously had used 4 to 6 different schemes internally (the vec file reader framework, Catch, the old InSiTo Boost.Test tests, the PK/BigInt tests which escaped the rewrite in 1.11.7, plus a number of one-offs). Converge on a design that works everywhere, and update all the things. Fix also a few bugs found by the test changes: SHA-512-256 name incorrect, OpenSSL RC4 name incorrect, signature of FFI function botan_pubkey_destroy was wrong.
* Disable two tests from x509test which no longer have correct dates.Jack Lloyd2015-10-261-2/+4
| | | | | | These will need to be regen'ed with corrected values. Fix for minimized builds.
* Fix cert validation bugs found by x509test.Jack Lloyd2015-10-2341-0/+2553
| | | | Add test suite with certs from x509test
* McEliece cleanupsJack Lloyd2015-09-291-0/+58
| | | | | | | | | | | | | | | | | | | | Remove and consolidate various headers Reduce memory usage of GF2m_Field by sharing the log and exponent tables across all instances of a particular word size. Remove McEliece_Public_Operation and McEliece_Private_Operation which were difficult to use safely. Instead only the KEM operations are exposed. Add McEliece_PublicKey::random_plaintext_element Add command line `mce` tool and some McEliece documentation Convert the speed program to check McEliece keys of the suggested size Add McEliece KATs for both key generation and KEM Fix HMAC_DRBG constructor which derefed a pointer before its time
* Fix two crashes in the BER decoder found with afl.Jack Lloyd2015-08-0253-0/+316
| | | | | One a read at 0 of an empty vector, the other causing allocation of an arbitrary amount of memory.
* Add HKDF(SHA-512) test vectorslloyd2015-03-181-17/+51
|
* Convert HKDF to the normal KDF interfacelloyd2015-02-182-46/+46
|
* Modify interfaces of KDF and PBKDF to write output to an array, withlloyd2015-02-181-5/+5
| | | | higher level functions on interface handling returning a vector.
* Add new module `ffi` which provides a plain C interface, plus a newlloyd2015-02-161-0/+21
| | | | | | | | | | | | ctypes Python wrapper that uses it. The API is intentionally designed to have a very simple ABI (extern "C", all structs are opaque, no memory ownership passing the FFI boundary, limited set of simple types as args) so the ctypes wrapper is quite simple. Currently ffi provides ciphers, hashes, MACs, RNGs, PBKDF, KDF, bcrypt, and most public key operations. Remove the old boost.python wrapper and all the build code for it.
* Add SipHashlloyd2015-01-111-0/+4
|
* Remove SSLv3 and handling of SSLv2 client hellos.lloyd2015-01-112-192/+0
|
* Add SHA-512/256lloyd2015-01-081-0/+4
| | | | | Define some new functions for copying out arrays of words and use them across hashes.
* Add Brainpool and secp160r1 ECDSA testslloyd2015-01-051-0/+151
|
* Support the older ChaCha20Poly1305 AEAD from draft-agl-tls-chacha20poly1305-04lloyd2014-12-311-0/+8
| | | | | which we distinguish by the nonce size (always 64 bits in this format, always 96 bits in the CFRG document).
* Add AEAD based on ChaCha20 and Poly1305 defined in ↵lloyd2014-12-291-0/+13
| | | | draft-irtf-cfrg-chacha20-poly1305-03
* Add Poly1305, based on poly1305-donna by Andrew Moon.lloyd2014-12-291-0/+323
|
* Support 96 bit nonces in ChaCha20 as specified in ↵lloyd2014-12-291-0/+9
| | | | draft-irtf-cfrg-chacha20-poly1305-03
* Add Curve25519 based on curve25519-donna by Adam Langley.lloyd2014-12-271-0/+79
| | | | | | This uses only the c64 version from curve25519-donna; on systems that don't have a native uint128_t type, a donna128 type stands in for just enough 128-bit operations to satisfy donna.cpp
* Implement RFC 6979 determinstic signatures for DSA and ECDSA.lloyd2014-12-102-160/+234
| | | | | Drop the GNU MP engine. Its implementations were potentially faster in some scenarios but not well protected against side channels.
* OCB cleanup and additional testslloyd2014-11-071-0/+104
|
* Various small fixes and cleanups, new is_prime utillloyd2014-11-031-0/+9
|
* Add some secp256k1 KATs and a randomized ECC test suggested inlloyd2014-10-101-0/+21
| | | | http://crypto.stackexchange.com/questions/784
* Correct CCM for L != 2. Bugzilla 270lloyd2014-05-161-0/+7
|
* Add HMAC_DRBGlloyd2014-03-211-0/+2405
|
* Remove Square, Skipjack, Luby-Rackoff, and Blue Midnight Wish.lloyd2014-02-084-983/+0
|
* Add the CMAC constants for 256 and 512 bit block cipherslloyd2014-02-022-0/+18
| | | | | Also add test vectors for Threefish-512 CMAC and EAX, both generated by the library.
* Add ChaChalloyd2014-01-313-13/+39
|
* Remove PBES1 entirelylloyd2014-01-181-6/+5
|
* Split up test vectors into per-algo files and app into botan-test forlloyd2014-01-1091-54957/+49702
| | | | the tests and botan for everything else.
* Split up public key tests and data, use new test frameworklloyd2014-01-05542-0/+65572