aboutsummaryrefslogtreecommitdiffstats
path: root/src/tests/data
Commit message (Collapse)AuthorAgeFilesLines
* Add test of FPE_FE1Jack Lloyd2016-09-091-0/+14
| | | | Self-generated vectors, just a basic smoke test right now.
* Merge GH #613 NewHope R-LWE key exchangeJack Lloyd2016-09-051-0/+6003
|\
| * Add NEWHOPE KEM schemeJack Lloyd2016-08-301-0/+6003
| | | | | | | | | | | | | | | | | | | | Provides conjectured 200-bit security against a quantum attacker. Based on the public domain reference implementation at https://github.com/tpoeppelmann/newhope and bit-for-bit compatible with that version. Test vectors generated by the reference testvector.c
* | No need for long all-zero input after cd9f852Jack Lloyd2016-09-051-1/+0
| |
* | Merge GH #616 ChaCha SSE2 optimizationsJack Lloyd2016-09-051-0/+8
|\ \
| * | Missing increment in SSE2 version, broke ChaCha20Poly1305 testsJack Lloyd2016-09-011-0/+8
| |/ | | | | | | But not any ChaCha20 tests due to no long test inputs. Add one.
* | Remove deprecated Nyberg-Rueppel and Rabin-Williams signaturesJack Lloyd2016-09-023-267/+0
| |
* | Remove deprecated hashes MD2, HAS-160, and RIPEMD-128Jack Lloyd2016-09-027-377/+0
| |
* | Remove deprecated ciphers MARS, RC2, RC5, RC6, SAFER-SK and TEAJack Lloyd2016-09-0210-10849/+1
| | | | | | | | | | XTEA was also deprecated but has been spared, it does seem to be somewhat common (eg, included in the Go x/crypto library)
* | Let the input arg to stream cipher test be optional.Jack Lloyd2016-09-012-96/+0
|/ | | | | | If ommitted, assume an all zero input. Remove some In = 0000... from test files.
* DLIES test tweaksJack Lloyd2016-08-281-245/+78
| | | | | Use the group name instead of repeating 2048 bit prime N times. Split up reporting by cipher type.
* Use Botan's interpretation of P-521 ECDSA zero padding for nowJack Lloyd2016-08-271-1/+5
|
* Add tests with a message hash that contains leading zerosDaniel Neus2016-08-265-0/+50
|
* Added ecdsa_keygen for frp256v1Simon Cogliani2016-08-011-2/+1
|
* Added test vectors ecdsa_rfc6979 for frp256v1Simon Cogliani2016-08-011-0/+22
|
* Added test vectors ecdh_kat and ecdh_keygen for frp256v1Simon Cogliani2016-07-311-0/+101
|
* Merge branch 'master' into frp256v1Simon Cogliani2016-07-301-0/+41
|\
| * add some basic charset testsDaniel Neus2016-07-251-0/+41
| | | | | | | | | | | | - UCS-2 to ISO 8859-1 - UTF-8 to ISO 8859-1 - ISO 8859-1 to UTF-8
* | Added test vectors ecc point multiplication for frp256v1Simon Cogliani2016-07-241-0/+209
|/
* Merge asm into single mp_madd.h and mp_asmi.h filesJack Lloyd2016-07-212-0/+8
| | | | | | | Avoids some cut and paste, also removes the need for special logic in configure.py for handling mp module specially. Merge SIMD classes into a single type SIMD_4x32
* improve parallel hash tests + memory leak fixDaniel Neus2016-07-201-0/+4
| | | | | | | | | | - add one test with SHA-256,SHA-512 - test Parallel::clone() - test Parallel ctor - fix memory leak in Parallel::clone(): Currently Parallel::clone() calls hash->clone() (first heap allocation) and after this clone() calls Parallel(const std::vector<HashFunction*>& in) which does another heap allocation. So its sufficient to pass the hash pointer to the Parallel ctor instead of a clone
* Merge GH #541 More ECIES testsJack Lloyd2016-07-191-28/+175
|\
| * add more ECIES testsDaniel Neus2016-07-191-28/+175
| |
* | Merge GH #520 RNG changesJack Lloyd2016-07-182-520/+6023
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds Stateful_RNG base class which handles reseeding after some amount of output (configurable at instantiation time, defaults to the build.h value) as well as detecting forks (just using pid comparisons, so still vulnerable to pid wraparound). Implemented by HMAC_RNG and HMAC_DRBG. I did not update X9.31 since its underlying RNG should already be fork safe and handle reseeding at the appropriate time, since a new block is taken from the underlying RNG (for the datetime vector) for each block of output. Adds RNG::randomize_with_input which for most PRNGs is just a call to add_entropy followed by randomize. However for HMAC_DRBG it is used for additional input. Adds tests for HMAC_DRBG with AD from the CAVS file. RNG::add_entropy is implemented by System_RNG now, as both CryptGenRandom and /dev/urandom support receiving application provided data. The AutoSeeded_RNG underlying type is currently selectable in build.h and defaults to HMAC_DRBG(SHA-256). AutoSeeded_RNG provides additional input with each output request, consisting of the current pid, a counter, and timestamp (unless the application explicitly calls randomize_with_input, in which case we just take what they provided). This is the same hedge used in HMAC_RNGs output PRF. AutoSeeded_RNG is part of the base library now and cannot be compiled out. Removes Entropy_Accumulator type (which just served to bridge between the RNG and the entropy source), instead the Entropy_Source is passed a reference to the RNG being reseeded, and it can call add_entropy on whatever it can come up with.
| * | Remove useless L param from X9.31 test vector fileJack Lloyd2016-07-171-515/+4
| | | | | | | | | | | | Clean up test code
| * | Switch to HMAC_DRBG for all RNG generation.Jack Lloyd2016-07-171-5/+6019
| | | | | | | | | | | | | | | | | | | | | | | | Add support and tests for additional_data param to HMAC_DRBG Add Stateful_RNG class which has fork detection and periodic reseeding. AutoSeeded_RNG passes the current pid and time as additional_data
* | | Add test vectors for RSA-KEM/KDF1René Korthaus2016-07-181-3/+129
| |/ |/| | | | | | | Adds test vectors for RSA-KEM with KDF1 from ISO 18033-2 and test vectors for KDF1 and KDF2 generated with BouncyCastle.
* | Merge GH #533 DLIES changesJack Lloyd2016-07-171-30/+970
|\ \
| * | DLIES reworkDaniel Neus2016-07-131-30/+970
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With these fixes the implementation is now compatible with bouncycastle and it should operate as it is specified in "DHIES: An encryption scheme based on Diffie-Hellman Problem" or in BSI technical guideline TR-02102-1. In addition to the already present XOR-encrypion/decryption mode it's now possible to use DLIES with a block cipher. Previously the input to the KDF was the concatenation of the (ephemeral) public key and the secret value derived by the key agreement operation: ``` secure_vector<byte> vz(m_my_key.begin(), m_my_key.end()); vz += m_ka.derive_key(0, m_other_key).bits_of(); const size_t K_LENGTH = length + m_mac_keylen; secure_vector<byte> K = m_kdf->derive_key(K_LENGTH, vz); ``` I don't know why this was implemented like this. But now the input to the KDF is only the secret value obtained by the key agreement operation. Furthermore the order of the output was changed from {public key, tag, ciphertext} to {public key, ciphertext, tag}. Multiple test vectors added that were generated with bouncycastle and some with botan itself.
* / Add test vectors for KDF1/ISO18033René Korthaus2016-07-151-0/+24
|/
* Merge GH #531 Add AES/CBC/CTS tests from RFC 3962Jack Lloyd2016-07-111-0/+32
|\
| * Add test vectors for AES-CBC-CS3 aka AES/CBC/CTS from RFC 3962René Korthaus2016-07-111-0/+32
| | | | | | | | | | | | Previously, CBC-CS3 only had tests with DES, but if DES is not enabled in the module policy, then CBC-CS3 is not tested at all.
* | Add test vectors for block cipher padding modesRené Korthaus2016-07-111-0/+83
|/ | | | | | | | | | | Exports get_bc_pad() to be used from tests. Adds separate handcrafted tests for block cipher padding modes. They were previously only tested implicitly during the block cipher modes of operation tests, though not all padding modes were covered. And in case a mode of operation is not part of the enabled modules, the previously tested padding modes are not covered at all. Fixes an off-by-one bug in the previously untested ANSI X9.23 padding mode, where the number of zero bytes in the pad was one more than allowed by the standard.
* Merge GH #504 Add ECKCDSAJack Lloyd2016-06-201-0/+29
|\
| * Add ECKCDSA signature algorithmRené Korthaus2016-06-141-0/+29
| |
* | Merge GH #483 Add ECIES and KDF1 from ISO 18033Jack Lloyd2016-06-202-0/+192
|\ \
| * \ Merge remote-tracking branch 'remotes/origin/master' into eciesPhilipp Weber2016-05-301-0/+23
| |\ \
| * | | ecies review change: add missing ciphertext to test vectorsPhilipp Weber2016-05-231-2/+2
| | | |
| * | | add ecies implementation according to iso-18033Philipp Weber2016-04-272-0/+192
| | | |
* | | | Merge GH #497 Add StreamCipher::seek and implementation for ChaChaJack Lloyd2016-06-181-0/+506
|\ \ \ \ | | | | | | | | | | | | | | | Also adds ChaCha8 support
| * | | | Adding StreamCipher::seek interface, supporting seek in ChaCha, and also ↵SimCog2016-06-181-0/+506
| | |_|/ | |/| | | | | | | | | | adding ChaCha8 support
* | | | Merge GH #495 Add label argument to KDF::derive_keyJack Lloyd2016-06-174-5517/+4489
|\ \ \ \ | |/ / / |/| | |
| * | | pycryptodome generated test vectors for SP800-56CKai Michaelis2016-05-191-120/+160
| | | |
| * | | BouncyCastle generated test vectors for SP800-108Kai Michaelis2016-05-193-5397/+4329
| |/ /
* | | Merge GH #489 Add support probabilistic DSA & ECDSAJack Lloyd2016-06-074-0/+2656
|\ \ \ | |_|/ |/| |
| * | Add support probabilistic DSA & ECDSARené Korthaus2016-05-084-0/+2656
| |/ | | | | | | | | | | | | Adds support for probabilistic, aka the standard, DSA and ECDSA. Can be enabled by disabling the rfc6979 module. Includes test vectors from NIST CAVP. Adds rfc6979 to the list of prohibited modules in BSI policy.
* / Fix GCM counter incrementJack Lloyd2016-05-231-0/+23
|/ | | | | | | | | GCM is defined as having a 32-bit counter, but CTR_BE incremented the counter across the entire block. This caused incorrect results if a very large message (2**39 bits) was processed, or if the GHASH derived nonce ended up having a counter field near to 2**32 Thanks to Juraj Somorovsky for the bug report and repro.
* Merge GH #481 Add NIST SP800-108 & 56c KDFsJack Lloyd2016-04-214-0/+5640
|\
| * NIST SP800-108 & 56cKai Michaelis2016-04-204-0/+5640
| |
* | Add ECGDSARené Korthaus2016-04-191-0/+98
|/