aboutsummaryrefslogtreecommitdiffstats
path: root/src/tests/data
Commit message (Collapse)AuthorAgeFilesLines
* Update Wycheproof GCM testsJack Lloyd2017-09-151-6/+38
|
* some formattingAtanas Filyanov2017-09-151-1/+5
|
* reenable 8 byte gcm tagsAtanas Filyanov2017-09-151-0/+9
|
* Allow GCM tag size in the range 96..128 bitsAtanas Filyanov2017-09-141-15/+43
|
* Merge GH #1208 Fix decoding of RFC 5915 ECC keysJack Lloyd2017-09-131-0/+6
|\
| * Remove inner/outer OID check in EC_PrivateKey ctorRené Korthaus2017-09-131-0/+6
| | | | | | | | | | | | | | | | RFC 5915 mandates that the OID of an ECDSA ECPrivateKey shall be id-ecPublicKey with the named curve as the parameters. ECPrivateKey may contain the named curve OID, too, which is compared to id-ecPublicKey. Such keys could not be loaded. We remove this check and add a test vector from strongswan.
* | allow 12 byte GCM tags and add test vectorsAtanas Filyanov2017-09-131-0/+48
|/
* Change SM2 encryption to match updated standard.Jack Lloyd2017-09-101-1/+2
| | | | | | | | Unfortunately it seems the SM2 format changed between 2010 and 2012, now the ciphertext is C1 || C3 || C2. Unfortunate no matter how you slice it, but at least it's easy to convert from one form to another.
* Support arbitrary hashes for SM2 signaturesJack Lloyd2017-09-061-0/+1
| | | | This is a contribution from Ribose Inc
* Simplify polynomial doubling codeJack Lloyd2017-09-051-0/+13
| | | | | | | | | | GCC and Clang generate effectively identical code for a template with parameters, vs completely unrolled code as was used previously. Add a little-endian variant so XTS can use it. This extends XTS support to cover 256 and 512-bit ciphers. I was not able to find another implementation that supports both XTS and ciphers with large blocks, so the XTS test vectors are self-generated.
* Support a negative base in power_modJack Lloyd2017-09-021-0/+22
| | | | Closes #1168
* Add a script for running TLS-Attacker, remove old shell scriptsJack Lloyd2017-09-021-0/+29
| | | | [ci skip]
* Remove hard-coded fuzz testsJack Lloyd2017-08-2555-327/+0
| | | | All of these values were imported into crypto-corpus repo
* Use correct padding mode in ARIA CBC testJack Lloyd2017-08-231-1/+1
|
* Cleanup ARIAJack Lloyd2017-08-231-3/+10
| | | | Remove NEON support, replace macros with inlines
* Add missing ARIA test vectors (GH #1004)Jeffrey Walton2017-08-231-0/+35
|
* Add is_passhash9_alg_supported()René Korthaus2017-08-191-0/+1
|
* More ECDSA Raw(hash) testsJack Lloyd2017-08-161-0/+17
|
* Allow signature using `Raw(hashname)`Jack Lloyd2017-08-152-0/+40
| | | | | | This confirms the message is exactly the size of the expected hash, and also causes RFC 6979 nonces to be generated using the specified hash. See also https://github.com/riboseinc/rnp/issues/367
* Merge GH #1151 Add SHACAL2Jack Lloyd2017-08-151-0/+4097
|\
| * Add SHACAL2 in generic SIMDJack Lloyd2017-08-131-0/+14
| | | | | | | | Bit over 2x faster on my desktop
| * Add SHACAL2Jack Lloyd2017-08-131-0/+4083
| | | | | | | | 256 bit ARX block cipher with hardware support, what's not to love.
* | Improve polynomial doubling code, move to utilJack Lloyd2017-08-151-0/+240
|/ | | | | | | | | Now does 64-bits at a time instead of 8 bits, and avoids conditional timing channel on the XOR carry. Confirmed that at least GCC 7 and Clang 4 on x86-64 compile the functions without conditional jumps. Also removes CMAC as a dependency of OCB, which only needed it in order to call CMAC::poly_double
* Fix issue signing an ECDSA hash of all-zeros (GH #1143)Jack Lloyd2017-08-072-0/+31
| | | | | The tests were generated by Botan but I was able to verify the resulting signatures using Golang's ecdsa module.
* Merge GH #1142 Add SM2 encryption schemeJack Lloyd2017-08-071-0/+14
|\
| * Add SM2 encryption schemeJack Lloyd2017-08-041-0/+14
| | | | | | | | This is a contribution from Ribose Inc (@riboseinc)
* | Merge GH #1114 Add Streebog hash (GOST 34.11-2012)Jack Lloyd2017-08-071-0/+796
|\ \ | |/ |/|
| * Add Streebog hash (GOST R 34.11-2012).Daniel Wyatt2017-08-041-0/+796
| |
| * Add ChaCha_RNGJack Lloyd2017-07-311-0/+129
| |
* | Refactor stateful RNG tests to cover both HMAC_DRBG and ChaCha_RNGJack Lloyd2017-08-031-0/+0
| |
* | Add ChaCha_RNGJack Lloyd2017-08-031-0/+129
|/
* Add SM2 signature schemeJack Lloyd2017-06-292-0/+19
| | | | | | From https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02 This is a contribution from Ribose Inc (@riboseinc).
* Add SM4 block cipherJack Lloyd2017-06-161-0/+9
| | | | This work was sponsored by Ribose Inc
* Update OCB ref to RFC, and add new test vectorsJack Lloyd2017-06-121-0/+98
|
* Add FFI test and test data from PGP draftJack Lloyd2017-06-081-1/+15
|
* Add Ed25519 key type and testsJack Lloyd2017-06-071-0/+3294
| | | | This work was sponsored by Ribose Inc
* Avoid infinite loop in PGP-S2KJack Lloyd2017-05-291-0/+5
| | | | | | | | In simple mode (no salt) with an empty password the input buffer is empty. Add a check that salt is not empty if iterations > 1 since PGP only has simple, salted, and iterated+salted modes.
* Add (back) OpenPGP-S2KJack Lloyd2017-05-271-0/+67
| | | | | | | | | | | | | It was removed somewhere along the line in 1.11, with the logic that it is a funky PGP-specific scheme and (quoting the commit that removed it) "not really useful outside of a full PGP implementation". This assumed that the PGP implementation would be in Botan itself, but PGP is implemented in https://github.com/evpo/EncryptPad/ (which is a PGP implementation using 1.10), and RNP (https://github.com/riboseinc/rnp) would like to use it also. This work was sponsored by Ribose Inc (@riboseinc).
* Merge GH #1054 Add HOTP and TOTP algorithmsJack Lloyd2017-05-222-0/+146
|\
| * Add HOTP (RFC 4226) and TOTP (RFC 6238)Jack Lloyd2017-05-192-0/+146
| |
* | Merge GH #844 Add support for ARMv8 SHA instructionsJack Lloyd2017-05-222-2/+389
|\ \
| * | Small cleanups for ARM SHA codeJack Lloyd2017-05-201-0/+387
| | | | | | | | | | | | | | | | | | | | | Fix for new define syntax, remove old style casts. Add some randomly generated longer SHA-256 vectors, previously had precisely zero multiblock tests.
| * | Add SHA-256 using ARMv8 instructionsJack Lloyd2017-05-202-2/+2
| |/ | | | | | | Based on patch from Jeffrey Walton in GH #841
* | Merge GH #1053 Fix path length constraint checking (GH #991)Jack Lloyd2017-05-2111-0/+198
|\ \ | |/ |/|
| * fix pathLenConstraint validationDaniel Neus2017-05-1911-0/+198
| | | | | | | | | | | | | | | | | | | | | | Fixes GH #991 The problem with the current implementation of the chain validation code is that is runs from the end certificate to the trust cert. @securitykernel and me tried to fix the pathLenConstraint validation within this reverse loop but we were not sure if we missed some edge cases. So we felt safer to use the algorithm listed in RFC 5280 which executes from the top to the bottom. It's probably best to rewrite the code to use the whole algorithm from RFC 5280, i.e. validating the chain from the trust to the end cert. Additionally, we wrote some tests including the one that raised this issue initially.
* | Add support for Intel SHA-1/SHA-2 instructionsJack Lloyd2017-05-192-1/+3
| | | | | | | | Based on GH #807 and #808
* | Merge GH #1051 Extensions for PKCSv1.5 signature formattingJack Lloyd2017-05-191-0/+8
|\ \
| * | Add botan_pkcs_hash_id to FFIJack Lloyd2017-05-181-0/+8
| |/ | | | | | | | | | | Extend EMSA_PKCS1v15_Raw to optionally take a hash function for which the PKCS hash id is prefixed to the message as usual. This allows signing a message using PKCSv1.5 padding where the hash is provided externally.
* / Handle IV carryover in CBC, CFB, and stream ciphersJack Lloyd2017-05-131-0/+5
|/ | | | | | Allow an empty nonce to mean "continue using the current cipher state". GH #864
* KDF SP800-56A: Add test vectors with 0 length salt to improve coverageKrzysztof Kwiatkowski2017-05-031-0/+60
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-04 20:25:56 +0000