| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
-x*n % n would reduce to n instead of zero.
Also some small optimizations and cleanups.
|
| |
|
|
|
|
| |
Using Barrett reduction instead of division is ~10x faster.
|
| |
|
| |
|
|
|
|
| |
GH #1476
|
| |
|
|
|
|
| |
Sonar finds
|
| |
|
| |
|
| |
|
|
|
|
| |
Some help from include-what-you-use
|
|
|
|
| |
Closes #1168
|
| |
|
|
|
|
| |
to avoid test failures
|
| |
|
|
|
|
|
| |
Removes complicated extra variable "dev", which was calculated
incorrectly: if ratio = 0.0 then dev = 0.0, resulting in a test success.
|
| |
|
| |
|
|
|
|
| |
Record counter value in test data, and start the search from there.
|
| |
|
|
|
|
|
|
| |
Previously longer tests were hidden behind higher 'soak levels'
but these arbitrary cutoffs are confusing compared to a simple
short tests/long tests split.
|
|
|
|
|
|
|
| |
Add a long list of 'false' primes from Google's Wycheproof tests:
https://github.com/google/wycheproof/blob/master/java/com/google/security/wycheproof/testcases/BigIntegerTest.java
Split vector file format into Prime and NonPrime sections for easier reading.
|
|
|
|
|
|
| |
Turns out astyle has some bugs wrt C++11 initialize lists. Rather
than having astyle mangle all of the tests, convert to using a string
which is split once at the start instead of a vector of keys.
|
|
|
|
|
|
| |
Renames a couple of functions for somewhat better name consistency,
eg make_u32bit becomes make_uint32. The old typedefs remain for now
since probably lots of application code uses them.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GH #754 exposed a bug in the non-Montgomery exponentiation case.
It turned out then when the fixed window was picked to any value
> 1, the result would be incorrect due to an off by one. This is
the one line fix in powm_fw.cpp
Also fix a bug in bigint_mul which caused incorrect results,
because the output BigInt was not being zeroed out before use. This
is only exposed in rare cases, found (somewhat indirectly) in
OSS-Fuzz #287.
Add more modular exponentiation tests, which would have caught
these issues earlier.
|
| |
|
| |
|
|
|
|
|
| |
Limited to 1024 bit params by default to keep runtimes reasonable,
but test vectors for all sizes from FIPS 186-3 do pass.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
The result of fuzzing with AFL for a while, then running cmin on the
result.
|
|
|
|
| |
Also adds a (not const time) implementation of almost Montgomery reduction.
|
| |
|
|
|
|
|
|
| |
Removes a fair number of the power mod test cases for size and test time.
Would be better to add a randomized or fuzzer-based test. Otherwise no
change.
|
|
|
|
|
|
|
| |
It first computed the first i for q**(2**i) == 1, then checked that i
was smaller than s. Given a composite modulus (for which the algorithm
does not work), the loop might do a very large amount of work before
returning the failure.
|
|
|
|
| |
found by gcc with -Wsuggest-override
|
| |
|
|
|
|
|
|
|
| |
Understand using '-' on the command line to mean stdin
Fix last few unit tests that wanted to write to the filesystem; removes
outdata directory.
|
|
|
|
|
|
|
|
| |
Increase the iterations of the BigInt::random_integer test. Since things
get slow quickly, leave the larger range tests to higher soak levels.
In TLS, if the corrupted data causes an exception immediately that's ok
because it's corrupted data.
|
|
|
|
|
|
|
|
|
|
|
| |
The tests previously had used 4 to 6 different schemes internally (the vec file
reader framework, Catch, the old InSiTo Boost.Test tests, the PK/BigInt tests
which escaped the rewrite in 1.11.7, plus a number of one-offs). Converge on a
design that works everywhere, and update all the things.
Fix also a few bugs found by the test changes: SHA-512-256 name incorrect,
OpenSSL RC4 name incorrect, signature of FFI function botan_pubkey_destroy
was wrong.
|
|
|
|
|
|
|
|
| |
The plain PointGFp operator* now uses Montgomery ladder exclusively.
Adds a blinded point multiply algorithm which uses exponent and point
randomization, as well as a Montgomery ladder technique that takes a
random walk of the possible addition chains for k.
|
| |
|
|
|
|
|
|
| |
Previously they were hidden away as private functions on the CurveGFp
types. This allows directly testing the reduction functions against
other computational methods.
|
| |
|
| |
|
|
|
|
| |
Fixes #146.
|
| |
|
| |
|