| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
This is a contribution from Ribose Inc (@riboseinc)
|
| |
|
|
|
|
|
|
| |
This commit adds support for ECDSA using BearSSL as a backend. This
means we can test BearSSL's ECDSA algorithms using the extensive
Botan testsuite.
|
|\ |
|
| |
| |
| |
| |
| | |
Implement RSA private key generation with RSA_generate_key_ex().
Make PK_Key_Generation_Test iterate over all providers.
|
|/ |
|
|
|
|
|
|
|
|
| |
The tests for block, hash, stream, pubkey, and mac loop over all
possible crypto providers. If a specific provider is given on the
botan-test command line, use only this one. If the provider to be
tested is restricted, skip text based tests that do not have a
possible provider.
|
|
|
|
| |
From GH #889
|
|
|
|
|
|
| |
Previously longer tests were hidden behind higher 'soak levels'
but these arbitrary cutoffs are confusing compared to a simple
short tests/long tests split.
|
|
|
|
|
| |
A set of carefully generated invalid signatures which are sometimes
accepted by implementations due to bugs in padding verification.
|
|
|
|
|
|
| |
Renames a couple of functions for somewhat better name consistency,
eg make_u32bit becomes make_uint32. The old typedefs remain for now
since probably lots of application code uses them.
|
|
|
|
|
|
|
| |
- Moves SHAKE to prohibited algorithms
- Catches an error during XMSS private key generation when SHAKE is disabled.
This should not be reported as error by the test bench since [SHAKE is
optional in XMSS](https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-07#section-5)
|
|
|
|
|
|
|
| |
AEAD::output_length)
Fix a bug in CCM, GCM, and OCB decryption which caused `output_length(tag_size())`
to fail even though empty plaintexts are certainly defined for all three modes.
|
| |
|
|
|
|
|
|
|
| |
All these tests ran once for each signing provider, instead of just once
with all fixed data and then checking on the results of the encrypt/sign
operations as needed. Speeds up `ecdsa_sign` by 11x, `rsa_encrypt` by 8x
on my machine!
|
|
|
|
|
|
|
|
|
|
| |
Add Public_Key::key_length usable for policy checking (as in
TLS::Policy::check_peer_key_acceptable)
Remove Public_Key::max_input_bits because it didn't make much sense
for most algorithms actually.
Remove message_parts and message_part_size from PK_Ops
|
| |
|
| |
|
|
|
|
|
| |
Test assumed EME was always there and would fail. This caused
failures with BSI policy which disables PKCS1v1.5
|
|
|
|
| |
Some fixes for missing system_rng in ECIES and tests.
|
|
|
|
| |
Document that create_*_op is public but not for public consumption.
|
|
|
|
|
|
|
| |
Verification is deterministic and public, so really no RNG is ever needed.
Change provider handling - accepts "base", "openssl", or empty, otherwise
throws a Provider_Not_Found exception.
|
|
|
|
|
|
|
|
| |
Instead the key types exposes operations like `create_encryption_op`
which will return the relevant operation if the algorithm supports it.
Changes pubkey.h interface, now RNG is passed at init time.
Blinder previous created its own RNG, now it takes it from app.
|
|
|
|
|
|
| |
- add test for EME::maximum_input_size()
- additionally use maximum_input_size() before pad() in OAEP and PKCS1 (remove code duplication)
- prevent C4800 MSVC warning
|
|
|
|
|
| |
Adds test vectors for RSA-KEM with KDF1 from ISO 18033-2 and
test vectors for KDF1 and KDF2 generated with BouncyCastle.
|
| |
|
|
|
|
|
|
|
| |
Previously RSA and ElGamal stripped off leading zeros which were then
assumed by the padding decoders. Instead have them produce ciphertexts
with leading zeros. Changes EME_Raw to strip leading zeros to match
existing behavior.
|
|
|
|
| |
GH #369
|
|
|
|
|
|
|
|
|
|
| |
Expose provider param in PK_Key_Agreement API
Handle multiple providers in key agreement tests
Fix some funky formatting of P-521 EC points in ecdh.vec which was
being rejected by OpenSSL; for whatever reason the CAVS file had
the affine coords with far more leading zeros than necessary.
|
|
|
|
| |
Only has vectors for NIST curves (data taken from NIST CAVS file)
|
|\
| |
| | |
Fix loading of unencrypted, BER encoded private keys via PKCS8 api
|
| | |
|
|\ \
| | |
| | | |
Some trivial compiler and PVS-Studio warning fixes
|
| | | |
|
| |/
|/|
| |
| |
| |
| | |
Convert McEliece KEM to use it
Add RSA-KEM
|
|/ |
|
|
|
|
|
|
| |
Improve diagnostics when an exception escapes a test
GH #369
|
|
|
|
|
|
|
| |
in the algo factory.
Fixes remaining issues of GH #369 - test_pubkey.cpp was expecting Lookup_Error
when something isn't found.
|
|
|
|
| |
GH #369
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The tests previously had used 4 to 6 different schemes internally (the vec file
reader framework, Catch, the old InSiTo Boost.Test tests, the PK/BigInt tests
which escaped the rewrite in 1.11.7, plus a number of one-offs). Converge on a
design that works everywhere, and update all the things.
Fix also a few bugs found by the test changes: SHA-512-256 name incorrect,
OpenSSL RC4 name incorrect, signature of FFI function botan_pubkey_destroy
was wrong.
|
|
|
|
|
| |
Removes filters as as an internal dependency pretty much entirely
(outside of some dusty corners in misc).
|
|
|
|
|
|
|
|
| |
Was attempting to test that the all-zero signature is invalid, then
tested some mutated signatures. Unfortunately it zeroed out the
signature before doing the mutation tests, so the mutated signatures
were all very-low Hamming weight strings instead of being close to
the original valid signature.
|
|
|
|
| |
Fixes #146.
|
| |
|
|
|
|
|
|
|
| |
- Remove additional newlines in CHECK_MESSAGE call
- Remove redundant output of algo in aead_test()
Closes #115
|
| |
|
|
|
|
|
|
|
|
| |
The pubkey encrypt/decrypt test function tests various randomly corrupted
ciphertexts to ensure none of them decrypt. On rare occasions PKCS #1 v1.5 does
legitimately fail this test, but, well, PKCS v1.5 isn't a very good padding
scheme. When this test fails and the pad is PKCS, log the values but don't
actually fail the test since this is an expected behavior of PKCS padding.
|
| |
|
|
|
|
|
| |
Update license header line to specify the terms and refer to the file,
neither of which it included before.
|