| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Nuno Goncalves <[email protected]>
|
|
|
|
|
|
| |
BearSSL is much slower than Botan's builtins, and it is not commonly
included in distributions so doesn't even have the advantage of
ubiquity.
|
|
|
|
| |
GH #1699
|
| |
|
|
|
|
| |
Easier to remember and type.
|
|
|
|
| |
Very useful when using "Raw" DH/ECDH via the FFI API.
|
|
|
|
| |
Needed for https://github.com/strongswan/strongswan/pull/109
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
Test vectors from pyca/cryptography
Fixes GH #109
|
|
|
|
| |
Fixes GH #1410
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
There are in fact 3 different variations of SM2 standard, first
C1||C2||C3, then C1||C3||C2, then (most recently) an ASN.1 encoding.
This makes us compatible with GmSSL
This work was sponsored by Ribose Inc (@riboseinc).
|
|
|
|
|
|
|
| |
Allows PSS-signing a raw hash while also still specifying the salt
length.
GH #1211
|
|
|
|
| |
This is a contribution from Ribose Inc (@riboseinc)
|
| |
|
|
|
|
|
|
| |
This commit adds support for ECDSA using BearSSL as a backend. This
means we can test BearSSL's ECDSA algorithms using the extensive
Botan testsuite.
|
|\ |
|
| |
| |
| |
| |
| | |
Implement RSA private key generation with RSA_generate_key_ex().
Make PK_Key_Generation_Test iterate over all providers.
|
|/ |
|
|
|
|
|
|
|
|
| |
The tests for block, hash, stream, pubkey, and mac loop over all
possible crypto providers. If a specific provider is given on the
botan-test command line, use only this one. If the provider to be
tested is restricted, skip text based tests that do not have a
possible provider.
|
|
|
|
| |
From GH #889
|
|
|
|
|
|
| |
Previously longer tests were hidden behind higher 'soak levels'
but these arbitrary cutoffs are confusing compared to a simple
short tests/long tests split.
|
|
|
|
|
| |
A set of carefully generated invalid signatures which are sometimes
accepted by implementations due to bugs in padding verification.
|
|
|
|
|
|
| |
Renames a couple of functions for somewhat better name consistency,
eg make_u32bit becomes make_uint32. The old typedefs remain for now
since probably lots of application code uses them.
|
|
|
|
|
|
|
| |
- Moves SHAKE to prohibited algorithms
- Catches an error during XMSS private key generation when SHAKE is disabled.
This should not be reported as error by the test bench since [SHAKE is
optional in XMSS](https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-07#section-5)
|
|
|
|
|
|
|
| |
AEAD::output_length)
Fix a bug in CCM, GCM, and OCB decryption which caused `output_length(tag_size())`
to fail even though empty plaintexts are certainly defined for all three modes.
|
| |
|
|
|
|
|
|
|
| |
All these tests ran once for each signing provider, instead of just once
with all fixed data and then checking on the results of the encrypt/sign
operations as needed. Speeds up `ecdsa_sign` by 11x, `rsa_encrypt` by 8x
on my machine!
|
|
|
|
|
|
|
|
|
|
| |
Add Public_Key::key_length usable for policy checking (as in
TLS::Policy::check_peer_key_acceptable)
Remove Public_Key::max_input_bits because it didn't make much sense
for most algorithms actually.
Remove message_parts and message_part_size from PK_Ops
|
| |
|
| |
|
|
|
|
|
| |
Test assumed EME was always there and would fail. This caused
failures with BSI policy which disables PKCS1v1.5
|
|
|
|
| |
Some fixes for missing system_rng in ECIES and tests.
|
|
|
|
| |
Document that create_*_op is public but not for public consumption.
|
|
|
|
|
|
|
| |
Verification is deterministic and public, so really no RNG is ever needed.
Change provider handling - accepts "base", "openssl", or empty, otherwise
throws a Provider_Not_Found exception.
|
|
|
|
|
|
|
|
| |
Instead the key types exposes operations like `create_encryption_op`
which will return the relevant operation if the algorithm supports it.
Changes pubkey.h interface, now RNG is passed at init time.
Blinder previous created its own RNG, now it takes it from app.
|
|
|
|
|
|
| |
- add test for EME::maximum_input_size()
- additionally use maximum_input_size() before pad() in OAEP and PKCS1 (remove code duplication)
- prevent C4800 MSVC warning
|
|
|
|
|
| |
Adds test vectors for RSA-KEM with KDF1 from ISO 18033-2 and
test vectors for KDF1 and KDF2 generated with BouncyCastle.
|
| |
|
|
|
|
|
|
|
| |
Previously RSA and ElGamal stripped off leading zeros which were then
assumed by the padding decoders. Instead have them produce ciphertexts
with leading zeros. Changes EME_Raw to strip leading zeros to match
existing behavior.
|
|
|
|
| |
GH #369
|
|
|
|
|
|
|
|
|
|
| |
Expose provider param in PK_Key_Agreement API
Handle multiple providers in key agreement tests
Fix some funky formatting of P-521 EC points in ecdh.vec which was
being rejected by OpenSSL; for whatever reason the CAVS file had
the affine coords with far more leading zeros than necessary.
|
|
|
|
| |
Only has vectors for NIST curves (data taken from NIST CAVS file)
|
|\
| |
| | |
Fix loading of unencrypted, BER encoded private keys via PKCS8 api
|