aboutsummaryrefslogtreecommitdiffstats
path: root/src/tests
Commit message (Collapse)AuthorAgeFilesLines
* Add DTLS versions to TLS handshake smoke testlloyd2015-06-191-3/+7
|
* Fix various bugs found by Coverity scanner.lloyd2015-05-151-1/+1
| | | | | | | Uninitialized variables, missing divide by zero checks, missing virtual destructor, etc. Only thing serious is bug in TLS maximum fragment decoder; missing breaks in switch statement meant receiver would treat any negotiated max frament as 4k limit.
* Add tests for compression and SRP.lloyd2015-05-134-0/+169
| | | | | | | | Fix zlib decompression which was not ignoring Z_BUF_ERROR which is harmless in this context as process is already checking avail_in and avail_out after run returns. Bump version to 1.11.17
* Build fixlloyd2015-05-121-2/+2
|
* Skip the NIST X.509 tests if the FS code is not available. Previouslylloyd2015-05-121-1/+8
| | | | would fail with a very unhelpful message.
* Comparison was invertedlloyd2015-04-281-1/+5
|
* Fix rare test failure in pubkey.lloyd2015-03-221-1/+4
| | | | | | | | The pubkey encrypt/decrypt test function tests various randomly corrupted ciphertexts to ensure none of them decrypt. On rare occasions PKCS #1 v1.5 does legitimately fail this test, but, well, PKCS v1.5 isn't a very good padding scheme. When this test fails and the pad is PKCS, log the values but don't actually fail the test since this is an expected behavior of PKCS padding.
* Add ALPN (RFC 7301) and remove NPNlloyd2015-03-201-10/+11
|
* Add HKDF(SHA-512) test vectorslloyd2015-03-181-17/+51
|
* Externalize the state of a RFC 6979 nonce computation.lloyd2015-03-122-4/+31
| | | | | | | | | | | | This lets you amortize quite a few memory allocations (RNG, various BigInts, etc) over many nonce generations. Change generate_rfc6979_nonce to just instantiate one of these states, call the function once, and return. This doesn't have any additional overhead versus the previous implementation of this function. Fix HMAC_DRBG to correctly reset its state to its starting position when you call clear() on it.
* Comile fixes for VC 2013. Based on github pull 56neusdan2015-03-101-1/+1
|
* Fix memory leak in TLS tests. Remove last few remaining uses of auto_ptr.lloyd2015-03-082-12/+14
|
* Hide all uses of boost filesystem in fs.cpp. Use readdir as anlloyd2015-02-212-56/+10
| | | | | alternate implementation for Unix and add some feature checks so a boost-free build of the tests and command line are possible again.
* Convert HKDF to the normal KDF interfacelloyd2015-02-185-132/+46
|
* Modify interfaces of KDF and PBKDF to write output to an array, withlloyd2015-02-181-5/+5
| | | | higher level functions on interface handling returning a vector.
* Add new module `ffi` which provides a plain C interface, plus a newlloyd2015-02-161-0/+21
| | | | | | | | | | | | ctypes Python wrapper that uses it. The API is intentionally designed to have a very simple ABI (extern "C", all structs are opaque, no memory ownership passing the FFI boundary, limited set of simple types as args) so the ctypes wrapper is quite simple. Currently ffi provides ciphers, hashes, MACs, RNGs, PBKDF, KDF, bcrypt, and most public key operations. Remove the old boost.python wrapper and all the build code for it.
* Remove algo factory, engines, global RNG, global state, etc.lloyd2015-02-0411-69/+46
| | | | | | | | | | | | | | | Convert all uses of Algorithm_Factory and the engines to using Algo_Registry The shared pool of entropy sources remains but is moved to EntropySource. With that and few remaining initializations (default OIDs and aliases) moved elsewhere, the global state is empty and init and shutdown are no-ops. Remove almost all of the headers and code for handling the global state, except LibraryInitializer which remains as a compatability stub. Update seeding for blinding so only one hacky almost-global RNG instance needs to be setup instead of across all pubkey uses (it uses either the system RNG or an AutoSeeded_RNG if the system RNG is not available).
* Use registry also for KDF, EMSA, and EMElloyd2015-01-311-4/+2
|
* Add a runtime map of string->func() which when called returnlloyd2015-01-281-10/+6
| | | | | | | | | | | | | | | | | Transforms and BlockCiphers. Registration for all types is done at startup but is very cheap as just a std::function and a std::map entry are created, no actual objects are created until needed. This is a huge improvement over Algorithm_Factory which used T::clone() as the function and thus kept a prototype object of each type in memory. Replace existing lookup mechanisms for ciphers, AEADs, and compression to use the transform lookup. The existing Engine framework remains in place for BlockCipher, but the engines now just call to the registry instead of having hardcoded lookups. s/Transformation/Transform/ with typedefs for compatability. Remove lib/selftest code (for runtime selftesting): not the right approach.
* Add SipHashlloyd2015-01-113-6/+46
|
* Remove SSLv3 and handling of SSLv2 client hellos.lloyd2015-01-113-193/+0
|
* Ensure all files have copyright and license info.lloyd2015-01-1041-28/+219
| | | | | Update license header line to specify the terms and refer to the file, neither of which it included before.
* Add MCEIES, an integrated encryption system using McEliece and AES-256/OCBlloyd2015-01-081-47/+109
|
* Add SHA-512/256lloyd2015-01-082-1/+6
| | | | | Define some new functions for copying out arrays of words and use them across hashes.
* Add Brainpool and secp160r1 ECDSA testslloyd2015-01-052-1/+153
|
* Support the older ChaCha20Poly1305 AEAD from draft-agl-tls-chacha20poly1305-04lloyd2014-12-311-0/+8
| | | | | which we distinguish by the nonce size (always 64 bits in this format, always 96 bits in the CFRG document).
* Add AEAD based on ChaCha20 and Poly1305 defined in ↵lloyd2014-12-291-0/+13
| | | | draft-irtf-cfrg-chacha20-poly1305-03
* Add Poly1305, based on poly1305-donna by Andrew Moon.lloyd2014-12-291-0/+323
|
* Support 96 bit nonces in ChaCha20 as specified in ↵lloyd2014-12-291-0/+9
| | | | draft-irtf-cfrg-chacha20-poly1305-03
* All tests now share an RNG. Uses system RNG if availablelloyd2014-12-2823-53/+65
|
* Provide a test reportlloyd2014-12-271-0/+2
|
* Add Curve25519 based on curve25519-donna by Adam Langley.lloyd2014-12-274-0/+137
| | | | | | This uses only the c64 version from curve25519-donna; on systems that don't have a native uint128_t type, a donna128 type stands in for just enough 128-bit operations to satisfy donna.cpp
* Implement RFC 6979 determinstic signatures for DSA and ECDSA.lloyd2014-12-104-163/+237
| | | | | Drop the GNU MP engine. Its implementations were potentially faster in some scenarios but not well protected against side channels.
* Switch to using Montgomery ladder for EC point multiplication.lloyd2014-12-101-55/+75
| | | | | The test function create_random_point did not actually create a point on the curve - fix.
* Remove the Overbeck conversion at Dr. Strenzke's request.lloyd2014-12-061-99/+25
| | | | | | | | While a CCA2 proof of this scheme exists, it is written in German and for various reasons publishing a translation would be a complicated affair. Without a (well studied) English proof it is harder to understand the security of the overall scheme. Thus only KEM, which seems much easier to prove, will be offered.
* Add KEM scheme for McEliecefstrenzke2014-12-061-21/+68
|
* Add an implementation of McEliece encryption based on HyMESfstrenzke2014-11-263-0/+268
| | | | | | | (https://www.rocq.inria.fr/secret/CBCrypto/index.php?pg=hymes). The original version is LGPL but cryptsource GmbH has secured permission to release it under a BSD license. Also includes the Overbeck CCA2 message encoding scheme.
* Use the OCB test specified in RFC 7253 instead of the -03 draft versionlloyd2014-11-161-72/+50
|
* Add specialized reduction for P-521 along with 9x9 Comba routines.lloyd2014-11-151-12/+16
| | | | | Roughly 35-50% faster on my laptop (depending on if mlock is enabled, the overhead in that allocator is becoming much more of a hotspot).
* OCB cleanup and additional testslloyd2014-11-072-2/+106
|
* Replace Transformatio::nstart with start_raw so we can do a full setlloyd2014-11-053-7/+7
| | | | of overloads in the base class with the same name.
* Various small fixes and cleanups, new is_prime utillloyd2014-11-032-2/+11
|
* No need to pass version by referencelloyd2014-10-311-1/+2
|
* Add some secp256k1 KATs and a randomized ECC test suggested inlloyd2014-10-105-3/+148
| | | | http://crypto.stackexchange.com/questions/784
* Remove unused test. Bugzilla 272lloyd2014-05-171-65/+0
|
* Correct CCM for L != 2. Bugzilla 270lloyd2014-05-161-0/+7
|
* Any fixed MR iterations is probably wrong for somebody. Allow the userlloyd2014-04-251-4/+4
| | | | | | to specify a probability as well as if n was randomly chosen or not. If the input is random use a better bounds to reduce the number of needed tests.
* Better TLS checkslloyd2014-04-102-28/+46
|
* X.509 path validation now performs all possible tests and returns alloyd2014-04-051-3/+3
| | | | | | set of error codes, instead of failing immediately on first error. This prevents a 'weak' error like an expired certificate from hiding a major error such as signature validation failure or hard revocation.
* Add RFC 6979 nonce generator. Also some HMAC_DRBG cleanups.lloyd2014-03-223-0/+73
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-01 18:02:42 +0000