aboutsummaryrefslogtreecommitdiffstats
path: root/src/tests
Commit message (Collapse)AuthorAgeFilesLines
* Add support probabilistic DSA & ECDSARené Korthaus2016-05-086-2/+2679
| | | | | | | Adds support for probabilistic, aka the standard, DSA and ECDSA. Can be enabled by disabling the rfc6979 module. Includes test vectors from NIST CAVP. Adds rfc6979 to the list of prohibited modules in BSI policy.
* Merge GH #475 Remove Transform base classJack Lloyd2016-04-212-17/+17
|\
| * Remove Transform base classJack Lloyd2016-04-212-17/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With sufficient squinting, Transform provided an abstract base interface that covered both cipher modes and compression algorithms. However it mapped on neither of them particularly well. In addition this API had the same problem that has made me dislike the Pipe/Filter API: given a Transform&, what does it do when you put bits in? Maybe it encrypts. Maybe it compresses. It's a floor wax and a dessert topping! Currently the Cipher_Mode interface is left mostly unchanged, with the APIs previously on Transform just moved down the type hierarchy. I think there are some definite improvements possible here, wrt handling of in-place encryption, but left for a later commit. The compression API is split into two types, Compression_Algorithm and Decompression_Algorithm. Compression_Algorithm's start() call takes the compression level, allowing varying compressions with a single object. And flushing the compression state is moved to a bool param on `Compression_Algorithm::update`. All the nonsense WRT compression algorithms having zero length nonces, input granularity rules, etc as a result of using the Transform interface goes away.
* | Merge GH #481 Add NIST SP800-108 & 56c KDFsJack Lloyd2016-04-214-0/+5640
|\ \
| * | NIST SP800-108 & 56cKai Michaelis2016-04-204-0/+5640
| |/
* / Add ECGDSARené Korthaus2016-04-195-3/+275
|/
* Add support for ChaCha(12)Jack Lloyd2016-04-091-1/+16
|
* Fix a couple MSVC warnings.Jack Lloyd2016-04-091-3/+3
| | | | | | | | Cast std::streamsize to size_t since MSVC is worried gcount() might return a negative number. The entropy callbacks took the entropy estimate as a size_t instead of a double, which causes some verbose warnings due to the conversion.
* Add more tests for ffiRené Korthaus2016-03-253-5/+300
|
* Fix bug in IETF version of ChaCha20Poly1305Jack Lloyd2016-03-232-7/+45
| | | | | If the input lengths are exact multiples of 16 bytes then no padding should be added. Previously 16 bytes of zero padding were added instead.
* Clean up PK decryption encoding.Jack Lloyd2016-03-201-6/+11
| | | | | | | Previously RSA and ElGamal stripped off leading zeros which were then assumed by the padding decoders. Instead have them produce ciphertexts with leading zeros. Changes EME_Raw to strip leading zeros to match existing behavior.
* Use rejection sampling in BigInt::random_integerJack Lloyd2016-03-161-5/+2
| | | | Avoids the test vector contortions in RSA-KEM
* Merge GH #454 X.509 name constraintsJack Lloyd2016-03-1612-7/+289
|\
| * Changes from GH #454 reviewJack Lloyd2016-03-161-0/+0
| |
| * X.509 Name ConstraintsKai Michaelis2016-03-1013-7/+289
| |
* | Fix off by one in ressolJack Lloyd2016-03-151-0/+43
| | | | | | | | | | Could attempt to allocate (size_t)-1 words with predicably bad_alloc results.
* | Trivial warning fixesJack Lloyd2016-03-091-3/+3
| |
* | Merge GH #446 add --module-policy optionJack Lloyd2016-03-062-9/+18
|\ \
| * | Add option --module-policyJack Lloyd2016-03-062-9/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A module policy is a file specifying three types of modules: ones which are required, ones which are prohibited, and ones which should be used if otherwise available (this is mostly for platform specific modules). Finally there are whatever modules which exist in the library of which the policy makes no mention. These will be included if an explicit dependency of some other module pulls them in (so there is no reason to mention base, utils, ... in the file) but skipped otherwise. For example policy 'sane' does not mention 'utils' or 'twofish' either way. Since utils is a dependency of other modules which are included, but Twofish does not. However unlike an explicitly prohibited module, not mentioned can still be requested as part of the build (here with --enable-module=twofish) Also fixes some test bugs noticed by compiling in different build configs. DLIES test didn't check that the KDF and MAC existed. Adds a typedef for MessageAuthenticationCode because typing it twice in a single line in the DLIES test made me think it's way too long. :) Also fix some fuzzer build problems. Due to a copy and paste bug the PKCS certificate (it was not). Inspired by GH #439
* | | Remaining cppcheck fixes that are not covered by GH #444Daniel Neus2016-03-053-5/+66
|/ /
* | cppcheck fixes: Class 'X' has a constructor with 1 argument that is not ↵Daniel Neus2016-03-053-5/+5
| | | | | | | | explicit.
* | Skip bzip2 compression in entropy tests on OS X due to GH #394Jack Lloyd2016-03-021-0/+7
|/ | | | | Feels kind of nasty, but it sucks more to have CI builds break because of random failures.
* Add more tests for modular inverseJack Lloyd2016-02-212-4/+475
| | | | | The result of fuzzing with AFL for a while, then running cmin on the result.
* For odd moduli use a input-independent modular inverse algorithm.Jack Lloyd2016-02-202-2/+44
| | | | Also adds a (not const time) implementation of almost Montgomery reduction.
* Add tests and timings for inverse_modJack Lloyd2016-02-202-2/+52
|
* Split up BigInt testsJack Lloyd2016-02-1713-2727/+2408
| | | | | | Removes a fair number of the power mod test cases for size and test time. Would be better to add a randomized or fuzzer-based test. Otherwise no change.
* Add constant time conditional swap, add, sub for bigint wordsJack Lloyd2016-02-172-0/+130
| | | | | | | | | Not optimized and relies on asm support for const time word_add/word_sub instructions. Fix a bug introduced in 46e9a89 - unpoison needs to call the valgrind API with the pointer rather than the reference. Caused values not to be unpoisoned.
* Check result of dynamic_castJack Lloyd2016-02-091-10/+17
| | | | | | Unlikely to fail in this case but anything's possible. Found by Coverity
* Removes randomization from choice of keys in X509 test.Jack Lloyd2016-02-091-17/+15
| | | | | | | Would be better to iterate over all of the key types for this type of coverage. Avoids Coverity dead code warning on the error-case throw.
* Fix memory leaks in FFI testsJack Lloyd2016-02-091-7/+16
| | | | | | | | | | Some tests only deallocated in the branch where some other test on the object succeeded. The ECDH FFI test didn't deallocate any of its objects, which was missed by valgrind before now because the test was not being run. Found by Coverity scanner
* V816 It is more efficient to catch exception by reference rather than by ↵Daniel Neus2016-02-081-1/+1
| | | | value. asn1_time.cpp 159
* V814 Decreased performance. The 'strlen' function was called multiple times ↵Daniel Neus2016-02-081-2/+1
| | | | inside the body of a loop. test_compression.cpp 78
* Remove dead write. Closes GH #401Jack Lloyd2016-02-071-2/+5
|
* Fix two bugs in 1.11.27 which caused test failures.1.11.28Jack Lloyd2016-02-011-0/+5
| | | | | | | | | | | | | The check on each individual size in curve_mul is too strict since we rely on redc(x*1) during the on the curve computation. Fix an off by one in ressol which caused it to occasionally reject valid values. Updating version 1.11.28 since existing 1.11.27 tag already pushed :( Fix an off-by-one in ressol which would cause it to occasionly give up too early.
* Fix heap overflow in ECC point multiplicationJack Lloyd2016-02-012-0/+52
| | | | | | | | | | | | | | If affine coordinates larger than the prime modulus were given, a later multiplication could overflow the size of an allocated output buffer, which was sized based on the size of the prime. This will cause an overflow into either the system heap or if the mlock/mmap pool allocator is in use, then into the adjacent key material stored in the pool. Reported by Alex Gaynor who found it with AFL Also fix a one word overwrite in P-521 reduction. Found with AFL
* Fix (nearly) infinite loop in RESSOL (modular square root).Jack Lloyd2016-02-012-0/+31
| | | | | | | It first computed the first i for q**(2**i) == 1, then checked that i was smaller than s. Given a composite modulus (for which the algorithm does not work), the loop might do a very large amount of work before returning the failure.
* Blake2b: add 'abc' test vectorcynecx2016-01-261-0/+3
|
* Add Blake2b hash functioncynecx2016-01-261-0/+3111
|
* Merge GH #410 enable -WpedanticJack Lloyd2016-01-171-1/+1
|\
| * Enable -Wpedantic on gcc and clangRené Korthaus2016-01-131-1/+1
| |
* | Avoid test failures in KEM when KDF is not found.Jack Lloyd2016-01-172-19/+44
|/ | | | GH #369
* Get rid of "extra ';'" warnings and force semicolon after macrosSimon Warta2016-01-111-1/+2
|
* Mass-prefix member vars with m_René Korthaus2016-01-081-8/+8
|
* add missing overridesDaniel Neus2016-01-087-7/+7
| | | | found by gcc with -Wsuggest-override
* String comparision fixesDaniel Neus2016-01-041-2/+2
| | | | fix PVS-Studio perfomance warnings
* Add ECDH via OpenSSLJack Lloyd2016-01-042-53/+66
| | | | | | | | | | Expose provider param in PK_Key_Agreement API Handle multiple providers in key agreement tests Fix some funky formatting of P-521 EC points in ecdh.vec which was being rejected by OpenSSL; for whatever reason the CAVS file had the affine coords with far more leading zeros than necessary.
* Add some more secp256k1 point mult testsJack Lloyd2016-01-031-0/+184
|
* Add ECDH testsJack Lloyd2016-01-035-7/+592
| | | | Only has vectors for NIST curves (data taken from NIST CAVS file)
* Fix PointGFp multiplication bugJack Lloyd2016-01-032-8/+1057
| | | | | | There was a special case for small scalars which managed to forget that the integer 3 also fits into two bits. Found by adding a new set of ECC point mul tests for the NIST curves.
* Merge pull request #381 from cordney/fix-load-unencryped-key-from-berJack Lloyd2015-12-311-3/+0
|\ | | | | Fix loading of unencrypted, BER encoded private keys via PKCS8 api