aboutsummaryrefslogtreecommitdiffstats
path: root/src/tests
Commit message (Collapse)AuthorAgeFilesLines
* Clean up test registration a bitJack Lloyd2019-02-052-24/+31
|
* Merge GH #1819 Add Thread_Pool and use it for running testsJack Lloyd2019-01-317-68/+237
|\
| * Add a simple Thread_Pool testJack Lloyd2019-01-312-0/+88
| | | | | | | | And allow registering one-off functions as tests
| * Run the test suite in multiple threadsJack Lloyd2019-01-316-68/+149
| | | | | | | | Refactor areas where data was being shared
* | Add a couple more ChaCha testsJack Lloyd2019-01-311-0/+9
|/
* Refactor CPUID to make it thread safeJack Lloyd2019-01-301-0/+6
| | | | | | | | | | Needed for #1819 and unfortunately Windows does not allow thread local data to be stored as a member of a DLL exported class. So hide it behind an accessor function instead. This slows down CPUID test somewhat and I would like to address that but it seems hard without breaking the CPUID API, which is for better or worse public.
* Avoid invoking the mlock allocator before main startsJack Lloyd2019-01-284-98/+94
| | | | Simplify the PKCS11 tests slightly, no real reason for PKCS11_Test here
* Add BMI2 variants for SHA-512 and SHA-3Jack Lloyd2019-01-182-0/+4
| | | | Both about 33% faster on Skylake
* Fix some warnings from PVS-StudioJack Lloyd2019-01-171-8/+14
| | | | No real bugs, but pointed out some odd constructs and duplicated logic
* Remove trailing whitespaceJack Lloyd2019-01-134-9/+8
|
* Make cpu cycle test a little more laxJack Lloyd2019-01-041-5/+10
| | | | | It occasionally fails on AppVeyor, probably due to QueryPerformanceCounter using something other than the hardware cycle counter because <reasons>.
* Fix bogus macro check that disabled a testJack Lloyd2019-01-031-1/+1
|
* Merge GH #1803 XLC fixesJack Lloyd2019-01-013-4/+26
|\
| * Add ability to skip a few named testsJack Lloyd2018-12-313-4/+26
| | | | | | | | This is sometimes useful when debugging
* | Use Test::data_file in these testsJack Lloyd2018-12-311-2/+2
|/
* Add a test of highly imbalanced RSA keyJack Lloyd2018-12-271-0/+15
|
* Rename OS::get_processor_timestamp to OS::get_cpu_cycle_counterJack Lloyd2018-12-231-7/+7
| | | | | Using phrase "timestamp" makes it sound like it has some relation to wall clock which it does not.
* Make significant_words const time alsoJack Lloyd2018-12-231-0/+50
| | | | | | Only used in one place, where const time doesn't matter, but can't hurt. Remove low_bit, can be replaced by ctz.
* Merge GH #1794 Improve const time logic in PKCS1v15 and OAEP decodingJack Lloyd2018-12-212-49/+49
|\
| * Use consistent logic for OAEP and PKCS1v15 decodingJack Lloyd2018-12-212-49/+49
| | | | | | | | | | | | | | | | | | | | | | | | The decoding leaked some information about the delimiter index due to copying only exactly input_len - delim_idx bytes. I can't articulate a specific attack that would work here, but it is easy enough to fix this to run in const time instead, where all bytes are accessed regardless of the length of the padding. CT::copy_out is O(n^2) and thus terrible, but in practice it is only used with RSA decryption, and multiplication is also O(n^2) with the modulus size, so a few extra cycles here doesn't matter much.
* | Avoid including rotate.h in bswap.hJack Lloyd2018-12-211-0/+1
|/ | | | | | | It was only needed for one case which is easily hardcoded. Include rotate.h in all the source files that actually use rotr/rotl but implicitly picked it up via loadstor.h -> bswap.h -> rotate.h include chain.
* Address a couple of Coverity false positivesJack Lloyd2018-12-192-2/+47
| | | | Add tests for is_power_of_2
* Fix some MSVC warningsJack Lloyd2018-12-107-14/+16
|
* Support recovering ECDSA public key from message/signature pairJack Lloyd2018-12-102-0/+66
| | | | | | See http://www.secg.org/sec1-v2.pdf section 4.1.6 Closes #664
* Add base58 encoding/decodingJack Lloyd2018-12-093-0/+188
|
* Remove Chi-square test on random_integerJack Lloyd2018-12-091-46/+0
| | | | | I'm not sure this test is that useful, which is not itself a big problem, but it is also flaky and occasionally fails, which is no good.
* Remove hamming_weight functionJack Lloyd2018-12-061-5/+4
| | | | | Unused outside of the test code and not really useful there either. Header is internal so no API breakage.
* Remove some conditional branches from divisionJack Lloyd2018-12-051-0/+2968
|
* Fix more MSVC warningsJack Lloyd2018-12-043-3/+23
|
* Fix a FFI test when threads are disabledJack Lloyd2018-12-031-1/+9
|
* Fix bug in TLS CBC unpaddingJack Lloyd2018-12-031-0/+6
| | | | | | Regression introduced in 007314c5 Found by OSS-Fuzz (bug id 11693)
* Add a constant time divide variant for dividing by uint8_tJack Lloyd2018-12-022-0/+22
| | | | | | | | | Originally wrote it for div-by-word but that ends up requiring a dword type which we don't always have. And uint8_t covers the most important cases of n = 10 and n = 58 (whenever I get around to writing base58). We could portably support up to div-by-uint32, but I don't think we need it. Nicely for n = 10, this is actually faster than the variable time division.
* Add a const-time division algorithmJack Lloyd2018-12-022-6/+23
| | | | | | | | It is stupid and slow (~50-100x slower than variable time version) but still useful for protecting critical algorithms. Not currently used, waiting for OSS-Fuzz to test it for a while before we commit to it.
* Fix a bug in bigint_sub_absJack Lloyd2018-12-021-0/+3
| | | | | | | If one of the values had leading zero words, this could end up calling bigint_sub with x_size < y_size. OSS-Fuzz 11664 and 11656
* Better debugging output when a test failsJack Lloyd2018-12-021-7/+15
| | | | Printing the output key makes it easier to find the offending test.
* Correct a bug in BigInt::operator%(word)Jack Lloyd2018-12-012-2/+17
| | | | | | If reducing a negative number modulo a power of 2, an incorrect result would be returned. This only affected the versions taking a single word as the modulo.
* Simplify BigInt addition and subtractionJack Lloyd2018-11-301-0/+24
| | | | | Addition already has to handle negative numbers so make it do double duty for subtraction.
* Fix a bug in OneAndZeros unpaddingJack Lloyd2018-11-301-0/+6
| | | | | | | Introduced in b13c0cc8590199d, it could only trigger if the block size was more than 256 bytes. In that case an invalid padding could be accepted. OSS-Fuzz 11608 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11608)
* Add CT::Mask typeJack Lloyd2018-11-281-34/+39
|
* Make exceptions easier to translate to error codesJack Lloyd2018-11-239-29/+28
| | | | | | | | | | | Avoid throwing base Botan::Exception type, as it is difficult to determine what the error is in that case. Add Exception::error_code and Exception::error_type which allows (for error code) more information about the error and (for error type) allows knowing the error type without requiring a sequence of catches. See GH #1742
* Merge GH #1743 Avoid memset/memcpy in library codeJack Lloyd2018-11-194-7/+14
|\
| * Avoid calling memset, memcpy within library codeJack Lloyd2018-11-174-7/+14
| | | | | | | | | | | | | | | | | | Prefer using wrappers in mem_utils for this. Current exception is where memcpy is being used to convert between two different types, since copy_mem requires input and output pointers have the same type. There should be a new function to handle conversion-via-memcpy operation.
* | Avoid a crank from Sonar [ci skip]Jack Lloyd2018-11-171-1/+1
|/
* Fix Sonar warningJack Lloyd2018-11-171-1/+1
|
* Run RSA blinding tests only with base providerAlexander Bluhm2018-11-081-2/+9
| | | | | Only the base provider uses blinding for RSA. So the test should run exclusively for this provider. Also use base provider explicitly.
* Compile fixJack Lloyd2018-11-071-1/+1
|
* Avoid throwing std:: exceptionsJack Lloyd2018-11-071-1/+1
| | | | | Also include <new> in mem_ops.cpp as apparently that header is where bad_alloc is defined.
* Avoid using std::invalid_argumentJack Lloyd2018-11-071-1/+1
| | | | See #1726
* Add ChaCha using SIMD_4x32Jack Lloyd2018-11-041-0/+36
| | | | | | | | | | | This allows supporting SSE2, NEON and AltiVec in a single codebase, so drop the NEON and SSE2 code. This new impl avoids having to do shuffles with every round and so is about 10% faster on Skylake. Also, fix bugs in both baseline and AVX2 implementations when the low counter overflowed. The SSE2 and NEON code were also buggy here.
* Use 64-bit integer for seek value in stream cipher testsJack Lloyd2018-11-041-1/+1
|