aboutsummaryrefslogtreecommitdiffstats
path: root/src/tests
Commit message (Collapse)AuthorAgeFilesLines
* Static analyzer fixesJack Lloyd2016-10-252-20/+39
| | | | | | | | | Check return value of read, found by Clang. See also #677 Remove unused member variable in OpenSSL ECC, found by Clang. In ECDSA tests, if the pointer is null we should return rather than dereferencing it. Found by Coverity.
* Add long (4+ block) AES KATsJack Lloyd2016-10-251-0/+10
| | | | We were not previously hitting the 4 way unrolled loop in AES-NI in tests
* Merge GH #682 Improve test name consistencyJack Lloyd2016-10-255-5/+5
|\
| * Pubkey tests should express category [ci skip]René Korthaus2016-10-245-5/+5
| |
* | Add TPM and PKCS #11 to coverage buildJack Lloyd2016-10-241-8/+11
|/ | | | | | | SoftHSMv1 included in 14.04 is too old and many tests fail, so grabs prebuilt SoftHSMv2 binaries from www.randombit.net. This can change to use the packaged SoftHSM in 16.04, whenever Travis makes that available.
* Remove unneeded includesJack Lloyd2016-10-242-2/+0
|
* Fixes for build without 25519Jack Lloyd2016-10-241-0/+3
|
* Merge GH #673 X25519 TLS key exchangeJack Lloyd2016-10-241-0/+4
|\
| * X25519 key exchange for TLSJack Lloyd2016-10-211-0/+4
| | | | | | | | | | Client interops with google.com, server not tested against an independent client yet.
* | Merge GH #679 Unify test namingJack Lloyd2016-10-244-5/+5
|\ \
| * | Reunify registered test names [ci skip]René Korthaus2016-10-234-5/+5
| |/
* | ECIES ISO tests require SHA-1Jack Lloyd2016-10-211-1/+1
| |
* | Remove Algo_RegistryJack Lloyd2016-10-211-96/+6
|/ | | | | | | I repent my use of global constructors. I repent my use of global locks. Hopefully I will never touch this code again. :)
* Allow setting the validation time during PKIX path validationJack Lloyd2016-10-211-1/+5
| | | | | | | Previously validation asked the system clock which is not always the correct thing (for example when using Roughtime protocol). Had been on the todo list forever, forced into it by some of the test certs expiring today.
* Add SHAKE-128 as stream cipherJack Lloyd2016-10-191-0/+3379
| | | | | Updates NewHope to use that instead of the hard-coded SHAKE-128, and adds toggle for BoringSSL compat mode using AES-128/CTR + SHA-256.
* Add proper SHA-3Jack Lloyd2016-10-192-5/+1225
| | | | | | | | | | Kind of a copy and paste of Keccak, but only a single copy of the permutation at least. Keccak depends on SHA-3 instead of the reverse, so that SHA-3 can be enabled without also bringing in an unapproved hash function. Updates newhope code and removes API function newhope_hash which was an unofficial SHA-3-256.
* Fix pubkey tests when EMEs are disabled.Jack Lloyd2016-10-181-30/+14
| | | | | Test assumed EME was always there and would fail. This caused failures with BSI policy which disables PKCS1v1.5
* Maintainer mode fixesJack Lloyd2016-10-171-1/+0
|
* Merge GH #665 Add IncludeOS target, make filesystem/threads optionalJack Lloyd2016-10-173-3/+1
|\
| * Fix mutex in oids.cppJack Lloyd2016-10-122-2/+0
| | | | | | | | Remove bogus includes for TLS tests
| * Add IncludeOS target. Make filesystem support optional.Jack Lloyd2016-10-101-1/+1
| |
* | Increase slop size in FFI testJack Lloyd2016-10-141-2/+3
| | | | | | | | | | This is lame but I still cannot repro and random CI failures suck. Eventually I will fix the API.
* | Change Certificate_Store_in_SQL to take RNG as argument.Jack Lloyd2016-10-131-1/+1
| | | | | | | | | | Previously it created a new AutoSeeded_RNG in each function, sometimes without even using it.
* | Merge GH #659 TLS CBC is optionalJack Lloyd2016-10-131-0/+5
|\ \ | |/ |/|
| * Make TLS CBC optionalJack Lloyd2016-10-081-0/+5
| |
* | Make pk_ops.h internalJack Lloyd2016-10-084-12/+12
| | | | | | | | Some fixes for missing system_rng in ECIES and tests.
* | Add missing try/catch blocks.Jack Lloyd2016-10-073-12/+55
| | | | | | | | Document that create_*_op is public but not for public consumption.
* | Revert PK_Verifier change (don't require RNG there).Jack Lloyd2016-10-072-10/+10
| | | | | | | | | | | | | | Verification is deterministic and public, so really no RNG is ever needed. Change provider handling - accepts "base", "openssl", or empty, otherwise throws a Provider_Not_Found exception.
* | Remove Algo_Registry usage from public key code.Jack Lloyd2016-10-079-38/+38
|/ | | | | | | | Instead the key types exposes operations like `create_encryption_op` which will return the relevant operation if the algorithm supports it. Changes pubkey.h interface, now RNG is passed at init time. Blinder previous created its own RNG, now it takes it from app.
* TLS: Split CBC+HMAC modes to standalone AEAD_ModeJack Lloyd2016-10-071-116/+167
| | | | | Now record layer only deals with an AEAD, and the weird complications of CBC modes mostly hidden in tls_cbc.cpp
* Merge GH #645 TLS compressed pointsJack Lloyd2016-10-073-4/+16
|\
| * Fix tls_messages testsRené Korthaus2016-10-032-4/+4
| |
| * Support encoding of supported point formats extensionRené Korthaus2016-10-031-0/+12
| |
* | typoKai Michaelis2016-10-021-1/+1
| |
* | 1st review roundKai Michaelis2016-10-021-2/+23
| |
* | certstore testsKai Michaelis2016-10-0212-0/+478
|/
* New TLS positive and negative tests.Juraj Somorovsky2016-09-3012-4/+635
| | | | | | | | | | | | | | | | | | | TLS message parsing: - CertificateVerify - HelloVerify - ClientHello (with extensions) - ServerHello (with extensions) - NewSessionTicket - Alert TLS message processing: - HelloVerify TLS Policy tests Unit tests with TLS client authentication Added test_throws method that checks the correct exception message.
* Merge GH #634 Correctly detect self-signed certsJack Lloyd2016-09-241-0/+63
|\
| * Fix validation of self-issued certificates in chainsRené Korthaus2016-09-231-0/+63
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Self-issued certificates are certificates where subject_dn == issuer_dn, but the signature is from a different key (ca key). Chains with such a certificate could not be verified, because self-issued certificates (1) would be taken for a self-signed certificate and (2) find_issuing_cert() would find the same self-issued certificate that we want to verify, generating a signature error during signature verification. To fix, we now first identify a certificate as self-signed only if subject_dn == issuer_dn AND if we can verify the cert signature with it's own key. Verification will bring some extra costs, but we only do it once, in X509_Certificate's constructor. Second, we make sure find_issuing_cert() does not return the very same certificate we want to verify. This should be no problem, since path validation currently does not seem to support validating a self-signed certificate.
* | Fix TLS 1.2 PRF test vectorsRené Korthaus2016-09-231-2/+2
| | | | | | | | When adding these to the .vec file, some unnecessary spaces were included.
* | Maintainer mode fixes.Jack Lloyd2016-09-212-2/+2
|/ | | | | | Mostly unused args and missing override notations. Fix DH - load_check calls were commented out for debugging.
* Add try/catch block at top-level test runnerJack Lloyd2016-09-161-3/+17
|
* Add T::provider() to allow user to inquire about implementation usedJack Lloyd2016-09-157-12/+31
| | | | | For block ciphers, stream ciphers, hashes, MACs, and cipher modes. Cipher_Mode already had it, with a slightly different usage.
* Fix build on PowerPC. Fix test runs on non-x86Jack Lloyd2016-09-151-4/+1
|
* Add cpuid overload to test frameworkJack Lloyd2016-09-1510-15/+124
|
* Add TLS 1.2 PRF test vectorsRené Korthaus2016-09-131-0/+34
|
* Add missing guardJack Lloyd2016-09-091-0/+4
|
* Add test of FPE_FE1Jack Lloyd2016-09-092-0/+59
| | | | Self-generated vectors, just a basic smoke test right now.
* Merge GH #613 NewHope R-LWE key exchangeJack Lloyd2016-09-052-0/+6137
|\
| * Fix tests with newhope disabledJack Lloyd2016-08-301-3/+10
| |
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-14 15:31:31 +0000