aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Add a couple more workfactor testsJack Lloyd2016-11-251-0/+6
| | | | [ci skip]
* Add a test of TLS::Alert::type_stringJack Lloyd2016-11-251-5/+61
|
* Simplify TLS::Ciphersuite::cbc_ciphersuiteJack Lloyd2016-11-251-3/+1
| | | | With RC4 removed, anything that is not AEAD is CBC
* Simplify TLS::Handshake_Hash::updateJack Lloyd2016-11-251-9/+5
| | | | The lambda here wasn't really required.
* Merge GH #737 Remove dead stores in SSE2 ChaCha codeJack Lloyd2016-11-251-6/+3
|\
| * Fix dead stores in chacha_sse2_x4Never2016-11-251-6/+3
| |
* | Avoid unneeded code - previous conditionals handle these casesJack Lloyd2016-11-251-8/+0
| |
* | Merge GH #736 Add SHAKE support to XMSSJack Lloyd2016-11-257-102/+222
|\ \
| * | Adds SHAKE support for XMSSMatthias Gierlings2016-11-257-102/+222
| |/ | | | | | | | | | | | | - Enables code for shake support - Creating SHAKE hash function by name now allows to select output size of 256 Bit for SHAKE128 and 512 Bit for SHAKE256. - Adds *self-generated*, unverified test vectors for XMSS/SHAKE.
* / Avoid having source files start with /**Jack Lloyd2016-11-2545-46/+46
|/ | | | | | | This caused Doxygen to dump the copyright notices for those files into the Botan namespace description, which is not helpful. [ci skip]
* Fuzzer cleanup, no need for setup script anymoreJack Lloyd2016-11-226-54/+57
| | | | | | Makefile does all the things [ci skip]
* Add missing macro check in testJack Lloyd2016-11-221-0/+2
|
* Fix memory leak in HKDFJack Lloyd2016-11-221-1/+1
|
* Move Sonar config to build-dataJack Lloyd2016-11-222-0/+23
| | | | | No actual reason for it to be in the root dir, only Sonar needs it, so just copy it to the root dir before starting.
* Add tests for PK work factor functionsJack Lloyd2016-11-222-0/+82
| | | | Expected results are just what it generated on my machine.
* Export work factor functionsRené Korthaus2016-11-221-4/+4
| | | | | | | Now that users can implement custom PK ops via Private_Key and Public_Key outside the library, it makes very much sense to provide the work factor functions to them.
* Add policy file for TLS client testingJack Lloyd2016-11-211-0/+19
| | | | [ci skip]
* Add warning to OID script outputJack Lloyd2016-11-212-1/+10
| | | | [ci skip]
* Add timeouts to TLS scanner [ci skip]Jack Lloyd2016-11-212-4/+17
|
* Fix doc of get_processor_timestamp [ci skip]Jack Lloyd2016-11-211-4/+10
|
* Merge GH #733 Add timing test suiteJack Lloyd2016-11-2016-0/+589
|\
| * Timing test suite needs to have TLS CBC functionality accessibleJuraj Somorovsky2016-11-201-1/+1
| |
| * Timing test suite with the mona timing libraryJuraj Somorovsky2016-11-2016-0/+589
| |
* | TLS-Attacker testsuite and fuzzingJuraj Somorovsky2016-11-197-0/+143
| |
* | TLS CBC functionality now exposed to the library developer. Useful for ↵Juraj Somorovsky2016-11-192-21/+32
|/ | | | | | direct TLS CBC testing. CLI TLS server now catches an exception if an invalid connection is received (Otherwise, the server always stopped working)
* Add brainpool test to TLSJack Lloyd2016-11-191-1/+3
|
* Order default TLS ECC curve preferences by performanceJack Lloyd2016-11-191-4/+6
| | | | | | | | | | | | Moves x25519 to the front for best by-default side channel resistance, and orders remaining NIST/BP curves by performance rather than size. That means putting P-521 before P-384, since P-521 is much faster at least in Botan (due to much simpler modular reduction for P-521 prime), and Brainpools to the end due to being quite slow (no fast reductions). All of the supported curves seem strong enough, and if someone can break P-256 they can probably break P-384 as well so there doesn't seem much advantage in preferring slower curves by default.
* Fix class vs struct declaration.Jack Lloyd2016-11-191-4/+6
| | | | | Recent Clang complains about forward decl as 'class X' when X was actually declared as a struct.
* Merge GH #729 Add CECPQ1 (x25519+NewHope) TLS ciphersuitesJack Lloyd2016-11-1918-44/+249
|\
| * Add CECPQ1 TLS ciphersuitesJack Lloyd2016-11-1718-44/+249
| | | | | | | | | | | | | | | | | | | | | | | | | | Tested against BoringSSL (as client + server) and google.com (as client). Fix a stupid crashing bug in NewHope's BoringSSL mode. Remove unneeded error return from curve25519_donna - always returned 0. Default policy prefers ChaChaPoly1305 over GCM and CECPQ1 over ECDH/DH, which means the default no-extra-configuration ciphersuite (for Botan client speaking to Botan server) is a ciphersuite which is both implemented in constant time on all platforms and (hopefully) provides post quantum security. Good Things.
* | Add key_constraints_to_string, GOST-34.10 cert handlingJack Lloyd2016-11-186-75/+127
| | | | | | | | Add some try/catch blocks to the X.509 tests, and use create_private_key API
* | Add X509_DN::emptyJack Lloyd2016-11-181-0/+2
| |
* | Don't force HMAC_DRBG to be enabledJack Lloyd2016-11-186-20/+27
| | | | | | | | | | No need to strictly require it, and some applications may only want system RNG or RDRAND.
* | Fix TLS testJack Lloyd2016-11-181-4/+4
|/ | | | | It is allowable to request the maximum length, just not more than it. Found after about 22K runs of the TLS tests.
* This range check was in the wrong directionJack Lloyd2016-11-171-1/+1
|
* Add OIDs for SHA-3 and SHA-3 signature algorithmsJack Lloyd2016-11-172-2/+77
| | | | | Also CCM OIDS, and SHA-384/SHA-512 DSA OIDs. All from NIST: http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html
* Don't strictly require ffi in modern policyJack Lloyd2016-11-171-3/+2
|
* Merge GH #727 Tests for KDF::nameJack Lloyd2016-11-1612-35/+36
|\
| * KDF1 uses a hash function onlyRené Korthaus2016-11-161-1/+1
| |
| * Add a test for KDF::name()René Korthaus2016-11-1512-35/+36
| | | | | | | | | | | | This required fixing some test vectors that previously omitted the MAC, defaulting to HMAC, that used the SHA-1 alias to SHA-160, and fixing X942_PRF::name().
* | Fix TLS client next protocol handlingJack Lloyd2016-11-161-1/+2
| | | | | | | | [ci skip]
* | Fix incompatability with (some) common TLS stackJack Lloyd2016-11-164-15/+26
| | | | | | | | | | | | | | | | Several sites including oracle.com seem to send extension 11 (point format) even if we (the client) did not send it. Then the handshake fails. To workaround this problem, simply always send this extension as the client, instead of only sending it if we wished to support compressed points.
* | Add a script to test TLS compat with major sitesJack Lloyd2016-11-163-0/+113
| |
* | Add new TLS callback for when session is activatedJack Lloyd2016-11-162-0/+8
| | | | | | | | | | | | The current session established cb happens before the session is activated, so it is not possible to send application data in response to the connection being made.
* | Fix inverted conditionalJack Lloyd2016-11-161-1/+2
| |
* | Disable ffi on cross builds.Jack Lloyd2016-11-161-1/+1
| | | | | | | | | | Not really needed (don't have a cross python to run) and avoids the unfortunate random test failures.
* | Fix TLS corruption tests.Jack Lloyd2016-11-152-8/+11
| | | | | | | | | | | | | | | | | | There is a simple bit flip corruption test for the TLS stack: we shouldn't negotiate correctly if any random bit gets flipped. But it turns out this is not entirely true as the record layer version field is effectively ignored except for distinguishing TLS vs DTLS. So a small bitflip in that field is sometimes ignored, causing the test to fail. Make sure we modify something in the body instead.
* | Add negative tests for cipher mode paddingJack Lloyd2016-11-152-52/+107
|/
* Merge GH #724 Add ESP (IPsec) CBC padding modeJack Lloyd2016-11-154-1/+102
|\
| * Update ISO standard for OneAndZeros_PaddingRené Korthaus2016-11-151-1/+1
| |