| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
[ci skip]
|
| |
|
|
|
|
| |
With RC4 removed, anything that is not AEAD is CBC
|
|
|
|
| |
The lambda here wasn't really required.
|
|\ |
|
| | |
|
| | |
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| | |
- Enables code for shake support
- Creating SHAKE hash function by name now allows to select output size
of 256 Bit for SHAKE128 and 512 Bit for SHAKE256.
- Adds *self-generated*, unverified test vectors for XMSS/SHAKE.
|
|/
|
|
|
|
|
| |
This caused Doxygen to dump the copyright notices for those files into
the Botan namespace description, which is not helpful.
[ci skip]
|
|
|
|
|
|
| |
Makefile does all the things
[ci skip]
|
| |
|
| |
|
|
|
|
|
| |
No actual reason for it to be in the root dir, only Sonar needs it,
so just copy it to the root dir before starting.
|
|
|
|
| |
Expected results are just what it generated on my machine.
|
|
|
|
|
|
|
| |
Now that users can implement custom PK ops via
Private_Key and Public_Key outside the library,
it makes very much sense to provide the
work factor functions to them.
|
|
|
|
| |
[ci skip]
|
|
|
|
| |
[ci skip]
|
| |
|
| |
|
|\ |
|
| | |
|
| | |
|
| | |
|
|/
|
|
|
|
| |
direct TLS CBC testing.
CLI TLS server now catches an exception if an invalid connection is received (Otherwise, the server always stopped working)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Moves x25519 to the front for best by-default side channel resistance,
and orders remaining NIST/BP curves by performance rather than size.
That means putting P-521 before P-384, since P-521 is much faster at
least in Botan (due to much simpler modular reduction for P-521 prime),
and Brainpools to the end due to being quite slow (no fast reductions).
All of the supported curves seem strong enough, and if someone can break
P-256 they can probably break P-384 as well so there doesn't seem much
advantage in preferring slower curves by default.
|
|
|
|
|
| |
Recent Clang complains about forward decl as 'class X' when X was
actually declared as a struct.
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Tested against BoringSSL (as client + server) and google.com (as client).
Fix a stupid crashing bug in NewHope's BoringSSL mode.
Remove unneeded error return from curve25519_donna - always returned 0.
Default policy prefers ChaChaPoly1305 over GCM and CECPQ1 over ECDH/DH, which
means the default no-extra-configuration ciphersuite (for Botan client speaking
to Botan server) is a ciphersuite which is both implemented in constant time
on all platforms and (hopefully) provides post quantum security. Good Things.
|
| |
| |
| |
| | |
Add some try/catch blocks to the X.509 tests, and use create_private_key API
|
| | |
|
| |
| |
| |
| |
| | |
No need to strictly require it, and some applications may only want
system RNG or RDRAND.
|
|/
|
|
|
| |
It is allowable to request the maximum length, just not more than it.
Found after about 22K runs of the TLS tests.
|
| |
|
|
|
|
|
| |
Also CCM OIDS, and SHA-384/SHA-512 DSA OIDs. All from NIST:
http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html
|
| |
|
|\ |
|
| | |
|
| |
| |
| |
| |
| |
| | |
This required fixing some test vectors that previously
omitted the MAC, defaulting to HMAC, that used the SHA-1
alias to SHA-160, and fixing X942_PRF::name().
|
| |
| |
| |
| | |
[ci skip]
|
| |
| |
| |
| |
| |
| |
| |
| | |
Several sites including oracle.com seem to send extension 11
(point format) even if we (the client) did not send it. Then the
handshake fails. To workaround this problem, simply always send this
extension as the client, instead of only sending it if we wished to
support compressed points.
|
| | |
|
| |
| |
| |
| |
| |
| | |
The current session established cb happens before the session is
activated, so it is not possible to send application data in
response to the connection being made.
|
| | |
|
| |
| |
| |
| |
| | |
Not really needed (don't have a cross python to run) and avoids
the unfortunate random test failures.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There is a simple bit flip corruption test for the TLS stack: we
shouldn't negotiate correctly if any random bit gets flipped. But it
turns out this is not entirely true as the record layer version field
is effectively ignored except for distinguishing TLS vs DTLS. So a small
bitflip in that field is sometimes ignored, causing the test to fail.
Make sure we modify something in the body instead.
|
|/ |
|
|\ |
|
| | |
|