summaryrefslogtreecommitdiff
path: root/gtests/freebl_gtest
Commit message (Collapse)AuthorAgeFilesLines
* Bug 1820175 - Fix various compiler warnings in NSS. r=jschanck.Dennis Jackson2023-03-031-1/+1
| | | | Differential Revision: https://phabricator.services.mozilla.com/D171581
* Bug 1792821 - Updating the clang-format version to 10. r=jschanckAnna Weine2022-10-073-3/+3
| | | | Differential Revision: https://phabricator.services.mozilla.com/D158323
* Bug 1709750 - Read HPKE vectors from official JSON, r=djacksonMartin Thomson2021-08-103-74/+27
| | | | | | Added check for required fields Differential Revision: https://phabricator.services.mozilla.com/D119046
* Restore lost portion of the bleichenbacher timing batch that addressedRobert Relyea2020-12-221-6/+6
| | | | | review comments. All the review comments pertained to actual code comments, so this patch only affects the comments.
* Bug 1651411 New tlsfuzzer code can still detect timing issues in RSA operations.Robert Relyea2020-12-183-4/+89
| | | | | | | | | | | | | | | | | | | | | | | | This patch defeats Bleichenbacher by not trying to hide the size of the decrypted text, but to hide if the text succeeded for failed. This is done by generating a fake returned text that's based on the key and the cipher text, so the fake data is always the same for the same key and cipher text. Both the length and the plain text are generated with a prf. Here's the proposed spec the patch codes to: 1. Use SHA-256 to hash the private exponent encoded as a big-endian integer to a string the same length as the public modulus. Keep this value secret. (this is just an optimisation so that the implementation doesn't have to serialise the key over and over again) 2. Check the length of input according to step one of https://tools.ietf.org/html/rfc8017#section-7.2.2 3. When provided with a ciphertext, use SHA-256 HMAC(key=hash_from_step1, text=ciphertext) to generate the key derivation key 4. Use SHA-256 HMAC with key derivation key as the key and a two-byte big-endian iterator concatenated with byte string "length" with the big-endian representation of 2048 (0x0800) as the bit length of the generated string. - Iterate this PRF 8 times to generate a 256 byte string 5. initialise the length of synthetic message to 0 6. split the PRF output into 2 byte strings, convert into big-endian integers, zero-out high-order bits so that they have the same bit length as the octet length of the maximum acceptable message size (k-11), select the last integer that is no larger than (k-11) or remain at 0 if no integer is smaller than (k-11); this selection needs to be performed using a side-channel free operators 7. Use SHA-256 HMAC with key derivation key as the key and a two-byte big-endian iterator concatenated with byte string "message" with the big-endian representation of k*8 - use this PRF to generate k bytes of output (right-truncate last HMAC call if the number of generated bytes is not a multiple of SHA-256 output size) 8. perform the RSA decryption as described in step 2 of section 7.2.2 of rfc8017 9. Verify the EM message padding as described in step 3 of section 7.2.2 of rfc8017, but instead of outputting "decryption error", return the last l bytes of the "message" PRF, when l is the selected synthetic message length using the "length" PRF, make this decision and copy using side-channel free operation Differential Revision: https://phabricator.services.mozilla.com/D99843
* Bug 1677207 - Replace references to TestCase, which is deprecated, with ↵Kevin Jacobs2020-12-113-8/+8
| | | | | | | | | TestSuite r=bbeurdouche grep -rl --exclude-dir=google_test INSTANTIATE_TEST_CASE_P gtests | xargs sed -i '' s/INSTANTIATE_TEST_CASE_P/INSTANTIATE_TEST_SUITE_P/g grep -rl --exclude-dir=google_test SetUpTestCase gtests | xargs sed -i '' s/SetUpTestCase/SetUpTestSuite/g Differential Revision: https://phabricator.services.mozilla.com/D98818
* Bug 1605922 - Account for negative sign in mp_radix_size r=bbeurdoucheKevin Jacobs2020-09-081-0/+33
| | | | Differential Revision: https://phabricator.services.mozilla.com/D86443
* Bug 1561331 - Additional modular inverse test r=jcjKevin Jacobs2020-05-121-0/+38
| | | | Differential Revision: https://phabricator.services.mozilla.com/D36115
* Bug 1609751 - Additional tests for mp_comba r=mtKevin Jacobs2020-02-191-0/+49
| | | | | | Verify that when clamping, the upper 4 bytes of an `mp_digit` is checked. Differential Revision: https://phabricator.services.mozilla.com/D58576
* Bug 1431940 - remove dereference before NULL check in BLAKE2B code. r=kjacobsDmitry Baryshkov2020-02-141-0/+12
| | | | Differential Revision: https://phabricator.services.mozilla.com/D62676
* Bug 1604596 - Update Wycheproof vectors and add support for CBC, P256-ECDH, ↵Kevin Jacobs2020-01-161-2/+2
| | | | | | | | | | | | | | | and CMAC tests r=franziskus This patch updates to the latest Wycheproof vectors and adds Wycheproof support for CBC, CMAC, and P256-ECDH: ChaCha20: +141 tests Curve25519: +431 tests GCM: +39 tests CBC (new): +183 tests CMAC (new): +308 tests P256 ECDH (new): +460 tests Differential Revision: https://phabricator.services.mozilla.com/D57477
* Bug 1570501 - Add AES-CMAC implementation to freebl, r=mtAlexander Scheel2019-08-302-0/+188
| | | | Differential Revision: https://phabricator.services.mozilla.com/D40120
* Bug 1415118 - Fix --enable-libpkix builds from build.sh r=mt,jcjKevin Jacobs2019-08-121-0/+1
| | | | Differential Revision: https://phabricator.services.mozilla.com/D41617
* Bug 1542077 - Added extra controls and tests to mp_set_int and mp_set_ulong. ↵Marcus Burghardt2019-08-131-1/+1
| | | | | | r=jcj,kjacobs Differential Revision: https://phabricator.services.mozilla.com/D40649
* Bug 1548179 - Remove --test (test_build) option from build.sh (replaced by ↵Kevin Jacobs2019-05-151-1/+1
| | | | | | --static), remove Test builds from taskcluster since we exercise pk11_gtest and mpi_gtests in non-static builds already. r=mt,jcj Differential Revision: https://phabricator.services.mozilla.com/D30998
* Bug 1509432 - clang-format r=jcjKevin Jacobs2019-05-141-26/+26
| | | | Differential Revision: https://phabricator.services.mozilla.com/D31091
* Bug 1509432 - Removed duplicated code between mp_set_int and mp_set_ulong. ↵Marcus Burghardt2019-05-131-0/+35
| | | | | | Created a gtest for this functions. r=KevinJacobs Differential Revision: https://phabricator.services.mozilla.com/D30870
* Bug 1548398 - Add freebl_gtest to nss.gyp, fix freebl_gtest ↵NSS_3_44_BETA1Kevin Jacobs2019-05-033-6/+16
| | | | | | | | | | cross-compilation and gcc-4.8 support. r=jcj Updated gyp files to add -msse2 GCC option, iff the compiler is gcc and target is x64 or ia32. Root cause for the 4.8 failure is a gcc bug where the "#pragma GCC target("sse2")" option used in gcm.h doesn't work when compiling C++ code, as the gtests do. Differential Revision: https://phabricator.services.mozilla.com/D29886
* Backed out changeset 5059d47bd423 (bug 1548398) for GCC 4.8 failures in gcm.hJ.C. Jones2019-05-022-9/+6
|
* Bug 1548398 - Add freebl_gtest to nss.gyp, fix freebl_gtest ↵Kevin Jacobs2019-05-022-6/+9
| | | | | | cross-compilation. r=jcj Differential Revision: https://phabricator.services.mozilla.com/D29581
* Bug 1514999 - Add wycheproof Curve25519 testcases to nss, r=franziskusJonas Allmann2018-12-191-1/+1
| | | | Differential Revision: https://phabricator.services.mozilla.com/D14843
* Bug 1485864 - Constant time mp_to_fixlen_octets, r=franziskusNSS_3_41_BETA1Martin Thomson2018-11-301-4/+78
| | | | Differential Revision: https://phabricator.services.mozilla.com/D11722
* Bug 1485864 - improve padding checks in RSA_DecryptBlock, r=mtFranziskus Kiefer2018-10-311-6/+42
| | | | Differential Revision: https://phabricator.services.mozilla.com//D10357
* Bug 1479787 - build mozpkix as part of NSS, r=mt,keelerFranziskus Kiefer2018-08-031-1/+1
| | | | | | Differential Revision: https://phabricator.services.mozilla.com/D2719 Differential Revision: https://phabricator.services.mozilla.com/D2720 Differential Revision: https://phabricator.services.mozilla.com/D2861
* Bug 1309068 - Enable -Wshadow, r=franziskusMartin Thomson2018-02-142-3/+3
|
* Bug 1409516, NSS Tests detect FIPS buildconfiguration using certutil ↵Kai Engert2017-12-191-0/+4
| | | | --build-flags. gyp builds with --enable-fips enable init tests. Enable cert_rsa_exponent test. Add Linux64 FIPS gyp build to taskcluster/CI. r=franziskus
* Bug 1369091 - check that e > 2 and odd in RSA_NewKey, r=franziskusJonas Allmann2017-11-072-0/+58
| | | | | | | | | | | | Summary: Patch for bug 1369091 Reviewers: franziskus Reviewed By: franziskus Bug #: 1369091 Differential Revision: https://phabricator.services.mozilla.com/D165
* Bug 1396830 - add blake2b to freebl, r=mtFranziskus Kiefer2017-06-293-30/+4965
| | | | Differential Revision: https://nss-review.dev.mozaws.net/D362
* Bug 1372515 - allow enabling libpkix in gyp builds, r=ttaubertFranziskus Kiefer2017-06-091-0/+1
| | | | Differential Revision: https://nss-review.dev.mozaws.net/D350
* Bug 1369353 - Reject zero-length GCM IVs r=franziskusTim Taubert2017-06-093-132/+9
| | | | Differential Revision: https://nss-review.dev.mozaws.net/D340
* Bug 1357670 - AES-NI for all platforms that support it, r=ttaubert,mtFranziskus Kiefer2017-04-251-4/+3
| | | | | | | | With this patch we use AES-NI whenever possible. The compile time flag USE_HW_AES does NOT disable this new code. NSS_DISABLE_HW_AES can be used as runtime flag to disable AES-NI and fall back to the software implementation. Differential Revision: https://nss-review.dev.mozaws.net/D323
* Bug 868948 - new ct software and hardware accelarated gcm implementations, ↵Franziskus Kiefer2017-05-044-10/+181
| | | | | | r=mt,ttaubert Differential Revision: https://nss-review.dev.mozaws.net/D291
* Bug 1352039 - improvements for elliptic curve addition in mixed ↵Franziskus Kiefer2017-04-043-5/+126
| | | | | | Jacobian-affine coordinates, r=ttaubert Differential Revision: https://nss-review.dev.mozaws.net/D333
* Bug 1355041 - Add Windows gyp builds to TC r=franziskusTim Taubert2017-05-311-2/+3
|
* Bug 1355038 - fix windows gyp builds where using static builds, r=ttaubertFranziskus Kiefer2017-05-231-0/+10
| | | | Differential Revision: https://nss-review.dev.mozaws.net/D325
* Bug 1362392 - fix s_mpi_div on 32-bit; fix 32-bit test buildsFranziskus Kiefer2017-05-092-8/+44
| | | | Differential Revision: https://nss-review.dev.mozaws.net/D320
* Bug 1339464 - Fix DH_GenParam, r=franziskusMark Goodwin2017-05-102-0/+27
| | | | | | Summary: Fix DH_GenParam by repeating mpp_make_prime calls on failure Differential Revision: https://nss-review.dev.mozaws.net/D308
* Bug 1363213 - more, non-leaking mpi tests; run them on TC, r=ttaubertFranziskus Kiefer2017-05-081-3/+43
| | | | Differential Revision: https://nss-review.dev.mozaws.net/D284
* Bug 1345089 - add prng kat tests, r=ttaubertFranziskus Kiefer2017-02-284-1/+62501
| | | | Differential Revision: https://nss-review.dev.mozaws.net/D237
* Bug 1330557 - Add basic TLS client fuzzer r=mt,franziskusTim Taubert2017-02-101-2/+0
| | | | Differential Revision: https://nss-review.dev.mozaws.net/D145
* Bug 1333361 - Fix static fuzzing builds r=franziskusTim Taubert2017-01-251-1/+10
| | | | Differential Revision: https://nss-review.dev.mozaws.net/D170
* Bug 1330944 - GYP: Don't require Valgrind (ct_verif) for -Dtest_build=1 r=mtTim Taubert2017-01-162-2/+8
| | | | Differential Revision: https://nss-review.dev.mozaws.net/D149
* Bug 1318280 - Fix freebl_gtest on macOS r=franziskusTim Taubert2016-11-171-9/+44
| | | | Differential Revision: https://nss-review.dev.mozaws.net/D75
* Bug 1317924 - resurrect mpi tests, r=ttaubertFranziskus Kiefer2016-11-162-0/+120
Differential Revision: https://nss-review.dev.mozaws.net/D68
View Lorry Controller Status