|
|
|
|
# This file contains source lists that are also consumed by
|
|
|
|
|
# generate_build_files.py.
|
|
|
|
|
#
|
|
|
|
|
# TODO(davidben): Move the other source lists into this file.
|
|
|
|
|
|
|
|
|
|
set(
|
|
|
|
|
CRYPTO_TEST_DATA
|
|
|
|
|
|
|
|
|
|
crypto/blake2/blake2b256_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/aes_128_cbc_sha1_tls_implicit_iv_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/aes_128_cbc_sha1_tls_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/aes_128_ccm_bluetooth_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/aes_128_ccm_bluetooth_8_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/aes_128_ccm_matter_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/aes_128_ctr_hmac_sha256.txt
|
|
|
|
|
crypto/cipher_extra/test/aes_128_gcm_randnonce_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/aes_128_gcm_siv_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/aes_128_gcm_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/aes_192_gcm_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/aes_256_cbc_sha1_tls_implicit_iv_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/aes_256_cbc_sha1_tls_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/aes_256_ctr_hmac_sha256.txt
|
|
|
|
|
crypto/cipher_extra/test/aes_256_gcm_randnonce_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/aes_256_gcm_siv_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/aes_256_gcm_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/chacha20_poly1305_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/xchacha20_poly1305_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/cipher_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/des_ede3_cbc_sha1_tls_implicit_iv_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/des_ede3_cbc_sha1_tls_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/nist_cavp/aes_128_cbc.txt
|
|
|
|
|
crypto/cipher_extra/test/nist_cavp/aes_128_ctr.txt
|
|
|
|
|
crypto/cipher_extra/test/nist_cavp/aes_128_gcm.txt
|
|
|
|
|
crypto/cipher_extra/test/nist_cavp/aes_192_cbc.txt
|
|
|
|
|
crypto/cipher_extra/test/nist_cavp/aes_192_ctr.txt
|
|
|
|
|
crypto/cipher_extra/test/nist_cavp/aes_256_cbc.txt
|
|
|
|
|
crypto/cipher_extra/test/nist_cavp/aes_256_ctr.txt
|
|
|
|
|
crypto/cipher_extra/test/nist_cavp/aes_256_gcm.txt
|
|
|
|
|
crypto/cipher_extra/test/nist_cavp/tdes_cbc.txt
|
|
|
|
|
crypto/cipher_extra/test/nist_cavp/tdes_ecb.txt
|
|
|
|
|
crypto/curve25519/ed25519_tests.txt
|
|
|
|
|
crypto/ecdh_extra/ecdh_tests.txt
|
|
|
|
|
crypto/evp/evp_tests.txt
|
|
|
|
|
crypto/evp/scrypt_tests.txt
|
|
|
|
|
crypto/fipsmodule/aes/aes_tests.txt
|
|
|
|
|
crypto/fipsmodule/bn/test/exp_tests.txt
|
|
|
|
|
crypto/fipsmodule/bn/test/gcd_tests.txt
|
|
|
|
|
crypto/fipsmodule/bn/test/miller_rabin_tests.txt
|
|
|
|
|
crypto/fipsmodule/bn/test/mod_exp_tests.txt
|
|
|
|
|
crypto/fipsmodule/bn/test/mod_inv_tests.txt
|
|
|
|
|
crypto/fipsmodule/bn/test/mod_mul_tests.txt
|
|
|
|
|
crypto/fipsmodule/bn/test/mod_sqrt_tests.txt
|
|
|
|
|
crypto/fipsmodule/bn/test/product_tests.txt
|
|
|
|
|
crypto/fipsmodule/bn/test/quotient_tests.txt
|
|
|
|
|
crypto/fipsmodule/bn/test/shift_tests.txt
|
|
|
|
|
crypto/fipsmodule/bn/test/sum_tests.txt
|
|
|
|
|
crypto/fipsmodule/cmac/cavp_3des_cmac_tests.txt
|
|
|
|
|
crypto/fipsmodule/cmac/cavp_aes128_cmac_tests.txt
|
|
|
|
|
crypto/fipsmodule/cmac/cavp_aes192_cmac_tests.txt
|
|
|
|
|
crypto/fipsmodule/cmac/cavp_aes256_cmac_tests.txt
|
|
|
|
|
crypto/fipsmodule/ec/ec_scalar_base_mult_tests.txt
|
P-256 assembly optimisations for Aarch64.
The ARMv8 assembly code in this commit is mostly taken from OpenSSL's `ecp_nistz256-armv8.pl` at https://github.com/openssl/openssl/blob/19e277dd19f2897f6a7b7eb236abe46655e575bf/crypto/ec/asm/ecp_nistz256-armv8.pl (see Note 1), adapting it to the implementation in p256-x86_64.c.
Most of the assembly functions found in `crypto/fipsmodule/ec/asm/p256-x86_64-asm.pl` required to support that code have their analogous functions in the imported OpenSSL ARMv8 Perl assembly implementation with the exception of the functions:
- ecp_nistz256_select_w5
- ecp_nistz256_select_w7
An implementation for these functions was added.
Summary of modifications to the imported code:
* Renamed to `p256-armv8-asm.pl`
* Modified the location of `arm-xlate.pl` and `arm_arch.h`
* Replaced the `scatter-gather subroutines` with `select subroutines`. The `select subroutines` are implemented for ARMv8 similarly to their x86_64 counterparts, `ecp_nistz256_select_w5` and `ecp_nistz256_select_w7`.
* `ecp_nistz256_add` is removed because it was conflicting during the static build with the function of the same name in p256-nistz.c. The latter calls another assembly function, `ecp_nistz256_point_add`.
* `__ecp_nistz256_add` renamed to `__ecp_nistz256_add_to` to avoid the conflict with the function `ecp_nistz256_add` during the static build.
* l. 924 `add sp,sp,#256` the calculation of the constant, 32*(12-4), is not left for the assembler to perform.
Other modifications:
* `beeu_mod_inverse_vartime()` was implemented for AArch64 in `p256_beeu-armv8-asm.pl` similarly to its implementation in `p256_beeu-x86_64-asm.pl`.
* The files containing `p256-x86_64` in their name were renamed to, `p256-nistz` since the functions and tests defined in them are hereby running on ARMv8 as well, if enabled.
* Updated `delocate.go` and `delocate.peg` to handle the offset calculation in the assembly instructions.
* Regenerated `delocate.peg.go`.
Notes:
1- The last commit in the history of the file is in master only, the previous commits are in OpenSSL 3.0.1
2- This change focuses on AArch64 (64-bit architecture of ARMv8). It does not support ARMv4 or ARMv7.
Testing the performance on Armv8 platform using -DCMAKE_BUILD_TYPE=Release:
Before:
```
Did 2596 ECDH P-256 operations in 1093956us (2373.0 ops/sec)
Did 6996 ECDSA P-256 signing operations in 1044630us (6697.1 ops/sec)
Did 2970 ECDSA P-256 verify operations in 1084848us (2737.7 ops/sec)
```
After:
```
Did 6699 ECDH P-256 operations in 1091684us (6136.4 ops/sec)
Did 20000 ECDSA P-256 signing operations in 1012944us (19744.4 ops/sec)
Did 7051 ECDSA P-256 verify operations in 1060000us (6651.9 ops/sec)
```
Change-Id: I9fdef12db365967a9264b5b32c07967b55ea48bd
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51805
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
3 years ago
|
|
|
crypto/fipsmodule/ec/p256-nistz_tests.txt
|
|
|
|
|
crypto/fipsmodule/ecdsa/ecdsa_sign_tests.txt
|
|
|
|
|
crypto/fipsmodule/ecdsa/ecdsa_verify_tests.txt
|
|
|
|
|
crypto/fipsmodule/modes/gcm_tests.txt
|
|
|
|
|
crypto/fipsmodule/rand/ctrdrbg_vectors.txt
|
|
|
|
|
crypto/hmac_extra/hmac_tests.txt
|
|
|
|
|
crypto/hpke/hpke_test_vectors.txt
|
|
|
|
|
crypto/kyber/keccak_tests.txt
|
|
|
|
|
crypto/kyber/kyber_tests.txt
|
|
|
|
|
crypto/pkcs8/test/empty_password.p12
|
|
|
|
|
crypto/pkcs8/test/no_encryption.p12
|
|
|
|
|
crypto/pkcs8/test/nss.p12
|
|
|
|
|
crypto/pkcs8/test/null_password.p12
|
|
|
|
|
crypto/pkcs8/test/openssl.p12
|
|
|
|
|
crypto/pkcs8/test/pbes2_sha1.p12
|
|
|
|
|
crypto/pkcs8/test/pbes2_sha256.p12
|
|
|
|
|
crypto/pkcs8/test/unicode_password.p12
|
|
|
|
|
crypto/pkcs8/test/windows.p12
|
|
|
|
|
crypto/poly1305/poly1305_tests.txt
|
|
|
|
|
crypto/siphash/siphash_tests.txt
|
|
|
|
|
crypto/x509/test/basic_constraints_ca.pem
|
|
|
|
|
crypto/x509/test/basic_constraints_ca_pathlen_0.pem
|
|
|
|
|
crypto/x509/test/basic_constraints_ca_pathlen_1.pem
|
|
|
|
|
crypto/x509/test/basic_constraints_ca_pathlen_10.pem
|
|
|
|
|
crypto/x509/test/basic_constraints_leaf.pem
|
|
|
|
|
crypto/x509/test/basic_constraints_none.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_intermediate.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_intermediate_authority_key_identifier.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_intermediate_basic_constraints.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_intermediate_ext_key_usage.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_intermediate_key_usage.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_intermediate_name_constraints.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_intermediate_subject_alt_name.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_intermediate_subject_key_identifier.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_leaf.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_leaf_authority_key_identifier.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_leaf_basic_constraints.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_leaf_ext_key_usage.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_leaf_key_usage.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_leaf_name_constraints.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_leaf_subject_alt_name.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_leaf_subject_key_identifier.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_root.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_root_authority_key_identifier.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_root_basic_constraints.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_root_ext_key_usage.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_root_key_usage.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_root_name_constraints.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_root_subject_alt_name.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_root_subject_key_identifier.pem
|
|
|
|
|
crypto/x509/test/many_constraints.pem
|
|
|
|
|
crypto/x509/test/many_names1.pem
|
|
|
|
|
crypto/x509/test/many_names2.pem
|
|
|
|
|
crypto/x509/test/many_names3.pem
|
|
|
|
|
crypto/x509/test/policy_intermediate_any.pem
|
|
|
|
|
crypto/x509/test/policy_intermediate_duplicate.pem
|
Fix handling of EXFLAG_INVALID_POLICY on the leaf.
X509_policy_check returns -1 if some certificate had an unparseable
extension, in which case it sets EXFLAG_INVALID_POLICY on it. The
calling code then iterates over the certificates to find the offending
one, so the callback has a chance to undo it. But it skips i = 0, the
leaf, and instead just silentely returns success.
We really should cut down on the callback's ability to mess things up
here but, in the meantime, fix this. Also add a test covering this case.
While I'm here, I've updated make_invalid_extensions.go, which I pulled
some code from, to rename fooOrPanic to mustFoo. That seems to be the
convention in the Go standard library. (regexp.MustCompile, etc.)
Change-Id: Ib07c9f4175e66483bd7c0f7d49aea931bf36e53f
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55748
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
2 years ago
|
|
|
crypto/x509/test/policy_intermediate_invalid.pem
|
|
|
|
|
crypto/x509/test/policy_intermediate_mapped_any.pem
|
|
|
|
|
crypto/x509/test/policy_intermediate_mapped_oid3.pem
|
|
|
|
|
crypto/x509/test/policy_intermediate_mapped.pem
|
|
|
|
|
crypto/x509/test/policy_intermediate_require_duplicate.pem
|
|
|
|
|
crypto/x509/test/policy_intermediate_require_no_policies.pem
|
|
|
|
|
crypto/x509/test/policy_intermediate_require.pem
|
|
|
|
|
crypto/x509/test/policy_intermediate_require1.pem
|
|
|
|
|
crypto/x509/test/policy_intermediate_require2.pem
|
Fix handling of EXFLAG_INVALID_POLICY on the leaf.
X509_policy_check returns -1 if some certificate had an unparseable
extension, in which case it sets EXFLAG_INVALID_POLICY on it. The
calling code then iterates over the certificates to find the offending
one, so the callback has a chance to undo it. But it skips i = 0, the
leaf, and instead just silentely returns success.
We really should cut down on the callback's ability to mess things up
here but, in the meantime, fix this. Also add a test covering this case.
While I'm here, I've updated make_invalid_extensions.go, which I pulled
some code from, to rename fooOrPanic to mustFoo. That seems to be the
convention in the Go standard library. (regexp.MustCompile, etc.)
Change-Id: Ib07c9f4175e66483bd7c0f7d49aea931bf36e53f
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55748
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
2 years ago
|
|
|
crypto/x509/test/policy_intermediate.pem
|
|
|
|
|
crypto/x509/test/policy_leaf_any.pem
|
|
|
|
|
crypto/x509/test/policy_leaf_duplicate.pem
|
Fix handling of EXFLAG_INVALID_POLICY on the leaf.
X509_policy_check returns -1 if some certificate had an unparseable
extension, in which case it sets EXFLAG_INVALID_POLICY on it. The
calling code then iterates over the certificates to find the offending
one, so the callback has a chance to undo it. But it skips i = 0, the
leaf, and instead just silentely returns success.
We really should cut down on the callback's ability to mess things up
here but, in the meantime, fix this. Also add a test covering this case.
While I'm here, I've updated make_invalid_extensions.go, which I pulled
some code from, to rename fooOrPanic to mustFoo. That seems to be the
convention in the Go standard library. (regexp.MustCompile, etc.)
Change-Id: Ib07c9f4175e66483bd7c0f7d49aea931bf36e53f
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55748
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
2 years ago
|
|
|
crypto/x509/test/policy_leaf_invalid.pem
|
Fix handling of critical X.509 policy constraints
If we see a critical policy constraints extension, we have two options:
We can either process it, which requires running policy validation, or
reject the certificate. We and OpenSSL do neither by default, which
means we may accept certificate chains that we weren't supposed to.
This fixes it by enabling X.509 policy validation unconditionally and
makes X509_V_FLAG_POLICY_CHECK moot. As a side effect, callers no longer
need to do anything for CVE-2023-0466.
This is the opposite of [0]'s advice, which instead recommends skipping
the feature and rejecting critical policy contraints. That would be a
good move for a new X.509 implementation. Policy validation is
badly-designed, even by X.509's standards. But we have OpenSSL's history
of previously accepting critical policy constraints (even though it
didn't check it). I also found at least one caller that tests a chain
with policy constraints, albeit a non-critical one.
We now have an efficient policy validation implementation, so just
enable it.
Of course, fixing this bug in either direction has compatibility risks:
either we take on the compat risk of being newly incompatible with
policyConstraints-using PKIs, or we take on the compat risk of newly
rejecting certificates that were invalid due to a policy validation
error, but no one noticed. The latter case seems safer because the chain
is unambiguously invalid.
Update-Note: X.509 certificate verification (not parsing) will now
notice policy-validation-related errors in the certificate chain. These
include syntax errors in policy-related extensions, and chains with a
requireExplicitPolicy policy constraint that are valid for no
certificate policies. Such chains are unambiguously invalid. We just did
not check it before by default. This is an obscure corner of X.509 and
not expected to come up in most PKIs.
[0] https://www.ietf.org/archive/id/draft-davidben-x509-policy-graph-01.html#section-3.4.4
Fixed: 557
Change-Id: Icc00c7797bb95fd3b14570eb068543fd83cda7b9
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/58426
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
2 years ago
|
|
|
crypto/x509/test/policy_leaf_none.pem
|
|
|
|
|
crypto/x509/test/policy_leaf_oid1.pem
|
|
|
|
|
crypto/x509/test/policy_leaf_oid2.pem
|
|
|
|
|
crypto/x509/test/policy_leaf_oid3.pem
|
|
|
|
|
crypto/x509/test/policy_leaf_oid4.pem
|
|
|
|
|
crypto/x509/test/policy_leaf_oid5.pem
|
|
|
|
|
crypto/x509/test/policy_leaf_require.pem
|
|
|
|
|
crypto/x509/test/policy_leaf_require1.pem
|
Fix handling of EXFLAG_INVALID_POLICY on the leaf.
X509_policy_check returns -1 if some certificate had an unparseable
extension, in which case it sets EXFLAG_INVALID_POLICY on it. The
calling code then iterates over the certificates to find the offending
one, so the callback has a chance to undo it. But it skips i = 0, the
leaf, and instead just silentely returns success.
We really should cut down on the callback's ability to mess things up
here but, in the meantime, fix this. Also add a test covering this case.
While I'm here, I've updated make_invalid_extensions.go, which I pulled
some code from, to rename fooOrPanic to mustFoo. That seems to be the
convention in the Go standard library. (regexp.MustCompile, etc.)
Change-Id: Ib07c9f4175e66483bd7c0f7d49aea931bf36e53f
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55748
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
2 years ago
|
|
|
crypto/x509/test/policy_leaf.pem
|
|
|
|
|
crypto/x509/test/policy_root_cross_inhibit_mapping.pem
|
|
|
|
|
crypto/x509/test/policy_root.pem
|
|
|
|
|
crypto/x509/test/policy_root2.pem
|
Tighten up supported PSS combinations in X.509.
Matching Chromium, Go, and TLS 1.3, only allow SHA-256, SHA-384, and
SHA-512 RSA-PSS signatures, where MGF-1 and message hash match and salt
length is hash length. Sadly, we are stuck tolerating an explicit
trailerField for now. See the certificates in cl/362617931.
This also fixes an overflow bug in handling the salt length. On
platforms with 64-bit long and 32-bit int, we would misinterpret, e.g,
2^62 + 32 as 32. Also clean up the error-handling of maskHash. It was
previously handled in a very confusing way; syntax errors in maskHash
would succeed and only be noticed later, in rsa_mgf1_decode.
I haven't done it in this change, but as a followup, we can, like
Chromium, reduce X.509 signature algorithms down to a single enum.
Update-Note: Unusual RSA-PSS combinations in X.509 are no longer
accepted. This same change (actually a slightly stricter version) has
already landed in Chrome.
Bug: 489
Change-Id: I85ca3a4e14f76358cac13e66163887f6dade1ace
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/53865
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
2 years ago
|
|
|
crypto/x509/test/pss_sha1_explicit.pem
|
|
|
|
|
crypto/x509/test/pss_sha1_mgf1_syntax_error.pem
|
|
|
|
|
crypto/x509/test/pss_sha1.pem
|
|
|
|
|
crypto/x509/test/pss_sha224.pem
|
|
|
|
|
crypto/x509/test/pss_sha256_explicit_trailer.pem
|
|
|
|
|
crypto/x509/test/pss_sha256_mgf1_sha384.pem
|
|
|
|
|
crypto/x509/test/pss_sha256_mgf1_syntax_error.pem
|
|
|
|
|
crypto/x509/test/pss_sha256_omit_nulls.pem
|
|
|
|
|
crypto/x509/test/pss_sha256_salt_overflow.pem
|
|
|
|
|
crypto/x509/test/pss_sha256_salt31.pem
|
|
|
|
|
crypto/x509/test/pss_sha256_unknown_mgf.pem
|
|
|
|
|
crypto/x509/test/pss_sha256_wrong_trailer.pem
|
|
|
|
|
crypto/x509/test/pss_sha256.pem
|
|
|
|
|
crypto/x509/test/pss_sha384.pem
|
|
|
|
|
crypto/x509/test/pss_sha512.pem
|
|
|
|
|
crypto/x509/test/some_names1.pem
|
|
|
|
|
crypto/x509/test/some_names2.pem
|
|
|
|
|
crypto/x509/test/some_names3.pem
|
|
|
|
|
crypto/x509/test/trailing_data_leaf_authority_key_identifier.pem
|
|
|
|
|
crypto/x509/test/trailing_data_leaf_basic_constraints.pem
|
|
|
|
|
crypto/x509/test/trailing_data_leaf_ext_key_usage.pem
|
|
|
|
|
crypto/x509/test/trailing_data_leaf_key_usage.pem
|
|
|
|
|
crypto/x509/test/trailing_data_leaf_name_constraints.pem
|
|
|
|
|
crypto/x509/test/trailing_data_leaf_subject_alt_name.pem
|
|
|
|
|
crypto/x509/test/trailing_data_leaf_subject_key_identifier.pem
|
|
|
|
|
third_party/wycheproof_testvectors/aes_cbc_pkcs5_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/aes_cmac_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/aes_gcm_siv_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/aes_gcm_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/chacha20_poly1305_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/dsa_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/ecdh_secp224r1_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/ecdh_secp256r1_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/ecdh_secp384r1_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/ecdh_secp521r1_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/ecdsa_secp224r1_sha224_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/ecdsa_secp224r1_sha256_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/ecdsa_secp224r1_sha512_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/ecdsa_secp256r1_sha256_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/ecdsa_secp256r1_sha512_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/ecdsa_secp384r1_sha384_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/ecdsa_secp384r1_sha512_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/ecdsa_secp521r1_sha512_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/eddsa_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/hkdf_sha1_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/hkdf_sha256_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/hkdf_sha384_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/hkdf_sha512_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/hmac_sha1_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/hmac_sha224_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/hmac_sha256_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/hmac_sha384_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/hmac_sha512_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/kwp_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/kw_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/primality_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_2048_sha1_mgf1sha1_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_2048_sha224_mgf1sha1_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_2048_sha224_mgf1sha224_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_2048_sha256_mgf1sha1_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_2048_sha256_mgf1sha256_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_2048_sha384_mgf1sha1_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_2048_sha384_mgf1sha384_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_2048_sha512_mgf1sha1_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_2048_sha512_mgf1sha512_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_3072_sha256_mgf1sha1_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_3072_sha256_mgf1sha256_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_3072_sha512_mgf1sha1_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_3072_sha512_mgf1sha512_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_4096_sha256_mgf1sha1_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_4096_sha256_mgf1sha256_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_4096_sha512_mgf1sha1_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_4096_sha512_mgf1sha512_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_misc_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_pkcs1_2048_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_pkcs1_3072_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_pkcs1_4096_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_pss_2048_sha1_mgf1_20_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_pss_2048_sha256_mgf1_0_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_pss_2048_sha256_mgf1_32_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_pss_3072_sha256_mgf1_32_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_pss_4096_sha256_mgf1_32_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_pss_4096_sha512_mgf1_32_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_pss_misc_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_sig_gen_misc_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_signature_2048_sha224_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_signature_2048_sha256_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_signature_2048_sha384_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_signature_2048_sha512_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_signature_3072_sha256_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_signature_3072_sha384_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_signature_3072_sha512_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_signature_4096_sha384_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_signature_4096_sha512_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_signature_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/x25519_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/xchacha20_poly1305_test.txt
|
|
|
|
|
)
|
