| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
modulus of 768 bits has already been publicly factored, and discrete
logarithm algorithms run in about the same time, these keys aren't safe
to use no matter how fast they are.
Also remove the 8192 bit RSA/RW keys - it took too long to generate them,
and nobody is likely to be using 8K bit keys anytime soon anyway.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
not useful; in all cases, we immediately caught it and then returned
false.
Modify as follows:
- Create the pubkey objects inside the checking code, so calling code
doesn't need to do it.
- Return true/false for pass/fail
Also add consistency checking for ECDSA keys
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to mix in with the user input.
Check that the prf and extractor are compatible.
For the initial PRF key, use all zeros of the appropriate size,
and for the initial XTS key, use PRF("Botan HMAC_RNG XTS"). This
ensures that only the one fixed key size is ever used with either
the prf or extractor objects, allowing you to use, say
HMAC(SHA-256)+CMAC(AES-256), or even CMAC(AES-128)+CMAC(AES-128)
as the PRFs in the RNG.
|
|
|
|
| |
then you can't use the global PRNG but everything else still works.
|
|
|
|
|
|
|
|
|
|
|
| |
or throw an exception, with PointGFp::on_the_curve, which returns a bool.
Update callers.
This showed several cases where check_invaraints was being called
multiple times, for instance when decoding a point with OS2ECP,
check_invaraints was called; many callers of OS2ECP would then call
check_invaraints again on the same object.
|
|
|
|
|
|
|
|
|
|
| |
decode_and_check takes an expected value; if the decoded value does
not match, a Decoding_Error with a specified string is thrown. Useful
for checking embedded version codes.
decode_octet_string_bigint is for decoding INTEGER values that are
stored as OCTET STRINGs. Totally obnoxious and useless, but common
especially in the ECC standards.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use 64 bit nonces in the Miller-Rabin test, instead of 40 bits.
Rename check_prime to quick_check_prime and is_prime to check_prime
Remove some internal functions which weren't used outside the
primality test code, along with the prime products table.
For quick checking, instead of doing Miller-Rabin with fixed base 2,
do a small number of randomized tests.
Always use random bases instead of the first n primes.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PRNG everywhere. The removal of the global PRNG was generated by a
desire to remove the global library state entirely. However the real
point of this was to remove the use of globally visible _mutable_
state; of the mutable state, the PRNG is probably the least important,
and the most useful to share. And it seems unlikely that thread
contention would be a major issue in the PRNG.
Add back a global PRNG to Library_State. Use lazy initialization, so
apps that don't ever use a PRNG don't need a seeding step. Then have
AutoSeeded_RNG call that global PRNG.
Offer once again
RandomNumberGenerator& Library_State::global_rng();
which returns a reference to the global PRNG.
This RNG object serializes access to itself with a mutex.
Remove the hack known as Blinding::choose_nonce, replace with using
the global PRNG to choose a blinding nonce
|
|
|
|
|
|
| |
would like to replace these functions with generic engine code instead
of hardcoded lookup, and NULL return value would be impossible to
disambiguate.
|
| |
|
|
|
|
|
|
|
|
|
| |
*this = scalar * *this;
And operator* was doing a needless copy.
Instead make operator* a real multiplication operation, define *= in terms
of it.
|
| |
|
|
|
|
| |
test app...
|
|
|
|
| |
which happened to be compatible enough to work.
|
|
|
|
|
|
|
|
|
|
|
| |
Generating the test vectors found yet another inane (and, of course,
undocumented) behavior in the GOST implementation included in OpenSSL;
it treats the hash inputs as little endian. Just out of curiousity, I
checked RFC 5832, which supposedly specifies this algorithm; not a
peep about endian conversions.
The more I deal with standards coming out of the CryptoPro people, the
less confidence I have in them.
|
| |
|
|
|
|
|
|
|
|
| |
x -= y;
where abs(x) < abs(y).
This change alone increases ECDSA performance by 5 to 15%
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Avoid using Barett reduction in core operations; seems to help perf.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
immediately fall back the the plain malloc-based allocator, which is
typically quite a bit faster.
|
| |
|
|
|
|
| |
operator+= and operator*= instead of being class var, so no thread issues.
|
| |
|
| |
|
|
|
|
| |
in monty_mult()
|
| |
|