| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
This prevents the test suite from globbing all the XMSS tests
together under "XMSS/Raw"; since XMSS ignores the padding anyway,
pretend the param string is the padding which causes the normal
logic in the signature test code to do the right thing.
|
|
|
|
| |
[ci skip]
|
| |
|
| |
|
| |
|
| |
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Removes custom XMSS_Hash assignment operator.
- Changes mutex type used in XMSS_Index_Registryfrom std::mutex to
Botan::mutex_type, changes lock_guard accordingly.
- Removes singleton and endianess detection from XMSS_Tools, changes
XMSS_Tools::concat() to be a static method.
- XMSS/XMSS_WOTS check_key() now always returns true.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[1] XMSS: Extended Hash-Based Signatures,
draft-itrf-cfrg-xmss-hash-based-signatures-06
Release: July 2016.
https://datatracker.ietf.org/doc/
draft-irtf-cfrg-xmss-hash-based-signatures/?include_text=1
Provides XMSS_PublicKey and XMSS_PrivateKey classes as well as implementations
for the Botan interfaces PK_Ops::Signature and PK_Ops::Verification. XMSS has
been integrated into the Botan test bench, signature generation and verification
can be tested independently by invoking "botan-test xmss_sign" and
"botan-test xmss_verify"
- Some headers that are not required to be exposed to users of the library have
to be declared as public in `info.txt`. Declaring those headers private will
cause the amalgamation build to fail. The following headers have been
declared public inside `info.txt`, even though they are only intended for
internal use:
* atomic.h
* xmss_hash.h
* xmss_index_registry.h
* xmss_address.h
* xmss_common_ops.h
* xmss_tools.h
* xmss_wots_parameters.h
* xmss_wots_privatekey.h
* xmss_wots_publickey.h
- XMSS_Verification_Operation Requires the "randomness" parameter out of the
XMSS signature. "Randomness" is part of the prefix that is hashed *before*
the message. Since the signature is unknown till sign() is called, all
message content has to be buffered. For large messages this can be
inconvenient or impossible.
**Possible solution**: Change PK_Ops::Verification interface to take
the signature as constructor argument, and provide a setter method to be able
to update reuse the instance on multiple signatures. Make sign a parameterless
member call. This solution requires interface changes in botan.
**Suggested workaround** for signing large messages is to not sign the message
itself, but to precompute the message hash manually using Botan::HashFunctio
and sign the message hash instead of the message itself.
- Some of the available test vectors for the XMSS signature verification have
been commented out in order to reduce testbench runtime.
|
|/
|
|
|
|
|
|
|
|
| |
Add Public_Key::key_length usable for policy checking (as in
TLS::Policy::check_peer_key_acceptable)
Remove Public_Key::max_input_bits because it didn't make much sense
for most algorithms actually.
Remove message_parts and message_part_size from PK_Ops
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
See PR #552
- Add Cipher_Mode::reset() which resets just the message specific state and allows encrypting again under the existing key
- In Cipher_Mode::clear() (at some planes) use cipher->clear() instead of resetting the pointer which would make the cipher object unusable
- EAX_Decryption::output_length() bugfix?! Now its possible to decrypt an empty ciphertext (just a tag)
- Bugfix for GCM_Decryption::finish()
- set tag length in GCM_Mode::name()
- Cipher_Mode tests: add tests for reset()and process()
- AEAD_Mode tests: add tests for reset(), clear(), update() and process()
|
| | |
|
| |
| |
| |
| |
| |
| | |
Still not a hard error even in maintainer mode because sometimes
system headers pull in C style casts via macros (eg MAP_FAILED).
But, it not being a hard error makes it easy to backslide.
|
| |
| |
| |
| | |
Remove old style casts, wrap some very long lines.
|
| | |
|
| |
| |
| |
| | |
Only works for GCC and Clang
|
| |
| |
| |
| | |
Found by Coverity.
|
| |
| |
| |
| | |
[ci skip]
|
|\ \ |
|
| |/
| |
| |
| | |
somehow missed this in PR #360
|
| | |
|
| |
| |
| |
| | |
Also part of Algo_Registry and not needed after #668
|
|/
|
|
| |
Was used by Algo_Registry lookups, no longer needed after #668
|
|
|
|
|
| |
Having a runtime endian test to verify against the build setting is
useful.
|
| |
|
|
|
|
|
|
| |
DataSource_Stream::peek resets EOF bit after a failed peek
Fixes #657 cert_info infinite loop
|
|
|
|
|
|
|
|
| |
Was removed in 1.11.10, but reference here remained. GH #719
Update OpenSSL requirements - 1.0.0 and all older versions are EOL
[ci skip]
|
|
|
|
| |
[ci skip]
|
| |
|
|
|
|
| |
[ci skip]
|
| |
|
|
|
|
|
|
| |
Vectors here just whatever we spit out, but I can't find any
GOST vectors using the 'A' param set. Anyway at least with this,
we are testing to have consistent behavior across platforms.
|
|\ |
|
| |
| |
| |
| |
| | |
This allows wait() to be called immediately after sync() returns, even if not
all of the waiting threads have awoken.
|
| | |
|
|/
|
|
|
|
|
|
| |
This commit introduces a concept of a barrier, where all threads must
synchronise before continuing. Threaded Fork uses this to ensure that all
input is consumed by each sink exactly once.
Fixes #695.
|
|
|
|
| |
[ci skip]
|
| |
|
|
|
|
|
|
| |
This reverts commit cfb12bf77940c566de1e6de4a79db6fe0d02ef1e.
tl;dr monorepo is better, especially for a project this small.
|
| |
|
|
|
|
|
|
|
| |
This reverts commit 2ec08fa6b5fd270e50f8526c1c6dfaabfda66e02.
The Perl wrapper was removed as unmaintained, but nobody is likely
to maintain it if they don't know it exists.
|
| |
|
| |
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| | |
4096 is the value from FIPS 186-2, FIPS 186-3 uses 4*pbits which
is the obvious extension of the FIPS 186-2 scheme to larger parameter
sizes. Pointed out by @neverhub
Removes support for 512 and 768 bit DSA groups because WTF no.
|
| |
| |
| |
| | |
[ci skip]
|
| | |
|
|\ \ |
|
| | | |
|