Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Combine SM2 key types for signatures and encryption | Jack Lloyd | 2018-08-01 | 13 | -198/+102 |
| | | | | | | It seems in practice the same key may be end up used for both operations, so maintaining a distinction at the type level just complicates things. | ||||
* | Add a couple HMAC(SHA-512-256) test vectors | Jack Lloyd | 2018-08-01 | 1 | -0/+11 |
| | |||||
* | Add OID for HMAC with SHA-512/256 | Jack Lloyd | 2018-08-01 | 2 | -1/+4 |
| | |||||
* | Fix ReST formatting [ci skip] | Jack Lloyd | 2018-08-01 | 1 | -1/+1 |
| | |||||
* | Update news | Jack Lloyd | 2018-08-01 | 1 | -1/+7 |
| | |||||
* | Merge GH #1636 Add Lucas primality test | Jack Lloyd | 2018-08-01 | 16 | -147/+538 |
|\ | |||||
| * | Add Lucas test from FIPS 186-4 | Jack Lloyd | 2018-07-31 | 16 | -147/+538 |
| | | | | | | | | | | | | | | | | | | | | This eliminates an issue identified in the paper "Prime and Prejudice: Primality Testing Under Adversarial Conditions" by Albrecht, Massimo, Paterson and Somorovsky where DL_Group::verify_group with strong=false would accept a composite q with probability 1/4096, which is exactly as the error bound is documented, but still unfortunate. | ||||
* | | Just skip 32-bit ARM iOS build entirely | Jack Lloyd | 2018-08-01 | 1 | -2/+5 |
| | | |||||
* | | Avoid XCode 9.4 due to compilation bug | Jack Lloyd | 2018-08-01 | 1 | -0/+1 |
|/ | | | | | XCode 9.4 ICEs on the NewHope code in ARM 32-bit build and of course I can't report the bug since I don't have an Apple ID. | ||||
* | More FFI todos [ci skip] | Jack Lloyd | 2018-07-31 | 1 | -2/+3 |
| | |||||
* | Index page tweaks [ci skip] | Jack Lloyd | 2018-07-31 | 1 | -25/+17 |
| | |||||
* | Fix Doxygen comments for AutoSeeded_RNG [ci skip] | Jack Lloyd | 2018-07-31 | 1 | -3/+7 |
| | |||||
* | Ensure values are fully reduced during ECDSA signature | Jack Lloyd | 2018-07-30 | 1 | -3/+3 |
| | | | | | It was possible that the Barrett reduction code would fall back to standard division due to getting an input that was >= order^2. | ||||
* | Support calling Whirlpool in OpenSSL | Jack Lloyd | 2018-07-26 | 1 | -0/+5 |
| | | | | Available since 1.0.0, not sure how this was missed. | ||||
* | GHASH - use explicit function to check for key being set | Jack Lloyd | 2018-07-25 | 1 | -1/+1 |
| | |||||
* | Add OID for SM2 with SM3 signatures | Jack Lloyd | 2018-07-24 | 2 | -1/+5 |
| | |||||
* | Add include for getenv | Jack Lloyd | 2018-07-24 | 1 | -0/+1 |
| | |||||
* | Only print FFI exceptions to stdout if an env var is set | Jack Lloyd | 2018-07-24 | 2 | -1/+7 |
| | | | | So debugging is possible but default is silent. | ||||
* | Add botan_mac_query_keylen | Jack Lloyd | 2018-07-24 | 3 | -1/+38 |
| | |||||
* | Add botan_block_cipher_query_keylen plus some new FFI error codes | Jack Lloyd | 2018-07-24 | 5 | -5/+59 |
| | |||||
* | Add additional HMAC tests from RFC 4231 | Jack Lloyd | 2018-07-24 | 1 | -0/+81 |
| | |||||
* | Use Alloc templates instead of overriding for specific vector types | Jack Lloyd | 2018-07-24 | 1 | -16/+16 |
| | |||||
* | Fix bad assert in Goppa decoding | Jack Lloyd | 2018-07-24 | 1 | -3/+4 |
| | |||||
* | Require SM2 ciphertexts be DER encoded | Jack Lloyd | 2018-07-24 | 1 | -2/+18 |
| | | | | | | | Previously SM2 test would fail about 1 in a thousand times because we would corrupt the ciphertext such that the BER was still valid; it would change the length field to an indefinite length marker, which still decoded correctly. | ||||
* | Update news | Jack Lloyd | 2018-07-24 | 1 | -3/+11 |
| | |||||
* | Merge GH #1635 Include ECC public key in the private key data | Jack Lloyd | 2018-07-24 | 2 | -9/+12 |
|\ | |||||
| * | In ECC private key encoding, include the optional public key field | Jack Lloyd | 2018-07-23 | 2 | -9/+12 |
| | | | | | | | | Otherwise GnuTLS refuses to parse the private key. Fixes #1634 | ||||
* | | Spellcheck [ci skip] | Jack Lloyd | 2018-07-23 | 1 | -3/+3 |
|/ | |||||
* | Update todos [ci skip] | Jack Lloyd | 2018-07-23 | 1 | -17/+14 |
| | |||||
* | Merge GH #1628 In ECDSA verify, handle error seen with LibreSSL on non-x86 | Jack Lloyd | 2018-07-20 | 1 | -7/+16 |
|\ | |||||
| * | Handle another possible OpenSSL error only seen on non-x86_64 | Jack Lloyd | 2018-07-17 | 1 | -7/+16 |
| | | | | | | | | GH #1627 | ||||
* | | Add FFI funcs to get algo name from cipher, MAC and hash objs | Jack Lloyd | 2018-07-19 | 7 | -25/+122 |
| | | |||||
* | | Specialize code for BigInt right shift by 1 | Jack Lloyd | 2018-07-19 | 1 | -0/+22 |
| | | | | | | | | | | Improves ECDSA by 2-3% due to improving the const time modular inversion algorithm (used for the mod-order inversions). | ||||
* | | Update news | Jack Lloyd | 2018-07-18 | 1 | -0/+3 |
| | | |||||
* | | Merge GH #1632 Fix CCM when L=8 | Jack Lloyd | 2018-07-18 | 3 | -6/+131 |
|\ \ | |||||
| * | | Fix error in CCM when L=8 | Jack Lloyd | 2018-07-18 | 3 | -6/+131 |
|/ / | | | | | | | GH #1631 | ||||
* | | Merge GH #1630 Support salts other than 16 bytes for Blowfish | Jack Lloyd | 2018-07-18 | 6 | -36/+151 |
|\ \ | |||||
| * | | Support salts other than exactly 16 bytes for Blowfish key setup | Jack Lloyd | 2018-07-18 | 6 | -36/+151 |
|/ / | | | | | | | | | | | Bcrypt only needs 16 byte salts but unfortunately Bcrypt-PBKDF is defined to use 64 byte salts instead. So extend support to handle any salt that is a multiple of 4 bytes. | ||||
* | | Pylint 2.0 drops compat with Python2 | Jack Lloyd | 2018-07-17 | 1 | -2/+2 |
| | | | | | | | | So force pip install to 1.9.2 | ||||
* | | Correct comment on Hardware_RNG | Jack Lloyd | 2018-07-17 | 1 | -2/+1 |
| | | |||||
* | | Some updates to RNG doc | Jack Lloyd | 2018-07-17 | 1 | -39/+129 |
|/ | |||||
* | Change phrasing [ci skip] | Jack Lloyd | 2018-07-16 | 1 | -2/+2 |
| | |||||
* | Update news [ci skip] | Jack Lloyd | 2018-07-13 | 1 | -0/+4 |
| | |||||
* | Update password hashing default settings | Jack Lloyd | 2018-07-13 | 7 | -27/+123 |
| | | | | | | | | Bcrypt work factor 10 is looking pretty low these days, as is 100K iterations of PBKDF2. Increase bcrypt to 12 and PBKDF2 to 150K, and also transition passhash9 to using SHA-512 instead of SHA-256. Also document bcrypt better, and add speed tests for bcrypt and passhash9 | ||||
* | Remove RC2 related OIDs | Jack Lloyd | 2018-07-13 | 2 | -7/+1 |
| | | | | Since RC2 has been removed since 1c0bc3cc6b no reason to have these around. | ||||
* | Bump the FFI version | Jack Lloyd | 2018-07-13 | 3 | -2/+13 |
| | | | | New FFI features added in #1621 and #1625 | ||||
* | Documentation updates | Jack Lloyd | 2018-07-13 | 4 | -35/+76 |
| | |||||
* | Tighten up error checking in pk_decrypt | Jack Lloyd | 2018-07-13 | 2 | -17/+27 |
| | |||||
* | Don't advertise deprecated functionality | Jack Lloyd | 2018-07-13 | 2 | -10/+4 |
| | | | | | | | | | Also undeprecate X9.19 MAC as it is apparently still somewhat widely used in industry. Undeprecate SymmetricAlgorithm; unlike Buffered_Computation it actually pulls its weight by being implemented by several different types. | ||||
* | Correct a comment in Camellia code, and align the 256 byte table | Jack Lloyd | 2018-07-13 | 1 | -1/+3 |
| |