aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Combine SM2 key types for signatures and encryptionJack Lloyd2018-08-0113-198/+102
| | | | | | It seems in practice the same key may be end up used for both operations, so maintaining a distinction at the type level just complicates things.
* Add a couple HMAC(SHA-512-256) test vectorsJack Lloyd2018-08-011-0/+11
|
* Add OID for HMAC with SHA-512/256Jack Lloyd2018-08-012-1/+4
|
* Fix ReST formatting [ci skip]Jack Lloyd2018-08-011-1/+1
|
* Update newsJack Lloyd2018-08-011-1/+7
|
* Merge GH #1636 Add Lucas primality testJack Lloyd2018-08-0116-147/+538
|\
| * Add Lucas test from FIPS 186-4Jack Lloyd2018-07-3116-147/+538
| | | | | | | | | | | | | | | | | | | | This eliminates an issue identified in the paper "Prime and Prejudice: Primality Testing Under Adversarial Conditions" by Albrecht, Massimo, Paterson and Somorovsky where DL_Group::verify_group with strong=false would accept a composite q with probability 1/4096, which is exactly as the error bound is documented, but still unfortunate.
* | Just skip 32-bit ARM iOS build entirelyJack Lloyd2018-08-011-2/+5
| |
* | Avoid XCode 9.4 due to compilation bugJack Lloyd2018-08-011-0/+1
|/ | | | | XCode 9.4 ICEs on the NewHope code in ARM 32-bit build and of course I can't report the bug since I don't have an Apple ID.
* More FFI todos [ci skip]Jack Lloyd2018-07-311-2/+3
|
* Index page tweaks [ci skip]Jack Lloyd2018-07-311-25/+17
|
* Fix Doxygen comments for AutoSeeded_RNG [ci skip]Jack Lloyd2018-07-311-3/+7
|
* Ensure values are fully reduced during ECDSA signatureJack Lloyd2018-07-301-3/+3
| | | | | It was possible that the Barrett reduction code would fall back to standard division due to getting an input that was >= order^2.
* Support calling Whirlpool in OpenSSLJack Lloyd2018-07-261-0/+5
| | | | Available since 1.0.0, not sure how this was missed.
* GHASH - use explicit function to check for key being setJack Lloyd2018-07-251-1/+1
|
* Add OID for SM2 with SM3 signaturesJack Lloyd2018-07-242-1/+5
|
* Add include for getenvJack Lloyd2018-07-241-0/+1
|
* Only print FFI exceptions to stdout if an env var is setJack Lloyd2018-07-242-1/+7
| | | | So debugging is possible but default is silent.
* Add botan_mac_query_keylenJack Lloyd2018-07-243-1/+38
|
* Add botan_block_cipher_query_keylen plus some new FFI error codesJack Lloyd2018-07-245-5/+59
|
* Add additional HMAC tests from RFC 4231Jack Lloyd2018-07-241-0/+81
|
* Use Alloc templates instead of overriding for specific vector typesJack Lloyd2018-07-241-16/+16
|
* Fix bad assert in Goppa decodingJack Lloyd2018-07-241-3/+4
|
* Require SM2 ciphertexts be DER encodedJack Lloyd2018-07-241-2/+18
| | | | | | | Previously SM2 test would fail about 1 in a thousand times because we would corrupt the ciphertext such that the BER was still valid; it would change the length field to an indefinite length marker, which still decoded correctly.
* Update newsJack Lloyd2018-07-241-3/+11
|
* Merge GH #1635 Include ECC public key in the private key dataJack Lloyd2018-07-242-9/+12
|\
| * In ECC private key encoding, include the optional public key fieldJack Lloyd2018-07-232-9/+12
| | | | | | | | Otherwise GnuTLS refuses to parse the private key. Fixes #1634
* | Spellcheck [ci skip]Jack Lloyd2018-07-231-3/+3
|/
* Update todos [ci skip]Jack Lloyd2018-07-231-17/+14
|
* Merge GH #1628 In ECDSA verify, handle error seen with LibreSSL on non-x86Jack Lloyd2018-07-201-7/+16
|\
| * Handle another possible OpenSSL error only seen on non-x86_64Jack Lloyd2018-07-171-7/+16
| | | | | | | | GH #1627
* | Add FFI funcs to get algo name from cipher, MAC and hash objsJack Lloyd2018-07-197-25/+122
| |
* | Specialize code for BigInt right shift by 1Jack Lloyd2018-07-191-0/+22
| | | | | | | | | | Improves ECDSA by 2-3% due to improving the const time modular inversion algorithm (used for the mod-order inversions).
* | Update newsJack Lloyd2018-07-181-0/+3
| |
* | Merge GH #1632 Fix CCM when L=8Jack Lloyd2018-07-183-6/+131
|\ \
| * | Fix error in CCM when L=8Jack Lloyd2018-07-183-6/+131
|/ / | | | | | | GH #1631
* | Merge GH #1630 Support salts other than 16 bytes for BlowfishJack Lloyd2018-07-186-36/+151
|\ \
| * | Support salts other than exactly 16 bytes for Blowfish key setupJack Lloyd2018-07-186-36/+151
|/ / | | | | | | | | | | Bcrypt only needs 16 byte salts but unfortunately Bcrypt-PBKDF is defined to use 64 byte salts instead. So extend support to handle any salt that is a multiple of 4 bytes.
* | Pylint 2.0 drops compat with Python2Jack Lloyd2018-07-171-2/+2
| | | | | | | | So force pip install to 1.9.2
* | Correct comment on Hardware_RNGJack Lloyd2018-07-171-2/+1
| |
* | Some updates to RNG docJack Lloyd2018-07-171-39/+129
|/
* Change phrasing [ci skip]Jack Lloyd2018-07-161-2/+2
|
* Update news [ci skip]Jack Lloyd2018-07-131-0/+4
|
* Update password hashing default settingsJack Lloyd2018-07-137-27/+123
| | | | | | | | Bcrypt work factor 10 is looking pretty low these days, as is 100K iterations of PBKDF2. Increase bcrypt to 12 and PBKDF2 to 150K, and also transition passhash9 to using SHA-512 instead of SHA-256. Also document bcrypt better, and add speed tests for bcrypt and passhash9
* Remove RC2 related OIDsJack Lloyd2018-07-132-7/+1
| | | | Since RC2 has been removed since 1c0bc3cc6b no reason to have these around.
* Bump the FFI versionJack Lloyd2018-07-133-2/+13
| | | | New FFI features added in #1621 and #1625
* Documentation updatesJack Lloyd2018-07-134-35/+76
|
* Tighten up error checking in pk_decryptJack Lloyd2018-07-132-17/+27
|
* Don't advertise deprecated functionalityJack Lloyd2018-07-132-10/+4
| | | | | | | | | Also undeprecate X9.19 MAC as it is apparently still somewhat widely used in industry. Undeprecate SymmetricAlgorithm; unlike Buffered_Computation it actually pulls its weight by being implemented by several different types.
* Correct a comment in Camellia code, and align the 256 byte tableJack Lloyd2018-07-131-1/+3
|