aboutsummaryrefslogtreecommitdiffstats
path: root/checks
Commit message (Collapse)AuthorAgeFilesLines
* Tick version numbers to 1.10.0lloyd2011-04-141-0/+14
| | | | | | | | | | | | | | More documentation updates. The clean target wasn't removing one of the symlinks. In the self-test application, warn if the version we are linked against does not match the version we were built against. This always indicates a problem. Someone who had an older version installed on their system got very confused when the test app was linked against it at runtime; this warning would have saved a couple hours of puzzling by me. This would also have helped avoid the nasty bug in 1.8.3
* Make the alg_id param for passhash9 optional. Update callers.lloyd2011-04-111-1/+1
|
* ECC private keys had two different constructors, one taking a grouplloyd2011-04-087-38/+39
| | | | | | | | | | | | | | | | and a random number generator, and the other taking a group and a preset private key value. The DL private keys instead have on constructor for this; if the x value is zero, then a new random key is created. For consistency, do this with ECC as well. ECDH actually didn't have one of these constructors, forcing you to either load from PKCS #8 or else use a random key. Rename EC_Domain_Params to EC_Group, with a typedef for compatability. More doc updates. Update mtn ignores for Sphinx output
* PR 145 was based around an easy misunderstanding of the CTR code.lloyd2011-04-051-0/+515
| | | | | | Add some comments to help explain what is going on. Also add a test using 512 blocks; all the existing ones were shorter, so increment was not being tested at all. :(
* Add support for bcrypt, the Blowfish-based password hashing schemelloyd2011-02-161-0/+52
| | | | | used in OpenBSD. Tested as compatible with a common Java implementation (http://www.mindrot.org/projects/jBCrypt/)
* Add some more ECDSA tests (generated using Crypto++ 5.6)lloyd2011-02-161-0/+55
|
* Add the NIST AES key wrap algorithm, as specified in RFC 3394 andlloyd2011-02-151-0/+86
| | | | http://csrc.nist.gov/groups/ST/toolkit/documents/kms/key-wrap.pdf
* Remove dead codelloyd2011-02-142-127/+0
|
* Make this test easier to understandlloyd2011-02-141-46/+25
|
* Add a set of ECDSA tests using the Brainpool curves. Test caseslloyd2011-02-141-0/+65
| | | | | | generated using Crypto++ 5.6.1. Requested in PR 141.
* Remove inclusions of unused headers.lloyd2011-02-103-10/+12
| | | | Avoid using auto_ptr in the CVC headers.
* Add a new configure.py option --distribution-info which sets a macrolloyd2011-02-071-2/+1
| | | | | | | | | | | | | | | | | | | | | | | in build.h named BOTAN_DISTRIBUTION_INFO. The default value is 'unspecified'. People packaging botan could set this to another value, for instance 'Gentoo 1.9.13-r3' or 'Debian 1.9.13-1', or 'pristine' to indicate a completely unmodified/stock version. This was suggested by Zooko for Crypto++ in http://sourceforge.net/apps/trac/cryptopp/ticket/11 and seemed like an idea worth stealing. Don't default the version datestmap to the current day if unset, instead set to zero. This allows applications to detect unreleased versions. Document that version_datestamp will return zero for unreleased versions. Change the version_string function to return more information about the current version, including the release date and distribution information. It will now return strings like: Botan 1.9.13 (released 20110207, distribution Gentoo 1.9.13-r3) or for an unreleased version: Botan 1.9.13 (unreleased version, distribution unspecified)
* Fix the ordering of the GOST 34.10 signature values. Add a testlloyd2011-02-072-16/+17
| | | | | | | | | derived from a DNSSEC RFC. Bug reported by Bert Hubert to the mailing list. According to Bert, this ordering is compatible with the version included in OpenSSL. Also, benchmark GOST 34.10 using the GOST 34.11 hash since that is always what it is used with.
* Update Keccak to the round 3 variant announced 2011-01-17lloyd2011-01-201-1608/+1608
| | | | | Only change is the padding rule. It 'simplifies' the padding by making it less flexible and harder to implement efficiently. :(
* Allow benchmark buffers up to 64 MiBlloyd2010-12-221-1/+1
|
* More VC warning fixeslloyd2010-12-133-16/+16
|
* Avoid more VC warningslloyd2010-12-131-2/+2
|
* Add a simple but functioning implementation of Keccak. Only thelloyd2010-12-102-6/+9562
| | | | proposed SHA-3 parameter sets are supported.
* Thomas Keller reports that Mac OS X 10.5 still uses gcc 4.0.1 and it haslloyd2010-11-121-0/+12
| | | | the same reverse iterator bug. Use the workaround for gcc 4.0.*
* Update Skein-512 for the new 1.3 specification, just changes the keylloyd2010-11-031-3452/+1560
| | | | schedule constant to prevent rotational attacks.
* Longer CTR testlloyd2010-10-291-0/+50
|
* Compile fixlloyd2010-10-291-1/+1
|
* Simple standalone base64 encoderlloyd2010-10-281-0/+4
|
* In all cases where the block size of the cipher is fixed, the keylloyd2010-10-141-226/+68
| | | | | | | | | | | | | | | | parameters are as well. So make them template paramters. The sole exception was AES, because you could either initialize AES with a fixed key length, in which case it would only be that specific key length, or not, in which case it would support any valid AES key size. This is removed in this checkin; you have to specifically ask for AES-128, AES-192, or AES-256, depending on which one you want. This is probably actually a good thing, because every implementation other than the base one (SSSE3, AES-NI, OpenSSL) did not support "AES", only the versions with specific fixed key sizes. So forcing the user to ask for the one they want ensures they get the ones that are faster and/or safer.
* s/BLOCK_SIZE/block_size()/lloyd2010-10-131-1/+1
|
* Update for RNG changeslloyd2010-10-121-4/+4
|
* Use size_t in filterslloyd2010-10-122-6/+6
| | | | | This breaks API for anyone creating their own Filter types, but it had to happen eventually.
* Fix CRL reason codes and updating of CRLs. Add tests for both cases.lloyd2010-10-073-3/+1
|
* Forward port CRL fixes from rev 7bb2001cd554a1acc3d345914ea710ff0e1d3a6blloyd2010-10-071-0/+16
|
* Add a set of tests devised by Rivest which are designed to detect alloyd2010-09-231-0/+18
| | | | | range of single bit errors in DES (though really this method is more useful for a hardware implementation than table based software).
* Split up src/cert/x509 into a set of modules, though mostly mutuallylloyd2010-09-171-2/+4
| | | | dependent right now.
* Update all uses of MemoryRegion::append to use either push_back or operator+=lloyd2010-09-153-10/+10
|
* Remove more implicit vector to pointer conversionslloyd2010-09-141-3/+3
|
* Remove more uses of vector to pointer implicit conversionslloyd2010-09-135-24/+15
|
* Anywhere where we use MemoryRegion::begin to get access to the raw pointerlloyd2010-09-135-58/+58
| | | | | representation (rather than in an interator context), instead use &buf[0], which works for both MemoryRegion and std::vector
* Add a basic test for cryptoboxlloyd2010-09-071-0/+46
|
* Call test that was defined but not usedlloyd2010-09-071-4/+5
|
* My version of Sun Studio has the same reverse iterator bug as GCC 3lloyd2010-09-071-1/+1
|
* If the numeric_limits tests fail, make the output a little less dramaticlloyd2010-09-031-4/+4
|
* Wrap lineslloyd2010-09-031-7/+23
|
* Use the standalone version of the hex decoder instead of the wrapper thatlloyd2010-09-038-122/+102
| | | | previously existed in misc.cpp that emulated it via a pipe and filter.
* Add 3 more tests of Tiger, test vectors via Crypto++lloyd2010-08-231-0/+20
|
* For passhash9, add another interface that allows the caller to specifylloyd2010-08-221-4/+9
| | | | | | | | | | | which PRF they want to use. The old interface just calls this new version with alg_id set to 0 which is HMAC(SHA-1), which was previously the only supported PRF. Assign new codepoints for HMAC(SHA-256) and CMAC(Blowfish) to allow their use with passhash9. Have the generate+check tests run a test for each supported PRF.
* When creating a PBKDF2, first check if the argument name is a knownlloyd2010-08-211-0/+5
| | | | | | | | | | | | | MAC. If it is, use it as the PRF. Otherwise assume it is a hash function and use it with HMAC. Instead of instantiating the HMAC directly, go through the algorithm factory. Add a test using PBKDF2 with CMAC(Blowfish); Blowfish mainly because it supports arbitrarily large keys, and also the required 4 KiB of sbox tables actually would make it fairly useful in that it would make cracking using hardware or GPUs rather expensive. Have not confirmed this vector against any other implementation because I don't know of any other implementation of PBKDF2 that supports MACs other than HMAC.
* Turns out OpenSSL's implementation of PBKDF2 allows empty passphrases,lloyd2010-08-211-0/+4
| | | | | | | | | | | | | | | | | so for compatability with keys that were encrypted with an empty passphrase we probably want to support it as well. In PBKDF2, don't reject empty passphrases out of hand; simply call set_key and if the underlying MAC cannot use the key, throw an informative exception. This will also be more helpful in the case that someone tries using another MAC (say, CMAC) with a block cipher that only supports keys of specific sizes. In HMAC, allow zero-length keys. This is not really optimal in the sense of allowing the user to do something dumb, but a 1 byte key would be pretty dumb as well and we already allowed that. Add a test vector using an empty passphrase generated by OpenSSL
* Add a new option for benchmarking --buf-size which specifies the size oflloyd2010-07-303-9/+25
| | | | the buffer (in KiB) to process.
* Add new option --dyn-load to the check/selftest prog that will loadlloyd2010-07-281-1/+18
| | | | the named shared engine object.
* Rename S2K to PBKDF, because that is by far the most common name - S2Klloyd2010-07-093-23/+25
| | | | | | | | | | | | | really is only used by OpenPGP, and largely it was named S2K here because the OpenPGP S2K was implemented years before the ones in PKCS #5. We have a typedef of PBKDF to S2K, and an inlined get_s2k that calls get_pbkdf for source compatability. There doesn't seem to be any reason to have a forward for the renamed s2k.h header - to actually use a PBKDF, you'd have to either include lookup.h and call get_s2k / get_pbkdf, or else include an algorithm-specific header and use it directly. In either case, including s2k.h is neither necessary nor sufficient.
* Fix ECB benchmarkinglloyd2010-06-301-1/+3
|
* Give all Filter objects a method for querying their namelloyd2010-06-282-2/+21
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-01 21:21:25 +0000