| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With these fixes the implementation is now compatible with bouncycastle and it should operate
as it is specified in "DHIES: An encryption scheme based on Diffie-Hellman Problem" or in BSI
technical guideline TR-02102-1.
In addition to the already present XOR-encrypion/decryption mode it's now possible to use DLIES with a block cipher.
Previously the input to the KDF was the concatenation of the (ephemeral) public key
and the secret value derived by the key agreement operation:
```
secure_vector<byte> vz(m_my_key.begin(), m_my_key.end());
vz += m_ka.derive_key(0, m_other_key).bits_of();
const size_t K_LENGTH = length + m_mac_keylen;
secure_vector<byte> K = m_kdf->derive_key(K_LENGTH, vz);
```
I don't know why this was implemented like this. But now the input to the KDF is only the secret value obtained by the key agreement operation.
Furthermore the order of the output was changed from {public key, tag, ciphertext} to {public key, ciphertext, tag}.
Multiple test vectors added that were generated with bouncycastle and some with botan itself.
|
| |
|
|
| |
adding ChaCha8 support
|
| |\ |
|
| | | |
|
| |/
|
|
| |
equivalent to mlock on Unix to prevent swapping out of memory
|
| |
|
|
| |
[ci skip]
|
| | |
|
| |
|
|
| |
[ci skip]
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
In the disclaimer text, replace "AUTHOR(S)" and "AUTHOR(S) OR CONTRIBUTOR(S)"
with "COPYRIGHT HOLDERS AND CONTRIBUTORS" and "COPYRIGHT HOLDER OR CONTRIBUTORS",
resp. I thought in 38051c192886db139918c59d31c2e1faa9ea8cee I had made the
license totally identical with the official BSD-2 text, however clearly I
originally got the disclaimer text from somewhere else.
Reindent.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
More documentation updates.
The clean target wasn't removing one of the symlinks.
In the self-test application, warn if the version we are linked
against does not match the version we were built against. This
always indicates a problem. Someone who had an older version
installed on their system got very confused when the test app was
linked against it at runtime; this warning would have saved a
couple hours of puzzling by me. This would also have helped avoid
the nasty bug in 1.8.3
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a makefile to build it with Sphinx (http://sphinx.pocoo.org/).
Previously credits.txt listed public domain code sources; instead
directly credit the authors in the relevant files and delete that
file.
Drop the draft FIPS 140 security policy; I can't imagine FIPS 140
validation will ever happen, and if it does, I don't want
anything to do with it.
Also drop the internals doc, which was so out of date (and
incomplete) as to be worthless.
Move the tutorials and InSiTo pdfs into old/ for the time being,
until anything relevant from them can be filtered out and
converted into RST.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
in build.h named BOTAN_DISTRIBUTION_INFO. The default value is
'unspecified'. People packaging botan could set this to another
value, for instance 'Gentoo 1.9.13-r3' or 'Debian 1.9.13-1', or
'pristine' to indicate a completely unmodified/stock version. This
was suggested by Zooko for Crypto++ in
http://sourceforge.net/apps/trac/cryptopp/ticket/11
and seemed like an idea worth stealing.
Don't default the version datestmap to the current day if unset,
instead set to zero. This allows applications to detect
unreleased versions. Document that version_datestamp will return
zero for unreleased versions.
Change the version_string function to return more information about
the current version, including the release date and distribution
information. It will now return strings like:
Botan 1.9.13 (released 20110207, distribution Gentoo 1.9.13-r3)
or for an unreleased version:
Botan 1.9.13 (unreleased version, distribution unspecified)
|
| |
|
|
|
|
|
| |
but not in credits.
Conversely, I had listed Vaclav Ovsik in the credits for the Perl-XS
wrapper, but not in the license.
|
| |
|
|
| |
Twofish in XTS mode for encryption by default, but is easily tweakable.
|
| |
|
|
| |
and 1.6x faster using SIMD_Scalar.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove the phrase 'for any use' - implied by the conditions.
Add 'All rights reserved.' after the (C) notice.
Remove the name+URL in the text and lead off with a statement that
Botan is distributed under the following terms: <blah>
Combine the two all-CAPS sentences disclaiming warranty into a single
paragraph.
The main reasoning behind this is to make the actual license text
totally equivalent to the FreeBSD/NetBSD licenses, which is an offical
Open Source(tm) license as declared by the OSI.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Combine the fast and slow polls, into a single poll() operation.
Instead of being given a buffer to write output into, the EntropySource is
passed an Entropy_Accumulator. This handles the RLE encoding that xor_into_buf
used to do. It also contains a cached I/O buffer so entropy sources do not
individually need to allocate memory for that with each poll. When data
is added to the accumulator, the source specifies an estimate of the number
of bits of entropy per byte, as a double. This is tracked in the accumulator.
Once the estimated entropy hits a target (set by the constructor), the
accumulator's member function predicate polling_goal_achieved flips to true.
This signals to the PRNG that it can stop performing polling on sources,
also polls that take a long time periodically check this flag and return
immediately.
The Win32 and BeOS entropy sources have been updated, but blindly; testing
is needed.
The test_es example program has been modified: now it polls twice and outputs
the XOR of the two collected results. That helps show if the output is consistent
across polls (not a good thing). I have noticed on the Unix entropy source,
occasionally there are many 0x00 bytes in the output, which is not optimal.
This also needs to be investigated.
The RLE is not actually RLE anymore. It works well for non-random inputs
(ASCII text, etc), but I noticed that when /dev/random output was fed into
it, the output buffer would end up being RR01RR01RR01 where RR is a random
byte and 00 is the byte count.
The buffer sizing also needs to be examined carefully. It might be useful
to choose a prime number for the size to XOR stuff into, to help ensure an
even distribution of entropy across the entire buffer space. Or: feed it
all into a hash function?
This change should (perhaps with further modifications) help WRT the
concerns Zack W raised about the RNG on the monotone-dev list.
|
| |
|
|
|
|
|
|
|
| |
the people who worked on InSiTo are from that organization). They
were listed as a copyright holder in the InSiTo license file but not
individually in any source file, so I missed them before now.
Also mark Martin Doering's copyright as 2007-2008 (also to match InSiTo's
license.txt)
|
| | |
|
| |
|
|
|
| |
so it is clear (when the license text is redistributed) what
the license text is actually referring to.
|
| | |
|
| |
|
|
| |
license file, before I forget.
|
| |
|
|
| |
find square roots modulo a prime. Contributed by FlexSecure GmbH
|
| |
|
|
|
|
|
|
|
| |
a) I am sure we really want to include this (proprietary, unanalyzed?)
PRNG in Botan
b) I have a chance to add test cases and clean up the code.
Also note a few more changes in the changelog, and set a provisial release
date for sometime in July.
|
| |
|
|
|
| |
Java SecureRandom PRNG algorithm. (I accidentally checked in the header
in the previous revision).
|
| |
|
|
|
|
| |
the actual copyright holders. For rationale, see my post to botan-devel
on April 9, subject 'Changing license to directly reflect contributors'
(http://www.randombit.net/pipermail/botan-devel/2008-April/000527.html)
|
| |
|
|
|
|
|
| |
but might as well keep it up to date. And it's easier to do it once with
a 'perl -pi' command than to update each file over time.
Apologies to anyone looking at diffs.
|
| | |
|
| |
|
