aboutsummaryrefslogtreecommitdiffstats
path: root/src/cli
Commit message (Collapse)AuthorAgeFilesLines
* Newhope is really limited by RNG speed.Jack Lloyd2016-08-301-5/+33
| | | | 4x-8x overall speedup switching from HMAC_DRBG to ChaCha20
* Add NEWHOPE KEM schemeJack Lloyd2016-08-301-0/+49
| | | | | | | | | | Provides conjectured 200-bit security against a quantum attacker. Based on the public domain reference implementation at https://github.com/tpoeppelmann/newhope and bit-for-bit compatible with that version. Test vectors generated by the reference testvector.c
* RNG changes (GH #593)Jack Lloyd2016-08-243-7/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change reseed interval logic to count calls to `randomize` rather than bytes, to match SP 800-90A Changes RNG reseeding API: there is no implicit reference to the global entropy sources within the RNGs anymore. The entropy sources must be supplied with the API call. Adds support for reseding directly from another RNG (such as a system or hardware RNG). Stateful_RNG keeps optional references to both an RNG and a set of entropy sources. During a reseed, both sources are used if set. These can be provided to HMAC_DRBG constructor. For HMAC_DRBG, SP800-90A requires we output no more than 2**16 bytes per DRBG request. We treat requests longer than that as if the caller had instead made several sequential maximum-length requests. This means it is possible for one or more reseeds to trigger even in the course of generating a single (long) output (generate a 256-bit key and use ChaCha or HKDF if this is a problem). Adds RNG::randomize_with_ts_input which takes timestamps and uses them as the additional_data DRBG field. Stateful_RNG overrides this to also include the process ID and the reseed counter. AutoSeeded_RNG's `randomize` uses this. Officially deprecates RNG::make_rng and the Serialized_RNG construtor which creates an AutoSeeded_RNG. With these removed, it would be possible to perform a build with no AutoSeeded_RNG/HMAC_DRBG at all (eg, for applications which only use the system RNG). Tests courtesy @cordney in GH PRs #598 and #600
* Add RDRAND_RNGJack Lloyd2016-07-191-1/+14
| | | | | | | | For those that are willing to trust uninspectible hardware. :) Changes RDRAND entropy source to call RDRAND_RNG Add --rdrand flag to rng cmdlet
* Revamp entropy pollingJack Lloyd2016-07-171-20/+8
| | | | | Remove Entropy_Accumulator, instead have entropy sources directly add entropy to the RNG.
* HMAC_RNG not always in buildJack Lloyd2016-07-171-2/+7
|
* Update rng cli - can make multiple requestsJack Lloyd2016-07-171-5/+10
|
* Add Stateful_RNGJack Lloyd2016-07-171-4/+2
| | | | | | | | | | | | | | Handles fork checking for HMAC_RNG and HMAC_DRBG AutoSeeded_RNG change - switch to HMAC_DRBG as default. Start removing the io buffer from entropy poller. Update default RNG poll bits to 256. Fix McEliece test, was using wrong RNG API. Update docs.
* Add FPE_FE1 runtime metricsJack Lloyd2016-05-231-0/+47
|
* Somewhat more helpful helpJack Lloyd2016-04-281-5/+7
|
* Remove Transform base classJack Lloyd2016-04-212-41/+49
| | | | | | | | | | | | | | | | | | | | | | With sufficient squinting, Transform provided an abstract base interface that covered both cipher modes and compression algorithms. However it mapped on neither of them particularly well. In addition this API had the same problem that has made me dislike the Pipe/Filter API: given a Transform&, what does it do when you put bits in? Maybe it encrypts. Maybe it compresses. It's a floor wax and a dessert topping! Currently the Cipher_Mode interface is left mostly unchanged, with the APIs previously on Transform just moved down the type hierarchy. I think there are some definite improvements possible here, wrt handling of in-place encryption, but left for a later commit. The compression API is split into two types, Compression_Algorithm and Decompression_Algorithm. Compression_Algorithm's start() call takes the compression level, allowing varying compressions with a single object. And flushing the compression state is moved to a bool param on `Compression_Algorithm::update`. All the nonsense WRT compression algorithms having zero length nonces, input granularity rules, etc as a result of using the Transform interface goes away.
* Catch the right exception type so errors are reported instead ofJack Lloyd2016-04-151-8/+17
| | | | | | manifesting as broken sockets. Leave the client socket open until the alert has been sent.
* Fix a couple MSVC warnings.Jack Lloyd2016-04-092-7/+9
| | | | | | | | Cast std::streamsize to size_t since MSVC is worried gcount() might return a negative number. The entropy callbacks took the entropy estimate as a size_t instead of a double, which causes some verbose warnings due to the conversion.
* Add McEliece timeJack Lloyd2016-04-031-0/+82
|
* Clean up PK decryption encoding.Jack Lloyd2016-03-202-25/+35
| | | | | | | Previously RSA and ElGamal stripped off leading zeros which were then assumed by the padding decoders. Instead have them produce ciphertexts with leading zeros. Changes EME_Raw to strip leading zeros to match existing behavior.
* TLS client featuresJack Lloyd2016-03-161-9/+52
| | | | | | Add flags --policy, --print-certs, --tls1.0, --tls1.1, --tls1.2 Update todo
* cppcheck fixes: Class 'X' has a constructor with 1 argument that is not ↵Daniel Neus2016-03-053-11/+11
| | | | explicit.
* For odd moduli use a input-independent modular inverse algorithm.Jack Lloyd2016-02-201-4/+49
| | | | Also adds a (not const time) implementation of almost Montgomery reduction.
* Add tests and timings for inverse_modJack Lloyd2016-02-201-7/+38
|
* Fix remaining Wshadow warnings and enable on gcc and clangRené Korthaus2016-02-183-14/+14
|
* Remove TLS heartbeat support.Jack Lloyd2016-02-071-2/+0
| | | | | The signature of the alert callback remains unchanged to avoid breaking applications, though now the buffer parameter is never set.
* Guard use of X9.31 RNG in macro checkJack Lloyd2016-01-291-3/+5
|
* Fix buffer sizes in speed. Avoid repeated MAC keyingsJack Lloyd2016-01-291-12/+8
|
* Add time tests for all RNG typesJack Lloyd2016-01-261-11/+68
|
* Add speed test for entropy sourcesJack Lloyd2016-01-171-6/+31
|
* Add missing overrides and fix -Wpedantic 'extra ;' warningsJack Lloyd2016-01-173-4/+4
| | | | | | | | | | Remove -Wsuggest-attribute=noreturn from maintainer mode flags as it seems like outside of the assertion failure macro any other suggestion would always be a false positive (an unimplemented function or the like). Or at least, if such a function needing noreturn to assist with static analysis is added in the future it will be obvious, by virtue of the static analyzer warnings which occur due to the missing noreturn preventing the analyzer from understanding code flow.
* Support small buffers in speed tests. Add RNG speed tests.Jack Lloyd2016-01-171-90/+136
|
* Merge GH #408 Add final attribute on many classesJack Lloyd2016-01-1211-33/+33
|\
| * Add final attribute to many classesJack Lloyd2016-01-1011-33/+33
| | | | | | | | | | | | | | In some cases this can offer better optimization, via devirtualization. And it lets the user know the class is not intended for derivation. Some discussion in GH #402
* | Get rid of "extra ';'" warnings and force semicolon after macrosSimon Warta2016-01-111-1/+2
|/
* add missing overridesDaniel Neus2016-01-081-1/+1
| | | | found by gcc with -Wsuggest-override
* String comparision fixesDaniel Neus2016-01-041-1/+1
| | | | fix PVS-Studio perfomance warnings
* Fixes for compress cli utilJack Lloyd2016-01-041-5/+4
| | | | Missing . in compression extension, wrong name for buf-size option
* Add ECDH via OpenSSLJack Lloyd2016-01-041-2/+2
| | | | | | | | | | Expose provider param in PK_Key_Agreement API Handle multiple providers in key agreement tests Fix some funky formatting of P-521 EC points in ecdh.vec which was being rejected by OpenSSL; for whatever reason the CAVS file had the affine coords with far more leading zeros than necessary.
* Avoid having Command* objects be created until requested.Jack Lloyd2015-12-3013-59/+92
| | | | Avoids various static init and destruction hassles.
* Add Command::rng()Jack Lloyd2015-12-279-58/+42
| | | | | | | for when a command wants an RNG but doesn't much care what kind. This adds a place where a future --rng-type= option can be consulted to eg use the system RNG or a user seeded DRBG.
* Missing addJack Lloyd2015-12-261-1/+0
|
* Merge pull request #378 from neusdan/warning_fixesJack Lloyd2015-12-261-1/+1
|\ | | | | Some trivial compiler and PVS-Studio warning fixes
| * some trivial compiler/PVS-Studio warning fixesDaniel Neus2015-12-221-1/+1
| |
* | Add virtual destructor to Botan_CLI::CommandSimon Warta2015-12-261-0/+1
| |
* | Fix Clang warningJack Lloyd2015-12-251-0/+3
| |
* | Fix a few clang warnings. Set clang sanitizer flagsJack Lloyd2015-12-241-10/+0
| |
* | Add DSA keygen and --der-out flag to keygen and pkcs8 toolsJack Lloyd2015-12-233-48/+77
|/ | | | If no files are given on the command line to `hash`, default to stdin
* Add --data-dir option to test commandJack Lloyd2015-12-201-2/+24
| | | | | | | Understand using '-' on the command line to mean stdin Fix last few unit tests that wanted to write to the filesystem; removes outdata directory.
* Remove all remaining uses of throwing a std:: exception directlyJack Lloyd2015-12-194-15/+18
| | | | See GH #340 and 6b9a3a5 for background
* CLI rewriteJack Lloyd2015-12-1945-4221/+3067
| | | | | | | | | | | | | | | | | | The command line tools' origin as a collection of examples and test programs glued together led to some unfortunate problems; lots of hardcoded values, missing parameters, and obsolete crypto. Adds a small library for writing command line programs of the sort needed here (cli.h), which cuts the length of many of the commands in half and makes commands more pleasant to write and extend. Generalizes a lot of the commands also, eg previously only signing/verification with DSA/SHA-1 was included! Removes the fuzzer entry point since that's fairly useless outside of an instrumented build. Removes the in-library API for benchmarking.
* Improve some argument checks and usage messages of cli appsSimon Warta2015-12-1212-18/+27
| | | | See also #354
* Missing addsJack Lloyd2015-12-112-2/+0
|
* Rename cmd/app -> cliSimon Warta2015-12-0938-0/+5280