aboutsummaryrefslogtreecommitdiffstats
path: root/src/constructs
Commit message (Collapse)AuthorAgeFilesLines
* Use just 256 bits of secret exponent (recomended value in RFC 5054).lloyd2012-04-064-21/+22
| | | | | | | Much faster, especially when using 8192 bit groups as OpenSSL does by default. Use BOTAN_DLL symbol visibility macros.
* Remove the client SRP6 class, really free standing functions are finelloyd2012-04-052-47/+68
| | | | | | | | | | | for this. Add a new function that identifies a named SRP group from the N/g params - this is important as we need to verify the SRP groups, the easiest way to do that is to to force them to be a known/published value. Add the 1536, 3072, 4096, 6144, and 8192 bit groups from RFC 5054
* Remove the autheticator generation from the SRP code as it's not usedlloyd2011-12-314-52/+143
| | | | | by TLS (relies on the finished message check). Add a class for reading files created by GnuTLS's srptool.
* Initial run at an SRP-6a implementation. Not entirely sure about thelloyd2011-12-173-0/+278
| | | | | interface but it's a plausible start. Will probably have more insights after adding TLS hooks.
* It's likely that other FPE methods will be desirable once they arelloyd2011-04-203-9/+17
| | | | | | | standardized by NIST; the FPE currently included is just a random one that was relatively easy to implement. Move the header to fpe_fe1.h, and rename the function. Update the example and add some documentation for it.
* Maintainer mode warning cleanups, mostly for C style casts which Illoyd2011-04-181-4/+4
| | | | added to the flags here.
* Move password hashing schemes to src/passhashlloyd2011-02-176-407/+0
| | | | | Set the upper limit on bcrypt hashing to workfactor 18, which takes about 25 seconds to run on my desktop machine.
* Add support for bcrypt, the Blowfish-based password hashing schemelloyd2011-02-163-0/+200
| | | | | used in OpenBSD. Tested as compatible with a common Java implementation (http://www.mindrot.org/projects/jBCrypt/)
* Use size_t rather than u32bit for loop variableslloyd2011-02-161-4/+4
|
* Forward declare Algorithm_Factorylloyd2011-02-162-1/+3
|
* Add the NIST AES key wrap algorithm, as specified in RFC 3394 andlloyd2011-02-153-0/+166
| | | | http://csrc.nist.gov/groups/ST/toolkit/documents/kms/key-wrap.pdf
* Rename to avoid conflicts in the amalgamationlloyd2010-12-281-4/+6
|
* Rename the base64 filter and macro names in prep for addinglloyd2010-10-271-1/+1
| | | | standalone/Pipe-free versions of it
* s/u32bit/size_t/lloyd2010-10-187-51/+51
|
* More size_tlloyd2010-10-151-1/+1
|
* Remove the upto argument to update_belloyd2010-10-131-4/+4
|
* s/BLOCK_SIZE/block_size()/lloyd2010-10-131-26/+30
|
* Use output_length() instead of OUTPUT_LENGTH pseudo-propertylloyd2010-10-131-3/+3
|
* Add a simple update_be to BufferedComputation that takes an integerlloyd2010-10-121-12/+6
| | | | | and writes the bytes to the stream in big-endian order. Use it in KDF2, MGF1, and FPE.
* Fix dependencieslloyd2010-09-302-2/+2
|
* Update all uses of MemoryRegion::append to use either push_back or operator+=lloyd2010-09-151-9/+9
|
* More changes to avoid vector to pointer implicit conversionslloyd2010-09-141-2/+2
|
* Avoid 3-argument copylloyd2010-09-131-1/+1
|
* Remove more uses of vector to pointer implicit conversionslloyd2010-09-132-9/+11
|
* More vector->pointer conversion removals.lloyd2010-09-131-1/+1
| | | | | | | | | | | Add RandomNumberGenerator::random_vec, which takes an length n and returns a new SecureVector with randomized contents of that size. This nicely covers most of the cases where randomize was being called on a vector, and is a little cleaner in the code as well, instead of vec.resize(length); rng.randomize(&vec[0], vec.size()); we just write vec = rng.random_vec(length);
* Anywhere where we use MemoryRegion::begin to get access to the raw pointerlloyd2010-09-133-22/+29
| | | | | representation (rather than in an interator context), instead use &buf[0], which works for both MemoryRegion and std::vector
* Big, invasive but mostly automated change, with a further attempt atlloyd2010-09-071-2/+2
| | | | | | | | | | | | | | harmonising MemoryRegion with std::vector: The MemoryRegion::clear() function would zeroise the buffer, but keep the memory allocated and the size unchanged. This is very different from STL's clear(), which is basically the equivalent to what is called destroy() in MemoryRegion. So to be able to replace MemoryRegion with a std::vector, we have to rename destroy() to clear() and we have to expose the current functionality of clear() in some other way, since vector doesn't support this operation. Do so by adding a global function named zeroise() which takes a MemoryRegion which is zeroed. Remove clear() to ensure all callers are updated.
* Realization while thinking about the recently added truncate: in a STLlloyd2010-09-072-5/+23
| | | | | | | | | | | | | | | | | | container like vector, truncate is simply resize, but what MemoryRegion called resize will zap the entire contents, and then what was resize was called grow_to. This is really problematic in terms of the goal of replacing MemoryRegion with a vector with a custom allocator. In this checkin: - Remove MemoryRegion::grow_to and MemoryRegion::truncate - Change the semantics of MemoryRegion::resize to change the size while keeping any current contents intact (up to the new size), zero initializing any new values. Unrelated, just noticed the lack while I was in there, add a version of CryptoBox::decrypt taking a std::string for the input.
* Update some callers that were using Hex_Encoder or Hex_Decoder butlloyd2010-09-031-6/+2
| | | | | | | | | | | | | | | | | | really didn't need to. The ones in symkey and big_code were actually calling accessor functions to do the encoding themselves without a Pipe (should have definitely recognized that as a code smell). These versions have changed semantically with this checkin - previously they would completely ignore bad inputs, but now invalid inputs are rejected. For instance, you cannot say SymmetricKey key("Only some of this is hex, most of it isn't"); And expect to get a valid key formed by filtering out the non-hex characters and then decoding it. This is almost certainly a good thing. Also fix include in Botan.xs
* For passhash9, add another interface that allows the caller to specifylloyd2010-08-222-14/+35
| | | | | | | | | | | which PRF they want to use. The old interface just calls this new version with alg_id set to 0 which is HMAC(SHA-1), which was previously the only supported PRF. Assign new codepoints for HMAC(SHA-256) and CMAC(Blowfish) to allow their use with passhash9. Have the generate+check tests run a test for each supported PRF.
* In 1.9.9 I moved the cryptobox functions out of the CryptoBoxlloyd2010-08-102-11/+22
| | | | | | | namespace, but this causes backwards compat problems, since cryptobox is already in 1.8, and also it's likely that other functions along these lines will be useful at some point (eg using RSA encryption instead of a passphrase for the key transfer).
* Avoid name collision in amalgamationlloyd2010-06-221-5/+10
|
* Doxygenlloyd2010-06-213-17/+23
|
* Remove some of the more extraneous namespaceslloyd2010-06-164-41/+25
|
* More Doxygen commentslloyd2010-06-161-8/+26
|
* More Doxygen updates/fixeslloyd2010-06-151-0/+3
|
* Fix a few hundred Doxygen warningslloyd2010-06-151-1/+1
|
* Clean up catch and returnlloyd2010-03-011-5/+1
|
* In get_pbkdf_prf, catch Algorithm_Not_Found and return nulllloyd2010-03-011-2/+10
|
* passhash9: Ensure that choose_pbkdf_prf returns a PRF if possiblelloyd2010-03-011-2/+8
|
* Further passhash changes before release and things have to belloyd2010-02-054-105/+136
| | | | | | | | | | | | | | finalized. Move header to passhash9.h and rename the functions to be passhash9 specific ({generator,check}_passhash9) Add an algorithm identifer field. Currently only id 0 is defined, for HMAC(SHA-1), but this opens up for using HMAC(SHA-512) or HMAC(SHA-3) or CMAC(Blowfish) or whatever in the future if necessary. Increase the salt size to 96 bits and the PRF output size to 192 bits. Document in api.tex
* Move the get_byte template to its own header, because many fileslloyd2010-02-023-3/+3
| | | | including loadstor.h actually just needed get_byte and nothing else.
* Prefix passhash with "$9$" in a manner similar with otherlloyd2010-02-023-16/+31
| | | | | | | | | | | | | | | | password hashing schemes. Increase salt size to 80 bits. Research shows that virtually no other PBKDF2 implementations support anything but SHA-1; for ease of implementation elsehwere switch back from SHA-512 to SHA-1. Should be mostly harmless; it limits total entropy of the password to a maximum of 160 bits, but this is unlikely anyway. Use two bytes to specify the work factor for future-proofing. Add a test.
* Password hashing is a pretty useful service, really. Move the guts oflloyd2010-02-013-0/+125
| | | | | | | | the passhash example to the library. Support variable work factors; default work factor of 10 takes about half a second to do one password on my Core2. Switch to using SHA-512 instead of SHA-1 in PBKDF2. To keep the output evenly sized for base64 purposes, reduce PBKDF2 output size by one byte (to 112 bits).
* Modify the S2K interface. Instead of being stateful in terms of the saltlloyd2010-02-011-6/+6
| | | | | | | | | | | and iteration count, force it to be passed to each call to derive_key. So remove current_salt, set_iterations, new_random_salt, and change_salt functions from S2K interface. Update examples and test application to match. While I was in there, change the passhash example to use 64 bit salts and 128 bit PBKDF2 outputs.
* Clean up exceptions. Remove some unused ones like Config_Error. Makelloyd2010-01-051-1/+1
| | | | | | | Invalid_Argument just a typedef for std::invalid_argument. Make Botan::Exception a typedef for std::runtime_error. Make Memory_Exhaustion a public exception, and use it in other places where memory allocations can fail.
* Avoid MSVC warning 4800 about implicit conversion from T to bool. Mostlylloyd2009-12-231-1/+1
| | | | because it makes the code slightly more explicit.
* Un-internal loadstor.h (and its header deps, rotate.h andlloyd2009-12-214-4/+4
| | | | | | | | | | | | | | bswap.h); too many external apps rely on loadstor.h existing. Define 64-bit generic bswap in terms of 32-bit bswap, since it's not much slower if 32-bit is also generic, and much faster if it's not. This may be quite helpful on 32-bit x86 in particular. Change formulation of generic 32-bit bswap. It may be faster or slower depending on the CPU, especially the latency and throuput of rotate instructions, but should be faster on an ideally superscalar processor with rotate instructions (ie, what I expect future CPUs to look more like).
* Add missing BOTAN_DLL exports.lloyd2009-12-163-14/+14
| | | | Move most of the engine headers to internal
* Make many more headers internal-only.lloyd2009-12-164-5/+5
| | | | | | | | | | | | | Fixes for the amalgamation generator for internal headers. Remove BOTAN_DLL exporting macros from all internal-only headers; the classes/functions there don't need to be exported, and avoiding the PIC/GOT indirection can be a big win. Add missing BOTAN_DLLs where necessary, mostly gfpmath and cvc For GCC, use -fvisibility=hidden and set BOTAN_DLL to the visibility __attribute__ to export those classes/functions.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-29 09:50:09 +0000