aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/asn1/oids.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Remove unnecessary functionsJack Lloyd2019-08-041-16/+0
|
* Deprecate and replace OIDS::lookupJack Lloyd2019-08-041-19/+34
|
* Fix X509_DN comparisonJack Lloyd2019-05-081-1/+1
| | | | | | An issue in #1936 indicated that X509_DN operator< was not behaving correctly. Indeed, DNs could compare in such a way that DN1 < DN2 && DN2 < DN1. STL containers do not like this.
* s/as_string/to_string/Jack Lloyd2019-03-011-3/+3
| | | | | A few older APIs use as_string where everywhere else uses to_string. Add to_string's where missing, and deprecate X::as_string.
* Add some final annotationsJack Lloyd2018-08-131-1/+1
|
* Remove house curve supportJack Lloyd2018-02-131-10/+0
|
* Use new literal syntax for OIDsJack Lloyd2018-02-071-8/+14
| | | | Reduces size of oid_maps object file by a ~16K
* Reintroduce ability to register OIDs at runtimeNever2018-02-051-409/+113
| | | | | | This was removed in 62e55f484a7a03e2532875696eb2479a577878e9 in favor of a faster and smaller lookup. The ability is however required if we want to use custom curves at runtime.
* use range-based for loop instead of std::for_eachPatrik Fiedler2018-01-031-2/+2
|
* add the detection for the ca issuers field(1.3.6.1.5.5.7.48.2) in x509 ↵Patrik Fiedler2018-01-031-0/+2
| | | | certificates
* Fix various x509 path validation bugs + path building with ambiguous DNsFabian Weissberg2017-12-201-1/+3
| | | | Signed-off-by: Fabian Weissberg <[email protected]>
* X.509 RSA-PSS verificationDaniel Neus2017-10-201-1/+11
|
* Correct the SHA-3 PKCSv1.5 IDsJack Lloyd2017-10-051-1/+3
| | | | | | | Thanks to @noloader for pointing me at draft-jivsov-openpgp-sha3-01 which has the correct values. Adds a test so this can't happen again.
* Add Streebog hash (GOST R 34.11-2012).Daniel Wyatt2017-08-041-1/+5
|
* Add SM2 signature schemeJack Lloyd2017-06-291-1/+9
| | | | | | From https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02 This is a contribution from Ribose Inc (@riboseinc).
* Moved to draft-ietf-curdle-pkix assigned OIDsFrancis Dupont2017-06-121-5/+5
|
* Add Ed25519 key type and testsJack Lloyd2017-06-071-1/+3
| | | | This work was sponsored by Ribose Inc
* Add SM3 OIDs and PKCSv1.5 hash prefixJack Lloyd2017-05-191-1/+5
|
* Add warning to OID script outputJack Lloyd2016-11-211-1/+4
| | | | [ci skip]
* Add key_constraints_to_string, GOST-34.10 cert handlingJack Lloyd2016-11-181-1/+3
| | | | Add some try/catch blocks to the X.509 tests, and use create_private_key API
* Add OIDs for SHA-3 and SHA-3 signature algorithmsJack Lloyd2016-11-171-1/+47
| | | | | Also CCM OIDS, and SHA-384/SHA-512 DSA OIDs. All from NIST: http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html
* Added Extended Hash-Based Signatures (XMSS)Matthias Gierlings2016-11-111-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [1] XMSS: Extended Hash-Based Signatures, draft-itrf-cfrg-xmss-hash-based-signatures-06 Release: July 2016. https://datatracker.ietf.org/doc/ draft-irtf-cfrg-xmss-hash-based-signatures/?include_text=1 Provides XMSS_PublicKey and XMSS_PrivateKey classes as well as implementations for the Botan interfaces PK_Ops::Signature and PK_Ops::Verification. XMSS has been integrated into the Botan test bench, signature generation and verification can be tested independently by invoking "botan-test xmss_sign" and "botan-test xmss_verify" - Some headers that are not required to be exposed to users of the library have to be declared as public in `info.txt`. Declaring those headers private will cause the amalgamation build to fail. The following headers have been declared public inside `info.txt`, even though they are only intended for internal use: * atomic.h * xmss_hash.h * xmss_index_registry.h * xmss_address.h * xmss_common_ops.h * xmss_tools.h * xmss_wots_parameters.h * xmss_wots_privatekey.h * xmss_wots_publickey.h - XMSS_Verification_Operation Requires the "randomness" parameter out of the XMSS signature. "Randomness" is part of the prefix that is hashed *before* the message. Since the signature is unknown till sign() is called, all message content has to be buffered. For large messages this can be inconvenient or impossible. **Possible solution**: Change PK_Ops::Verification interface to take the signature as constructor argument, and provide a setter method to be able to update reuse the instance on multiple signatures. Make sign a parameterless member call. This solution requires interface changes in botan. **Suggested workaround** for signing large messages is to not sign the message itself, but to precompute the message hash manually using Botan::HashFunctio and sign the message hash instead of the message itself. - Some of the available test vectors for the XMSS signature verification have been commented out in order to reduce testbench runtime.
* Change oids.py and regenerate oids.cppRené Korthaus2016-11-031-1/+1
|
* Add an in-house EC curve for TLS at compile-timeRené Korthaus2016-11-031-0/+10
| | | | | | One additional, application-specific curve can be added at compile time, using the new configure.py --house-curve=curve.pem,funky311,1.2.3.4,FEFF.
* Remove ability to add OIDS at runtime. Remove global OID lock.Jack Lloyd2016-11-031-0/+338
OID map is now generated from an input file on an as needed basis. Just uses a sequence of ifs - simple, fast, and small code size. Merges oid_lookup sub-module which was already required by asn1 anyway, so completely non-optional. Removes @neusdan's nice OID tests since without any runtime adds the tests are moot.