aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/ffi
Commit message (Collapse)AuthorAgeFilesLines
* Merge GH #665 Add IncludeOS target, make filesystem/threads optionalJack Lloyd2016-10-171-0/+4
|\
| * More no-filesystem fixesJack Lloyd2016-10-121-0/+4
| |
* | ffi: Avoid deprecated PK constructors.Jack Lloyd2016-10-131-4/+4
|/ | | | The system rng is already a hard requirement for FFI anyway.
* Cipher_Mode API improvementsJack Lloyd2016-09-011-1/+1
| | | | | | | | | | | | | | | | | | | | The Cipher_Mode::update API is more general than needed to just support ciphers (this is due to it previously being an API of Transform which before 8b85b780515 was Cipher_Mode's base class) Define a less general interface `process` which either processes the blocks in-place, producing exactly as much output as there was input, or (SIV/CCM case) saves the entire message for processing in `finish`. These two uses cover all current or anticipated cipher modes. Leaves `update` for compatability with existing callers; all that is needed is an inline function forwarding to `process`. Removes the return type from `start` - in all cipher implementations, this always returned an empty vector. Adds BOTAN_ARG_CHECK macro; right now BOTAN_ASSERT is being used for argument checking in some places, which is not right at all.
* RNG changes (GH #593)Jack Lloyd2016-08-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change reseed interval logic to count calls to `randomize` rather than bytes, to match SP 800-90A Changes RNG reseeding API: there is no implicit reference to the global entropy sources within the RNGs anymore. The entropy sources must be supplied with the API call. Adds support for reseding directly from another RNG (such as a system or hardware RNG). Stateful_RNG keeps optional references to both an RNG and a set of entropy sources. During a reseed, both sources are used if set. These can be provided to HMAC_DRBG constructor. For HMAC_DRBG, SP800-90A requires we output no more than 2**16 bytes per DRBG request. We treat requests longer than that as if the caller had instead made several sequential maximum-length requests. This means it is possible for one or more reseeds to trigger even in the course of generating a single (long) output (generate a 256-bit key and use ChaCha or HKDF if this is a problem). Adds RNG::randomize_with_ts_input which takes timestamps and uses them as the additional_data DRBG field. Stateful_RNG overrides this to also include the process ID and the reseed counter. AutoSeeded_RNG's `randomize` uses this. Officially deprecates RNG::make_rng and the Serialized_RNG construtor which creates an AutoSeeded_RNG. With these removed, it would be possible to perform a build with no AutoSeeded_RNG/HMAC_DRBG at all (eg, for applications which only use the system RNG). Tests courtesy @cordney in GH PRs #598 and #600
* Switch to HMAC_DRBG for all RNG generation.Jack Lloyd2016-07-171-1/+0
| | | | | | | | Add support and tests for additional_data param to HMAC_DRBG Add Stateful_RNG class which has fork detection and periodic reseeding. AutoSeeded_RNG passes the current pid and time as additional_data
* add label parameter to KDF::derive_keyKai Michaelis2016-05-192-3/+5
|
* cppcheck fixes: Class 'X' has a constructor with 1 argument that is not ↵Daniel Neus2016-03-051-1/+1
| | | | explicit.
* Improvements in X.509 cert handling for python bindingsRené Korthaus2016-02-201-1/+20
| | | | | | | | Add implementation for ffi botan_x509_cert_get_public_key(). Add subject_dn() function to python x509_cert class. Have python x509_cert constructor take a buffer alternatively. Have python x509_cert functions time_starts() and time_expires() return a python timestamp.
* Fix remaining Wshadow warnings and enable on gcc and clangRené Korthaus2016-02-181-62/+62
|
* Missing addsJack Lloyd2015-12-111-7/+14
|
* Reroot the exception hierarchy into a toplevel Exception classJack Lloyd2015-12-111-6/+6
| | | | | | | | As the alternatives are unfortunate for applications trying to catch all library errors, and it seems deriving from std::runtime_error causes problems with MSVC DLLs (GH #340) Effectively reverts 2837e915d82e43
* Update and consolidate the test framework.Jack Lloyd2015-11-112-2/+2
| | | | | | | | | | | The tests previously had used 4 to 6 different schemes internally (the vec file reader framework, Catch, the old InSiTo Boost.Test tests, the PK/BigInt tests which escaped the rewrite in 1.11.7, plus a number of one-offs). Converge on a design that works everywhere, and update all the things. Fix also a few bugs found by the test changes: SHA-512-256 name incorrect, OpenSSL RC4 name incorrect, signature of FFI function botan_pubkey_destroy was wrong.
* Fix botan.py for Python3Jack Lloyd2015-10-203-1/+15
| | | | | | | | | Remove any need for callers to do version checks or encode values specially to handle Python2 vs Python3 ctypes differences. API users shouldn't have to care about that - encapsulate the differences in a few functions for handling the conversions. Add botan_cipher_query_keylen to ffi
* Fix compile of ffi when tls is disabled. GH #300Jack Lloyd2015-10-151-3/+8
|
* Add System_RNG which is an instantiatable RNG that uses the system RNGJack Lloyd2015-10-151-16/+1
| | | | | | Previously you couldn't have an unique_ptr<RNG> that might point to either a system rng or an autoseed rng depending on availability. That was already needed in ffi and is useful elsewhere.
* Move DataSource to utils and rewrite PEM encoding to avoid filtersJack Lloyd2015-10-141-1/+0
| | | | | Removes filters as as an internal dependency pretty much entirely (outside of some dusty corners in misc).
* Fix bcrypt testJack Lloyd2015-10-031-1/+3
|
* Add McEliece keygen and MCEIES to C89 API. Plus random fiddlingJack Lloyd2015-10-013-32/+212
|
* Export X.509 certificates to ffi and pythonJack Lloyd2015-10-013-15/+266
| | | | Missing path validation, probably other things
* Merge pull request #279 from randombit/fix-static-lib-registrationJack Lloyd2015-09-211-6/+7
|\ | | | | Move the algorithm factory functions to T::create and move object registration to the source file for its base class. These resolve the issues which prevented successful use of a static library that was built with individual object files. Removes the restriction in configure.py which prevented building non-amalgamation static libs.
| * Remove use of lookup.h in favor of new T::create API.Jack Lloyd2015-09-211-6/+7
| |
* | Reduce likelyhood of stray pointer writes via ffi layer.Jack Lloyd2015-09-101-0/+8
|/ | | | | In error cases the output value was not intialized, so callers which ignored the error return might blindly use an uninitialized pointer.
* ffi: Add missing overridesDaniel Seither2015-07-301-3/+3
|
* Add tests for some of the C89 interface.Jack Lloyd2015-07-181-1/+4
| | | | | Add missing returns to botan_kdf, botan_pbkdf, botan_pbkdf_timed; previously they always returned an error code.
* Fix module combi: adler32,ffiSimon Warta2015-07-081-0/+2
|
* Merge pull request #144 from webmaster128/bounds-check5Simon Warta2015-06-281-6/+6
|\ | | | | Bounds check round 5
| * lib/ffi: Convert &vec[0] to vec.data()Simon Warta2015-06-271-6/+6
| |
* | Add OCaml binding for RNG and hash functions. Add hex_encode to FFIJack Lloyd2015-06-282-0/+69
|/
* Comile fixes for VC 2013. Based on github pull 56neusdan2015-03-101-50/+14
|
* Fix Python cipher update_granularity() and default_nonce_length()lloyd2015-03-092-0/+6
| | | | which were completely broken. Pointed out by Uri B on mailing list.
* Cleanupslloyd2015-03-081-2/+2
|
* Fix decrypt in FFI/Python. Github issue 53lloyd2015-03-012-1/+7
|
* FFI header cleanup, small Python additionslloyd2015-02-241-10/+16
|
* FFI cleanupslloyd2015-02-192-34/+29
|
* Modify interfaces of KDF and PBKDF to write output to an array, withlloyd2015-02-181-54/+14
| | | | higher level functions on interface handling returning a vector.
* Python: docs, key agreement, fix bcrypt trailing null byte.lloyd2015-02-162-60/+149
| | | | Initial very incomplete pass at error return value sanity.
* Add new module `ffi` which provides a plain C interface, plus a newlloyd2015-02-163-0/+1453
ctypes Python wrapper that uses it. The API is intentionally designed to have a very simple ABI (extern "C", all structs are opaque, no memory ownership passing the FFI boundary, limited set of simple types as args) so the ctypes wrapper is quite simple. Currently ffi provides ciphers, hashes, MACs, RNGs, PBKDF, KDF, bcrypt, and most public key operations. Remove the old boost.python wrapper and all the build code for it.