aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/ffi
Commit message (Collapse)AuthorAgeFilesLines
* Small ffi fixesJack Lloyd2017-04-082-4/+6
| | | | | | | | | Constify arg to botan_pk_op_decrypt, and correct comment on botan_mp_is_positive, which returns true even for zero. Considered changing botan_mp_is_positive to match the comment, and return false for zero, but we already test that botan_mp_is_positive(0) == 1, so I left it as is and fixed the comment.
* Add block cipher interface to C APIJack Lloyd2017-04-042-0/+122
|
* Merge GH #964 Add various useful FFI functions for public key cryptoJack Lloyd2017-04-042-81/+307
|\
| * Implement botan_pubkey_loadJack Lloyd2017-04-031-0/+24
| | | | | | | | Declared in header, but was not defined. :(
| * Fix botan_privkey_create if the desired algorithm was not available in buildJack Lloyd2017-04-031-8/+27
| | | | | | | | | | | | If DSA was disabled, caused memory corruption/crashes due to combination of uninitialized object and the tests not checking return values as carefully as they should.
| * Add generic getters for PK parameters in C interfaceJack Lloyd2017-04-022-75/+258
| | | | | | | | Supporting RSA, DSA, and ECC. Add also DSA specific loading functions.
* | Merge GH #962 More configure.py refactorings/improvementsJack Lloyd2017-04-031-2/+3
|\ \
| * | Remove "Dirty hack" for multiple defines in lex_me_harder()Simon Warta2017-04-021-2/+3
| |/
* / Add some more useful bigint functions to C interfaceJack Lloyd2017-03-312-47/+137
|/
* Merge GH #899 Add ability to specify iterations when encrypting a private keyJack Lloyd2017-03-292-4/+105
|\
| * Add ability to specify iterations when encrypting a private keyJack Lloyd2017-02-262-4/+105
| | | | | | | | GH #896
* | Expose BigInt API subset to C APIJack Lloyd2017-03-283-10/+500
| | | | | | | | Also adds RSA key constructors using BN
* | Expose PK::check_key functions in C interfaceJack Lloyd2017-03-272-1/+21
| |
* | Remove duplicate include GH #928Jack Lloyd2017-03-221-1/+0
|/
* Document hash, rng, mac, pbkdf and kdf in ffi handbookRené Korthaus2017-02-191-34/+171
|
* Add more docs for ffiRené Korthaus2017-02-191-1/+31
|
* Fix various SunCC and Solaris warnings and build problems.Jack Lloyd2017-01-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Based on build output sent by @noloader. If RLIMIT_MEMLOCK is not defined, assume regular user is not able to call mlock. This probably also affected Clang/GCC on Solaris. Work around resolution issue in SIMD_4x32 where it finds ambiguity between arg taking uint32_t and __m128i. This is probably some artifact of how SunCC represents vector types, and seems highly bogus in general but is easy to work around here. Change constructor taking a single value to instead be `SIMD_4x32::splat` function. The SIMD class is internal, so no API implications. Fix various warnings about lambda functions that were missing return types and which were not a single return statement. AIUI C++11 doesn't guarantee that lambda return type will be deduced in that situation, though in practice every compiler including SunCC seems to handle it. Disable AVX2 usage, since SunCC's intrinsics seem to be broken - its _mm_loadu_si256 takes non-const pointer. Rename a few variables in the tests to avoid shadowed var warnings.
* Add botan_ffi_supports_api functionJack Lloyd2017-01-042-0/+17
| | | | | | | | | | | | This lets us upgrade the FFI version over time and still allow applications to reliably detect if the current library binary supports their version. As an example, it would be useful to be able to add features to FFI sometime in 2.x. In that case, we would increase the value of the FFI API version, even though anything calling the old API would still work perfectly. Applications can verify at runtime the API they want to use is supported using this new call.
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-181-3/+3
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* Add Public_Key::subject_public_key()René Korthaus2016-12-051-1/+1
| | | | | | | Adds new Public_Key::subject_public_key() that returns a X.509 SubjectPublicKey structure. Renames the current Public_Key::x509_subject_public_key() to public_key_bits(). BER_encode() just invokes subject_public_key().
* Don't force HMAC_DRBG to be enabledJack Lloyd2016-11-181-0/+1
| | | | | No need to strictly require it, and some applications may only want system RNG or RDRAND.
* Address some Coverity warningsJack Lloyd2016-10-221-1/+1
| | | | Nothing exciting.
* Add create_private_key, expose key loading functions in pk_algs.hJack Lloyd2016-10-202-2/+36
|
* Merge GH #665 Add IncludeOS target, make filesystem/threads optionalJack Lloyd2016-10-171-0/+4
|\
| * More no-filesystem fixesJack Lloyd2016-10-121-0/+4
| |
* | ffi: Avoid deprecated PK constructors.Jack Lloyd2016-10-131-4/+4
|/ | | | The system rng is already a hard requirement for FFI anyway.
* Cipher_Mode API improvementsJack Lloyd2016-09-011-1/+1
| | | | | | | | | | | | | | | | | | | | The Cipher_Mode::update API is more general than needed to just support ciphers (this is due to it previously being an API of Transform which before 8b85b780515 was Cipher_Mode's base class) Define a less general interface `process` which either processes the blocks in-place, producing exactly as much output as there was input, or (SIV/CCM case) saves the entire message for processing in `finish`. These two uses cover all current or anticipated cipher modes. Leaves `update` for compatability with existing callers; all that is needed is an inline function forwarding to `process`. Removes the return type from `start` - in all cipher implementations, this always returned an empty vector. Adds BOTAN_ARG_CHECK macro; right now BOTAN_ASSERT is being used for argument checking in some places, which is not right at all.
* RNG changes (GH #593)Jack Lloyd2016-08-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change reseed interval logic to count calls to `randomize` rather than bytes, to match SP 800-90A Changes RNG reseeding API: there is no implicit reference to the global entropy sources within the RNGs anymore. The entropy sources must be supplied with the API call. Adds support for reseding directly from another RNG (such as a system or hardware RNG). Stateful_RNG keeps optional references to both an RNG and a set of entropy sources. During a reseed, both sources are used if set. These can be provided to HMAC_DRBG constructor. For HMAC_DRBG, SP800-90A requires we output no more than 2**16 bytes per DRBG request. We treat requests longer than that as if the caller had instead made several sequential maximum-length requests. This means it is possible for one or more reseeds to trigger even in the course of generating a single (long) output (generate a 256-bit key and use ChaCha or HKDF if this is a problem). Adds RNG::randomize_with_ts_input which takes timestamps and uses them as the additional_data DRBG field. Stateful_RNG overrides this to also include the process ID and the reseed counter. AutoSeeded_RNG's `randomize` uses this. Officially deprecates RNG::make_rng and the Serialized_RNG construtor which creates an AutoSeeded_RNG. With these removed, it would be possible to perform a build with no AutoSeeded_RNG/HMAC_DRBG at all (eg, for applications which only use the system RNG). Tests courtesy @cordney in GH PRs #598 and #600
* Switch to HMAC_DRBG for all RNG generation.Jack Lloyd2016-07-171-1/+0
| | | | | | | | Add support and tests for additional_data param to HMAC_DRBG Add Stateful_RNG class which has fork detection and periodic reseeding. AutoSeeded_RNG passes the current pid and time as additional_data
* add label parameter to KDF::derive_keyKai Michaelis2016-05-192-3/+5
|
* cppcheck fixes: Class 'X' has a constructor with 1 argument that is not ↵Daniel Neus2016-03-051-1/+1
| | | | explicit.
* Improvements in X.509 cert handling for python bindingsRené Korthaus2016-02-201-1/+20
| | | | | | | | Add implementation for ffi botan_x509_cert_get_public_key(). Add subject_dn() function to python x509_cert class. Have python x509_cert constructor take a buffer alternatively. Have python x509_cert functions time_starts() and time_expires() return a python timestamp.
* Fix remaining Wshadow warnings and enable on gcc and clangRené Korthaus2016-02-181-62/+62
|
* Missing addsJack Lloyd2015-12-111-7/+14
|
* Reroot the exception hierarchy into a toplevel Exception classJack Lloyd2015-12-111-6/+6
| | | | | | | | As the alternatives are unfortunate for applications trying to catch all library errors, and it seems deriving from std::runtime_error causes problems with MSVC DLLs (GH #340) Effectively reverts 2837e915d82e43
* Update and consolidate the test framework.Jack Lloyd2015-11-112-2/+2
| | | | | | | | | | | The tests previously had used 4 to 6 different schemes internally (the vec file reader framework, Catch, the old InSiTo Boost.Test tests, the PK/BigInt tests which escaped the rewrite in 1.11.7, plus a number of one-offs). Converge on a design that works everywhere, and update all the things. Fix also a few bugs found by the test changes: SHA-512-256 name incorrect, OpenSSL RC4 name incorrect, signature of FFI function botan_pubkey_destroy was wrong.
* Fix botan.py for Python3Jack Lloyd2015-10-203-1/+15
| | | | | | | | | Remove any need for callers to do version checks or encode values specially to handle Python2 vs Python3 ctypes differences. API users shouldn't have to care about that - encapsulate the differences in a few functions for handling the conversions. Add botan_cipher_query_keylen to ffi
* Fix compile of ffi when tls is disabled. GH #300Jack Lloyd2015-10-151-3/+8
|
* Add System_RNG which is an instantiatable RNG that uses the system RNGJack Lloyd2015-10-151-16/+1
| | | | | | Previously you couldn't have an unique_ptr<RNG> that might point to either a system rng or an autoseed rng depending on availability. That was already needed in ffi and is useful elsewhere.
* Move DataSource to utils and rewrite PEM encoding to avoid filtersJack Lloyd2015-10-141-1/+0
| | | | | Removes filters as as an internal dependency pretty much entirely (outside of some dusty corners in misc).
* Fix bcrypt testJack Lloyd2015-10-031-1/+3
|
* Add McEliece keygen and MCEIES to C89 API. Plus random fiddlingJack Lloyd2015-10-013-32/+212
|
* Export X.509 certificates to ffi and pythonJack Lloyd2015-10-013-15/+266
| | | | Missing path validation, probably other things
* Merge pull request #279 from randombit/fix-static-lib-registrationJack Lloyd2015-09-211-6/+7
|\ | | | | Move the algorithm factory functions to T::create and move object registration to the source file for its base class. These resolve the issues which prevented successful use of a static library that was built with individual object files. Removes the restriction in configure.py which prevented building non-amalgamation static libs.
| * Remove use of lookup.h in favor of new T::create API.Jack Lloyd2015-09-211-6/+7
| |
* | Reduce likelyhood of stray pointer writes via ffi layer.Jack Lloyd2015-09-101-0/+8
|/ | | | | In error cases the output value was not intialized, so callers which ignored the error return might blindly use an uninitialized pointer.
* ffi: Add missing overridesDaniel Seither2015-07-301-3/+3
|
* Add tests for some of the C89 interface.Jack Lloyd2015-07-181-1/+4
| | | | | Add missing returns to botan_kdf, botan_pbkdf, botan_pbkdf_timed; previously they always returned an error code.
* Fix module combi: adler32,ffiSimon Warta2015-07-081-0/+2
|
* Merge pull request #144 from webmaster128/bounds-check5Simon Warta2015-06-281-6/+6
|\ | | | | Bounds check round 5