| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Also emit `#pragma GCC target` in the ISA specific amalgamation files.
This allows compiling without any special compiler flags, at least
with GCC 6.2 and Clang 3.8. The ISA annotations are ignored in MSVC,
which just emits whatever instruction the intrinsic requires.
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The Cipher_Mode::update API is more general than needed to just
support ciphers (this is due to it previously being an API of
Transform which before 8b85b780515 was Cipher_Mode's base class)
Define a less general interface `process` which either processes the
blocks in-place, producing exactly as much output as there was input,
or (SIV/CCM case) saves the entire message for processing in `finish`.
These two uses cover all current or anticipated cipher modes.
Leaves `update` for compatability with existing callers; all that is
needed is an inline function forwarding to `process`.
Removes the return type from `start` - in all cipher implementations,
this always returned an empty vector.
Adds BOTAN_ARG_CHECK macro; right now BOTAN_ASSERT is being used
for argument checking in some places, which is not right at all.
|
| | | |
|
| |/
|
|
|
| |
For block ciphers, stream ciphers, hashes, MACs, and cipher modes.
Cipher_Mode already had it, with a slightly different usage.
|
| |
|
|
|
|
|
|
|
|
|
| |
Exports get_bc_pad() to be used from tests. Adds separate handcrafted
tests for block cipher padding modes. They were previously only tested
implicitly during the block cipher modes of operation tests, though not
all padding modes were covered. And in case a mode of operation is
not part of the enabled modules, the previously tested padding modes
are not covered at all. Fixes an off-by-one bug in the previously
untested ANSI X9.23 padding mode, where the number of zero bytes
in the pad was one more than allowed by the standard.
|
| |
|
|
|
|
|
|
|
| |
GCM is defined as having a 32-bit counter, but CTR_BE incremented the
counter across the entire block. This caused incorrect results if
a very large message (2**39 bits) was processed, or if the GHASH
derived nonce ended up having a counter field near to 2**32
Thanks to Juraj Somorovsky for the bug report and repro.
|
| |
|
|
| |
warnings.
|
| |
|
|
| |
compiler warnings
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With sufficient squinting, Transform provided an abstract base
interface that covered both cipher modes and compression algorithms.
However it mapped on neither of them particularly well. In addition
this API had the same problem that has made me dislike the Pipe/Filter
API: given a Transform&, what does it do when you put bits in? Maybe
it encrypts. Maybe it compresses. It's a floor wax and a dessert topping!
Currently the Cipher_Mode interface is left mostly unchanged, with the
APIs previously on Transform just moved down the type hierarchy. I
think there are some definite improvements possible here, wrt handling
of in-place encryption, but left for a later commit.
The compression API is split into two types, Compression_Algorithm and
Decompression_Algorithm. Compression_Algorithm's start() call takes
the compression level, allowing varying compressions with a single
object. And flushing the compression state is moved to a bool param on
`Compression_Algorithm::update`. All the nonsense WRT compression
algorithms having zero length nonces, input granularity rules, etc
as a result of using the Transform interface goes away.
|
| |
|
|
|
| |
If the input lengths are exact multiples of 16 bytes then no padding
should be added. Previously 16 bytes of zero padding were added instead.
|
| |
|
|
| |
explicit.
|
| |
|
|
|
|
|
| |
In some cases this can offer better optimization, via devirtualization.
And it lets the user know the class is not intended for derivation.
Some discussion in GH #402
|
| | |
|
| |
|
|
|
|
|
|
| |
As the alternatives are unfortunate for applications trying to catch
all library errors, and it seems deriving from std::runtime_error
causes problems with MSVC DLLs (GH #340)
Effectively reverts 2837e915d82e43
|
| |
|
|
| |
Checked with ctgrind
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Only user-visible change is the removal of get_byte.h
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously we were hanging on the type destructors to pull in
the relevant objects. However that fails in many simple cases
where the object is never deleted.
For every type involved in the algo registry add static create
and providers functions to access the algo registry. Modify
lookup.h to be inline and call those functions, and move
a few to sub-headers (eg, get_pbkdf going to pbkdf.h). So
accessing the registry involves going through the same file
that handles the initialization, so there is no way to end up
with missing objs.
|
| | |
|
| |
|
|
|
|
| |
defined, so don't fail. Fix XTS, as XTS always uses ciphertext
stealing the value of output_length had been incorrect in rounding up
to the block size.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. src/lib/codec/base64/base64.cpp: :
(round_up<size_t>(input_length, 3) / 3) * 4;
2. src/lib/codec/base64/base64.cpp: :
(round_up<size_t>(input_length, 4) * 3) / 4;
3. src/lib/filters/transform_filter.cpp: return round_up(target_size,
update_granularity);
4. src/lib/math/bigint/bigint.cpp:
m_reg.resize(round_up<size_t>(size, 8));
5. src/lib/math/bigint/bigint.cpp:
m_reg.resize(round_up<size_t>((length / WORD_BYTES) + 1, 8));
6. src/lib/math/numbertheory/mp_numth.cpp: BigInt z(BigInt::Positive,
round_up<size_t>(2*x_sw, 16));
7. src/lib/modes/cbc/cbc.cpp: return round_up(input_length,
cipher().block_size());
8. src/lib/modes/ecb/ecb.cpp: return round_up(input_length,
cipher().block_size());
9. src/lib/modes/xts/xts.cpp: return round_up(input_length,
cipher().block_size());
10. src/lib/pbkdf/pbkdf2/pbkdf2.cpp: const size_t blocks_needed =
round_up(out_len, prf_sz) / prf_sz;
11. src/lib/tls/tls_record.cpp: const size_t buf_size = round_up(
12. src/lib/utils/rounding.h:inline T round_up(T n, T align_to)
1. Reason for change
2. Reason for change
3. first argument cannot be 0 (`target_size = 1024`)
4. Is a bug in the current implementation iff `size = 0`
5. first argument cannot be 0
6. round_up should return 0 if `x_sw = 0`
7. ?
8. ?
9. ?
10. first argument cannot be 0 (`if(out_len == 0) return 0;`)
11. first argument is unlikely to be 0 (`iv_size + msg_length + mac_size
+ (block_size ? 1 : 0)`)
12. Implementation
|
| | |
|
| |
|
|
| |
Fixes #146.
|
| | |
|
| | |
|
| |
|
|
| |
Github pull 74 from Chris Desjardins
|
| |
|
|
|
|
| |
amalgamation objects (aes_ni and clmul). The real advantage is
for the static link, as GCM will pull in clmul via its reference,
which is sufficient to also pull the AES impl into the link.
|
| |
|
|
|
| |
Change GCM update granularity to BS (16) which is sufficient for GCM
and more convenient to callers
|
| |
|
|
|
|
|
| |
a source file. Without BOTAN_DLL the LibraryInitializer was removed entirely
from the list of symbols which is not desired.
Add some casts to avoid scary sounding but (upon review) harmless warnings from MSVC
|
| |
|
|
|
|
| |
Fix two memory leaks (in TLS and modes) caused by calling get_foo and
then cloning the result before saving it (leaking the original object),
a holdover from the conversion between construction techniques in 1.11.14
|
| | |
|
| |
|
|
| |
Cipher_Mode. Add missing includes in entropy sources, noticed by clang.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Convert all uses of Algorithm_Factory and the engines to using Algo_Registry
The shared pool of entropy sources remains but is moved to EntropySource.
With that and few remaining initializations (default OIDs and aliases)
moved elsewhere, the global state is empty and init and shutdown are no-ops.
Remove almost all of the headers and code for handling the global
state, except LibraryInitializer which remains as a compatability stub.
Update seeding for blinding so only one hacky almost-global RNG
instance needs to be setup instead of across all pubkey uses (it uses
either the system RNG or an AutoSeeded_RNG if the system RNG is not
available).
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Transforms and BlockCiphers. Registration for all types is done at
startup but is very cheap as just a std::function and a std::map entry
are created, no actual objects are created until needed. This is a
huge improvement over Algorithm_Factory which used T::clone() as the
function and thus kept a prototype object of each type in memory.
Replace existing lookup mechanisms for ciphers, AEADs, and compression
to use the transform lookup. The existing Engine framework remains in
place for BlockCipher, but the engines now just call to the registry
instead of having hardcoded lookups.
s/Transformation/Transform/ with typedefs for compatability.
Remove lib/selftest code (for runtime selftesting): not the right approach.
|
| | |
|
| |
|
|
|
| |
Update license header line to specify the terms and refer to the file,
neither of which it included before.
|
| | |
|
| |
|
|
|
| |
which we distinguish by the nonce size (always 64 bits in this format,
always 96 bits in the CFRG document).
|
| |
|
|
| |
draft-irtf-cfrg-chacha20-poly1305-03
|
