aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/pk_pad
Commit message (Collapse)AuthorAgeFilesLines
* Fixes for minimized buildsJack Lloyd2019-02-161-1/+6
| | | | Various configurations would fail build or test, fix that.
* Remove trailing whitespaceJack Lloyd2019-01-131-3/+1
|
* Use consistent logic for OAEP and PKCS1v15 decodingJack Lloyd2018-12-213-24/+27
| | | | | | | | | | | | The decoding leaked some information about the delimiter index due to copying only exactly input_len - delim_idx bytes. I can't articulate a specific attack that would work here, but it is easy enough to fix this to run in const time instead, where all bytes are accessed regardless of the length of the padding. CT::copy_out is O(n^2) and thus terrible, but in practice it is only used with RSA decryption, and multiplication is also O(n^2) with the modulus size, so a few extra cycles here doesn't matter much.
* Add CT::Mask typeJack Lloyd2018-11-283-37/+39
|
* Add some missing includesJack Lloyd2018-11-082-0/+2
| | | | This is not exhaustive. See GH #1733
* Add a fuzzer for OAEP unpaddingJack Lloyd2018-09-222-10/+33
| | | | This tests the delim scanning section which must be const time.
* Slight optimization for MGF1Jack Lloyd2018-09-201-2/+3
| | | | Avoid needless allocations during PSS and OAEP operations.
* Remove unneeded load_on autoJack Lloyd2018-09-041-2/+0
| | | | It is the default...
* Check PSS salt length during verificationJack Lloyd2018-08-303-36/+94
| | | | Fixes #1665
* Accept PKCS1v15 as an alias for EMSA3Jack Lloyd2018-08-021-2/+3
| | | | Not sure why it didn't have this already
* DER improvementsJack Lloyd2018-05-221-18/+10
| | | | | | | | | | | Let DER_Encoder write to a user specified vector instead of only to an internal vector. This allows encoding to a std::vector without having to first write to a locked vector and then copying out the result. Add ASN1_Object::BER_encode convenience method. Replaces X509_Object::BER_encode which had the same logic but was restricted to a subtype. This replaces many cases where DER_Encoder was just used to encode a single object (X509_DN, AlgorithmIdentifier, etc).
* Support passing an OAEP label in EME nameRené Korthaus2018-04-021-4/+5
| | | | | | | TPM 1.2 expects passing the owner and SRK secret encrypted with the public endorsement key. For asymmetric encryption, the TPM 1.2 uses OAEP with the label "TCPA".
* Support "mixed" OAEP hashesJack Lloyd2018-03-211-2/+17
| | | | | | Test vectors from pyca/cryptography Fixes GH #109
* Mixed mode OAEPJack Lloyd2018-03-213-10/+27
|
* Catch exceptions by reference not valueJack Lloyd2018-03-161-17/+11
| | | | Fixes a new warning in GCC 8
* Use API annotationsJack Lloyd2018-03-021-1/+1
|
* Fix crash in EMSA_PKCS1v15_Raw if the hash function was not enabled.Jack Lloyd2018-01-171-1/+1
| | | | GH #1416
* Add note on OAEP version implemented [ci skip]René Korthaus2018-01-041-0/+1
|
* Fix a couple Doxygen format errors [ci skip]Jack Lloyd2017-12-261-4/+4
|
* Deinline functions in EMSA, add pubkey as dependencyJack Lloyd2017-12-2312-22/+48
|
* EMSA has a build-time dependency on ASN.1 now [ci skip]Jack Lloyd2017-12-231-0/+1
|
* Avoid unused parameter warningsJack Lloyd2017-12-222-4/+9
|
* Enable signing X509 structures with rsa-pssFabian Weissberg2017-12-2214-0/+268
|
* Correct the SHA-3 PKCSv1.5 IDsJack Lloyd2017-10-051-4/+10
| | | | | | | Thanks to @noloader for pointing me at draft-jivsov-openpgp-sha3-01 which has the correct values. Adds a test so this can't happen again.
* Make EMSA1 data privateJack Lloyd2017-10-021-6/+4
| | | | It was already final so leaving data as protected makes no sense...
* Further build/test fixes for restricted configurationsJack Lloyd2017-09-241-0/+1
|
* Apply final annotations to the library alsoJack Lloyd2017-09-221-1/+1
| | | | | Done by a perl script which converted all classes to final, followed by selective reversion where it caused compilation failures.
* Header file cleanupsJack Lloyd2017-09-2114-5/+23
| | | | Some help from include-what-you-use
* Merge GH #1212 Add support for 'raw' PSS signaturesJack Lloyd2017-09-203-51/+167
|\
| * Clear return value, and verify 'raw' hash matches expected sizeJack Lloyd2017-09-161-1/+7
| |
| * Support PSSR_RawJack Lloyd2017-09-163-51/+161
| | | | | | | | | | | | | | Allows PSS-signing a raw hash while also still specifying the salt length. GH #1211
* | Change header guard format to BOTAN_FOO_H_Jack Lloyd2017-09-2013-26/+26
| | | | | | | | | | | | ISO C++ reserves names with double underscores in them Closes #512
* | Add API stability annotations.Jack Lloyd2017-09-1913-19/+19
| | | | | | | | | | Defined in build.h, all equal to BOTAN_DLL so ties into existing system for exporting symbols.
* | Use constant_time_compare instead of same_memJack Lloyd2017-09-165-5/+5
|/ | | | New name, same great operation
* Added SHA3_XXX_PKCS OIDFrancis Dupont2017-09-041-0/+28
|
* Fix a valgrind const-time error in ISO 9796 paddingJack Lloyd2017-08-291-2/+7
| | | | It didn't unpoison the output values.
* Allow signature using `Raw(hashname)`Jack Lloyd2017-08-153-7/+38
| | | | | | This confirms the message is exactly the size of the expected hash, and also causes RFC 6979 nonces to be generated using the specified hash. See also https://github.com/riboseinc/rnp/issues/367
* Add SM3 OIDs and PKCSv1.5 hash prefixJack Lloyd2017-05-191-0/+8
|
* Accept SHA1 and SHA-1 as aliases for hash_idJack Lloyd2017-05-181-2/+3
|
* Add botan_pkcs_hash_id to FFIJack Lloyd2017-05-183-3/+35
| | | | | | Extend EMSA_PKCS1v15_Raw to optionally take a hash function for which the PKCS hash id is prefixed to the message as usual. This allows signing a message using PKCSv1.5 padding where the hash is provided externally.
* Content:Tomasz Frydrych2017-04-033-4/+2
| | | | | | | | | * fixes for deprecated constructions in c++11 and later (explicit rule of 3/5 or implicit rule of 0 and other violations) * `default` specifier instead of `{}` in some places(probably all) * removal of unreachable code (for example `return` after `throw`) * removal of compilation unit only visible, but not used functions * fix for `throw()` specifier - used instead `BOTAN_NOEXCEPT` * removed not needed semicolons
* Remove "Dirty hack" for multiple defines in lex_me_harder()Simon Warta2017-04-0212-12/+36
|
* Avoid calling memmove with a null source in PKCSv1 signature encodingJack Lloyd2017-03-031-1/+7
| | | | Only occured with EMSA_Raw. Caught by GCC 7 warning
* fix possible iso9796 side channel and add length checkNever2017-02-211-14/+26
|
* ISO-9796-2 doxygen build fixesDaniel Neus2016-12-191-4/+4
|
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-1825-216/+216
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* Merge GH #759 Add ISO 9796-2 signature schemesJack Lloyd2016-12-084-12/+414
|\
| * ISO 9796: Change header guard formatNever2016-12-061-2/+2
| |
| * Add ISO9796-2 Signature Schemes giving message recovery 2 and 3.Never2016-12-054-12/+414
| |
* | Fix off by one in PKCS #1 v1.5 decryption decodingJack Lloyd2016-12-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | When the code was changed in b8966d0f89e, the offset was not changed, so it would reject ciphertexts with exactly 8 bytes of random padding (the required minimum). Found by pkcs1 fuzzer which also had problems due to not having been updated at the same time. Add a test suite for decoding of PK decryption padding to cover the problem cases.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-21 12:33:09 +0000