aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/prov/pkcs11
Commit message (Collapse)AuthorAgeFilesLines
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-1816-145/+145
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* Remove <source> block from info.txt filesJack Lloyd2016-12-081-15/+0
| | | | | | Kind of a vestigial thing from an earlier iteration of the module design, and never useful to specify anymore since taking all the cpp files is what you want exactly 100% of the time.
* Add Private_Key::private_key_info()René Korthaus2016-12-056-9/+9
| | | | | | | Adds new Private_Key::private_key_info() that returns a PKCS#8 PrivateKeyInfo structure. Renames the current Private_Key::pkcs8_private_key() to private_key_bits(). BER_encode() just invokes private_key_info().
* Add Public_Key::subject_public_key()René Korthaus2016-12-052-2/+2
| | | | | | | Adds new Public_Key::subject_public_key() that returns a X.509 SubjectPublicKey structure. Renames the current Public_Key::x509_subject_public_key() to public_key_bits(). BER_encode() just invokes subject_public_key().
* Expose pk_ops.h as public interface againJack Lloyd2016-12-043-4/+3
| | | | | | | | | | | | I was initially thinking of Botan as somewhat closed system, but @cordney has a legit use case of wanting to expose a TPM sign operation, but using their internal TPM library and TPM key type. This requires the API be exposed so the derivation can occur. Add a comment in the header explaining that the header is not for normal application use and directing them to pubkey.h This basically reverts 2747e8e23aec43162
* Pubkey cleanupsJack Lloyd2016-11-125-66/+4
| | | | | | | | | | Add Public_Key::key_length usable for policy checking (as in TLS::Policy::check_peer_key_acceptable) Remove Public_Key::max_input_bits because it didn't make much sense for most algorithms actually. Remove message_parts and message_part_size from PK_Ops
* Remove Key_Type typedefsJack Lloyd2016-11-081-4/+0
| | | | Also part of Algo_Registry and not needed after #668
* Fix PKCS11 test errorJack Lloyd2016-11-042-7/+3
| | | | | | | | | | | | | | Previously PKCS11_ECDSA_PrivateKey::check_key failed because no verification is possible using this key type (does not derive from public key). Split keypair consistency to allow two key arguments. ECDSA keypair consistency disabled in the tests still, because SoftHSMv2 gives mechanism invalid errors. I think this is a SoftHSMv2 issue with the signature mechanism. Remove no longer used Key_Type typedefs (need to be removed everywhere). GH #712
* Update PKCS11 code, no RNG requiredJack Lloyd2016-11-031-14/+1
|
* Remote unused macrosJack Lloyd2016-10-242-5/+1
|
* Initialize member variable in PKCS11_EC_PrivateKeyJack Lloyd2016-10-242-2/+2
| | | | | One of the constructors initialized the member, the others did not. Found by Coverity scanner.
* Merge GH #668: Remove Algo_Registry and associated global locksJack Lloyd2016-10-243-3/+0
|\
| * Remove Algo_RegistryJack Lloyd2016-10-213-3/+0
| | | | | | | | | | | | | | I repent my use of global constructors. I repent my use of global locks. Hopefully I will never touch this code again. :)
* | Fix invalid UTF-8 char in API doc [ci skip]René Korthaus2016-10-221-1/+1
|/ | | | | | An invalid UTF-8 character prevented Latex from generating a PDF document from the doxygen-generated Latex API docs via make pdf.
* Fix doxygen warnings [ci skip]René Korthaus2016-10-192-8/+7
|
* Improve pkcs11 doxygen [ci skip]René Korthaus2016-10-193-13/+49
|
* Make pk_ops.h internalJack Lloyd2016-10-083-4/+4
| | | | Some fixes for missing system_rng in ECIES and tests.
* Revert PK_Verifier change (don't require RNG there).Jack Lloyd2016-10-074-12/+8
| | | | | | | Verification is deterministic and public, so really no RNG is ever needed. Change provider handling - accepts "base", "openssl", or empty, otherwise throws a Provider_Not_Found exception.
* Remove Algo_Registry usage from public key code.Jack Lloyd2016-10-078-51/+117
| | | | | | | | Instead the key types exposes operations like `create_encryption_op` which will return the relevant operation if the algorithm supports it. Changes pubkey.h interface, now RNG is passed at init time. Blinder previous created its own RNG, now it takes it from app.
* RNG changes (GH #593)Jack Lloyd2016-08-241-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change reseed interval logic to count calls to `randomize` rather than bytes, to match SP 800-90A Changes RNG reseeding API: there is no implicit reference to the global entropy sources within the RNGs anymore. The entropy sources must be supplied with the API call. Adds support for reseding directly from another RNG (such as a system or hardware RNG). Stateful_RNG keeps optional references to both an RNG and a set of entropy sources. During a reseed, both sources are used if set. These can be provided to HMAC_DRBG constructor. For HMAC_DRBG, SP800-90A requires we output no more than 2**16 bytes per DRBG request. We treat requests longer than that as if the caller had instead made several sequential maximum-length requests. This means it is possible for one or more reseeds to trigger even in the course of generating a single (long) output (generate a 256-bit key and use ChaCha or HKDF if this is a problem). Adds RNG::randomize_with_ts_input which takes timestamps and uses them as the additional_data DRBG field. Stateful_RNG overrides this to also include the process ID and the reseed counter. AutoSeeded_RNG's `randomize` uses this. Officially deprecates RNG::make_rng and the Serialized_RNG construtor which creates an AutoSeeded_RNG. With these removed, it would be possible to perform a build with no AutoSeeded_RNG/HMAC_DRBG at all (eg, for applications which only use the system RNG). Tests courtesy @cordney in GH PRs #598 and #600
* Another PKCS #11 amalg fixJack Lloyd2016-08-231-1/+1
|
* Work around some amalgamation issues.Jack Lloyd2016-08-232-6/+4
| | | | | | I think probably what these headers had should work, but end up confusing the generator and breaking the build: https://travis-ci.org/randombit/botan/jobs/154197472
* restore to original pkcs11.hDaniel Neus2016-08-121-4/+4
|
* Headers can be marked as external by using `<header:external>` in info.txt.Daniel Neus2016-08-122-2/+5
| | | | | | | These headers are copied/linked into build_dir/include/external This has the advantage that external includes can be taken as they are, they haven't to be modified. Fixes amalgamation build with enabled pkcs#11 module
* include external PKCS#11 headers into botanDaniel Neus2016-07-265-1/+3208
|
* remove rfc6979 module dependency for pkcs11Daniel Neus2016-07-051-1/+0
| | | | no longer needed since hash_for_emsa() is now in emsa.h
* remove unnecessary includeDaniel Neus2016-06-281-1/+0
|
* fix some warnings and one compile errorDaniel Neus2016-06-284-6/+7
|
* reuse BigInt::encode_1363 instead of self written logicDaniel Neus2016-06-281-6/+1
|
* use NULL_RNG to make clear that the RNG is not usedDaniel Neus2016-06-282-24/+4
|
* add PKCS#11 supportDaniel Neus2016-06-1725-0/+7297