aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/prov
Commit message (Collapse)AuthorAgeFilesLines
* add "--with-external-libdir" to configure.pyDaniel Neus2017-01-261-1/+2
| | | | | | Fixes #767 and #19 Main purpose is to support external libs like OpenSSL on Windows.
* Enable PKCS11 module by default and remove --with-pkcs11 optionRené Korthaus2017-01-111-2/+0
| | | | | | The pkcs11 module once required the pkcs11 headers as an external dependency, but the headers were included a while ago. Still, the module was set to be load_on vendor. Instead, we can enable the module by default now.
* Add try/catch blocks in noexcept destructors that might throwJack Lloyd2017-01-063-8/+29
| | | | Flagged by Coverity
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-1823-200/+200
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* Add support for brainpool curves in openssl providerRené Korthaus2016-12-171-1/+17
| | | | | OpenSSL 1.0.2 added support for brainpool curves, so we can use it provided the version check succeeds.
* Remove <source> block from info.txt filesJack Lloyd2016-12-081-15/+0
| | | | | | Kind of a vestigial thing from an earlier iteration of the module design, and never useful to specify anymore since taking all the cpp files is what you want exactly 100% of the time.
* Fix TPM private_key_bits() exception messageRené Korthaus2016-12-051-1/+1
|
* Add Private_Key::private_key_info()René Korthaus2016-12-059-13/+13
| | | | | | | Adds new Private_Key::private_key_info() that returns a PKCS#8 PrivateKeyInfo structure. Renames the current Private_Key::pkcs8_private_key() to private_key_bits(). BER_encode() just invokes private_key_info().
* Add Public_Key::subject_public_key()René Korthaus2016-12-055-6/+6
| | | | | | | Adds new Public_Key::subject_public_key() that returns a X.509 SubjectPublicKey structure. Renames the current Public_Key::x509_subject_public_key() to public_key_bits(). BER_encode() just invokes subject_public_key().
* Expose pk_ops.h as public interface againJack Lloyd2016-12-044-5/+4
| | | | | | | | | | | | I was initially thinking of Botan as somewhat closed system, but @cordney has a legit use case of wanting to expose a TPM sign operation, but using their internal TPM library and TPM key type. This requires the API be exposed so the derivation can occur. Add a comment in the header explaining that the header is not for normal application use and directing them to pubkey.h This basically reverts 2747e8e23aec43162
* Fix OpenSSL RC4 clone - ignored skip paramJack Lloyd2016-11-261-1/+1
|
* Pubkey cleanupsJack Lloyd2016-11-1210-78/+11
| | | | | | | | | | Add Public_Key::key_length usable for policy checking (as in TLS::Policy::check_peer_key_acceptable) Remove Public_Key::max_input_bits because it didn't make much sense for most algorithms actually. Remove message_parts and message_part_size from PK_Ops
* Remove Key_Type typedefsJack Lloyd2016-11-083-9/+0
| | | | Also part of Algo_Registry and not needed after #668
* Fix PKCS11 test errorJack Lloyd2016-11-042-7/+3
| | | | | | | | | | | | | | Previously PKCS11_ECDSA_PrivateKey::check_key failed because no verification is possible using this key type (does not derive from public key). Split keypair consistency to allow two key arguments. ECDSA keypair consistency disabled in the tests still, because SoftHSMv2 gives mechanism invalid errors. I think this is a SoftHSMv2 issue with the signature mechanism. Remove no longer used Key_Type typedefs (need to be removed everywhere). GH #712
* Update PKCS11 code, no RNG requiredJack Lloyd2016-11-031-14/+1
|
* Avoid possibility of mismatched brackets.Jack Lloyd2016-10-311-2/+6
| | | | Found by cppcheck
* Static analyzer fixesJack Lloyd2016-10-251-1/+0
| | | | | | | | | Check return value of read, found by Clang. See also #677 Remove unused member variable in OpenSSL ECC, found by Clang. In ECDSA tests, if the pointer is null we should return rather than dereferencing it. Found by Coverity.
* Remote unused macrosJack Lloyd2016-10-242-5/+1
|
* Initialize member variable in PKCS11_EC_PrivateKeyJack Lloyd2016-10-242-2/+2
| | | | | One of the constructors initialized the member, the others did not. Found by Coverity scanner.
* Merge GH #668: Remove Algo_Registry and associated global locksJack Lloyd2016-10-248-118/+143
|\
| * Small cleanup in OpenSSL ECJack Lloyd2016-10-211-12/+13
| |
| * Remove alias logic from SCAN_NameJack Lloyd2016-10-211-2/+3
| | | | | | | | | | | | This required taking a global lock and doing a map lookup each time an algorithm was requested (and so many times during a TLS handshake).
| * Remove Algo_RegistryJack Lloyd2016-10-217-104/+127
| | | | | | | | | | | | | | I repent my use of global constructors. I repent my use of global locks. Hopefully I will never touch this code again. :)
* | Fix invalid UTF-8 char in API doc [ci skip]René Korthaus2016-10-221-1/+1
|/ | | | | | An invalid UTF-8 character prevented Latex from generating a PDF document from the doxygen-generated Latex API docs via make pdf.
* Fix doxygen warnings [ci skip]René Korthaus2016-10-192-8/+7
|
* Improve pkcs11 doxygen [ci skip]René Korthaus2016-10-193-13/+49
|
* The other half of 55b8fb5Jack Lloyd2016-10-091-7/+9
| | | | GH #656
* Make pk_ops.h internalJack Lloyd2016-10-085-6/+6
| | | | Some fixes for missing system_rng in ECIES and tests.
* OpenSSL fixesJack Lloyd2016-10-072-4/+4
|
* Revert PK_Verifier change (don't require RNG there).Jack Lloyd2016-10-076-31/+15
| | | | | | | Verification is deterministic and public, so really no RNG is ever needed. Change provider handling - accepts "base", "openssl", or empty, otherwise throws a Provider_Not_Found exception.
* Remove Algo_Registry usage from public key code.Jack Lloyd2016-10-0713-181/+249
| | | | | | | | Instead the key types exposes operations like `create_encryption_op` which will return the relevant operation if the algorithm supports it. Changes pubkey.h interface, now RNG is passed at init time. Blinder previous created its own RNG, now it takes it from app.
* fix compiler error: openssl w/o rc4t0b32016-10-011-1/+1
| | | | | | Compiling botan with disabled rc4 module fails in case of openssl w/o rc4... Error: ./src/lib/prov/openssl/openssl_rc4.cpp:15:25: fatal error: openssl/rc4.h: No such file or directory #include <openssl/rc4.h>
* Change T::provider to return std::stringJack Lloyd2016-09-153-3/+3
|
* Add T::provider() to allow user to inquire about implementation usedJack Lloyd2016-09-153-0/+4
| | | | | For block ciphers, stream ciphers, hashes, MACs, and cipher modes. Cipher_Mode already had it, with a slightly different usage.
* Remove deprecated hashes MD2, HAS-160, and RIPEMD-128Jack Lloyd2016-09-021-4/+0
|
* RNG changes (GH #593)Jack Lloyd2016-08-241-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change reseed interval logic to count calls to `randomize` rather than bytes, to match SP 800-90A Changes RNG reseeding API: there is no implicit reference to the global entropy sources within the RNGs anymore. The entropy sources must be supplied with the API call. Adds support for reseding directly from another RNG (such as a system or hardware RNG). Stateful_RNG keeps optional references to both an RNG and a set of entropy sources. During a reseed, both sources are used if set. These can be provided to HMAC_DRBG constructor. For HMAC_DRBG, SP800-90A requires we output no more than 2**16 bytes per DRBG request. We treat requests longer than that as if the caller had instead made several sequential maximum-length requests. This means it is possible for one or more reseeds to trigger even in the course of generating a single (long) output (generate a 256-bit key and use ChaCha or HKDF if this is a problem). Adds RNG::randomize_with_ts_input which takes timestamps and uses them as the additional_data DRBG field. Stateful_RNG overrides this to also include the process ID and the reseed counter. AutoSeeded_RNG's `randomize` uses this. Officially deprecates RNG::make_rng and the Serialized_RNG construtor which creates an AutoSeeded_RNG. With these removed, it would be possible to perform a build with no AutoSeeded_RNG/HMAC_DRBG at all (eg, for applications which only use the system RNG). Tests courtesy @cordney in GH PRs #598 and #600
* Another PKCS #11 amalg fixJack Lloyd2016-08-231-1/+1
|
* Work around some amalgamation issues.Jack Lloyd2016-08-232-6/+4
| | | | | | I think probably what these headers had should work, but end up confusing the generator and breaking the build: https://travis-ci.org/randombit/botan/jobs/154197472
* restore to original pkcs11.hDaniel Neus2016-08-121-4/+4
|
* Headers can be marked as external by using `<header:external>` in info.txt.Daniel Neus2016-08-122-2/+5
| | | | | | | These headers are copied/linked into build_dir/include/external This has the advantage that external includes can be taken as they are, they haven't to be modified. Fixes amalgamation build with enabled pkcs#11 module
* include external PKCS#11 headers into botanDaniel Neus2016-07-265-1/+3208
|
* Make Stream_Cipher::set_iv() pure virtualRené Korthaus2016-07-201-0/+6
| | | | | | | | | | It provided a default implementation that only checked that the length was correct, but ignored the actual data and did not notify the caller, which seemed like a rather odd behaviour. The only implementation that used this default implementation, RC4, now throws an exception.
* Add Stateful_RNGJack Lloyd2016-07-171-2/+3
| | | | | | | | | | | | | | Handles fork checking for HMAC_RNG and HMAC_DRBG AutoSeeded_RNG change - switch to HMAC_DRBG as default. Start removing the io buffer from entropy poller. Update default RNG poll bits to 256. Fix McEliece test, was using wrong RNG API. Update docs.
* Switch to HMAC_DRBG for all RNG generation.Jack Lloyd2016-07-171-14/+7
| | | | | | | | Add support and tests for additional_data param to HMAC_DRBG Add Stateful_RNG class which has fork detection and periodic reseeding. AutoSeeded_RNG passes the current pid and time as additional_data
* remove rfc6979 module dependency for pkcs11Daniel Neus2016-07-051-1/+0
| | | | no longer needed since hash_for_emsa() is now in emsa.h
* Merge GH #507 Add PKCS #11 support. Previous merge 360a3a5 missed later commitsJack Lloyd2016-07-047-37/+12
|\
| * remove unnecessary includeDaniel Neus2016-06-281-1/+0
| |
| * fix some warnings and one compile errorDaniel Neus2016-06-284-6/+7
| |
| * reuse BigInt::encode_1363 instead of self written logicDaniel Neus2016-06-281-6/+1
| |
| * use NULL_RNG to make clear that the RNG is not usedDaniel Neus2016-06-282-24/+4
| |