aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/pubkey/curve25519
Commit message (Collapse)AuthorAgeFilesLines
* Add missing override annotations [ci skip]Jack Lloyd2018-08-131-1/+1
|
* Add function to return the size of a key agreement outputJack Lloyd2018-08-121-0/+2
| | | | Very useful when using "Raw" DH/ECDH via the FFI API.
* Make use of AlgorithmIdentifier::USE_EMPTY_PARAMJack Lloyd2018-07-101-4/+1
|
* Add contortion to appease SonarJack Lloyd2018-01-091-1/+1
|
* CleanupsJack Lloyd2018-01-071-86/+89
|
* Unroll the inner loop of cmultJack Lloyd2018-01-061-78/+84
| | | | | Allows merging redundant conditional swaps and elimiates the pointer indirections.
* Reformat donna.cppJack Lloyd2018-01-061-409/+412
| | | | | Was originally kept in the same format as upstream, but upstream is not maintained anymore so no reason to stick with it.
* Convert http:// links to https:// where possibleJack Lloyd2017-10-241-2/+2
|
* More header cleanupsJack Lloyd2017-09-231-0/+1
|
* Apply final annotations to the library alsoJack Lloyd2017-09-222-2/+2
| | | | | Done by a perl script which converted all classes to final, followed by selective reversion where it caused compilation failures.
* Change header guard format to BOTAN_FOO_H_Jack Lloyd2017-09-201-2/+2
| | | | | | ISO C++ reserves names with double underscores in them Closes #512
* Add API stability annotations.Jack Lloyd2017-09-191-4/+4
| | | | | Defined in build.h, all equal to BOTAN_DLL so ties into existing system for exporting symbols.
* Slight cleanup in Curve25519_PrivateKey constructorJack Lloyd2017-08-291-8/+6
|
* Bump x25519 version in light of GH #1076 format changeJack Lloyd2017-06-211-1/+1
|
* Replaced USE_NULL_PARAM (0x05 0x00) by an empty vector (nothing)Francis Dupont2017-06-121-1/+4
|
* Fixed private key codeFrancis Dupont2017-06-122-13/+5
|
* Fixed public key code for *25519Francis Dupont2017-06-121-9/+2
|
* Added Curve25519_PrivateKey constructor from secret_keyFrancis Dupont2017-06-121-0/+12
|
* Content:Tomasz Frydrych2017-04-031-1/+1
| | | | | | | | | * fixes for deprecated constructions in c++11 and later (explicit rule of 3/5 or implicit rule of 0 and other violations) * `default` specifier instead of `{}` in some places(probably all) * removal of unreachable code (for example `return` after `throw`) * removal of compilation unit only visible, but not used functions * fix for `throw()` specifier - used instead `BOTAN_NOEXCEPT` * removed not needed semicolons
* Remove "Dirty hack" for multiple defines in lex_me_harder()Simon Warta2017-04-021-1/+3
|
* Remove verify_end() chained immediatly before end_cons() (close #890)Nuno Goncalves2017-02-251-2/+0
| | | | | | | BER_Decoder::end_cons() allready assures the verify_end() function, so it is redundant. Signed-off-by: Nuno Goncalves <[email protected]>
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-183-26/+26
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* Public_Key derived class ctors take an std::vector<byte>René Korthaus2016-12-112-3/+3
| | | | | | | Changes all the Public_Key derived classes ctors to take a std::vector instead of a secure_vector for the DER encoded public key bits. There is no point in transporting a public key in secure storage. (GH #768)
* Add Private_Key::private_key_info()René Korthaus2016-12-052-2/+2
| | | | | | | Adds new Private_Key::private_key_info() that returns a PKCS#8 PrivateKeyInfo structure. Renames the current Private_Key::pkcs8_private_key() to private_key_bits(). BER_encode() just invokes private_key_info().
* Add Public_Key::subject_public_key()René Korthaus2016-12-052-2/+2
| | | | | | | Adds new Public_Key::subject_public_key() that returns a X.509 SubjectPublicKey structure. Renames the current Public_Key::x509_subject_public_key() to public_key_bits(). BER_encode() just invokes subject_public_key().
* Add CECPQ1 TLS ciphersuitesJack Lloyd2016-11-173-18/+24
| | | | | | | | | | | | | Tested against BoringSSL (as client + server) and google.com (as client). Fix a stupid crashing bug in NewHope's BoringSSL mode. Remove unneeded error return from curve25519_donna - always returned 0. Default policy prefers ChaChaPoly1305 over GCM and CECPQ1 over ECDH/DH, which means the default no-extra-configuration ciphersuite (for Botan client speaking to Botan server) is a ciphersuite which is both implemented in constant time on all platforms and (hopefully) provides post quantum security. Good Things.
* Pubkey cleanupsJack Lloyd2016-11-121-1/+1
| | | | | | | | | | Add Public_Key::key_length usable for policy checking (as in TLS::Policy::check_peer_key_acceptable) Remove Public_Key::max_input_bits because it didn't make much sense for most algorithms actually. Remove message_parts and message_part_size from PK_Ops
* Remove Key_Type typedefsJack Lloyd2016-11-081-1/+0
| | | | Also part of Algo_Registry and not needed after #668
* Remove automatic self-testing of public and private keysJack Lloyd2016-11-032-7/+2
| | | | | | | | | | | | | Rarely expected and often causes performance problems, especially for private keys. Instead applications should call check_key explicitly to validate keys when necessary. Note this removal doesn't apply to tests like ECDH on-the-curve tests, where a check on the public key is required for security of our own key. Updates most APIs to remove RNG calls, where they are no longer required. Exception is PKCS8 interface, pending further work there (see GH #685) it just ignores the RNG argument now.
* X25519 key exchange for TLSJack Lloyd2016-10-212-6/+16
| | | | | Client interops with google.com, server not tested against an independent client yet.
* Improve pubkey doxygen [ci skip]René Korthaus2016-10-191-0/+23
|
* Fix Clang warningsJack Lloyd2016-10-091-2/+2
|
* Revert PK_Verifier change (don't require RNG there).Jack Lloyd2016-10-071-2/+4
| | | | | | | Verification is deterministic and public, so really no RNG is ever needed. Change provider handling - accepts "base", "openssl", or empty, otherwise throws a Provider_Not_Found exception.
* Remove Algo_Registry usage from public key code.Jack Lloyd2016-10-072-3/+15
| | | | | | | | Instead the key types exposes operations like `create_encryption_op` which will return the relevant operation if the algorithm supports it. Changes pubkey.h interface, now RNG is passed at init time. Blinder previous created its own RNG, now it takes it from app.
* Reduction of code complexity in MP & ECC classes.Matthias Gierlings2016-06-191-30/+46
| | | | | | - reduced number of parameters in various methods - introduced structures and renamed variables to improve code readability.
* cppcheck fixes: Class 'X' has a constructor with 1 argument that is not ↵Daniel Neus2016-03-051-3/+3
| | | | explicit.
* Fix remaining Wshadow warnings and enable on gcc and clangRené Korthaus2016-02-181-3/+3
|
* Make Montgomery reduction constant time.Jack Lloyd2015-10-241-5/+5
| | | | | | | | | | | | | | It was already close, but the carry loop would break early and selecting which value to copy out was indexed on the borrow bit. Have the carry loop run through, and add a const-time conditional copy operation and use that to copy the output. Convert ct_utils to CT namespace. Templatize the utils, which I was hesitant to do initially but is pretty useful when dealing with arbitrary word sizes. Remove the poison macros, replace with inline funcs which reads cleaner at the call site.
* Make PKCS #1 and OAEP decoding constant time to avoid oracle attacksJack Lloyd2015-10-161-0/+9
| | | | | | | | via timing channels. Add annotations for checking constant-time code using ctgrind to PKCS #1 and OAEP, as well as IDEA and Curve25519 which were already written as constant time code.
* pubkey: Add missing overridesDaniel Seither2015-07-302-2/+2
|
* lib/pubkey: Convert &vec[0] to vec.data()Simon Warta2015-06-231-1/+1
|
* In PK encrypt/decrypt move pad calls to the operation. This allows anlloyd2015-03-141-3/+4
| | | | | | | | | op to use a padding scheme outside of our knowledge or control, for instance an OpenSSL RSA op which uses OpenSSL's padding code. Similar change for key agreement and KDFs for the same reason. Add an EME_Raw type; previously this operation was implicit in the code in pubkey.cpp
* Add BOTAN_DLL back to LibraryInitializer and move some of the implementation tolloyd2015-03-111-1/+1
| | | | | | | a source file. Without BOTAN_DLL the LibraryInitializer was removed entirely from the list of symbols which is not desired. Add some casts to avoid scary sounding but (upon review) harmless warnings from MSVC
* Convert PK operations to using Algo_Registry instead of Engine.lloyd2015-02-032-18/+27
| | | | Remove global PRNG.
* Centralize where string.h/cstring is included to mem_ops.hlloyd2015-01-231-7/+6
| | | | See github 42 for background
* Amalgamation fixeslloyd2015-01-231-18/+1
|
* Ensure all files have copyright and license info.lloyd2015-01-102-2/+2
| | | | | Update license header line to specify the terms and refer to the file, neither of which it included before.
* Add Poly1305, based on poly1305-donna by Andrew Moon.lloyd2014-12-292-120/+0
|
* Add Curve25519 based on curve25519-donna by Adam Langley.lloyd2014-12-275-0/+790
This uses only the c64 version from curve25519-donna; on systems that don't have a native uint128_t type, a donna128 type stands in for just enough 128-bit operations to satisfy donna.cpp
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-28 19:31:01 +0000