aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/pubkey/dsa/dsa.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Avoid const-time modulo in DSA verificationJack Lloyd2018-12-291-1/+11
| | | | | | It has a substantial perf hit and is not necessary. It may not be really necessary for signatures either but leave that as it, with a comment explaining.
* Always use const-time modulo during DSA signingJack Lloyd2018-12-241-1/+2
| | | | | | | | | | | Since we are reducing a mod-p integer down to mod-q this would nearly always use ct_modulo in any case. And, in the case where Barrett did work, it would reveal that g^k mod p was <= q*q which would likely be useful for searching for k. This should actually be slightly faster (if anything) since it avoids the unnecessary comparison against q*q and jumps directly to ct_modulo.
* Add PK_Signer::signature_lengthJack Lloyd2018-08-101-2/+3
|
* Move reduction mod q to DL_GroupJack Lloyd2018-06-281-18/+13
| | | | | Avoids computing Barrett params many times and gives option for more optimizations in future.
* Avoid leaking size of exponentJack Lloyd2018-06-171-4/+4
| | | | See #1606 for discussion
* Address DSA/ECDSA side channelJack Lloyd2018-06-131-10/+28
|
* Remove unused includeJack Lloyd2018-04-261-1/+0
|
* Remove bogus -1 from DSA key generationJack Lloyd2018-03-211-1/+1
| | | | GH #222
* Change DSA behavior similarlyJack Lloyd2018-03-211-2/+2
|
* Avoid using threads in DSA operationsJack Lloyd2018-03-151-25/+3
| | | | | | | | | For DSA signing using a thread turned out to be purely a pessimization. The single threaded code is faster even on a 4-core machine running Linux (which has very fast thread creation). It would likely be much worse on a single core machine or an OS with slower thread primitives. For DSA verification, use Montgomery multi-exponentiation instead.
* Small fixesJack Lloyd2018-02-191-2/+2
|
* Use new DL_Group functionsJack Lloyd2018-02-191-31/+35
|
* Missing includeJack Lloyd2017-09-241-0/+1
|
* Apply final annotations to the library alsoJack Lloyd2017-09-221-2/+2
| | | | | Done by a perl script which converted all classes to final, followed by selective reversion where it caused compilation failures.
* Avoid having variable named m_emsa twice in class hierarchyJack Lloyd2017-08-291-4/+8
| | | | | | | | In fact the variable was only used if we use deterministic nonces, and just to extract the hash name. So just do that once, and only if we are not using random nonces. Flagged by Sonar
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-181-8/+8
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* Pubkey cleanupsJack Lloyd2016-11-121-4/+0
| | | | | | | | | | Add Public_Key::key_length usable for policy checking (as in TLS::Policy::check_peer_key_acceptable) Remove Public_Key::max_input_bits because it didn't make much sense for most algorithms actually. Remove message_parts and message_part_size from PK_Ops
* Remove Key_Type typedefsJack Lloyd2016-11-081-2/+0
| | | | Also part of Algo_Registry and not needed after #668
* Remove automatic self-testing of public and private keysJack Lloyd2016-11-031-11/+4
| | | | | | | | | | | | | Rarely expected and often causes performance problems, especially for private keys. Instead applications should call check_key explicitly to validate keys when necessary. Note this removal doesn't apply to tests like ECDH on-the-curve tests, where a check on the public key is required for security of our own key. Updates most APIs to remove RNG calls, where they are no longer required. Exception is PKCS8 interface, pending further work there (see GH #685) it just ignores the RNG argument now.
* Abstract out mutex type. Make threads optional.Jack Lloyd2016-10-121-1/+14
|
* Revert PK_Verifier change (don't require RNG there).Jack Lloyd2016-10-071-5/+8
| | | | | | | Verification is deterministic and public, so really no RNG is ever needed. Change provider handling - accepts "base", "openssl", or empty, otherwise throws a Provider_Not_Found exception.
* Remove Algo_Registry usage from public key code.Jack Lloyd2016-10-071-6/+21
| | | | | | | | Instead the key types exposes operations like `create_encryption_op` which will return the relevant operation if the algorithm supports it. Changes pubkey.h interface, now RNG is passed at init time. Blinder previous created its own RNG, now it takes it from app.
* Fix leading zero bytes in DSA, ECDSA, ECGDSA and ECKCDSA signaturesRené Korthaus2016-08-171-4/+1
|
* Revamp entropy pollingJack Lloyd2016-07-171-0/+1
| | | | | Remove Entropy_Accumulator, instead have entropy sources directly add entropy to the RNG.
* Merge GH #504 Add ECKCDSAJack Lloyd2016-06-201-1/+2
|\
| * Add ECKCDSA signature algorithmRené Korthaus2016-06-141-1/+2
| |
* | fix test failures and seg faults when Botan is configured with ↵René Korthaus2016-06-171-1/+1
|/ | | | --module-policy bsi
* Add support probabilistic DSA & ECDSARené Korthaus2016-05-081-5/+12
| | | | | | | Adds support for probabilistic, aka the standard, DSA and ECDSA. Can be enabled by disabling the rfc6979 module. Includes test vectors from NIST CAVP. Adds rfc6979 to the list of prohibited modules in BSI policy.
* Remaining cppcheck fixes that are not covered by GH #444Daniel Neus2016-03-051-7/+4
|
* Mass-prefix member vars with m_René Korthaus2016-01-081-46/+46
|
* pubkey: Add missing overridesDaniel Seither2015-07-301-3/+3
|
* Move the signature padding schemes to the PK operation classes,lloyd2015-03-231-7/+9
| | | | | | | | | as was previously done with encrypt/decrypt ops. One feature dropped on the floor here is previously PK_Signer by default did verification of signatures before releasing them as an measure against fault attacks. However in addition to being expensive this turned out to be difficult to implement with the new scheme.
* Convert PK operations to using Algo_Registry instead of Engine.lloyd2015-02-031-16/+69
| | | | Remove global PRNG.
* Ensure all files have copyright and license info.lloyd2015-01-101-1/+1
| | | | | Update license header line to specify the terms and refer to the file, neither of which it included before.
* No need to reseed RNG in DSA sign as RNG is no longer usedlloyd2015-01-081-4/+2
|
* Implement RFC 6979 determinstic signatures for DSA and ECDSA.lloyd2014-12-101-19/+23
| | | | | Drop the GNU MP engine. Its implementations were potentially faster in some scenarios but not well protected against side channels.
* Fix various warnings from VC++ 2014 and add missing includelloyd2014-10-311-2/+0
|
* Move lib into srclloyd2014-01-101-0/+143
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-26 12:51:23 +0000