| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
| |
Otherwise we run into the old problem in the static non-amalgamation
build of the operation not being loaded even though the key itself was
referenced; since now the operation is loaded as a by-product of
referencing the key type (as with other impls) everything works out.
|
| |
|
|
|
|
| |
Convert McEliece KEM to use it
Add RSA-KEM
|
| |
|
|
| |
See GH #340 and 6b9a3a5 for background
|
| | |
|
| |
|
|
|
|
|
|
| |
As the alternatives are unfortunate for applications trying to catch
all library errors, and it seems deriving from std::runtime_error
causes problems with MSVC DLLs (GH #340)
Effectively reverts 2837e915d82e43
|
| |
|
|
|
|
|
|
|
|
|
| |
The tests which generate McEliece keys using a deterministic RNG and
fixed seed failed on PowerPC (or other big endian systems) because the
vectors assumed we were creating elements little endian, which is
what happend with rng.randomize(&u16, 2) on x86
Fix it to always be little endian. No particular reason to prefer one vs the
other here (we're just trying for compatability with ourselves) and choosing
little endian avoids having to regen the vectors.
|
| | |
|
| |\
| |
| | |
Cleanup and document McEliece implementation
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Remove and consolidate various headers
Reduce memory usage of GF2m_Field by sharing the log and exponent
tables across all instances of a particular word size.
Remove McEliece_Public_Operation and McEliece_Private_Operation which
were difficult to use safely. Instead only the KEM operations are exposed.
Add McEliece_PublicKey::random_plaintext_element
Add command line `mce` tool and some McEliece documentation
Convert the speed program to check McEliece keys of the suggested size
Add McEliece KATs for both key generation and KEM
Fix HMAC_DRBG constructor which derefed a pointer before its time
|
| |/
|
|
|
|
| |
warning: assuming signed overflow does not occur when reducing constant
in comparison [-Wstrict-overflow]
cond1 = r0.get_degree() <= break_deg - 1;
|
| |
|
|
| |
Only user-visible change is the removal of get_byte.h
|
| | |
|
| |
|
|
| |
Thanks to @vlajos https://github.com/vlajos/misspell_fixer
|
| | |
|
| |
|
|
|
|
| |
shift promotes to signed int rather than an unsigned value. However
here we wish to use a large shift, which can cause a signed overflow.
Add static_cast to force to the desired (unsigned) type.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Remove global PRNG.
|
| |
|
|
| |
See github 42 for background
|
| | |
|
| |
|
|
|
| |
Update license header line to specify the terms and refer to the file,
neither of which it included before.
|
| | |
|
| |
|
|
| |
Add OIDS for OCB mode with various ciphers.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
While a CCA2 proof of this scheme exists, it is written in German and
for various reasons publishing a translation would be a complicated
affair. Without a (well studied) English proof it is harder to
understand the security of the overall scheme. Thus only KEM, which
seems much easier to prove, will be offered.
|
| | |
|
| | |
|
| | |
|
|
|
(https://www.rocq.inria.fr/secret/CBCrypto/index.php?pg=hymes).
The original version is LGPL but cryptsource GmbH has secured
permission to release it under a BSD license. Also includes the
Overbeck CCA2 message encoding scheme.
|
