aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/pubkey
Commit message (Collapse)AuthorAgeFilesLines
* lib/pubkey: Convert &vec[0] to vec.data()Simon Warta2015-06-2316-56/+56
|
* Add missing headers fixing GCC 4.7 buildlloyd2015-06-171-0/+1
|
* Key agreement was missing the return check, add it to get_pk_op insteadlloyd2015-03-291-17/+11
|
* Move the signature padding schemes to the PK operation classes,lloyd2015-03-2313-360/+390
| | | | | | | | | as was previously done with encrypt/decrypt ops. One feature dropped on the floor here is previously PK_Signer by default did verification of signatures before releasing them as an measure against fault attacks. However in addition to being expensive this turned out to be difficult to implement with the new scheme.
* In PK encrypt/decrypt move pad calls to the operation. This allows anlloyd2015-03-1410-154/+218
| | | | | | | | | op to use a padding scheme outside of our knowledge or control, for instance an OpenSSL RSA op which uses OpenSSL's padding code. Similar change for key agreement and KDFs for the same reason. Add an EME_Raw type; previously this operation was implicit in the code in pubkey.cpp
* Externalize the state of a RFC 6979 nonce computation.lloyd2015-03-122-22/+55
| | | | | | | | | | | | This lets you amortize quite a few memory allocations (RNG, various BigInts, etc) over many nonce generations. Change generate_rfc6979_nonce to just instantiate one of these states, call the function once, and return. This doesn't have any additional overhead versus the previous implementation of this function. Fix HMAC_DRBG to correctly reset its state to its starting position when you call clear() on it.
* Avoid a ECC point multiplication in ECDSA signature verification bylloyd2015-03-121-14/+20
| | | | | | | distributing w into the exponents. This is at least a 50% speedup across all keysizes on my laptop. Optimization pointed out by Dr. Falko Strenzke on the mailing list.
* Add BOTAN_DLL back to LibraryInitializer and move some of the implementation tolloyd2015-03-111-1/+1
| | | | | | | a source file. Without BOTAN_DLL the LibraryInitializer was removed entirely from the list of symbols which is not desired. Add some casts to avoid scary sounding but (upon review) harmless warnings from MSVC
* Hide Algorithm_Factory and use the functions in lookup.h internally.lloyd2015-03-041-3/+2
| | | | | | Fix two memory leaks (in TLS and modes) caused by calling get_foo and then cloning the result before saving it (leaking the original object), a holdover from the conversion between construction techniques in 1.11.14
* Modify interfaces of KDF and PBKDF to write output to an array, withlloyd2015-02-181-8/+8
| | | | higher level functions on interface handling returning a vector.
* Add new module `ffi` which provides a plain C interface, plus a newlloyd2015-02-162-3/+2
| | | | | | | | | | | | ctypes Python wrapper that uses it. The API is intentionally designed to have a very simple ABI (extern "C", all structs are opaque, no memory ownership passing the FFI boundary, limited set of simple types as args) so the ctypes wrapper is quite simple. Currently ffi provides ciphers, hashes, MACs, RNGs, PBKDF, KDF, bcrypt, and most public key operations. Remove the old boost.python wrapper and all the build code for it.
* Remove static castslloyd2015-02-066-34/+28
|
* Clean up root dir, remove some unneeded dependencieslloyd2015-02-051-1/+0
|
* Remove algo factory, engines, global RNG, global state, etc.lloyd2015-02-0428-188/+131
| | | | | | | | | | | | | | | Convert all uses of Algorithm_Factory and the engines to using Algo_Registry The shared pool of entropy sources remains but is moved to EntropySource. With that and few remaining initializations (default OIDs and aliases) moved elsewhere, the global state is empty and init and shutdown are no-ops. Remove almost all of the headers and code for handling the global state, except LibraryInitializer which remains as a compatability stub. Update seeding for blinding so only one hacky almost-global RNG instance needs to be setup instead of across all pubkey uses (it uses either the system RNG or an AutoSeeded_RNG if the system RNG is not available).
* Convert PK operations to using Algo_Registry instead of Engine.lloyd2015-02-0325-693/+806
| | | | Remove global PRNG.
* Add missing files. Remove cipher lookup from engine code.lloyd2015-02-011-8/+2
|
* Use registry also for KDF, EMSA, and EMElloyd2015-01-311-3/+3
|
* Use registry for streams and MACs. Start updating callers.lloyd2015-01-312-7/+3
|
* Centralize where string.h/cstring is included to mem_ops.hlloyd2015-01-238-30/+24
| | | | See github 42 for background
* Amalgamation fixeslloyd2015-01-233-23/+4
|
* Ensure all files have copyright and license info.lloyd2015-01-1075-82/+84
| | | | | Update license header line to specify the terms and refer to the file, neither of which it included before.
* Add MCEIES, an integrated encryption system using McEliece and AES-256/OCBlloyd2015-01-083-0/+154
|
* No need to reseed RNG in DSA sign as RNG is no longer usedlloyd2015-01-081-4/+2
|
* Cleanuplloyd2015-01-081-7/+5
|
* Add Poly1305, based on poly1305-donna by Andrew Moon.lloyd2014-12-292-120/+0
|
* When encrypting McEliece or Curve25519 keys, default to GCM instead of CBC.lloyd2014-12-272-9/+13
| | | | Add OIDS for OCB mode with various ciphers.
* Add Curve25519 based on curve25519-donna by Adam Langley.lloyd2014-12-276-0/+804
| | | | | | This uses only the c64 version from curve25519-donna; on systems that don't have a native uint128_t type, a donna128 type stands in for just enough 128-bit operations to satisfy donna.cpp
* Fix header guards for amalgamation (github issue 35)lloyd2014-12-224-31/+31
|
* Correct commentlloyd2014-12-181-2/+2
|
* Implement RFC 6979 determinstic signatures for DSA and ECDSA.lloyd2014-12-109-43/+63
| | | | | Drop the GNU MP engine. Its implementations were potentially faster in some scenarios but not well protected against side channels.
* Implement a strength estimator for McEliece keys based on HyMES versionlloyd2014-12-095-12/+123
|
* Cleanup for pbe name parsing in PKCS #8 encoderlloyd2014-12-081-14/+23
|
* Add a basic speed test for McEliecelloyd2014-12-081-0/+10
|
* Remove the Overbeck conversion at Dr. Strenzke's request.lloyd2014-12-063-229/+0
| | | | | | | | While a CCA2 proof of this scheme exists, it is written in German and for various reasons publishing a translation would be a complicated affair. Without a (well studied) English proof it is harder to understand the security of the overall scheme. Thus only KEM, which seems much easier to prove, will be offered.
* Add KEM scheme for McEliecefstrenzke2014-12-063-0/+111
|
* GCC 4.9 fixeslloyd2014-12-022-1/+3
|
* Move all PK workfactor esstimators to workfactors.*lloyd2014-11-295-5/+33
|
* Add an implementation of McEliece encryption based on HyMESfstrenzke2014-11-2620-0/+3310
| | | | | | | (https://www.rocq.inria.fr/secret/CBCrypto/index.php?pg=hymes). The original version is LGPL but cryptsource GmbH has secured permission to release it under a BSD license. Also includes the Overbeck CCA2 message encoding scheme.
* Cleanup PBES2 and add GCM supportlloyd2014-11-192-16/+22
|
* Remove unused includeslloyd2014-11-182-2/+0
|
* Fix various warnings from VC++ 2014 and add missing includelloyd2014-10-311-2/+0
|
* Fix header guard for amalgamationlloyd2014-07-031-2/+2
|
* Any fixed MR iterations is probably wrong for somebody. Allow the userlloyd2014-04-252-9/+8
| | | | | | to specify a probability as well as if n was randomly chosen or not. If the input is random use a better bounds to reduce the number of needed tests.
* Remove debug headerslloyd2014-04-051-3/+0
|
* Add RFC 6979 nonce generator. Also some HMAC_DRBG cleanups.lloyd2014-03-223-0/+83
|
* Fix algo factory compilelloyd2014-01-181-1/+0
|
* Guess I won't be needing theselloyd2014-01-185-5/+0
|
* More unique_ptrlloyd2014-01-182-20/+5
|
* unique_ptr all the thingslloyd2014-01-182-110/+86
|
* Move lib into srclloyd2014-01-1066-0/+7022