aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/pubkey
Commit message (Collapse)AuthorAgeFilesLines
* MSVC build fixJack Lloyd2015-10-152-9/+10
|
* Prohibit creating a DL_Group smaller than 1024 bitsJack Lloyd2015-10-151-2/+2
|
* Periodically reinitialize the blinding sequence instead of alwaysJack Lloyd2015-10-152-13/+39
| | | | deriving it by squaring the previous value.
* Expose providers for public key operationsJack Lloyd2015-10-142-43/+61
| | | | | | | | For PK_Encryptor and company they are requested via a new provider param to the constructors. The speed command gets a --provider option so you can see benchmark results with the different versions.
* Move DataSource to utils and rewrite PEM encoding to avoid filtersJack Lloyd2015-10-141-1/+1
| | | | | Removes filters as as an internal dependency pretty much entirely (outside of some dusty corners in misc).
* Merge pull request #286 from randombit/mce-cleanupJack Lloyd2015-09-3025-1201/+986
|\ | | | | Cleanup and document McEliece implementation
| * McEliece cleanupsJack Lloyd2015-09-2925-1201/+986
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove and consolidate various headers Reduce memory usage of GF2m_Field by sharing the log and exponent tables across all instances of a particular word size. Remove McEliece_Public_Operation and McEliece_Private_Operation which were difficult to use safely. Instead only the KEM operations are exposed. Add McEliece_PublicKey::random_plaintext_element Add command line `mce` tool and some McEliece documentation Convert the speed program to check McEliece keys of the suggested size Add McEliece KATs for both key generation and KEM Fix HMAC_DRBG constructor which derefed a pointer before its time
* | Remove warning: assuming signed overflow does not occurSimon Warta2015-09-251-1/+1
|/ | | | | | warning: assuming signed overflow does not occur when reducing constant in comparison [-Wstrict-overflow] cond1 = r0.get_degree() <= break_deg - 1;
* Remove use of lookup.h in favor of new T::create API.Jack Lloyd2015-09-211-2/+2
|
* Internal header cleanupsJack Lloyd2015-09-193-3/+0
| | | | Only user-visible change is the removal of get_byte.h
* Fix pbkdf, pk padding and ECDH registration for static linking.Jack Lloyd2015-09-112-1/+3
| | | | | | | | With this change the tests pass when linked against a static library built in the normal (non-amalgamation) fashion. Remove the restriction in configure.py, and have circleci build the clang static build as a non-amalg.
* Remove alloc module; move secmem.h to base and locking_allocator to utilsJack Lloyd2015-08-294-4/+0
|
* Remove unused variableJack Lloyd2015-08-281-3/+0
|
* Missing addJack Lloyd2015-08-211-0/+1
|
* In RSA, check that the input is less than the modulus n before blindingJack Lloyd2015-08-211-5/+7
| | | | | | | | | | | | | rather than after. After blinding the value is always reduced mod n so the condition is never met. This may be the cause of RSA test failures described in GH #174 The scenario was that during randomized corruption tests we occasionally provide an input which was greater than the modulus. When that happened the value was effectively reduced mod n, so the self-check would later fail, because the decrypted result (reduced mod n) would be compared with the original (larger than n) input.
* Add power analysis countermeasures for ECC point multiplications.Jack Lloyd2015-08-212-35/+37
| | | | | | | | The plain PointGFp operator* now uses Montgomery ladder exclusively. Adds a blinded point multiply algorithm which uses exponent and point randomization, as well as a Montgomery ladder technique that takes a random walk of the possible addition chains for k.
* Remove unused pkcs8 includesSimon Warta2015-08-033-3/+0
| | | | Only botan-cli, botan-tests and the FFI module depend on PKCS8
* pubkey: Add missing overridesDaniel Seither2015-07-3025-86/+89
|
* Fix typosSimon Warta2015-07-242-2/+2
| | | | Thanks to @vlajos https://github.com/vlajos/misspell_fixer
* Silence some extra ';' warningsSimon Warta2015-07-222-2/+2
|
* Fix module combi: adler32,mceSimon Warta2015-07-082-4/+9
|
* The gf2m type is an unsigned 16-bit, so under C promotion rules aJack Lloyd2015-07-051-1/+1
| | | | | | shift promotes to signed int rather than an unsigned value. However here we wish to use a large shift, which can cause a signed overflow. Add static_cast to force to the desired (unsigned) type.
* Make Botan compile when only some modules are enabledSimon Warta2015-07-031-0/+1
| | | | Fixes #146.
* Fix module dependencies of x509 and pubkeySimon Warta2015-06-301-1/+1
|
* More changes for use with debug STLSimon Warta2015-06-301-3/+3
|
* lib/pubkey: Convert &vec[0] to vec.data()Simon Warta2015-06-2316-56/+56
|
* Add missing headers fixing GCC 4.7 buildlloyd2015-06-171-0/+1
|
* Key agreement was missing the return check, add it to get_pk_op insteadlloyd2015-03-291-17/+11
|
* Move the signature padding schemes to the PK operation classes,lloyd2015-03-2313-360/+390
| | | | | | | | | as was previously done with encrypt/decrypt ops. One feature dropped on the floor here is previously PK_Signer by default did verification of signatures before releasing them as an measure against fault attacks. However in addition to being expensive this turned out to be difficult to implement with the new scheme.
* In PK encrypt/decrypt move pad calls to the operation. This allows anlloyd2015-03-1410-154/+218
| | | | | | | | | op to use a padding scheme outside of our knowledge or control, for instance an OpenSSL RSA op which uses OpenSSL's padding code. Similar change for key agreement and KDFs for the same reason. Add an EME_Raw type; previously this operation was implicit in the code in pubkey.cpp
* Externalize the state of a RFC 6979 nonce computation.lloyd2015-03-122-22/+55
| | | | | | | | | | | | This lets you amortize quite a few memory allocations (RNG, various BigInts, etc) over many nonce generations. Change generate_rfc6979_nonce to just instantiate one of these states, call the function once, and return. This doesn't have any additional overhead versus the previous implementation of this function. Fix HMAC_DRBG to correctly reset its state to its starting position when you call clear() on it.
* Avoid a ECC point multiplication in ECDSA signature verification bylloyd2015-03-121-14/+20
| | | | | | | distributing w into the exponents. This is at least a 50% speedup across all keysizes on my laptop. Optimization pointed out by Dr. Falko Strenzke on the mailing list.
* Add BOTAN_DLL back to LibraryInitializer and move some of the implementation tolloyd2015-03-111-1/+1
| | | | | | | a source file. Without BOTAN_DLL the LibraryInitializer was removed entirely from the list of symbols which is not desired. Add some casts to avoid scary sounding but (upon review) harmless warnings from MSVC
* Hide Algorithm_Factory and use the functions in lookup.h internally.lloyd2015-03-041-3/+2
| | | | | | Fix two memory leaks (in TLS and modes) caused by calling get_foo and then cloning the result before saving it (leaking the original object), a holdover from the conversion between construction techniques in 1.11.14
* Modify interfaces of KDF and PBKDF to write output to an array, withlloyd2015-02-181-8/+8
| | | | higher level functions on interface handling returning a vector.
* Add new module `ffi` which provides a plain C interface, plus a newlloyd2015-02-162-3/+2
| | | | | | | | | | | | ctypes Python wrapper that uses it. The API is intentionally designed to have a very simple ABI (extern "C", all structs are opaque, no memory ownership passing the FFI boundary, limited set of simple types as args) so the ctypes wrapper is quite simple. Currently ffi provides ciphers, hashes, MACs, RNGs, PBKDF, KDF, bcrypt, and most public key operations. Remove the old boost.python wrapper and all the build code for it.
* Remove static castslloyd2015-02-066-34/+28
|
* Clean up root dir, remove some unneeded dependencieslloyd2015-02-051-1/+0
|
* Remove algo factory, engines, global RNG, global state, etc.lloyd2015-02-0428-188/+131
| | | | | | | | | | | | | | | Convert all uses of Algorithm_Factory and the engines to using Algo_Registry The shared pool of entropy sources remains but is moved to EntropySource. With that and few remaining initializations (default OIDs and aliases) moved elsewhere, the global state is empty and init and shutdown are no-ops. Remove almost all of the headers and code for handling the global state, except LibraryInitializer which remains as a compatability stub. Update seeding for blinding so only one hacky almost-global RNG instance needs to be setup instead of across all pubkey uses (it uses either the system RNG or an AutoSeeded_RNG if the system RNG is not available).
* Convert PK operations to using Algo_Registry instead of Engine.lloyd2015-02-0325-693/+806
| | | | Remove global PRNG.
* Add missing files. Remove cipher lookup from engine code.lloyd2015-02-011-8/+2
|
* Use registry also for KDF, EMSA, and EMElloyd2015-01-311-3/+3
|
* Use registry for streams and MACs. Start updating callers.lloyd2015-01-312-7/+3
|
* Centralize where string.h/cstring is included to mem_ops.hlloyd2015-01-238-30/+24
| | | | See github 42 for background
* Amalgamation fixeslloyd2015-01-233-23/+4
|
* Ensure all files have copyright and license info.lloyd2015-01-1075-82/+84
| | | | | Update license header line to specify the terms and refer to the file, neither of which it included before.
* Add MCEIES, an integrated encryption system using McEliece and AES-256/OCBlloyd2015-01-083-0/+154
|
* No need to reseed RNG in DSA sign as RNG is no longer usedlloyd2015-01-081-4/+2
|
* Cleanuplloyd2015-01-081-7/+5
|
* Add Poly1305, based on poly1305-donna by Andrew Moon.lloyd2014-12-292-120/+0
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-26 01:35:28 +0000