aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/pubkey
Commit message (Collapse)AuthorAgeFilesLines
* Use ct_modulo during RSA key generationJack Lloyd2018-12-031-6/+7
|
* No need to check x when checking if a point is at infinityJack Lloyd2018-12-011-2/+1
| | | | I'm not sure why this was here.
* Add BigInt::mod_mulJack Lloyd2018-12-013-27/+10
|
* Fix debug asserts, and add it to CIJack Lloyd2018-11-291-2/+2
|
* Add CT::Mask typeJack Lloyd2018-11-284-22/+21
|
* Make more BigInt functions const-timeJack Lloyd2018-11-261-0/+1
| | | | In particular comparisons, calc sig words, and mod_sub are const time now.
* Make exceptions easier to translate to error codesJack Lloyd2018-11-238-24/+28
| | | | | | | | | | | Avoid throwing base Botan::Exception type, as it is difficult to determine what the error is in that case. Add Exception::error_code and Exception::error_type which allows (for error code) more information about the error and (for error type) allows knowing the error type without requiring a sequence of catches. See GH #1742
* Avoid calling memset, memcpy within library codeJack Lloyd2018-11-172-6/+6
| | | | | | | | | Prefer using wrappers in mem_utils for this. Current exception is where memcpy is being used to convert between two different types, since copy_mem requires input and output pointers have the same type. There should be a new function to handle conversion-via-memcpy operation.
* Avoid an implausible integer overflow flagged by Coverity [ci skip]Jack Lloyd2018-11-101-1/+6
|
* Add some missing includesJack Lloyd2018-11-083-0/+4
| | | | This is not exhaustive. See GH #1733
* Compile fixJack Lloyd2018-11-071-0/+1
|
* Avoid using std::invalid_argumentJack Lloyd2018-11-071-2/+2
| | | | See #1726
* Fix compilation problem when scrypt is disabledJack Lloyd2018-10-291-0/+1
| | | | Fixes GH #1720
* Remove support for Visual C++ 2013Jack Lloyd2018-10-012-3/+1
| | | | Closes GH #1557
* Fix more MSVC warningsJack Lloyd2018-10-012-22/+22
|
* Fix some MSVC warningsJack Lloyd2018-09-301-4/+4
|
* Spell check the documentationJack Lloyd2018-09-281-7/+7
|
* Merge GH #1670 New password hashing interfaceJack Lloyd2018-09-131-20/+44
|\
| * Remove redundant operationJack Lloyd2018-09-101-4/+0
| |
| * Add from_iterationsJack Lloyd2018-09-101-9/+4
| |
| * Convert ScryptJack Lloyd2018-09-101-20/+53
| | | | | | | | | | | | | | This also changes some (library only) APIs so PBES2 needed to be modified. This is a contribution of Ribose Inc (@riboseinc)
* | Add FFI functions for creating and getting X25519 dataJack Lloyd2018-09-102-0/+4
|/ | | | See GH #1680
* Support SM2 raw signaturesJack Lloyd2018-09-091-57/+101
| | | | | | Where SM2 signs a hash input provided by the application. This is a contribution by Ribose Inc (@riboseinc)
* Remove unneeded load_on autoJack Lloyd2018-09-041-2/+0
| | | | It is the default...
* Merge GH #1659 Report correct size for XMSS signaturesJack Lloyd2018-08-241-2/+4
|\
| * Implements correct XMSS signature size calculationMatthias Gierlings2018-08-241-2/+4
| | | | | | | | Implements the correct signature size calculation for XMSS, required by #1641.
* | Allow SIV for PBES2 private key encryptionJack Lloyd2018-08-231-2/+7
|/
* Add PBES2 as alias for PBE-PKCS5v20Jack Lloyd2018-08-231-1/+3
| | | | Easier to remember and type.
* Simplify exception messagesJack Lloyd2018-08-222-4/+4
| | | | Remove "Invalid argument" and "Decoding Error" prefixes
* Fix some Doxygen warningsJack Lloyd2018-08-151-1/+0
|
* Add missing override annotations [ci skip]Jack Lloyd2018-08-132-2/+2
|
* Add function to return the size of a key agreement outputJack Lloyd2018-08-127-7/+29
| | | | Very useful when using "Raw" DH/ECDH via the FFI API.
* Fix off by one for SM2 ciphertext lengthJack Lloyd2018-08-101-1/+1
| | | | | It is possible up to 13 bytes are required. Round up to 16 bytes just cause.
* Add functions to get size of PK ciphertext,plaintextJack Lloyd2018-08-1012-53/+165
| | | | Needed for https://github.com/strongswan/strongswan/pull/109
* Add PK_Signer::signature_lengthJack Lloyd2018-08-1015-2/+69
|
* Combine SM2 key types for signatures and encryptionJack Lloyd2018-08-016-157/+71
| | | | | | It seems in practice the same key may be end up used for both operations, so maintaining a distinction at the type level just complicates things.
* Add Lucas test from FIPS 186-4Jack Lloyd2018-07-311-24/+3
| | | | | | | | | | This eliminates an issue identified in the paper "Prime and Prejudice: Primality Testing Under Adversarial Conditions" by Albrecht, Massimo, Paterson and Somorovsky where DL_Group::verify_group with strong=false would accept a composite q with probability 1/4096, which is exactly as the error bound is documented, but still unfortunate.
* Ensure values are fully reduced during ECDSA signatureJack Lloyd2018-07-301-3/+3
| | | | | It was possible that the Barrett reduction code would fall back to standard division due to getting an input that was >= order^2.
* Use Alloc templates instead of overriding for specific vector typesJack Lloyd2018-07-241-16/+16
|
* Fix bad assert in Goppa decodingJack Lloyd2018-07-241-3/+4
|
* Require SM2 ciphertexts be DER encodedJack Lloyd2018-07-241-2/+18
| | | | | | | Previously SM2 test would fail about 1 in a thousand times because we would corrupt the ciphertext such that the BER was still valid; it would change the length field to an indefinite length marker, which still decoded correctly.
* In ECC private key encoding, include the optional public key fieldJack Lloyd2018-07-231-2/+4
| | | | Otherwise GnuTLS refuses to parse the private key. Fixes #1634
* Make use of AlgorithmIdentifier::USE_EMPTY_PARAMJack Lloyd2018-07-103-9/+3
|
* Correct Doxygen errorsJack Lloyd2018-07-021-3/+2
|
* Fix Coverity false positiveJack Lloyd2018-06-291-0/+2
| | | | It thinks a divide by zero can happen here
* Fix some -Wshadow warningsJack Lloyd2018-06-291-4/+4
|
* Move reduction mod q to DL_GroupJack Lloyd2018-06-283-26/+107
| | | | | Avoids computing Barrett params many times and gives option for more optimizations in future.
* Expose reduction mod p in CurveGFpJack Lloyd2018-06-283-16/+28
| | | | This is slightly slower for Brainpool, but NIST curves are 5% faster.
* Correct computing of discriminant in EC_Group::verify_groupJack Lloyd2018-06-271-16/+34
| | | | It was checking 4*a+27*b instead of 4*a^3 + 27*b^2
* Some fiddling with RSA private operationJack Lloyd2018-06-221-18/+29
| | | | | Spawning the thread off as quickly as possible helps perf slighty, especially with larger modulus.