Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Use ct_modulo during RSA key generation | Jack Lloyd | 2018-12-03 | 1 | -6/+7 |
| | |||||
* | No need to check x when checking if a point is at infinity | Jack Lloyd | 2018-12-01 | 1 | -2/+1 |
| | | | | I'm not sure why this was here. | ||||
* | Add BigInt::mod_mul | Jack Lloyd | 2018-12-01 | 3 | -27/+10 |
| | |||||
* | Fix debug asserts, and add it to CI | Jack Lloyd | 2018-11-29 | 1 | -2/+2 |
| | |||||
* | Add CT::Mask type | Jack Lloyd | 2018-11-28 | 4 | -22/+21 |
| | |||||
* | Make more BigInt functions const-time | Jack Lloyd | 2018-11-26 | 1 | -0/+1 |
| | | | | In particular comparisons, calc sig words, and mod_sub are const time now. | ||||
* | Make exceptions easier to translate to error codes | Jack Lloyd | 2018-11-23 | 8 | -24/+28 |
| | | | | | | | | | | | Avoid throwing base Botan::Exception type, as it is difficult to determine what the error is in that case. Add Exception::error_code and Exception::error_type which allows (for error code) more information about the error and (for error type) allows knowing the error type without requiring a sequence of catches. See GH #1742 | ||||
* | Avoid calling memset, memcpy within library code | Jack Lloyd | 2018-11-17 | 2 | -6/+6 |
| | | | | | | | | | Prefer using wrappers in mem_utils for this. Current exception is where memcpy is being used to convert between two different types, since copy_mem requires input and output pointers have the same type. There should be a new function to handle conversion-via-memcpy operation. | ||||
* | Avoid an implausible integer overflow flagged by Coverity [ci skip] | Jack Lloyd | 2018-11-10 | 1 | -1/+6 |
| | |||||
* | Add some missing includes | Jack Lloyd | 2018-11-08 | 3 | -0/+4 |
| | | | | This is not exhaustive. See GH #1733 | ||||
* | Compile fix | Jack Lloyd | 2018-11-07 | 1 | -0/+1 |
| | |||||
* | Avoid using std::invalid_argument | Jack Lloyd | 2018-11-07 | 1 | -2/+2 |
| | | | | See #1726 | ||||
* | Fix compilation problem when scrypt is disabled | Jack Lloyd | 2018-10-29 | 1 | -0/+1 |
| | | | | Fixes GH #1720 | ||||
* | Remove support for Visual C++ 2013 | Jack Lloyd | 2018-10-01 | 2 | -3/+1 |
| | | | | Closes GH #1557 | ||||
* | Fix more MSVC warnings | Jack Lloyd | 2018-10-01 | 2 | -22/+22 |
| | |||||
* | Fix some MSVC warnings | Jack Lloyd | 2018-09-30 | 1 | -4/+4 |
| | |||||
* | Spell check the documentation | Jack Lloyd | 2018-09-28 | 1 | -7/+7 |
| | |||||
* | Merge GH #1670 New password hashing interface | Jack Lloyd | 2018-09-13 | 1 | -20/+44 |
|\ | |||||
| * | Remove redundant operation | Jack Lloyd | 2018-09-10 | 1 | -4/+0 |
| | | |||||
| * | Add from_iterations | Jack Lloyd | 2018-09-10 | 1 | -9/+4 |
| | | |||||
| * | Convert Scrypt | Jack Lloyd | 2018-09-10 | 1 | -20/+53 |
| | | | | | | | | | | | | | | This also changes some (library only) APIs so PBES2 needed to be modified. This is a contribution of Ribose Inc (@riboseinc) | ||||
* | | Add FFI functions for creating and getting X25519 data | Jack Lloyd | 2018-09-10 | 2 | -0/+4 |
|/ | | | | See GH #1680 | ||||
* | Support SM2 raw signatures | Jack Lloyd | 2018-09-09 | 1 | -57/+101 |
| | | | | | | Where SM2 signs a hash input provided by the application. This is a contribution by Ribose Inc (@riboseinc) | ||||
* | Remove unneeded load_on auto | Jack Lloyd | 2018-09-04 | 1 | -2/+0 |
| | | | | It is the default... | ||||
* | Merge GH #1659 Report correct size for XMSS signatures | Jack Lloyd | 2018-08-24 | 1 | -2/+4 |
|\ | |||||
| * | Implements correct XMSS signature size calculation | Matthias Gierlings | 2018-08-24 | 1 | -2/+4 |
| | | | | | | | | Implements the correct signature size calculation for XMSS, required by #1641. | ||||
* | | Allow SIV for PBES2 private key encryption | Jack Lloyd | 2018-08-23 | 1 | -2/+7 |
|/ | |||||
* | Add PBES2 as alias for PBE-PKCS5v20 | Jack Lloyd | 2018-08-23 | 1 | -1/+3 |
| | | | | Easier to remember and type. | ||||
* | Simplify exception messages | Jack Lloyd | 2018-08-22 | 2 | -4/+4 |
| | | | | Remove "Invalid argument" and "Decoding Error" prefixes | ||||
* | Fix some Doxygen warnings | Jack Lloyd | 2018-08-15 | 1 | -1/+0 |
| | |||||
* | Add missing override annotations [ci skip] | Jack Lloyd | 2018-08-13 | 2 | -2/+2 |
| | |||||
* | Add function to return the size of a key agreement output | Jack Lloyd | 2018-08-12 | 7 | -7/+29 |
| | | | | Very useful when using "Raw" DH/ECDH via the FFI API. | ||||
* | Fix off by one for SM2 ciphertext length | Jack Lloyd | 2018-08-10 | 1 | -1/+1 |
| | | | | | It is possible up to 13 bytes are required. Round up to 16 bytes just cause. | ||||
* | Add functions to get size of PK ciphertext,plaintext | Jack Lloyd | 2018-08-10 | 12 | -53/+165 |
| | | | | Needed for https://github.com/strongswan/strongswan/pull/109 | ||||
* | Add PK_Signer::signature_length | Jack Lloyd | 2018-08-10 | 15 | -2/+69 |
| | |||||
* | Combine SM2 key types for signatures and encryption | Jack Lloyd | 2018-08-01 | 6 | -157/+71 |
| | | | | | | It seems in practice the same key may be end up used for both operations, so maintaining a distinction at the type level just complicates things. | ||||
* | Add Lucas test from FIPS 186-4 | Jack Lloyd | 2018-07-31 | 1 | -24/+3 |
| | | | | | | | | | | This eliminates an issue identified in the paper "Prime and Prejudice: Primality Testing Under Adversarial Conditions" by Albrecht, Massimo, Paterson and Somorovsky where DL_Group::verify_group with strong=false would accept a composite q with probability 1/4096, which is exactly as the error bound is documented, but still unfortunate. | ||||
* | Ensure values are fully reduced during ECDSA signature | Jack Lloyd | 2018-07-30 | 1 | -3/+3 |
| | | | | | It was possible that the Barrett reduction code would fall back to standard division due to getting an input that was >= order^2. | ||||
* | Use Alloc templates instead of overriding for specific vector types | Jack Lloyd | 2018-07-24 | 1 | -16/+16 |
| | |||||
* | Fix bad assert in Goppa decoding | Jack Lloyd | 2018-07-24 | 1 | -3/+4 |
| | |||||
* | Require SM2 ciphertexts be DER encoded | Jack Lloyd | 2018-07-24 | 1 | -2/+18 |
| | | | | | | | Previously SM2 test would fail about 1 in a thousand times because we would corrupt the ciphertext such that the BER was still valid; it would change the length field to an indefinite length marker, which still decoded correctly. | ||||
* | In ECC private key encoding, include the optional public key field | Jack Lloyd | 2018-07-23 | 1 | -2/+4 |
| | | | | Otherwise GnuTLS refuses to parse the private key. Fixes #1634 | ||||
* | Make use of AlgorithmIdentifier::USE_EMPTY_PARAM | Jack Lloyd | 2018-07-10 | 3 | -9/+3 |
| | |||||
* | Correct Doxygen errors | Jack Lloyd | 2018-07-02 | 1 | -3/+2 |
| | |||||
* | Fix Coverity false positive | Jack Lloyd | 2018-06-29 | 1 | -0/+2 |
| | | | | It thinks a divide by zero can happen here | ||||
* | Fix some -Wshadow warnings | Jack Lloyd | 2018-06-29 | 1 | -4/+4 |
| | |||||
* | Move reduction mod q to DL_Group | Jack Lloyd | 2018-06-28 | 3 | -26/+107 |
| | | | | | Avoids computing Barrett params many times and gives option for more optimizations in future. | ||||
* | Expose reduction mod p in CurveGFp | Jack Lloyd | 2018-06-28 | 3 | -16/+28 |
| | | | | This is slightly slower for Brainpool, but NIST curves are 5% faster. | ||||
* | Correct computing of discriminant in EC_Group::verify_group | Jack Lloyd | 2018-06-27 | 1 | -16/+34 |
| | | | | It was checking 4*a+27*b instead of 4*a^3 + 27*b^2 | ||||
* | Some fiddling with RSA private operation | Jack Lloyd | 2018-06-22 | 1 | -18/+29 |
| | | | | | Spawning the thread off as quickly as possible helps perf slighty, especially with larger modulus. |