| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
Previously it fixed g=2 but this is not always correct. GH #784
Change default PEM header for X9.42 groups to match OpenSSL. We
accept either on decoding. GH #784
Change {DL_Group,EC_Group}::PEM_for_named_curve to return std::string
instead of a const char*. That makes a future refactoring I have in
mind possible without breaking API.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Fix a bug in how the 6144 and 8192 IETF MODP groups were encoded; they
have g and q values switched. Fixed by just switching the PEM header
to match the actual encoded format.
Rename DL_Group::X942_DH_PARAMETERS to ANSI_X9_42_DH_PARAMETERS to avoid
a macro conflict with Windows cryptography headers (GH #482)
|
| |\ |
|
| | |
| |
| |
| | |
available in all groups
|
| | | |
|
| | |
| |
| |
| | |
described in rfc2785
|
| | |
| |
| |
| | |
increased number of Miller-Rabin iterations, if strong is set (we pass 128 as prob in make_prm.cpp).
|
| |/
|
|
|
|
| |
Renames a couple of functions for somewhat better name consistency,
eg make_u32bit becomes make_uint32. The old typedefs remain for now
since probably lots of application code uses them.
|
| |
|
|
|
|
|
| |
Changes all the Public_Key derived classes ctors to take a
std::vector instead of a secure_vector for the DER encoded
public key bits. There is no point in transporting a public
key in secure storage. (GH #768)
|
| | |
|
| |
|
|
|
|
| |
Kind of a vestigial thing from an earlier iteration of the module
design, and never useful to specify anymore since taking all the cpp
files is what you want exactly 100% of the time.
|
| |
|
|
|
|
|
| |
Avoid having any files within src/lib (in any subdirs) with
the same name. That seems worth avoiding even just on the basis
of avoiding basic confusion (looked in named.cpp - no the other one...)
and may allow simplifying the build in various ways.
|
| |
|
|
|
|
|
| |
Adds new Private_Key::private_key_info() that returns
a PKCS#8 PrivateKeyInfo structure. Renames the current
Private_Key::pkcs8_private_key() to private_key_bits().
BER_encode() just invokes private_key_info().
|
| |
|
|
|
|
|
| |
Adds new Public_Key::subject_public_key() that returns
a X.509 SubjectPublicKey structure. Renames the current
Public_Key::x509_subject_public_key() to public_key_bits().
BER_encode() just invokes subject_public_key().
|
| |
|
|
|
|
|
|
|
|
|
|
| |
I was initially thinking of Botan as somewhat closed system, but
@cordney has a legit use case of wanting to expose a TPM sign
operation, but using their internal TPM library and TPM key type.
This requires the API be exposed so the derivation can occur.
Add a comment in the header explaining that the header is not for
normal application use and directing them to pubkey.h
This basically reverts 2747e8e23aec43162
|
| |\ |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The main XMSS implementation does not expose stand-alone access to XMSS
Winternitz One Time Signatures through the Botan::PK_Ops interfaces.
XMSS WOTS is used by XMSS internally though. This PR implements a
possible XMSS WOTS interface for stand-alone use.
XMSS WOTS is tested through the XMSS tests, therefore there are no
dedicated XMSS WOTS test vectors and test bench components implemented
in this PR.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[1] XMSS: Extended Hash-Based Signatures,
draft-itrf-cfrg-xmss-hash-based-signatures-06
Release: July 2016.
https://datatracker.ietf.org/doc/
draft-irtf-cfrg-xmss-hash-based-signatures/?include_text=1
Provides XMSS_PublicKey and XMSS_PrivateKey classes as well as implementations
for the Botan interfaces PK_Ops::Signature and PK_Ops::Verification. XMSS has
been integrated into the Botan test bench, signature generation and verification
can be tested independently by invoking "botan-test xmss_sign" and
"botan-test xmss_verify"
- Some headers that are not required to be exposed to users of the library have
to be declared as public in `info.txt`. Declaring those headers private will
cause the amalgamation build to fail. The following headers have been
declared public inside `info.txt`, even though they are only intended for
internal use:
* atomic.h
* xmss_hash.h
* xmss_index_registry.h
* xmss_address.h
* xmss_common_ops.h
* xmss_tools.h
* xmss_wots_parameters.h
* xmss_wots_privatekey.h
* xmss_wots_publickey.h
- XMSS_Verification_Operation Requires the "randomness" parameter out of the
XMSS signature. "Randomness" is part of the prefix that is hashed *before*
the message. Since the signature is unknown till sign() is called, all
message content has to be buffered. For large messages this can be
inconvenient or impossible.
**Possible solution**: Change PK_Ops::Verification interface to take
the signature as constructor argument, and provide a setter method to be able
to update reuse the instance on multiple signatures. Make sign a parameterless
member call. This solution requires interface changes in botan.
**Suggested workaround** for signing large messages is to not sign the message
itself, but to precompute the message hash manually using Botan::HashFunctio
and sign the message hash instead of the message itself.
- Some of the available test vectors for the XMSS signature verification have
been commented out in order to reduce testbench runtime.
|
| | |
| |
| |
| | |
Require SHA-256 in XMSS since that is mandatory for the index registry.
|
| | |
| |
| |
| |
| |
| | |
Previously just throw an exception from map.at
Add an XMSS keygen test, and add default params for create_private_key
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
- Enables code for shake support
- Creating SHAKE hash function by name now allows to select output size
of 256 Bit for SHAKE128 and 512 Bit for SHAKE256.
- Adds *self-generated*, unverified test vectors for XMSS/SHAKE.
|
| |/ /
| |
| |
| |
| |
| |
| | |
This caused Doxygen to dump the copyright notices for those files into
the Botan namespace description, which is not helpful.
[ci skip]
|
| | |
| |
| |
| |
| |
| |
| | |
Now that users can implement custom PK ops via
Private_Key and Public_Key outside the library,
it makes very much sense to provide the
work factor functions to them.
|
| | |
| |
| |
| |
| | |
Recent Clang complains about forward decl as 'class X' when X was
actually declared as a struct.
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Tested against BoringSSL (as client + server) and google.com (as client).
Fix a stupid crashing bug in NewHope's BoringSSL mode.
Remove unneeded error return from curve25519_donna - always returned 0.
Default policy prefers ChaChaPoly1305 over GCM and CECPQ1 over ECDH/DH, which
means the default no-extra-configuration ciphersuite (for Botan client speaking
to Botan server) is a ciphersuite which is both implemented in constant time
on all platforms and (hopefully) provides post quantum security. Good Things.
|
| |/
|
|
|
| |
No need to strictly require it, and some applications may only want
system RNG or RDRAND.
|
| |
|
|
| |
[ci skip]
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
- Removes custom XMSS_Hash assignment operator.
- Changes mutex type used in XMSS_Index_Registryfrom std::mutex to
Botan::mutex_type, changes lock_guard accordingly.
- Removes singleton and endianess detection from XMSS_Tools, changes
XMSS_Tools::concat() to be a static method.
- XMSS/XMSS_WOTS check_key() now always returns true.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[1] XMSS: Extended Hash-Based Signatures,
draft-itrf-cfrg-xmss-hash-based-signatures-06
Release: July 2016.
https://datatracker.ietf.org/doc/
draft-irtf-cfrg-xmss-hash-based-signatures/?include_text=1
Provides XMSS_PublicKey and XMSS_PrivateKey classes as well as implementations
for the Botan interfaces PK_Ops::Signature and PK_Ops::Verification. XMSS has
been integrated into the Botan test bench, signature generation and verification
can be tested independently by invoking "botan-test xmss_sign" and
"botan-test xmss_verify"
- Some headers that are not required to be exposed to users of the library have
to be declared as public in `info.txt`. Declaring those headers private will
cause the amalgamation build to fail. The following headers have been
declared public inside `info.txt`, even though they are only intended for
internal use:
* atomic.h
* xmss_hash.h
* xmss_index_registry.h
* xmss_address.h
* xmss_common_ops.h
* xmss_tools.h
* xmss_wots_parameters.h
* xmss_wots_privatekey.h
* xmss_wots_publickey.h
- XMSS_Verification_Operation Requires the "randomness" parameter out of the
XMSS signature. "Randomness" is part of the prefix that is hashed *before*
the message. Since the signature is unknown till sign() is called, all
message content has to be buffered. For large messages this can be
inconvenient or impossible.
**Possible solution**: Change PK_Ops::Verification interface to take
the signature as constructor argument, and provide a setter method to be able
to update reuse the instance on multiple signatures. Make sign a parameterless
member call. This solution requires interface changes in botan.
**Suggested workaround** for signing large messages is to not sign the message
itself, but to precompute the message hash manually using Botan::HashFunctio
and sign the message hash instead of the message itself.
- Some of the available test vectors for the XMSS signature verification have
been commented out in order to reduce testbench runtime.
|
| |/
|
|
|
|
|
|
|
|
| |
Add Public_Key::key_length usable for policy checking (as in
TLS::Policy::check_peer_key_acceptable)
Remove Public_Key::max_input_bits because it didn't make much sense
for most algorithms actually.
Remove message_parts and message_part_size from PK_Ops
|
| |
|
|
| |
Remove old style casts, wrap some very long lines.
|
| | |
|
| |
|
|
| |
Also part of Algo_Registry and not needed after #668
|
| |
|
|
| |
Was used by Algo_Registry lookups, no longer needed after #668
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| |
| | |
One additional, application-specific curve can be added
at compile time, using the new
configure.py --house-curve=curve.pem,funky311,1.2.3.4,FEFF.
|
| |\ \ |
|
| | |/ |
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously PKCS11_ECDSA_PrivateKey::check_key failed because no
verification is possible using this key type (does not derive from
public key). Split keypair consistency to allow two key arguments.
ECDSA keypair consistency disabled in the tests still, because
SoftHSMv2 gives mechanism invalid errors. I think this is a SoftHSMv2
issue with the signature mechanism.
Remove no longer used Key_Type typedefs (need to be removed everywhere).
GH #712
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
OID map is now generated from an input file on an as needed basis.
Just uses a sequence of ifs - simple, fast, and small code size.
Merges oid_lookup sub-module which was already required by asn1 anyway,
so completely non-optional.
Removes @neusdan's nice OID tests since without any runtime adds the
tests are moot.
|
| |/
|
|
|
|
|
|
|
|
|
|
|
| |
Rarely expected and often causes performance problems, especially for private keys.
Instead applications should call check_key explicitly to validate keys when
necessary.
Note this removal doesn't apply to tests like ECDH on-the-curve tests, where a check
on the public key is required for security of our own key.
Updates most APIs to remove RNG calls, where they are no longer required. Exception
is PKCS8 interface, pending further work there (see GH #685) it just ignores the RNG
argument now.
|
