aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/pubkey
Commit message (Collapse)AuthorAgeFilesLines
* prepare TLS 1.2 for addition of TLS 1.3Hannes Rantzsch2022-04-041-4/+4
| | | | | | | | Co-authored-by: René Meusel <[email protected]> Co-authored-by: Marek Kocik <[email protected]> Co-authored-by: Grzegorz Dulewicz <[email protected]> Co-authored-by: Pawel Bazelewski <[email protected]> Co-authored-by: Pawel Jarosz <[email protected]>
* More clang-tidy fixesJack Lloyd2022-02-107-8/+14
|
* Merge GH #2872 Add Kyber post-quantum KEMJack Lloyd2022-02-108-0/+1842
|\
| * review: fix cache based side channelHannes Rantzsch2022-02-101-11/+9
| | | | | | | | Co-authored-by: René Meusel <[email protected]>
| * move Botan::unreachable() to assert.hRené Meusel2022-02-071-0/+1
| |
| * debug-assert absence of integer over/under flowsRené Meusel2022-01-131-2/+17
| | | | | | | | Co-Authored-By: Hannes Rantzsch <[email protected]>
| * Code cleanups and improvements, details below:René Meusel2022-01-1311-1931/+1828
| | | | | | | | | | | | | | | | | | | | * Shake_128_Cipher as XOF * Split Kyber "modern" and "90s" modes into botan modules * copyright headers * OIDs for different kyber modes * Support ASN.1 Full encoding Co-authored-by: Hannes Rantzsch <[email protected]>
| * Support Kyber (quantum-safe KEM) as specified in Round 3 of the NIST ↵Michael Boric2022-01-043-0/+1931
| | | | | | | | | | | | | | | | post-quantum project. Specification an link to NIST submission package: https://pq-crystals.org/kyber/resources.shtml Co-authored-by: Manuel Glaser <[email protected]> Co-authored-by: René Meusel <[email protected]> Co-authored-by: Hannes Rantzsch <[email protected]>
* | Fix build problemsJack Lloyd2022-02-097-22/+26
| |
* | Fix some misc additional clang-tidy warningsJack Lloyd2022-02-061-5/+13
| |
* | Use C++17's concat namespace featureJack Lloyd2022-02-064-20/+4
| |
* | Remove static from data in anonymous namespacesJack Lloyd2022-02-061-2/+2
| |
* | Some fixes for modernize-loop-convertJack Lloyd2022-02-061-7/+7
| |
* | Fix clang-tidy readability-named-parameterJack Lloyd2022-02-0612-30/+30
| |
* | More perf fixesJack Lloyd2022-02-063-4/+4
| |
* | Fix clang-tidy readability-container-size-empty warningsJack Lloyd2022-02-066-8/+8
| |
* | Fix clang-tidy performance warningsJack Lloyd2022-02-0611-43/+43
| |
* | Avoid uses of volatile deprecated in C++20Jack Lloyd2022-01-273-6/+7
| |
* | Fix some Clang warningsJack Lloyd2022-01-272-4/+4
|/ | | | See GH #2886
* Fix GH #2861 Anything under 512 bits == 0 securityJack Lloyd2021-12-131-0/+3
| | | | CADO NFS can factor 512 bit RSA keys in under a day.
* Minor format tweaks [ci skip]Jack Lloyd2021-12-111-6/+6
|
* Remove the OpenSSL providerJack Lloyd2021-10-284-129/+0
| | | | | | | | Starting in OpenSSL 3.0, most of the functionality which we need to implement the OpenSSL provider is deprecated. Rather than reimplement the whole provider in order to allow it to continue to work in the future, just remove it. Efforts would be better spent doing more optimization work rather than chasing OpenSSL's API changes.
* Fix a couple of trivial typos alloverPeter Meerwald-Stadler2021-10-012-8/+8
|
* Update comment to be more clear, and add a ref to eprintJack Lloyd2021-09-181-2/+6
|
* Avoid using short exponents with ElGamalJack Lloyd2021-08-031-2/+6
| | | | | | Some off-brand PGP implementation generates keys where p - 1 is smooth, as a result short exponents can leak enough information about k to allow decryption.
* Fix indentationJack Lloyd2021-07-171-29/+29
|
* Verify decoded length of GOST public keysJack Lloyd2021-06-101-0/+3
| | | | | | | | This format is fixed length, so verify that. Caught by OSS-Fuzz where UbSan noticed that if the decoded array was empty we would use &bits[0] of an empty vector. OSS-Fuzz 35123
* Remove dead function declarationsJack Lloyd2021-06-071-8/+2
|
* Skip negative test in ECDSAJack Lloyd2021-05-291-1/+5
| | | | | Since it cannot occur because we decoded from binary within the same function.
* Fix an ECKCDSA bugJack Lloyd2021-05-241-8/+21
| | | | | | Add some more test vectors (taken from https://github.com/ANSSI-FR/libecc) and fix a bug which occured when either the group was not an even multiple of 8 bits, or when the x,y coordinates had any leading zero bytes.
* Prevent using non-sensical padding schemesJack Lloyd2021-05-223-6/+17
| | | | | Most padding schemes require message recovery, which, now that NR and RW have both been removed, limits their usage to RSA.
* More mp header cleanupsJack Lloyd2021-05-011-1/+0
|
* Merge GH #2726 Add support for IRTF hash to curveJack Lloyd2021-04-255-0/+366
|\
| * Implement draft-irtf-cfrg-hash-to-curveJack Lloyd2021-04-255-0/+366
| | | | | | | | | | | | | | Specifically SSWU with xmd based expansion Currently only P-256, P-384 and P-521 are supported but in principle this could be extended to most curves except those with A*B == 0
* | Modify BigInt constructorsJack Lloyd2021-04-2416-32/+32
|/ | | | | | | | | Add static methods for very common (eg zero, one) or very uncommon (eg ECSDA truncated integers) construction methods, instead of using C++ constructors for all of these. Also adds from_s32 which allows creating a negative BigInt easily, instead of -BigInt(-x) -> BigInt::from_s32(x)
* Don't loop forever if the RSA keygen rng is badJack Lloyd2021-04-211-1/+4
|
* In RSA keygen require that p and q differ by a wide rangeJack Lloyd2021-04-211-4/+10
| | | | This is required by FIPS 186-4 sec B.3.2
* Run scrypt and bcrypt-pbkdf through PasswordHashJack Lloyd2021-04-191-14/+7
| | | | | The old top level fns like scrypt are now deprecated, and we can now mark the algorithm headers as future-internal.
* Make get_byte take a compile-time constant indexJack Lloyd2021-04-163-10/+10
| | | | Add get_byte_var for the few cases that need a variable index
* Avoid now-deprecated PBKDF interface within the libraryJack Lloyd2021-04-081-10/+15
|
* Avoid clone in xmss_hashJack Lloyd2021-04-071-1/+1
|
* Add a function for creating an ECC key with arbitrary groupJack Lloyd2021-04-062-30/+51
| | | | | This is necessary in order to hide the ECC impl headers since in some cases you may need to use a non-standard group.
* More make_uniqueJack Lloyd2021-04-051-1/+1
|
* KDF::createJack Lloyd2021-04-051-4/+4
|
* ECDSA public key recovery: improve validation of r/s/vJack Lloyd2021-04-051-3/+8
| | | | GH #2698
* More raw pointer removalJack Lloyd2021-04-052-16/+8
|
* More uses of make_unique instead of unique_ptr(new ...)Jack Lloyd2021-04-0415-49/+48
|
* Use make_shared instead of shared_ptr(new ...)Jack Lloyd2021-04-033-15/+15
|
* Fix OpenSSL RSAJack Lloyd2021-04-031-5/+4
|
* Update PK factory fnsJack Lloyd2021-04-031-50/+49
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-01 20:54:44 +0000