aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/rng
Commit message (Collapse)AuthorAgeFilesLines
* Use rejection sampling in BigInt::random_integerJack Lloyd2016-03-161-0/+2
| | | | Avoids the test vector contortions in RSA-KEM
* cppcheck fixes: Class 'X' has a constructor with 1 argument that is not ↵Daniel Neus2016-03-051-1/+1
| | | | explicit.
* Add explicit fork check to HMAC_RNGJack Lloyd2016-02-072-5/+8
| | | | | | | | | | | Add OS functions get_process_id, get_processor_timestamp, and get_system_timestamp_ns. HMAC_RNG uses the pid call to detect forks to initiate a reseed. It also adds the output of all three functions (the pid, the CPU cycle counter, and the system timestamp) into the PRF input. Calls the new OS timer functions from hres_timer entropy source. Removes the call to QPC in es_win32 which is mostly redundant with the one in hres_timer.
* Remove RNG::gen_mask, which had undefined behavior when bits >= 32Jack Lloyd2016-01-011-12/+0
| | | | | | | | | | Bug found by Daniel Neus The function wasn't being used anywhere in the library (and was only added in 1.11.20) so it seems easier to remove than fix. And removing it serves to put any user on notice that something bad happened; Daniel tested this as returning just 0 when bits >= 32 with his system's compiler.
* Reroot the exception hierarchy into a toplevel Exception classJack Lloyd2015-12-112-5/+5
| | | | | | | | As the alternatives are unfortunate for applications trying to catch all library errors, and it seems deriving from std::runtime_error causes problems with MSVC DLLs (GH #340) Effectively reverts 2837e915d82e43
* Push the hardcoded entropy estimates up to build.hJack Lloyd2015-11-281-5/+5
| | | | Defaults should be fine for everyone but it makes the values more transparent
* New reseed_with_sources call on RNGsJack Lloyd2015-11-2411-41/+124
| | | | | | | | | | | | | Provides an easier way for an application to configure a list of entropy sources they'd like to use, or add a custom entropy source to their seeding. Exposes some toggles for the global/default entropy sources to build.h Adds basic entropy tests which runs the polls and does sanity checking on the results, including compression tests if available. These are less useful for the CSPRNG outputs but a good check for the ones producing plain ASCII like the /proc reader.
* Update and consolidate the test framework.Jack Lloyd2015-11-111-0/+1
| | | | | | | | | | | The tests previously had used 4 to 6 different schemes internally (the vec file reader framework, Catch, the old InSiTo Boost.Test tests, the PK/BigInt tests which escaped the rewrite in 1.11.7, plus a number of one-offs). Converge on a design that works everywhere, and update all the things. Fix also a few bugs found by the test changes: SHA-512-256 name incorrect, OpenSSL RC4 name incorrect, signature of FFI function botan_pubkey_destroy was wrong.
* TLS improvementsJack Lloyd2015-10-251-0/+8
| | | | | | | | | | | | | | Use constant time operations when checking CBC padding in TLS decryption Fix a bug in decoding ClientHellos that prevented DTLS rehandshakes from working: on decode the session id and hello cookie would be swapped, causing confusion between client and server. Various changes in the service of finding the above DTLS bug that should have been done before now anyway - better control of handshake timeouts (via TLS::Policy), better reporting of handshake state in the case of an error, and finally expose the facility for per-message application callbacks.
* Add System_RNG which is an instantiatable RNG that uses the system RNGJack Lloyd2015-10-152-9/+32
| | | | | | Previously you couldn't have an unique_ptr<RNG> that might point to either a system rng or an autoseed rng depending on availability. That was already needed in ffi and is useful elsewhere.
* McEliece cleanupsJack Lloyd2015-09-291-1/+1
| | | | | | | | | | | | | | | | | | | | Remove and consolidate various headers Reduce memory usage of GF2m_Field by sharing the log and exponent tables across all instances of a particular word size. Remove McEliece_Public_Operation and McEliece_Private_Operation which were difficult to use safely. Instead only the KEM operations are exposed. Add McEliece_PublicKey::random_plaintext_element Add command line `mce` tool and some McEliece documentation Convert the speed program to check McEliece keys of the suggested size Add McEliece KATs for both key generation and KEM Fix HMAC_DRBG constructor which derefed a pointer before its time
* Add HMAC_DRBG constructor taking a name for the MAC instead of an objJack Lloyd2015-09-222-0/+15
|
* Remove use of lookup.h in favor of new T::create API.Jack Lloyd2015-09-211-3/+5
|
* Internal header cleanupsJack Lloyd2015-09-192-3/+0
| | | | Only user-visible change is the removal of get_byte.h
* Add power analysis countermeasures for ECC point multiplications.Jack Lloyd2015-08-211-6/+24
| | | | | | | | The plain PointGFp operator* now uses Montgomery ladder exclusively. Adds a blinded point multiply algorithm which uses exponent and point randomization, as well as a Montgomery ladder technique that takes a random walk of the possible addition chains for k.
* rng: Add missing overridesDaniel Seither2015-07-305-30/+30
|
* Add Android OSDaniel Seither2015-07-171-0/+1
| | | | | | The android.txt is a copy of linux.txt minus the getsid feature (Android's libc, Bionic, doesn't support it) and the alias linux-gnu. It is supported anywhere where linux is supported.
* Remove references to removed tru64 OSDaniel Seither2015-07-171-1/+0
| | | | There's no OS file in src/build-data/os for tru64
* lib/rng: Convert &vec[0] to vec.data()Simon Warta2015-06-234-9/+9
|
* Add timeouts to HMAC_RNG entropy pollinglloyd2015-03-182-58/+57
|
* Externalize the state of a RFC 6979 nonce computation.lloyd2015-03-122-6/+8
| | | | | | | | | | | | This lets you amortize quite a few memory allocations (RNG, various BigInts, etc) over many nonce generations. Change generate_rfc6979_nonce to just instantiate one of these states, call the function once, and return. This doesn't have any additional overhead versus the previous implementation of this function. Fix HMAC_DRBG to correctly reset its state to its starting position when you call clear() on it.
* Typolloyd2015-03-061-1/+1
|
* Hide Algorithm_Factory and use the functions in lookup.h internally.lloyd2015-03-041-5/+4
| | | | | | Fix two memory leaks (in TLS and modes) caused by calling get_foo and then cloning the result before saving it (leaking the original object), a holdover from the conversion between construction techniques in 1.11.14
* Clean up root dir, remove some unneeded dependencieslloyd2015-02-051-4/+0
|
* Remove algo factory, engines, global RNG, global state, etc.lloyd2015-02-042-4/+3
| | | | | | | | | | | | | | | Convert all uses of Algorithm_Factory and the engines to using Algo_Registry The shared pool of entropy sources remains but is moved to EntropySource. With that and few remaining initializations (default OIDs and aliases) moved elsewhere, the global state is empty and init and shutdown are no-ops. Remove almost all of the headers and code for handling the global state, except LibraryInitializer which remains as a compatability stub. Update seeding for blinding so only one hacky almost-global RNG instance needs to be setup instead of across all pubkey uses (it uses either the system RNG or an AutoSeeded_RNG if the system RNG is not available).
* Convert PK operations to using Algo_Registry instead of Engine.lloyd2015-02-032-19/+5
| | | | Remove global PRNG.
* Centralize where string.h/cstring is included to mem_ops.hlloyd2015-01-231-1/+0
| | | | See github 42 for background
* Ensure all files have copyright and license info.lloyd2015-01-1011-11/+11
| | | | | Update license header line to specify the terms and refer to the file, neither of which it included before.
* Fix System_RNG for Windows, fix nmake clean targetlloyd2014-12-221-2/+2
|
* Enable system_rng on Windows and MinGW (untested)lloyd2014-12-213-5/+15
|
* Add MinGW support for the CryptoAPI RNG. Also disable the dependencieslloyd2014-12-171-1/+1
| | | | | | | | in auto_rng for a working entropy source as in situations where it doesn't work almost none of the library builds. Disable boost by default from the library. Github issue 34. Unrelated - remove long dead Tru64 as a target.
* Untested support for using CryptGenRandom in System_RNGlloyd2014-12-061-0/+32
|
* Add an easy way to directly use the system PRNG.lloyd2014-12-023-0/+117
|
* Various small fixes and cleanups, new is_prime utillloyd2014-11-031-5/+5
|
* Require one plausible entropy source in auto_rng, prevents the commonlloyd2014-04-271-0/+1
| | | | error of generating an amalagamation build with all of them disabled.
* Simpify HMAC_RNG reseeding process. Actually update HMAC_DRBG reseed counter.lloyd2014-03-222-3/+13
|
* Add RFC 6979 nonce generator. Also some HMAC_DRBG cleanups.lloyd2014-03-222-11/+16
|
* Add HMAC_DRBGlloyd2014-03-214-1/+159
|
* Change X9.31 to automatically reseed if randomize is called while unseeded.lloyd2014-02-131-1/+6
| | | | | If no entropy sources at all are enabled in the build, throw an exception immediately rather than having the poll mysteriously fail.
* Guess I won't be needing theselloyd2014-01-182-2/+0
|
* More unique_ptr, and pull <memory> all the way up to types.hlloyd2014-01-182-73/+39
|
* Split up docs into the reference manual, the website, and everything else.lloyd2014-01-101-0/+2
| | | | | | | | | | | Add `website` target to makefile. Some progress towards fixing minimized builds. TLS now hard requires ECDSA and GCM since otherwise a minimized build has only insecure options. Remove boost_thread dependency in command line tool
* Move lib into srclloyd2014-01-1011-0/+728
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-22 18:20:08 +0000