| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
No need to strictly require it, and some applications may only want
system RNG or RDRAND.
|
| |
|
|
|
| |
Also CCM OIDS, and SHA-384/SHA-512 DSA OIDs. All from NIST:
http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html
|
| |\ |
|
| | |
| |
| |
| |
| |
| | |
This required fixing some test vectors that previously
omitted the MAC, defaulting to HMAC, that used the SHA-1
alias to SHA-160, and fixing X942_PRF::name().
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Several sites including oracle.com seem to send extension 11
(point format) even if we (the client) did not send it. Then the
handshake fails. To workaround this problem, simply always send this
extension as the client, instead of only sending it if we wished to
support compressed points.
|
| |/
|
|
|
|
| |
The current session established cb happens before the session is
activated, so it is not possible to send application data in
response to the connection being made.
|
| |\ |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
ESP padding is one of the recommended padding
methods from BSI-TR-02102-1.
|
| | | |
|
| |/
|
|
|
|
|
|
|
|
| |
Adds the full HKDF as class HKDF, renames the existing HKDF,
which only implemented the expansion step, to HKDF_Expand
and adds the extraction step as HKDF_Extract.
The latter two are usually only used seperately in
protocols such as TLS. A normal user would go for the
full HKDF.
|
| |
|
|
| |
[ci skip]
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
- Removes custom XMSS_Hash assignment operator.
- Changes mutex type used in XMSS_Index_Registryfrom std::mutex to
Botan::mutex_type, changes lock_guard accordingly.
- Removes singleton and endianess detection from XMSS_Tools, changes
XMSS_Tools::concat() to be a static method.
- XMSS/XMSS_WOTS check_key() now always returns true.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[1] XMSS: Extended Hash-Based Signatures,
draft-itrf-cfrg-xmss-hash-based-signatures-06
Release: July 2016.
https://datatracker.ietf.org/doc/
draft-irtf-cfrg-xmss-hash-based-signatures/?include_text=1
Provides XMSS_PublicKey and XMSS_PrivateKey classes as well as implementations
for the Botan interfaces PK_Ops::Signature and PK_Ops::Verification. XMSS has
been integrated into the Botan test bench, signature generation and verification
can be tested independently by invoking "botan-test xmss_sign" and
"botan-test xmss_verify"
- Some headers that are not required to be exposed to users of the library have
to be declared as public in `info.txt`. Declaring those headers private will
cause the amalgamation build to fail. The following headers have been
declared public inside `info.txt`, even though they are only intended for
internal use:
* atomic.h
* xmss_hash.h
* xmss_index_registry.h
* xmss_address.h
* xmss_common_ops.h
* xmss_tools.h
* xmss_wots_parameters.h
* xmss_wots_privatekey.h
* xmss_wots_publickey.h
- XMSS_Verification_Operation Requires the "randomness" parameter out of the
XMSS signature. "Randomness" is part of the prefix that is hashed *before*
the message. Since the signature is unknown till sign() is called, all
message content has to be buffered. For large messages this can be
inconvenient or impossible.
**Possible solution**: Change PK_Ops::Verification interface to take
the signature as constructor argument, and provide a setter method to be able
to update reuse the instance on multiple signatures. Make sign a parameterless
member call. This solution requires interface changes in botan.
**Suggested workaround** for signing large messages is to not sign the message
itself, but to precompute the message hash manually using Botan::HashFunctio
and sign the message hash instead of the message itself.
- Some of the available test vectors for the XMSS signature verification have
been commented out in order to reduce testbench runtime.
|
| |/
|
|
|
|
|
|
|
|
| |
Add Public_Key::key_length usable for policy checking (as in
TLS::Policy::check_peer_key_acceptable)
Remove Public_Key::max_input_bits because it didn't make much sense
for most algorithms actually.
Remove message_parts and message_part_size from PK_Ops
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
See PR #552
- Add Cipher_Mode::reset() which resets just the message specific state and allows encrypting again under the existing key
- In Cipher_Mode::clear() (at some planes) use cipher->clear() instead of resetting the pointer which would make the cipher object unusable
- EAX_Decryption::output_length() bugfix?! Now its possible to decrypt an empty ciphertext (just a tag)
- Bugfix for GCM_Decryption::finish()
- set tag length in GCM_Mode::name()
- Cipher_Mode tests: add tests for reset()and process()
- AEAD_Mode tests: add tests for reset(), clear(), update() and process()
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
Still not a hard error even in maintainer mode because sometimes
system headers pull in C style casts via macros (eg MAP_FAILED).
But, it not being a hard error makes it easy to backslide.
|
| | |
| |
| |
| | |
Remove old style casts, wrap some very long lines.
|
| | | |
|
| | |
| |
| |
| | |
Only works for GCC and Clang
|
| | |
| |
| |
| | |
Found by Coverity.
|
| | | |
|
| | |
| |
| |
| | |
Also part of Algo_Registry and not needed after #668
|
| |/
|
|
| |
Was used by Algo_Registry lookups, no longer needed after #668
|
| |
|
|
|
| |
Having a runtime endian test to verify against the build setting is
useful.
|
| |
|
|
|
|
| |
DataSource_Stream::peek resets EOF bit after a failed peek
Fixes #657 cert_info infinite loop
|
| | |
|
| |
|
|
|
| |
This allows wait() to be called immediately after sync() returns, even if not
all of the waiting threads have awoken.
|
| |
|
|
|
|
|
|
| |
This commit introduces a concept of a barrier, where all threads must
synchronise before continuing. Threaded Fork uses this to ensure that all
input is consumed by each sink exactly once.
Fixes #695.
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
4096 is the value from FIPS 186-2, FIPS 186-3 uses 4*pbits which
is the obvious extension of the FIPS 186-2 scheme to larger parameter
sizes. Pointed out by @neverhub
Removes support for 512 and 768 bit DSA groups because WTF no.
|
| | | |
|
| |\ \ |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
One additional, application-specific curve can be added
at compile time, using the new
configure.py --house-curve=curve.pem,funky311,1.2.3.4,FEFF.
|
| |\ \ \ |
|
| | | |/
| |/| |
|
| | | | |
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously PKCS11_ECDSA_PrivateKey::check_key failed because no
verification is possible using this key type (does not derive from
public key). Split keypair consistency to allow two key arguments.
ECDSA keypair consistency disabled in the tests still, because
SoftHSMv2 gives mechanism invalid errors. I think this is a SoftHSMv2
issue with the signature mechanism.
Remove no longer used Key_Type typedefs (need to be removed everywhere).
GH #712
|
| |/
|
|
|
| |
Not caught by anything because nothing includes lookup.h except
for the amalgamation build which sucks up everything.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Have the /proc setting in build.h actually control the entropy source
configuration (!)
GH #708
|
| |\ |
|
