Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Allow x509 module to be optional for FFI | Jack Lloyd | 2018-08-10 | 3 | -19/+103 |
| | |||||
* | Fix GCM bug: would accept AD without keyed if AD was empty | Jack Lloyd | 2018-08-09 | 1 | -2/+2 |
| | |||||
* | Add Tweakable_Block_Cipher class | Jack Lloyd | 2018-08-09 | 2 | -6/+23 |
| | |||||
* | Remove functions from Cipher_Mode now inherited from base class | Jack Lloyd | 2018-08-09 | 1 | -44/+0 |
| | |||||
* | Add StreamCipher::write_keystream | Jack Lloyd | 2018-08-08 | 5 | -7/+37 |
| | | | | | Avoids the XOR operation. Only implemented for ChaCha20 currently, everything else defaults to memset-to-zero + xor-cipher | ||||
* | Remove unnecessary accessors for Threefish-512 | Jack Lloyd | 2018-08-08 | 2 | -6/+4 |
| | |||||
* | Mark some members of Block_Cipher_Fixed_Params as final | Jack Lloyd | 2018-08-08 | 1 | -4/+4 |
| | |||||
* | De-inline functions from stream cipher headers | Jack Lloyd | 2018-08-08 | 12 | -52/+127 |
| | |||||
* | Add StreamCipher::default_iv_length | Jack Lloyd | 2018-08-08 | 8 | -11/+26 |
| | |||||
* | Add support for XChaCha20Poly1305 | Jack Lloyd | 2018-08-07 | 3 | -5/+6 |
| | |||||
* | Add support for XChaCha | Jack Lloyd | 2018-08-07 | 3 | -41/+126 |
| | |||||
* | Fix a bug in XSalsa20 | Jack Lloyd | 2018-08-07 | 2 | -19/+43 |
| | | | | | | | | If you called set_key, then set_iv, then set_iv again without having previously reset the key, you would end up with a garbled state buffer that depended on the value of the first IV. This only affected 192-bit Salsa nonces, not other sizes. | ||||
* | Avoid crash in ChaCha20+Salsa if set_iv called without a key set | Jack Lloyd | 2018-08-07 | 2 | -0/+4 |
| | |||||
* | Fix OpenSSL modes | Jack Lloyd | 2018-08-05 | 1 | -1/+12 |
| | |||||
* | Fix crashes when modes were used unkeyed. | Jack Lloyd | 2018-08-05 | 7 | -26/+36 |
| | | | | Fix crashes in OCB, GCM and CFB when called without a key being set. | ||||
* | Use codec_base for Base64 encoding | Wambou | 2018-08-04 | 2 | -158/+153 |
| | |||||
* | Accept PKCS1v15 as an alias for EMSA3 | Jack Lloyd | 2018-08-02 | 2 | -4/+5 |
| | | | | Not sure why it didn't have this already | ||||
* | Format nit | Jack Lloyd | 2018-08-02 | 1 | -1/+1 |
| | |||||
* | Clarify comment on botan_privkey_load | Jack Lloyd | 2018-08-02 | 1 | -1/+1 |
| | |||||
* | Merge GH #1637 Merge SM2 signature and ECIES key types | Jack Lloyd | 2018-08-02 | 9 | -190/+79 |
|\ | |||||
| * | Combine SM2 key types for signatures and encryption | Jack Lloyd | 2018-08-01 | 9 | -190/+79 |
| | | | | | | | | | | | | It seems in practice the same key may be end up used for both operations, so maintaining a distinction at the type level just complicates things. | ||||
* | | Avoid requirement to set rng in botan_privkey_load | Jack Lloyd | 2018-08-01 | 2 | -7/+9 |
|/ | |||||
* | Add OID for HMAC with SHA-512/256 | Jack Lloyd | 2018-08-01 | 1 | -1/+3 |
| | |||||
* | Add Lucas test from FIPS 186-4 | Jack Lloyd | 2018-07-31 | 12 | -147/+406 |
| | | | | | | | | | | This eliminates an issue identified in the paper "Prime and Prejudice: Primality Testing Under Adversarial Conditions" by Albrecht, Massimo, Paterson and Somorovsky where DL_Group::verify_group with strong=false would accept a composite q with probability 1/4096, which is exactly as the error bound is documented, but still unfortunate. | ||||
* | Fix Doxygen comments for AutoSeeded_RNG [ci skip] | Jack Lloyd | 2018-07-31 | 1 | -3/+7 |
| | |||||
* | Ensure values are fully reduced during ECDSA signature | Jack Lloyd | 2018-07-30 | 1 | -3/+3 |
| | | | | | It was possible that the Barrett reduction code would fall back to standard division due to getting an input that was >= order^2. | ||||
* | Support calling Whirlpool in OpenSSL | Jack Lloyd | 2018-07-26 | 1 | -0/+5 |
| | | | | Available since 1.0.0, not sure how this was missed. | ||||
* | GHASH - use explicit function to check for key being set | Jack Lloyd | 2018-07-25 | 1 | -1/+1 |
| | |||||
* | Add OID for SM2 with SM3 signatures | Jack Lloyd | 2018-07-24 | 1 | -1/+3 |
| | |||||
* | Add include for getenv | Jack Lloyd | 2018-07-24 | 1 | -0/+1 |
| | |||||
* | Only print FFI exceptions to stdout if an env var is set | Jack Lloyd | 2018-07-24 | 1 | -1/+4 |
| | | | | So debugging is possible but default is silent. | ||||
* | Add botan_mac_query_keylen | Jack Lloyd | 2018-07-24 | 2 | -1/+28 |
| | |||||
* | Add botan_block_cipher_query_keylen plus some new FFI error codes | Jack Lloyd | 2018-07-24 | 4 | -5/+49 |
| | |||||
* | Use Alloc templates instead of overriding for specific vector types | Jack Lloyd | 2018-07-24 | 1 | -16/+16 |
| | |||||
* | Fix bad assert in Goppa decoding | Jack Lloyd | 2018-07-24 | 1 | -3/+4 |
| | |||||
* | Require SM2 ciphertexts be DER encoded | Jack Lloyd | 2018-07-24 | 1 | -2/+18 |
| | | | | | | | Previously SM2 test would fail about 1 in a thousand times because we would corrupt the ciphertext such that the BER was still valid; it would change the length field to an indefinite length marker, which still decoded correctly. | ||||
* | In ECC private key encoding, include the optional public key field | Jack Lloyd | 2018-07-23 | 1 | -2/+4 |
| | | | | Otherwise GnuTLS refuses to parse the private key. Fixes #1634 | ||||
* | Merge GH #1628 In ECDSA verify, handle error seen with LibreSSL on non-x86 | Jack Lloyd | 2018-07-20 | 1 | -7/+16 |
|\ | |||||
| * | Handle another possible OpenSSL error only seen on non-x86_64 | Jack Lloyd | 2018-07-17 | 1 | -7/+16 |
| | | | | | | | | GH #1627 | ||||
* | | Add FFI funcs to get algo name from cipher, MAC and hash objs | Jack Lloyd | 2018-07-19 | 6 | -10/+73 |
| | | |||||
* | | Specialize code for BigInt right shift by 1 | Jack Lloyd | 2018-07-19 | 1 | -0/+22 |
| | | | | | | | | | | Improves ECDSA by 2-3% due to improving the const time modular inversion algorithm (used for the mod-order inversions). | ||||
* | | Fix error in CCM when L=8 | Jack Lloyd | 2018-07-18 | 2 | -6/+7 |
| | | | | | | | | GH #1631 | ||||
* | | Support salts other than exactly 16 bytes for Blowfish key setup | Jack Lloyd | 2018-07-18 | 4 | -36/+59 |
| | | | | | | | | | | | | Bcrypt only needs 16 byte salts but unfortunately Bcrypt-PBKDF is defined to use 64 byte salts instead. So extend support to handle any salt that is a multiple of 4 bytes. | ||||
* | | Correct comment on Hardware_RNG | Jack Lloyd | 2018-07-17 | 1 | -2/+1 |
|/ | |||||
* | Update password hashing default settings | Jack Lloyd | 2018-07-13 | 3 | -3/+5 |
| | | | | | | | | Bcrypt work factor 10 is looking pretty low these days, as is 100K iterations of PBKDF2. Increase bcrypt to 12 and PBKDF2 to 150K, and also transition passhash9 to using SHA-512 instead of SHA-256. Also document bcrypt better, and add speed tests for bcrypt and passhash9 | ||||
* | Remove RC2 related OIDs | Jack Lloyd | 2018-07-13 | 1 | -5/+1 |
| | | | | Since RC2 has been removed since 1c0bc3cc6b no reason to have these around. | ||||
* | Bump the FFI version | Jack Lloyd | 2018-07-13 | 2 | -2/+6 |
| | | | | New FFI features added in #1621 and #1625 | ||||
* | Correct a comment in Camellia code, and align the 256 byte table | Jack Lloyd | 2018-07-13 | 1 | -1/+3 |
| | |||||
* | Unroll SM4 encryption/decryption by 2 | Jack Lloyd | 2018-07-13 | 1 | -23/+105 |
| | | | | Interleaving operations improves SM4/CTR from 26 cpb to 18 cpb | ||||
* | Add FPE1 to C API | Jack Lloyd | 2018-07-13 | 3 | -1/+114 |
| | | | | GH #1612 |