aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
* Allow x509 module to be optional for FFIJack Lloyd2018-08-103-19/+103
|
* Fix GCM bug: would accept AD without keyed if AD was emptyJack Lloyd2018-08-091-2/+2
|
* Add Tweakable_Block_Cipher classJack Lloyd2018-08-092-6/+23
|
* Remove functions from Cipher_Mode now inherited from base classJack Lloyd2018-08-091-44/+0
|
* Add StreamCipher::write_keystreamJack Lloyd2018-08-085-7/+37
| | | | | Avoids the XOR operation. Only implemented for ChaCha20 currently, everything else defaults to memset-to-zero + xor-cipher
* Remove unnecessary accessors for Threefish-512Jack Lloyd2018-08-082-6/+4
|
* Mark some members of Block_Cipher_Fixed_Params as finalJack Lloyd2018-08-081-4/+4
|
* De-inline functions from stream cipher headersJack Lloyd2018-08-0812-52/+127
|
* Add StreamCipher::default_iv_lengthJack Lloyd2018-08-088-11/+26
|
* Add support for XChaCha20Poly1305Jack Lloyd2018-08-073-5/+6
|
* Add support for XChaChaJack Lloyd2018-08-073-41/+126
|
* Fix a bug in XSalsa20Jack Lloyd2018-08-072-19/+43
| | | | | | | | If you called set_key, then set_iv, then set_iv again without having previously reset the key, you would end up with a garbled state buffer that depended on the value of the first IV. This only affected 192-bit Salsa nonces, not other sizes.
* Avoid crash in ChaCha20+Salsa if set_iv called without a key setJack Lloyd2018-08-072-0/+4
|
* Fix OpenSSL modesJack Lloyd2018-08-051-1/+12
|
* Fix crashes when modes were used unkeyed.Jack Lloyd2018-08-057-26/+36
| | | | Fix crashes in OCB, GCM and CFB when called without a key being set.
* Use codec_base for Base64 encodingWambou2018-08-042-158/+153
|
* Accept PKCS1v15 as an alias for EMSA3Jack Lloyd2018-08-022-4/+5
| | | | Not sure why it didn't have this already
* Format nitJack Lloyd2018-08-021-1/+1
|
* Clarify comment on botan_privkey_loadJack Lloyd2018-08-021-1/+1
|
* Merge GH #1637 Merge SM2 signature and ECIES key typesJack Lloyd2018-08-029-190/+79
|\
| * Combine SM2 key types for signatures and encryptionJack Lloyd2018-08-019-190/+79
| | | | | | | | | | | | It seems in practice the same key may be end up used for both operations, so maintaining a distinction at the type level just complicates things.
* | Avoid requirement to set rng in botan_privkey_loadJack Lloyd2018-08-012-7/+9
|/
* Add OID for HMAC with SHA-512/256Jack Lloyd2018-08-011-1/+3
|
* Add Lucas test from FIPS 186-4Jack Lloyd2018-07-3112-147/+406
| | | | | | | | | | This eliminates an issue identified in the paper "Prime and Prejudice: Primality Testing Under Adversarial Conditions" by Albrecht, Massimo, Paterson and Somorovsky where DL_Group::verify_group with strong=false would accept a composite q with probability 1/4096, which is exactly as the error bound is documented, but still unfortunate.
* Fix Doxygen comments for AutoSeeded_RNG [ci skip]Jack Lloyd2018-07-311-3/+7
|
* Ensure values are fully reduced during ECDSA signatureJack Lloyd2018-07-301-3/+3
| | | | | It was possible that the Barrett reduction code would fall back to standard division due to getting an input that was >= order^2.
* Support calling Whirlpool in OpenSSLJack Lloyd2018-07-261-0/+5
| | | | Available since 1.0.0, not sure how this was missed.
* GHASH - use explicit function to check for key being setJack Lloyd2018-07-251-1/+1
|
* Add OID for SM2 with SM3 signaturesJack Lloyd2018-07-241-1/+3
|
* Add include for getenvJack Lloyd2018-07-241-0/+1
|
* Only print FFI exceptions to stdout if an env var is setJack Lloyd2018-07-241-1/+4
| | | | So debugging is possible but default is silent.
* Add botan_mac_query_keylenJack Lloyd2018-07-242-1/+28
|
* Add botan_block_cipher_query_keylen plus some new FFI error codesJack Lloyd2018-07-244-5/+49
|
* Use Alloc templates instead of overriding for specific vector typesJack Lloyd2018-07-241-16/+16
|
* Fix bad assert in Goppa decodingJack Lloyd2018-07-241-3/+4
|
* Require SM2 ciphertexts be DER encodedJack Lloyd2018-07-241-2/+18
| | | | | | | Previously SM2 test would fail about 1 in a thousand times because we would corrupt the ciphertext such that the BER was still valid; it would change the length field to an indefinite length marker, which still decoded correctly.
* In ECC private key encoding, include the optional public key fieldJack Lloyd2018-07-231-2/+4
| | | | Otherwise GnuTLS refuses to parse the private key. Fixes #1634
* Merge GH #1628 In ECDSA verify, handle error seen with LibreSSL on non-x86Jack Lloyd2018-07-201-7/+16
|\
| * Handle another possible OpenSSL error only seen on non-x86_64Jack Lloyd2018-07-171-7/+16
| | | | | | | | GH #1627
* | Add FFI funcs to get algo name from cipher, MAC and hash objsJack Lloyd2018-07-196-10/+73
| |
* | Specialize code for BigInt right shift by 1Jack Lloyd2018-07-191-0/+22
| | | | | | | | | | Improves ECDSA by 2-3% due to improving the const time modular inversion algorithm (used for the mod-order inversions).
* | Fix error in CCM when L=8Jack Lloyd2018-07-182-6/+7
| | | | | | | | GH #1631
* | Support salts other than exactly 16 bytes for Blowfish key setupJack Lloyd2018-07-184-36/+59
| | | | | | | | | | | | Bcrypt only needs 16 byte salts but unfortunately Bcrypt-PBKDF is defined to use 64 byte salts instead. So extend support to handle any salt that is a multiple of 4 bytes.
* | Correct comment on Hardware_RNGJack Lloyd2018-07-171-2/+1
|/
* Update password hashing default settingsJack Lloyd2018-07-133-3/+5
| | | | | | | | Bcrypt work factor 10 is looking pretty low these days, as is 100K iterations of PBKDF2. Increase bcrypt to 12 and PBKDF2 to 150K, and also transition passhash9 to using SHA-512 instead of SHA-256. Also document bcrypt better, and add speed tests for bcrypt and passhash9
* Remove RC2 related OIDsJack Lloyd2018-07-131-5/+1
| | | | Since RC2 has been removed since 1c0bc3cc6b no reason to have these around.
* Bump the FFI versionJack Lloyd2018-07-132-2/+6
| | | | New FFI features added in #1621 and #1625
* Correct a comment in Camellia code, and align the 256 byte tableJack Lloyd2018-07-131-1/+3
|
* Unroll SM4 encryption/decryption by 2Jack Lloyd2018-07-131-23/+105
| | | | Interleaving operations improves SM4/CTR from 26 cpb to 18 cpb
* Add FPE1 to C APIJack Lloyd2018-07-133-1/+114
| | | | GH #1612