aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
* Add OIDs for SHA-3 and SHA-3 signature algorithmsJack Lloyd2016-11-171-1/+47
| | | | | Also CCM OIDS, and SHA-384/SHA-512 DSA OIDs. All from NIST: http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html
* Merge GH #727 Tests for KDF::nameJack Lloyd2016-11-161-1/+1
|\
| * Add a test for KDF::name()René Korthaus2016-11-151-1/+1
| | | | | | | | | | | | This required fixing some test vectors that previously omitted the MAC, defaulting to HMAC, that used the SHA-1 alias to SHA-160, and fixing X942_PRF::name().
* | Fix incompatability with (some) common TLS stackJack Lloyd2016-11-164-15/+26
| | | | | | | | | | | | | | | | Several sites including oracle.com seem to send extension 11 (point format) even if we (the client) did not send it. Then the handshake fails. To workaround this problem, simply always send this extension as the client, instead of only sending it if we wished to support compressed points.
* | Add new TLS callback for when session is activatedJack Lloyd2016-11-162-0/+8
|/ | | | | | The current session established cb happens before the session is activated, so it is not possible to send application data in response to the connection being made.
* Merge GH #724 Add ESP (IPsec) CBC padding modeJack Lloyd2016-11-152-1/+66
|\
| * Update ISO standard for OneAndZeros_PaddingRené Korthaus2016-11-151-1/+1
| |
| * Check all padding bytes in ESP_Padding::unpad()René Korthaus2016-11-151-4/+9
| |
| * Check all ESP padding bytes during unpadRené Korthaus2016-11-141-12/+11
| |
| * Add ESP block cipher padding from RFC 4303René Korthaus2016-11-142-1/+62
| | | | | | | | | | ESP padding is one of the recommended padding methods from BSI-TR-02102-1.
* | Add test vectors for HKDF-Expand and HKDF-ExtractRené Korthaus2016-11-151-2/+2
| |
* | Add full HKDF implementationRené Korthaus2016-11-123-8/+108
|/ | | | | | | | | | Adds the full HKDF as class HKDF, renames the existing HKDF, which only implemented the expansion step, to HKDF_Expand and adds the extraction step as HKDF_Extract. The latter two are usually only used seperately in protocols such as TLS. A normal user would go for the full HKDF.
* Remove unused Key_Type typedefsJack Lloyd2016-11-122-4/+0
| | | | [ci skip]
* Fixes for XMSS wrt 9c72dabc9Jack Lloyd2016-11-125-31/+6
|
* Merge GH #717 Add XMSS signaturesJack Lloyd2016-11-1232-1/+4060
|\
| * Implements changes from XMSS reviewMatthias Gierlings2016-11-1113-82/+18
| | | | | | | | | | | | | | | | | | - Removes custom XMSS_Hash assignment operator. - Changes mutex type used in XMSS_Index_Registryfrom std::mutex to Botan::mutex_type, changes lock_guard accordingly. - Removes singleton and endianess detection from XMSS_Tools, changes XMSS_Tools::concat() to be a static method. - XMSS/XMSS_WOTS check_key() now always returns true.
| * Added Extended Hash-Based Signatures (XMSS)Matthias Gierlings2016-11-1133-1/+4124
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [1] XMSS: Extended Hash-Based Signatures, draft-itrf-cfrg-xmss-hash-based-signatures-06 Release: July 2016. https://datatracker.ietf.org/doc/ draft-irtf-cfrg-xmss-hash-based-signatures/?include_text=1 Provides XMSS_PublicKey and XMSS_PrivateKey classes as well as implementations for the Botan interfaces PK_Ops::Signature and PK_Ops::Verification. XMSS has been integrated into the Botan test bench, signature generation and verification can be tested independently by invoking "botan-test xmss_sign" and "botan-test xmss_verify" - Some headers that are not required to be exposed to users of the library have to be declared as public in `info.txt`. Declaring those headers private will cause the amalgamation build to fail. The following headers have been declared public inside `info.txt`, even though they are only intended for internal use: * atomic.h * xmss_hash.h * xmss_index_registry.h * xmss_address.h * xmss_common_ops.h * xmss_tools.h * xmss_wots_parameters.h * xmss_wots_privatekey.h * xmss_wots_publickey.h - XMSS_Verification_Operation Requires the "randomness" parameter out of the XMSS signature. "Randomness" is part of the prefix that is hashed *before* the message. Since the signature is unknown till sign() is called, all message content has to be buffered. For large messages this can be inconvenient or impossible. **Possible solution**: Change PK_Ops::Verification interface to take the signature as constructor argument, and provide a setter method to be able to update reuse the instance on multiple signatures. Make sign a parameterless member call. This solution requires interface changes in botan. **Suggested workaround** for signing large messages is to not sign the message itself, but to precompute the message hash manually using Botan::HashFunctio and sign the message hash instead of the message itself. - Some of the available test vectors for the XMSS signature verification have been commented out in order to reduce testbench runtime.
* | Pubkey cleanupsJack Lloyd2016-11-1243-290/+134
|/ | | | | | | | | | Add Public_Key::key_length usable for policy checking (as in TLS::Policy::check_peer_key_acceptable) Remove Public_Key::max_input_bits because it didn't make much sense for most algorithms actually. Remove message_parts and message_part_size from PK_Ops
* Merge GH #552 Add Cipher_Mode::reset, better AEAD testsJack Lloyd2016-11-1024-19/+178
|\
| * Cipher_Mode and AEAD_Mode improvementsDaniel Neus2016-11-0824-19/+178
| | | | | | | | | | | | | | | | | | | | | | | | See PR #552 - Add Cipher_Mode::reset() which resets just the message specific state and allows encrypting again under the existing key - In Cipher_Mode::clear() (at some planes) use cipher->clear() instead of resetting the pointer which would make the cipher object unusable - EAX_Decryption::output_length() bugfix?! Now its possible to decrypt an empty ciphertext (just a tag) - Bugfix for GCM_Decryption::finish() - set tag length in GCM_Mode::name() - Cipher_Mode tests: add tests for reset()and process() - AEAD_Mode tests: add tests for reset(), clear(), update() and process()
* | Add SHAKE-128 and SHAKE-256 as hash functionsJack Lloyd2016-11-1010-86/+290
| |
* | Remove remaining old style casts.Jack Lloyd2016-11-091-1/+1
| | | | | | | | | | | | Still not a hard error even in maintainer mode because sometimes system headers pull in C style casts via macros (eg MAP_FAILED). But, it not being a hard error makes it easy to backslide.
* | NewHope cleanupJack Lloyd2016-11-091-63/+300
| | | | | | | | Remove old style casts, wrap some very long lines.
* | Check missing Pipe::read return valuesJack Lloyd2016-11-092-6/+12
| |
* | Add BOTAN_WARN_UNUSED_RESULT macroJack Lloyd2016-11-092-13/+13
| | | | | | | | Only works for GCC and Clang
* | Assert expected EOF from readJack Lloyd2016-11-091-1/+1
| | | | | | | | Found by Coverity.
* | Correct comment [ci skip]Jack Lloyd2016-11-081-1/+1
| |
* | Remove Key_Type typedefsJack Lloyd2016-11-0814-32/+0
| | | | | | | | Also part of Algo_Registry and not needed after #668
* | Remove Spec typedef from pk_opsJack Lloyd2016-11-081-35/+0
|/ | | | Was used by Algo_Registry lookups, no longer needed after #668
* Add CPUID::is_little_endianJack Lloyd2016-11-072-0/+35
| | | | | Having a runtime endian test to verify against the build setting is useful.
* If peek fails, force EOF with a readJack Lloyd2016-11-071-0/+3
| | | | | | DataSource_Stream::peek resets EOF bit after a failed peek Fixes #657 cert_info infinite loop
* Update Doxygen comment [ci skip]Jack Lloyd2016-11-061-1/+0
|
* Keep track of the number of synchronisations achievedJoel Low2016-11-062-3/+11
| | | | | This allows wait() to be called immediately after sync() returns, even if not all of the waiting threads have awoken.
* Implement barriers for Threaded ForkJoel Low2016-11-064-11/+84
| | | | | | | | This commit introduces a concept of a barrier, where all threads must synchronise before continuing. Threaded Fork uses this to ensure that all input is consumed by each sink exactly once. Fixes #695.
* Merge GH #709 Fix DSA param gen for FIPS 186-3Jack Lloyd2016-11-051-5/+3
|\
| * Fix DSA parameter generation to use the correct loop bound.Jack Lloyd2016-11-031-5/+3
| | | | | | | | | | | | | | | | 4096 is the value from FIPS 186-2, FIPS 186-3 uses 4*pbits which is the obvious extension of the FIPS 186-2 scheme to larger parameter sizes. Pointed out by @neverhub Removes support for 512 and 768 bit DSA groups because WTF no.
* | Avoid bogus include with compression disabledJack Lloyd2016-11-041-1/+4
| |
* | Merge GH #710 Allow custom EC curve to be specified at build timeJack Lloyd2016-11-043-1/+26
|\ \
| * | Change oids.py and regenerate oids.cppRené Korthaus2016-11-031-1/+1
| | |
| * | Add an in-house EC curve for TLS at compile-timeRené Korthaus2016-11-033-0/+25
| | | | | | | | | | | | | | | | | | One additional, application-specific curve can be added at compile time, using the new configure.py --house-curve=curve.pem,funky311,1.2.3.4,FEFF.
* | | Merge GH #714 Use pk_ops_fwd headerJack Lloyd2016-11-041-12/+1
|\ \ \
| * | | use "forward declare header" pk_ops_fwd.h instead of self forward declaring themDaniel Neus2016-11-041-12/+1
| | |/ | |/|
* | | Don't require compression in filter codeJack Lloyd2016-11-043-1/+8
| | |
* | | Fix PKCS11 test errorJack Lloyd2016-11-044-19/+54
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | Previously PKCS11_ECDSA_PrivateKey::check_key failed because no verification is possible using this key type (does not derive from public key). Split keypair consistency to allow two key arguments. ECDSA keypair consistency disabled in the tests still, because SoftHSMv2 gives mechanism invalid errors. I think this is a SoftHSMv2 issue with the signature mechanism. Remove no longer used Key_Type typedefs (need to be removed everywhere). GH #712
* / Fix bogus codeJack Lloyd2016-11-031-2/+2
|/ | | | | Not caught by anything because nothing includes lookup.h except for the amalgamation build which sucks up everything.
* Compile fixJack Lloyd2016-11-031-1/+1
|
* Simplify some code by using T::create_or_throwJack Lloyd2016-11-0310-75/+26
|
* Remove unused values from build.hJack Lloyd2016-11-031-1/+3
| | | | | | | Have the /proc setting in build.h actually control the entropy source configuration (!) GH #708
* Merge GH #706 Remove ability to add OIDs at runtime. Remove OID lockJack Lloyd2016-11-0311-451/+347
|\
| * Remove ability to add OIDS at runtime. Remove global OID lock.Jack Lloyd2016-11-0311-451/+347
| | | | | | | | | | | | | | | | | | | | | | OID map is now generated from an input file on an as needed basis. Just uses a sequence of ifs - simple, fast, and small code size. Merges oid_lookup sub-module which was already required by asn1 anyway, so completely non-optional. Removes @neusdan's nice OID tests since without any runtime adds the tests are moot.