aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
* Rename find_constraints() and let it throw instead of returning a combinationRené Korthaus2016-08-194-32/+59
|
* Fix leading zero bytes in DSA, ECDSA, ECGDSA and ECKCDSA signaturesRené Korthaus2016-08-176-16/+26
|
* Fix allowed_usage() and add tests for key usageRené Korthaus2016-08-172-2/+2
|
* Fix GH #425 and run x509 tests with different signature algorithmsRené Korthaus2016-08-175-48/+24
|
* Merge GH #583 Clean up TLS ciphersuite handlingJack Lloyd2016-08-173-696/+193
|\
| * Clean up TLS ciphersuite handlingJack Lloyd2016-08-163-696/+193
| | | | | | | | | | | | | | | | | | | | | | | | Stores ciphersuites in a sorted std::vector, then lookups are done by binary search instead of a switch lookup. The loop that explicitly gathered all the ciphersuites out of the switch statement can then be removed, as can Ciphersuite::all_known_ciphersuite_ids which only existed to make the scan loop faster by avoiding having to call by_id on the entire 0x0000-0xFFFF range. Precomputes the result of Ciphersuite::valid at construction time.
* | Merge GH #581 Threefish-512 AVX2 workJack Lloyd2016-08-171-76/+165
|\ \
| * | Threefish-512 AVX2 optimizationsJack Lloyd2016-08-101-76/+165
| |/ | | | | | | | | | | | | | | | | | | | | Remove loop variable R, instead derive from macro param constant Support 2 block parallel decrypt, improves raw perf from 456 MB/s to 710 MB/s for decrypt. Switch to alternate key schedule for encrypt. Uses 3 ymm registers instead of 9 at the cost of more computation. Not much faster on Skylake, unclear if this is worthwhile.
* | Update info.txtDaniel Neus2016-08-161-2/+1
| |
* | add sha1_sse2 to the TLS module dependenciesDaniel Neus2016-08-151-0/+1
| |
* | restore to original pkcs11.hDaniel Neus2016-08-121-4/+4
| |
* | Headers can be marked as external by using `<header:external>` in info.txt.Daniel Neus2016-08-122-2/+5
|/ | | | | | | These headers are copied/linked into build_dir/include/external This has the advantage that external includes can be taken as they are, they haven't to be modified. Fixes amalgamation build with enabled pkcs#11 module
* Merge GH #570 X509_Certificate APIsJack Lloyd2016-08-103-9/+58
|
* Merge GH #551 Add frp256v1 curveJack Lloyd2016-08-022-0/+12
|\
| * Merge branch 'master' into frp256v1Simon Cogliani2016-07-312-7/+9
| |\
| * \ Merge branch 'master' into frp256v1Simon Cogliani2016-07-305-13/+30
| |\ \
| * | | ANSSI elliptic curve cryptography frp256v1Simon Cogliani2016-07-242-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | - Parameters available here: https://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000024668816 - DER format according to the ANS1 syntax defined in ANSI X9.62 standard available here: http://www.ssi.gouv.fr/agence/publication/publication-dun-parametrage-de-courbe-elliptique-visant-des-applications-de-passeport-electronique-et-de-ladministration-electronique-francaise/
* | | | Merge GH #560Jack Lloyd2016-08-022-0/+8
|\ \ \ \
| * | | | add X509_Time::to_std_timepoint()Daniel Neus2016-07-282-0/+8
| | |/ / | |/| |
* | | | Merge GH #559 PKCS #11 fixesJack Lloyd2016-08-025-1/+3208
|\ \ \ \ | |_|_|/ |/| | |
| * | | include external PKCS#11 headers into botanDaniel Neus2016-07-265-1/+3208
| | | |
* | | | Use stat instead of lstat in get_files_recursive.Jack Lloyd2016-07-301-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Otherwise symlinked files are ignored. GH #565
* | | | Check for __SIZEOF_INT128__ before using TI modeJack Lloyd2016-07-301-6/+8
| |/ / |/| | | | | | | | | | | Otherwise we run into problems on 64-bit CPUs with 32-bit userland. GH #563
* | | Merge GH #556 Add DH negative tests. Fix DH keygen, did not call gen_check ↵Jack Lloyd2016-07-271-1/+8
|\ \ \ | | | | | | | | | | | | due to setting m_x earlier
| * | | fix: load_check() was called instead of gen_check() during DH private key ↵Daniel Neus2016-07-261-1/+8
| |/ / | | | | | | | | | generation
* | | Merge GH #554 Add PKCS #1 v1.5 ID for SHA-512/256 signaturesJack Lloyd2016-07-271-0/+8
|\ \ \
| * | | add SHA-512/256 PKCS#1 hash identifierDaniel Neus2016-07-251-0/+8
| | |/ | |/|
* | | Merge GH #553 EME/pubkey test improvements. Small EME refactor.Jack Lloyd2016-07-272-11/+13
|\ \ \ | |_|/ |/| |
| * | eme / pubkey test improvementsDaniel Neus2016-07-252-11/+13
| |/ | | | | | | | | | | - add test for EME::maximum_input_size() - additionally use maximum_input_size() before pad() in OAEP and PKCS1 (remove code duplication) - prevent C4800 MSVC warning
* / SSE2 had been disabled for testing, missed it on checkin of 6907e196Jack Lloyd2016-07-251-1/+1
|/
* Merge GH #549 MP and SIMD header refactoringJack Lloyd2016-07-2325-2183/+1546
|\
| * Merge asm into single mp_madd.h and mp_asmi.h filesJack Lloyd2016-07-2125-2183/+1546
| | | | | | | | | | | | | | Avoids some cut and paste, also removes the need for special logic in configure.py for handling mp module specially. Merge SIMD classes into a single type SIMD_4x32
* | Merge GH #543 Add RDRAND_RNGJack Lloyd2016-07-215-39/+170
|\ \ | |/ |/|
| * Fix header guard formatJack Lloyd2016-07-201-2/+2
| | | | | | | | | | configure.py expects all header guards to match a specific form, for finding them when generating the amalgamation file.
| * Add RDRAND_RNGJack Lloyd2016-07-195-39/+170
| | | | | | | | | | | | | | | | For those that are willing to trust uninspectible hardware. :) Changes RDRAND entropy source to call RDRAND_RNG Add --rdrand flag to rng cmdlet
* | Merge GH #548 Parallel hash tests, fix memory leakJack Lloyd2016-07-211-1/+1
|\ \
| * | improve parallel hash tests + memory leak fixDaniel Neus2016-07-201-1/+1
| |/ | | | | | | | | | | | | | | | | | | - add one test with SHA-256,SHA-512 - test Parallel::clone() - test Parallel ctor - fix memory leak in Parallel::clone(): Currently Parallel::clone() calls hash->clone() (first heap allocation) and after this clone() calls Parallel(const std::vector<HashFunction*>& in) which does another heap allocation. So its sufficient to pass the hash pointer to the Parallel ctor instead of a clone
* | Merge GH #547 Fix SipHash::clear, more MAC testsJack Lloyd2016-07-211-3/+4
|\ \
| * | fix SipHash::clear() and MAC test improvementsDaniel Neus2016-07-201-3/+4
| |/ | | | | | | | | | | | | | | Fix for SipHash::clear() which does not clear the complete state. Test additions: - add a test for MessageAuthenticationCode::verify_mac() - test MessageAuthenticationCode::clear()
* / Make Stream_Cipher::set_iv() pure virtualRené Korthaus2016-07-205-7/+15
|/ | | | | | | | | | It provided a default implementation that only checked that the length was correct, but ignored the actual data and did not notify the caller, which seemed like a rather odd behaviour. The only implementation that used this default implementation, RC4, now throws an exception.
* Merge GH #541 More ECIES testsJack Lloyd2016-07-191-2/+2
|\
| * add more ECIES testsDaniel Neus2016-07-191-2/+2
| |
* | Compile fixJack Lloyd2016-07-181-1/+1
| |
* | Fix proc_walk - would always return 0 entropy collected.Jack Lloyd2016-07-182-7/+10
| | | | | | | | | | | | Fix BeOS stat reader - was calling wrong function on the rng. Remove entropy estimate defines from build.h, no longer used.
* | Merge GH #520 RNG changesJack Lloyd2016-07-1843-695/+837
|\ \ | |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds Stateful_RNG base class which handles reseeding after some amount of output (configurable at instantiation time, defaults to the build.h value) as well as detecting forks (just using pid comparisons, so still vulnerable to pid wraparound). Implemented by HMAC_RNG and HMAC_DRBG. I did not update X9.31 since its underlying RNG should already be fork safe and handle reseeding at the appropriate time, since a new block is taken from the underlying RNG (for the datetime vector) for each block of output. Adds RNG::randomize_with_input which for most PRNGs is just a call to add_entropy followed by randomize. However for HMAC_DRBG it is used for additional input. Adds tests for HMAC_DRBG with AD from the CAVS file. RNG::add_entropy is implemented by System_RNG now, as both CryptGenRandom and /dev/urandom support receiving application provided data. The AutoSeeded_RNG underlying type is currently selectable in build.h and defaults to HMAC_DRBG(SHA-256). AutoSeeded_RNG provides additional input with each output request, consisting of the current pid, a counter, and timestamp (unless the application explicitly calls randomize_with_input, in which case we just take what they provided). This is the same hedge used in HMAC_RNGs output PRF. AutoSeeded_RNG is part of the base library now and cannot be compiled out. Removes Entropy_Accumulator type (which just served to bridge between the RNG and the entropy source), instead the Entropy_Source is passed a reference to the RNG being reseeded, and it can call add_entropy on whatever it can come up with.
| * Address some review comments from @cordneyJack Lloyd2016-07-179-27/+29
| | | | | | | | | | | | | | | | | | Use consistent naming for the max output before reseed parameter. The constant (default) value is renamed to BOTAN_RNG_DEFAULT_MAX_OUTPUT_BEFORE_RESEED, since without the DEFAULT_ it reads like a compile time maximum instead. Use uint8_t instead of byte.
| * Fix assignmentJack Lloyd2016-07-171-1/+1
| |
| * Revamp entropy pollingJack Lloyd2016-07-1730-377/+294
| | | | | | | | | | Remove Entropy_Accumulator, instead have entropy sources directly add entropy to the RNG.
| * Move poll logic to Entropy_SourcesJack Lloyd2016-07-173-18/+27
| |
| * Add Stateful_RNGJack Lloyd2016-07-1713-170/+199
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Handles fork checking for HMAC_RNG and HMAC_DRBG AutoSeeded_RNG change - switch to HMAC_DRBG as default. Start removing the io buffer from entropy poller. Update default RNG poll bits to 256. Fix McEliece test, was using wrong RNG API. Update docs.