Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Combine SM2 key types for signatures and encryption | Jack Lloyd | 2018-08-01 | 9 | -190/+79 |
| | | | | | | It seems in practice the same key may be end up used for both operations, so maintaining a distinction at the type level just complicates things. | ||||
* | Add OID for HMAC with SHA-512/256 | Jack Lloyd | 2018-08-01 | 1 | -1/+3 |
| | |||||
* | Add Lucas test from FIPS 186-4 | Jack Lloyd | 2018-07-31 | 12 | -147/+406 |
| | | | | | | | | | | This eliminates an issue identified in the paper "Prime and Prejudice: Primality Testing Under Adversarial Conditions" by Albrecht, Massimo, Paterson and Somorovsky where DL_Group::verify_group with strong=false would accept a composite q with probability 1/4096, which is exactly as the error bound is documented, but still unfortunate. | ||||
* | Fix Doxygen comments for AutoSeeded_RNG [ci skip] | Jack Lloyd | 2018-07-31 | 1 | -3/+7 |
| | |||||
* | Ensure values are fully reduced during ECDSA signature | Jack Lloyd | 2018-07-30 | 1 | -3/+3 |
| | | | | | It was possible that the Barrett reduction code would fall back to standard division due to getting an input that was >= order^2. | ||||
* | Support calling Whirlpool in OpenSSL | Jack Lloyd | 2018-07-26 | 1 | -0/+5 |
| | | | | Available since 1.0.0, not sure how this was missed. | ||||
* | GHASH - use explicit function to check for key being set | Jack Lloyd | 2018-07-25 | 1 | -1/+1 |
| | |||||
* | Add OID for SM2 with SM3 signatures | Jack Lloyd | 2018-07-24 | 1 | -1/+3 |
| | |||||
* | Add include for getenv | Jack Lloyd | 2018-07-24 | 1 | -0/+1 |
| | |||||
* | Only print FFI exceptions to stdout if an env var is set | Jack Lloyd | 2018-07-24 | 1 | -1/+4 |
| | | | | So debugging is possible but default is silent. | ||||
* | Add botan_mac_query_keylen | Jack Lloyd | 2018-07-24 | 2 | -1/+28 |
| | |||||
* | Add botan_block_cipher_query_keylen plus some new FFI error codes | Jack Lloyd | 2018-07-24 | 4 | -5/+49 |
| | |||||
* | Use Alloc templates instead of overriding for specific vector types | Jack Lloyd | 2018-07-24 | 1 | -16/+16 |
| | |||||
* | Fix bad assert in Goppa decoding | Jack Lloyd | 2018-07-24 | 1 | -3/+4 |
| | |||||
* | Require SM2 ciphertexts be DER encoded | Jack Lloyd | 2018-07-24 | 1 | -2/+18 |
| | | | | | | | Previously SM2 test would fail about 1 in a thousand times because we would corrupt the ciphertext such that the BER was still valid; it would change the length field to an indefinite length marker, which still decoded correctly. | ||||
* | In ECC private key encoding, include the optional public key field | Jack Lloyd | 2018-07-23 | 1 | -2/+4 |
| | | | | Otherwise GnuTLS refuses to parse the private key. Fixes #1634 | ||||
* | Merge GH #1628 In ECDSA verify, handle error seen with LibreSSL on non-x86 | Jack Lloyd | 2018-07-20 | 1 | -7/+16 |
|\ | |||||
| * | Handle another possible OpenSSL error only seen on non-x86_64 | Jack Lloyd | 2018-07-17 | 1 | -7/+16 |
| | | | | | | | | GH #1627 | ||||
* | | Add FFI funcs to get algo name from cipher, MAC and hash objs | Jack Lloyd | 2018-07-19 | 6 | -10/+73 |
| | | |||||
* | | Specialize code for BigInt right shift by 1 | Jack Lloyd | 2018-07-19 | 1 | -0/+22 |
| | | | | | | | | | | Improves ECDSA by 2-3% due to improving the const time modular inversion algorithm (used for the mod-order inversions). | ||||
* | | Fix error in CCM when L=8 | Jack Lloyd | 2018-07-18 | 2 | -6/+7 |
| | | | | | | | | GH #1631 | ||||
* | | Support salts other than exactly 16 bytes for Blowfish key setup | Jack Lloyd | 2018-07-18 | 4 | -36/+59 |
| | | | | | | | | | | | | Bcrypt only needs 16 byte salts but unfortunately Bcrypt-PBKDF is defined to use 64 byte salts instead. So extend support to handle any salt that is a multiple of 4 bytes. | ||||
* | | Correct comment on Hardware_RNG | Jack Lloyd | 2018-07-17 | 1 | -2/+1 |
|/ | |||||
* | Update password hashing default settings | Jack Lloyd | 2018-07-13 | 3 | -3/+5 |
| | | | | | | | | Bcrypt work factor 10 is looking pretty low these days, as is 100K iterations of PBKDF2. Increase bcrypt to 12 and PBKDF2 to 150K, and also transition passhash9 to using SHA-512 instead of SHA-256. Also document bcrypt better, and add speed tests for bcrypt and passhash9 | ||||
* | Remove RC2 related OIDs | Jack Lloyd | 2018-07-13 | 1 | -5/+1 |
| | | | | Since RC2 has been removed since 1c0bc3cc6b no reason to have these around. | ||||
* | Bump the FFI version | Jack Lloyd | 2018-07-13 | 2 | -2/+6 |
| | | | | New FFI features added in #1621 and #1625 | ||||
* | Correct a comment in Camellia code, and align the 256 byte table | Jack Lloyd | 2018-07-13 | 1 | -1/+3 |
| | |||||
* | Unroll SM4 encryption/decryption by 2 | Jack Lloyd | 2018-07-13 | 1 | -23/+105 |
| | | | | Interleaving operations improves SM4/CTR from 26 cpb to 18 cpb | ||||
* | Add FPE1 to C API | Jack Lloyd | 2018-07-13 | 3 | -1/+114 |
| | | | | GH #1612 | ||||
* | Make use of AlgorithmIdentifier::USE_EMPTY_PARAM | Jack Lloyd | 2018-07-10 | 3 | -9/+3 |
| | |||||
* | Fix ARMv7 build | Jack Lloyd | 2018-07-09 | 1 | -0/+3 |
| | | | | These hwcaps dont exist in 32-bit mode | ||||
* | Add support for ARMv8 SM4 instructions | Jack Lloyd | 2018-07-09 | 7 | -5/+291 |
| | | | | Tested in qemu | ||||
* | Prefetch AES tables during the key schedule | Jack Lloyd | 2018-07-06 | 1 | -8/+27 |
| | | | | | | | | Also prefetch SD during decryption since both TD and SD are used there. Need for prefetch in the key schedule identified in the paper "Eliminating Timing Side-Channel Leaks using Program Repair" by Guo, Schaumont, Wang | ||||
* | Document new flag for setting bcrypt version [ci skip] | Jack Lloyd | 2018-07-05 | 1 | -1/+1 |
| | |||||
* | Small post-merge fixups of #1621 | Jack Lloyd | 2018-07-04 | 3 | -20/+20 |
| | | | | | | | Formatting, and fix the API revision annotations Adds pem as explicit dependency to FFI; already pubkey pulls it in but good to be explicit. | ||||
* | Merge GH #1621 Add PKCS#1 RSA load/store funcs to FFI | Jack Lloyd | 2018-07-04 | 2 | -0/+57 |
|\ | |||||
| * | Add RSA PKCS#1 key load and export functions to ffi | René Korthaus | 2018-07-04 | 2 | -0/+57 |
| | | |||||
* | | Add a couple of OIDs commonly seen in certificates | Jack Lloyd | 2018-07-04 | 1 | -1/+5 |
|/ | |||||
* | Correct Doxygen errors | Jack Lloyd | 2018-07-02 | 3 | -6/+5 |
| | |||||
* | Add OID for ChaCha20Poly1305 | Jack Lloyd | 2018-07-01 | 1 | -1/+3 |
| | | | | From RFC 8103 | ||||
* | Rename Threefish-512 AVX2 file | Jack Lloyd | 2018-06-30 | 1 | -0/+0 |
| | |||||
* | Support bcrypt 2b and 2y | Jack Lloyd | 2018-06-29 | 2 | -12/+36 |
| | | | | | | | Continue to default to 2a since older versions don't know about 2b. Both 2b and 2y are identical to our implementation of 2a since we never implemented the relevant bugs which necessitated the new formats. | ||||
* | Fix handling of SHA instructions in tests | Jack Lloyd | 2018-06-29 | 1 | -0/+2 |
| | |||||
* | Check arguments to BigInt::random_integer | Jack Lloyd | 2018-06-29 | 2 | -2/+5 |
| | |||||
* | Fix Coverity false positive | Jack Lloyd | 2018-06-29 | 1 | -0/+2 |
| | | | | It thinks a divide by zero can happen here | ||||
* | Fix some -Wshadow warnings | Jack Lloyd | 2018-06-29 | 2 | -6/+5 |
| | |||||
* | Move reduction mod q to DL_Group | Jack Lloyd | 2018-06-28 | 4 | -31/+118 |
| | | | | | Avoids computing Barrett params many times and gives option for more optimizations in future. | ||||
* | Expose reduction mod p in CurveGFp | Jack Lloyd | 2018-06-28 | 3 | -16/+28 |
| | | | | This is slightly slower for Brainpool, but NIST curves are 5% faster. | ||||
* | Correct computing of discriminant in EC_Group::verify_group | Jack Lloyd | 2018-06-27 | 1 | -16/+34 |
| | | | | It was checking 4*a+27*b instead of 4*a^3 + 27*b^2 | ||||
* | Prohibit empty nonces with GCM | Jack Lloyd | 2018-06-27 | 2 | -3/+9 |
| | | | | | This is mostly harmless but not allowed by the specification. See for example SP800-38D section 5.2.1.1 |