aboutsummaryrefslogtreecommitdiffstats
path: root/src/mac
Commit message (Collapse)AuthorAgeFilesLines
* Increase the max key length of HMAC to 512 bytes. Previously we wouldlloyd2012-01-201-1/+1
| | | | | | | | | | | | | | run into trouble in the TLS PRF with large pre-master secrets. This especially crops up in TLS 1.2 as there the entire pre master secret is fed to a single PRF (in earlier verions it is split in half). A limit of 512 bytes allows a DH group up to 4096 bits which seems good enough for now. Also catch Invalid_Key_Length in the TLS PRF and throw an exception that makes more sense - initially I was completely thrown off by the HMAC key length exception, and it took me a while to figure it out. Someone else looking at this the first time a server sends a 8192 bit DH group would be even more confused.
* Make CMAC::poly_double at least theoretically constant time, thoughlloyd2011-06-231-3/+2
| | | | most compilers will probably compile this into a conditional anyway.
* Add new top-level algorithm which provides basic functionality: namelloyd2010-11-012-3/+2
| | | | | | | | query, clearing, and cloning. Applies to ciphers, hashes, MACs, and PBKDFs. May extend to KDFs later as well. A single combined hierarchy in particular will make the algo_factory much simpler.
* Remove BufferedComputation::OUTPUT_LENGTHlloyd2010-10-2911-23/+14
|
* Eliminate the constant size_t values in SymmetricAlgorithm that givelloyd2010-10-2811-30/+34
| | | | | | | | | | | | | | | | | | | the parameters of the key length. Instead define a new function which returns a simple object which contains this information. This definitely breaks backwards compatability, though only with code that directly manipulates low level objects like BlockCipher*s directly, which is probably relatively rare. Also remove some deprecated accessor functions from lookup.h. It turns out block_size_of and output_size_of are being used in the TLS code; I need to remove them from there before I can delete these entirely. Really that didn't make much sense, because they assumed all implementations of a particular algorithm will have the same specifications, which is definitely not necessarily true, especially WRT key length. It is much safer (and probably simpler) to first retrieve an instance of the actual object you are going to use and then ask it directly.
* More size_t. Document changeslloyd2010-10-131-4/+4
|
* Remove most uses of HASH_BLOCK_SIZElloyd2010-10-132-7/+7
|
* s/BLOCK_SIZE/block_size()/lloyd2010-10-133-7/+7
|
* Use output_length() instead of OUTPUT_LENGTH pseudo-propertylloyd2010-10-134-27/+27
|
* Use size_t rather than u32bit in SymmetricAlgorithmlloyd2010-10-1310-10/+11
|
* More size_tlloyd2010-10-132-6/+6
|
* Use size_t for BufferedComputation::add_datalloyd2010-10-1210-21/+21
|
* Implicit conversionslloyd2010-09-141-1/+1
|
* Remove more implicit vector to pointer conversionslloyd2010-09-141-1/+1
|
* Completely remove the second parameter to SecureVector which specifieslloyd2010-09-142-2/+2
| | | | | | | | | | | | | | | | | | | | the initial/default length of the array, update all users to instead pass the value to the constructor. This is a old vestigal thing from a class (SecureBuffer) that used this compile-time constant in order to store the values in an array. However this was changed way back in 2002 to use the same allocator hooks as the rest of the containers, so the only advantage to using the length field was that the initial length was set and didn't have to be set in the constructor which was midly convenient. However this directly conflicts with the desire to be able to (eventually) use std::vector with a custom allocator, since of course vector doesn't support this. Fortunately almost all of the uses are in classes which have only a single constructor, so there is little to no duplication by instead initializing the size in the constructor.
* Anywhere where we use MemoryRegion::begin to get access to the raw pointerlloyd2010-09-131-1/+1
| | | | | representation (rather than in an interator context), instead use &buf[0], which works for both MemoryRegion and std::vector
* Big, invasive but mostly automated change, with a further attempt atlloyd2010-09-075-14/+14
| | | | | | | | | | | | | | harmonising MemoryRegion with std::vector: The MemoryRegion::clear() function would zeroise the buffer, but keep the memory allocated and the size unchanged. This is very different from STL's clear(), which is basically the equivalent to what is called destroy() in MemoryRegion. So to be able to replace MemoryRegion with a std::vector, we have to rename destroy() to clear() and we have to expose the current functionality of clear() in some other way, since vector doesn't support this operation. Do so by adding a global function named zeroise() which takes a MemoryRegion which is zeroed. Remove clear() to ensure all callers are updated.
* Turns out OpenSSL's implementation of PBKDF2 allows empty passphrases,lloyd2010-08-211-1/+1
| | | | | | | | | | | | | | | | | so for compatability with keys that were encrypted with an empty passphrase we probably want to support it as well. In PBKDF2, don't reject empty passphrases out of hand; simply call set_key and if the underlying MAC cannot use the key, throw an informative exception. This will also be more helpful in the case that someone tries using another MAC (say, CMAC) with a block cipher that only supports keys of specific sizes. In HMAC, allow zero-length keys. This is not really optimal in the sense of allowing the user to do something dumb, but a 1 byte key would be pretty dumb as well and we already allowed that. Add a test vector using an empty passphrase generated by OpenSSL
* Replace "@return a blah" and "@return the blah" with just "@return blah"lloyd2010-06-161-1/+1
|
* More Doxygen commentslloyd2010-06-165-4/+27
|
* More Doxygen updates/fixeslloyd2010-06-153-5/+5
|
* More Doxygen fixeslloyd2010-06-151-1/+4
|
* Fix a few hundred Doxygen warningslloyd2010-06-152-3/+3
|
* Use "/*" instead of "/**" in starting comments at the begining of a file.lloyd2010-06-072-2/+2
| | | | | This caused Doxygen to think this was markup meant for it, which really caused some clutter in the namespace page.
* Remove SecureBuffer, which is the fixed-size variant of SecureVector.lloyd2010-03-231-1/+1
| | | | | | | | | | | | | | Add a second template param to SecureVector which specifies the initial length. Change all callers to be SecureVector instead of SecureBuffer. This can go away in C++0x, once compilers implement N2712 ("Non-static data member initializers"), and we can just write code as SecureVector<byte> P{18}; instead
* Make many more headers internal-only.lloyd2009-12-164-4/+4
| | | | | | | | | | | | | Fixes for the amalgamation generator for internal headers. Remove BOTAN_DLL exporting macros from all internal-only headers; the classes/functions there don't need to be exported, and avoiding the PIC/GOT indirection can be a big win. Add missing BOTAN_DLLs where necessary, mostly gfpmath and cvc For GCC, use -fvisibility=hidden and set BOTAN_DLL to the visibility __attribute__ to export those classes/functions.
* Full working amalgamation build, plus internal-only headers concept.lloyd2009-12-166-42/+0
|
* Rename/remove some secmem member variables for better matching with STLlloyd2009-11-173-8/+8
| | | | | | | | containers (specifically vector). Rename is_empty to empty Remove has_items Rename create to resize
* Remove the 'realname' attribute on all modules and cc/cpu/os info files.lloyd2009-10-296-12/+0
| | | | | Pretty much useless and unused, except for listing the module names in build.h and the short versions totally suffice for that.
* Remove all exception specifications. The way these are designed in C++ islloyd2009-10-2211-11/+11
| | | | | | just too fragile and not that useful. Something like Java's checked exceptions might be nice, but simply killing the process entirely if an unexpected exception is thrown is not exactly useful for something trying to be robust.
* Add *s before comment lines in file headerslloyd2009-09-081-2/+2
|
* Move some files around to break up dependencies between directorieslloyd2009-07-161-0/+1
|
* Add a script that reads the output of print_deps.py and rewriteslloyd2009-07-156-4/+24
| | | | | | the info.txt files with the right module dependencies. Apply it across the codebase.
* Thomas Moschny passed along a request from the Fedora packagers which camelloyd2009-03-3012-164/+188
| | | | | | | | | | | | | | | up during the Fedora submission review, that each source file include some text about the license. One handy Perl script later and each file now has the line Distributed under the terms of the Botan license after the copyright notices. While I was in there modifying every file anyway, I also stripped out the remainder of the block comments (lots of astericks before and after the text); this is stylistic thing I picked up when I was first learning C++ but in retrospect it is not a good style as the structure makes it harder to modify comments (with the result that comments become fewer, shorter and are less likely to be updated, which are not good things).
* Rename SymmetricAlgorithm::key to key_schedule to avoid many namelloyd2008-11-0910-10/+10
| | | | conflicts/collisions
* Split base.h into block_cipher.h and stream_cipher.hlloyd2008-11-084-1/+4
| | | | | | It turned out many files were including base.h merely to get other includes (like types.h, secmem.h, and exceptn.h). Those have been changed to directly include the files containing the declarations that code needs.
* Move BufferedComputation to new buf_comp.{h,cpp}lloyd2008-11-083-0/+38
|
* Move mac base classes from src/core to src/maclloyd2008-11-081-0/+56
|
* Move declaration of MessageAuthenticationCode base class to mac.h (from base.h)lloyd2008-11-085-4/+5
|
* Move the declaration of the HashFunction base class to a new header hash.hlloyd2008-11-082-1/+2
| | | | (from base.h)
* Doxygen commentlloyd2008-10-151-3/+3
|
* Add trailing H__ to some header guards. Line wrap long comment.lloyd2008-10-131-2/+2
|
* Add BOTAN_DLL macro to public class definitions that were missing it.lloyd2008-10-091-1/+1
|
* Remove lookup.h from X9.31 PRNG, X9.19 MAC, SSLv3 MAC, PBKDF1lloyd2008-09-304-18/+35
|
* Remove lookup from Randpool, HMAC, CMAC, CBC-MAC, TLS-PRF, and PBKDF2lloyd2008-09-306-18/+26
|
* Remove lookup dependency on CMAC: takes a BlockCipher as constructor arglloyd2008-09-302-12/+12
|
* Rename all modinfo.txt files to info.txt, since they are all (none) oflloyd2008-09-295-0/+0
| | | | | them modules now. In any case there is no distinction so info.txt seems better.
* Move all modules into src/ directorylloyd2008-09-2815-0/+769