aboutsummaryrefslogtreecommitdiffstats
path: root/src/pubkey/ecdsa
Commit message (Collapse)AuthorAgeFilesLines
* Fairly huge update that replaces the old secmem types with std::vectorlloyd2012-05-182-5/+5
| | | | | | using a custom allocator. Currently our allocator just does new/delete with a memset before deletion, and the mmap and mlock allocators have been removed.
* Multi-expoentiation, using the single bit variation. Using a 2 or 3lloyd2011-06-011-1/+2
| | | | | | bit window may well improve things further. Currently seeing 20-25% improvement in ECDSA signature verification and 25 to 40% in GOST-34.10 verifications.
* Reject s == 0 or r == 0 in a ECC signature.lloyd2011-05-191-1/+1
| | | | | | | | | | | | | | | In ECDSA, this cases should all be caught by the later check that R is not zero, so I don't believe there is any security danger. However the GOST 34.10 implementation did not have either check. Fortunately, the function that extracts the affine X coordinate from the Jacobian coordinates will throw an exception if the point is at infinity, so we would not in fact accept invalid signatures, but this is mostly by luck. And still represents a bit of a DoS potential. I checked the history, it looks like not checking for zeros at the start traces back to the original InSiTo code, and I copied the ECDSA code for GOST without thinking about it too much.
* ECC private keys had two different constructors, one taking a grouplloyd2011-04-082-13/+11
| | | | | | | | | | | | | | | | and a random number generator, and the other taking a group and a preset private key value. The DL private keys instead have on constructor for this; if the x value is zero, then a new random key is created. For consistency, do this with ECC as well. ECDH actually didn't have one of these constructors, forcing you to either load from PKCS #8 or else use a random key. Rename EC_Domain_Params to EC_Group, with a typedef for compatability. More doc updates. Update mtn ignores for Sphinx output
* Use size_t instead of u32bit in all of pubkeylloyd2010-10-122-15/+15
|
* If we generate a k such that s or r is 0, don't fail, simply retrylloyd2010-09-261-11/+13
| | | | with a new k.
* First set of changes for avoiding use implicit vector->pointer conversionslloyd2010-09-131-2/+2
|
* More Doxygen updates/fixeslloyd2010-06-151-0/+6
|
* Fix a few hundred Doxygen warningslloyd2010-06-151-2/+4
|
* KeyPair::check_key's behavior of throwing an exception upon failure waslloyd2010-03-212-0/+15
| | | | | | | | | | | | | | not useful; in all cases, we immediately caught it and then returned false. Modify as follows: - Create the pubkey objects inside the checking code, so calling code doesn't need to do it. - Return true/false for pass/fail Also add consistency checking for ECDSA keys
* Use a Modular_Reducer in ECDSA oplloyd2010-03-132-6/+8
|
* Deconstify PK_Ops. It's quite reasonable that some op will want tolloyd2010-03-092-4/+4
| | | | | | | | | | | | | precompute only as needed, or will want to access some other expensive resource or etc. Change how the secret for generating blinding is done in cases where a PRNG isn't available. Use the operations public op to hide the secret, for instance the seed for a DH blinding variable is 2^x mod p. Make use of being able to mutate internal structures in the RW signer, since that does have access to a PRNG, so use it to initialize the blinder on first call to sign().
* Remove the now no-op classes PK_Encrypting_Key,lloyd2010-03-081-4/+2
| | | | | PK_Decrypting_Key, PK_Signing_Key, PK_Verifying_with_MR_Key, and PK_Verifying_wo_MR_Key.
* Constify sign and verify opslloyd2010-03-052-6/+6
|
* Remove ECDSA_PublicKey::verifylloyd2010-03-052-40/+0
|
* Rename PK_Ops::Signature_Operation to PK_Ops::Signaturelloyd2010-03-051-1/+1
| | | | Rename PK_Ops::KA_Operation to PK_Ops::Key_Agreement
* Add verification ops for all signature key typeslloyd2010-03-052-0/+49
|
* Remove the sign() operation from the public key objects, totally replacedlloyd2010-03-052-45/+6
| | | | | | by using the ops. Add real ECDSA test vectors (two found in ANSI X9.62)
* Add signature generation operation classes. Remove sign() fromlloyd2010-03-052-0/+55
| | | | | | PK_Signing_Key, though for the moment the class remains because there are a few pieces of code that use it to detect if signatures are supported, or for passing to functions in look_pk
* Add similar decoding constructors to the private keyslloyd2010-03-041-5/+4
|
* Add a new constructor to each public key algorithm (only the publiclloyd2010-03-041-14/+14
| | | | | | | keys so far, private keys not changed) that takes an AlgorithmIdentifier and a MemoryRegion<byte>&. This performs the X.509 decoding. It is not possible anymore to create uninitialized PK objects.
* Add some simple constructors to the EC_ base key types to simplifylloyd2010-03-022-36/+7
| | | | the various implementations
* Kill ECKAEG_Oplloyd2010-03-021-2/+0
|
* Remove ECDSA_Op and its attendant bitslloyd2010-03-026-281/+45
|
* Remove auto_ptr from ECC key typeslloyd2010-03-023-154/+40
|
* Remove a fairly useless member of EC_PublicKey that was only used forlloyd2010-03-022-46/+0
| | | | | | | handling ImplicitCA ECDSA keys in the CVC code. Currently dealt with in CVC by simply commenting out the calls - CVC is already pretty broken and I'd much rather have ECC sane and under control and CVC totally broken than ECC remaining in its current state.
* Clean up EC_Domain_Paramslloyd2010-03-011-1/+1
|
* Use a Modular_Reducer in ECDSA op for reductions mod the order of the grouplloyd2010-02-252-18/+9
|
* Move contents of gfpmath to numbertheory. Adjust dependencies.lloyd2010-02-251-1/+0
|
* Convert PointGFp::get_affine_{x,y} to return just the BigInt valuelloyd2010-02-251-3/+3
|
* Remove PointGFp::mult_this_securelloyd2010-02-242-5/+3
|
* Add copyright and license notes to pretty much every file that didn't have them,lloyd2009-12-311-2/+2
| | | | | | | | including the examples and self-test code. Most of these files had not copyright/license information at all; since a major point of the examples is to allow users to copy and paste code that already does something they want, an ambigious license is not good.
* Remove unneeded iostream/stdio includeslloyd2009-12-211-3/+0
|
* Add missing BOTAN_DLL exports.lloyd2009-12-161-1/+1
| | | | Move most of the engine headers to internal
* Full working amalgamation build, plus internal-only headers concept.lloyd2009-12-161-11/+0
|
* Much cleaning up in ECDSA, though it's still rather a mess (and 50x slowerlloyd2009-11-186-151/+109
| | | | than OpenSSL... that's a problem for another branch though).
* Make set_all_values in {ECDSA,ECKAEG}_{Public,Private}Key all non-virtual;lloyd2009-11-101-3/+2
| | | | | | | virtual-ness not needed, and was overriding/overloading by argument which doesn't actually work in C++ and only happened to work because it was only ever used with the version implemented in that same class. ICC was warning, too. Make non-virtual.
* Remove the 'realname' attribute on all modules and cc/cpu/os info files.lloyd2009-10-291-2/+0
| | | | | Pretty much useless and unused, except for listing the module names in build.h and the short versions totally suffice for that.
* Split up util.h into 3 fileslloyd2009-09-171-1/+0
| | | | | | | - rounding.h (round_up, round_down) - workfactor.h (dl_work_factor) - timer.h (system_time) And update all users of the previous util.h
* Move some files around to break up dependencies between directorieslloyd2009-07-161-0/+1
|
* Add a script that reads the output of print_deps.py and rewriteslloyd2009-07-151-9/+10
| | | | | | the info.txt files with the right module dependencies. Apply it across the codebase.
* Move the contents of pubkey/pubkey (which was kind of a catch-all tolloyd2009-07-151-1/+0
| | | | | | | just toplevel pubkey). This was a convention I realized made sense sometime on when I was first doing the modularization changes. Move pkcs8.* and x509_key.* to pk_codecs
* engine.h had copies of some declarations from pk_engine.h that had notlloyd2009-05-131-1/+1
| | | | | | been removed when that portion of the code was split off. Remove the duplicated code from engine.h and update some code in pubkey that still relied on the declarations in engine.h instead of pk_engine.h
* Thomas Moschny passed along a request from the Fedora packagers which camelloyd2009-03-306-49/+61
| | | | | | | | | | | | | | | up during the Fedora submission review, that each source file include some text about the license. One handy Perl script later and each file now has the line Distributed under the terms of the Botan license after the copyright notices. While I was in there modifying every file anyway, I also stripped out the remainder of the block comments (lots of astericks before and after the text); this is stylistic thing I picked up when I was first learning C++ but in retrospect it is not a good style as the structure makes it harder to modify comments (with the result that comments become fewer, shorter and are less likely to be updated, which are not good things).
* Macro cleanuplloyd2008-11-091-1/+1
|
* Remove dependency on Default_Engine from pubkey codelloyd2008-11-081-11/+1
|
* Remove spurious trailing ; after blockslloyd2008-10-131-2/+2
|
* Decruftlloyd2008-10-121-36/+27
|
* Move ECDSA_Signature into CVC module. It is not used by ECDSA directly now.lloyd2008-10-115-202/+57
| | | | Change several ECC functions to return const references instead of const values.
* Add BOTAN_DLL macro to public class definitions that were missing it.lloyd2008-10-093-11/+11
|