| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
using a custom allocator. Currently our allocator just does new/delete
with a memset before deletion, and the mmap and mlock allocators have
been removed.
|
|
|
|
|
|
| |
bit window may well improve things further. Currently seeing 20-25%
improvement in ECDSA signature verification and 25 to 40% in
GOST-34.10 verifications.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In ECDSA, this cases should all be caught by the later check that R is
not zero, so I don't believe there is any security danger.
However the GOST 34.10 implementation did not have either check.
Fortunately, the function that extracts the affine X coordinate from
the Jacobian coordinates will throw an exception if the point is at
infinity, so we would not in fact accept invalid signatures, but this
is mostly by luck. And still represents a bit of a DoS potential.
I checked the history, it looks like not checking for zeros at the
start traces back to the original InSiTo code, and I copied the ECDSA
code for GOST without thinking about it too much.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and a random number generator, and the other taking a group and a
preset private key value. The DL private keys instead have on
constructor for this; if the x value is zero, then a new random key is
created. For consistency, do this with ECC as well.
ECDH actually didn't have one of these constructors, forcing you to
either load from PKCS #8 or else use a random key.
Rename EC_Domain_Params to EC_Group, with a typedef for compatability.
More doc updates.
Update mtn ignores for Sphinx output
|
| |
|
|
|
|
| |
with a new k.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
not useful; in all cases, we immediately caught it and then returned
false.
Modify as follows:
- Create the pubkey objects inside the checking code, so calling code
doesn't need to do it.
- Return true/false for pass/fail
Also add consistency checking for ECDSA keys
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
precompute only as needed, or will want to access some other expensive
resource or etc.
Change how the secret for generating blinding is done in cases where a
PRNG isn't available. Use the operations public op to hide the secret,
for instance the seed for a DH blinding variable is 2^x mod p.
Make use of being able to mutate internal structures in the RW signer,
since that does have access to a PRNG, so use it to initialize the
blinder on first call to sign().
|
|
|
|
|
| |
PK_Decrypting_Key, PK_Signing_Key, PK_Verifying_with_MR_Key, and
PK_Verifying_wo_MR_Key.
|
| |
|
| |
|
|
|
|
| |
Rename PK_Ops::KA_Operation to PK_Ops::Key_Agreement
|
| |
|
|
|
|
|
|
| |
by using the ops.
Add real ECDSA test vectors (two found in ANSI X9.62)
|
|
|
|
|
|
| |
PK_Signing_Key, though for the moment the class remains because there
are a few pieces of code that use it to detect if signatures are
supported, or for passing to functions in look_pk
|
| |
|
|
|
|
|
|
|
| |
keys so far, private keys not changed) that takes an
AlgorithmIdentifier and a MemoryRegion<byte>&. This performs the X.509
decoding. It is not possible anymore to create uninitialized PK
objects.
|
|
|
|
| |
the various implementations
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
handling ImplicitCA ECDSA keys in the CVC code. Currently dealt with
in CVC by simply commenting out the calls - CVC is already pretty
broken and I'd much rather have ECC sane and under control and CVC
totally broken than ECC remaining in its current state.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
including the examples and self-test code.
Most of these files had not copyright/license information at all; since a major
point of the examples is to allow users to copy and paste code that already
does something they want, an ambigious license is not good.
|
| |
|
|
|
|
| |
Move most of the engine headers to internal
|
| |
|
|
|
|
| |
than OpenSSL... that's a problem for another branch though).
|
|
|
|
|
|
|
| |
virtual-ness not needed, and was overriding/overloading by argument which
doesn't actually work in C++ and only happened to work because it was only
ever used with the version implemented in that same class. ICC was warning,
too. Make non-virtual.
|
|
|
|
|
| |
Pretty much useless and unused, except for listing the module names in
build.h and the short versions totally suffice for that.
|
|
|
|
|
|
|
| |
- rounding.h (round_up, round_down)
- workfactor.h (dl_work_factor)
- timer.h (system_time)
And update all users of the previous util.h
|
| |
|
|
|
|
|
|
| |
the info.txt files with the right module dependencies.
Apply it across the codebase.
|
|
|
|
|
|
|
| |
just toplevel pubkey). This was a convention I realized made sense sometime
on when I was first doing the modularization changes.
Move pkcs8.* and x509_key.* to pk_codecs
|
|
|
|
|
|
| |
been removed when that portion of the code was split off. Remove the
duplicated code from engine.h and update some code in pubkey that still
relied on the declarations in engine.h instead of pk_engine.h
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
up during the Fedora submission review, that each source file include some
text about the license. One handy Perl script later and each file now has
the line
Distributed under the terms of the Botan license
after the copyright notices.
While I was in there modifying every file anyway, I also stripped out the
remainder of the block comments (lots of astericks before and after the
text); this is stylistic thing I picked up when I was first learning C++
but in retrospect it is not a good style as the structure makes it harder
to modify comments (with the result that comments become fewer, shorter and
are less likely to be updated, which are not good things).
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Change several ECC functions to return const references instead of const values.
|
| |
|