aboutsummaryrefslogtreecommitdiffstats
path: root/src/pubkey/pk_keys.h
Commit message (Collapse)AuthorAgeFilesLines
* Add Public_Key::estimated_strength which gives an approximation of howlloyd2012-07-271-0/+11
| | | | | | | hard that key is to break. Use it in cert path validation, rejecting keys with estimated strength less than 80 bits.
* Fairly huge update that replaces the old secmem types with std::vectorlloyd2012-05-181-3/+3
| | | | | | using a custom allocator. Currently our allocator just does new/delete with a memset before deletion, and the mmap and mlock allocators have been removed.
* Use size_t instead of u32bit in all of pubkeylloyd2010-10-121-3/+3
|
* Replace "@return a blah" and "@return the blah" with just "@return blah"lloyd2010-06-161-5/+5
|
* Require all PK keys implement check_key. Add for ECC keys.lloyd2010-06-161-2/+2
|
* Doxygen commentslloyd2010-06-161-3/+19
|
* Fix a few hundred Doxygen warningslloyd2010-06-151-1/+1
|
* New BER encoding funcs for PKCS and X.509. Remove Private_Key dep herelloyd2010-06-151-2/+0
|
* Some PKCS #8 simplificationslloyd2010-06-141-0/+2
|
* Remove the now no-op classes PK_Encrypting_Key,lloyd2010-03-081-35/+0
| | | | | PK_Decrypting_Key, PK_Signing_Key, PK_Verifying_with_MR_Key, and PK_Verifying_wo_MR_Key.
* Add ops for ElGamal encryption and decryption.lloyd2010-03-051-7/+0
| | | | | Note: blinding is not currently being used for RSA, RW, DH or ElGamal, which used to have them. This should be added back before release.
* Add verification ops for all signature key typeslloyd2010-03-051-7/+0
|
* Add signature generation operation classes. Remove sign() fromlloyd2010-03-051-4/+0
| | | | | | PK_Signing_Key, though for the moment the class remains because there are a few pieces of code that use it to detect if signatures are supported, or for passing to functions in look_pk
* This checkin represents a pretty major change in how PK operations arelloyd2010-03-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | performed. Up until now, each key object (eg DSA_PublicKey or ECDH_PrivateKey) had two jobs: contain the key material, and know how to perform any operations on that key. However because of a desire to support alternative implementations (GNU MP, hardware, whatever), there was a notion of operations, with the key objects containing an op that they got via engine rather than actually implementing the underlying algorithms directly. Now, represent the operation as an abstract interface (typically mapping a byte string to a byte string), and pass a plain Public_Key& or Private_Key& to the engine. The engine does any checks it wants (eg based on name, typeid, key sizes, etc), and either returns nothing (I'll pass) or a pointer to a new operation that represents signatures or encryption or what-have-you using that key. This means that plain key objects no longer contain operations. This is a major break with the traditional interface. On the other hand, using these 'bare' operations without padding, KDFs, etc is 99% of the time a bad idea anyway (and if you really need them, there are options so you get the bare op but via the pubkey.h interfaces). Currently this change is only implemented for DH and ECDH (ie, key agreement algorithms). Additionally the optional engines (gnump and openssl) have not been updated. I'll probably wait to touch those until after I can change them all in one go for all algos.
* Quite the hack, here.lloyd2010-03-041-0/+7
| | | | | | | | | | | | | | | | | GOST 34.10 public keys use a funky encoding. There is no standard for PKCS #8 format private keys, so the obvious choice is to act exactly the same as ECDSA/ECDH (following the rule of thumb that if you're going to make up a random non-standard thing, at least try to copy something that's standard for something else). However the public key encoding uses a weird scheme for encoding the OID in the algorithm identifier, which we don't want to use for the PKCS #8 encoding. Add a new function to Private_Key, pkcs8_algorithm_identifier, which by default just calls algorithm_identifier(). However GOST_3410_PrivateKey overrides it, and calls EC_PublicKey::algorithm_identifier(), basically skipping over the virtual function hierarchy, so it doesn't pick up the funky format from the public key's version of algorithm_identifier().
* Kill pkcs8_decoderlloyd2010-03-041-7/+0
|
* Remove X509_Decoder. Fix GOST-34.10 DER constructor (was default to normal ECC)lloyd2010-03-041-7/+0
|
* Kill pkcs8_encoderlloyd2010-03-041-8/+0
|
* Add a pkcs8_private_key similiar to x509_subject_public_keylloyd2010-03-041-0/+5
|
* Add a new function to public key x509_subject_public_key which returnslloyd2010-03-041-3/+2
| | | | | what x509_encoder()->key_bits() used to return. This is much simpler than using the explicit encoder objects. Remove X509_Encoder entirely.
* Add a new function to Public_Key, algorithm_identifier(), which justlloyd2010-03-041-0/+6
| | | | | returns the AlgorithmIdentifier representing this scheme (OID + domain params if any).
* Move the contents of pubkey/pubkey (which was kind of a catch-all tolloyd2009-07-151-0/+180
just toplevel pubkey). This was a convention I realized made sense sometime on when I was first doing the modularization changes. Move pkcs8.* and x509_key.* to pk_codecs