aboutsummaryrefslogtreecommitdiffstats
path: root/src/pubkey/rsa
Commit message (Collapse)AuthorAgeFilesLines
* Shuffle things around. Add NIST X.509 test to build.lloyd2014-01-013-284/+0
|
* Remove global_rng calls for setting up blinding, instead require a RNGlloyd2013-12-252-4/+5
| | | | | | be passed to the engine. Currently pubkey.cpp just passes along the global_rng but eventually we'll break this API and require a RNG to the constructor.
* Refuse to make RSA/RW keys under 1024 bitslloyd2013-12-061-1/+1
|
* Give everything setting a feature test macro in build.h a version codelloyd2013-11-281-1/+1
| | | | | | so application code can check for the specific API it expects without having to keep track of what versions APIs x,y,z changed. Arbitrarily set all current API versions to 20131128.
* Move assert.h from internal to very public (included in types.h)lloyd2013-03-131-1/+0
| | | | | | This reduces friction to writing an assert, so hopefully there will be more of them as a result. And we can use asserts in public headers now, very useful for templates.
* In RSA and RW signers, add the message contents to the RNG statelloyd2012-07-191-5/+7
|
* The messages for assertion checks were done both ways, both "assertionlloyd2012-07-091-1/+1
| | | | | | X is true" and "assertion X is false". Convert all of them to the form "assertion X is true" thus making it clear what it is that we are attempting to assert by testing the expression provided.
* Put an upper bound on the blinding value to 160 bits. This seems to belloyd2012-06-171-1/+1
| | | | | | plenty sufficient, and reduces the overhead of setting up the blinder (in terms of exponent size and the cost of computing modular inverses).
* Fairly huge update that replaces the old secmem types with std::vectorlloyd2012-05-182-10/+10
| | | | | | using a custom allocator. Currently our allocator just does new/delete with a memset before deletion, and the mmap and mlock allocators have been removed.
* Post-merge fixupslloyd2010-10-131-0/+1
|
* propagate from branch 'net.randombit.botan' (head ↵lloyd2010-10-131-3/+4
|\ | | | | | | | | | | 2898d79f992f27a328a3e41d34b46eb1052da0de) to branch 'net.randombit.botan.c++0x' (head 6cba76268fd69a73195760c021b7f881b8a6552c)
| * propagate from branch 'net.randombit.botan' (head ↵lloyd2010-06-171-1/+7
| |\ | | | | | | | | | | | | | | | 294e2082ce9231d6165276e2f2a4153a0116aca3) to branch 'net.randombit.botan.c++0x' (head 0b695fad10f924601e07b009fcd781191fafcb28)
| * \ propagate from branch 'net.randombit.botan' (head ↵lloyd2010-03-211-2/+4
| |\ \ | | | | | | | | | | | | | | | | | | | | 96d0a1885774b624812fd143d541c8bcda319217) to branch 'net.randombit.botan.c++0x' (head e14368ab9d7976f3e111c6bc0adf24eebeb7c114)
| | * \ propagate from branch 'net.randombit.botan' (head ↵lloyd2010-03-102-6/+1
| | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | 74e9e8642943d126a5e5efa5be1da8351f0fb6d7) to branch 'net.randombit.botan.c++0x' (head 24371f742c2a1c7e5f3aace364fbb21e01c94657)
| | * | | Add back async use for RSA, NR, DSA (was lost in mainline merge)lloyd2010-03-091-1/+3
| | | | |
| | * | | propagate from branch 'net.randombit.botan' (head ↵lloyd2010-03-091-1/+1
| | |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 9932d4d63417f7fcc199ada244cbaa6c1c32d9c1) to branch 'net.randombit.botan.c++0x' (head f4a385a376311edc62ef506c72cc56f69e6efd5a)
| | | * \ \ propagate from branch 'net.randombit.botan' (head ↵lloyd2009-12-161-7/+0
| | | |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 744dccf92270cf16b80b50ee2759424c9866b256) to branch 'net.randombit.botan.c++0x' (head 2aa1acac1d05e8ea9991fe39015b1db9abc3b24e)
| | | * | | | Remove to_string, replacing with std::to_stringlloyd2009-11-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Convert to_u32bit to use the new C++0x library func stoul instead of hand-written code.
* | | | | | | Use size_t instead of u32bit in all of pubkeylloyd2010-10-122-10/+10
| | | | | | |
* | | | | | | Use BOTAN_ASSERT in various placeslloyd2010-09-261-2/+3
| | | | | | |
* | | | | | | In RSA and RW key generation, if we generate a key that isn't exactlylloyd2010-09-221-5/+6
| |_|_|_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the requested bitsize, simply repeat instead of failing immediately. The condition could actually occur in practice if a prime that was on the very low end of the specified range was chosen (eg q happened to be chosen as 10000...001).
* | | | | | More Doxygen updates/fixeslloyd2010-06-151-1/+7
|/ / / / /
* | | | | Move where pk_ops is included, remove rng.h from dl_algo.hlloyd2010-03-211-0/+1
| | | | |
* | | | | KeyPair::check_key's behavior of throwing an exception upon failure waslloyd2010-03-211-15/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | not useful; in all cases, we immediately caught it and then returned false. Modify as follows: - Create the pubkey objects inside the checking code, so calling code doesn't need to do it. - Return true/false for pass/fail Also add consistency checking for ECDSA keys
* | | | | There are some nasty API problems that are caused by having to pass alloyd2010-03-191-1/+2
| |_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | PRNG everywhere. The removal of the global PRNG was generated by a desire to remove the global library state entirely. However the real point of this was to remove the use of globally visible _mutable_ state; of the mutable state, the PRNG is probably the least important, and the most useful to share. And it seems unlikely that thread contention would be a major issue in the PRNG. Add back a global PRNG to Library_State. Use lazy initialization, so apps that don't ever use a PRNG don't need a seeding step. Then have AutoSeeded_RNG call that global PRNG. Offer once again RandomNumberGenerator& Library_State::global_rng(); which returns a reference to the global PRNG. This RNG object serializes access to itself with a mutex. Remove the hack known as Blinding::choose_nonce, replace with using the global PRNG to choose a blinding nonce
* | | | Remove decls of removed RSA encrypt/decryptlloyd2010-03-091-5/+0
| | | |
* | | | De-name unused rng arglloyd2010-03-091-1/+1
|/ / /
* | | Deconstify PK_Ops. It's quite reasonable that some op will want tolloyd2010-03-092-7/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | precompute only as needed, or will want to access some other expensive resource or etc. Change how the secret for generating blinding is done in cases where a PRNG isn't available. Use the operations public op to hide the secret, for instance the seed for a DH blinding variable is 2^x mod p. Make use of being able to mutate internal structures in the RW signer, since that does have access to a PRNG, so use it to initialize the blinder on first call to sign().
* | | Add back RSA consistency checking (decrypt only)lloyd2010-03-092-3/+8
| | |
* | | Remove decls of unimplemented functionslloyd2010-03-081-3/+0
| | |
* | | Add back in blinding to RSA, RW, ElGamal, and DH.lloyd2010-03-082-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are multiple unsatisfactory elements to the current solution, as compared to how blinding was previously done: Firstly, blinding is only used in the baseline implementations; the code using OpenSSL and GMP is not protected by blinding at all. Secondly, at the point we need to set up blinding, there is no access to a PRNG. Currently I am going with a quite nasty solution, of using a private key parameter to seed a simple PRNG constructed as: SHA-512(TS1 || private_key_param || public_key_param || TS2) I really want to fix both of these elements but I'm not sure how to do so easily.
* | | Modify pubkey classes to take names instead of object pointers.lloyd2010-03-081-8/+4
| | | | | | | | | | | | | | | Remove use of look_pk from the source and examples, instead instantiate classes directly.
* | | Remove the now no-op classes PK_Encrypting_Key,lloyd2010-03-081-5/+1
| | | | | | | | | | | | | | | PK_Decrypting_Key, PK_Signing_Key, PK_Verifying_with_MR_Key, and PK_Verifying_wo_MR_Key.
* | | Remove unused variablelloyd2010-03-051-1/+0
| | |
* | | Remove IF_Corelloyd2010-03-052-51/+3
| | |
* | | Add RSA encrypt/decrypt opslloyd2010-03-052-21/+60
| | |
* | | Constify sign and verify opslloyd2010-03-052-5/+5
| | |
* | | Remove sign and verify ops from key typeslloyd2010-03-052-11/+0
| | |
* | | Rename PK_Ops::Signature_Operation to PK_Ops::Signaturelloyd2010-03-051-1/+1
| | | | | | | | | | | | Rename PK_Ops::KA_Operation to PK_Ops::Key_Agreement
* | | Add verification ops for all signature key typeslloyd2010-03-051-0/+21
| | |
* | | Remove the sign() operation from the public key objects, totally replacedlloyd2010-03-052-13/+1
| | | | | | | | | | | | | | | | | | by using the ops. Add real ECDSA test vectors (two found in ANSI X9.62)
* | | Add signature generation operation classes. Remove sign() fromlloyd2010-03-052-0/+42
| | | | | | | | | | | | | | | | | | PK_Signing_Key, though for the moment the class remains because there are a few pieces of code that use it to detect if signatures are supported, or for passing to functions in look_pk
* | | Remove IF_Scheme_PrivateKey::PKCS8_load_hooklloyd2010-03-042-7/+11
| | |
* | | New IF constructors, simplifies RSA/RWlloyd2010-03-042-38/+15
| | |
* | | Remove more load hookslloyd2010-03-042-2/+5
| | |
* | | Add similar decoding constructors to the private keyslloyd2010-03-041-5/+7
| | |
* | | Add a new constructor to each public key algorithm (only the publiclloyd2010-03-041-1/+4
| |/ |/| | | | | | | | | | | keys so far, private keys not changed) that takes an AlgorithmIdentifier and a MemoryRegion<byte>&. This performs the X.509 decoding. It is not possible anymore to create uninitialized PK objects.
* | Full working amalgamation build, plus internal-only headers concept.lloyd2009-12-161-7/+0
|/
* Remove the 'realname' attribute on all modules and cc/cpu/os info files.lloyd2009-10-291-2/+0
| | | | | Pretty much useless and unused, except for listing the module names in build.h and the short versions totally suffice for that.
* Reasonably functional RSA support; keygen, import/export, encrypt/decrypt, ↵lloyd2009-10-091-1/+7
| | | | sign/verify
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-26 06:41:26 +0000