| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
precompute only as needed, or will want to access some other expensive
resource or etc.
Change how the secret for generating blinding is done in cases where a
PRNG isn't available. Use the operations public op to hide the secret,
for instance the seed for a DH blinding variable is 2^x mod p.
Make use of being able to mutate internal structures in the RW signer,
since that does have access to a PRNG, so use it to initialize the
blinder on first call to sign().
|
| |
|
|
|
|
| |
Should help against many forms of fault attacks.
|
| |
|
| |
|
|
|
|
| |
instead of each byte once...
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are multiple unsatisfactory elements to the current solution,
as compared to how blinding was previously done:
Firstly, blinding is only used in the baseline implementations; the code
using OpenSSL and GMP is not protected by blinding at all.
Secondly, at the point we need to set up blinding, there is no access
to a PRNG. Currently I am going with a quite nasty solution, of using
a private key parameter to seed a simple PRNG constructed as:
SHA-512(TS1 || private_key_param || public_key_param || TS2)
I really want to fix both of these elements but I'm not sure how to do
so easily.
|
|
|
|
|
| |
PK_Encryptor_EME and PK_Decryptor_EME; the message recovery is somewhat
implicit in the recovery of the plaintext.
|
|
|
|
|
| |
Remove use of look_pk from the source and examples, instead
instantiate classes directly.
|
|
|
|
| |
convert look_pk to simple forwarders.
|
|
|
|
|
| |
PK_Decrypting_Key, PK_Signing_Key, PK_Verifying_with_MR_Key, and
PK_Verifying_wo_MR_Key.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Note: blinding is not currently being used for RSA, RW, DH or ElGamal,
which used to have them. This should be added back before release.
|
| |
|
| |
|
| |
|
|
|
|
| |
Rename PK_Ops::KA_Operation to PK_Ops::Key_Agreement
|
| |
|
| |
|
|
|
|
|
|
| |
by using the ops.
Add real ECDSA test vectors (two found in ANSI X9.62)
|
|
|
|
|
|
| |
PK_Signing_Key, though for the moment the class remains because there
are a few pieces of code that use it to detect if signatures are
supported, or for passing to functions in look_pk
|
|
|
|
| |
so keep the curve and cofactor in ECDH op by reference instead of value.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
performed. Up until now, each key object (eg DSA_PublicKey or
ECDH_PrivateKey) had two jobs: contain the key material, and know how
to perform any operations on that key. However because of a desire to
support alternative implementations (GNU MP, hardware, whatever),
there was a notion of operations, with the key objects containing an
op that they got via engine rather than actually implementing the
underlying algorithms directly.
Now, represent the operation as an abstract interface (typically
mapping a byte string to a byte string), and pass a plain Public_Key&
or Private_Key& to the engine. The engine does any checks it wants (eg
based on name, typeid, key sizes, etc), and either returns nothing
(I'll pass) or a pointer to a new operation that represents signatures
or encryption or what-have-you using that key.
This means that plain key objects no longer contain operations. This
is a major break with the traditional interface. On the other hand,
using these 'bare' operations without padding, KDFs, etc is 99% of the
time a bad idea anyway (and if you really need them, there are options
so you get the bare op but via the pubkey.h interfaces).
Currently this change is only implemented for DH and ECDH (ie, key
agreement algorithms). Additionally the optional engines (gnump and
openssl) have not been updated. I'll probably wait to touch those
until after I can change them all in one go for all algos.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
(already have them, via Public_Key's virtual destructor)
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GOST 34.10 public keys use a funky encoding. There is no standard for
PKCS #8 format private keys, so the obvious choice is to act exactly
the same as ECDSA/ECDH (following the rule of thumb that if you're
going to make up a random non-standard thing, at least try to copy
something that's standard for something else). However the public key
encoding uses a weird scheme for encoding the OID in the algorithm
identifier, which we don't want to use for the PKCS #8 encoding.
Add a new function to Private_Key, pkcs8_algorithm_identifier, which
by default just calls algorithm_identifier(). However
GOST_3410_PrivateKey overrides it, and calls
EC_PublicKey::algorithm_identifier(), basically skipping over the
virtual function hierarchy, so it doesn't pick up the funky format
from the public key's version of algorithm_identifier().
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
keys so far, private keys not changed) that takes an
AlgorithmIdentifier and a MemoryRegion<byte>&. This performs the X.509
decoding. It is not possible anymore to create uninitialized PK
objects.
|
|
|
|
|
|
| |
pubkey; you literally could not compile any pubkey code without it.
Move it up to the pubkey dir, it wasn't at all useful to have it
in its own dir.
|