aboutsummaryrefslogtreecommitdiffstats
path: root/src/pubkey
Commit message (Collapse)AuthorAgeFilesLines
* Deconstify PK_Ops. It's quite reasonable that some op will want tolloyd2010-03-0919-101/+59
| | | | | | | | | | | | | precompute only as needed, or will want to access some other expensive resource or etc. Change how the secret for generating blinding is done in cases where a PRNG isn't available. Use the operations public op to hide the secret, for instance the seed for a DH blinding variable is 2^x mod p. Make use of being able to mutate internal structures in the RW signer, since that does have access to a PRNG, so use it to initialize the blinder on first call to sign().
* Add back RSA consistency checking (decrypt only)lloyd2010-03-092-3/+8
|
* Have PK_Signer check the validity of all signatures before releasing.lloyd2010-03-092-8/+52
| | | | Should help against many forms of fault attacks.
* Use preexisting powermod precomputations for setting up blinderslloyd2010-03-092-2/+2
|
* Remove decls of unimplemented functionslloyd2010-03-081-3/+0
|
* Blinder::choose_nonce added a single byte of the timestamps 8 times,lloyd2010-03-081-2/+2
| | | | instead of each byte once...
* Add back in blinding to RSA, RW, ElGamal, and DH.lloyd2010-03-0811-17/+175
| | | | | | | | | | | | | | | | There are multiple unsatisfactory elements to the current solution, as compared to how blinding was previously done: Firstly, blinding is only used in the baseline implementations; the code using OpenSSL and GMP is not protected by blinding at all. Secondly, at the point we need to set up blinding, there is no access to a PRNG. Currently I am going with a quite nasty solution, of using a private key parameter to seed a simple PRNG constructed as: SHA-512(TS1 || private_key_param || public_key_param || TS2) I really want to fix both of these elements but I'm not sure how to do so easily.
* Rename PK_Encryptor_MR_with_EME and PK_Decryptor_MR_with_EME tolloyd2010-03-083-38/+40
| | | | | PK_Encryptor_EME and PK_Decryptor_EME; the message recovery is somewhat implicit in the recovery of the plaintext.
* Modify pubkey classes to take names instead of object pointers.lloyd2010-03-089-56/+44
| | | | | Remove use of look_pk from the source and examples, instead instantiate classes directly.
* Have the constructors in pubkey.h take all arguments look_pk does, andlloyd2010-03-082-30/+46
| | | | convert look_pk to simple forwarders.
* Remove the now no-op classes PK_Encrypting_Key,lloyd2010-03-0811-71/+23
| | | | | PK_Decrypting_Key, PK_Signing_Key, PK_Verifying_with_MR_Key, and PK_Verifying_wo_MR_Key.
* Remove unused variablelloyd2010-03-051-1/+0
|
* Set domain_encoding enum in all EC key constructorslloyd2010-03-051-10/+15
|
* Remove IF_Corelloyd2010-03-0511-304/+7
|
* Add RSA encrypt/decrypt opslloyd2010-03-052-21/+60
|
* Add ops for ElGamal encryption and decryption.lloyd2010-03-0510-341/+160
| | | | | Note: blinding is not currently being used for RSA, RW, DH or ElGamal, which used to have them. This should be added back before release.
* Constify sign and verify opslloyd2010-03-0513-41/+50
|
* Remove sign and verify ops from key typeslloyd2010-03-056-109/+0
|
* Remove ECDSA_PublicKey::verifylloyd2010-03-052-40/+0
|
* Rename PK_Ops::Signature_Operation to PK_Ops::Signaturelloyd2010-03-0510-14/+14
| | | | Rename PK_Ops::KA_Operation to PK_Ops::Key_Agreement
* Remove NR and DSA specific hookslloyd2010-03-0513-505/+2
|
* Add verification ops for all signature key typeslloyd2010-03-0515-144/+363
|
* Remove the sign() operation from the public key objects, totally replacedlloyd2010-03-0513-155/+40
| | | | | | by using the ops. Add real ECDSA test vectors (two found in ANSI X9.62)
* Add signature generation operation classes. Remove sign() fromlloyd2010-03-0517-70/+397
| | | | | | PK_Signing_Key, though for the moment the class remains because there are a few pieces of code that use it to detect if signatures are supported, or for passing to functions in look_pk
* The operation can assume the key will continue to exist as long as it does,lloyd2010-03-042-7/+6
| | | | so keep the curve and cofactor in ECDH op by reference instead of value.
* This checkin represents a pretty major change in how PK operations arelloyd2010-03-0415-230/+189
| | | | | | | | | | | | | | | | | | | | | | | | | | | | performed. Up until now, each key object (eg DSA_PublicKey or ECDH_PrivateKey) had two jobs: contain the key material, and know how to perform any operations on that key. However because of a desire to support alternative implementations (GNU MP, hardware, whatever), there was a notion of operations, with the key objects containing an op that they got via engine rather than actually implementing the underlying algorithms directly. Now, represent the operation as an abstract interface (typically mapping a byte string to a byte string), and pass a plain Public_Key& or Private_Key& to the engine. The engine does any checks it wants (eg based on name, typeid, key sizes, etc), and either returns nothing (I'll pass) or a pointer to a new operation that represents signatures or encryption or what-have-you using that key. This means that plain key objects no longer contain operations. This is a major break with the traditional interface. On the other hand, using these 'bare' operations without padding, KDFs, etc is 99% of the time a bad idea anyway (and if you really need them, there are options so you get the bare op but via the pubkey.h interfaces). Currently this change is only implemented for DH and ECDH (ie, key agreement algorithms). Additionally the optional engines (gnump and openssl) have not been updated. I'll probably wait to touch those until after I can change them all in one go for all algos.
* Clean up PK_Key_Agreement slightlylloyd2010-03-042-21/+32
|
* Fix typoslloyd2010-03-041-2/+2
|
* Inline simple DSA funcslloyd2010-03-042-21/+6
|
* Remove ElGamal load hook functionslloyd2010-03-042-47/+23
|
* Remove NR load hookslloyd2010-03-042-58/+34
|
* Remove no-op DH_Public_Key::X509_load_hooklloyd2010-03-042-12/+1
|
* Remove DSA load hooks functionslloyd2010-03-042-32/+17
|
* Cleanupslloyd2010-03-041-5/+4
|
* Remove IF_Scheme_PrivateKey::PKCS8_load_hooklloyd2010-03-046-35/+30
|
* New IF constructors, simplifies RSA/RWlloyd2010-03-046-72/+67
|
* Remove DH_PrivateKey::PKCS8_load_hooklloyd2010-03-042-15/+23
|
* Remove unnecessary virtual destructors from ECC key base typeslloyd2010-03-041-4/+0
| | | | (already have them, via Public_Key's virtual destructor)
* Fix GOST pubkey encoding when x.bytes() != y.bytes()lloyd2010-03-041-1/+1
|
* Fix exception textlloyd2010-03-041-1/+1
|
* Quite the hack, here.lloyd2010-03-043-1/+11
| | | | | | | | | | | | | | | | | GOST 34.10 public keys use a funky encoding. There is no standard for PKCS #8 format private keys, so the obvious choice is to act exactly the same as ECDSA/ECDH (following the rule of thumb that if you're going to make up a random non-standard thing, at least try to copy something that's standard for something else). However the public key encoding uses a weird scheme for encoding the OID in the algorithm identifier, which we don't want to use for the PKCS #8 encoding. Add a new function to Private_Key, pkcs8_algorithm_identifier, which by default just calls algorithm_identifier(). However GOST_3410_PrivateKey overrides it, and calls EC_PublicKey::algorithm_identifier(), basically skipping over the virtual function hierarchy, so it doesn't pick up the funky format from the public key's version of algorithm_identifier().
* Fix GOST 34.10 pubkey encodinglloyd2010-03-042-3/+13
|
* Fix loading ElGamal keyslloyd2010-03-041-6/+4
|
* Remove more load hookslloyd2010-03-047-17/+10
|
* Remove load hooks from ECC classes, unusedlloyd2010-03-043-21/+16
|
* Kill pkcs8_decoderlloyd2010-03-048-158/+0
|
* Add similar decoding constructors to the private keyslloyd2010-03-0416-82/+164
|
* Remove X509_Decoder. Fix GOST-34.10 DER constructor (was default to normal ECC)lloyd2010-03-0410-173/+24
|
* Add a new constructor to each public key algorithm (only the publiclloyd2010-03-0419-114/+193
| | | | | | | keys so far, private keys not changed) that takes an AlgorithmIdentifier and a MemoryRegion<byte>&. This performs the X.509 decoding. It is not possible anymore to create uninitialized PK objects.
* The code in pk_codecs was actually entirely tied to the code inlloyd2010-03-049-10/+6
| | | | | | pubkey; you literally could not compile any pubkey code without it. Move it up to the pubkey dir, it wasn't at all useful to have it in its own dir.