Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add more comments explaining what is going on in dl_work_factor | lloyd | 2012-03-30 | 2 | -28/+29 |
| | |||||
* | Typo in comment | lloyd | 2012-03-09 | 1 | -1/+1 |
| | |||||
* | Support ECDH key creation in the key factory function. Patch from Sean | lloyd | 2012-02-03 | 1 | -0/+14 |
| | | | | Cassidy, sent to the mailing list. | ||||
* | Whitespace | lloyd | 2012-02-02 | 2 | -4/+3 |
| | |||||
* | Multi-expoentiation, using the single bit variation. Using a 2 or 3 | lloyd | 2011-06-01 | 2 | -2/+4 |
| | | | | | | bit window may well improve things further. Currently seeing 20-25% improvement in ECDSA signature verification and 25 to 40% in GOST-34.10 verifications. | ||||
* | PointGFp::get_affine_{x,y} doesn't return a reference | lloyd | 2011-05-31 | 1 | -2/+2 |
| | |||||
* | Move the curve over GF(p) code back into its own subdir | lloyd | 2011-05-19 | 2 | -2/+4 |
| | |||||
* | Reject s == 0 or r == 0 in a ECC signature. | lloyd | 2011-05-19 | 2 | -2/+5 |
| | | | | | | | | | | | | | | | In ECDSA, this cases should all be caught by the later check that R is not zero, so I don't believe there is any security danger. However the GOST 34.10 implementation did not have either check. Fortunately, the function that extracts the affine X coordinate from the Jacobian coordinates will throw an exception if the point is at infinity, so we would not in fact accept invalid signatures, but this is mostly by luck. And still represents a bit of a DoS potential. I checked the history, it looks like not checking for zeros at the start traces back to the original InSiTo code, and I copied the ECDSA code for GOST without thinking about it too much. | ||||
* | ECC private keys had two different constructors, one taking a group | lloyd | 2011-04-08 | 13 | -91/+78 |
| | | | | | | | | | | | | | | | | and a random number generator, and the other taking a group and a preset private key value. The DL private keys instead have on constructor for this; if the x value is zero, then a new random key is created. For consistency, do this with ECC as well. ECDH actually didn't have one of these constructors, forcing you to either load from PKCS #8 or else use a random key. Rename EC_Domain_Params to EC_Group, with a typedef for compatability. More doc updates. Update mtn ignores for Sphinx output | ||||
* | Remove inclusions of unused headers. | lloyd | 2011-02-10 | 1 | -1/+0 |
| | | | | Avoid using auto_ptr in the CVC headers. | ||||
* | Convert the BER/DER coders to use size_t instead of u32bit for small | lloyd | 2011-02-09 | 5 | -14/+8 |
| | | | | integer values. Update callers. | ||||
* | Fix the ordering of the GOST 34.10 signature values. Add a test | lloyd | 2011-02-07 | 1 | -4/+4 |
| | | | | | | | | | derived from a DNSSEC RFC. Bug reported by Bert Hubert to the mailing list. According to Bert, this ordering is compatible with the version included in OpenSSL. Also, benchmark GOST 34.10 using the GOST 34.11 hash since that is always what it is used with. | ||||
* | Remove friend decl of now dead function | lloyd | 2011-02-07 | 1 | -2/+0 |
| | |||||
* | Avoid cast warnings | lloyd | 2010-11-05 | 1 | -2/+2 |
| | |||||
* | Add a BOTAN_DEPRECATED macro which can provide compile-time | lloyd | 2010-11-02 | 2 | -0/+3 |
| | | | | deprecation warnings (at least for GCC and VC++). Use in some places. | ||||
* | Add new top-level algorithm which provides basic functionality: name | lloyd | 2010-11-01 | 1 | -1/+1 |
| | | | | | | | | query, clearing, and cloning. Applies to ciphers, hashes, MACs, and PBKDFs. May extend to KDFs later as well. A single combined hierarchy in particular will make the algo_factory much simpler. | ||||
* | Make MemoryRegion::set protected, change all callers | lloyd | 2010-10-29 | 1 | -8/+15 |
| | |||||
* | s/u32bit/size_t/ | lloyd | 2010-10-29 | 1 | -1/+1 |
| | |||||
* | Use output_length() instead of OUTPUT_LENGTH pseudo-property | lloyd | 2010-10-13 | 1 | -4/+4 |
| | |||||
* | Use size_t instead of u32bit in all of pubkey | lloyd | 2010-10-12 | 32 | -187/+185 |
| | |||||
* | Tidy | lloyd | 2010-09-30 | 1 | -3/+4 |
| | |||||
* | Use BOTAN_ASSERT in various places | lloyd | 2010-09-26 | 7 | -25/+33 |
| | |||||
* | If we generate a k such that s or r is 0, don't fail, simply retry | lloyd | 2010-09-26 | 1 | -11/+13 |
| | | | | with a new k. | ||||
* | In RSA and RW key generation, if we generate a key that isn't exactly | lloyd | 2010-09-22 | 2 | -11/+12 |
| | | | | | | | the requested bitsize, simply repeat instead of failing immediately. The condition could actually occur in practice if a prime that was on the very low end of the specified range was chosen (eg q happened to be chosen as 10000...001). | ||||
* | Update all uses of MemoryRegion::append to use either push_back or operator+= | lloyd | 2010-09-15 | 2 | -4/+3 |
| | |||||
* | Remove more implicit vector to pointer conversions | lloyd | 2010-09-14 | 1 | -4/+4 |
| | |||||
* | More changes to avoid vector to pointer implicit conversions | lloyd | 2010-09-14 | 2 | -3/+3 |
| | |||||
* | Remove constructors of MemoryVector and SecureVector that took two | lloyd | 2010-09-13 | 1 | -2/+4 |
| | | | | MemoryRegions and concatenated them. | ||||
* | Remove more uses of vector to pointer implicit conversions | lloyd | 2010-09-13 | 3 | -14/+14 |
| | |||||
* | More vector->pointer conversion removals. | lloyd | 2010-09-13 | 1 | -4/+3 |
| | | | | | | | | | | | Add RandomNumberGenerator::random_vec, which takes an length n and returns a new SecureVector with randomized contents of that size. This nicely covers most of the cases where randomize was being called on a vector, and is a little cleaner in the code as well, instead of vec.resize(length); rng.randomize(&vec[0], vec.size()); we just write vec = rng.random_vec(length); | ||||
* | First set of changes for avoiding use implicit vector->pointer conversions | lloyd | 2010-09-13 | 3 | -5/+6 |
| | |||||
* | The changelog for 1.9.4 claimed that the default PKCS #8 encryption | lloyd | 2010-08-13 | 1 | -1/+1 |
| | | | | | | | | | | algorithm had changed to AES-256. This was wrong, it actually changed to AES-128. However in retrospect AES-256 is probably a reasonable move (in particular for the 4 extra rounds; the related key attacks possible against AES-256 are probably not viable since we generate the key using PBKDF2), so update the 1.9.4 changelog to correctly indicate the change made in that release, and also modify PKCS #8 to actually use AES-256. | ||||
* | These functions are internal use only, and don't need to be exported with | lloyd | 2010-06-30 | 3 | -13/+15 |
| | | | | BOTAN_DLL | ||||
* | Doxygen | lloyd | 2010-06-21 | 1 | -0/+12 |
| | |||||
* | Doxygen | lloyd | 2010-06-21 | 1 | -0/+3 |
| | |||||
* | Replace "@return a blah" and "@return the blah" with just "@return blah" | lloyd | 2010-06-16 | 8 | -44/+44 |
| | |||||
* | Require all PK keys implement check_key. Add for ECC keys. | lloyd | 2010-06-16 | 3 | -5/+11 |
| | |||||
* | Doxygen comments | lloyd | 2010-06-16 | 1 | -3/+19 |
| | |||||
* | Use Doxygen deprecation warnings | lloyd | 2010-06-15 | 2 | -4/+9 |
| | |||||
* | More Doxygen updates/fixes | lloyd | 2010-06-15 | 12 | -18/+75 |
| | |||||
* | Fix a few hundred Doxygen warnings | lloyd | 2010-06-15 | 7 | -15/+19 |
| | |||||
* | New BER encoding funcs for PKCS and X.509. Remove Private_Key dep here | lloyd | 2010-06-15 | 6 | -108/+122 |
| | |||||
* | Simplify PKCS8::copy_key | lloyd | 2010-06-15 | 1 | -7/+1 |
| | |||||
* | Some PKCS #8 simplifications | lloyd | 2010-06-14 | 3 | -21/+19 |
| | |||||
* | Add typedefs for the named EME encryptor/decryptor classes so code | lloyd | 2010-06-11 | 1 | -0/+6 |
| | | | | using the 1.8 names continues to work. | ||||
* | If you didn't specify a qbits for the DSA kosherizer, then it would | lloyd | 2010-05-28 | 1 | -19/+20 |
| | | | | | | choose 256 bits unless the pbits was exactly 1024. That would mean you for pbits = 512/768, the FIPS 186-3 size check would fail and it wouldn't work. Pointed out by Rickard Bellgrim. | ||||
* | Expose public_value() in ECDH public key | lloyd | 2010-04-20 | 1 | -3/+10 |
| | |||||
* | In the string constructor of EC_Domain_Params, check if the PEM decoding | lloyd | 2010-04-19 | 2 | -6/+16 |
| | | | | failed. If so, assume the input string was an OID and try that. | ||||
* | Move class decls together | lloyd | 2010-03-21 | 1 | -10/+10 |
| | |||||
* | Move where pk_ops is included, remove rng.h from dl_algo.h | lloyd | 2010-03-21 | 4 | -5/+3 |
| |