| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
See also #1526
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
Turns out astyle has some bugs wrt C++11 initialize lists. Rather
than having astyle mangle all of the tests, convert to using a string
which is split once at the start instead of a vector of keys.
|
|
|
|
|
|
| |
Renames a couple of functions for somewhat better name consistency,
eg make_u32bit becomes make_uint32. The old typedefs remain for now
since probably lots of application code uses them.
|
| |
|
|
|
|
|
|
|
|
| |
Instead the key types exposes operations like `create_encryption_op`
which will return the relevant operation if the algorithm supports it.
Changes pubkey.h interface, now RNG is passed at init time.
Blinder previous created its own RNG, now it takes it from app.
|
|
|
|
|
| |
Use the group name instead of repeating 2048 bit prime N times.
Split up reporting by cipher type.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With these fixes the implementation is now compatible with bouncycastle and it should operate
as it is specified in "DHIES: An encryption scheme based on Diffie-Hellman Problem" or in BSI
technical guideline TR-02102-1.
In addition to the already present XOR-encrypion/decryption mode it's now possible to use DLIES with a block cipher.
Previously the input to the KDF was the concatenation of the (ephemeral) public key
and the secret value derived by the key agreement operation:
```
secure_vector<byte> vz(m_my_key.begin(), m_my_key.end());
vz += m_ka.derive_key(0, m_other_key).bits_of();
const size_t K_LENGTH = length + m_mac_keylen;
secure_vector<byte> K = m_kdf->derive_key(K_LENGTH, vz);
```
I don't know why this was implemented like this. But now the input to the KDF is only the secret value obtained by the key agreement operation.
Furthermore the order of the output was changed from {public key, tag, ciphertext} to {public key, ciphertext, tag}.
Multiple test vectors added that were generated with bouncycastle and some with botan itself.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A module policy is a file specifying three types of modules: ones which
are required, ones which are prohibited, and ones which should be used
if otherwise available (this is mostly for platform specific modules).
Finally there are whatever modules which exist in the library of which
the policy makes no mention. These will be included if an explicit
dependency of some other module pulls them in (so there is no reason
to mention base, utils, ... in the file) but skipped otherwise.
For example policy 'sane' does not mention 'utils' or 'twofish' either
way. Since utils is a dependency of other modules which are included,
but Twofish does not. However unlike an explicitly prohibited module,
not mentioned can still be requested as part of the build (here with
--enable-module=twofish)
Also fixes some test bugs noticed by compiling in different build
configs. DLIES test didn't check that the KDF and MAC existed. Adds a
typedef for MessageAuthenticationCode because typing it twice in a
single line in the DLIES test made me think it's way too long. :) Also
fix some fuzzer build problems. Due to a copy and paste bug the PKCS
certificate (it was not).
Inspired by GH #439
|
|
|
|
|
|
|
| |
Understand using '-' on the command line to mean stdin
Fix last few unit tests that wanted to write to the filesystem; removes
outdata directory.
|
|
|
|
|
|
|
|
|
|
|
| |
The tests previously had used 4 to 6 different schemes internally (the vec file
reader framework, Catch, the old InSiTo Boost.Test tests, the PK/BigInt tests
which escaped the rewrite in 1.11.7, plus a number of one-offs). Converge on a
design that works everywhere, and update all the things.
Fix also a few bugs found by the test changes: SHA-512-256 name incorrect,
OpenSSL RC4 name incorrect, signature of FFI function botan_pubkey_destroy
was wrong.
|
| |
|
| |
|
| |
|
|
|
|
| |
Fixes #146.
|
|
|
|
|
| |
Update license header line to specify the terms and refer to the file,
neither of which it included before.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add `website` target to makefile.
Some progress towards fixing minimized builds.
TLS now hard requires ECDSA and GCM since otherwise a minimized build
has only insecure options.
Remove boost_thread dependency in command line tool
|
| |
|
|
|