| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
| |
alternate implementation for Unix and add some feature checks so a
boost-free build of the tests and command line are possible again.
|
| |
|
|
|
|
| |
higher level functions on interface handling returning a vector.
|
|
|
|
|
|
|
|
|
|
|
|
| |
ctypes Python wrapper that uses it. The API is intentionally designed
to have a very simple ABI (extern "C", all structs are opaque, no
memory ownership passing the FFI boundary, limited set of simple types
as args) so the ctypes wrapper is quite simple.
Currently ffi provides ciphers, hashes, MACs, RNGs, PBKDF, KDF,
bcrypt, and most public key operations.
Remove the old boost.python wrapper and all the build code for it.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Convert all uses of Algorithm_Factory and the engines to using Algo_Registry
The shared pool of entropy sources remains but is moved to EntropySource.
With that and few remaining initializations (default OIDs and aliases)
moved elsewhere, the global state is empty and init and shutdown are no-ops.
Remove almost all of the headers and code for handling the global
state, except LibraryInitializer which remains as a compatability stub.
Update seeding for blinding so only one hacky almost-global RNG
instance needs to be setup instead of across all pubkey uses (it uses
either the system RNG or an AutoSeeded_RNG if the system RNG is not
available).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Transforms and BlockCiphers. Registration for all types is done at
startup but is very cheap as just a std::function and a std::map entry
are created, no actual objects are created until needed. This is a
huge improvement over Algorithm_Factory which used T::clone() as the
function and thus kept a prototype object of each type in memory.
Replace existing lookup mechanisms for ciphers, AEADs, and compression
to use the transform lookup. The existing Engine framework remains in
place for BlockCipher, but the engines now just call to the registry
instead of having hardcoded lookups.
s/Transformation/Transform/ with typedefs for compatability.
Remove lib/selftest code (for runtime selftesting): not the right approach.
|
| |
|
| |
|
|
|
|
|
| |
Update license header line to specify the terms and refer to the file,
neither of which it included before.
|
| |
|
|
|
|
|
| |
Define some new functions for copying out arrays of words and use them
across hashes.
|
| |
|
|
|
|
|
| |
which we distinguish by the nonce size (always 64 bits in this format,
always 96 bits in the CFRG document).
|
|
|
|
| |
draft-irtf-cfrg-chacha20-poly1305-03
|
| |
|
|
|
|
| |
draft-irtf-cfrg-chacha20-poly1305-03
|
| |
|
| |
|
|
|
|
|
|
| |
This uses only the c64 version from curve25519-donna; on systems that
don't have a native uint128_t type, a donna128 type stands in for just
enough 128-bit operations to satisfy donna.cpp
|
|
|
|
|
| |
Drop the GNU MP engine. Its implementations were potentially faster in
some scenarios but not well protected against side channels.
|
|
|
|
|
| |
The test function create_random_point did not actually create a point
on the curve - fix.
|
|
|
|
|
|
|
|
| |
While a CCA2 proof of this scheme exists, it is written in German and
for various reasons publishing a translation would be a complicated
affair. Without a (well studied) English proof it is harder to
understand the security of the overall scheme. Thus only KEM, which
seems much easier to prove, will be offered.
|
| |
|
|
|
|
|
|
|
| |
(https://www.rocq.inria.fr/secret/CBCrypto/index.php?pg=hymes).
The original version is LGPL but cryptsource GmbH has secured
permission to release it under a BSD license. Also includes the
Overbeck CCA2 message encoding scheme.
|
| |
|
|
|
|
|
| |
Roughly 35-50% faster on my laptop (depending on if mlock is enabled,
the overhead in that allocator is becoming much more of a hotspot).
|
| |
|
|
|
|
| |
of overloads in the base class with the same name.
|
| |
|
| |
|
|
|
|
| |
http://crypto.stackexchange.com/questions/784
|
| |
|
| |
|
|
|
|
|
|
| |
to specify a probability as well as if n was randomly chosen or not.
If the input is random use a better bounds to reduce the number of
needed tests.
|
| |
|
|
|
|
|
|
| |
set of error codes, instead of failing immediately on first error.
This prevents a 'weak' error like an expired certificate from hiding a
major error such as signature validation failure or hard revocation.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
against the wrong key, causing any check to fail.
Clean up the NIST X.509 path validation tests and run them by default.
|
| |
|