| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
| |
by using the ops.
Add real ECDSA test vectors (two found in ANSI X9.62)
|
|
|
|
| |
might not be later)
|
| |
|
| |
|
|
|
|
|
|
| |
PK_Signing_Key, though for the moment the class remains because there
are a few pieces of code that use it to detect if signatures are
supported, or for passing to functions in look_pk
|
|
|
|
| |
so keep the curve and cofactor in ECDH op by reference instead of value.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
performed. Up until now, each key object (eg DSA_PublicKey or
ECDH_PrivateKey) had two jobs: contain the key material, and know how
to perform any operations on that key. However because of a desire to
support alternative implementations (GNU MP, hardware, whatever),
there was a notion of operations, with the key objects containing an
op that they got via engine rather than actually implementing the
underlying algorithms directly.
Now, represent the operation as an abstract interface (typically
mapping a byte string to a byte string), and pass a plain Public_Key&
or Private_Key& to the engine. The engine does any checks it wants (eg
based on name, typeid, key sizes, etc), and either returns nothing
(I'll pass) or a pointer to a new operation that represents signatures
or encryption or what-have-you using that key.
This means that plain key objects no longer contain operations. This
is a major break with the traditional interface. On the other hand,
using these 'bare' operations without padding, KDFs, etc is 99% of the
time a bad idea anyway (and if you really need them, there are options
so you get the bare op but via the pubkey.h interfaces).
Currently this change is only implemented for DH and ECDH (ie, key
agreement algorithms). Additionally the optional engines (gnump and
openssl) have not been updated. I'll probably wait to touch those
until after I can change them all in one go for all algos.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
(already have them, via Public_Key's virtual destructor)
|
|
|
|
|
| |
problems for Monotone, and anyway it is a reasonable exception to have
around for signalling MAC validation errors, etc.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GOST 34.10 public keys use a funky encoding. There is no standard for
PKCS #8 format private keys, so the obvious choice is to act exactly
the same as ECDSA/ECDH (following the rule of thumb that if you're
going to make up a random non-standard thing, at least try to copy
something that's standard for something else). However the public key
encoding uses a weird scheme for encoding the OID in the algorithm
identifier, which we don't want to use for the PKCS #8 encoding.
Add a new function to Private_Key, pkcs8_algorithm_identifier, which
by default just calls algorithm_identifier(). However
GOST_3410_PrivateKey overrides it, and calls
EC_PublicKey::algorithm_identifier(), basically skipping over the
virtual function hierarchy, so it doesn't pick up the funky format
from the public key's version of algorithm_identifier().
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
ECDSA_PublicKey object anymore.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
keys so far, private keys not changed) that takes an
AlgorithmIdentifier and a MemoryRegion<byte>&. This performs the X.509
decoding. It is not possible anymore to create uninitialized PK
objects.
|
|
|
|
|
|
| |
pubkey; you literally could not compile any pubkey code without it.
Move it up to the pubkey dir, it wasn't at all useful to have it
in its own dir.
|
| |
|
| |
|
|
|
|
|
| |
what x509_encoder()->key_bits() used to return. This is much simpler
than using the explicit encoder objects. Remove X509_Encoder entirely.
|
|
|
|
|
| |
returns the AlgorithmIdentifier representing this scheme (OID + domain
params if any).
|
| |
|
|
|
|
|
| |
reference. Otherwise Visual C++ dies because apparently the Win32 ABI
doesn't know how to pass a __m128i as a function parameter. :/
|
| |
|
| |
|
| |
|
| |
|
| |
|