aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Add Cilk/OpenMP supportJack Lloyd2016-11-2614-251/+255
|
* Fix OpenSSL RC4 clone - ignored skip paramJack Lloyd2016-11-261-1/+1
|
* Tweak lcov scriptJack Lloyd2016-11-261-6/+9
|
* Add test for various functions previously missed (T::clone, PBKDF::name, ↵Jack Lloyd2016-11-2616-18/+79
| | | | | | | AEAD::output_length) Fix a bug in CCM, GCM, and OCB decryption which caused `output_length(tag_size())` to fail even though empty plaintexts are certainly defined for all three modes.
* Add script for running lcov reportJack Lloyd2016-11-262-1/+11
| | | | | | | | | Add configure.py option --with-coverage-info which enables coverage but does not disable optimizations. Changes the scripts to use --with-coverage-info --no-optimization which is the same behavior as --with-coverage except explicit about what is happening. [ci skip]
* When fuzzing verify/decrypt, choose a new value each time through loopJack Lloyd2016-11-261-8/+2
|
* Avoid recreating PK_Verifiers/PK_Decryptors multiple times in testJack Lloyd2016-11-261-45/+61
| | | | | | | All these tests ran once for each signing provider, instead of just once with all fixed data and then checking on the results of the encrypt/sign operations as needed. Speeds up `ecdsa_sign` by 11x, `rsa_encrypt` by 8x on my machine!
* Merge GH #739 Update docs and BSI policyJack Lloyd2016-11-261-0/+1
|\
| * Updates docs & module policyMatthias Gierlings2016-11-261-0/+1
| | | | | | | | | | | | - Added GMAC to list of supported MAC algorithms in readme.rst - Updated module policy to prevent CI crash - Added myself to credits.rst
* | Merge GH #718 Add XMSS WOTS schemeJack Lloyd2016-11-2616-43/+563
|\ \ | |/ |/|
| * Adds changes from XMSS Review & resolves conflictsMatthias Gierlings2016-11-1210-120/+32
| |
| * Adds optional XMSS WOTS stand-alone componentsMatthias Gierlings2016-11-1214-12/+566
| | | | | | | | | | | | | | | | | | | | | | The main XMSS implementation does not expose stand-alone access to XMSS Winternitz One Time Signatures through the Botan::PK_Ops interfaces. XMSS WOTS is used by XMSS internally though. This PR implements a possible XMSS WOTS interface for stand-alone use. XMSS WOTS is tested through the XMSS tests, therefore there are no dedicated XMSS WOTS test vectors and test bench components implemented in this PR.
| * Added Extended Hash-Based Signatures (XMSS)Matthias Gierlings2016-11-126-3/+57
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [1] XMSS: Extended Hash-Based Signatures, draft-itrf-cfrg-xmss-hash-based-signatures-06 Release: July 2016. https://datatracker.ietf.org/doc/ draft-irtf-cfrg-xmss-hash-based-signatures/?include_text=1 Provides XMSS_PublicKey and XMSS_PrivateKey classes as well as implementations for the Botan interfaces PK_Ops::Signature and PK_Ops::Verification. XMSS has been integrated into the Botan test bench, signature generation and verification can be tested independently by invoking "botan-test xmss_sign" and "botan-test xmss_verify" - Some headers that are not required to be exposed to users of the library have to be declared as public in `info.txt`. Declaring those headers private will cause the amalgamation build to fail. The following headers have been declared public inside `info.txt`, even though they are only intended for internal use: * atomic.h * xmss_hash.h * xmss_index_registry.h * xmss_address.h * xmss_common_ops.h * xmss_tools.h * xmss_wots_parameters.h * xmss_wots_privatekey.h * xmss_wots_publickey.h - XMSS_Verification_Operation Requires the "randomness" parameter out of the XMSS signature. "Randomness" is part of the prefix that is hashed *before* the message. Since the signature is unknown till sign() is called, all message content has to be buffered. For large messages this can be inconvenient or impossible. **Possible solution**: Change PK_Ops::Verification interface to take the signature as constructor argument, and provide a setter method to be able to update reuse the instance on multiple signatures. Make sign a parameterless member call. This solution requires interface changes in botan. **Suggested workaround** for signing large messages is to not sign the message itself, but to precompute the message hash manually using Botan::HashFunctio and sign the message hash instead of the message itself. - Some of the available test vectors for the XMSS signature verification have been commented out in order to reduce testbench runtime.
* | Merge GH #653 OCSP and X.509 path validation refactorJack Lloyd2016-11-2548-599/+1850
|\ \ | | | | | | | | | | | | | | | Splits up path validation into several sub-functions for easier testing and creating customized validation code. Much improved OCSP handling and OCSP tests.
| * | Account for new string in test dataJack Lloyd2016-11-251-2/+2
| | |
| * | Fix TLS tests wrt validation changesJack Lloyd2016-11-252-14/+27
| | | | | | | | | | | | Create empty CRLs so that revocation information is available.
| * | Add missing Doxygen param [ci skip]Jack Lloyd2016-11-251-0/+2
| | |
| * | Add a test for to_string(Certificate_Status_Code)Jack Lloyd2016-11-252-5/+69
| | |
| * | Add minimum_signature_strenght to Text_PolicyJack Lloyd2016-11-252-3/+9
| | | | | | | | | | | | Also (unrelated) enable CECPQ1 in Strict_Policy
| * | Add TLS::Policy::minimum_signature_strengthJack Lloyd2016-11-257-7/+28
| | | | | | | | | | | | | | | | | | Changes TLS callback API for cert verify to accept Policy& Sets default signature strength to 110 to force RSA ~2048.
| * | Address review comments from @cordneyJack Lloyd2016-11-256-114/+250
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Primarily doc updates but also expose some more logic in PKIX namespace, overall_status and merge_revocation_status. This allows calling more or less all of the logic used by the monolitic x509_path_validate in any way needed by an application. Add Certificate_Store_In_Memory::add_crl variant taking shared_ptr Add optional Certificate_Store_In_Memory* pointer to check_crl_online, valid CRLs are saved there.
| * | Fix popping empty container if no revocation data availableJack Lloyd2016-11-231-2/+2
| | |
| * | Add macro signalling support for online revocation checks.Jack Lloyd2016-11-233-3/+11
| | |
| * | Windows fixJack Lloyd2016-11-231-1/+1
| | |
| * | Better OCSP tests including online testsJack Lloyd2016-11-2312-11/+218
| | | | | | | | | | | | Tests touching network are gated by --run-online-tests flag.
| * | MSVC doesnt support #warningJack Lloyd2016-11-231-1/+1
| | |
| * | Add some simple OCSP testsJack Lloyd2016-11-237-0/+168
| | | | | | | | | | | | | | | | | | Nothing much but better than nothing. Also add a useful arg check to OCSP::Request constructor.
| * | Consult the response for matching certs also, fixes Symantec OCSPJack Lloyd2016-11-231-2/+20
| | |
| * | Report OCSP status in tls_clientJack Lloyd2016-11-231-0/+7
| | |
| * | Add the documented function for OCSP timeoutsJack Lloyd2016-11-232-3/+10
| | |
| * | Move TLS cert verification callback from Credentials_Manager to TLS::CallbacksJack Lloyd2016-11-2310-111/+136
| | | | | | | | | | | | | | | | | | It is the only function in C_M which is called on to process session-specific (and adversarially provided) inputs, rather than passively returning some credential which is typically not session specific.
| * | Add useful debugging output to path validation testJack Lloyd2016-11-231-1/+1
| | |
| * | Refactor X.509 path validationJack Lloyd2016-11-238-359/+748
| | | | | | | | | | | | | | | | | | | | | | | | | | | Splits path building, path validation, CRL checks, and OCSP checks into distinct functions in namespace PKIX. The previous path validation APIs remain. Fixes to OCSP to store more information and to handle modern OCSP setups in at least some situations.
| * | Add find_cert_by_pubkey_sha1 to Certificate_Store_In_MemoryJack Lloyd2016-11-234-55/+64
| | |
| * | Add X509_Certificate helper functions for OCSPJack Lloyd2016-11-232-4/+43
| | | | | | | | | | | | | | | Using the SHA-1 of the public key to identify the signing cert is hardcoded in OCSP and unlikely to change.
| * | Explicitly number all Certificate_Status_Code enum valuesJack Lloyd2016-11-232-25/+146
| | | | | | | | | | | | Add a to_string function for this type.
| * | Somewhat better errors in HTTPJack Lloyd2016-11-231-5/+9
| | |
| * | Add final_stdvecJack Lloyd2016-11-231-0/+7
| | | | | | | | | | | | Horrible name, useful function
* | | Correct XMSS crash when a hash was disabledJack Lloyd2016-11-254-12/+20
| | | | | | | | | | | | Require SHA-256 in XMSS since that is mandatory for the index registry.
* | | Easy testJack Lloyd2016-11-251-0/+1
| | |
* | | Make XMSS more friendly about invalid params.Jack Lloyd2016-11-257-35/+70
| | | | | | | | | | | | | | | | | | Previously just throw an exception from map.at Add an XMSS keygen test, and add default params for create_private_key
* | | Add a couple more workfactor testsJack Lloyd2016-11-251-0/+6
| | | | | | | | | | | | [ci skip]
* | | Add a test of TLS::Alert::type_stringJack Lloyd2016-11-251-5/+61
| | |
* | | Simplify TLS::Ciphersuite::cbc_ciphersuiteJack Lloyd2016-11-251-3/+1
| | | | | | | | | | | | With RC4 removed, anything that is not AEAD is CBC
* | | Simplify TLS::Handshake_Hash::updateJack Lloyd2016-11-251-9/+5
| | | | | | | | | | | | The lambda here wasn't really required.
* | | Merge GH #737 Remove dead stores in SSE2 ChaCha codeJack Lloyd2016-11-251-6/+3
|\ \ \
| * | | Fix dead stores in chacha_sse2_x4Never2016-11-251-6/+3
| | | |
* | | | Avoid unneeded code - previous conditionals handle these casesJack Lloyd2016-11-251-8/+0
| | | |
* | | | Merge GH #736 Add SHAKE support to XMSSJack Lloyd2016-11-257-102/+222
|\ \ \ \
| * | | | Adds SHAKE support for XMSSMatthias Gierlings2016-11-257-102/+222
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | - Enables code for shake support - Creating SHAKE hash function by name now allows to select output size of 256 Bit for SHAKE128 and 512 Bit for SHAKE256. - Adds *self-generated*, unverified test vectors for XMSS/SHAKE.