| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
AEAD::output_length)
Fix a bug in CCM, GCM, and OCB decryption which caused `output_length(tag_size())`
to fail even though empty plaintexts are certainly defined for all three modes.
|
|
|
|
|
|
|
|
|
| |
Add configure.py option --with-coverage-info which enables coverage but
does not disable optimizations. Changes the scripts to use
--with-coverage-info --no-optimization which is the same behavior as
--with-coverage except explicit about what is happening.
[ci skip]
|
| |
|
|
|
|
|
|
|
| |
All these tests ran once for each signing provider, instead of just once
with all fixed data and then checking on the results of the encrypt/sign
operations as needed. Speeds up `ecdsa_sign` by 11x, `rsa_encrypt` by 8x
on my machine!
|
|\ |
|
| |
| |
| |
| |
| |
| | |
- Added GMAC to list of supported MAC algorithms in readme.rst
- Updated module policy to prevent CI crash
- Added myself to credits.rst
|
|\ \
| |/
|/| |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The main XMSS implementation does not expose stand-alone access to XMSS
Winternitz One Time Signatures through the Botan::PK_Ops interfaces.
XMSS WOTS is used by XMSS internally though. This PR implements a
possible XMSS WOTS interface for stand-alone use.
XMSS WOTS is tested through the XMSS tests, therefore there are no
dedicated XMSS WOTS test vectors and test bench components implemented
in this PR.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[1] XMSS: Extended Hash-Based Signatures,
draft-itrf-cfrg-xmss-hash-based-signatures-06
Release: July 2016.
https://datatracker.ietf.org/doc/
draft-irtf-cfrg-xmss-hash-based-signatures/?include_text=1
Provides XMSS_PublicKey and XMSS_PrivateKey classes as well as implementations
for the Botan interfaces PK_Ops::Signature and PK_Ops::Verification. XMSS has
been integrated into the Botan test bench, signature generation and verification
can be tested independently by invoking "botan-test xmss_sign" and
"botan-test xmss_verify"
- Some headers that are not required to be exposed to users of the library have
to be declared as public in `info.txt`. Declaring those headers private will
cause the amalgamation build to fail. The following headers have been
declared public inside `info.txt`, even though they are only intended for
internal use:
* atomic.h
* xmss_hash.h
* xmss_index_registry.h
* xmss_address.h
* xmss_common_ops.h
* xmss_tools.h
* xmss_wots_parameters.h
* xmss_wots_privatekey.h
* xmss_wots_publickey.h
- XMSS_Verification_Operation Requires the "randomness" parameter out of the
XMSS signature. "Randomness" is part of the prefix that is hashed *before*
the message. Since the signature is unknown till sign() is called, all
message content has to be buffered. For large messages this can be
inconvenient or impossible.
**Possible solution**: Change PK_Ops::Verification interface to take
the signature as constructor argument, and provide a setter method to be able
to update reuse the instance on multiple signatures. Make sign a parameterless
member call. This solution requires interface changes in botan.
**Suggested workaround** for signing large messages is to not sign the message
itself, but to precompute the message hash manually using Botan::HashFunctio
and sign the message hash instead of the message itself.
- Some of the available test vectors for the XMSS signature verification have
been commented out in order to reduce testbench runtime.
|
|\ \
| | |
| | |
| | |
| | |
| | | |
Splits up path validation into several sub-functions for easier testing
and creating customized validation code. Much improved OCSP handling
and OCSP tests.
|
| | | |
|
| | |
| | |
| | |
| | | |
Create empty CRLs so that revocation information is available.
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | | |
Also (unrelated) enable CECPQ1 in Strict_Policy
|
| | |
| | |
| | |
| | |
| | |
| | | |
Changes TLS callback API for cert verify to accept Policy&
Sets default signature strength to 110 to force RSA ~2048.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Primarily doc updates but also expose some more logic in PKIX namespace,
overall_status and merge_revocation_status. This allows calling more or less all
of the logic used by the monolitic x509_path_validate in any way needed by an
application.
Add Certificate_Store_In_Memory::add_crl variant taking shared_ptr
Add optional Certificate_Store_In_Memory* pointer to check_crl_online,
valid CRLs are saved there.
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | | |
Tests touching network are gated by --run-online-tests flag.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
Nothing much but better than nothing.
Also add a useful arg check to OCSP::Request constructor.
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
It is the only function in C_M which is called on to process session-specific
(and adversarially provided) inputs, rather than passively returning some credential
which is typically not session specific.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Splits path building, path validation, CRL checks, and OCSP checks
into distinct functions in namespace PKIX. The previous path validation
APIs remain.
Fixes to OCSP to store more information and to handle modern OCSP setups
in at least some situations.
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
Using the SHA-1 of the public key to identify the signing cert is
hardcoded in OCSP and unlikely to change.
|
| | |
| | |
| | |
| | | |
Add a to_string function for this type.
|
| | | |
|
| | |
| | |
| | |
| | | |
Horrible name, useful function
|
| | |
| | |
| | |
| | | |
Require SHA-256 in XMSS since that is mandatory for the index registry.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
Previously just throw an exception from map.at
Add an XMSS keygen test, and add default params for create_private_key
|
| | |
| | |
| | |
| | | |
[ci skip]
|
| | | |
|
| | |
| | |
| | |
| | | |
With RC4 removed, anything that is not AEAD is CBC
|
| | |
| | |
| | |
| | | |
The lambda here wasn't really required.
|
|\ \ \ |
|
| | | | |
|
| | | | |
|
|\ \ \ \ |
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- Enables code for shake support
- Creating SHAKE hash function by name now allows to select output size
of 256 Bit for SHAKE128 and 512 Bit for SHAKE256.
- Adds *self-generated*, unverified test vectors for XMSS/SHAKE.
|