aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Remove SecureBuffer, which is the fixed-size variant of SecureVector.lloyd2010-03-2363-137/+101
| | | | | | | | | | | | | | Add a second template param to SecureVector which specifies the initial length. Change all callers to be SecureVector instead of SecureBuffer. This can go away in C++0x, once compilers implement N2712 ("Non-static data member initializers"), and we can just write code as SecureVector<byte> P{18}; instead
* Remove reference to no-longer existing function in docslloyd2010-03-221-6/+2
|
* Fix Doxygen comment for grow_tolloyd2010-03-221-4/+6
|
* Move class decls togetherlloyd2010-03-211-10/+10
|
* Move where pk_ops is included, remove rng.h from dl_algo.hlloyd2010-03-214-5/+3
|
* KeyPair::check_key's behavior of throwing an exception upon failure waslloyd2010-03-219-112/+75
| | | | | | | | | | | | | | not useful; in all cases, we immediately caught it and then returned false. Modify as follows: - Create the pubkey objects inside the checking code, so calling code doesn't need to do it. - Return true/false for pass/fail Also add consistency checking for ECDSA keys
* In add_entropy(), additionally poll for 64 bits of system entropylloyd2010-03-191-15/+20
| | | | | | | | | | | | | to mix in with the user input. Check that the prf and extractor are compatible. For the initial PRF key, use all zeros of the appropriate size, and for the initial XTS key, use PRF("Botan HMAC_RNG XTS"). This ensures that only the one fixed key size is ever used with either the prf or extractor objects, allowing you to use, say HMAC(SHA-256)+CMAC(AES-256), or even CMAC(AES-128)+CMAC(AES-128) as the PRFs in the RNG.
* Don't require the AES module; if it's there its there, if it's notlloyd2010-03-192-4/+2
| | | | then you can't use the global PRNG but everything else still works.
* Replace PointGFp::check_invaraints, which would either return silentlylloyd2010-03-196-55/+29
| | | | | | | | | | | or throw an exception, with PointGFp::on_the_curve, which returns a bool. Update callers. This showed several cases where check_invaraints was being called multiple times, for instance when decoding a point with OS2ECP, check_invaraints was called; many callers of OS2ECP would then call check_invaraints again on the same object.
* Add a couple of new helper functions to BER_Decoder:lloyd2010-03-196-46/+42
| | | | | | | | | | decode_and_check takes an expected value; if the decoded value does not match, a Decoding_Error with a specified string is thrown. Useful for checking embedded version codes. decode_octet_string_bigint is for decoding INTEGER values that are stored as OCTET STRINGs. Totally obnoxious and useless, but common especially in the ECC standards.
* More warning flagslloyd2010-03-191-2/+2
|
* A number of changes to primality tests:lloyd2010-03-196-168/+46
| | | | | | | | | | | | | | Use 64 bit nonces in the Miller-Rabin test, instead of 40 bits. Rename check_prime to quick_check_prime and is_prime to check_prime Remove some internal functions which weren't used outside the primality test code, along with the prime products table. For quick checking, instead of doing Miller-Rabin with fixed base 2, do a small number of randomized tests. Always use random bases instead of the first n primes.
* There are some nasty API problems that are caused by having to pass alloyd2010-03-1911-64/+119
| | | | | | | | | | | | | | | | | | | | | | | | PRNG everywhere. The removal of the global PRNG was generated by a desire to remove the global library state entirely. However the real point of this was to remove the use of globally visible _mutable_ state; of the mutable state, the PRNG is probably the least important, and the most useful to share. And it seems unlikely that thread contention would be a major issue in the PRNG. Add back a global PRNG to Library_State. Use lazy initialization, so apps that don't ever use a PRNG don't need a seeding step. Then have AutoSeeded_RNG call that global PRNG. Offer once again RandomNumberGenerator& Library_State::global_rng(); which returns a reference to the global PRNG. This RNG object serializes access to itself with a mutex. Remove the hack known as Blinding::choose_nonce, replace with using the global PRNG to choose a blinding nonce
* Don't call get_eme or get_kdf with name "Raw" (returns NULL); ideallylloyd2010-03-191-3/+3
| | | | | | would like to replace these functions with generic engine code instead of hardcoded lookup, and NULL return value would be impossible to disambiguate.
* Initialize m_pk to null in constructorlloyd2010-03-171-0/+2
|
* The logic PointGFp::operator*= was basically doinglloyd2010-03-162-29/+31
| | | | | | | | | *this = scalar * *this; And operator* was doing a needless copy. Instead make operator* a real multiplication operation, define *= in terms of it.
* Shuffle functions for easier readinglloyd2010-03-162-74/+75
|
* Disable VC++ 4275 entirely; it also causes warnings when building thelloyd2010-03-161-2/+2
| | | | test app...
* Fix include. <botan/mp_core.h> was picking up the system installed version,lloyd2010-03-161-1/+1
| | | | which happened to be compatible enough to work.
* Add a couple of verification tests for GOST 34.10lloyd2010-03-161-3/+16
| | | | | | | | | | | Generating the test vectors found yet another inane (and, of course, undocumented) behavior in the GOST implementation included in OpenSSL; it treats the hash inputs as little endian. Just out of curiousity, I checked RFC 5832, which supposedly specifies this algorithm; not a peep about endian conversions. The more I deal with standards coming out of the CryptoPro people, the less confidence I have in them.
* Add a special handler for the case of doing a subtraction as in:lloyd2010-03-167-391/+470
| | | | | | | | x -= y; where abs(x) < abs(y). This change alone increases ECDSA performance by 5 to 15%
* Name other params. Remove decls of functions that don't existlloyd2010-03-151-14/+36
|
* Name paramslloyd2010-03-151-16/+25
|
* Various microoptimizations, 5-12% improvementlloyd2010-03-151-8/+15
|
* Use a 4-bit wide window for point multiplicationlloyd2010-03-151-14/+21
|
* Rewrite point mult to make larger windows easierlloyd2010-03-151-7/+14
|
* Strength reduce on multiplies in PointGFplloyd2010-03-151-4/+5
|
* Cache memory used for operations in pointlloyd2010-03-151-16/+18
|
* Modify to allow better memory cachinglloyd2010-03-152-21/+52
|
* Cache p.sig_words() in curve objectlloyd2010-03-153-27/+68
| | | | Avoid using Barett reduction in core operations; seems to help perf.
* Use bigint_{mul,sqr} in PointGFp monty opslloyd2010-03-152-9/+8
|
* Remove unneeded includeslloyd2010-03-152-23/+4
|
* If workspace is NULL, skip Karatsuba mul/sqrlloyd2010-03-151-2/+6
|
* Add PointGFp::monty_sqrlloyd2010-03-152-10/+44
|
* Remove stdio includelloyd2010-03-131-2/+0
|
* Remove iostream/stdio includeslloyd2010-03-131-3/+0
|
* Fix GOST 34.10 pub key loading (uses little endian format, what the fsck?)lloyd2010-03-131-6/+25
|
* Fix GOST, wasn't getting found in enginelloyd2010-03-133-7/+7
|
* Use a Modular_Reducer in ECDSA oplloyd2010-03-132-6/+8
|
* At startup, test if lock_mem() at least seems to work. If it doesn't,lloyd2010-03-133-1/+16
| | | | | immediately fall back the the plain malloc-based allocator, which is typically quite a bit faster.
* Cache BigInts as well. Kind of like the old scheme, but created insidelloyd2010-03-132-27/+74
| | | | operator+= and operator*= instead of being class var, so no thread issues.
* Always keep coord_{x,y,z} < p, so don't ever have to copy or use reducerlloyd2010-03-131-22/+10
| | | | in monty_mult()
* Save workspace for addition calls inside operator*=lloyd2010-03-132-20/+28
|
* Share workspace among calls to mult2lloyd2010-03-132-10/+9
|
* Cache a workspace; much fasterlloyd2010-03-132-31/+43
|
* Correct Doxygen commentlloyd2010-03-131-3/+3
|
* Small optimizationslloyd2010-03-131-6/+13
| | | | | Especially try to keep the size of inputs down, so it doesn't have to do an extra reduction step. Ideally this should be eliminated entirely.
* Kill stdio includelloyd2010-03-131-2/+0
|
* Unroll point multiply to look at two bits of scalar each iteration.lloyd2010-03-131-2/+24
| | | | Helps out quite a bit.
* Precompute a*rlloyd2010-03-132-2/+9
|