aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/crypto
Commit message (Collapse)AuthorAgeFilesLines
* diffie-hellman: Explicitly initialize DH exponent sizes during initializationMartin Willi2014-08-252-8/+36
| | | | | | | | To avoid any race conditions when multiple threads call and initialize diffie_hellman_get_params(), explicitly examine the optimum DH exponent size during library initialization. Fixes #655.
* crypto-factory: Only sort RNGs by algorithm identifierTobias Brunner2014-06-201-5/+13
| | | | | Others remain in the order in which they were added, grouped by algorithm identifier and sorted by benchmarking speed, if provided.
* windows: Check for clock_gettime() function itself as wellMartin Willi2014-06-041-1/+1
| | | | | CLOCK_THREAD_CPUTIME_ID seems to be defined sometimes even if clock_gettime() is missing.
* windows: Add a common Windows header for platform specific wrappersMartin Willi2014-06-031-2/+4
| | | | | Include some more basic system headers in utils.h, so we can use that common header on the different platforms.
* enum: Don't directly include enum.hMartin Willi2014-05-161-1/+1
| | | | | To allow enum.h to depend on utils.h definitions, avoid its direct inclusion. Instead include utils.h, which includes enum.h as well.
* aead: Support custom AEAD salt sizesMartin Willi2014-03-315-13/+32
| | | | | | | | | The salt, or often called implicit nonce, varies between AEAD algorithms and their use in protocols. For IKE and ESP, GCM uses 4 bytes, while CCM uses 3 bytes. With TLS, however, AEAD mode uses 4 bytes for both GCM and CCM. Our GCM backends currently support 4 bytes and CCM 3 bytes only. This is fine until we go for CCM mode support in TLS, which requires 4 byte nonces.
* crypto-tester: Don't fail if key size is not supportedTobias Brunner2014-03-201-6/+3
| | | | | | | | The Blowfish and Twofish implementations provided by the gcrypt plugin only support specific key lengths, which we don't know when testing against vectors (either during unit tests or during algorithm registration). The on_create test with a specific key length will be skipped anyway, so there is no point in treating this failure differently.
* unit-tests: Actually verify registered algorithms against test vectorsTobias Brunner2014-03-201-1/+38
| | | | | | | | Previously, the {ns}.crypto_test.on_add option had to be enabled to actually test the algorithms, which we can't enforce for the tests in the test_runner as the option is already read when the crypto factory is initialized. Even so, we wouldn't want to do this for every unit test, which would be the result of enabling that option.
* lib: All settings use configured namespaceTobias Brunner2014-02-123-8/+8
|
* proposal: Add possibility to register custom proposal keyword parserThomas Egerer2014-01-202-2/+66
| | | | | | | | | If a proposal string cannot be matched to a token using strcmp (e.g. if you want to register a whole class of algorithms containing their ID, like my_alg_2342), you can use the provided function to register a parser that transforms the given string into a proposal token. Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* Prototype implementation of IKE key exchange via NTRU encryptionAndreas Steffen2013-11-273-3/+17
|
* ecc: Added ECC Brainpool ECDH groups as registered with IANAAndreas Steffen2013-10-173-3/+20
|
* Revert refactoring which broke CentOS buildAndreas Steffen2013-10-131-1/+1
|
* iv_gen: Mask sequential IVs with a random saltTobias Brunner2013-10-111-0/+24
| | | | | This makes it harder to attack a HA setup, even if the sequence numbers were not fully in sync.
* iv_gen: Provide external sequence number (IKE, ESP)Tobias Brunner2013-10-113-17/+10
| | | | This prevents duplicate sequential IVs in case of a HA failover.
* iv_gen: aead_t implementations provide an IV generatorTobias Brunner2013-10-112-1/+30
|
* iv_gen: Add IV generator that allocates IVs sequentiallyTobias Brunner2013-10-112-0/+119
|
* iv_gen: Add IV generator that allocates IVs randomlyTobias Brunner2013-10-112-0/+111
| | | | Uses RNG_WEAK as the code currently does elsewhere to allocate IVs.
* crypto: Add generic interface for IV generatorsTobias Brunner2013-10-111-0/+59
|
* apidoc: Move mac_prf to prf Doxygen groupTobias Brunner2013-10-111-1/+1
|
* crypto-factory: Try next available RNG implementation if constructor failsTobias Brunner2013-10-111-13/+6
|
* crypto-factory: Order entries by algorithm identifier and (optionally) speedTobias Brunner2013-10-111-22/+18
|
* Remove HASH_PREFERRED, usages are replaced with HASH_SHA1, which is required ↵Tobias Brunner2013-10-114-18/+10
| | | | for IKEv2 anyway
* pkcs5: Add missing break statements when checking crypto primitivesTobias Brunner2013-07-241-0/+2
|
* Fix various API doc issues and typosTobias Brunner2013-07-181-2/+2
| | | | Partially based on an old patch by Adrian-Ken Rueegsegger.
* crypto-factory: count the number of test vector failures during registrationMartin Willi2013-06-212-30/+73
|
* Added missing string for full-length HMAC-SHA512 signerTobias Brunner2013-06-101-0/+1
|
* Add support for untruncated HMAC-SHA-512Tobias Brunner2013-05-082-1/+9
|
* Also support 128-bit RC2Tobias Brunner2013-05-081-1/+2
|
* Function added to convert a hash algorithm to an HMAC integrity algorithmTobias Brunner2013-05-082-0/+77
|
* Support the PKCS#5/PKCS#12 encryption scheme used by OpenSSL for private keysTobias Brunner2013-05-081-0/+6
|
* Move PKCS#12 key derivation to a separate fileTobias Brunner2013-05-081-145/+11
|
* PKCS#5 wrapper can decrypt PKCS#12-like schemesTobias Brunner2013-05-081-3/+171
|
* Fix cleanup in crypto_tester if a crypter failsTobias Brunner2013-05-081-1/+4
|
* Add implementation of the RC2 block cipher (RFC 2268)Tobias Brunner2013-05-082-4/+16
|
* Extract function to convert ASN.1 INTEGER object to u_int64_tTobias Brunner2013-05-081-23/+3
|
* Extract PKCS#5 handling from pkcs8 plugin to separate helper classTobias Brunner2013-05-082-0/+691
|
* Fix cleanup in crypto_tester if AEAD implementation failsTobias Brunner2013-02-281-1/+4
|
* Fixed some typos, courtesy of codespellTobias Brunner2012-12-201-2/+2
|
* Move PKCS#9 attribute lists to pkcs7 plugin, as we currently use it there onlyMartin Willi2012-12-192-349/+0
|
* Remove unused monolithic PKCS#7 codeMartin Willi2012-12-192-1238/+0
|
* Rebuild PKCS#9 encoding after adding new attributesMartin Willi2012-12-191-0/+3
|
* Don't store additional encoding for each PKCS#9 attributeMartin Willi2012-12-191-13/+15
|
* Unify PKCS#9 set_attribute* methods to a single add_attributeMartin Willi2012-12-193-56/+11
| | | | | This way the PKCS#9 implementation does not have to know the encoding types for values
* PKCS#9 coding style cleanupsMartin Willi2012-12-192-110/+41
|
* Remove external build_encoding method in PKCS#9Martin Willi2012-12-192-9/+5
|
* Moved settings_t to utils folderTobias Brunner2012-10-241-0/+1
|
* Moved debug.[ch] to utils folderTobias Brunner2012-10-245-5/+5
|
* Moved enum_name_t to utils folderTobias Brunner2012-10-241-1/+1
|
* Moved data structures to new collections subfolderTobias Brunner2012-10-246-6/+6
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-29 11:58:47 +0000