Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Added support of EdDSA signatures | Andreas Steffen | 2016-12-14 | 2 | -3/+31 |
| | |||||
* | proposal: Add a curve25519 proposal keyword | Martin Willi | 2016-11-14 | 1 | -0/+1 |
| | |||||
* | diffie-hellman: Add DH group identifiers for Curve25519 and Curve448 | Martin Willi | 2016-11-14 | 2 | -3/+14 |
| | |||||
* | gmp: Support of SHA-3 RSA signatures | Andreas Steffen | 2016-09-22 | 1 | -5/+22 |
| | |||||
* | mgf1: Refactored MGF1 as an XOF | Andreas Steffen | 2016-09-21 | 8 | -490/+294 |
| | |||||
* | proposal: Use proper list to get function pointer when adding custom parser | Thomas Egerer | 2016-08-29 | 1 | -1/+1 |
| | | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com> | ||||
* | Created newhope plugin implementing the New Hope key exchange algorithm | Andreas Steffen | 2016-08-10 | 3 | -1/+6 |
| | |||||
* | xof: Added ChaCha20 stream as XOF | Andreas Steffen | 2016-08-06 | 2 | -2/+5 |
| | |||||
* | xof: Defined Extended Output Functions | Andreas Steffen | 2016-07-29 | 8 | -5/+476 |
| | |||||
* | proposal: Parse modpnone as MODP_NONE(0) | Tobias Brunner | 2016-06-17 | 1 | -0/+1 |
| | |||||
* | crypto-factory: Stop after successfully creating one nonce generator | Tobias Brunner | 2016-06-17 | 1 | -0/+4 |
| | | | | Fixes: e2fc09c186c3 ("Add nonce generator interface") | ||||
* | proposal: Use standard integer types for static keywords | Tobias Brunner | 2016-03-31 | 1 | -2/+2 |
| | |||||
* | Use standard unsigned integer types | Andreas Steffen | 2016-03-24 | 19 | -50/+50 |
| | |||||
* | iv-gen: Use NULL IV generator for NULL encryption | Tobias Brunner | 2015-11-09 | 1 | -0/+5 |
| | | | | | | | | | | | | We don't need an IV for NULL encryption, so we wouldn't technically need an IV generator. But some of the code currently relies on an IV generator to be present. So we don't have to change that code and handle IV size == 0 specially we use the new NULL IV generator, which handles this transparently to the existing code. Before 3c81cb6fc322 ("aead: Create AEAD using traditional transforms with an explicit IV generator") iv_gen_rand_t was used for NULL encryption, which would work too but this way it's clearer. | ||||
* | crypto: Add NULL IV generator | Tobias Brunner | 2015-11-09 | 2 | -0/+95 |
| | | | | | This does not actually allocate an IV and only accepts requests for size == 0. | ||||
* | testing: Updated hasher tests | Andreas Steffen | 2015-11-06 | 1 | -4/+8 |
| | |||||
* | Explicitly mention SHA2 algorithm in BLISS OIDs and signature schemes | Andreas Steffen | 2015-11-06 | 1 | -6/+6 |
| | |||||
* | Support BLISS signatures with SHA-3 hash | Andreas Steffen | 2015-11-03 | 1 | -0/+3 |
| | |||||
* | Defined SHA-3 hashers | Andreas Steffen | 2015-11-03 | 2 | -6/+52 |
| | |||||
* | proposal: Add a chacha20poly1305 proposal keyword | Martin Willi | 2015-06-29 | 1 | -0/+1 |
| | |||||
* | crypter: Define a ChaCha20/Poly1305 AEAD algorithm identifier | Martin Willi | 2015-06-29 | 3 | -3/+7 |
| | |||||
* | ivgen: Allow reusing the same message ID twice in sequential IV gen | Martin Willi | 2015-06-05 | 1 | -7/+25 |
| | | | | | | | | | | | | We use the message ID and fragment number as IV generator. As IKEv2 uses distinct message ID counters for actively and passively initiated exchanges, each IV would be used twice. As we explicitly reject such message IDs since d0ed1079, original-responder initiated exchanges fail with counter mode ciphers. This commit separates IV space in two halves for sequential IVs, and automatically assigns once reused sequence numbers to the second half. Fixes #980. | ||||
* | iv-gen: Fail getting shorter IV values than the used counter size | Martin Willi | 2015-06-01 | 1 | -0/+4 |
| | | | | | While no algorithm actually uses such short IVs, we add a check here to ensure we won't return just the lower bits of the counter. | ||||
* | iv-gen: Ensure external sequential IVs are actually sequential | Martin Willi | 2015-06-01 | 2 | -0/+23 |
| | | | | We allow gaps in IVs, but ensure that an IV is never used more than once. | ||||
* | crypto-factory: Remove obsolete transform testing functions | Martin Willi | 2015-04-15 | 2 | -54/+0 |
| | |||||
* | transform: Add a getter for the enum_names for a specific transform type | Martin Willi | 2015-04-15 | 2 | -0/+40 |
| | |||||
* | crypto-factory: Add enumerator method to support individual transform testing | Martin Willi | 2015-04-15 | 2 | -0/+127 |
| | |||||
* | crypto-tester: Support testing DH groups using DH test vectors | Martin Willi | 2015-04-15 | 3 | -2/+224 |
| | |||||
* | diffie-hellman: Introduce an optional setter for the private value | Martin Willi | 2015-04-15 | 1 | -0/+12 |
| | | | | This allows us to work with deterministic values for testing purposes. | ||||
* | crypto-tester: Use the plugin feature key size to benchmark crypters/aeads | Martin Willi | 2015-04-15 | 3 | -21/+27 |
| | | | | | | We previously didn't pass the key size during algorithm registration, but this resulted in benchmarking with the "default" key size the crypter uses when passing 0 as key size. | ||||
* | utils: Use memeq_const() for all cryptographic purposes | Martin Willi | 2015-04-14 | 1 | -2/+1 |
| | |||||
* | aead: Create AEAD using traditional transforms with an explicit IV generator | Martin Willi | 2015-04-13 | 2 | -3/+4 |
| | | | | | | Real AEADs directly provide a suitable IV generator, but traditional crypters do not. For some (stream) ciphers, we should use sequential IVs, for which we pass an appropriate generator to the AEAD wrapper. | ||||
* | iv-gen: Add a generic constructor to create an IV gen from an algorithm | Martin Willi | 2015-04-13 | 2 | -0/+69 |
| | |||||
* | crypto-tester: Explicitly exclude FIPS-PRF from append mode tests | Martin Willi | 2015-03-28 | 1 | -8/+11 |
| | | | | | This was implicitly done by the seed length check before 58dda5d6, but we now require an explicit check to avoid that unsupported use. | ||||
* | crypto-tester: Test set_key() after a doing a partial append on prf/signers | Martin Willi | 2015-03-27 | 1 | -2/+20 |
| | | | | | While that use is uncommon in real-world use, nonetheless should HMAC set a correct key and reset any underlying hasher. | ||||
* | diffie-hellman: Verify public DH values in backends | Martin Willi | 2015-03-23 | 2 | -1/+82 |
| | |||||
* | diffie-hellman: Add a bool return value to set_other_public_value() | Martin Willi | 2015-03-23 | 1 | -1/+3 |
| | |||||
* | diffie-hellman: Add a bool return value to get_my_public_value() | Martin Willi | 2015-03-23 | 1 | -1/+3 |
| | |||||
* | diffie-hellman: Use bool instead of status_t as get_shared_secret() return value | Martin Willi | 2015-03-23 | 1 | -2/+3 |
| | | | | | While such a change is not unproblematic, keeping status_t makes the API inconsistent once we introduce return values for the public value operations. | ||||
* | hash-algorithm-set: Add class to manage a set of hash algorithms | Tobias Brunner | 2015-03-04 | 2 | -0/+189 |
| | |||||
* | hasher: Add helper to determine hash algorithm from signature scheme | Tobias Brunner | 2015-03-04 | 2 | -0/+44 |
| | |||||
* | hasher: Add filter function for algorithms permitted by RFC 7427 | Tobias Brunner | 2015-03-04 | 2 | -0/+30 |
| | |||||
* | hasher: Redefine hash algorithms to match values defined by RFC 7427 | Tobias Brunner | 2015-03-04 | 2 | -27/+29 |
| | | | | Other algorithms are defined in private use range. | ||||
* | Allow SHA256 and SHA384 data hash for BLISS signatures. | Andreas Steffen | 2015-02-26 | 1 | -0/+4 |
| | | | | | The default is SHA512 since this hash function is also used for the c_indices random oracle. | ||||
* | Fixed bad bit shift and sign extension errors | Andreas Steffen | 2014-12-23 | 1 | -6/+20 |
| | |||||
* | crypto: Define MODP_CUSTOM outside of IKE DH range | Tobias Brunner | 2014-12-23 | 2 | -7/+10 |
| | | | | | | | | | Before this fix it was possible to crash charon with an IKE_SA_INIT message containing a KE payload with DH group MODP_CUSTOM(1025). Defining MODP_CUSTOM outside of the two byte IKE DH identifier range prevents it from getting negotiated. Fixes CVE-2014-9221. | ||||
* | mgf1: Use correct Doxygen groups | Tobias Brunner | 2014-12-15 | 2 | -4/+4 |
| | |||||
* | Fixed some typos, courtesy of codespell | Tobias Brunner | 2014-12-15 | 1 | -2/+2 |
| | |||||
* | pkcs5: Add support for PBES2 encryption schemes other than 3DES | Tobias Brunner | 2014-12-05 | 1 | -8/+24 |
| | | | | | | | | This allows using e.g. AES for PKCS#8 and PKCS#12 files. Some legacy schemes defined in RFC 2898 are not supported (like RC2). Fixes #740. | ||||
* | asn1: Add OID for Blowfish CBC | Tobias Brunner | 2014-12-05 | 1 | -0/+7 |
| | | | | | | | | The OID (1.3.6.1.4.1.3029.1.2) is technically not correct, the correct one is (1.3.6.1.4.1.3029.1.1.2). Every other library or tool (like OpenSSL) uses the incorrect one so we do the same. References #740. |