summaryrefslogtreecommitdiffstats
path: root/comm/third_party/botan/src/build-data/policy
diff options
context:
space:
mode:
Diffstat (limited to 'comm/third_party/botan/src/build-data/policy')
-rw-r--r--comm/third_party/botan/src/build-data/policy/bsi.txt188
-rw-r--r--comm/third_party/botan/src/build-data/policy/modern.txt131
-rw-r--r--comm/third_party/botan/src/build-data/policy/nist.txt187
3 files changed, 506 insertions, 0 deletions
diff --git a/comm/third_party/botan/src/build-data/policy/bsi.txt b/comm/third_party/botan/src/build-data/policy/bsi.txt
new file mode 100644
index 0000000000..719afc8368
--- /dev/null
+++ b/comm/third_party/botan/src/build-data/policy/bsi.txt
@@ -0,0 +1,188 @@
+<required>
+# block
+aes
+
+# modes
+ccm
+gcm
+cbc
+mode_pad
+
+# stream
+ctr
+
+# hash
+sha2_32
+sha2_64
+sha3
+
+# mac
+cmac
+hmac
+gmac
+
+# kdf
+kdf1_iso18033
+sp800_108
+sp800_56c
+
+# pk_pad
+eme_oaep
+emsa_pssr
+emsa1
+iso9796
+
+# pubkey
+dlies
+dh
+rsa
+dsa
+ecdsa
+ecgdsa
+ecies
+eckcdsa
+ecdh
+xmss
+
+# rng
+auto_rng
+hmac_drbg
+</required>
+
+<if_available>
+# block
+aes_ni
+aes_vperm
+aes_armv8
+aes_power8
+
+# modes
+ghash_cpu
+ghash_vperm
+
+# hash
+sha2_32_x86
+sha2_32_armv8
+sha2_32_bmi2
+sha2_64_bmi2
+sha3_bmi2
+
+# entropy sources
+dev_random
+proc_walk
+rdseed
+win32_stats
+
+# rng
+processor_rng
+system_rng
+
+# utils
+http_util # needed by x509 for OCSP online checks
+locking_allocator
+simd
+</if_available>
+
+<prohibited>
+# block
+aria
+blowfish
+camellia
+cascade
+cast128
+cast256
+des
+gost_28147
+idea
+idea_sse2
+kasumi
+lion
+misty1
+noekeon
+noekeon_simd
+seed
+serpent
+serpent_simd
+serpent_avx2
+shacal2
+shacal2_x86
+shacal2_simd
+sm4
+threefish_512
+threefish_512_avx2
+twofish
+xtea
+
+# modes
+chacha20poly1305
+eax
+ocb
+siv
+cfb
+
+# stream
+chacha
+chacha_simd32
+chacha_avx2
+ofb
+rc4
+salsa20
+shake_cipher
+
+# kdf
+hkdf
+kdf1
+kdf2
+prf_x942
+sp800_56a
+
+# pubkey
+cecpq1
+curve25519
+ed25519
+elgamal
+gost_3410
+mce
+mceies
+rfc6979
+newhope
+sm2
+
+# pk_pad
+#eme_pkcs1 // needed for tls
+#emsa_pkcs1 // needed for tls
+emsa_raw
+emsa_x931
+
+# hash
+blake2
+comb4p
+gost_3411
+md4
+md5
+rmd160
+shake
+skein
+#sha1 // needed for x509
+sm3
+streebog
+tiger
+whirlpool
+keccak
+
+# rng
+chacha_rng
+
+# mac
+cbc_mac
+poly1305
+siphash
+x919_mac
+
+# misc
+bcrypt
+
+# tls
+tls_10
+
+</prohibited>
diff --git a/comm/third_party/botan/src/build-data/policy/modern.txt b/comm/third_party/botan/src/build-data/policy/modern.txt
new file mode 100644
index 0000000000..ce2b3fd2ab
--- /dev/null
+++ b/comm/third_party/botan/src/build-data/policy/modern.txt
@@ -0,0 +1,131 @@
+<required>
+aes
+serpent
+threefish_512
+chacha
+
+sha2_32
+sha2_64
+blake2
+skein
+keccak
+sha3
+
+gcm
+ocb
+chacha20poly1305
+
+kdf2
+hkdf
+cmac
+hmac
+poly1305
+siphash
+
+pbkdf2
+bcrypt
+
+# required for private key encryption
+pbes2
+
+ed25519
+curve25519
+ecdh
+ecdsa
+rsa
+rfc6979
+
+eme_oaep
+emsa_pssr
+emsa1
+
+auto_rng
+hmac_drbg
+</required>
+
+<if_available>
+ffi
+
+tls
+prf_tls
+newhope
+ed25519
+
+ghash_cpu
+ghash_vperm
+
+locking_allocator
+http_util # needed by x509 for OCSP online checks
+
+aes_ni
+aes_vperm
+aes_armv8
+aes_power8
+serpent_simd
+serpent_avx2
+threefish_512_avx2
+chacha_simd32
+chacha_avx2
+
+sha1_sse2
+sha1_x86
+sha1_armv8
+sha2_32_x86
+sha2_32_armv8
+sha2_32_bmi2
+sha2_64_bmi2
+sha3_bmi2
+
+simd
+
+sessions_sql
+certstor_sql
+
+system_rng
+processor_rng
+
+# entropy sources
+dev_random
+proc_walk
+rdseed
+win32_stats
+</if_available>
+
+<prohibited>
+# Just say no to TLS 1.0
+tls_cbc
+
+cast128
+cast256
+des
+gost_28147
+idea
+idea_sse2
+kasumi
+lion
+misty1
+rc4
+seed
+xtea
+
+cbc_mac
+x919_mac
+
+# MD5 and SHA1 are broken but not prohibited. They are widely in use
+# in non-crypto contexts and are required by TLS currently
+md4
+gost_3411
+
+cfb
+ofb
+
+elgamal
+gost_3410
+
+emsa_x931
+pbkdf1
+prf_x942
+
+passhash9
+cryptobox
+</prohibited>
diff --git a/comm/third_party/botan/src/build-data/policy/nist.txt b/comm/third_party/botan/src/build-data/policy/nist.txt
new file mode 100644
index 0000000000..e4a19b4fea
--- /dev/null
+++ b/comm/third_party/botan/src/build-data/policy/nist.txt
@@ -0,0 +1,187 @@
+<required>
+des
+aes
+
+gcm
+ccm
+ctr
+cbc
+mode_pad
+
+# hash
+sha2_32
+sha2_64
+sha3
+
+# mac
+cmac
+hmac
+gmac
+
+# kdf
+sp800_108
+sp800_56a
+sp800_56c
+
+shake
+
+# pk_pad
+eme_oaep
+emsa_pssr
+emsa1
+
+# pubkey
+dh
+rsa
+dsa
+ecdsa
+ecdh
+
+# rng
+auto_rng
+hmac_drbg
+
+# keywrap
+rfc3394
+</required>
+
+<if_available>
+# block
+aes_ni
+aes_vperm
+aes_armv8
+aes_power8
+
+# hash
+sha2_32_x86
+sha2_32_armv8
+sha2_32_bmi2
+sha2_64_bmi2
+sha3_bmi2
+
+# modes
+ghash_cpu
+ghash_vperm
+
+# hash
+sha2_32_x86
+sha2_32_armv8
+
+# entropy sources
+dev_random
+proc_walk
+rdseed
+win32_stats
+
+# rng
+system_rng
+
+# utils
+http_util # needed by x509 for OCSP online checks
+locking_allocator
+simd
+</if_available>
+
+<prohibited>
+# block
+aria
+blowfish
+camellia
+cascade
+cast128
+cast256
+gost_28147
+idea
+idea_sse2
+kasumi
+lion
+misty1
+noekeon
+noekeon_simd
+seed
+serpent
+serpent_simd
+serpent_avx2
+sm4
+shacal2
+shacal2_x86
+shacal2_simd
+threefish_512
+threefish_512_avx2
+twofish
+xtea
+
+# modes
+chacha20poly1305
+eax
+ocb
+siv
+cfb
+
+# stream
+chacha
+chacha_simd32
+chacha_avx2
+shake_cipher
+ofb
+rc4
+salsa20
+
+# kdf
+hkdf
+kdf1
+kdf2
+prf_x942
+
+# pubkey
+curve25519
+ed25519
+ecgdsa
+eckcdsa
+elgamal
+gost_3410
+mce
+mceies
+rfc6979
+newhope
+cecpq1
+xmss
+sm2
+
+# pk_pad
+#eme_pkcs1 // needed for tls
+#emsa_pkcs1 // needed for tls
+emsa_raw
+emsa_x931
+
+# hash
+blake2
+comb4p
+gost_3411
+md5
+md4
+rmd160
+skein
+#sha1 // needed for x509
+sm3
+streebog
+tiger
+whirlpool
+
+# rng
+chacha_rng
+
+# mac
+cbc_mac
+poly1305
+siphash
+x919_mac
+
+# misc
+bcrypt
+
+# tls
+tls_10
+tls_cbc
+
+</prohibited>
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-21 19:11:51 +0000