diff options
author | lloyd <lloyd@randombit.net> | 2009-11-16 17:32:58 +0000 |
---|---|---|
committer | lloyd <lloyd@randombit.net> | 2009-11-16 17:32:58 +0000 |
commit | ba4520c3657ef4b031119685166d85446ef7c1ce (patch) | |
tree | 8d4d2ac5f5ca63f4a2d4e66a8110701ec2546eb5 | |
parent | b4b6bc090035e2cd0e4354fcb17de8f6d0babb6d (diff) | |
parent | 462eb27580d5ca690943a53ed78a5399b038ae46 (diff) |
propagate from branch 'net.randombit.botan' (head 8cecdc1c3dd5853823fabcb816400dd467b3c04a)
to branch 'net.randombit.botan.c++0x' (head 39a585195a07f18628f6216a276402ed92567cc3)
-rwxr-xr-x | configure.py | 5 | ||||
-rw-r--r-- | src/block/serpent_ia32/serp_ia32_imp.S | 2 | ||||
-rw-r--r-- | src/fpe/fpe.cpp | 43 | ||||
-rw-r--r-- | src/fpe/fpe.h | 6 | ||||
-rw-r--r-- | src/hash/md4_ia32/md4_ia32_imp.S | 2 | ||||
-rw-r--r-- | src/hash/md5_ia32/md5_ia32_imp.S | 2 | ||||
-rw-r--r-- | src/hash/sha1_amd64/sha1_amd64_imp.S | 2 | ||||
-rw-r--r-- | src/hash/sha1_ia32/sha1_ia32_imp.S | 2 | ||||
-rw-r--r-- | src/math/bigint/monty_amd64/mp_monty.S | 2 | ||||
-rw-r--r-- | src/math/bigint/mulop_amd64/mp_mulop_amd64.S | 2 | ||||
-rw-r--r-- | src/math/bigint/mulop_ia32/mp_mulop.S | 2 | ||||
-rw-r--r-- | src/utils/asm_amd64/asm_macr_amd64.h (renamed from src/utils/asm_amd64/asm_macr.h) | 0 | ||||
-rw-r--r-- | src/utils/asm_amd64/info.txt | 4 | ||||
-rw-r--r-- | src/utils/asm_ia32/asm_macr_ia32.h (renamed from src/utils/asm_ia32/asm_macr.h) | 0 | ||||
-rw-r--r-- | src/utils/asm_ia32/info.txt | 4 |
15 files changed, 53 insertions, 25 deletions
diff --git a/configure.py b/configure.py index d48396c8a..d888091ee 100755 --- a/configure.py +++ b/configure.py @@ -372,9 +372,10 @@ class ModuleInfo(object): for (dirpath, dirnames, filenames) in os.walk(self.lives_in): if dirpath == self.lives_in: self.add = [filename for filename in filenames - if filename.endswith('.cpp') or + if (filename.endswith('.cpp') or filename.endswith('.h') or - filename.endswith('.S')] + filename.endswith('.S')) + and not filename.startswith('.')] # Coerce to more useful types self.libs = force_to_dict(self.libs) diff --git a/src/block/serpent_ia32/serp_ia32_imp.S b/src/block/serpent_ia32/serp_ia32_imp.S index 5ab630f43..8b4a79937 100644 --- a/src/block/serpent_ia32/serp_ia32_imp.S +++ b/src/block/serpent_ia32/serp_ia32_imp.S @@ -5,7 +5,7 @@ * Distributed under the terms of the Botan license */ -#include <botan/asm_macr.h> +#include <botan/asm_macr_ia32.h> START_LISTING(serp_ia32.S) diff --git a/src/fpe/fpe.cpp b/src/fpe/fpe.cpp index e3be34ef0..86e56625d 100644 --- a/src/fpe/fpe.cpp +++ b/src/fpe/fpe.cpp @@ -1,5 +1,8 @@ /* -* Format Preserving Encryption +* Format Preserving Encryption using the scheme FE1 from the paper +* "Format-Preserving Encryption" by Bellare, Rogaway, et al +* (http://eprint.iacr.org/2009/251) +* * (C) 2009 Jack Lloyd * * Distributed under the terms of the Botan license @@ -12,8 +15,6 @@ #include <botan/loadstor.h> #include <stdexcept> -#include <iostream> - namespace Botan { namespace { @@ -21,32 +22,62 @@ namespace { // Normally FPE is for SSNs, CC#s, etc, nothing too big const u32bit MAX_N_BYTES = 128/8; +/* +* Factor n into a and b which are as close together as possible. +* Assumes n is composed mostly of small factors which is the case for +* typical uses of FPE (typically, n is a power of 10) +* +* Want a >= b since the safe number of rounds is 2+log_a(b); if a >= b +* then this is always 3 +*/ void factor(BigInt n, BigInt& a, BigInt& b) { a = 1; b = 1; + u32bit n_low_zero = low_zero_bits(n); + + a <<= (n_low_zero / 2); + b <<= n_low_zero - (n_low_zero / 2); + n >>= n_low_zero; + for(u32bit i = 0; i != PRIME_TABLE_SIZE; ++i) { while(n % PRIMES[i] == 0) { a *= PRIMES[i]; - std::swap(a, b); + if(a > b) + std::swap(a, b); n /= PRIMES[i]; } } + if(a > b) + std::swap(a, b); a *= n; + if(a < b) + std::swap(a, b); if(a <= 1 || b <= 1) throw std::runtime_error("Could not factor n for use in FPE"); } +/* +* According to a paper by Rogaway, Bellare, etc, the min safe number +* of rounds to use for FPE is 2+log_a(b). If a >= b then log_a(b) <= 1 +* so 3 rounds is safe. The FPE factorization routine should always +* return a >= b, so just confirm that and return 3. +*/ u32bit rounds(const BigInt& a, const BigInt& b) { - return 8; + if(a < b) + throw std::logic_error("FPE rounds: a < b"); + return 3; } +/* +* A simple round function based on HMAC(SHA-256) +*/ class FPE_Encryptor { public: @@ -107,7 +138,6 @@ BigInt FPE_Encryptor::operator()(u32bit round_no, const BigInt& R) /** * Generic Z_n FPE encryption, FE1 scheme -* See http://eprint.iacr.org/2009/251 */ BigInt fpe_encrypt(const BigInt& n, const BigInt& X0, const SymmetricKey& key, @@ -136,7 +166,6 @@ BigInt fpe_encrypt(const BigInt& n, const BigInt& X0, /** * Generic Z_n FPE decryption, FD1 scheme -* See http://eprint.iacr.org/2009/251 */ BigInt fpe_decrypt(const BigInt& n, const BigInt& X0, const SymmetricKey& key, diff --git a/src/fpe/fpe.h b/src/fpe/fpe.h index 677304b1d..fba1652d3 100644 --- a/src/fpe/fpe.h +++ b/src/fpe/fpe.h @@ -13,10 +13,16 @@ namespace Botan { +/* +* Encrypt X from and onto the group Z_n using key and tweak +*/ BigInt fpe_encrypt(const BigInt& n, const BigInt& X, const SymmetricKey& key, const MemoryRegion<byte>& tweak); +/* +* Decrypt X from and onto the group Z_n using key and tweak +*/ BigInt fpe_decrypt(const BigInt& n, const BigInt& X, const SymmetricKey& key, const MemoryRegion<byte>& tweak); diff --git a/src/hash/md4_ia32/md4_ia32_imp.S b/src/hash/md4_ia32/md4_ia32_imp.S index 50f30d9b8..1df972bb9 100644 --- a/src/hash/md4_ia32/md4_ia32_imp.S +++ b/src/hash/md4_ia32/md4_ia32_imp.S @@ -5,7 +5,7 @@ * Distributed under the terms of the Botan license */ -#include <botan/asm_macr.h> +#include <botan/asm_macr_ia32.h> START_LISTING(md4_ia32.S) diff --git a/src/hash/md5_ia32/md5_ia32_imp.S b/src/hash/md5_ia32/md5_ia32_imp.S index bf85a26b6..d1aecb834 100644 --- a/src/hash/md5_ia32/md5_ia32_imp.S +++ b/src/hash/md5_ia32/md5_ia32_imp.S @@ -5,7 +5,7 @@ * Distributed under the terms of the Botan license */ -#include <botan/asm_macr.h> +#include <botan/asm_macr_ia32.h> START_LISTING(md5_ia32.S) diff --git a/src/hash/sha1_amd64/sha1_amd64_imp.S b/src/hash/sha1_amd64/sha1_amd64_imp.S index e648453dc..d45e2fd86 100644 --- a/src/hash/sha1_amd64/sha1_amd64_imp.S +++ b/src/hash/sha1_amd64/sha1_amd64_imp.S @@ -5,7 +5,7 @@ * Distributed under the terms of the Botan license */ -#include <botan/asm_macr.h> +#include <botan/asm_macr_amd64.h> START_LISTING(sha1_amd64.S) diff --git a/src/hash/sha1_ia32/sha1_ia32_imp.S b/src/hash/sha1_ia32/sha1_ia32_imp.S index 3411313c3..3167fce9a 100644 --- a/src/hash/sha1_ia32/sha1_ia32_imp.S +++ b/src/hash/sha1_ia32/sha1_ia32_imp.S @@ -5,7 +5,7 @@ * Distributed under the terms of the Botan license */ -#include <botan/asm_macr.h> +#include <botan/asm_macr_ia32.h> START_LISTING(sha1_ia32.S) diff --git a/src/math/bigint/monty_amd64/mp_monty.S b/src/math/bigint/monty_amd64/mp_monty.S index d5f97601d..fa493aaa2 100644 --- a/src/math/bigint/monty_amd64/mp_monty.S +++ b/src/math/bigint/monty_amd64/mp_monty.S @@ -5,7 +5,7 @@ * Distributed under the terms of the Botan license */ -#include <botan/asm_macr.h> +#include <botan/asm_macr_amd64.h> START_LISTING(mp_monty.S) diff --git a/src/math/bigint/mulop_amd64/mp_mulop_amd64.S b/src/math/bigint/mulop_amd64/mp_mulop_amd64.S index 63ac55e95..dd794bccd 100644 --- a/src/math/bigint/mulop_amd64/mp_mulop_amd64.S +++ b/src/math/bigint/mulop_amd64/mp_mulop_amd64.S @@ -5,7 +5,7 @@ * Distributed under the terms of the Botan license */ -#include <botan/asm_macr.h> +#include <botan/asm_macr_amd64.h> START_LISTING(mp_mulop.S) diff --git a/src/math/bigint/mulop_ia32/mp_mulop.S b/src/math/bigint/mulop_ia32/mp_mulop.S index 988ef573c..0ca559659 100644 --- a/src/math/bigint/mulop_ia32/mp_mulop.S +++ b/src/math/bigint/mulop_ia32/mp_mulop.S @@ -5,7 +5,7 @@ * Distributed under the terms of the Botan license */ -#include <botan/asm_macr.h> +#include <botan/asm_macr_ia32.h> START_LISTING(mp_muladd.S) diff --git a/src/utils/asm_amd64/asm_macr.h b/src/utils/asm_amd64/asm_macr_amd64.h index 287fa3e88..287fa3e88 100644 --- a/src/utils/asm_amd64/asm_macr.h +++ b/src/utils/asm_amd64/asm_macr_amd64.h diff --git a/src/utils/asm_amd64/info.txt b/src/utils/asm_amd64/info.txt index a5588669c..fdfcbcb6a 100644 --- a/src/utils/asm_amd64/info.txt +++ b/src/utils/asm_amd64/info.txt @@ -1,9 +1,5 @@ load_on dep -<add> -asm_macr.h -</add> - <arch> amd64 </arch> diff --git a/src/utils/asm_ia32/asm_macr.h b/src/utils/asm_ia32/asm_macr_ia32.h index 2ea69512b..2ea69512b 100644 --- a/src/utils/asm_ia32/asm_macr.h +++ b/src/utils/asm_ia32/asm_macr_ia32.h diff --git a/src/utils/asm_ia32/info.txt b/src/utils/asm_ia32/info.txt index 63b57e0f8..d19fdd192 100644 --- a/src/utils/asm_ia32/info.txt +++ b/src/utils/asm_ia32/info.txt @@ -1,9 +1,5 @@ load_on dep -<add> -asm_macr.h -</add> - <arch> ia32 </arch> |