propagate from branch 'net.randombit.botan' (head ac888e57b614c623590d79ab615353ad7c76ef68)

            to branch 'net.randombit.botan.c++0x' (head 9bf78ed7e2521a328f6db7acbc1cd81b07718230)

6 files changed, 161 insertions, 15 deletions

diff --git a/doc/examples/ca.cpp b/doc/examples/ca.cpp
index 41dd409d5..9195be418 100644
--- a/doc/examples/ca.cpp
+++ b/doc/examples/ca.cpp
@@ -47,7 +47,7 @@ int main(int argc, char* argv[])
          PKCS8::load_key(arg_ca_key, rng, arg_passphrase)
          );
 
-      X509_CA ca(ca_cert, *privkey);
+      X509_CA ca(ca_cert, *privkey, "SHA-256");
 
       // got a request
       PKCS10_Request req(arg_req_file);
diff --git a/doc/examples/cpuid.cpp b/doc/examples/cpuid.cpp
index 1bdee787c..76438783f 100644
--- a/doc/examples/cpuid.cpp
+++ b/doc/examples/cpuid.cpp
@@ -1,17 +1,28 @@
-#include <stdio.h>
-
+#include <iostream>
 #include <botan/cpuid.h>
 
 using namespace Botan;
 
+void print_if_feature(const std::string& feature_name, bool exists)
+   {
+   if(exists)
+      std::cout << feature_name << '\n';
+   else
+      std::cout << '[' << feature_name << ']' << '\n';
+   }
+
 int main()
    {
-   printf("Cache line size: %d\n", CPUID::cache_line_size());
-   printf("RDTSC: %d\n", CPUID::has_rdtsc());
-   printf("SSE2 %d\n", CPUID::has_sse2());
-   printf("SSSE3 %d\n", CPUID::has_ssse3());
-   printf("SSE41 %d\n", CPUID::has_sse41());
-   printf("SSE42 %d\n", CPUID::has_sse42());
+   std::cout << "Cache line size = " << CPUID::cache_line_size() << "\n";
+
+   print_if_feature("RDTSC", CPUID::has_rdtsc());
+   print_if_feature("SSE2", CPUID::has_sse2());
+   print_if_feature("SSSE3", CPUID::has_ssse3());
+   print_if_feature("SSE4.1", CPUID::has_sse41());
+   print_if_feature("SSE4.2", CPUID::has_sse42());
+
+   print_if_feature("AES-NI", CPUID::has_aes_intel());
+   print_if_feature("AES-VIA", CPUID::has_aes_via());
 
-   printf("AltiVec %d\n", CPUID::has_altivec());
+   print_if_feature("AltiVec", CPUID::has_altivec());
    }
diff --git a/doc/examples/fpe.cpp b/doc/examples/fpe.cpp
new file mode 100644
index 000000000..cc9ee8093
--- /dev/null
+++ b/doc/examples/fpe.cpp
@@ -0,0 +1,134 @@
+/*
+* Encrypt credit cards numbers with valid checksums into other credit
+* card numbers with valid checksums using format preserving encryption.
+*/
+
+#include <botan/fpe.h>
+#include <botan/sha160.h>
+#include <botan/init.h>
+
+using namespace Botan;
+
+#include <iostream>
+#include <stdexcept>
+
+byte luhn_checksum(u64bit cc_number)
+   {
+   byte sum = 0;
+
+   bool alt = false;
+   while(cc_number)
+      {
+      byte digit = cc_number % 10;
+      if(alt)
+         {
+         digit *= 2;
+         if(digit > 9)
+            digit -= 9;
+         }
+
+      sum += digit;
+
+      cc_number /= 10;
+      alt = !alt;
+      }
+
+   return (sum % 10);
+   }
+
+bool luhn_check(u64bit cc_number)
+   {
+   return (luhn_checksum(cc_number) == 0);
+   }
+
+u64bit cc_rank(u64bit cc_number)
+   {
+   // Remove Luhn checksum
+   return cc_number / 10;
+   }
+
+u64bit cc_derank(u64bit cc_number)
+   {
+   for(u32bit i = 0; i != 10; ++i)
+      if(luhn_check(cc_number * 10 + i))
+         return (cc_number * 10 + i);
+   return 0;
+   }
+
+/*
+* Use the SHA-1 hash of the account name or ID as a tweak
+*/
+SecureVector<byte> sha1(const std::string& acct_name)
+   {
+   SHA_160 hash;
+   hash.update(acct_name);
+   return hash.final();
+   }
+
+u64bit encrypt_cc_number(u64bit cc_number,
+                         const SymmetricKey& key,
+                         const std::string& acct_name)
+   {
+   BigInt n = 1000000000000000;
+
+   u64bit cc_ranked = cc_rank(cc_number);
+
+   BigInt c = fpe_encrypt(n, cc_ranked, key, sha1(acct_name));
+
+   if(c.bits() > 50)
+      throw std::runtime_error("FPE produced a number too large");
+
+   u64bit enc_cc = 0;
+   for(u32bit i = 0; i != 7; ++i)
+      enc_cc = (enc_cc << 8) | c.byte_at(6-i);
+   return cc_derank(enc_cc);
+   }
+
+u64bit decrypt_cc_number(u64bit enc_cc,
+                         const SymmetricKey& key,
+                         const std::string& acct_name)
+   {
+   BigInt n = 1000000000000000;
+
+   u64bit cc_ranked = cc_rank(enc_cc);
+
+   BigInt c = fpe_decrypt(n, cc_ranked, key, sha1(acct_name));
+
+   if(c.bits() > 50)
+      throw std::runtime_error("FPE produced a number too large");
+
+   u64bit dec_cc = 0;
+   for(u32bit i = 0; i != 7; ++i)
+      dec_cc = (dec_cc << 8) | c.byte_at(6-i);
+   return cc_derank(dec_cc);
+   }
+
+int main(int argc, char* argv[])
+   {
+   LibraryInitializer init;
+
+   if(argc != 4)
+      {
+      std::cout << "Usage: " << argv[0] << " cc-number acct-name passwd\n";
+      return 1;
+      }
+
+   u64bit cc_number = atoll(argv[1]);
+   std::string acct_name = argv[2];
+   std::string passwd = argv[3];
+
+   std::cout << cc_number << ' ' << luhn_check(cc_number) << '\n';
+
+   SymmetricKey key = sha1(passwd);
+
+   u64bit enc_cc = encrypt_cc_number(cc_number, key, acct_name);
+
+   std::cout << enc_cc << ' ' << luhn_check(enc_cc) << '\n';
+
+   u64bit dec_cc = decrypt_cc_number(enc_cc, key, acct_name);
+
+   std::cout << dec_cc << ' ' << luhn_check(dec_cc) << '\n';
+
+   if(dec_cc != cc_number)
+      std::cout << "Something went wrong :(\n";
+   }
diff --git a/doc/examples/gen_certs.cpp b/doc/examples/gen_certs.cpp
index f635e1ccf..90cb80038 100644
--- a/doc/examples/gen_certs.cpp
+++ b/doc/examples/gen_certs.cpp
@@ -34,7 +34,7 @@ X509_Certificate make_ca_cert(RandomNumberGenerator& rng,
    opts.end = later;
    opts.CA_key();
 
-   return X509::create_self_signed_cert(opts, priv_key, rng);
+   return X509::create_self_signed_cert(opts, priv_key, "SHA-256", rng);
    }
 
 PKCS10_Request make_server_cert_req(const Private_Key& key,
@@ -47,7 +47,7 @@ PKCS10_Request make_server_cert_req(const Private_Key& key,
 
    opts.add_ex_constraint("PKIX.ServerAuth");
 
-   return X509::create_cert_req(opts, key, rng);
+   return X509::create_cert_req(opts, key, "SHA-1", rng);
    }
 
 void save_pair(const std::string& name,
@@ -92,7 +92,7 @@ int main()
 
    save_pair("ca", ca_password, ca_cert, ca_key, rng);
 
-   X509_CA ca(ca_cert, ca_key);
+   X509_CA ca(ca_cert, ca_key, "SHA-256");
 
    RSA_PrivateKey httpd_key(rng, 1536);
    X509_Certificate httpd_cert = ca.sign_request(
diff --git a/doc/examples/pkcs10.cpp b/doc/examples/pkcs10.cpp
index d719baf72..d9fa9accb 100644
--- a/doc/examples/pkcs10.cpp
+++ b/doc/examples/pkcs10.cpp
@@ -59,7 +59,7 @@ int main(int argc, char* argv[])
 
       opts.xmpp = "[email protected]";
 
-      PKCS10_Request req = X509::create_cert_req(opts, priv_key, rng);
+      PKCS10_Request req = X509::create_cert_req(opts, priv_key, "SHA-1", rng);
 
       std::ofstream req_file("req.pem");
       req_file << req.PEM_encode();
diff --git a/doc/examples/self_sig.cpp b/doc/examples/self_sig.cpp
index 0bf17e3bc..93161f7d2 100644
--- a/doc/examples/self_sig.cpp
+++ b/doc/examples/self_sig.cpp
@@ -64,7 +64,8 @@ int main(int argc, char* argv[])
       if(do_CA)
          opts.CA_key();
 
-      X509_Certificate cert = X509::create_self_signed_cert(opts, key, rng);
+      X509_Certificate cert =
+         X509::create_self_signed_cert(opts, key, "SHA-256", rng);
 
       std::ofstream cert_file("cert.pem");
       cert_file << cert.PEM_encode();