propagate from branch 'net.randombit.botan' (head ac888e57b614c623590d79ab615353ad7c76ef68)

            to branch 'net.randombit.botan.c++0x' (head 9bf78ed7e2521a328f6db7acbc1cd81b07718230)

8 files changed, 172 insertions, 18 deletions

diff --git a/doc/examples/ca.cpp b/doc/examples/ca.cpp
index 41dd409d5..9195be418 100644
--- a/doc/examples/ca.cpp
+++ b/doc/examples/ca.cpp
@@ -47,7 +47,7 @@ int main(int argc, char* argv[])
          PKCS8::load_key(arg_ca_key, rng, arg_passphrase)
          );
 
-      X509_CA ca(ca_cert, *privkey);
+      X509_CA ca(ca_cert, *privkey, "SHA-256");
 
       // got a request
       PKCS10_Request req(arg_req_file);
diff --git a/doc/examples/cpuid.cpp b/doc/examples/cpuid.cpp
index 1bdee787c..76438783f 100644
--- a/doc/examples/cpuid.cpp
+++ b/doc/examples/cpuid.cpp
@@ -1,17 +1,28 @@
-#include <stdio.h>
-
+#include <iostream>
 #include <botan/cpuid.h>
 
 using namespace Botan;
 
+void print_if_feature(const std::string& feature_name, bool exists)
+   {
+   if(exists)
+      std::cout << feature_name << '\n';
+   else
+      std::cout << '[' << feature_name << ']' << '\n';
+   }
+
 int main()
    {
-   printf("Cache line size: %d\n", CPUID::cache_line_size());
-   printf("RDTSC: %d\n", CPUID::has_rdtsc());
-   printf("SSE2 %d\n", CPUID::has_sse2());
-   printf("SSSE3 %d\n", CPUID::has_ssse3());
-   printf("SSE41 %d\n", CPUID::has_sse41());
-   printf("SSE42 %d\n", CPUID::has_sse42());
+   std::cout << "Cache line size = " << CPUID::cache_line_size() << "\n";
+
+   print_if_feature("RDTSC", CPUID::has_rdtsc());
+   print_if_feature("SSE2", CPUID::has_sse2());
+   print_if_feature("SSSE3", CPUID::has_ssse3());
+   print_if_feature("SSE4.1", CPUID::has_sse41());
+   print_if_feature("SSE4.2", CPUID::has_sse42());
+
+   print_if_feature("AES-NI", CPUID::has_aes_intel());
+   print_if_feature("AES-VIA", CPUID::has_aes_via());
 
-   printf("AltiVec %d\n", CPUID::has_altivec());
+   print_if_feature("AltiVec", CPUID::has_altivec());
    }
diff --git a/doc/examples/fpe.cpp b/doc/examples/fpe.cpp
new file mode 100644
index 000000000..cc9ee8093
--- /dev/null
+++ b/doc/examples/fpe.cpp
@@ -0,0 +1,134 @@
+/*
+* Encrypt credit cards numbers with valid checksums into other credit
+* card numbers with valid checksums using format preserving encryption.
+*/
+
+#include <botan/fpe.h>
+#include <botan/sha160.h>
+#include <botan/init.h>
+
+using namespace Botan;
+
+#include <iostream>
+#include <stdexcept>
+
+byte luhn_checksum(u64bit cc_number)
+   {
+   byte sum = 0;
+
+   bool alt = false;
+   while(cc_number)
+      {
+      byte digit = cc_number % 10;
+      if(alt)
+         {
+         digit *= 2;
+         if(digit > 9)
+            digit -= 9;
+         }
+
+      sum += digit;
+
+      cc_number /= 10;
+      alt = !alt;
+      }
+
+   return (sum % 10);
+   }
+
+bool luhn_check(u64bit cc_number)
+   {
+   return (luhn_checksum(cc_number) == 0);
+   }
+
+u64bit cc_rank(u64bit cc_number)
+   {
+   // Remove Luhn checksum
+   return cc_number / 10;
+   }
+
+u64bit cc_derank(u64bit cc_number)
+   {
+   for(u32bit i = 0; i != 10; ++i)
+      if(luhn_check(cc_number * 10 + i))
+         return (cc_number * 10 + i);
+   return 0;
+   }
+
+/*
+* Use the SHA-1 hash of the account name or ID as a tweak
+*/
+SecureVector<byte> sha1(const std::string& acct_name)
+   {
+   SHA_160 hash;
+   hash.update(acct_name);
+   return hash.final();
+   }
+
+u64bit encrypt_cc_number(u64bit cc_number,
+                         const SymmetricKey& key,
+                         const std::string& acct_name)
+   {
+   BigInt n = 1000000000000000;
+
+   u64bit cc_ranked = cc_rank(cc_number);
+
+   BigInt c = fpe_encrypt(n, cc_ranked, key, sha1(acct_name));
+
+   if(c.bits() > 50)
+      throw std::runtime_error("FPE produced a number too large");
+
+   u64bit enc_cc = 0;
+   for(u32bit i = 0; i != 7; ++i)
+      enc_cc = (enc_cc << 8) | c.byte_at(6-i);
+   return cc_derank(enc_cc);
+   }
+
+u64bit decrypt_cc_number(u64bit enc_cc,
+                         const SymmetricKey& key,
+                         const std::string& acct_name)
+   {
+   BigInt n = 1000000000000000;
+
+   u64bit cc_ranked = cc_rank(enc_cc);
+
+   BigInt c = fpe_decrypt(n, cc_ranked, key, sha1(acct_name));
+
+   if(c.bits() > 50)
+      throw std::runtime_error("FPE produced a number too large");
+
+   u64bit dec_cc = 0;
+   for(u32bit i = 0; i != 7; ++i)
+      dec_cc = (dec_cc << 8) | c.byte_at(6-i);
+   return cc_derank(dec_cc);
+   }
+
+int main(int argc, char* argv[])
+   {
+   LibraryInitializer init;
+
+   if(argc != 4)
+      {
+      std::cout << "Usage: " << argv[0] << " cc-number acct-name passwd\n";
+      return 1;
+      }
+
+   u64bit cc_number = atoll(argv[1]);
+   std::string acct_name = argv[2];
+   std::string passwd = argv[3];
+
+   std::cout << cc_number << ' ' << luhn_check(cc_number) << '\n';
+
+   SymmetricKey key = sha1(passwd);
+
+   u64bit enc_cc = encrypt_cc_number(cc_number, key, acct_name);
+
+   std::cout << enc_cc << ' ' << luhn_check(enc_cc) << '\n';
+
+   u64bit dec_cc = decrypt_cc_number(enc_cc, key, acct_name);
+
+   std::cout << dec_cc << ' ' << luhn_check(dec_cc) << '\n';
+
+   if(dec_cc != cc_number)
+      std::cout << "Something went wrong :(\n";
+   }
diff --git a/doc/examples/gen_certs.cpp b/doc/examples/gen_certs.cpp
index f635e1ccf..90cb80038 100644
--- a/doc/examples/gen_certs.cpp
+++ b/doc/examples/gen_certs.cpp
@@ -34,7 +34,7 @@ X509_Certificate make_ca_cert(RandomNumberGenerator& rng,
    opts.end = later;
    opts.CA_key();
 
-   return X509::create_self_signed_cert(opts, priv_key, rng);
+   return X509::create_self_signed_cert(opts, priv_key, "SHA-256", rng);
    }
 
 PKCS10_Request make_server_cert_req(const Private_Key& key,
@@ -47,7 +47,7 @@ PKCS10_Request make_server_cert_req(const Private_Key& key,
 
    opts.add_ex_constraint("PKIX.ServerAuth");
 
-   return X509::create_cert_req(opts, key, rng);
+   return X509::create_cert_req(opts, key, "SHA-1", rng);
    }
 
 void save_pair(const std::string& name,
@@ -92,7 +92,7 @@ int main()
 
    save_pair("ca", ca_password, ca_cert, ca_key, rng);
 
-   X509_CA ca(ca_cert, ca_key);
+   X509_CA ca(ca_cert, ca_key, "SHA-256");
 
    RSA_PrivateKey httpd_key(rng, 1536);
    X509_Certificate httpd_cert = ca.sign_request(
diff --git a/doc/examples/pkcs10.cpp b/doc/examples/pkcs10.cpp
index d719baf72..d9fa9accb 100644
--- a/doc/examples/pkcs10.cpp
+++ b/doc/examples/pkcs10.cpp
@@ -59,7 +59,7 @@ int main(int argc, char* argv[])
 
       opts.xmpp = "[email protected]";
 
-      PKCS10_Request req = X509::create_cert_req(opts, priv_key, rng);
+      PKCS10_Request req = X509::create_cert_req(opts, priv_key, "SHA-1", rng);
 
       std::ofstream req_file("req.pem");
       req_file << req.PEM_encode();
diff --git a/doc/examples/self_sig.cpp b/doc/examples/self_sig.cpp
index 0bf17e3bc..93161f7d2 100644
--- a/doc/examples/self_sig.cpp
+++ b/doc/examples/self_sig.cpp
@@ -64,7 +64,8 @@ int main(int argc, char* argv[])
       if(do_CA)
          opts.CA_key();
 
-      X509_Certificate cert = X509::create_self_signed_cert(opts, key, rng);
+      X509_Certificate cert =
+         X509::create_self_signed_cert(opts, key, "SHA-256", rng);
 
       std::ofstream cert_file("cert.pem");
       cert_file << cert.PEM_encode();
diff --git a/doc/log.txt b/doc/log.txt
index 97e40db5e..12a28ab1f 100644
--- a/doc/log.txt
+++ b/doc/log.txt
@@ -1,4 +1,11 @@
 
+* 1.9.3-dev, ????-??-??
+ - Add new AES implementation using Intel's AES instruction intrinsics
+ - Add an implementation of format preserving encryption
+ - Allow use of any hash function in X.509 certificate creation
+ - Optimizations for MARS, Skipjack, and AES
+ - Set macros for available SIMD instructions in build.h
+
 * 1.9.2, 2009-11-03
  - Add SIMD version of XTEA
  - Support both SSE2 and AltiVec SIMD for Serpent and XTEA
diff --git a/doc/thanks.txt b/doc/thanks.txt
index caa2fb538..def96a16a 100644
--- a/doc/thanks.txt
+++ b/doc/thanks.txt
@@ -23,9 +23,10 @@ has provided financial assistance to the project.
 Barry Kavanagh of AEP Systems Ltd kindly provided an AEP2000 crypto card and
 drivers, enabling the creation of Botan's AEP engine module.
 
-In addition, the following people have unknowingly contributed help:
+In addition, the following people have unknowingly contributed help
+via public domain code which has been repurposed into the library:
 
-  Dean Gaudet <[email protected]> wrote the SSE2 implementation of SHA-1
+  Dean Gaudet wrote the SSE2 implementation of SHA-1
 
   The implementation of DES is based off a public domain implementation by Phil
   Karn from 1994 (he, in turn, credits Richard Outerbridge and Jim Gillogly).
@@ -42,7 +43,7 @@ In addition, the following people have unknowingly contributed help:
   Some of the hash functions (MD5, SHA-1, etc) use an optimized implementation
   of one of the boolean functions, which was discovered by Colin Plumb.
 
-  The design of Randpool takes some of it's design principles from those
+  The design of Randpool takes some of its design principles from those
   suggested by Eric A. Young in his SSLeay documentation, Peter Gutmann's paper
   "Software Generation of Practically Strong Random Numbers", and the paper
   "Cryptanalytic Attacks on Pseudorandom Number Generators", by Kelsey,