aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Update for 1.8.2 release 2009-04-071.8.2lloyd2009-04-082-2/+2
|
* Include <algorithm> in secmem.h for std::swaplloyd2009-04-081-0/+1
|
* Fully expand the linear recurence phi - about twice as fast on my Core2lloyd2009-04-081-77/+80
|
* Expand the first 12 iterations of phi, though more simplification is needed.lloyd2009-04-071-2/+58
|
* Add the GOST 34.11 hash function. Pretty slow, but functional.lloyd2009-04-077-0/+309
|
* Make the member variables of MDx_HashFunction private instead of protected -lloyd2009-04-071-6/+5
| | | | no subclass needs access to any of these variables.
* Avoid calling compress_n in MDx_HashFunction unless at least one block islloyd2009-04-071-1/+2
| | | | going to be compressed - otherwise it's a noop.
* Remove some commented out code in MDx_HashFunction which was used duringlloyd2009-04-072-26/+0
| | | | | the changeover from single block hashing to having each hash support multiple sequential blocks of input.
* Clean up the GOST_2ROUND macro a bit. Put in do/while block so it is alloyd2009-04-072-9/+10
| | | | statement (at least as far as the calling code is concerned)
* s/NYC/Vermont/lloyd2009-04-011-1/+1
|
* Hide the declarations of the GOST sboxes inside the Param constructor sincelloyd2009-04-012-25/+26
| | | | | that is the only code that needs to see them. Record the name in the Param object.
* Add a set of test vectors for GOST 28147-89 using the CryptoPro paramslloyd2009-04-011-0/+32
| | | | commonly used for the GOST 34.11 hash, generated by OpenSSL's GOST code.
* Simplify the XTEA key schedule code - there really is no reason tolloyd2009-03-311-29/+13
| | | | | precompute the deltas when they are just a few additions; removing the additions from the encrypt/decrypt rounds seems enough to me.
* Use the full name for the GOST test vectorslloyd2009-03-311-1/+1
|
* Support different GOST paramters in the lookup interface.lloyd2009-03-311-1/+1
|
* Add support for multiple Sbox parameter sets in the GOST 28147-89 ↵lloyd2009-03-312-17/+71
| | | | | | | | implementation. In addition to the GOST 34.11 test parameters (used in Crypto++ among other things), the GOST 34.11 CryptoPro parameters (used in implementations of the GOST hash function) are now supported.
* Add a new version of SCAN_Name::arg that returns a default value if thelloyd2009-03-312-2/+17
| | | | param isn't set.
* Partially unroll the round structure, enough so that the subkey accesseslloyd2009-03-312-36/+40
| | | | | | | can be done directly, so there is no need to copy the key several times for the key schedule (since the GOST 'key schedule' is very simple and the access pattern can now be directly inserted into the code). Looks to be about 10% faster on my Core2, as well.
* Thomas Moschny passed along a request from the Fedora packagers which camelloyd2009-03-30570-8019/+9153
| | | | | | | | | | | | | | | up during the Fedora submission review, that each source file include some text about the license. One handy Perl script later and each file now has the line Distributed under the terms of the Botan license after the copyright notices. While I was in there modifying every file anyway, I also stripped out the remainder of the block comments (lots of astericks before and after the text); this is stylistic thing I picked up when I was first learning C++ but in retrospect it is not a good style as the structure makes it harder to modify comments (with the result that comments become fewer, shorter and are less likely to be updated, which are not good things).
* Use Libs.private for listing dependencies in pkg-config, this leads tolloyd2009-03-281-1/+2
| | | | somewhat cleaner .so dependencies on ELF systems. Patch from Zack Weinberg.
* No reason to include mdx_hash.h in MD2 since it derives directly fromlloyd2009-03-272-24/+24
| | | | HashFunction; include hash.h instead
* Compile fix: missing a commalloyd2009-03-271-1/+1
|
* Check the return value of lseek in the mmap allocatorlloyd2009-03-271-1/+3
|
* Use u32bit instead of int for loop counter in ctzlloyd2009-03-271-1/+1
|
* GOST was using a completely non-standard set of sboxes. Change it to uselloyd2009-03-2711-336/+218
| | | | | | | | | | | | | | | GostR3411_94_TestParamSet, this is compatible with the implementations in Crypto++ and OpenSSL. This is not backwards compatible, though once the implementation supports multiple param sets (which is required, unfortunately, for compatability with various standards by CryptoCom, who have defined not one but at least 4 (!!!) different sboxes to use with GOST), I may offer Botan's previous sbox set as an option. Since adding the GOST hash function (34.11) and signing algorithm (34.10) are on the long term agenda (request by Rickard Bondesson, as the Russian authorities want to use their local standards for their DNSSEC use), I renamed the block cipher class (which had been just 'GOST') to GOST_28147_89 to minimize future name clashes.
* Add back the public key filters, at the request of Andreas Podgurski onlloyd2009-03-193-0/+204
| | | | the mailing list.
* Add LibraryInitializers to the examples, instead of relying on lazy init.lloyd2009-03-1739-10/+67
| | | | Patch from David X Callaway.
* Expand some acronyms and various grammatical fixes to the tutorial document,lloyd2009-03-061-23/+24
| | | | submitted by Charles Brockman in bug 41
* Fix misspelled words in algo_factory.{cpp,h}, from Charles Brockman in bug 40lloyd2009-03-022-12/+13
|
* Update some doxygen comments. Contributed by Charles Brockman in bug #39lloyd2009-03-023-28/+28
|
* merge of '4d21273f3094d6b2c2bc149c76383d54ce0a0006'lloyd2009-02-112-56/+62
|\ | | | | | | and 'b4c266ae827b5a19f0cc07dc9b55a95fd4915a1e'
| * Apply a set of patches by Charles Brockman <[email protected]> fixinglloyd2009-02-112-56/+62
| | | | | | | | | | | | a number of bugs in the documentation, mostly typos, grammatical errors, poorly worded sentences, and idioms likely to be confusing to non-English speakers.
* | Mention merge of n.r.b.entropy-poll-redesignlloyd2009-02-081-0/+1
| |
* | merge of '93d8e162df445b607d3085d0f966f4e7b286108a'lloyd2009-01-3112-123/+129
|\ \ | | | | | | | | | and 'fc89152d6d99043fb9ed1e9f2569fde3fee419e5'
| * | In es_unix, two changeslloyd2009-01-311-6/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make the fast poll significantly more pessimistic/realistic about how many bits of randomness we're getting from getrusage and stat. Don't cut out from execing programs if the desired poll bits is under 128. Simply poll until either the accumulator says we're done or we run out of sources. Assumption is that the poll won't be run at all unless it is ncessary (es_unix comes late in the list of sources to use since it is pretty slow).
| * | Recast to byte pointer in Entropy_Accumulator before passing to add_byteslloyd2009-01-311-4/+4
| | |
| * | Update examples for changed EntropySource and RandomNumberGenerator interfaceslloyd2009-01-312-11/+14
| | |
| * | propagate from branch 'net.randombit.botan' (head ↵lloyd2009-01-3135-863/+704
| |\ \ | | | | | | | | | | | | | | | | | | | | 4518ef63a5e28e22a61d21a6066d0d4a5cf0616e) to branch 'net.randombit.botan.entropy-poll-redesign' (head c8e07f10a193b25bab726af99ea2ea77a0f30eaf)
| | * | Remove the notion of counting entropy bits in HMAC_RNG or Randpool.lloyd2009-01-314-35/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead simply consider the PRNG seeded if a poll kicked off from reseed met its goal, or if the user adds data. Doing anything else prevents creating (for instance) a PRNG seeded with 64 bits of entropy, which is unsafe for some purposes (key generation) but quite possibly safe enough for others (generating salts and such).
| | * | Change the max amount read from /dev/*random to 128 bits.lloyd2009-01-311-9/+4
| | | | | | | | | | | | | | | | | | | | | | | | Also, change the wait time to bits/16 milliseconds. For instance if 64 bits of entropy are requested, the reader will wait at most 4 ms in the select loop.
| | * | Track the collected entropy as a double instead of a unsigned int. Otherwiselloyd2009-01-311-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | inputs might end up not contributing anything to the count even when they should. This was paricularly noticable with the proc walker - it uses an estimate of .01 bits / byte, so if the file was < 100 bytes it would not count for anything at all.
| | * | Make Entropy_Accumulator a pure virtual to allow other accumulationlloyd2009-01-313-7/+28
| | | | | | | | | | | | | | | | | | | | techniques, with the one using BufferedComputation being the new subclass with the charming name Entropy_Accumulator_BufferedComputation.
| | * | In the X9.31 PRNG, move the code that rekeys the cipher and generates V tolloyd2009-01-312-44/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | a new member function rekey, calling it from both reseed and add_entropy. Previously add_entropy worked without this because the PRNG would reseed itself automatically if it was not at the point when randomize() was called, but once this was removed it was necessary to ensure a rekey kicked off, if appropriate, when calling add_entropy.
| * | | A new warning in glibc triggers if memset is called with a constant sizelloyd2009-01-311-8/+8
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | of 0 (on the theory this is a mistake and the second and third arguments were swapped). However the GCC inliner apparently is good enough that it is triggering on code that just happens to create a zero length SecureVector or equivalent - the constants get propagated so __builtin_constant_p returns true. Add an if(n) in clear_mem so we skip calling memset if the size is zero.
* | | Compilation fixes for the Win32 entropy sources.lloyd2009-01-282-4/+4
| |/ |/|
* | Double the static estimate in es_ftw. To collect 256 bits of estimatedlloyd2009-01-281-1/+1
| | | | | | | | | | entropy, the proc walker will read about 256K bytes. This seems plenty sufficient to me.
* | In the BeOS entropy poll, quit the loop early if the polling goal waslloyd2009-01-281-0/+3
| | | | | | | | achieved.
* | Go back to entropy bits per byte, instead of total estimated entropy oflloyd2009-01-281-4/+4
| | | | | | | | the buffer.
* | Fix test_es for new Entropy_Accumulator interface. It XORs into a blocklloyd2009-01-271-21/+27
| | | | | | | | | | of 64 bytes. Not ideal but at least gives a sense of what it is putting out.
* | Have Entropy_Accumulator dump everything into a BufferedComputation.lloyd2009-01-275-108/+26
| | | | | | | | | | | | | | | | | | | | | | | | Since both Randpool and HMAC_RNG fed the input into a MAC anyway, this works nicely. (It would be nicer to use tr1::function but, argh, don't want to fully depend on TR1 quite yet. C++0x cannot come soon enough). This avoids requiring to do run length encoding, it just dumps everything as-is into the MAC. This ensures the buffer is not a potential narrow pipe for the entropy (for instance, one might imagine an entropy source which outputs one random byte every 16 bytes, and the rest some repeating pattern - using a 16 byte buffer, you would only get 8 bits of entropy total, no matter how many times you sampled).
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-12 08:03:03 +0000