aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* MD4's M buffer was set to be 48 words instead of 16. This had beenlloyd2010-02-032-1/+2
| | | | | | | | | | | | | | extant for a long long time and was never caught because until recently the code did not depend on M.size(). However with the recent loadstore changes that use memcpy to load the entire array in one shot, an extra 128 bytes of memory would be read (but not used) in each iteration. This probably did not cause any problems except for Valgrind warnings, though in some situations it would be possible for the M buffer and MDx_HashFunctions buffer to be close enough that memcpy would be called with overlapping regions, which could cause arbitrarily weird failures since memcpy is allowed to assume they do not overlap.
* Move the get_byte template to its own header, because many fileslloyd2010-02-0220-28/+44
| | | | including loadstor.h actually just needed get_byte and nothing else.
* Prefix passhash with "$9$" in a manner similar with otherlloyd2010-02-025-19/+64
| | | | | | | | | | | | | | | | password hashing schemes. Increase salt size to 80 bits. Research shows that virtually no other PBKDF2 implementations support anything but SHA-1; for ease of implementation elsehwere switch back from SHA-512 to SHA-1. Should be mostly harmless; it limits total entropy of the password to a maximum of 160 bits, but this is unlikely anyway. Use two bytes to specify the work factor for future-proofing. Add a test.
* Password hashing is a pretty useful service, really. Move the guts oflloyd2010-02-015-58/+133
| | | | | | | | the passhash example to the library. Support variable work factors; default work factor of 10 takes about half a second to do one password on my Core2. Switch to using SHA-512 instead of SHA-1 in PBKDF2. To keep the output evenly sized for base64 purposes, reduce PBKDF2 output size by one byte (to 112 bits).
* Document S2K changelloyd2010-02-011-0/+1
|
* Remove include of rng.h in s2k.h since it is no longer used. Add anlloyd2010-02-013-2/+1
| | | | | include for the exception types in pbkdf1 since previously it inherited that from the rng.h include.
* Modify the S2K interface. Instead of being stateful in terms of the saltlloyd2010-02-0118-211/+150
| | | | | | | | | | | and iteration count, force it to be passed to each call to derive_key. So remove current_salt, set_iterations, new_random_salt, and change_salt functions from S2K interface. Update examples and test application to match. While I was in there, change the passhash example to use 64 bit salts and 128 bit PBKDF2 outputs.
* Lowercase DOCDIR to match common conventionslloyd2010-01-293-3/+3
|
* Add a set of test vectors for 3DES in counter mode generated bylloyd2010-01-291-0/+2746
| | | | | Crypto++ 5.6.0. Includes several largeish (64 and 128 block) tests, as further tests for a future bitslice implementation.
* Add a set of XTS tests using TripleDES; XTS mode supports either a 64-bitlloyd2010-01-281-0/+1408
| | | | | | | | | | or 128-bit cipher, but so far only 128-bit ciphers had been tested. I could not find another implementation of XTS supporting 3DES so these may be wrong, but at least this ensures they will be consistently wrong. Mostly in the smaller range (9 to 128 bytes) plus a few with large inputs (64 blocks) because if a bitslice DES implementation is ever added a test that actually does 64 blocks in parallel will be needed.
* Remove debug checklloyd2010-01-271-7/+10
|
* Fix several buffering problems in the XTS implementation that wouldlloyd2010-01-252-9/+7141
| | | | | | | | | | | | | cause bad results if the input was not an even multiple of the block size. No released version was broken because the changes which caused the problem were related to using Buffered_Filter, which was introduced after 1.9.3 was released. Add more XTS test vectors using AES, Serpent, and Twofish. The AES tests come from Brian Gladman's XTS implementation. The Serpent and Twofish tests were generated by botan.
* Remove global variablelloyd2010-01-222-4/+2
|
* Prevent a crash in GMP_Engine if the library is shutdown and thenlloyd2010-01-223-12/+18
| | | | | | | | | | | | | | | | | | | | | | | | | reinitialized. It would cache an Allocator pointer on first use, and then never zero it, so after the reinit the pointer would be going to a now deallocated Allocator object. Encountered in the SoftHSM test suite, reported by Ondrej Sury. Use a simple reference counting scheme to zero the pointer, and reset the GNU MP memory functions. This also fixes a quite obscure and never reported bug, that if the GMP engine was used, and if the library was deinitialized but then the program tried to use GNU MP, the allocator functions would crash. Now after deinit the allocator funcs revert to the defaults. The reference count is not updated atomically so this is not thread safe, but seems a non-issue; the only time this could happen (especially now that the GMP engine header is internal-only) is if multiple threads were attempting to initialize / shutdown the library at once - which won't work anyway for a variety of reasons, including contention on the (unlocked) global_lib_state pointer. If at some point thread safety is useful here, the refcnt can be locked by a mutex, or kept in an atomic<unsigned int>.
* Add SQLite3 encryption codec, contributed by Olivier de Gaalon. Useslloyd2010-01-228-0/+727
| | | | Twofish in XTS mode for encryption by default, but is easily tweakable.
* s/j/i/ in looplloyd2010-01-211-2/+2
|
* Inline debug funcs to debug.h, make print_vec a template on the base typelloyd2010-01-213-38/+15
|
* Ignore example binarieslloyd2010-01-191-0/+1
|
* Fix cpuid examplelloyd2010-01-191-1/+0
|
* Add OID for Serpent/CBClloyd2010-01-191-0/+1
|
* Add SIMD version of Noekeon. On a Core2, about 2.7x faster using SIMD_SSE2lloyd2010-01-128-2/+2230
| | | | and 1.6x faster using SIMD_Scalar.
* Kill unneeded includelloyd2010-01-121-1/+0
|
* Fix a test broken by the recent exception hierarchy changeslloyd2010-01-121-10/+2
|
* Add operator& and non-mutating rotates to SIMD_32lloyd2010-01-124-0/+34
|
* Remove a debug printlloyd2010-01-121-3/+0
|
* Add block cipher cascadelloyd2010-01-117-2/+215
|
* Typo fixlloyd2010-01-111-1/+1
|
* Minor cleanuplloyd2010-01-081-8/+9
|
* Remove catch clauses made redundant by inheritence changes in exception ↵lloyd2010-01-081-5/+0
| | | | hierarchy.
* merge of 'bf0e5684d8ba5fb0a21cdcd11d26995cbb250c4a'lloyd2010-01-0731-153/+97
|\ | | | | | | and 'e30a741f6014987e9683842ede22c44b2db03c56'
| * Clean up exceptions. Remove some unused ones like Config_Error. Makelloyd2010-01-0531-153/+97
| | | | | | | | | | | | | | Invalid_Argument just a typedef for std::invalid_argument. Make Botan::Exception a typedef for std::runtime_error. Make Memory_Exhaustion a public exception, and use it in other places where memory allocations can fail.
* | Doxygen commentslloyd2010-01-071-14/+63
| |
* | Use Algorithm_Factory instead of instantiating directly; will allow the uselloyd2010-01-071-10/+14
| | | | | | | | of AES-NI instructions, etc, in the PRNGs.
* | Recognize aes_isa engine, set as high prioritylloyd2010-01-061-4/+6
| |
* | Add --verbose and --quiet optionslloyd2010-01-061-8/+21
| |
* | simd_32 should be autoload, not always. Copy+pasted from util's info.txtlloyd2010-01-061-2/+0
|/
* Remove stubs for VIA Padlock support. I have no plans to implement itlloyd2010-01-052-24/+1
| | | | | | and don't even have access to a VIA with AES so could not test it anyway. If someone else wants to do it, then the implementation for AES-NI should provide a good template.
* Split AES tests by key length for AES-NIlloyd2010-01-051-44/+45
|
* merge of 'a51f8d7dec78251a3a4ccf162b346c289fc1d72a'lloyd2010-01-046-127/+90
|\ | | | | | | and 'aafa02a299b61c7762ae71dfc429396aa6bd25b3'
| * Remove Exception::set_msg. Inline all exception constructors.lloyd2010-01-045-125/+90
| |
| * Remove debug printlloyd2010-01-041-2/+0
| |
* | Make all parallel block modes 16 blocks widelloyd2010-01-041-4/+4
| |
* | Specific large tests for AES-128 to hit engineslloyd2010-01-041-3/+7
| |
* | Move Tiger::mix to anon namespace lloyd2010-01-042-14/+17
| |
* | merge of 'aa801db59c03df9f37c4f3e254d88b1ca1f5732d'lloyd2010-01-042-1/+23
|\| | | | | | | and 'c6c0f6c14a5e0163127ceb1c299297450a50b06f'
| * Make ssse3/aes_ni depend on sse2; --disable-sse2 turns off all of thenlloyd2010-01-041-0/+21
| |
| * Fix compile; aes engine header is internallloyd2010-01-041-1/+2
| |
* | Remove pshufb-based bswap_4; it causes problems too easily with externallloyd2010-01-041-21/+1
|/ | | | | | application code that wants to use loadstor.h, since that loads bswap.h and if SSSE3 isn't enabled via -march GCC will error out. Doesn't seem to be at all faster than the shuffle-based bswap for SSE2 on a Core2 in any case.
* Completely inline getopt.cpp into getopt.h so it can be used in toolbox and ↵lloyd2010-01-032-96/+85
| | | | other examples
* The first bits of a general toolbox program. Currently does hex and base64lloyd2009-12-311-0/+235
| | | | encoding/decoding, bzip2 and zlib compression/decompression, and hashing.