| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
| |
BigInts. Also reorder constructor args to p, a, b which seems more
sensible to me.
|
|
|
|
| |
to take BigInts instead of GFpElements
|
|
|
|
| |
not a GFpElement
|
| |
|
|
|
|
|
|
| |
GFpElements.
Clean up OS2ECP
|
| |
|
|
|
|
|
|
|
|
| |
This makes things even slower than they were before, but will make
refactoring easier. And most of the montgomery code there was
duplicates of other code that already existed in the
codebase. Anything useful can be pulled back out from history later if
needed.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
Remove a handful of tests which were based on testing the sharing
aspects, which are gone now; everything is based on value copies.
All tests pass on x86-64 with GCC. Valgrind output looks clean too.
|
|
|
|
| |
alg id)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
password hashing schemes.
Increase salt size to 80 bits.
Research shows that virtually no other PBKDF2 implementations support
anything but SHA-1; for ease of implementation elsehwere switch back
from SHA-512 to SHA-1. Should be mostly harmless; it limits total
entropy of the password to a maximum of 160 bits, but this is unlikely
anyway.
Use two bytes to specify the work factor for future-proofing.
Add a test.
|
|
|
|
|
|
|
|
|
|
|
| |
and iteration count, force it to be passed to each call to derive_key.
So remove current_salt, set_iterations, new_random_salt, and change_salt
functions from S2K interface.
Update examples and test application to match.
While I was in there, change the passhash example to use 64 bit salts
and 128 bit PBKDF2 outputs.
|
|
|
|
|
| |
Crypto++ 5.6.0. Includes several largeish (64 and 128 block) tests, as
further tests for a future bitslice implementation.
|
|
|
|
|
|
|
|
|
|
| |
or 128-bit cipher, but so far only 128-bit ciphers had been tested. I could
not find another implementation of XTS supporting 3DES so these may be wrong,
but at least this ensures they will be consistently wrong.
Mostly in the smaller range (9 to 128 bytes) plus a few with large inputs
(64 blocks) because if a bitslice DES implementation is ever added a test
that actually does 64 blocks in parallel will be needed.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cause bad results if the input was not an even multiple of the block
size.
No released version was broken because the changes which caused the
problem were related to using Buffered_Filter, which was introduced
after 1.9.3 was released.
Add more XTS test vectors using AES, Serpent, and Twofish. The AES
tests come from Brian Gladman's XTS implementation. The Serpent and
Twofish tests were generated by botan.
|
|
|
|
| |
and 1.6x faster using SIMD_Scalar.
|
| |
|
| |
|
|
|
|
|
|
|
| |
Invalid_Argument just a typedef for std::invalid_argument. Make
Botan::Exception a typedef for std::runtime_error. Make Memory_Exhaustion
a public exception, and use it in other places where memory allocations
can fail.
|
| |
|
| |
|
|
|
|
| |
other examples
|
|
|
|
|
|
|
|
| |
including the examples and self-test code.
Most of these files had not copyright/license information at all; since a major
point of the examples is to allow users to copy and paste code that already
does something they want, an ambigious license is not good.
|
| |
|
|
|
|
| |
faster than the scalar version on a Core2.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
QueryPerformanceCounter, into an entropy source hres_timer. Its
results, if any, do not count as contributing entropy to the poll.
Convert the other (monotonic/fixed epoch) timers to a single function
get_nanoseconds_clock(), living in time.h, which statically chooses
the 'best' timer type (clock_gettime, gettimeofday, std::clock, in
that order depending on what is available). Add feature test macros
for clock_gettime and gettimeofday.
Remove the Timer class and timer.h. Remove the Timer& argument to the
algorithm benchmark function.
|
|
|
|
|
|
|
|
| |
containers (specifically vector).
Rename is_empty to empty
Remove has_items
Rename create to resize
|
|
|
|
|
|
| |
AES-256 blocks, plus a handful remaining in a general AES block.
This is necessary for any implementation which only supports a particular
key size, since otherwise no tests at all will run on that implementation.
|
|
|
|
|
|
|
| |
the user to specify the hash function to use, instead of always using SHA-1.
This was a sensible default a few years ago, when there wasn't a ~2^60 attack
on SHA-1 and support for SHA-2 was pretty much nil, but using something else
makes a lot more sense these days.
|
| |
|
| |
|
|
|
|
|
|
| |
StreamCipher_Filter
to pass it directly to a Pipe now.
|
| |
|
|
|
|
|
|
| |
Remove the Decrypt direction cipher mode tests - now both directions
are always tested for all modes. Also add IVs for Salsa20 (were implicit
all-zeros) since that does not fly anymore in validate.dat
|
| |
|
|
|
|
|
|
|
|
|
| |
Features dropped: RNG benchmarking, the --bench-type option.
New feature: Anything the library understands can be benchmarked using
--bench-algo.
Use 3DES and Serpent for mode benchmarking along with AES-128.
|
| |
|
| |
|
|
|
|
| |
version.
|
|
|
|
|
|
|
| |
- rounding.h (round_up, round_down)
- workfactor.h (dl_work_factor)
- timer.h (system_time)
And update all users of the previous util.h
|
| |
|
|\
| |
| |
| |
| |
| | |
ef51dd2869ed38dae3aeb1c3b931ca9d595580e1)
to branch 'net.randombit.botan' (head fc1942640045423f411fd865cbd584090b28d7eb)
|
| | |
|