| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
certificate policies extension, though it's really not supported
at all.
Remove test code from secmem.h
Fix building the examples
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
converting back and forth. This gives a 10 to 20% speedup on a Core
i7. In addition, the CurveGFp no longer contains a Barrett reducer,
saving 3 BigInts worth of memory.
Add a #if'ed out alternative to point multiplication using the
Montgomery ladder technique. It runs in (more or less) constant time,
but rather significantly slower than the 4 bit window technique
currently used.
Tweak the window sizes to match the theoretical optimums.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
the low bytes were equal, then the saturating subtraction result in
that byte would be 0 with the high byte containing a non-zero value.
To deal with this, shift and or together the two values into the low
byte.
Add some new tests which check out the SIMD implementation more
carefully, including values that trigger the problem in the earlier
version.
|
|
|
|
|
|
|
|
| |
currently.
Include the source directory name in object file names.
Add some more DES test vectors.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
More documentation updates.
The clean target wasn't removing one of the symlinks.
In the self-test application, warn if the version we are linked
against does not match the version we were built against. This
always indicates a problem. Someone who had an older version
installed on their system got very confused when the test app was
linked against it at runtime; this warning would have saved a
couple hours of puzzling by me. This would also have helped avoid
the nasty bug in 1.8.3
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and a random number generator, and the other taking a group and a
preset private key value. The DL private keys instead have on
constructor for this; if the x value is zero, then a new random key is
created. For consistency, do this with ECC as well.
ECDH actually didn't have one of these constructors, forcing you to
either load from PKCS #8 or else use a random key.
Rename EC_Domain_Params to EC_Group, with a typedef for compatability.
More doc updates.
Update mtn ignores for Sphinx output
|
|
|
|
|
|
| |
Add some comments to help explain what is going on. Also add a
test using 512 blocks; all the existing ones were shorter, so
increment was not being tested at all. :(
|
|
|
|
|
| |
used in OpenBSD. Tested as compatible with a common Java
implementation (http://www.mindrot.org/projects/jBCrypt/)
|
| |
|
|
|
|
| |
http://csrc.nist.gov/groups/ST/toolkit/documents/kms/key-wrap.pdf
|
| |
|
| |
|
|
|
|
|
|
| |
generated using Crypto++ 5.6.1.
Requested in PR 141.
|
|
|
|
| |
Avoid using auto_ptr in the CVC headers.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
in build.h named BOTAN_DISTRIBUTION_INFO. The default value is
'unspecified'. People packaging botan could set this to another
value, for instance 'Gentoo 1.9.13-r3' or 'Debian 1.9.13-1', or
'pristine' to indicate a completely unmodified/stock version. This
was suggested by Zooko for Crypto++ in
http://sourceforge.net/apps/trac/cryptopp/ticket/11
and seemed like an idea worth stealing.
Don't default the version datestmap to the current day if unset,
instead set to zero. This allows applications to detect
unreleased versions. Document that version_datestamp will return
zero for unreleased versions.
Change the version_string function to return more information about
the current version, including the release date and distribution
information. It will now return strings like:
Botan 1.9.13 (released 20110207, distribution Gentoo 1.9.13-r3)
or for an unreleased version:
Botan 1.9.13 (unreleased version, distribution unspecified)
|
|
|
|
|
|
|
|
|
| |
derived from a DNSSEC RFC. Bug reported by Bert Hubert to the
mailing list. According to Bert, this ordering is compatible with
the version included in OpenSSL.
Also, benchmark GOST 34.10 using the GOST 34.11 hash since that
is always what it is used with.
|
|
|
|
|
| |
Only change is the padding rule. It 'simplifies' the padding by making
it less flexible and harder to implement efficiently. :(
|
| |
|
| |
|
| |
|
|
|
|
| |
proposed SHA-3 parameter sets are supported.
|
|
|
|
| |
the same reverse iterator bug. Use the workaround for gcc 4.0.*
|
|
|
|
| |
schedule constant to prevent rotational attacks.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
parameters are as well. So make them template paramters.
The sole exception was AES, because you could either initialize AES
with a fixed key length, in which case it would only be that specific
key length, or not, in which case it would support any valid AES key
size. This is removed in this checkin; you have to specifically ask for
AES-128, AES-192, or AES-256, depending on which one you want.
This is probably actually a good thing, because every implementation
other than the base one (SSSE3, AES-NI, OpenSSL) did not support
"AES", only the versions with specific fixed key sizes. So forcing
the user to ask for the one they want ensures they get the ones
that are faster and/or safer.
|
| |
|
| |
|
|
|
|
|
| |
This breaks API for anyone creating their own Filter types, but it had
to happen eventually.
|
| |
|
| |
|
|
|
|
|
| |
range of single bit errors in DES (though really this method is more
useful for a hardware implementation than table based software).
|
|
|
|
| |
dependent right now.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
representation (rather than in an interator context), instead use &buf[0],
which works for both MemoryRegion and std::vector
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
previously existed in misc.cpp that emulated it via a pipe and filter.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
which PRF they want to use. The old interface just calls this new
version with alg_id set to 0 which is HMAC(SHA-1), which was
previously the only supported PRF.
Assign new codepoints for HMAC(SHA-256) and CMAC(Blowfish) to allow
their use with passhash9.
Have the generate+check tests run a test for each supported PRF.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MAC. If it is, use it as the PRF. Otherwise assume it is a hash
function and use it with HMAC. Instead of instantiating the HMAC
directly, go through the algorithm factory.
Add a test using PBKDF2 with CMAC(Blowfish); Blowfish mainly because
it supports arbitrarily large keys, and also the required 4 KiB of
sbox tables actually would make it fairly useful in that it would make
cracking using hardware or GPUs rather expensive. Have not confirmed
this vector against any other implementation because I don't know of
any other implementation of PBKDF2 that supports MACs other than HMAC.
|