| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
I'm not sure where the old name came from though as literally the only
hits for it on Google are botan-related.
|
| |
|
| |
|
|\
| |
| |
| |
| |
| | |
35d3e3deb02b47f98e4937f8eab77f019a0f4b97)
to branch 'net.randombit.botan.ssl' (head f923e7583e760a9a224cc5b1fc40015776d85eb9)
|
| |\
| | |
| | |
| | |
| | |
| | | |
89451dd9349d61bc29507c9c441c090148192286)
to branch 'net.randombit.botan.ssl' (head a341d74655f579482102c23e2c378897b738bd06)
|
| | | |
|
| | | |
|
| | |\
| | | |
| | | |
| | | |
| | | |
| | | | |
dd33b7150f3f49d795e4eb962d8d41d1ada58d8d)
to branch 'net.randombit.botan.ssl' (head 1452205423962b664263fd2a35149122dfc94d37)
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
I'll officially kill off Ajisai (instead of it just lingering as a zombine
as it is currently).
Apparently I broke something (or multiple things) during the import process;
servers crash and clients gets MAC errors on connect.
|
| | | | |
|
|/ / / |
|
| |/
|/| |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
finalized.
Move header to passhash9.h and rename the functions to be passhash9
specific ({generator,check}_passhash9)
Add an algorithm identifer field. Currently only id 0 is defined, for
HMAC(SHA-1), but this opens up for using HMAC(SHA-512) or HMAC(SHA-3)
or CMAC(Blowfish) or whatever in the future if necessary. Increase the
salt size to 96 bits and the PRF output size to 192 bits.
Document in api.tex
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
extant for a long long time and was never caught because until
recently the code did not depend on M.size(). However with the recent
loadstore changes that use memcpy to load the entire array in one
shot, an extra 128 bytes of memory would be read (but not used) in
each iteration.
This probably did not cause any problems except for Valgrind warnings,
though in some situations it would be possible for the M buffer and
MDx_HashFunctions buffer to be close enough that memcpy would be called
with overlapping regions, which could cause arbitrarily weird failures
since memcpy is allowed to assume they do not overlap.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
password hashing schemes.
Increase salt size to 80 bits.
Research shows that virtually no other PBKDF2 implementations support
anything but SHA-1; for ease of implementation elsehwere switch back
from SHA-512 to SHA-1. Should be mostly harmless; it limits total
entropy of the password to a maximum of 160 bits, but this is unlikely
anyway.
Use two bytes to specify the work factor for future-proofing.
Add a test.
|
| |
| |
| |
| |
| |
| |
| |
| | |
the passhash example to the library. Support variable work factors;
default work factor of 10 takes about half a second to do one password
on my Core2. Switch to using SHA-512 instead of SHA-1 in PBKDF2. To keep
the output evenly sized for base64 purposes, reduce PBKDF2 output size by
one byte (to 112 bits).
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
and iteration count, force it to be passed to each call to derive_key.
So remove current_salt, set_iterations, new_random_salt, and change_salt
functions from S2K interface.
Update examples and test application to match.
While I was in there, change the passhash example to use 64 bit salts
and 128 bit PBKDF2 outputs.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
reinitialized. It would cache an Allocator pointer on first use,
and then never zero it, so after the reinit the pointer would be going
to a now deallocated Allocator object.
Encountered in the SoftHSM test suite, reported by Ondrej Sury.
Use a simple reference counting scheme to zero the pointer, and reset
the GNU MP memory functions. This also fixes a quite obscure and never
reported bug, that if the GMP engine was used, and if the library was
deinitialized but then the program tried to use GNU MP, the allocator
functions would crash. Now after deinit the allocator funcs revert to the
defaults.
The reference count is not updated atomically so this is not thread safe,
but seems a non-issue; the only time this could happen (especially now that
the GMP engine header is internal-only) is if multiple threads were attempting
to initialize / shutdown the library at once - which won't work anyway for
a variety of reasons, including contention on the (unlocked) global_lib_state
pointer.
If at some point thread safety is useful here, the refcnt can be locked by
a mutex, or kept in an atomic<unsigned int>.
|
| |
| |
| |
| | |
Twofish in XTS mode for encryption by default, but is easily tweakable.
|
| | |
|
|/
|
|
| |
and 1.6x faster using SIMD_Scalar.
|
| |
|
|
|
|
|
|
|
| |
Invalid_Argument just a typedef for std::invalid_argument. Make
Botan::Exception a typedef for std::runtime_error. Make Memory_Exhaustion
a public exception, and use it in other places where memory allocations
can fail.
|
|
|
|
| |
encoding/decoding, bzip2 and zlib compression/decompression, and hashing.
|
| |
|
|
|
|
|
|
|
|
| |
including the examples and self-test code.
Most of these files had not copyright/license information at all; since a major
point of the examples is to allow users to copy and paste code that already
does something they want, an ambigious license is not good.
|
| |
|
| |
|
| |
|
|
|
|
| |
faster than the scalar version on a Core2.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bswap.h); too many external apps rely on loadstor.h existing.
Define 64-bit generic bswap in terms of 32-bit bswap, since it's
not much slower if 32-bit is also generic, and much faster if
it's not. This may be quite helpful on 32-bit x86 in particular.
Change formulation of generic 32-bit bswap. It may be faster or
slower depending on the CPU, especially the latency and throuput
of rotate instructions, but should be faster on an ideally
superscalar processor with rotate instructions (ie, what I expect
future CPUs to look more like).
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes for the amalgamation generator for internal headers.
Remove BOTAN_DLL exporting macros from all internal-only headers;
the classes/functions there don't need to be exported, and
avoiding the PIC/GOT indirection can be a big win.
Add missing BOTAN_DLLs where necessary, mostly gfpmath and cvc
For GCC, use -fvisibility=hidden and set BOTAN_DLL to the
visibility __attribute__ to export those classes/functions.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
QueryPerformanceCounter, into an entropy source hres_timer. Its
results, if any, do not count as contributing entropy to the poll.
Convert the other (monotonic/fixed epoch) timers to a single function
get_nanoseconds_clock(), living in time.h, which statically chooses
the 'best' timer type (clock_gettime, gettimeofday, std::clock, in
that order depending on what is available). Add feature test macros
for clock_gettime and gettimeofday.
Remove the Timer class and timer.h. Remove the Timer& argument to the
algorithm benchmark function.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
included. Threads are a smarter approach, in retrospect.
|
| |
|
|
|
|
| |
onto other CCNs with valid checksums.
|
|\
| |
| |
| |
| |
| | |
586495311cff277e7a24b4116c987b79036d94e6)
to branch 'net.randombit.botan.fpe' (head c6e8324b12e509ac1303078d5e716f08c53acff5)
|
| |\
| | |
| | |
| | |
| | |
| | | |
0cb3295ee48403828c652064fbf72ddb6edbe13c)
to branch 'net.randombit.botan.fpe' (head 954d50f368db4be7d98c5c32c474bc54ec5ea7f3)
|
| | |
| | |
| | |
| | |
| | |
| | | |
Format-Preserving Encryption (http://eprint.iacr.org/2009/251). This
doesn't implement the rank functions which are necessary for the actual
format-preserving part, though that would be nice to add to the example.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently requires SSE4.1 for _mm_extract_epi32 for the key schedule, it
would be nice to remove this dependency, though all currently known/scheduled
chips with AES-NI (Intel Westmere and Sandy Bridge, and AMD Bulldozer) are
supposed to include SSE 4.1 so this is not a huge problem.
|