aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Remove support for multiple providers in SCAN_Name, mostly because Illoyd2008-11-112-32/+19
| | | | couldn't really figure out how the semantics should work.
* Add a new cache at the level of Algorithm_Factory. Intent is to replacelloyd2008-11-114-1/+149
| | | | | | | the caches included in the Engines, allowing faster search/query along and making the Engine implementations mostly or entirely stateless, also removing the need for a two-phase initialization there. Stil buggy + incomplete.
* Make Engine::find_XYZ publiclloyd2008-11-111-15/+17
|
* Remove needless include of libstate.h from init.hlloyd2008-11-111-1/+2
|
* Split asm_engine into three engines (ia32, amd64, sse2). This allowslloyd2008-11-1114-71/+202
| | | | them to be individually requested as providers on lookup.
* Make SCAN_Name::arg return a new SCAN_Name that has the same providers list,lloyd2008-11-115-30/+49
| | | | this allows provider preferences to be passed down to sub-algorithms.
* Switch to Algorithm_Factory in PBES2lloyd2008-11-113-114/+129
|
* Remove global state dependency from pbes1lloyd2008-11-113-38/+94
|
* Bubble up use of global algo factory out of DSA parameter gen to DL_Grouplloyd2008-11-113-6/+14
|
* Update Library_State for new Algorithm_Factory constructorlloyd2008-11-111-1/+1
|
* Remove pk testing policies (now static)lloyd2008-11-111-4/+0
|
* Remove a global_state() dependency on Engine without breaking Monotonelloyd2008-11-114-15/+19
| | | | via two-stage initialization.
* Make the level of key consistency checking performed be a build constantlloyd2008-11-112-19/+8
| | | | instead of runtime configurable.
* Add a function to query algorithm providerslloyd2008-11-112-0/+27
|
* Fix destructorlloyd2008-11-111-1/+1
|
* After finding myself typing global_state().algorithm_factory() insteadlloyd2008-11-112-10/+11
| | | | | of algo_factory() several times, I decided to rename the functions. algorithm_factory() just forwards to algo_factory as an inline.
* Add back default empty arguments to LibraryInitializerlloyd2008-11-112-3/+3
| | | | Set default thread safety to false
* Move Algorithm_Factory from libstate (which it did not depend on) to ↵lloyd2008-11-114-3/+16
| | | | algo_factory/
* Drop look_add.h and the freestanding add_algorithm functionslloyd2008-11-113-66/+0
|
* Change LibraryInitializer back to accepting a std::string for backwardslloyd2008-11-113-5/+35
| | | | compatability.
* Fix leak in Luby-Rackoff lookup (got new object instead of prototype as ↵lloyd2008-11-111-2/+1
| | | | intented)
* Remove unused include of <memory>lloyd2008-11-111-1/+0
|
* New function name in SCAN_Namelloyd2008-11-111-1/+1
|
* Remove lookup.h use from DLIES, PK key agreement, DSA param gen, get_enc.cpplloyd2008-11-1111-60/+87
|
* Remove lookup dep from basic pubkey classeslloyd2008-11-104-47/+32
|
* Add back Library_State::add_engine for Monotonelloyd2008-11-102-0/+10
|
* Shorten SCAN_Name's argument arg in function nameslloyd2008-11-108-40/+40
|
* Move get_bc_pad to def_engine/def_mode.cpplloyd2008-11-105-85/+66
| | | | Compilation fix in arc4_openssl.cpp
* Add constructor to StreamCipher_Filter taking StreamCipher*lloyd2008-11-102-0/+15
|
* Make cipher mode padder non-const in ECB and CBClloyd2008-11-103-14/+14
|
* Drop all options except thread safety. Also remove InitializerOptions, etclloyd2008-11-106-229/+30
| | | | | | | | | | | | | | | and reduce all the arguments to just a bool specifying threads. selftests: off (if desired, run passes_self_test in selftest.h) fips140: Just ran the self tests, totally bogus option. use_engine: On by default (that is, if OpenSSL or asm code is compiled in, it's used by default). One can get better control over this using the provider feature of SCAN_Name (though this doesn't handle cases like nested algorithms yet). secure_memory: On by default.
* Remove Modules class from the initializer code - it just wasn't that usefullloyd2008-11-107-229/+77
| | | | as an abstraction. Check #ifdef's for engines and such directly in libstate.cpp
* Move x86 Serpent to the asm engine module.lloyd2008-11-108-73/+55
| | | | Move OpenSSL's RC4 back into a single file again.
* Use Algorithm_Factory instead of lookup in Default_Engine block cipherlloyd2008-11-103-13/+10
| | | | and mac tables
* Move block and stream ciphers also into Algorithm_Factorylloyd2008-11-1012-210/+293
|
* Make SCAN_Name::arg_count_between constlloyd2008-11-101-1/+1
|
* Move MACs also to Algorithm_Factorylloyd2008-11-107-75/+139
|
* Split PK stuff from engine.cpp to pk_engine.cpplloyd2008-11-103-173/+189
|
* Move add_algorithm for hashes also to Algorithm_Factorylloyd2008-11-103-22/+27
|
* Remove printfslloyd2008-11-101-5/+0
|
* Split the assembly implementations of the hash functions into asm_engine.lloyd2008-11-106-39/+125
| | | | | | This still is not an ideal split, since for SHA-1 we have both SSE2 and x86/x86-64 asm. Currently we continue to punt to SSE2 if enabled, otherwise asm, since the SSE2 seems to be the fastest thing going in my tests so far.
* Have Algorithm_Factory::make_hash_function throw an exception if it can'tlloyd2008-11-106-14/+27
| | | | | | find an object to clone. Add a new constructor to Hash_Filter taking a HashFunction*
* Use Algorithm_Factory and SCAN_Name for all hash lookups. Modify engineslloyd2008-11-1011-76/+129
| | | | accordingly.
* Fix parsing of nested + aliased names like TLS.Digest.0 in SCAN_Namelloyd2008-11-101-3/+31
|
* In SCAN_Name, keep track of the original inputs and make them accessiblelloyd2008-11-102-0/+6
|
* Add a class Algorithm_Factory which encapsulates the Engine classes (andlloyd2008-11-107-85/+160
| | | | which will eventually encapsulate the lookup logic as well)
* Reduce /dev/random poll times: 5ms for fast, 20 for slowlloyd2008-11-101-2/+2
|
* Several changes to HMAC_RNG, many on the basis of the paperlloyd2008-11-101-27/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Boaz Barak, Shai Halevi: A model and architecture for pseudo-random generation with applications to /dev/random. ACM Conference on Computer and Communications Security 2005. which I was referred to by Hugo Krawczyk. Changes include: Remove the entropy estimation. This is a major point of Barak and Halevi's paper: the entropy we want to estimate is the condtional entropy of the collected data from the point of view of an unknown attacker. Obviously this cannot be computed! Instead HMAC_RNG simply counts each byte of sampled data as one bit of estimated entropy. Increase the reseed threshold from 2^14 to 2^20 outputs, and change the fast poll during generation from once every 1024 outputs to once every 65536 outputs (though the fast poll might not trigger that often, if output lengths are very large - however this doesn't really matter much, and with the X9.31 wrapper it does kick off exactly every 2^16 outputs). The paper also has some good arguments why it is better to reseed rarely, making sure you have collected a large amount of (hopefully) unguessable state. Remove a second HMAC PRF operation which was only being done to destroy the previous K value. Considering it has a short lifetime, seems excessive (and really hurt performance).
* The device reader constructors were being called too soon. Insteadlloyd2008-11-102-19/+40
| | | | close the fds in the entropy source destructor.
* Split pk_pad.h into eme.h and emsa.hlloyd2008-11-1013-35/+54
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-29 19:24:28 +0000