aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Realization while thinking about the recently added truncate: in a STLlloyd2010-09-076-51/+39
| | | | | | | | | | | | | | | | | | container like vector, truncate is simply resize, but what MemoryRegion called resize will zap the entire contents, and then what was resize was called grow_to. This is really problematic in terms of the goal of replacing MemoryRegion with a vector with a custom allocator. In this checkin: - Remove MemoryRegion::grow_to and MemoryRegion::truncate - Change the semantics of MemoryRegion::resize to change the size while keeping any current contents intact (up to the new size), zero initializing any new values. Unrelated, just noticed the lack while I was in there, add a version of CryptoBox::decrypt taking a std::string for the input.
* Avoid name clashing, Sun Studio doesn't like thislloyd2010-09-071-2/+3
|
* Disable a couple of very noisy warnings which don't provde a hugelloyd2010-09-071-1/+2
| | | | | amount of value. Add a note that -library=stlport4 may be needed on Linux (seems to depend on glibc version).
* Prevent loop variable shadowinglloyd2010-09-071-12/+12
|
* Remove trailing comma from enum decllloyd2010-09-071-1/+1
|
* Prevent shadowing of one loop param with anotherlloyd2010-09-071-1/+1
|
* Update CPU optimization flags for Sun Studio to the previous decade.lloyd2010-09-071-6/+10
| | | | | | | Also use -xO5 instead of -xO2; everything seems to work under -xO5 on x86-32 and x86-64 with my version of Sun Studio. Curiously, several things are miscompiled with -xO2! Definitely doesn't give me positive feelings about this optimizer.
* The SSSE3 intrinsics apparently work under Sun Studio as welllloyd2010-09-071-0/+1
|
* Cast the first argument to msync, munmap, mlock, and munlock to char*lloyd2010-09-072-4/+4
| | | | | to fix compilation on Solaris. Everybody else, including POSIX.1, uses void* here, but as usual Solaris likes to be special.
* Fix comparison functorlloyd2010-09-031-3/+3
|
* According to Thomas Maier-Komor in a post to botan-devel, the rightlloyd2010-09-031-0/+2
| | | | | way to create a static library using Sun Studio is to invoke the compiler with the -xar flag.
* Clean up the unix process running entropy source a little bit. Tweaklloyd2010-09-033-24/+35
| | | | | | priorities slightly, pushing netstat -s and netstat -an higher since they change freqently and don't have a huge amount of output. Use the -n flag with lsof, which inhibits name lookups which we don't need.
* Work around Sun Studio multimap insert buglloyd2010-09-031-0/+5
|
* The modern name for Sun Workshop Pro is Sun Studiolloyd2010-09-031-1/+1
|
* Uglify Data_Store::search_with a little to go through multimap_insertlloyd2010-09-031-1/+7
| | | | to avoid a Sun Studio bug.
* Remove calling getsid, it causes problems with too many differentlloyd2010-09-031-3/+1
| | | | | various compilers/platforms, and likely doesn't contribute much of anything. Also only grab real uid and gid, ignoring effective ids.
* Remove declaration of Hex_Encoder::encode, which was removed in an earlierlloyd2010-09-031-8/+4
| | | | checkin.
* Add dependencies for SSL modulelloyd2010-09-031-0/+20
|
* Remove filter/pipe dependency herelloyd2010-09-032-14/+6
|
* Update some callers that were using Hex_Encoder or Hex_Decoder butlloyd2010-09-034-35/+26
| | | | | | | | | | | | | | | | | | really didn't need to. The ones in symkey and big_code were actually calling accessor functions to do the encoding themselves without a Pipe (should have definitely recognized that as a code smell). These versions have changed semantically with this checkin - previously they would completely ignore bad inputs, but now invalid inputs are rejected. For instance, you cannot say SymmetricKey key("Only some of this is hex, most of it isn't"); And expect to get a valid key formed by filtering out the non-hex characters and then decoding it. This is almost certainly a good thing. Also fix include in Botan.xs
* Add a simple function to MemoryRegion to truncate to a specified size.lloyd2010-09-031-0/+10
| | | | Required by the hex decoder.
* Add a standalone version of hex encoding and decoding, defining the filterslloyd2010-09-038-137/+334
| | | | | | | | in terms of these calls. The header for the hex filter is renamed hex_filt.h. This probably won't affect people because filters.h (included by botan.h) already included hex.h, and now just includes hex_filt.h instead.
* Interesting factoid, turns out that overloading std::swap is notlloyd2010-09-021-1/+5
| | | | | | | allowed by the standard, however specializing it is. Fix this for BigInt; it appears the Flexsecure guys knew this since the CurveGFp and PointGFp classes already uses the template specialization rather than an overload.
* Rename mp_amd64_msvc to mp_msvc64 since it supports both AMD64 andlloyd2010-08-253-2/+2
| | | | | IA-64 (and, hypothetically, any other 64 bit CPU Visual C++ might target in the future).
* Add support for Windows-style dynamic loading with LoadLibrary. Notlloyd2010-08-253-8/+32
| | | | yet tested.
* merge of '4c134c636202fe03606cf0825bad22bd5362a224'lloyd2010-08-222-0/+2
|\ | | | | | | and '9e16b5a133480199541647fe245b79b059c9d5ca'
| * Add support for Atom processors.lloyd2010-08-222-0/+2
| | | | | | | | | | | | | | Fix a bug that would cause a harmless but bogus macro to be generated in build.h if you used --enable-sse2 Add --enable-movbe to turn on a macro marking movbe as available
* | For passhash9, add another interface that allows the caller to specifylloyd2010-08-222-14/+35
|/ | | | | | | | | | | which PRF they want to use. The old interface just calls this new version with alg_id set to 0 which is HMAC(SHA-1), which was previously the only supported PRF. Assign new codepoints for HMAC(SHA-256) and CMAC(Blowfish) to allow their use with passhash9. Have the generate+check tests run a test for each supported PRF.
* When creating a PBKDF2, first check if the argument name is a knownlloyd2010-08-211-2/+6
| | | | | | | | | | | | | MAC. If it is, use it as the PRF. Otherwise assume it is a hash function and use it with HMAC. Instead of instantiating the HMAC directly, go through the algorithm factory. Add a test using PBKDF2 with CMAC(Blowfish); Blowfish mainly because it supports arbitrarily large keys, and also the required 4 KiB of sbox tables actually would make it fairly useful in that it would make cracking using hardware or GPUs rather expensive. Have not confirmed this vector against any other implementation because I don't know of any other implementation of PBKDF2 that supports MACs other than HMAC.
* Turns out OpenSSL's implementation of PBKDF2 allows empty passphrases,lloyd2010-08-212-6/+11
| | | | | | | | | | | | | | | | | so for compatability with keys that were encrypted with an empty passphrase we probably want to support it as well. In PBKDF2, don't reject empty passphrases out of hand; simply call set_key and if the underlying MAC cannot use the key, throw an informative exception. This will also be more helpful in the case that someone tries using another MAC (say, CMAC) with a block cipher that only supports keys of specific sizes. In HMAC, allow zero-length keys. This is not really optimal in the sense of allowing the user to do something dumb, but a 1 byte key would be pretty dumb as well and we already allowed that. Add a test vector using an empty passphrase generated by OpenSSL
* Fix paper ref URL, remove unused prefetch includelloyd2010-08-201-5/+9
|
* Also use a smaller table in the first round of AES in the decrypt directionlloyd2010-08-191-9/+19
|
* Use a different idiom for handling the different cases between beinglloyd2010-08-194-45/+48
| | | | | passed a ref and having to allocate a new stream object, a little bit cleaner I think.
* In the first round of AES, use a 256 element table and do thelloyd2010-08-181-9/+28
| | | | | | | | | | | | | rotations in the code. This reduces the number of cache lines potentially accessed in the first round from 64 to 16 (assuming 64 byte cache lines). On average, about 10 cache lines will actually be accessed, assuming a uniform distribution of the inputs, so there definitely is still a timing channel here, just a somewhat smaller one. I experimented with using the 256 element table for all rounds but it reduced performance significantly and I'm not sure if the benefit is worth the cost or not.
* Correct Doxygen commentlloyd2010-08-171-3/+2
|
* Fix Doxygen comment in PBKDF2 constructorlloyd2010-08-131-2/+2
|
* The changelog for 1.9.4 claimed that the default PKCS #8 encryptionlloyd2010-08-131-1/+1
| | | | | | | | | | algorithm had changed to AES-256. This was wrong, it actually changed to AES-128. However in retrospect AES-256 is probably a reasonable move (in particular for the 4 extra rounds; the related key attacks possible against AES-256 are probably not viable since we generate the key using PBKDF2), so update the 1.9.4 changelog to correctly indicate the change made in that release, and also modify PKCS #8 to actually use AES-256.
* Add also AES-192 using SSSE3lloyd2010-08-123-23/+151
|
* Support AES-256 is the SSSE3 implementationlloyd2010-08-123-5/+95
|
* Use _mm_set_epi32 instead of _mm_set_epi64x - VC++ obnoxiously onlylloyd2010-08-112-79/+79
| | | | supports epi64x in 64-bit mode.
* Remove use of -ansi; it's not particularly helpful anyway, and itlloyd2010-08-111-1/+1
| | | | causes obnoxious problems under MinGW.
* Workaround problem with GCC 3 - it doesn't like you casting pointerslloyd2010-08-101-0/+4
| | | | | | to pointers-to-functions (which, admittedly, is undefined in ISO C++, but doing this is required to use dlopen). Using the dumb hammer of a C-style cast works, though.
* Add Filter::name implementationlloyd2010-08-101-0/+2
|
* Typo fixeslloyd2010-08-101-2/+2
|
* In 1.9.9 I moved the cryptobox functions out of the CryptoBoxlloyd2010-08-102-11/+22
| | | | | | | namespace, but this causes backwards compat problems, since cryptobox is already in 1.8, and also it's likely that other functions along these lines will be useful at some point (eg using RSA encryption instead of a passphrase for the key transfer).
* Only enable aes_ssse3 when compiling with GCC or Clang. For some dumbasslloyd2010-08-091-0/+7
| | | | | | | | | | | | | | | reasons, Intel C++ rejects const __m128i foo = _mm_set_epi64x(...) though it will accept if you use one of the _mm_set1 variants. And Visual C++ doesn't know about _mm_set_epi64x() in 32-bit mode for similarly dumb reasons - it works fine compiling for 64 bit but for whatever reason they don't offer this function when compiling as 32 bit. Unfortunately there isn't a good way to specify it's OK with a particular compiler with one arch but not another, so just disable it globally for the time being. The workaround for VC++ is probably to use _mm_set_epi32 and break up the input values into 32 bit chunks. ICC is a lost cause I fear.
* Clang supports -marchlloyd2010-08-091-0/+4
|
* Add an implementation of AES-128 using SSSE3 instructions. It runs inlloyd2010-08-094-0/+463
| | | | | | | | | | | | | | | constant time and on a Nehalem is significantly faster than the table based version. This implementation technique was invented by Mike Hamburg and described in a paper in CHES 2009 "Accelerating AES with Vector Permute Instructions". This code is basically a translation of his public domain x86-64 assembly code into intrinsics. Todo: Adding support for AES-192 and AES-256; this just requires implementing the key schedules. Currently only tested on an i7 with GCC (32 and 64 bit code); testing/optimization on 32-bit processors with SSSE3 like the Atom, and with Visual C++ and other compilers, are also todos.
* Also allow clang with 32-bit assembly code, everything seems to worklloyd2010-08-088-94/+20
| | | | fine with latest SVN.
* Clang understands at least some GCC inline asm syntax as well as whatlloyd2010-08-083-0/+3
| | | | an .S file is, so allow it for x86-64. Tested/works with Clang SVN.