aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Fix leaks in several of the cipher mode filters. Introduced by thelloyd2010-02-144-2/+12
| | | | | removal of the cipher mode base class, which handled deleting the cipher object.
* Further passhash changes before release and things have to belloyd2010-02-054-105/+136
| | | | | | | | | | | | | | finalized. Move header to passhash9.h and rename the functions to be passhash9 specific ({generator,check}_passhash9) Add an algorithm identifer field. Currently only id 0 is defined, for HMAC(SHA-1), but this opens up for using HMAC(SHA-512) or HMAC(SHA-3) or CMAC(Blowfish) or whatever in the future if necessary. Increase the salt size to 96 bits and the PRF output size to 192 bits. Document in api.tex
* Fix some buffering and off-by-one errors in Buffering_Filter::writelloyd2010-02-031-19/+10
| | | | Still not totally convinced this code is correct.
* MD4's M buffer was set to be 48 words instead of 16. This had beenlloyd2010-02-031-1/+1
| | | | | | | | | | | | | | extant for a long long time and was never caught because until recently the code did not depend on M.size(). However with the recent loadstore changes that use memcpy to load the entire array in one shot, an extra 128 bytes of memory would be read (but not used) in each iteration. This probably did not cause any problems except for Valgrind warnings, though in some situations it would be possible for the M buffer and MDx_HashFunctions buffer to be close enough that memcpy would be called with overlapping regions, which could cause arbitrarily weird failures since memcpy is allowed to assume they do not overlap.
* Move the get_byte template to its own header, because many fileslloyd2010-02-0220-28/+44
| | | | including loadstor.h actually just needed get_byte and nothing else.
* Prefix passhash with "$9$" in a manner similar with otherlloyd2010-02-023-16/+31
| | | | | | | | | | | | | | | | password hashing schemes. Increase salt size to 80 bits. Research shows that virtually no other PBKDF2 implementations support anything but SHA-1; for ease of implementation elsehwere switch back from SHA-512 to SHA-1. Should be mostly harmless; it limits total entropy of the password to a maximum of 160 bits, but this is unlikely anyway. Use two bytes to specify the work factor for future-proofing. Add a test.
* Password hashing is a pretty useful service, really. Move the guts oflloyd2010-02-013-0/+125
| | | | | | | | the passhash example to the library. Support variable work factors; default work factor of 10 takes about half a second to do one password on my Core2. Switch to using SHA-512 instead of SHA-1 in PBKDF2. To keep the output evenly sized for base64 purposes, reduce PBKDF2 output size by one byte (to 112 bits).
* Remove include of rng.h in s2k.h since it is no longer used. Add anlloyd2010-02-013-2/+1
| | | | | include for the exception types in pbkdf1 since previously it inherited that from the rng.h include.
* Modify the S2K interface. Instead of being stateful in terms of the saltlloyd2010-02-0111-136/+48
| | | | | | | | | | | and iteration count, force it to be passed to each call to derive_key. So remove current_salt, set_iterations, new_random_salt, and change_salt functions from S2K interface. Update examples and test application to match. While I was in there, change the passhash example to use 64 bit salts and 128 bit PBKDF2 outputs.
* Lowercase DOCDIR to match common conventionslloyd2010-01-293-3/+3
|
* Remove debug checklloyd2010-01-271-7/+10
|
* Fix several buffering problems in the XTS implementation that wouldlloyd2010-01-251-9/+31
| | | | | | | | | | | | | cause bad results if the input was not an even multiple of the block size. No released version was broken because the changes which caused the problem were related to using Buffered_Filter, which was introduced after 1.9.3 was released. Add more XTS test vectors using AES, Serpent, and Twofish. The AES tests come from Brian Gladman's XTS implementation. The Serpent and Twofish tests were generated by botan.
* Remove global variablelloyd2010-01-222-4/+2
|
* Prevent a crash in GMP_Engine if the library is shutdown and thenlloyd2010-01-222-12/+17
| | | | | | | | | | | | | | | | | | | | | | | | | reinitialized. It would cache an Allocator pointer on first use, and then never zero it, so after the reinit the pointer would be going to a now deallocated Allocator object. Encountered in the SoftHSM test suite, reported by Ondrej Sury. Use a simple reference counting scheme to zero the pointer, and reset the GNU MP memory functions. This also fixes a quite obscure and never reported bug, that if the GMP engine was used, and if the library was deinitialized but then the program tried to use GNU MP, the allocator functions would crash. Now after deinit the allocator funcs revert to the defaults. The reference count is not updated atomically so this is not thread safe, but seems a non-issue; the only time this could happen (especially now that the GMP engine header is internal-only) is if multiple threads were attempting to initialize / shutdown the library at once - which won't work anyway for a variety of reasons, including contention on the (unlocked) global_lib_state pointer. If at some point thread safety is useful here, the refcnt can be locked by a mutex, or kept in an atomic<unsigned int>.
* Add SQLite3 encryption codec, contributed by Olivier de Gaalon. Useslloyd2010-01-226-0/+725
| | | | Twofish in XTS mode for encryption by default, but is easily tweakable.
* s/j/i/ in looplloyd2010-01-211-2/+2
|
* Inline debug funcs to debug.h, make print_vec a template on the base typelloyd2010-01-213-38/+15
|
* Add OID for Serpent/CBClloyd2010-01-191-0/+1
|
* Add SIMD version of Noekeon. On a Core2, about 2.7x faster using SIMD_SSE2lloyd2010-01-125-1/+207
| | | | and 1.6x faster using SIMD_Scalar.
* Kill unneeded includelloyd2010-01-121-1/+0
|
* Add operator& and non-mutating rotates to SIMD_32lloyd2010-01-124-0/+34
|
* Add block cipher cascadelloyd2010-01-114-0/+163
|
* Remove catch clauses made redundant by inheritence changes in exception ↵lloyd2010-01-081-5/+0
| | | | hierarchy.
* merge of 'bf0e5684d8ba5fb0a21cdcd11d26995cbb250c4a'lloyd2010-01-0728-136/+80
|\ | | | | | | and 'e30a741f6014987e9683842ede22c44b2db03c56'
| * Clean up exceptions. Remove some unused ones like Config_Error. Makelloyd2010-01-0528-136/+80
| | | | | | | | | | | | | | Invalid_Argument just a typedef for std::invalid_argument. Make Botan::Exception a typedef for std::runtime_error. Make Memory_Exhaustion a public exception, and use it in other places where memory allocations can fail.
* | Doxygen commentslloyd2010-01-071-14/+63
| |
* | Use Algorithm_Factory instead of instantiating directly; will allow the uselloyd2010-01-071-10/+14
| | | | | | | | of AES-NI instructions, etc, in the PRNGs.
* | Recognize aes_isa engine, set as high prioritylloyd2010-01-061-4/+6
| |
* | simd_32 should be autoload, not always. Copy+pasted from util's info.txtlloyd2010-01-061-2/+0
|/
* Remove stubs for VIA Padlock support. I have no plans to implement itlloyd2010-01-052-24/+1
| | | | | | and don't even have access to a VIA with AES so could not test it anyway. If someone else wants to do it, then the implementation for AES-NI should provide a good template.
* merge of 'a51f8d7dec78251a3a4ccf162b346c289fc1d72a'lloyd2010-01-045-125/+90
|\ | | | | | | and 'aafa02a299b61c7762ae71dfc429396aa6bd25b3'
| * Remove Exception::set_msg. Inline all exception constructors.lloyd2010-01-045-125/+90
| |
* | Make all parallel block modes 16 blocks widelloyd2010-01-041-4/+4
| |
* | Move Tiger::mix to anon namespace lloyd2010-01-042-14/+17
| |
* | merge of 'aa801db59c03df9f37c4f3e254d88b1ca1f5732d'lloyd2010-01-041-1/+2
|\| | | | | | | and 'c6c0f6c14a5e0163127ceb1c299297450a50b06f'
| * Fix compile; aes engine header is internallloyd2010-01-041-1/+2
| |
* | Remove pshufb-based bswap_4; it causes problems too easily with externallloyd2010-01-041-21/+1
|/ | | | | | application code that wants to use loadstor.h, since that loads bswap.h and if SSSE3 isn't enabled via -march GCC will error out. Doesn't seem to be at all faster than the shuffle-based bswap for SSE2 on a Core2 in any case.
* Add copyright and license notes to pretty much every file that didn't have them,lloyd2009-12-319-21/+29
| | | | | | | | including the examples and self-test code. Most of these files had not copyright/license information at all; since a major point of the examples is to allow users to copy and paste code that already does something they want, an ambigious license is not good.
* Fix POWER6 AltiVec detectionlloyd2009-12-301-0/+1
|
* Oops, it's TARGET_CPU_IS_XXX_FAMILY, not TARGET_IS_XXX_FAMILY.lloyd2009-12-303-7/+7
| | | | Also, fix AltiVec detection on Linux and NetBSD for most G4s.
* Remove BOTAN_DLL from forward decl, not needed and GCC 4.1 warnslloyd2009-12-301-1/+1
|
* Buffered_Filter had virtual functions but not a virtual destructorlloyd2009-12-301-0/+2
|
* Clean up AltiVec detection code. Add (untested) support for OS X AltiVeclloyd2009-12-301-53/+74
| | | | detection.
* Use IS_XXX_FAMILY macros where usefullloyd2009-12-302-4/+3
|
* New macro TARGET_CPU_IS_XXX_FAMILY for XXX = X86, PPC, SPARC, undefinedlloyd2009-12-296-0/+13
| | | | elsewhere currently.
* Mark read/write prefetches as such, instead of read-only prefetchlloyd2009-12-291-1/+1
|
* Add doxygen commentslloyd2009-12-292-12/+52
|
* Fix make doxygenlloyd2009-12-292-2/+2
|
* Cleanuplloyd2009-12-283-15/+0
|
* Kill buf_op - was basically the prototype for Buffering_Filter.lloyd2009-12-283-176/+0
| | | | | | It would be useful in its own right, many other things need to do hashing, but the tr1 dependency kills it right now. Something to revisit in the C++0x branch, perhaps?
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-18 05:55:34 +0000