Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Split base.h into block_cipher.h and stream_cipher.h | lloyd | 2008-11-08 | 63 | -48/+278 |
| | | | | | | It turned out many files were including base.h merely to get other includes (like types.h, secmem.h, and exceptn.h). Those have been changed to directly include the files containing the declarations that code needs. | ||||
* | Move declaration of StreamCipher to stream_cipher.h | lloyd | 2008-11-08 | 11 | -86/+13 |
| | |||||
* | Move hash.h from src/core to src/hash | lloyd | 2008-11-08 | 5 | -132/+20 |
| | | | | Inline constructors for BlockCipher and StreamCipher | ||||
* | Inline BufferedComputation into the header (all functions were very short) | lloyd | 2008-11-08 | 3 | -97/+30 |
| | |||||
* | Move BufferedComputation to new buf_comp.{h,cpp} | lloyd | 2008-11-08 | 13 | -166/+236 |
| | |||||
* | Move mac base classes from src/core to src/mac | lloyd | 2008-11-08 | 3 | -16/+0 |
| | |||||
* | Move declaration of MessageAuthenticationCode base class to mac.h (from base.h) | lloyd | 2008-11-08 | 16 | -55/+73 |
| | |||||
* | Move the declaration of the HashFunction base class to a new header hash.h | lloyd | 2008-11-08 | 28 | -53/+77 |
| | | | | (from base.h) | ||||
* | Remove unneeded include of <memory> | lloyd | 2008-11-08 | 2 | -2/+0 |
| | |||||
* | Split lookup_misc.cpp into lookup_mac.cpp and lookup_s2k.cpp | lloyd | 2008-11-08 | 4 | -180/+162 |
| | |||||
* | Split def_alg.cpp into lookup_{cipher,hash,misc}.cpp | lloyd | 2008-11-08 | 4 | -308/+394 |
| | |||||
* | In Makefiles and pkg-config / botan-config, use -lbotan-@{var:version} | lloyd | 2008-11-07 | 4 | -4/+4 |
| | | | | | | | | so we link against the specific intended version of the library, for instance -lbotan-1.7.20 rather than simply -lbotan This again seems especially an improvement where you want more than one version installed (1.6 vs 1.7, for instance). | ||||
* | Don't hard code name in botan-config.in | lloyd | 2008-11-07 | 1 | -1/+1 |
| | |||||
* | Cache device descriptors in Device_EntropySource | lloyd | 2008-11-07 | 2 | -34/+45 |
| | |||||
* | In HMAC_RNG, periodically fast poll a source while operating normally. | lloyd | 2008-11-07 | 2 | -46/+32 |
| | | | | | Generate new XTS (extractor salt) values using PRF outputs rather than the clock. | ||||
* | HMAC_RNG will only check to see if it should reseed once per call | lloyd | 2008-11-07 | 1 | -60/+47 |
| | | | | | | | | | | | | to randomize(), at the start of the function. After that it will generate as many outputs as needed. The counter cannot overflow, as only up to 2**32 bytes can be requested per call to RandomNumberGenerator::randomize, wheras HMAC_RNG can generate 32 bytes (256 bits) per counter value and uses a 32-bit counter. The PRF is 'stepped' once after the call to RandomNumberGenerator::randomize is completed. This reduces the window of exposure to data that was already output for use by the RNG. | ||||
* | Swap workspace and prod vars in botan-config.in, easier to enable workspace use | lloyd | 2008-11-07 | 1 | -5/+5 |
| | |||||
* | Reformat for shorter lines | lloyd | 2008-11-07 | 2 | -6/+19 |
| | |||||
* | Add a check for empty string in CMS_Encoder::can_compress_with (mostly to ↵ | lloyd | 2008-11-07 | 1 | -0/+3 |
| | | | | avoid warning) | ||||
* | Provide pkg-config file as botan-$major$minor.pc, so it can be used like: | lloyd | 2008-11-06 | 2 | -5/+5 |
| | | | | | | | $ pkg-config botan-17 --libs -L/usr/local/lib -lbotan -lm -lpthread -lrt to make it easier to have multiple versions of Botan installed and in use at the same time. | ||||
* | Fix zlib macro check | lloyd | 2008-11-06 | 1 | -7/+7 |
| | |||||
* | Disable final upper bound limit since the min takes care of it | lloyd | 2008-11-06 | 1 | -5/+1 |
| | |||||
* | Move Entropy_Estimator to utils/entropy.h (from anon namespace in HMAC_RNG | lloyd | 2008-11-06 | 8 | -101/+157 |
| | | | | | implementation), remove freestanding estimate_entropy function, change Randpool to use entropy estimator. | ||||
* | In Salsa20, move the state counter increment out of core salsa20() function | lloyd | 2008-11-06 | 1 | -5/+10 |
| | |||||
* | Add a comment about trying non-precomputed LSFR offsets (it was significantly | lloyd | 2008-11-06 | 1 | -9/+16 |
| | | | | | slower on my machine). Some formatting changes. Make OFFSETS table static const. | ||||
* | Add fast_poll implementation | lloyd | 2008-11-04 | 2 | -3/+12 |
| | |||||
* | Use Opteron as default submodel, otherwise bogus GCC flags if only arch ↵ | lloyd | 2008-11-04 | 1 | -1/+1 |
| | | | | detected (as on FreeBSD) | ||||
* | Disable x86-64 SHA-1 asm for FreeBSD. FreeBSD 7.0 at least did not like | lloyd | 2008-11-04 | 1 | -1/+0 |
| | | | | the current version. | ||||
* | Formatting | lloyd | 2008-11-03 | 1 | -2/+9 |
| | |||||
* | Formatting | lloyd | 2008-11-03 | 1 | -19/+18 |
| | |||||
* | Remove unused entries from offsets table | lloyd | 2008-11-03 | 1 | -22/+26 |
| | |||||
* | Remove more indexing problems from Turing::generate. Benchmarks 306 MiB/sec ↵ | lloyd | 2008-11-03 | 1 | -21/+17 |
| | | | | on Q6600 | ||||
* | Further simplify indexing in Turing::generate - slightly faster, but not yet ↵ | lloyd | 2008-11-03 | 1 | -18/+20 |
| | | | | at 300 MiB/s | ||||
* | Start simplifying Turing::generate | lloyd | 2008-11-03 | 1 | -5/+9 |
| | |||||
* | Remove old commented out code | lloyd | 2008-11-03 | 1 | -9/+0 |
| | |||||
* | Inline more of Turing::generate | lloyd | 2008-11-03 | 3 | -70/+68 |
| | |||||
* | Avoid using get_byte in Turing::generate. On my Q6600, went from | lloyd | 2008-11-03 | 1 | -8/+5 |
| | | | | | 255 MiB/s to 289 MiB/s (13% faster), mostly because this allows use of asm bswap and fast word<->byte conversions. | ||||
* | In HMAC_RNG, force a reseed after 8192 blocks | lloyd | 2008-10-28 | 1 | -0/+3 |
| | |||||
* | Clear K after new PRK is generated. | lloyd | 2008-10-28 | 1 | -4/+7 |
| | |||||
* | Set the default XTS (ASCII value of "Botan HMAC_RNG XTS") only once, in | lloyd | 2008-10-28 | 1 | -86/+92 |
| | | | | | | | the constructor. This avoids repeatedly resetting it for each reseed, if HMAC_RNG is used without entropy sources and using only application-provided entropy. Very slightly more efficient and also the code for reseed becomes a bit clearer. | ||||
* | Wrap lines to 80 columns | lloyd | 2008-10-28 | 10 | -30/+54 |
| | |||||
* | Modify AutoSeeded_RNG to use HMAC_RNG instead of Randpool, if HMAC_RNG is | lloyd | 2008-10-28 | 2 | -5/+20 |
| | | | | | | | | available in the build. If neither is avilable, the constructor will throw an exception. As before, the underlying RNG will be wrapped in an X9.31 PRNG using AES-256 as the block cipher (if X9.31 is enabled in the build). | ||||
* | Add HMAC_RNG, which is an RNG design based on Hugo Krawczyk's paper | lloyd | 2008-10-28 | 3 | -0/+403 |
| | | | | | | | | "On Extract-then-Expand Key Derivation Functions and an HMAC-based KDF". While it has much smaller state than Randpool (256-512 bits, typically, versus 4096 bits commonly used in Randpool), the more formal design analysis seems attractive (and realistically if the RNG can manage to contain 256 bits of conditional entropy, that is more than sufficient). | ||||
* | In ANSI_X931_RNG::reseed, only attempt to reseed the X9.31 state if | lloyd | 2008-10-28 | 1 | -7/+10 |
| | | | | the underlying PRNG's reseed was a success. | ||||
* | Substantially change Randpool's reseed logic. Now when a reseed | lloyd | 2008-10-27 | 19 | -34/+107 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | is requested, Randpool will first do a fast poll on each entropy source that has been registered. It will count these poll results towards the collected entropy count, with a maximum of 96 contributed bits of entropy per poll (only /dev/random reaches this, others measure at 50-60 bits typically), and a maximum of 256 for sum contribution of the fast polls. Then it will attempt slow polls of all devices until it thinks enough entropy has been collected (using the rather naive entropy_estimate function). It will count any slow poll for no more than 256 bits (100 or so is typical for every poll but /dev/random), and will attempt to collect at least 512 bits of (estimated/guessed) entropy. This tends to cause Randpool to use significantly more sources. Previously it was common, especially on systems with a /dev/random, for only one or a few sources to be used. This change helps assure that even if /dev/random and company are broken or compromised the RNG output remains secure (assuming at least some amount of entropy unguessable by the attacker can be collected via other sources). Also change AutoSeeded_RNG do an automatic poll/seed when it is created. | ||||
* | TLS_PRF also depends on MD5 and SHA1, was not so marked | lloyd | 2008-10-26 | 1 | -0/+2 |
| | |||||
* | In KDF instead of lookup, instantiate fixed hashes (MD5, SHA-1) directly | lloyd | 2008-10-26 | 4 | -21/+24 |
| | |||||
* | Remove lookup.h use from OpenPGP S2K | lloyd | 2008-10-26 | 3 | -23/+14 |
| | |||||
* | Make S2K base class non-copyable and non-assignable by default (use clone ↵ | lloyd | 2008-10-26 | 1 | -0/+3 |
| | | | | instead) | ||||
* | Move EntropySource base class to new entropy_src.h (which allows the ↵ | lloyd | 2008-10-26 | 15 | -28/+76 |
| | | | | | | implementations to decouple from knowing about RandomNumberGenerator). |