Newer
Older
Check for openssl's libcrypto (for benchmarking).
2002-05-16 Niels Mller <nisse@cuckoo.hack.org>
* sparc/aes.asm: Deleted registers i and t3.
(_aes_crypt): Moved some registers around. We now use input
registers only for arguments, local registers for loop invariants,
output registers for temporaries and loop variables, and no global
registers at all.
* sparc/aes.asm (AES_FINAL_ROUND): New macro.
(_aes_crypt): Use AES_FINAL_ROUND for the first word if the final
(_aes_crypt): And for the rest of the final round.
(AES_FINAL_ROUND): Don't update dst, just access it offseted by i.
(_aes_crypt): Add 16 to dst at the end of the final round.
(AES_ROUND): Use ldub, not ld + and, to get the third byte
of wtxt.
(AES_ROUND): Use ldub, not lduh + and, to get the second
byte of a word.
(AES_ROUND): Reordered instructions, so that we can save one
(AES_ROUND): Eliminated use of t3.
(AES_FINAL_ROUND): Eliminated ands.
(AES_FINAL_ROUND): Reordered, so that we can save one register.
(AES_FINAL_ROUND): Eliminated t3.
(AES_LOAD): New macro.
(_aes_crypt): Unrolled source loop.
(_aes_crypt): Use AES_LOAD macro.
(_aes_crypt): Deleted cruft from the old source loop.
(AES_LOAD): Eliminated t3.
2002-05-15 Niels Mller <nisse@cuckoo.hack.org>
* sparc/aes.asm (AES_ROUND): New macro.
(_aes_crypt): Use AES_ROUND for first word of the
round function.
(_aes_crypt): And for the rest of the round function.
* sparc/aes.asm (_aes_crypt): Deleted a bunch of additions,
after accessing IDX1.
* aes-internal.h (struct aes_table): sparc_idx[0] should now
contain index values shifted by the size of a word, and with 2
added. This saves some additions in the sparc assembler code.
Updates aes-encrypt-table.c and aes-decrypt-table.c.
* sparc/aes.asm (_aes_crypt): Unrolled final loop, preparing for
(_aes_crypt): Eliminated i from forst copy of the loop. Some
(_aes_crypt): And from second copy.
(_aes_crypt): And from third.
(_aes_crypt): And fourth.
(_aes_crypt): Eliminated updates of i from the loop.
(_aes_crypt): Access IDX1 and IDX3 through the T pointer, saving
two registers.
* aes-internal.h (struct aes_table): Renamed the shift_idx field
to sparc_idx, as it will be tweaked to improve the sparc code.
Also reduced its size to [2][4].
(IDX_FACTOR): Deleted constant.
* aes-encrypt-table.c (_aes_encrypt_table): Adapted initializer of
* aes-decrypt-table.c (_aes_decrypt_table): Likewise.
* asm.m4: Deleted AES_SIDX2, to match struct aes_table.
* sparc/aes.asm (_aes_crypt): Unrolled the inner loop, preparing
for optimizations suggested by Marcus Comstedt.
(_aes_crypt): Eliminated i from the first copy of the inner loop.
(_aes_crypt): And from the second copy.
(_aes_crypt): And from the third copy.
(_aes_crypt): And from the fourth copy.
(_aes_crypt): Renamed .Linner_loop to .Lround_loop.
(_aes_crypt): Eliminated the loop variable i from the unrolled
(_aes_crypt): Deleted moves of constants into t2.
* x86/aes-encrypt.asm (aes_encrypt): Use AES_SUBST_BYTE.
* x86/aes-decrypt.asm (aes_decrypt): Likewise.
(aes_decrypt): Use AES_STORE.
(aes_decrypt): Deleted first xchgl instruction into, permuting the
AES_ROUND calls instead.
(aes_decrypt): Likewise for the final round.
(aes_decrypt): Got rid if the xchgl instruction after the final
round, folding it into the final round.
* x86/machine.m4: Renamed AES_LAST_ROUND to AES_FINAL_ROUND.
* x86/aes-decrypt.asm (aes_decrypt): Use the AES_LOAD macro.
(aes_decrypt): Start using AES_ROUND.
(aes_decrypt): Use AES_LAST_ROUND.
* x86/aes-decrypt.asm (aes_decrypt): Moved function to a separate
* x86/aes.asm: ... from here.
* x86/aes.asm (aes_decrypt): Use _aes_decrypt_table instead of
itbl1-4. Commented out the inclusion of aes_tables.asm.
(aes_decrypt): Use _aes_decrypt_table instead of isbox.
* x86/aes-decrypt.asm: New file, empty at the start.
* Makefile.am (libnettle_a_SOURCES): Added aes-decrypt-table.c.
* aes-decrypt.c (_aes_decrypt_table): Moved from this file...
* aes-decrypt-table.c (_aes_decrypt_table): ... to a new file.
* testsuite/aes-test.out: New file, with the output of
testsuite/aes-test, when aes.c has been compiled with debugging
printouts of intermediate state.
2002-05-15 Niels Mller <nisse@cuckoo.hack.org>
* sparc/aes.asm: (_aes_crypt): Restore %fp at end of function, to
make %fp available for other uses.
* sparc/aes.asm: The frame setup was broken. Tried to fix it.
Reverted to revision 1.70 + minor changes from the head revision.
* x86/aes-encrypt.asm (aes_encrypt): Use test instead of cmpl $0,.
* x86/machine.m4 (AES_SUBST_BYTE): New macro.
* sparc/aes.asm: wtxt needs no register of it's own, as its
pointed to by %sp. %g5 moved to %l0, the register previously
allocated for wtxt, so that we stay clean of the reserved %g
registers.
2002-05-14 Niels Mller <nisse@cuckoo.hack.org>
* sparc/aes.asm: Avoid using %g6 and %g7, as they are reserved for
operating sytem use. Use %i5 and %o7 instead. Also moved %g4 to %g1.
(_aes_crypt): Allocate only 32 bytes local storage on the stack.
Calculate wtxt and tmp using offsets from %sp, not %fp.
* x86/aes-encrypt.asm (aes_encrypt): Replaced first quarter of the
round function with an invocation of AES_ROUND.
(aes_encrypt): Similarly for the second column.
(aes_encrypt): Similarly for the rest of the round function.
* x86/machine.m4 (AES_ROUND): New macro.
* x86/aes-encrypt.asm (aes_encrypt): Use AES_LOAD macro.
* x86/machine.m4 (AES_LOAD): New macro.
* x86/aes-encrypt.asm (aes_encrypt): Use AES_STORE.
* x86/machine.m4 (AES_STORE): New macro.
* x86/aes-encrypt.asm (aes_encrypt): Use the AES_LAST_ROUND macro
for the first column of the final round.
(aes_encrypt): Similarly for the second column.
(aes_encrypt): Similarly for the third and fourth column.
(aes_encrypt): Deleted xchgl instruction in final round, by
reordering the second and fourth round.
* x86/machine.m4 (AES_LAST_ROUND): New macro.
* x86/aes-encrypt.asm (aes_encrypt): Move code here...
* x86/aes.asm: Use addl and subl, not add and sub. Replaced
references to dtbl1-4 with references to _aes_encrypt_table.
* configure.ac (asm_path): Enable x86 assembler.
* x86/aes.asm (aes_decrypt): Adapted to the current interface.
Notably, the order of the subkeys was reversed. Single block
encrypt/decrypt works now.
(aes_encrypt, aes_decrypt): Added an outer loop, so that we can
encrypt more than one block at a time.
2002-05-07 Niels Mller <niels@s3.kth.se>
* configure.ac: Generate config.m4.
* x86/aes.asm: Use C for comments, include the tables using
include_src, and commented out the key setup functions.
Fixed the processing of the first handling of the round function.
Now, encryption of a single block works! Multiple blocks, and
decryption, is still broken.
* x86/machine.m4: New file (empty).
* x86/aes-encrypt.asm: New file, empty for now.
* Makefile.am (%.asm): Added asm.m4, machine.m4 and config.m4 to
the m4 command line.
(libnettle_a_SOURCES): Added aes-encrypt-table.c.
* sparc/aes.asm: No need to include asm.m4, that is taken care of
* config.m4.in: New file, configuration for asm.m4.
* asm.m4 (C, include_src): New macros.
* aes-encrypt-table.c: New file, table moved out from
2002-05-06 Niels Mller <niels@s3.kth.se>
* configure.ac (CFLAGS): Don't enable -Waggregate-return.
2002-05-05 Niels Mller <nisse@lysator.liu.se>
* configure.ac: Pass no arguments to AM_INIT_AUTOMAKE.
2002-05-05 Niels Mller <nisse@cuckoo.hack.org>
* configure.ac: Update for automake-1.6.
* configure.ac: Renamed file, used to be configure.in.
2002-03-20 Niels Mller <nisse@cuckoo.hack.org>
* testsuite/run-tests (test_program): Added missing single quote.
2002-03-20 Niels Mller <nisse@lysator.liu.se>
* testsuite/run-tests (test_program): Test the exit status of the
right process.
2002-03-19 Pontus Skld <pont@it.uu.se>
* testsuite/run-tests: Removed /bin/bashisms to use with /bin/sh.
2002-03-18 Niels Mller <nisse@cuckoo.hack.org>
* rsa-keygen.c (rsa_generate_keypair): Output a newline after a
non-empty line of 'e':s (bad e was chosen, try again).
2002-03-16 Niels Mller <nisse@cuckoo.hack.org>
* configure.in (asm_path): AC_CONFIG_LINKS adds $srcdir
2002-03-14 Niels Mller <nisse@cuckoo.hack.org>
* sparc/aes.asm, x86/aes.asm: Added copyright notice.
* Makefile.am (libnettle_a_SOURCES): Added aes-internal.h.
(EXTRA_DIST): Added assembler files.
* configure.in (asm_path): Use $srcdir when looking for the files.
* configure.in (asm_path): For now, disable x86 assembler code.
3258
3259
3260
3261
3262
3263
3264
3265
3266
3267
3268
3269
3270
3271
3272
3273
3274
3275
3276
3277
3278
3279
3280
3281
3282
3283
3284
3285
3286
3287
3288
3289
3290
3291
3292
3293
3294
3295
2002-02-25 Niels Mller <nisse@cuckoo.hack.org>
* sparc/aes.asm (_aes_crypt): Moved increment of src into the
source_loop. Also fixed stop condition, the loop was run 5 times,
not 4, as it should.
(_aes_crypt): Use src directly when accessing the source data,
don't use %o5.
(_aes_crypt): Renamed variables in source_loop.
(_aes_crypt): Changed stop condition in source_loop to not depend
on i. Finally reduced the source_loop to 16 instructions. Also
increased the alignment of the code to 16.
(_aes_crypt): In final_loop, use preshifted indices.
(_aes_crypt): In final_loop, construct the result in t0. Use t0-t3
for intermediate values.
(_aes_crypt): In final_loop, use the register idx.
(_aes_crypt): In final_loop, keep i multiplied by 4. Use key to
get to the current roundkey.
(_aes_crypt): In final_loop, use i for indexing.
(_aes_crypt): Update dst in the output loop. This yields a delay
slot that isn't filled yet.
(_aes_crypt): Decrement round when looping, saving yet some
instructions.
(_aes_crypt): Reformatted code as blocks of four instructions
each.
(_aes_crypt): Copy the addresses of the indexing tables into
registers at the start. No more need for the idx register.
(_aes_crypt): Deleted idx register.
(_aes_crypt): Some peep hole optimizations, duplicating some
instructions to fill nop:s, and put branch instructions on even
word addresses.
2002-02-22 Niels Mller <nisse@cuckoo.hack.org>
* sparc/aes.asm (_aes_crypt): Moved some more additions out of the
inner loop, using additional registers.
(_aes_crypt): Deleted one more addition from the inner loop, by
using the subkey pointer.
2002-02-19 Niels Mller <nisse@cuckoo.hack.org>
* configure.in (asm_path): Renamed "path" to "asm_path". Also look
for a machine.m4.
2002-02-16 Niels Mller <nisse@cuckoo.hack.org>
* sparc/aes.asm: Use that IDX2(j) == j ^ 2
* Makefile.am (libnettle_a_SOURCES): Reordered aes-decrypt.c and
aes-encrypt.c. For some strange reason it makes the benchmark go
3308
3309
3310
3311
3312
3313
3314
3315
3316
3317
3318
3319
3320
3321
3322
3323
3324
3325
3326
3327
3328
3329
3330
3331
3332
3333
3334
* sparc/aes.asm (_aes_crypt): Use double-buffering, and no
separate loop for adding the round key.
(round): Keep round index muliplied by 16, so it can be used
directly for indexing the subkeys.
(_aes_crypt): In the final loop, use ctx+round to access the
subkeys, no need for an extra register.
2002-02-15 Niels Mller <nisse@cuckoo.hack.org>
* sparc/aes.asm (_aes_crypt): Renaming variables, allocating
locals starting from %l0.
(_aes_crypt): Consistently use %l4, aka i, as the variable for the
innermost loops.
(_aes_crypt): Moved reading of ctx->nrounds out of the loop.
(_aes_crypt): In final_loop, deleted a redundant mov, and use i as
loop variable.
(_aes_crypt): Started renumbering registers in the inner loop. The
computation for the table[j] sub-expression should be kept in
register %o[j].
(_aes_crypt): Renamed more variables in the inner loop. Now the
primary variables are t0, t1, t2, t3.
* sparc/aes.asm (_aes_crypt): Swapped register %i0 and %o5, %i1
and %o0, %i2 and %o4, %i3 and %o3, %i4 and %o2.
(_aes_crypt): wtxt was stored in both %l1 and %l2 for the entire
function. Freed %l2 for other uses.
(_aes_crypt): Likewise for tmp, freeing register %o1.
3336
3337
3338
3339
3340
3341
3342
3343
3344
3345
3346
3347
3348
3349
3350
3351
3352
3353
3354
3355
3356
3357
3358
3359
3360
3361
3362
3363
3364
3365
3366
3367
3368
3369
3370
* sparc/machine.m4: New file, for sparc-specific macros.
* sparc/aes.asm (_aes_crypt): Hacked the source_loop, to get rid
of yet another redundant loop variable, and one instruction.
(_aes_crypt): Strength reduce loop variable in the
inner loop, getting rid of one register.
(_aes_crypt): Use pre-shifted indices (aes_table.idx_shift), to
avoid some shifts in the inner loop.
(_aes_crypt): Don't check for nrounds==0 at the start of the loop.
* asm.m4: Define and use structure-defining macros.
* Makefile.am (%.asm): Use a GNU pattern rule, to make %.o depend
on both %.asm and asm.m4.
* aes-internal.h (struct aes_table): New subtable idx_shift.
Updated tables in aes_encrypt.c and aes_decrypt.c.
* asm.m4: Use eval to compute values.
* sparc/aes.asm (_aes_crypt): Deleted commented out old version of
the code.
* asm.m4: Added constants for individual rows of the aes table.
* aes.c (IDX0, IDX1, IDX2, IDX3): New macros, encapsualting the
structure of the idx table.
* asm.m4: Define various aes struct offsets.
* testsuite/cbc-test.c (test_cbc_bulk): Use aes_set_encrypt_key
and aes_set_decrypt_key.
* sparc/aes.asm (_aes_crypt): Use symbolic names for the fucntion
2002-02-14 Niels Mller <nisse@cuckoo.hack.org>
* sparc/aes.asm: Copied gcc assembler code for _aes_crypt.
* aesdata.c: New program for generating AES-related tables.
* testsuite/testutils.c (print_hex): New function (moved from
* testsuite/rsa-keygen-test.c (progress): Declare the ctx argument
as UNUSED.
* testsuite/cbc-test.c (test_cbc_bulk): New function, testing CBC
with larger blocks.
* yarrow256.c: Replaced uses of aes_set_key with
* nettle-meta.h (_NETTLE_CIPHER_SEP): New macro, useful for
algorithms with separate encyption and decryption key setup.
* aes-internal.h (struct aes_table): New structure, including all
constant tables needed by the unified encryption or decryption
function _aes_crypt.
* aes.c (_aes_crypt): New function, which unifies encryption and
decryption.
AES key setup now uses two separate functions for setting
encryption and decryption keys. Applications that don't do
decryption need no inverted subkeys and no code to generate them.
Similarly, the tables (about 4K each for encryption and
decryption), are put into separate files.
* aes.h (struct aes_ctx): Deleted space for inverse subkeys. For
decryption, the inverse subkeys replace the normal subkeys, and
* aes-set-key.c (aes_set_key): Deleted file, code moved...
* aes-set-decrypt-key.c, aes-set-encrypt-key.c: New files,
separated normal and inverse key setup.
* aes-tables.c: Deleted, tables moved elsewhere...
* aes-encrypt.c, aes-decrypt.c: New files; moved encryption and
decryption funktions, and needed tables, into separate files.
2002-02-13 Niels Mller <nisse@cuckoo.hack.org>
* aes.c (aes_encrypt): Don't unroll the innerloop.
(aes_encrypt): Don't unroll the loop for the final round.
(aes_decrypt): Likewise, no loop unrolling.
* aes-set-key.c (aes_set_key): Reversed the order of the inverted
subkeys. They are now stored in the same order as they are used.
* aes-tables.c (itable): New bigger table, generated by aesdata.c.
* aes.c (aes_decrypt): Rewrote to use the bigger tables.
2002-02-12 Niels Mller <nisse@cuckoo.hack.org>
* aes.c (aes_encrypt): Interleave computation and output in the
final round.
* aes-internal.h (AES_SMALL): New macro.
* aes.c (aes_encrypt): Optionally use smaller rotating inner loop.
* aes-tables.c (dtbl): Replaced with table generated by aesdata.
* aes.c (aes_encrypt): Rewrite, now uses larger tables in order to
avoid rotates.
* sparc/aes.asm (aes_encrypt): Strength reduced on j, getting rid
of one register and one instruction in the inner loop.
* sparc/aes.asm (idx, aes_encrypt): Multiplied tabled values by 4,
making it possible to get rid of some shifts in the inner loop.
* configure.in: Fixed spelling of --enable-assembler. Commented
out debug echo:s.
* asm.m4: New file. For now, only doing changequote and changecom.
* sparc/aes.asm (aes_encrypt): Added comments.
(aes_encrypt): Cut off redundant instruction per block, also
saving one redundant register pointing to idx.
(idx_row): New macro. Include asm.m4.
2002-02-11 Niels Mller <nisse@cuckoo.hack.org>
* sparc/aes.asm (key_addition_8to32): Cleaned up.
Deleted gcc-generated debugging information.
* sparc/aes.asm (key_addition32): First attempt at optimization.
Made it slower ;-)
* sparc/aes.asm (key_addition32): Unrolled loop, gained 4%
speed, payed four instructions compared to gcc
* Makefile.am (.asm.o): New rule for assembling via m4.
(libnettle_a_SOURCES): Added new rsa and aes files.
* configure.in: New command line option --enable-assembler.
Selects assembler code depending on the host system.
* rsa-decrypt.c, rsa-encrypt.c: New files for rsa pkcs#1
* aes-set-key.c, aes-tables.c: New files, split off from aes.c.
Tables are now not static, but use a _aes_ prefix on their names.
* cast128-meta.c (_NETTLE_CIPHER_FIX): Use _NETTLE_CIPHER_FIX.
* cbc.c (cbc_decrypt_internal): New function, doing the real CBC
procesing and requiring that src != dst.
(cbc_decrypt): Use cbc_decrypt_internal. If src == dst, use a
buffer of limited size to copy the ciphertext.
* nettle-internal.c (nettle_blowfish128): Fixed definition, with
key size in bits.
* nettle-meta.h (_NETTLE_CIPHER_FIX): New macro, suitable for
ciphers with a fixed key size.
* examples/nettle-benchmark.c (display): New function for
displaying the results, including MB/s figures.
* sparc/aes.asm: New file. Not yet tuned in any way (it's just the
code generated by gcc).
2002-02-11 Niels Mller <nisse@lysator.liu.se>
* x86/aes.asm, x86/aes_tables.asm: New assembler implementation by
2002-02-06 Niels Mller <nisse@cuckoo.hack.org>
Applied patch from Dan Egnor improving the base64 code.
* base64.h (BASE64_ENCODE_LENGTH): New macro.
(struct base64_ctx): New context struct, for decoding.
(BASE64_DECODE_LENGTH): New macro.
* base64.c (base64_decode_init): New function.
(base64_decode_update): New function, replacing base64_decode.
Takes a struct base64_ctx argument.
* nettle-meta.h: Updated nettle_armor, and related typedefs and
* testsuite/testutils.c (test_armor): Updated.
* configure.in: Use AC_PREREQ(2.50).
2002-02-01 Niels Mller <nisse@cuckoo.hack.org>
* Released nettle-1.5.
2002-01-31 Niels Mller <nisse@cuckoo.hack.org>
* acinclude.m4: Commented out gmp-related macros, they're probably
not needed anymore.
2002-01-31 Niels Mller <nisse@lysator.liu.se>
* configure.in: Added command line options --with-lib-path and
--with-include-path. Use the RPATH-macros to get correct flags for
linking the test programs with gmp.
* acinclude.m4: New file.
2002-01-31 Niels Mller <nisse@cuckoo.hack.org>
* nettle.texinfo (Randomness): New subsection on Yarrow.
2002-01-30 Niels Mller <nisse@cuckoo.hack.org>
* nettle.texinfo (Randomness): New chapter.
Spell checking and ispell configuration.
* md5.c: Added reference to RFC 1321.
2002-01-24 Niels Mller <nisse@cuckoo.hack.org>
* nettle.texinfo (Public-key algorithms): Minor fixes.
2002-01-22 Niels Mller <nisse@cuckoo.hack.org>
* nettle.texinfo (Nettle soup): New chapter.
(Hash functions): New subsection on struct nettle_hash.
(Hash functions): New subsection on struct nettle_cipher.
(Keyed hash functions): New section, describing MAC:s and HMAC.
* testsuite/testutils.c (test_armor): New function.
* testsuite/base64-test.c: New testcase.
* testsuite/Makefile.am (TS_PROGS): Added base64-test.
* nettle-meta.h (struct nettle_armor): New struct.
* configure.in: Bumped version to 1.5.
* Makefile.am (libnettle_a_SOURCES): Added base64 files, and some
missing header files.
* base64.c, base64.h, base64-meta.c: New files, hacked by Dan
3582
3583
3584
3585
3586
3587
3588
3589
3590
3591
3592
3593
3594
3595
3596
3597
3598
3599
3600
3601
3602
3603
3604
3605
3606
3607
3608
3609
3610
3611
2002-01-16 Niels Mller <nisse@cuckoo.hack.org>
* testsuite/yarrow-test.c: Deleted ran_array code, use
knuth-lfib.h instead.
* testsuite/testutils.c (test_rsa_md5, test_rsa_sha1): Moved
functions here...
* testsuite/rsa-test.c: ...from here.
* testsuite/rsa-keygen-test.c: New file.
* testsuite/knuth-lfib-test.c: New file.
* Makefile.am (libnettle_a_SOURCES): Added knuth-lfib.c and
rsa-keygen.c.
* rsa-keygen.c: New file.
* rsa.h (RSA_MINIMUM_N_OCTETS): New constant.
(RSA_MINIMUM_N_BITS): New constant.
(nettle_random_func, nettle_progress_func): New typedefs. Perhaps
they don't really belong in this file.
(rsa_generate_keypair): Added progress-callback argument.
* macros.h (READ_UINT24, WRITE_UINT24, READ_UINT16, WRITE_UINT16):
New macros.
* knuth-lfib.c, knuth-lfib.h: New files, implementing a
non-cryptographic prng.
2002-01-15 Niels Mller <nisse@cuckoo.hack.org>
* hmac-sha1.c: New file.
2002-01-14 Niels Mller <nisse@cuckoo.hack.org>
* testsuite/hmac-test.c (test_main): Added hmac-sha1 test cases.
* rsa.c (rsa_init_private_key, rsa_clear_private_key): Handle d.
* rsa.h (struct rsa_private_key): Reintroduced d attribute, to be
used only for key generation output.
(rsa_generate_keypair): Wrote a prototype.
* Makefile.am (libnettle_a_SOURCES): Added hmac-sha1.c and
* des.c: Use static const for all tables.
(des_set_key): Use a new const * variable for the parity
procesing, for constness reasons.
* list-obj-sizes.awk: New file.
* nettle-internal.c, nettle-internal.h: New files.
* testsuite/Makefile.am (TS_PROGS): Added hmac-test. Deleted old
* testsuite/testutils.h (LDATA): Moved this macro here,...
* testsuite/rsa-test.c: ... from here.
* testsuite/hmac-test.c: New file.
* hmac.h: General cleanup. Added declarations of hmac-md5,
hmac-sha1 and hmac-sha256.
* hmac.c: Bug fixes.
* hmac-md5.c: First working version.
* Makefile.am (libnettle_a_SOURCES): Added hmac.c and hmac-md5.c.
(libnettleinclude_HEADERS): Added hmac.h.
* testsuite/rsa-test.c: Also test a 777-bit key.
* rsa.c (rsa_check_size): Changed argument to an mpz_t. Updated
(rsa_prepare_private_key): Compute the size of the key by
computing n = p * q.
* rsa-compat.c: Adapted to new private key struct.
* rsa_md5.c: Likesize.
* rsa_sha1.c: Likesize.
* rsa.c (rsa_check_size): New function, for computing and checking
the size of the modulo in octets.
(rsa_prepare_public_key): Usa rsa_check_size.
(rsa_init_private_key): Removed code handling n, e and d.
(rsa_clear_private_key): Likewise.
(rsa_compute_root): Always use CRT.
* rsa.h (struct rsa_private_key): Deleted public key and d from
the struct, as they are not needed. Added size attribute.
2002-01-12 Niels Mller <nisse@cuckoo.hack.org>
* Makefile.am: Added *-meta files.
* rsa.c (rsa_init_public_key): New function.
(rsa_clear_public_key): Likewise.
(rsa_init_private_key): Likewise.
(rsa_clear_private_key): Likewise.
* aes-meta.c: New file.
* arcfour-meta.c: New file.
* cast128-meta.c: New file.
* serpent-meta.c: New file.
* twofish-meta.c: New file.
* examples/nettle-benchmark.c: Use the interface in nettle-meta.h.
2002-01-11 Niels Mller <nisse@cuckoo.hack.org>
Don't use m4 for generating test programs, it's way overkill. Use
the C preprocessor instead.
* testsuite/*-test.c: New file.
* hmac.c, hmac.h, hmac-md5.c: New files.
Defined structures describing the algoriths. Useful for code that
wants to treat an algorithm as a black box.
* nettle-meta.h, md5-meta.c, sha1-meta.c, sha256-meta.c: New
2002-01-09 Niels Mller <nisse@cuckoo.hack.org>
* rsa-compat.c: Updated for new md5 and rsa conventions.
* rsa_md5.c: Represent a signature as an mpz_t, not a string.
Updated calls of md5 functions.
* rsa_sha1.c: Likewise.
* rsa.c (rsa_prepare_public_key): Renamed function, was
(rsa_prepare_private_key): Renamed function, was
* nettle.texinfo (Hash functions): Update for the changed
interface without *_final. Document sha256.
* testsuite/md5-test.m4, testsuite/sha1-test.m4,
testsuite/sha256-test.m4, testsuite/yarrow-test.c: Updated for new
hash function interface.
* yarrow256.c: Removed calls of sha256_final and and some calls of
sha256_init.
* md5-compat.c (MD5Final): Call only md5_digest.
* md5.c (md5_digest): Call md5_final and md5_init.
(md5_final): Declared static.
sha1.c, sha256.c: Analogous changes.
* bignum.c (nettle_mpz_get_str_256): Declare the input argument
2001-12-14 Niels Mller <nisse@cuckoo.hack.org>
* Makefile.am (EXTRA_DIST): Added $(des_headers). Changed
dependencies for $(des_headers) to depend only on the source file
2001-12-12 Niels Mller <nisse@cuckoo.hack.org>
* testsuite/yarrow-test.c (main): Updated testcase to match fixed
generator. Send verbose output to stdout, not stderr.
* yarrow256.c (yarrow_slow_reseed): Bug fix, update the fast pool
with the digest of the slow pool.
(yarrow256_init): Initialize seed_file and counter to zero, to
2001-12-07 Niels Mller <nisse@cuckoo.hack.org>
* bignum.c (nettle_mpz_get_str_256): Fixed handling of leading
2001-12-05 Niels Mller <nisse@cuckoo.hack.org>
* testsuite/yarrow-test.c (main): Updated test to match the fixed
key event estimator.
* yarrow_key_event.c (yarrow_key_event_estimate): Fixed handling
* nettle.texinfo (Copyright): Say that under certain
circumstances, Nettle can be used as if under the LGPL.
* README: Added a paragraph on copyright.
2001-11-15 Niels Mller <nisse@cuckoo.hack.org>
* yarrow256.c (yarrow256_force_reseed): New function.
2001-11-14 Niels Mller <nisse@ehand.com>
* testsuite/yarrow-test.c (main): Use yarrow256_is_seeded.
* yarrow256.c (yarrow256_needed_sources): New function.
(yarrow256_is_seeded): New function.
2001-11-14 Niels Mller <nisse@cuckoo.hack.org>
* testsuite/yarrow-test.out: Updated, to match the seed-file aware
* testsuite/yarrow-test.c: Updated expected_output. Check the seed
file contents at the end.
* yarrow256.c (yarrow256_seed): New function.
(yarrow_fast_reseed): Create new seed file contents.
2001-11-13 Niels Mller <nisse@cuckoo.hack.org>
* yarrow.h: Deleted yarrow160 declarations.
2001-11-02 Niels Mller <nisse@ehand.com>
* yarrow256.c (yarrow256_init): Fixed order of code and
* rsa-compat.h: Added real prototypes and declarations.
* Makefile.am (libnettle_a_SOURCES): Added rsa-compat.h and
* rsa-compat.c: New file, implementing RSA ref signature and
verification functions.
* configure.in: Check for libgmp. Deleted tests for SIZEOF_INT and
* rsa_md5.c: New file, PKCS#1 rsa-md5 signatures.
* rsa.c: New file with general rsa functions.
* Makefile.am (libnettle_a_SOURCES): Added rsa and bignum files.
* bignum.c, bignum.h: New file, with base256 functions missing in
* testsuite/Makefile.am: Added bignum-test.
* testsuite/run-tests (test_program): Check the xit code more
carefully, and treat 77 as skip. This convention was borrowed from
* testsuite/macros.m4: New macro SKIP which exits with code 77.
* testsuite/bignum-test.m4: New file.
2001-10-15 Niels Mller <nisse@ehand.com>
* testsuite/Makefile.am (EXTRA_DIST): Include rfc1750.txt in the
distribution.
2001-10-14 Niels Mller <nisse@cuckoo.hack.org>
* testsuite/des-test.m4: Added testcase taken from applied
* testsuite/yarrow-test.c: Use sha256 instead of sha1 for checking
input and output. Updated the expected values.
* yarrow256.c (YARROW_RESEED_ITERATIONS): New constant.
(yarrow_iterate): New function.
(yarrow_fast_reseed): Call yarrow_iterate.
* testsuite/yarrow-test.c: Added verbose flag, disabled by
2001-10-12 Niels Mller <nisse@ehand.com>
* examples/nettle-benchmark.c: Added more ciphers.
* Makefile.am (SUBDIRS): Added the examples subdir.
* configure.in: Output examples/Makefile.
2001-10-12 Niels Mller <nisse@cuckoo.hack.org>
* examples/nettle-benchmark.c: New benchmarking program.
2001-10-10 Niels Mller <nisse@ehand.com>
* testsuite/yarrow-test.c: Open rfc1750.txt. Hash input and
output, and compare to expected values.
* testsuite/Makefile.am (CFLAGS): Don't disable optimization.
(run-tests): Set srcdir in the environment when running run-tests.
* testsuite/rfc1750.txt: Added this rfc as test input for yarrow.
* yarrow_key_event.c (yarrow_key_event_estimate): Check if
previous is zero.
(yarrow_key_event_init): Initialize previous to zero.
* yarrow256.c: Added debug some output.
* testsuite/yarrow-test.c (main): Better output of entropy
2001-10-09 Niels Mller <nisse@ehand.com>
* testsuite/Makefile.am (TS_PROGS): Added yarrow-test.
* testsuite/yarrow-test.c: New file.
* yarrow256.c (yarrow256_init): Initialize the sources.
(yarrow256_random): Fixed loop condition.
* yarrow.h (YARROW_KEY_EVENT_BUFFER): New constant.
* yarrow_key_event.c: New file.
* Makefile.am (libnettle_a_SOURCES): Added yarrow_key_event.c.
2001-10-08 Niels Mller <nisse@cuckoo.hack.org>
* yarrow.h (struct yarrow_key_event_ctx): New struct.
* yarrow256.c (yarrow_fast_reseed): Generate two block of output
using the old key and feed into the pool.
* yarrow.h (struct yarrow256_ctx): Deleted buffer, index and
* yarrow256.c (yarrow_fast_reseed): New function.
(yarrow_slow_reseed): New function.
(yarrow256_update): Check seed/reseed thresholds.
(yarrow_gate): New function, extracted from
yarrow_generate_block_with_gate which was deleted.
(yarrow_generate_block_with_gate): Deleted function.
(yarrow256_random): Don't buffer any output, instead gate after
each request.
(YARROW_GATE_THRESHOLD): Deleted constant.
2001-10-07 Niels Mller <nisse@cuckoo.hack.org>
* yarrow256.c: New file, implementing Yarrow. Work in progress.
* sha256.c: New file, implementing SHA-256.
* testsuite/Makefile.am (CFLAGS): Added sha256-test.
* testsuite/sha256-test.m4: New testcases for SHA-256.
* shadata.c: New file, for generating SHA-256 constants.
* sha.h: Renamed sha1.h to sha.h, and added declarations for
2001-10-05 Niels Mller <nisse@ehand.com>
* testsuite/aes-test.m4: Added a comment with NIST test vectors.
2001-10-04 Niels Mller <nisse@ehand.com>
2001-09-25 Niels Mller <nisse@cuckoo.hack.org>
* Released version 1.0.
2001-09-25 Niels Mller <nisse@ehand.com>
* sha1.c: Include stdlib.h, for abort.
* md5.c: Include string.h, for memcpy.
* testsuite/Makefile.am (M4_FILES): New variable. Explicitly list
those C source files that should be generated by m4.
* configure.in: Changed package name from "libnettle" to "nettle".
* Makefile.am (EXTRA_DIST): Added .bootstrap.
* AUTHORS: Added a reference to the manual.
2001-09-25 Niels Mller <nisse@lysator.liu.se>
* des-compat.c (des_cbc_cksum): Bug fix, local variable was
declared in the middle of a block.
2001-09-19 Niels Mller <nisse@cuckoo.hack.org>
* nettle.texinfo (Compatibility functions): New section,
mentioning md5-compat.h and des-compat.h.
2001-09-18 Niels Mller <nisse@ehand.com>
* index.html: New file.
2001-09-16 Niels Mller <nisse@cuckoo.hack.org>
* nettle.texinfo: Added description of des3. Minor fixes.
* testsuite/des-compat-test.c (cbc_data): Shorten to 32 bytes (4
blocks), the last block of zeroes wasn't used anyway.
* des-compat.c (des_compat_des3_decrypt): Decrypt in the right
(des_ncbc_encrypt): Bug fixed.
(des_cbc_encrypt): Rewritten as a wrapper around des_ncbc_encrypt.
2001-09-14 Niels Mller <nisse@ehand.com>
* testsuite/des-compat-test.c: New file, copied from libdes
(freeswan). All implemented functions but des_cbc_cksum seems to
work now.