Newer
Older
* Makefile.in (TARGETS): Added gcmdata.
(gcmdata): New rule.
Introduced 4-bit tables. Gives gmac performance of 45 cycles per
byte (still on intel x86_64).
* gcm.c (gcm_gf_shift): Renamed. Tweaked little-endian masks.
(gcm_rightshift): ... old name.
(gcm_gf_mul): New argument for the output. Added length argument
for one of the inputs (implicitly padding with zeros).
(shift_table): New table (in 4-bit and 8-bit versions), generated
by gcmdata.
(gcm_gf_shift_chunk): New function shifting 4 bits at
a time.
(gcm_gf_mul_chunk): New function processing 4 bits at a time.
(gcm_set_key): Generation of 4-bit key table.
(gcm_hash): Use tables, when available.
* gcmdata.c (main): New file.
* gcm.c (gcm_rightshift): Moved the reduction of the shifted out
bit here.
(gcm_gf_mul): Updated for gcm_rightshift change. Improves gmac
performance to 181 cycles/byte.
* gcm.c (gcm_gf_mul): Rewrote. Still uses the bitwise algorithm from the
specification, but with separate byte and bit loops. Improves gmac
performance a bit further, to 227 cycles/byte.
* gcm.c (gcm_rightshift): Complete rewrite, to use word rather
than byte operations. Improves gmac performance from 830 cycles /
byte to (still poor) 268 cycles per byte on intel x86_64.
2011-02-05 Niels Mller <nisse@lysator.liu.se>
* examples/nettle-benchmark.c (time_gmac): New function.
(main): Call time_gmac.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added gcm-test.c.
* testsuite/testutils.c (test_cipher_gcm): New function,
contributed by Nikos Mavrogiannopoulos.
* testsuite/gcm-test.c: New file, contributed by Nikos
Mavrogiannopoulos.
* Makefile.in (nettle_SOURCES): Added gcm.c.
(HEADERS): Added gcm.h.
* gcm.c: New file, contributed by Nikos Mavrogiannopoulos.
* gcm.h: New file, contributed by Nikos Mavrogiannopoulos.
* macros.h (INCREMENT): New macro, moved from ctr.c. Deleted third
argument.
* ctr.c: Use INCREMENT macro from macros.h, deleted local version.
2011-01-07 Niels Mller <nisse@lysator.liu.se>
* testsuite/Makefile.in (check): Add ../.lib to PATH, since that's
where w*ndows looks for dlls.
* testsuite/testutils.c (test_cipher_stream): More debug output on
failure.
2010-12-14 Niels Mller <nisse@lysator.liu.se>
* nettle-types.h: Deleted some unnecessary parenthesis from
function typedefs.
(nettle_realloc_func): Moved typedef here...
* realloc.h: ...from here.
* buffer.c (nettle_buffer_init_realloc): Use an explicit pointer
for realloc argument.
2010-12-07 Niels Mller <nisse@lysator.liu.se>
* nettle.texinfo (Copyright): Updated info on blowfish.
2010-11-26 Niels Mller <nisse@lysator.liu.se>
Reapplied optimizations (150% speedup on x86_32) and other fixes,
relicensing them as LGPL.
* blowfish.c (do_encrypt): Renamed, to...
(encrypt): ...new name.
(F): Added context argument. Shift input explicitly, instead of
reading individual bytes via memory.
(R): Added context argument.
(encrypt): Deleted a bunch of local variables. Using the context
pointer for everything should consume less registers.
(decrypt): Likewise.
(initial_ctx): Arrange constants into a struct, to simplify key
setup.
(blowfish_set_key): Some simplification.
2010-11-26 Simon Josefsson <simon@josefsson.org>
* blowfish.c: New version ported from libgcrypt. License changed
from GPL to LGPL.
2010-11-25 Niels Mller <nisse@lysator.liu.se>
* Makefile.in (install-shared-nettle): Use INSTALL_DATA, which
clears the execute permission bits.
(install-shared-hogweed): Likewise.
2010-11-16 Niels Mller <nisse@lysator.liu.se>
* configure.ac: Updated gmp url.
2010-11-01 Niels Mller <nisse@lysator.liu.se>
* tools/misc.c (werror): Don't call exit (copy&paste-error).
2010-10-26 Niels Mller <nisse@lysator.liu.se>
* examples/rsa-encrypt.c (main): No extra message for bad options.
* examples/rsa-keygen.c (main): Added long options. Deleted -?,
and fixed handling of bad options.
* examples/next-prime.c (main): Deleted -?, and fixed handling of
bad options.
* examples/random-prime.c (main): Likewise.
2010-10-22 Niels Mller <nisse@lysator.liu.se>
* examples/nettle-benchmark.c (main): Added long options. Deleted -?,
and fixed handling of bad options.
* examples/eratosthenes.c (main): Added long options. Deleted -?,
and fixed handling of bad options. Renamed -s to -q (long option
* tools/pkcs1-conv.c (main): Deleted short alias -? for --help,
and fixed handling of bad options.
* tools/sexp-conv.c (parse_options): Likewise.
2010-10-06 Niels Mller <nisse@lysator.liu.se>
* memxor.c (memxor3): Optimized.
(memxor3_common_alignment): New function.
(memxor3_different_alignment_b): New function.
(memxor3_different_alignment_ab): New function.
(memxor3_different_alignment_all): New function.
* examples/nettle-benchmark.c (time_function): Reorganized, to
reduce overhead.
(time_memxor): Also benchmark memxor3.
* x86_64/memxor.asm: New file.
* examples/nettle-benchmark.c (overhead): New global variable.
(time_function): Compensate for call overhead.
(bench_nothing, time_overhead): New functions.
(time_memxor): Tweaked src size, making it an integral number of
words.
(main): Call time_overhead.
2010-10-01 Niels Mller <nisse@lysator.liu.se>
* x86_64/camellia-crypt-internal.asm (ROUND): Reordered sbox
lookups.
* testsuite/memxor-test.c: Also test memxor3.
2010-09-30 Niels Mller <nisse@lysator.liu.se>
* configure.ac: Link in memxor.asm, if found.
* testsuite/testutils.c (test_cipher_cbc): Print more info when
failing.
* testsuite/memxor-test.c (test_xor): Added verbose printout.
* examples/nettle-benchmark.c (time_memxor): Count size of
unsigned long as "block size" for memxor.
2010-09-24 Niels Mller <nisse@lysator.liu.se>
* testsuite/.test-rules.make: Added rule for memxor-test.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added memxor-test.c
* testsuite/memxor-test.c: New file.
* memxor.c (memxor_common_alignment): New function.
(memxor_different_alignment): New function.
(memxor): Optimized to do word-operations rather than byte
operations.
* configure.ac (HAVE_NATIVE_64_BIT): New config.h define.
Partial revert of 2010-09-20 changes.
* camellia-set-encrypt-key.c (camellia_set_encrypt_key):
Reintroduce CAMELLIA_F_HALF_INV, for 32-bit machines.
* camellia-crypt-internal.c (CAMELLIA_ROUNDSM): Two variants,
differing in where addition of the key is done.
* x86/camellia-crypt-internal.asm: Moved addition of key.
2010-09-22 Niels Mller <nisse@lysator.liu.se>
* examples/nettle-benchmark.c (BENCH_INTERVAL): Changed unit to
seconds.
(time_function): Use clock_gettime with CLOCK_PROCESS_CPUTIME_ID,
if available. This gives better accuracy, at least on recent
linux.
(BENCH_INTERVAL): Reduced to 0.1 s.
(struct bench_memxor_info): New struct.
(bench_memxor): New function.
(time_memxor): New function.
(main): Use time_memxor. Added optional argument used to limit the
algorithms being benchmarked.
(GET_CYCLE_COUNTER): Define also for x86_64.
(time_memxor): Improved display.
* examples/Makefile.in (nettle-benchmark): Link using
$(BENCH_LIBS) rather than $(LIBS).
* configure.ac: Check for clock_gettime, and add -lrt to
BENCH_LIBS if needed.
2010-09-20 Niels Mller <nisse@lysator.liu.se>
* configure.ac: Less quoting when invoking $CC, to allow CC="gcc
-m32".
* x86/camellia-crypt-internal.asm (ROUND): Adapted to new key
convention, moving key xor to the end.
* camellia-set-encrypt-key.c (CAMELLIA_F_HALF_INV): Deleted macro.
(camellia_set_encrypt_key): Deleted the CAMELLIA_F_HALF_INV
operations intended for moving the key xor into the middle of the
round.
* camellia-crypt-internal.c (CAMELLIA_ROUNDSM): Moved addition of
key to the end, to use a 64-bit xor operation.
* x86_64/camellia-crypt-internal.asm: New file.
* x86_64/machine.m4 (LREG, HREG, XREG): New macros.
2010-09-17 Niels Mller <nisse@lysator.liu.se>
* configure.ac: Support shared libraries (dlls) with mingw32.
Contributed by David Hoyt.
2010-07-25 Niels Mller <nisse@lysator.liu.se>
* configure.ac: Changed version number to nettle-2.2.
* Released nettle-2.1.
* configure.ac: Use camellia-crypt-internal.asm, if available.
Bumped soname to libnettle.so.4, and reset LIBNETTLE_MINOR to
zero.
* x86/machine.m4 (LREG, HREG): Moved macros here, from...
* x86/aes.m4: ...here.
* x86/camellia-crypt-internal.asm: New file.
* nettle.texinfo: Updated and expanded section on DSA.
Document aes_invert_key, and camellia. Added missing functions
rsa_sha512_verify and rsa_sha512_verify_digest.
* camellia.h (struct camellia_ctx): Eliminate the two unused
subkeys, and renumber the remaining ones.
* camellia-crypt-internal.c (_camellia_crypt): Updated for
renumbered subkeys.
* camellia-set-encrypt-key.c (camellia_set_encrypt_key): Likewise.
* camellia-set-decrypt-key.c (camellia_invert_key): Likewise.
* camellia-set-encrypt-key.c (camellia_set_encrypt_key): Inline
the expansion of camellia_setup128 and camellia_setup256, keeping
the unexpanded key in scalar variables.
(camellia_setup128): Deleted.
(camellia_setup256): Deleted.
2010-07-24 Niels Mller <nisse@lysator.liu.se>
* camellia-set-encrypt-key.c (camellia_set_encrypt_key): Reduced
code size, no complete loop unroll. Use one loop for each phase of
the post-processing.
* testsuite/camellia-test.c: New tests for camellia_invert_key.
* testsuite/aes-test.c: New tests for aes_invert_key.
* aes.h (aes_invert_key): Declare it.
* aes-set-decrypt-key.c (aes_invert_key): New function, key
inversion code extracted from aes_set_decrypt_key.
(aes_set_decrypt_key): Use aes_invert_key.
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
* camellia-set-encrypt-key.c (camellia_setup128): Generate
unmodified subkeys according to the spec. Moved clever combination
of subkeys to camellia_set_encrypt_key.
(camellia_setup256): Likewise.
(camellia_set_encrypt_key): Moved subkey post-processing code
here, and reduce code duplication between 128-bit keys and larger
keys.
* camellia.c: Deleted file, split into several new files...
* camellia-table.c (_camellia_table): New file with the constant
sbox tables.
* camellia-set-encrypt-key.c: New file.
(camellia_setup128): Generate unmodified subkeys according to the
spec. Moved clever combination of subkeys to camellia_set_encrypt_key.
(camellia_setup256): Likewise.
* camellia-set-decrypt-key.c: New file.
(camellia_invert_key): Key inversion function.
(camellia_set_decrypt_key): New key setup function.
* camellia-internal.h: New file.
* camellia-crypt.c (camellia_crypt): New file, new wrapper
function passing the sbox table to _camellia_crypt.
* camellia-crypt-internal.c (_camellia_crypt): New file, with main
encrypt/decrypt function.
* Makefile.in (nettle_SOURCES): Updated list of camellia source files.
(DISTFILES): Added camellia-internal.h.
2010-07-20 Niels Mller <nisse@lysator.liu.se>
* camellia-meta.c: Use _NETTLE_CIPHER_SEP_SET_KEY.
* camellia.h (struct camellia_ctx): Replaced flag camellia128 by
expanded key length nkeys.
* camellia.c (camellia_set_encrypt_key): Renamed, from...
(camellia_set_key): ... old name.
(camellia_invert_key): New function.
(camellia_set_decrypt_key): New function, using
camellia_invert_key.
(camellia_crypt): Renamed, from...
(camellia_encrypt): ... old name.
(camellia_decrypt): Deleted, no longer needed. camellia_crypt used
for both encryption and decryption.
* nettle-meta.h (_NETTLE_CIPHER_SEP_SET_KEY): New macro.
* dsa-keygen.c: Removed unnecessary include of memxor.h.
* camellia.c: Rewrote to use 64-bit type for subkeys and use
64-bit operations throughout. Performance on x86_32, when compiled
with gcc-4.4.4, is reduced by roughly 15%, this should be fixed
later.
* camellia.h (struct camellia_ctx): Use type uint64_t for subkeys.
2010-07-07 Niels Mller <nisse@lysator.liu.se>
* aes.h (aes_encrypt, aes_decrypt): Declare ctx argument as const.
Also updated implementation.
* blowfish.h (blowfish_encrypt, blowfish_decrypt): Likewise.
* cast128.h (cast128_encrypt, cast128_decrypt): Likewise.
* serpent.h (serpent_encrypt, serpent_decrypt): Likewise.
* twofish.h (twofish_encrypt, twofish_decrypt): Likewise.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
camellia-test.c.
* examples/nettle-benchmark.c: Added camellia ciphers.
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
* Makefile.in (nettle_SOURCES): Added camellia.c and
camellia-meta.c.
(HEADERS): Added camellia.h.
* nettle-meta.h (nettle_camellia128): Declare.
(nettle_camellia192): Likewise.
(nettle_camellia256): Likewise.
* camellia-meta.c: New file.
* camellia.h: Rewrote interface to match nettle conventions.
* camellia.c: Converted to nettle conventions.
(camellia_encrypt128, camellia_encrypt256): Unified to new
function...
(camellia_encrypt): ...New function, with a loop doing 6
regular rounds, one FL round and one FLINV round per iteration,
with iteration count depending on the key size.
(camellia_decrypt128, camellia_decrypt256): Similarly unified
as...
(camellia_decrypt): ...New function, analogous to
camellia_encrypt.
2010-07-06 Niels Mller <nisse@lysator.liu.se>
* camellia.c, camellia.h: New files, copied from
http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/camellia-LGPL-1.2.0.tar.gz.
* testsuite/camellia-test.c: New file.
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
2010-07-05 Niels Mller <nisse@lysator.liu.se>
* nettle.texinfo: Document new conventions for weak key and des
parity checks. Document des_check_parity.
* testsuite/des-test.c (test_weak): Don't check the deleted status
attribute.
* des-compat.c (des_key_sched): Rewrote error checking logic for
the case of non-zero des_check_key.
* des3.c (des3_set_key): Changed weak key detection logic.
Complete key setup also for weak keys, and don't set the status
attribute.
* des.c (des_set_key): New iteration logic, to keep key pointer
unchanged. Moved weak key check to the end, and don't set the
status attribute.
(des_encrypt): Ignore status attribute.
(des_decrypt): Likewise.
* des.h (enum des_error): Deleted.
(struct des_ctx): Deleted status attribute.
(struct des3_ctx): Likewise.
* blowfish.c (initial_ctx): Deleted status value.
(blowfish_encrypt): Ignore status attribute.
(blowfish_decrypt): Likewise.
(blowfish_set_key): Return result from weak key check, without
setting the status attribute.
* blowfish.h (enum blowfish_error): Deleted.
(struct blowfish_ctx): Deleted status attribute.
* Makefile.in (des_headers): Deleted parity.h.
2010-06-30 Niels Mller <nisse@lysator.liu.se>
* testsuite/des-test.c (test_des): New function.
(test_weak): New function.
(test_main): Use test_des and test_weak. Added tests for all the
weak keys. Added some tests with invalid (to be ignored) parity
bits.
* des.c (parity_16): New smaller parity table.
(des_check_parity): New function.
(des_fix_parity): Use parity_16.
(des_weak_p): New weak-key detection. Ignores parity bits, and
uses a hash table.
(des_set_key): Deleted parity checking code. Replaced old weak-key
detection code by a call to des_weak_p.
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
2010-06-04 Niels Mller <nisse@lysator.liu.se>
* testsuite/testutils.c (test_dsa_key): Updated for new name
DSA_SHA1_MIN_P_BITS.
* dsa-keygen.c (dsa_generate_keypair): Use DSA_SHA1_MIN_P_BITS and
DSA_SHA256_MIN_P_BITS.
* dsa.h (DSA_MIN_P_BITS, DSA_Q_OCTETS, DSA_Q_BITS): Renamed to...
(DSA_SHA1_MIN_P_BITS, DSA_SHA1_Q_OCTETS, DSA_SHA1_Q_BITS): New
names.
* sexp2dsa.c (dsa_keypair_from_sexp_alist): New argument q_bits.
Renamed parameter limit to p_max_bits.
(dsa_sha1_keypair_from_sexp): Renamed, was dsa_keypair_from_sexp.
Updated to call dsa_keypair_from_sexp_alist with the new argument.
(dsa_sha256_keypair_from_sexp): New function.
(dsa_signature_from_sexp): New argument q_bits.
* der2dsa.c (dsa_params_from_der_iterator): Enforce 160-bit limit
on q. Renamed parameter limit to p_max_bits.
(dsa_openssl_private_key_from_der_iterator): Enforce 160-bit limit
on q and x. Renamed parameter limit to p_max_bits.
2010-06-03 Niels Mller <nisse@lysator.liu.se>
* testsuite/dsa-test.c (test_main): Added test for dsa-sha256.
2010-06-02 Niels Mller <nisse@lysator.liu.se>
* testsuite/dsa-test.c (test_main): Provide expected value of the
signature.
* testsuite/testutils.c (test_dsa160): Added argument for expected
signature.
(test_dsa256): Likewise.
2010-06-01 Niels Mller <nisse@lysator.liu.se>
* testsuite/rsa-keygen-test.c (test_main): Updated expected
signatures.
* examples/random-prime.c (main): Updated for nettle_random_prime
change.
* testsuite/random-prime-test.c (test_main): Likewise.
* rsa-keygen.c (bignum_random_prime): Deleted function.
(rsa_generate_keypair): Use new nettle_random_prime. Generate
secret factors p and q with the two most significant bits set.
* dsa-keygen.c (dsa_generate_keypair): Updated for changes in
nettle_random_prime and _nettle_generate_pocklington_prime. Invoke
progress callback.
* bignum-random-prime.c (_nettle_generate_pocklington_prime): New
argument top_bits_set, to optionally generate primes with the two
most significant bits set. Reordered argument list.
(nettle_random_prime): Likewise, added top_bits_set argument.
Invoke progress callback when a prime is generated.
2010-05-26 Niels Mller <nisse@lysator.liu.se>
* dsa-keygen.c (dsa_generate_keypair): Use
_nettle_generate_pocklington_prime. Deleted old key generation
code.
* bignum-random-prime.c (_nettle_generate_pocklington_prime): Also
return the used r. Updated caller.
* examples/random-prime.c (main): Allow sizes down to 3 bits.
* bignum-random-prime.c (_nettle_generate_pocklington_prime): New
function. Rely on mpz_probab_prime_p (for lack of a trial division
function) for trial division.
(nettle_random_prime): Rewritten. Uses the prime table for the
smallest sizes, then trial division using a new set of tables, and
then Maurer's algorithm, calling the new
_nettle_generate_pocklington_prime for the final search.
2010-05-25 Niels Mller <nisse@lysator.liu.se>
* testsuite/dsa-test.c (test_main): Updated for dsa testing
* testsuite/dsa-keygen-test.c (test_main): Test dsa256.
* testsuite/testutils.h (struct nettle_mac): New struct, currently
unused.
* testsuite/testutils.c (test_mac): New function (currently not
used).
(test_dsa): Replaced by two new functions...
(test_dsa160): New function.
(test_dsa256): New function.
(test_dsa_key): New argument q_size.
(DSA_VERIFY): Generalized.
* dsa-keygen.c (dsa_generate_keypair): Rewritten, now generating
primes using Pocklington's theorem. Takes both p_size and q_size
as arguments.
2010-05-20 Niels Mller <nisse@lysator.liu.se>
* bignum-random-prime.c (miller_rabin_pocklington): Fixed broken
logic when Miller-rabin succeeds early.
2010-04-09 Niels Mller <nisse@lysator.liu.se>
* bignum-next-prime.c: Include stdlib.h, needed for alloca on
freebsd.
* hmac.c: Likewise.
* examples/Makefile.in (SOURCES): Added random-prime.c.
* examples/random-prime.c: New program.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Moved
knuth-lfib-test.c, cbc-test.c, ctr-test.c, hmac-test.c here, from
TS_HOGWEED_SOURCES.
(TS_HOGWEED_SOURCES): Added random-prime-test.c.
* testsuite/random-prime-test.c: New test case.
* examples/next-prime.c (main): With no command line arguments.
exit after dislaying usage message.
* examples/io.c (simple_random): Free buffer when done.
* configure.ac: Changed message, say CC is the recommended
way to configure the ABI.
* bignum-random.c: Deleted test of HAVE_LIBGMP.
* bignum.c: Likewise.
* sexp2bignum.c: Likewise.
* Makefile.in (hogweed_SOURCES): Added bignum-random-prime.c.
* bignum-random-prime.c (nettle_random_prime): New file, new
function.
2010-03-31 Niels Mller <nisse@lysator.liu.se>
* examples/nettle-benchmark.c (main): Benchmark sha224.
2010-03-30 Niels Mller <nisse@lysator.liu.se>
* testsuite/testutils.c (DSA_VERIFY): Updated for dsa_sha1_verify
rename.
(test_dsa): Check return value from dsa_sha1_sign.
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
* Makefile.in (hogweed_SOURCES): Added dsa-sha1-sign.c,
dsa-sha1-verify.c, dsa-sha256-sign.c, and dsa-sha256-verify.c.
* dsa.h: Updated and added dsa declarations.
* dsa-sha256-verify.c (dsa_sha256_verify_digest): New file, new
function.
(dsa_sha256_verify): New function.
* dsa-sha256-sign.c (dsa_sha256_sign_digest): New file, new
function.
(dsa_sha256_sign): New function.
* dsa-sha1-verify.c (dsa_sha1_verify_digest): New file. Moved and
renamed function, from dsa_verify_digest, rewrote to use
_dsa_verify.
(dsa_sha1_verify): Analogous change, renamed from dsa_verify.
* dsa-sha1-sign.c (dsa_sha1_sign_digest): New file. Moved and
renamed function, from dsa_sign_digest, rewrote to use _dsa_sign,
and added return value.
(dsa_sha1_sign): Analogous change, renamed from dsa_sign.
* dsa-verify.c (_dsa_verify): New general verification function,
for any hash.
* dsa-sign.c (_dsa_sign): New general signing function, for any
hash. Returns success code, like the rsa signture functions.
2010-03-29 Niels Mller <nisse@lysator.liu.se>
* configure.ac (ABI): Attempt to use a better, ABI-dependant,
default value for libdir.
* x86/md5-compress.asm: Fixed function name in epilogue.
* asm.m4 (EPILOGUE): Use . to refer to current address.
* configure.ac (ABI): Detect which ABI the compiler is using.
On x86_64, also check for __arch64__.
2010-03-28 Niels Mller <nisse@lysator.liu.se>
* configure.ac (asm_path): For x86_64, check if compiler is
generating 32-bit code.
2010-03-27 Niels Mller <nisse@lysator.liu.se>
* testsuite/hmac-test.c (test_main): Rewrote rest of tests to use
HMAC_TEST, and added more tests from Daniel Kahn Gillmor and from
RFC 4231.
* Makefile.in (nettle_SOURCES): Added hmac-sha224.c and
hmac-sha384.c.
* hmac.h: Added declarations of hmac-sha224 and hmac-sha384.
* hmac-sha224.c: New file.
2010-03-26 Niels Mller <nisse@lysator.liu.se>
* testsuite/hmac-test.c (HMAC_TEST): New macro.
(test_main): Use HMAC_TEST for the md5 and sha1 tests, and add
test vectors from Daniel Kahn Gillmor.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added sha224-test.c.
* Makefile.in (nettle_SOURCES): Added sha224-meta.c and
write-be32.c.
(DISTFILES): Added nettle-write.h.
* sha.h: Added declarations for sha224. Some are aliases for the
corresponding sha256 definition.
* sha256.c (sha256_digest): Use _nettle_write_be32.
(sha224_init): New function.
(sha224_digest): New function.
* sha1.c (sha1_digest): Use _nettle_write_be32.
* nettle-internal.h (NETTLE_MAX_HASH_BLOCK_SIZE)
(NETTLE_MAX_HASH_DIGEST_SIZE): Increased, to take sha512 into
account.
* nettle-write.h: New file.
* write-be32.c (_nettle_write_be32): New file, new function.
* sha224-meta.c: New file.
2010-03-25 Niels Mller <nisse@lysator.liu.se>
* hmac-sha384.c: New file.
* testsuite/sha224-test.c: New file.
* testsuite/md4-test.c (test_main): More test vectors, provided by
Daniel Kahn Gillmor.
* testsuite/md5-test.c (test_main): Likewise.
* testsuite/sha1-test.c (test_main): Likewise.
* testsuite/sha256-test.c (test_main): Likewise.
* testsuite/sha384-test.c (test_main): Likewise.
* testsuite/sha512-test.c (test_main): Likewise.
* configure.ac: Bumped version numbers. Package version
nettle-2.1, library versions libnettle.so.3.1, libhogweed.so.2.0.
* examples/nettle-benchmark.c (main): Benchmark sha384.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added sha384-test.c.
* testsuite/sha384-test.c: New file.
* Makefile.in (nettle_SOURCES): Added sha384-meta.c.
* sha384-meta.c: New file.
* sha.h: Added declarations for sha384. Some are aliases for the
corresponding sha512 definition.
* sha512.c (sha512_write_digest): New function.
(sha512_digest): Use it.
(sha384_init): New function.
(sha384_digest): New function.
2010-03-24 Niels Mller <nisse@lysator.liu.se>
* sha512.c: (sha512_digest): Simplified handling of any final
partial word of the digest.
* sha512.c: Reorganized to use _nettle_sha512_compress.
* sha512-compress.c (_nettle_sha512_compress): Compression
function extracted from sha512.c to a new file.
* Makefile.in (nettle_SOURCES): Added sha256-compress.c and
sha512-compress.c.
* sha256.c: Reorganized to use _nettle_sha256_compress.
* sha256-compress.c (_nettle_sha256_compress): Compression
function extracted from sha256.c to a new file.
* examples/nettle-benchmark.c (main): Benchmark sha512.
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
* rsa-keygen.c (rsa_generate_keypair): Ensure that bit size of e
is less than bit size of n, and check for the unlikely case p = q.
* rsa.h (RSA_MINIMUM_N_OCTETS, RSA_MINIMUM_N_BITS): Reduced, to
correspond to pkcs#1 encryption of single byte messagees.
* pgp-encode.c (pgp_put_rsa_sha1_signature): Check return value
from rsa_sha1_sign.
* rsa-compat.c (R_SignFinal): Likewise.
* rsa-md5-sign.c (rsa_md5_sign): Check and propagate return value
from pkcs1_rsa_md5_encode.
(rsa_md5_sign_digest): Check and propagate return value from
pkcs1_rsa_md5_encode_digest.
* rsa-md5-verify.c (rsa_md5_verify): Check return value from
pkcs1_rsa_md5_encode.
(rsa_md5_verify_digest): Check return value from
pkcs1_rsa_md5_encode_digest.
* rsa-sha1-sign.c: Analogous changes.
* rsa-sha1-verify.c: Analogous changes.
* rsa-sha256-sign.c: Analogous changes.
* rsa-sha256-verify.c: Analogous changes.
* rsa-sha512-sign.c: Analogous changes.
* rsa-sha512-verify.c: Analogous changes.
* pkcs1-rsa-md5.c (pkcs1_rsa_md5_encode)
(pkcs1_rsa_md5_encode_digest): Added return value. Check and
propagate return value from pkcs1_signature_prefix.
* pkcs1-rsa-sha256.c (pkcs1_rsa_sha256_encode)
(pkcs1_rsa_sha256_encode_digest): Likewise.
* pkcs1-rsa-sha1.c (pkcs1_rsa_sha1_encode)
(pkcs1_rsa_sha1_encode_digest): Likewise.
* pkcs1-rsa-sha512.c (pkcs1_rsa_sha512_encode)
(pkcs1_rsa_sha512_encode_digest): Likewise.
* pkcs1.c (pkcs1_signature_prefix): Interface change, take both
the total size and digest size as arguments, and return a status
code to say if the size was large enough.
* testsuite/Makefile.in: Added hogweed dependency for the test
programs.
2010-03-23 Niels Mller <nisse@lysator.liu.se>
* testsuite/rsa-test.c (test_main): Test signing with sha512.
* testsuite/testutils.c (test_rsa_sha512): New function.
* Makefile.in (hogweed_SOURCES): Added pkcs1-rsa-sha512.c,
rsa-sha512-sign.c and rsa-sha512-verify.c.
* rsa.h: Added prototypes for sha512-related functions.
(RSA_MINIMUM_N_OCTETS, RSA_MINIMUM_N_BITS): Increased.
* pkcs1.h: Added prototypes for sha512-related functions.
* rsa-sha512-verify.c: New file.
* rsa-sha512-sign.c: New file.
* pkcs1-rsa-sha512.c: New file.
2010-03-22 Niels Mller <nisse@lysator.liu.se>
* Makefile.in (nettle_SOURCES): Added hmac-sha512.c.
* testsuite/hmac-test.c (test_main): Added test cases for
hmac-sha512.
* hmac.h: Declare functions sha512-related functions.
* hmac-sha512.c (hmac_sha512_set_key): New file.
Basic sha512 support.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added sha512-test.c.
* testsuite/sha512-test.c: New file.
* macros.h (READ_UINT64, WRITE_UINT64): New macros.
* Makefile.in (nettle_SOURCES): Added sha512.c and sha512-meta.c.
* sha.h: Added sha512-related declarations.
* nettle-meta.h: Likewise.
* sha512-meta.c: New file.
* sha512.c: New file.
2010-03-06 Niels Mller <nisse@lysator.liu.se>
* Makefile.in (distdir): Include x86_64 assembler files.
2010-01-20 Niels Mller <nisse@lysator.liu.se>
* configure.ac: Check for mpz_powm_sec.
2010-01-13 Niels Mller <nisse@lysator.liu.se>
* Makefile.in ($(LIBHOGWEED_FORLINK)): Depend on
$(LIBNETTLE_FORLINK).
* configure.ac (LIBHOGWEED_LIBS): Added -lnettle -lgmp for the
default case. Follows debian, and also makes dlopen of
libhogweed.so work, without having to use RTLD_GLOBAL.
(LIBHOGWEED_LINK): Added -L., to find our libnettle.so.
2009-10-21 Niels Mller <nisse@lysator.liu.se>
* tools/Makefile.in (pkcs1-conv$(EXEEXT)): Added dependency on
../libhogweed.a.
2009-10-19 Niels Mller <nisse@lysator.liu.se>
* tools/pkcs1-conv.c: Updated for dsa/der interface change.
* der2dsa.c (dsa_public_key_from_der_iterators): Split into two
new functions...
(dsa_params_from_der_iterator): New function.
(dsa_public_key_from_der_iterator): New function.
(dsa_openssl_private_key_from_der_iterator): Renamed, was
dsa_private_key_from_der_iterator.
(dsa_openssl_private_key_from_der): Likewise.
* dsa.h: Corresponding changees to prototypes and #defines.
2009-10-12 Niels Mller <nisse@lysator.liu.se>
* sexp-format.c: Removed conditioning on HAVE_LIBGMP.
* tools/pkcs1-conv.c: Support for DSA keys, contributed by Magnus
Holmgren.
* Makefile.in (hogweed_SOURCES): Added dsa2sexp.c and der2dsa.c.
* der2dsa.c: New file, contributed by Magnus Holmgren.
* dsa2sexp.c: Likewise.
* dsa.h: Added prototypes.
* configure.ac (LIBHOGWEED_MINOR): Bumped libhogweed minor
version, now it's 1.1.
* testsuite/rsa2sexp-test.c (test_main): Updated testcase for
"rsa-pkcs1".
2009-10-11 Niels Mller <nisse@lysator.liu.se>
* rsa2sexp.c (rsa_keypair_to_sexp): Changed default algorithm name
to "rsa-pkcs1".
2009-09-20 Niels Mller <nisse@lysator.liu.se>
* x86/sha1-compress.asm: Improved performance by 17% on AMD K7,
by letting loopmix scramble the instruction order.
2009-09-15 Niels Mller <nisse@lysator.liu.se>
* x86/sha1-compress.asm: Cleanup, removing old cruft. Slight
improvement to ROUND_F1_NOEXP. Slight reduction of
dependency-chains.
2009-08-25 Niels Mller <nisse@lysator.liu.se>
* x86/sha1-compress.asm: Eliminated tmp variable for f3 rounds.
* examples/nettle-benchmark.c (bench_sha1_compress): New function,
for precise benchmarking of the compression function.
2009-06-08 Niels Mller <nisse@lysator.liu.se>
* Released nettle-2.0.
2009-06-04 Niels Mller <nisse@lysator.liu.se>
* configure.ac: Set version to 2.0
2009-05-30 Niels Mller <nisse@lysator.liu.se>
* Makefile.in (.texinfo.info): Don't use a temporary output file
$@T, trust makeinfo to remove output file on errors.
2009-05-19 Niels Mller <nisse@lysator.liu.se>
* nettle.texinfo: Changed license to public domain.
* nettle.texinfo: Fixes from Karl Berry. Added some more index
terms.
2009-03-06 Niels Mller <nisse@lysator.liu.se>
* x86_64/aes-encrypt-internal.asm: Reduced unrolling. Keep state
in %eax--%edx only.
* x86_64/aes-decrypt-internal.asm: Likewise.
* x86_64/aes.m4 (MOVE_HREG): Deleted, no longer needed.
(AES_STORE): Reduced offsets.
(AES_ROUND): Use HREG directly, not MOVE_HREG.
* x86_64/aes-decrypt-internal.asm: Rearrange register allocation.
Put SA--SD in %eax--%edx, so the second byte can be accessed as
%ah-%dh. TD is not needed, SD can be reused. Use the register that
is saved for the outer loop counter, getting it off the stack.
* x86_64/aes.m4 (HREG, MOVE_HREG): New macros.
(XREG): Fixed bug in handling of %r8 and %r9.
(AES_ROUND): Use MOVE_HREG.
2009-02-10 Niels Mller <nisse@lysator.liu.se>
* base16-meta.c (base16_encode_update_wrapper): Mark ctx argument
as UNUSED.
* testsuite/sexp-conv-test: Updated testcases for improved
handling of comments.
* tools/sexp-conv.c (sexp_convert_item): Use sexp_put_soft_newline
to terminate comments, and modify indentation for the case that a
list starts with a comment.
* tools/output.c (sexp_output_init): Initialize soft_newline.
(sexp_put_raw_char): Clear soft_newline.
(sexp_put_newline): Check and reset soft_newline.
(sexp_put_soft_newline): New function.
* tools/output.h (struct sexp_output): Removed union with single
element, and updated all users. New attribute soft_newline.
2008-12-22 Niels Mller <nisse@lysator.liu.se>
* Makefile.in ($(des_headers)): Create files in $(srcdir).
2008-11-28 Niels Mller <nisse@lysator.liu.se>
* testsuite/cxx-test.cxx: Include <cstdio>.
2008-11-22 Niels Mller <nisse@lysator.liu.se>
* yarrow256.c (yarrow256_fast_reseed): Set ctx->seeded = 1, so
that it is set if and only if the aes context has been initialized
with aes_set_encrypt_key.
(yarrow256_seed): No need to set ctx->seeded here.
(yarrow256_update): Likewise.
2008-11-04 Niels Mller <nisse@lysator.liu.se>
* examples/next-prime.c (main): Avoid using gmp_fprintf, to stay
compatible with gmp-3.1.
2008-11-01 Niels Mller <nisse@lysator.liu.se>
* nettle.texinfo: Updated for 2.0. New section on linking.
* nettle-types.h, nettle-meta.h: Moved all typedefs for function
types to nettle-types.h. Use non-pointer types, so that the types
can be used to declare functions. Updated all users.
2008-10-31 Niels Mller <nisse@lysator.liu.se>
* testsuite/yarrow-test.c (test_main): Updated for seed file
changes.
* sha-example.c (display_hex): Use %02x, not %2x.
2008-10-30 Niels Mller <nisse@lysator.liu.se>
* tools/sexp-conv.c (main): Fixed file locking.
2008-10-25 Niels Mller <nisse@lysator.liu.se>