2022-07-26 Niels Möller <nisse@lysator.liu.se>
* Released nettle-3.8.1.
* configure.ac: Bump package version, to 3.8.1.
(LIBNETTLE_MINOR): Bump minor number, to 8.6.
(LIBHOGWEED_MINOR): Bump minor number, to 6.6.
2022-06-12 Niels Möller <nisse@lysator.liu.se>
From Christian Weisgerber:
* fat-arm64.c (get_arm64_features): Enable runtime feature
detection for openbsd.
2022-06-02 Niels Möller <nisse@lysator.liu.se>
* Released nettle-3.8.
2022-05-23 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (OPT_SOURCES): Add missing file fat-arm64.c.
* config.guess: Update to 2022-05-08 version.
* config.sub: Update to 2022-01-03 version.
2022-05-20 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Bump package version, to 3.8.
(LIBNETTLE_MINOR): Bump minor number, to 8.5.
(LIBHOGWEED_MINOR): Bump minor number, to 6.5.
2022-05-05 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo (CBC): Document cbc_aes128_encrypt,
cbc_aes192_encrypt and cbc_aes256_encrypt.
2022-04-28 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo (Copyright): Deleted incomplete and out of date
list of authors. Replaced by...
* AUTHORS: New updated list of authors and contributions.
2022-02-23 Niels Möller <nisse@lysator.liu.se>
Analogous s390x update, by Mamone Tarsha:
* fat-s390x.c (fat_init): Update fat init for new _ghash_set_key
and _ghash_update functions, delete setup for old gcm functions.
* s390x/fat/ghash-update-2.asm: New file.
* s390x/fat/ghash-set-key-2.asm: New file.
* s390x/fat/gcm-hash.asm: Deleted.
* s390x/msa_x4/gcm-hash.asm: Deleted, split into two new files...
* s390x/msa_x4/ghash-update.asm: New file.
* s390x/msa_x4/ghash-set-key.asm: New file
2022-02-22 Niels Möller <nisse@lysator.liu.se>
* fat-ppc.c (fat_init): Update fat init for new _ghash_set_key
and _ghash_update functions, delete setup for old gcm functions.
* powerpc64/fat/ghash-update-2.asm: New file.
* powerpc64/fat/ghash-set-key-2.asm: New file.
* powerpc64/fat/gcm-hash.asm: Deleted.
* powerpc64/p8/gcm-hash.asm: Deleted, split into two new files...
* powerpc64/p8/ghash-update.asm: New file.
* powerpc64/p8/ghash-set-key.asm: New file
2022-02-21 Niels Möller <nisse@lysator.liu.se>
* fat-arm64.c (fat_init): Update fat init for new _ghash_set_key
and _ghash_update functions, delete setup for old gcm functions.
* arm64/fat/ghash-update-2.asm: New file.
* arm64/fat/ghash-set-key-2.asm: New file.
* arm64/fat/gcm-hash.asm: Deleted.
* ghash-update.c (_nettle_ghash_update_c): New name, for fat builds.
* arm64/crypto/gcm-hash.asm: Deleted, split into two new files...
* arm64/crypto/ghash-set-key.asm: New file.
* arm64/crypto/ghash-update.asm: New file.
2022-02-19 Niels Möller <nisse@lysator.liu.se>
* fat-x86_64.c (fat_init): Update fat init for new _ghash_set_key
and _ghash_update functions, delete setup for old gcm functions.
* fat-setup.h (ghash_set_key_func, ghash_update_func): New
typedefs.
(gcm_init_key_func, gcm_hash_func): Deleted typedefs.
* x86_64/fat/ghash-update.asm: New file.
* x86_64/fat/ghash-update-2.asm: New file.
* x86_64/fat/ghash-set-key-2.asm: New file.
* x86_64/fat/gcm-hash.asm: Deleted.
* ghash-set-key.c (_nettle_ghash_set_key_c): New name, for fat
builds.
* configure.ac (asm_nettle_optional_list): Add ghash-set-key-2.asm
ghash-update-2.asm.
* ghash-set-key.c (_ghash_digest): Deleted, and also deleted
assembly implementations.
* gcm.c (gcm_digest): Replace call to _ghash_digest with block16_xor.
* x86_64/pclmul/gcm-hash.asm: Deleted, split into two new files...
* x86_64/pclmul/ghash-set-key.asm: New file.
* x86_64/pclmul/ghash-update.asm: New file.
* configure.ac (asm_replace_list): Add ghash-set-key.asm ghash-update.asm.
(asm_nettle_optional_list): Delete gcm-hash.asm gcm-hash8.asm.
* x86_64/ghash-update.asm: New file, based on old gcm-hash8.asm,
but without any handling of partial blocks.
* x86_64/gcm-hash8.asm: Deleted.
* ghash-set-key.c (_ghash_digest): Moved function from...
* ghash-update.c (_ghash_digest): ...old location.
2022-02-18 Niels Möller <nisse@lysator.liu.se>
* block-internal.h (block16_zero): New function.
* ghash-internal.h: New file, declaring new internal ghash interface.
* gcm-internal.h: Deleted file.
* ghash-update.c (gcm_gf_shift_8): Moved here (from gcm.c)
(gcm_gf_mul): Likewise.
(_ghash_update): New function, extracted from _nettle_gcm_hash_c.
(_ghash_digest): New function.
* ghash-set-key.c (_ghash_set_key): New file and function.
Extracted from _nettle_gcm_init_key_c and _nettle_gcm_set_key.
* gcm.c (INC32): Deleted macro, used in only one place.
(gcm_set_key): Update to use _ghash_set_key.
(gcm_hash): Renamed, was _gcm_hash, and implemented in terms of
_ghash_update.
(bswap_if_le): New function (copied from nist-keywrap.c).
(gcm_hash_sizes): Use bswap_if_le and _ghash_update.
(gcm_set_iv): Updated to use gcm_hash and block16_zero.
(gcm_digest): Use _ghash_digest.
* testsuite/gcm-test.c (test_ghash_internal): Updated to use
_ghash_set_key and _ghash_update.
* Makefile.in (nettle_SOURCES): Add ghash-set-key.c ghash-update.c.
(DISTFILES): Replaced gcm-internal.h with ghash-internal.h.
2022-02-17 Niels Möller <nisse@lysator.liu.se>
* gcm.c: Require that GCM_TABLE_BITS == 8. Delete old code for
GCM_TABLE_BITS == 0 and GCM_TABLE_BITS == 4.
* gcm-internal.h: Delete checks for GCM_TABLE_BITS != 8.
* fat-x86_64.c: Likewise.
* fat-s390x.c: Likewise.
* fat-ppc.c: Likewise.
* fat-arm64.c: Likewise.
2022-02-15 Niels Möller <nisse@lysator.liu.se>
* fat-x86_64.c: Add fat setup for gcm.
* x86_64/fat/gcm-hash.asm: New file.
* Makefile.in (distdir): Add x86_64/pclmul directory.
* configure.ac: New configure option --enable-x86-pclmul.
(asm_path): Add x86_64/pclmul, if above option is set.
* x86_64/pclmul/gcm-hash.asm: New file, initial implementation of
GCM using the pclmulqdq instructions.
2022-02-08 Niels Möller <nisse@lysator.liu.se>
* gcm-internal.h (_gcm_hash): Arrange so that this is an alias for
the appropriate implementation. Updated all users.
* gcm.c (_nettle_gcm_set_key): New internal function, intended to
make tests of internal ghash functions easier.
(gcm_set_key): Use it.
* testsuite/gcm-test.c (test_ghash_internal): New function.
(test_main): Add tests of internal ghash functions, with keys
corresponding to various single-bit polynomials.
2022-01-28 Niels Möller <nisse@lysator.liu.se>
* testsuite/poly1305-test.c (poly1305_internal): Renamed function,
was test_poly1305_internal.
(test_poly1305_internal): New helper function.
(test_fixed): New function, to test internal functions with fixed
test inputs.
(test_random): Use test_poly1305_internal.
(test_main): Call test_fixed.
* misc/poly1305-gen-example.pike: Program to generate poly1305
inputs with a given digest.
2022-01-27 Niels Möller <nisse@lysator.liu.se>
* x86_64/poly1305-internal.asm: Rewrote. Rearrange folding, so
that all the multiply instructions needed to process a block are
independent of each other. Measured speedup of 16% on AMD zen2 and
28% on Intel broadwell, and expected to be generally faster.
* asm.m4 (P1305): Rearrange struct contents, to fit 64-bit entries
S0 and H2. Total struct size unchanged.
2022-01-25 Niels Möller <nisse@lysator.liu.se>
Chacha implementation for arm64, contributed by Mamone Tarsha.
* arm64/chacha-core-internal.asm: New file.
* arm64/chacha-2core.asm: New file.
* arm64/chacha-4core.asm: New file
2022-01-24 Niels Möller <nisse@lysator.liu.se>
* powerpc64/ecc-secp224r1-modp.asm: New file, contributed by
Amitay Isaacs.
* powerpc64/ecc-curve25519-modp.asm: New file, contributed by
Martin Schwenke & Alastair D´Silva
* powerpc64/ecc-curve448-modp.asm: New file, contributed by Martin
Schwenke & Amitay Isaacs.
2022-01-23 Niels Möller <nisse@lysator.liu.se>
* testsuite/poly1305-test.c (test_poly1305_internal): New function.
(ref_poly1305_internal): New function.
(test_random): New function.
(test_main): Call test_random.
Arrange so that GMP or mini-gmp is always available for tests.
* testsuite/testutils.h [!WITH_HOGWEED]: Include mini-gmp.h.
* testsuite/testutils.c [!WITH_HOGWEED]: Include mini-gmp.c.
2022-01-21 Niels Möller <nisse@lysator.liu.se>
* powerpc64/ecc-secp192r1-modp.asm: New file, contributed by
Amitay Isaacs.
* powerpc64/ecc-secp384r1-modp.asm: New file, contributed by
Martin Schwenke, Amitay Isaacs & Alastair D´Silva.
* powerpc64/ecc-secp521r1-modp.asm: New file, contributed by
Martin Schwenke & Alastair D´Silva.
2022-01-17 Niels Möller <nisse@lysator.liu.se>
* testsuite/testutils.c (test_ecc_point_valid_p): New function,
moved from...
* testsuite/ecdsa-keygen-test.c (ecc_valid_p): ... old copy.
* testsuite/gostdsa-keygen-test.c (ecc_valid_p): ... old copy.
* testsuite/testutils.h: Declare it.
(test_randomize) [NETTLE_USE_MINI_GMP]: Use inline function rather
than macro for dummy definition, to avoid compile time warnings.
2022-01-10 Niels Möller <nisse@lysator.liu.se>
* powerpc64/ecc-secp256r1-redc.asm: Reduce number of registers
used, eliminating save and restore of callee-save registers.
Speedup of 7% reported for POWER9 (and marginal speedup of secp256
sign and verify operations).
2022-01-04 Niels Möller <nisse@lysator.liu.se>
* configure.ac (ELFV2_ABI): New substituted variable, set on
powerpc64 based on the _CALL_ELF define.
* config.m4.in (ELFV2_ABI): Substituted here.
* powerpc64/machine.m4: Use ELFV2_ABI rather than WORDS_BIGENDIAN
to select abi flavor. Intended to support ppc64be + musl, which,
unlike other big-endian configurations, uses ELFv2.
2021-12-09 Niels Möller <nisse@lysator.liu.se>
* x86_64/ecc-secp256r1-redc.asm: New folding scheme with one less
carry propagation phase, and fewer registers, avoiding save and
restore of callee-save registers. 17% speedup of this function on
AMD Ryzen 5, resulting in a modest improvement in ecdsa
performance.
* powerpc64/ecc-secp256r1-redc.asm: New file, contributed by
Amitay Isaacs.
2021-11-29 Niels Möller <nisse@lysator.liu.se>
From Tianjia Zhang: SM3 hash function.
* sm3.h: New file.
* sm3.c: New file.
* sm3-meta.c: New file.
* hmac-sm3.c: New file.
* hmac-sm3-meta.c: New file.
* testsuite/sm3-test.c: New file.
* nettle.texinfo: Document SM3.
2021-11-19 Niels Möller <nisse@lysator.liu.se>
* gmp-glue.c (mpz_limbs_cmp): Deleted function. Usage replaced
with mpz_roinit_n and mpz_cmp.
(mpz_limbs_read_n): Deleted function. Usage in tests only,
replaced with mpz_limbs_copy.
2021-11-15 Niels Möller <nisse@lysator.liu.se>
* testsuite/eddsa-compress-test.c (test_main): Use test_randomize.
* testsuite/ecc-redc-test.c (test_main): Likewise.
* testsuite/ecc-mul-g-test.c (test_main): Likewise.
* testsuite/ecc-mul-a-test.c (test_main): Likewise.
* testsuite/ecc-modinv-test.c (test_modulo): Trim allocation for
result area.
(test_main): Use test_randomize.
* testsuite/ecc-sqrt-test.c (test_sqrt): Trim allocation.
(test_sqrt_ratio): Trim allocation. Fix sqrt_ratio test for v = 0,
failure is expected.
(test_main): Use test_randomize.
2021-11-13 Niels Möller <nisse@lysator.liu.se>
* testsuite/testutils.c (get_random_seed): Move function here.
(test_randomize): New function.
* testsuite/ecc-mod-test.c (get_random_seed): Delete old copy.
(test_main): Use test_randomize.
* testsuite/rsa-compute-root-test.c (get_random_seed): Delete old copy.
(test_main): Use test_randomize.
* ecc-secp224r1.c (ecc_secp224r1_sqrt): Fix result for zero
input, which needs handling as a special case in the
Tonelli-Shanks algorithm.
* testsuite/ecc-sqrt-test.c (test_sqrt_ratio): Check that sqrt(0)
returns 0.
(test_sqrt_ratio): Check that sqrt (0/1) returns 0.
2021-11-11 Niels Möller <nisse@lysator.liu.se>
* eccdata.c (output_curve): Output ecc_sqrt_z and ECC_SQRT_E only
when computed. Fixes uninitialized value bug from previous change.
* ecc-secp384r1.c (ecc_mod_pow_288m32m1): New function.
(ecc_secp384r1_inv): Use ecc_mod_pow_288m32m1.
(ecc_secp384r1_sqrt): Likewise.
* eccdata.c (output_curve): Delete generation of unused values
ecc_sqrt_t and ECC_SQRT_T_BITS.
2021-11-10 Niels Möller <nisse@lysator.liu.se>
* eccdata.c (output_bignum_redc): New function.
(output_curve): Generate both redc and non-redc versions of
ecc_sqrt_z. Fixes secp224r1 sqrt, in configs using redc.
2021-11-08 Niels Möller <nisse@lysator.liu.se>
Square root functions, based on patch by Wim Lewis.
* ecc-internal.h (ecc_mod_sqrt_func): New typedef.
(struct ecc_modulo): Add sqrt function pointer and sqrt_itch.
Update all curve definitions.
* ecc-secp192r1.c (ECC_SECP192R1_SQRT_ITCH): New constant.
(ecc_secp192r1_sqrt): New function.
* ecc-secp256r1.c (ecc_secp256r1_sqrt): New function.
* ecc-secp384r1.c (ecc_secp384r1_sqrt): New function.
* ecc-secp521r1.c (ecc_secp521r1_sqrt): New function.
* ecc-secp224r1.c (ecc_secp224r1_sqrt): New function, using
Tonelli-Shanks' algorithm.
* testsuite/ecc-sqrt-test.c (test_sqrt): New function.
(test_sqrt_ratio): Renamed function (was test_modulo).
(test_main): Test sqrt function, for curves that define it.
* ecc-secp224r1.c (ecc_mod_pow_127m1): New function.
2021-11-07 Niels Möller <nisse@lysator.liu.se>
* ecc-internal.h (struct ecc_modulo): Renamed sqrt_itch to
sqrt_ratio_itch.
* eddsa-decompress.c (_eddsa_decompress_itch): Updated.
* ecc-curve448.c (ECC_CURVE448_SQRT_RATIO_ITCH): Renamed, from ...
(ECC_CURVE448_SQRT_ITCH): ... old name.
(ecc_curve448_sqrt_ratio): Renamed, from ...
(ecc_curve448_sqrt): ... old name.
(_nettle_curve448): Updated.
* ecc-curve25519.c (ECC_25519_SQRT_RATIO_ITCH): Renamed, from ...
(ECC_25519_SQRT_ITCH): ... old name
(ecc_curve25519_sqrt_ratio): Renamed, from ...
(ecc_curve25519_sqrt): ... old name.
(_nettle_curve25519): Updated.
* ecc-internal.h (ecc_mod_sqrt_ratio_func): Renamed typedef...
(ecc_mod_sqrt_func): ... from old name.
(struct ecc_modulo): Renamed corresponding function pointer to
sqrt_ratio. Updated all uses.
2021-10-28 Niels Möller <nisse@lysator.liu.se>
* ecc-mod-arith.c (ecc_mod_equal_p): New function, moved from
ecc-modinv-test.c. Based on patch by Wim Lewis.
* testsuite/ecc-modinv-test.c (mod_eq_p): Deleted, replaced with ecc_mod_equal_p.
2021-10-26 Niels Möller <nisse@lysator.liu.se>
* ecc-mod-arith.c (ecc_mod_zero_p): New function.
* ecc-curve25519.c (ecc_curve25519_zero_p): Use it.
* ecc-curve448.c (ecc_curve448_zero_p): Deleted, usage replaced
with ecc_mod_zero_p.
* testsuite/ecc-modinv-test.c (mod_eq_p): Rewritten to use
ecc_mod_zero_p, and require that one input is canonically reduced.
(zero_p): Deleted, usage replaced with ecc_mod_zero_p.
2021-10-23 Niels Möller <nisse@lysator.liu.se>
* gmp-glue.c (sec_zero_p): New function.
* ecc-curve25519.c (ecc_curve25519_zero_p): Use it.
* ecc-curve448.c (ecc_curve448_zero_p): Use it.
* ecc-random.c (ecdsa_in_range): Use it.
(zero_p): Delete static function.
2021-10-22 Niels Möller <nisse@lysator.liu.se>
* ecc-secp256r1.c: Rework ad-hoc reduction functions. In
particular, arranged to always use single-limb quotients, no q2
quotient carry.
(ecc_secp256r1_modp): Reimplemented, closer to 2/1 division,
(ecc_secp256r1_modq): Reimplemented, closer to divappr2 division.
2021-10-06 Niels Möller <nisse@lysator.liu.se>
* testsuite/ecc-mod-test.c: Extend tests to give better coverage
of corner cases, with input close to a multiple of the modulo.
2021-09-21 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (nettle.pdf): Generate pdf manual using texi2pdf,
rather than texi2dvi + dvips + ps2pdf, which makes hyperlinks work
better.
* nettle.texinfo: Delete explicit node pointers in nettle.texinfo
Instead, rely on makeinfo's automatic pointer creation.
(Cipher functions): Split into nodes, with proper menu.
2021-09-14 Niels Möller <nisse@lysator.liu.se>
* cbc.h (cbc_aes128_encrypt, cbc_aes192_encrypt)
(cbc_aes256_encrypt): Change interface, take cipher context
pointer and iv as separate arguments. Update C and x86_64
implementations and corresponding glue code.
* testsuite/testutils.c (test_aead): Test encrypt/decrypt with
message split into pieces.
2021-09-12 Niels Möller <nisse@lysator.liu.se>
* Merged CBC-AES changes into master branch.
2021-09-09 Niels Möller <nisse@lysator.liu.se>
Implementation of CBC-AES for x86_64 aesni. Roughly 40%-50%
speedup benchmarked on Ryzen 5.
* x86_64/aesni/cbc-aes128-encrypt.asm: New file.
* x86_64/aesni/cbc-aes192-encrypt.asm: New file.
* x86_64/aesni/cbc-aes256-encrypt.asm: New file.
* x86_64/fat/cbc-aes128-encrypt-2.asm: New file.
* x86_64/fat/cbc-aes192-encrypt-2.asm: New file.
* x86_64/fat/cbc-aes256-encrypt-2.asm: New file.
* configure.ac (asm_nettle_optional_list, asm_replace_list): Add
new asm files.
* fat-setup.h (cbc_aes128_encrypt_func, cbc_aes192_encrypt_func)
(cbc_aes256_encrypt_func): New typedefs.
* fat-x86_64.c (fat_init): Use new functions, when aesni is available
2021-09-08 Niels Möller <nisse@lysator.liu.se>
* cbc-aes128-encrypt.c (nettle_cbc_aes128_encrypt): New file and
function.
* cbc-aes192-encrypt.c (cbc_aes192_set_encrypt_key): New file.
* cbc-aes256-encrypt.c (cbc_aes256_set_encrypt_key): New file.
* cbc.h (cbc_aes128_ctx, struct cbc_aes192_ctx, cbc_aes256_ctx):
New context structs. Declare new functions.
* Makefile.in (nettle_SOURCES): Add new files.
* nettle-internal.c (nettle_cbc_aes128, nettle_cbc_aes192)
(nettle_cbc_aes256): New algorithm structs, for tests and
benchmarking.
* testsuite/testutils.c (test_aead): Skip tests of decryption and
authentication, if corresponding function pointers are NULL.
* testsuite/cbc-test.c (test_main): Add tests of new cbc
functions.
* examples/nettle-benchmark.c (time_aead): Skip decrypt benchmark,
if corresponding function pointer is NULL.
2021-09-09 Niels Möller <nisse@lysator.liu.se>
* x86_64/fat/cpuid.asm: Fix usage of W64_ENTRY and W64_EXIT, to
make fat builds work on 64-bit windows.
2021-08-16 Niels Möller <nisse@lysator.liu.se>
S390x functions for sha1, sha256 and sha512, from Mamone Tarsha:
* s390x/msa/sha1-compress.asm: New file.
* s390x/msa_x1/sha256-compress.asm: Likewise.
* s390x/msa_x2/sha512-compress.asm: Likewise.
* s390x/fat/sha1-compress-2.asm: Likewise.
* s390x/fat/sha256-compress-2.asm: Likewise.
* s390x/fat/sha512-compress-2.asm: Likewise.
* fat-s390x.c: Update fat setup.
* Makefile.in (distdir): Add s390x/msa_x1.
2021-08-10 Niels Möller <nisse@lysator.liu.se>
* x86_64/aesni/aes128-encrypt.asm: New file, with 2-way loop.
* x86_64/aesni/aes128-decrypt.asm: Likewise.
* x86_64/aesni/aes192-encrypt.asm: Likewise.
* x86_64/aesni/aes192-decrypt.asm: Likewise.
* x86_64/aesni/aes256-encrypt.asm: Likewise.
* x86_64/aesni/aes256-decrypt.asm: Likewise.
* x86_64/aesni/aes-encrypt-internal.asm: Deleted.
* x86_64/aesni/aes-decrypt-internal.asm: Deleted.
* x86_64/fat/: Corresponding new and deleted files.
* fat-x86_64.c: Update fat setup accordingly.
2021-08-09 Niels Möller <nisse@lysator.liu.se>
Arm64 AES functions, from Mamone Tarsha:
* arm64/crypto/aes128-decrypt.asm: New file.
* arm64/crypto/aes128-encrypt.asm: New file.
* arm64/crypto/aes192-decrypt.asm: New file.
* arm64/crypto/aes192-encrypt.asm: New file.
* arm64/crypto/aes256-decrypt.asm: New file.
* arm64/crypto/aes256-encrypt.asm: New file.
* arm64/fat/aes128-decrypt-2.asm: New file.
* arm64/fat/aes128-encrypt-2.asm: New file.
* arm64/fat/aes192-decrypt-2.asm: New file.
* arm64/fat/aes192-encrypt-2.asm: New file.
* arm64/fat/aes256-decrypt-2.asm: New file.
* arm64/fat/aes256-encrypt-2.asm: New file.
* configure.ac: Add aes to arm64 FAT_TEST_LIST.
* fat-arm64.c: Update fat setup.
2021-08-06 Niels Möller <nisse@lysator.liu.se>
S390x xor functions, from Mamone Tarsha:
* configure.ac: New configure option --enable-s390x-vf.
* fat-s390x.c: Fat setup for memxor3.
* s390x/vf/memxor3.asm: New file.
* s390x/memxor.asm: New file.
* s390x/machine.m4 (XOR_LEN): New macro.
* s390x/fat/memxor3-2.asm: New file.
2021-07-24 Niels Möller <nisse@lysator.liu.se>
Merged s390x code.
GCM and fat build support for s390x, contributed by Mamone Tarsha:
* s390x/machine.m4: New file.
* s390x/msa_x4/gcm-hash.asm: New file.
* fat-s390x.c: New file.
* s390x/fat/cpu-facility.asm: New file.
* s390x/fat/: New wrapper files for aes and gcm assembly.
2021-07-21 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (OPT_SOURCES): Add fat-s390x.c.
2021-05-09 Niels Möller <nisse@lysator.liu.se>
Implementation of AES using s390x "message security assist"
extensions. Contributed by Mamone Tarsha:
* s390x/msa_x1/aes128-decrypt.asm: New file.
* s390x/msa_x1/aes128-encrypt.asm: New file.
* s390x/msa_x1/aes128-set-decrypt-key.asm: New file.
* s390x/msa_x1/aes128-set-encrypt-key.asm: New file.
* s390x/msa_x2/aes192-decrypt.asm: New file.
* s390x/msa_x2/aes192-encrypt.asm: New file.
* s390x/msa_x2/aes192-set-decrypt-key.asm: New file.
* s390x/msa_x2/aes192-set-encrypt-key.asm: New file.
* s390x/msa_x2/aes256-decrypt.asm: New file.
* s390x/msa_x2/aes256-encrypt.asm: New file.
* s390x/msa_x2/aes256-set-decrypt-key.asm: New file.
* s390x/msa_x2/aes256-set-encrypt-key.asm: New file.
* configure.ac: Renamed option to --enable-s390x-msa. Enables both
mas_x1 and msa_x2.
(asm_replace_list): Add more aes files.
* Makefile.in (distdir): Add s390x/msa_x1 s390x/msa_x2 directories.
2021-04-01 Niels Möller <nisse@lysator.liu.se>
Move aes128_encrypt and similar functions to their own files. To
make it easier for assembly implementations to override specific
AES variants.
* aes-decrypt.c: Split file, keep only legacy function aes_decrypt here.
* aes-decrypt-table.c (_nettle_aes_decrypt_table): New file, moved
table here.
* aes128-decrypt.c (aes128_decrypt): New file, moved function here.
* aes192-decrypt.c (aes192_decrypt): New file, moved function here.
* aes256-decrypt.c (aes256_decrypt): New file, moved function here.
* aes-encrypt.c: Split file, keep only legacy function aes_encrypt here.
* aes128-encrypt.c (aes128_encrypt): New file, moved function here.
* aes192-encrypt.c (aes192_encrypt): New file, moved function here.
* aes256-encrypt.c (aes256_encrypt): New file, moved function here.
* Makefile.in (nettle_SOURCES): Add new files.
2021-03-28 Niels Möller <nisse@lysator.liu.se>
Initial config for s390x, contributed by Mamone Tarsha.
* configure.ac: Add flag --enable-s390x-msa-x1. Add ABI check for
s390x, and setup asm_path.
* Makefile.in (distdir): Add s390x directory.
* s390x/README: New file
2021-07-08 Niels Möller <nisse@lysator.liu.se>
* configure.ac (FAT_TEST_LIST): Add sha2 to aarch64 fat tests.
From Mamone Tarsha:
* arm64/fat/sha256-compress-2.asm: New file.
* arm64/crypto/sha256-compress.asm: New file.
* fat-arm64.c: Add setup for nettle_sha1_compress.
2021-06-30 Niels Möller <nisse@lysator.liu.se>
* configure.ac (FAT_TEST_LIST): Add sha1 to aarch64 fat tests.
From Mamone Tarsha:
* fat-arm64.c: Add setup for nettle_sha1_compress.
* arm64/fat/sha1-compress-2.asm: New file.
2021-06-01 Niels Möller <nisse@lysator.liu.se>
From Mamone Tarsha:
* arm64/crypto/sha1-compress.asm: New file.
2021-05-17 Niels Möller <nisse@lysator.liu.se>
Bug fixes merged from from 3.7.3 release (starting from 2021-05-06).
* rsa-decrypt-tr.c (rsa_decrypt_tr): Check up-front that input is
in range.
* rsa-sec-decrypt.c (rsa_sec_decrypt): Likewise.
* rsa-decrypt.c (rsa_decrypt): Likewise.
* testsuite/rsa-encrypt-test.c (test_main): Add tests with input > n.
2021-05-14 Niels Möller <nisse@lysator.liu.se>
* rsa-sign-tr.c (rsa_sec_blind): Delete mn argument.
(_rsa_sec_compute_root_tr): Delete mn argument, instead require
that input size matches key size. Rearrange use of temporary
storage, to support in-place operation, x == m. Update all
callers.
* rsa-decrypt-tr.c (rsa_decrypt_tr): Make zero-padded copy of
input, for calling _rsa_sec_compute_root_tr.
* rsa-sec-decrypt.c (rsa_sec_decrypt): Likewise.
* testsuite/rsa-encrypt-test.c (test_main): Test calling all of
rsa_decrypt, rsa_decrypt_tr, and rsa_sec_decrypt with zero input.
2021-05-06 Niels Möller <nisse@lysator.liu.se>
* pkcs1-sec-decrypt.c (_pkcs1_sec_decrypt): Check that message
length is valid, for given key size.
* testsuite/rsa-sec-decrypt-test.c (test_main): Add test cases for
calls to rsa_sec_decrypt specifying a too large message length.
2021-05-23 Niels Möller <nisse@lysator.liu.se>
From Nicolas Mora: Implement aes key wrap and key unwrap (RFC 3394).
* nist-keywrap.c (bswap_if_le, nist_keywrap16, nist_keyunwrap16)
(aes128_keywrap, aes192_keywrap, aes256_keywrap)
(aes128_keyunwrap, aes192_keyunwrap, aes256_keyunwrap): New file,
new functions.
* nist-keywrap.h: New header file.
* Makefile.in (nettle_SOURCES): Add nist-keywrap.c.
(HEADERS): Add nist-keywrap.h.
* testsuite/aes-keywrap-test.c (test_main): New tests.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Add aes-keywrap-test.c.
2021-04-13 Niels Möller <nisse@lysator.liu.se>
* powerpc64/p8/aes-encrypt-internal.asm (SWAP_MASK): Change macro
name to use all uppercase.
* powerpc64/p8/aes-decrypt-internal.asm (SWAP_MASK): Likewise.
2021-04-11 Niels Möller <nisse@lysator.liu.se>
* config.guess: Update to 2021-01-25 version, from savannah's
config.git. Needed to recognize M1 Macs.
* config.sub: Similarly update to 2021-03-10 version.
2021-03-24 Niels Möller <nisse@lysator.liu.se>
* .gitlab-ci.yml: Add remote tests for s390x.
2021-03-22 Niels Möller <nisse@lysator.liu.se>
Arm64 improvements, including fat build support. Contributed by
Mamone Tarsha:
* configure.ac (asm_path): Setup for arm64 fat builds.
* fat-arm64.c: New file.
* fat-arm64.c: New file.
* arm64/fat/gcm-hash.asm: New file.
* arm64/crypto/gcm-hash.asm: Improved docs. Use m4 macros rather
than as macros.
(LOAD_REV_PARTIAL_BLOCK): New macro.
* arm64/README: Improved docs.
2021-03-21 Niels Möller <nisse@lysator.liu.se>
* Released nettle-3.7.2 with ecc bug-fixes only.
* NEWS: NEWS entries for 3.7.2.
2021-03-13 Niels Möller <nisse@lysator.liu.se>
* gostdsa-vko.c (gostdsa_vko): Use ecc_mod_mul_canonical to
compute the scalar used for ecc multiplication.
* eddsa-hash.c (_eddsa_hash): Ensure result is canonically
reduced. Two of the three call sites need that.
* ecc-gostdsa-verify.c (ecc_gostdsa_verify): Use ecc_mod_mul_canonical
to compute the scalars used for ecc multiplication.
* ecc-ecdsa-sign.c (ecc_ecdsa_sign): Ensure s output is reduced to
canonical range.
* ecc-ecdsa-verify.c (ecc_ecdsa_verify): Use ecc_mod_mul_canonical
to compute the scalars used for ecc multiplication.
* testsuite/ecdsa-verify-test.c (test_main): Add test case that
triggers an assert on 64-bit platforms, without above fix.
* testsuite/ecdsa-sign-test.c (test_main): Test case generating
the same signature.
2021-03-13 Niels Möller <nisse@lysator.liu.se>
* eddsa-verify.c (equal_h): Use ecc_mod_mul_canonical.
2021-03-11 Niels Möller <nisse@lysator.liu.se>
* ecc-mod-arith.c (ecc_mod_mul_canonical, ecc_mod_sqr_canonical):
New functions.
* ecc-internal.h: Declare and document new functions.
* curve448-eh-to-x.c (curve448_eh_to_x): Use ecc_mod_sqr_canonical.
* curve25519-eh-to-x.c (curve25519_eh_to_x): Use ecc_mod_mul_canonical.
* ecc-eh-to-a.c (ecc_eh_to_a): Likewise.
* ecc-j-to-a.c (ecc_j_to_a): Likewise.
* ecc-mul-m.c (ecc_mul_m): Likewise.
2021-03-04 Niels Möller <nisse@lysator.liu.se>
Merged initial arm64 code.
2021-02-03 Niels Möller <nisse@lysator.liu.se>
* arm64/crypto/gcm-hash.asm: Renamed directory, moved file,...
* arm64/v8/gcm-hash.asm: ... old name.
2021-02-02 Niels Möller <nisse@lysator.liu.se>
* arm64/v8/gcm-hash.asm: Add ".arch armv8-a+crypto" directive.
Supported by both GNU as and clang (the latter at least from
version 3.9.1).
* configure.ac: Don't add -march=armv8-a+crypto to CFLAGS.
2021-01-31 Niels Möller <nisse@lysator.liu.se>
* arm64/v8/gcm-hash.asm: New file, contributed by Maamoun TK and
Michael Weiser.
* arm64/README: New file. Document endianness issues, contributed
by Michael Weiser.
2021-02-17 Niels Möller <nisse@lysator.liu.se>
* Released Nettle-3.7.1.
2021-02-15 Niels Möller <nisse@lysator.liu.se>
* examples/nettle-openssl.c (nettle_openssl_arcfour128): Deleted
glue to openssl arcfour.
(openssl_arcfour128_set_encrypt_key)
(openssl_arcfour128_set_decrypt_key): Deleted.
* nettle-internal.h: Deleted declaration.
* examples/nettle-benchmark.c (aeads): Delete benchmarking.
2021-02-13 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Bump package version, to 3.7.1.
(LIBNETTLE_MINOR): Bump minor number, to 8.2.
(LIBHOGWEED_MINOR): Bump minor number, to 6.2.
2021-02-10 Niels Möller <nisse@lysator.liu.se>
* chacha-crypt.c (_nettle_chacha_crypt_4core): Fix for the case
that counter increment should be 3 (129 <= message length <= 192).
(_nettle_chacha_crypt32_4core): Likewise.
* testsuite/chacha-test.c (test_chacha_rounds): New function, for
tests with non-standard round count. Extracted from _test_chacha.
(_test_chacha): Deleted rounds argument. Reorganized crypt/crypt32
handling. When testing message prefixes of varying length, also
encrypt the remainder of the message, to catch errors in counter
value update.
(test_main): Add a few tests with large messages (16 blocks, 1024
octets), to improve test coverage for _nettle_chacha_crypt_4core
and _nettle_chacha_crypt32_4core.
2021-01-25 Niels Möller <nisse@lysator.liu.se>
* arm/neon/salsa20-core-internal.asm: Deleted file. This ARM Neon
implementation reportedly gave a speedup of 45% on Cortex A9,
compared to the C implementation, when it was added back in 2013.
That appears to no longer be the case with more recent processors
and compilers. And it's even significantly slower than the C
implementation on some platforms, including the Raspberry Pi 4.
With the introduction of salsa20-2core.asm, performance of this
function is also less important.
* arm/neon/chacha-core-internal.asm: Deleted file, for analogous reasons.
* arm/fat/salsa20-core-internal-2.asm: Deleted file.
* arm/fat/chacha-core-internal-2.asm: Deleted file.
* fat-arm.c (_nettle_salsa20_core, _nettle_chacha_core): Delete fat setup.
2021-01-31 Niels Möller <nisse@lysator.liu.se>
New variants, contributed by Nicolas Mora.
* pbkdf2-hmac-sha384.c (pbkdf2_hmac_sha384): New file and function.
* pbkdf2-hmac-sha512.c (pbkdf2_hmac_sha512): New file and function.
* testsuite/pbkdf2-test.c (test_main): Corresponding tests.
2021-01-20 Niels Möller <nisse@lysator.liu.se>
* ecc-ecdsa-verify.c (ecc_ecdsa_verify): Fix corner case with
all-zero hash. Reported by Guido Vranken.
* testsuite/ecdsa-verify-test.c: Add corresponding test case.
2021-01-10 Niels Möller <nisse@lysator.liu.se>
* fat-ppc.c: Don't use __GLIBC_PREREQ in the same preprocessor
conditional as defined(__GLIBC_PREREQ), but move to a nested #if
conditional. Fixes compile error on OpenBSD/powerpc64, reported by
Jasper Lievisse Adriaanse.
2021-01-04 Niels Möller <nisse@lysator.liu.se>
* Released Nettle-3.7.
2020-12-27 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Enable fat build by default.
2020-12-26 Niels Möller <nisse@lysator.liu.se>
* NEWS: News entries for Nettle-3.7.
* Makefile.in (distdir): Distribute the README files in assembly
directories.
* configure.ac: Bump package version, to 3.7.
(LIBNETTLE_MINOR): Bump minor number, to 8.1.
(LIBHOGWEED_MINOR): Bump minor number, to 6.1.
2020-12-21 Niels Möller <nisse@lysator.liu.se>
From Mamone Tarsha:
* fat-ppc.c: Check glibc version, and use getauxval only when available.
2020-12-12 Niels Möller <nisse@lysator.liu.se>
* powerpc64/p7/chacha-4core.asm: More interleaving of independent
instructions, gives slight speedup on Power9.
2020-12-01 Niels Möller <nisse@lysator.liu.se>
* powerpc64/p7/chacha-4core.asm: Use protected zone below stack
pointer to save registers, without modifying the stack pointer.
(QR): Instruction level interleaving in the main loop, written by
Torbjörn Granlund.
2020-11-30 Niels Möller <nisse@lysator.liu.se>
* m4-utils.m4 (m4_unquote): New macro, copied from GMP's
mpn/asm-defs.m4.
* chacha-crypt.c: (_nettle_chacha_crypt_4core)
(_nettle_chacha_crypt32_4core): New functions.
(_nettle_chacha_crypt_2core, _nettle_chacha_crypt32_2core):
Deleted, no longer needed.
* chacha-internal.h: Add prototypes for _nettle_chacha_4core and
related functions.
* configure.ac (asm_nettle_optional_list): Add chacha-4core.asm.
* powerpc64/fat/chacha-4core.asm: New file.
* powerpc64/p7/chacha-4core.asm: New file.
* fat-ppc.c (fat_init): When altivec is available, use
_nettle_chacha_crypt_4core and _nettle_chacha_crypt32_4core
instead of _2core variants.
* chacha-crypt.c (_nettle_chacha_crypt32_3core): Fix bug in
handling of counter; this function should not propagate any carry.
* aes-internal.h: Delete name mangling of internal symbols. Update
all internal references to use _nettle prefix.
* camellia-internal.h: Likewise.
* chacha-internal.h: Likewise.
* ctr-internal.h: Likewise.
* dsa-internal.h: Likewise.
* gost28147-internal.h: Likewise.
* poly1305-internal.h: Likewise.
* salsa20-internal.h: Likewise.
* sha3-internal.h: Likewise.
* umac-internal.h: Likewise.
2020-11-26 Niels Möller <nisse@lysator.liu.se>
Enable powerpc64 gcm code in fat builds. Based on patch
contributed by Mamone Tarsha:
* powerpc64/fat/gcm-hash.asm: New file.
* configure.ac: Add HAVE_NATIVE_fat_gcm_init_key and
HAVE_NATIVE_fat_gcm_hash.
* gcm.c (gcm_init_key): Renamed, to ...
(_nettle_gcm_init_key_c): ... new name. Add fat setup conditionals.
(gcm_hash): Renamed, to...
(_nettle_gcm_hash_c): ... new name. Add fat setup conditionals.
* fat-setup.h (gcm_init_key_func, gcm_hash_func): New typedefs.
* fat-ppc.c: Select implementations of _nettle_gcm_init_key and _nettle_gcm_hash.
* gcm-internal.h: New file.
* Makefile.in (DISTFILES): Add gcm-internal.h.
* powerpc64/p8/gcm-hash.asm: New file, contributed by Mamone
Tarsha. Implements _nettle_gcm_init_key and _nettle_gcm_hash.
2020-11-28 Niels Möller <nisse@lysator.liu.se>
* powerpc64/p7/chacha-2core.asm: Simplify counter carry handling
using the vaddcuw instruction.
Merge changes by Marco Bodrato and Torbjorn Granlund, from the
gmp/mini-gmp copy of this file.
* run-tests: Delete special handling of zero arguments. Update
WINEPATH, instead of overwriting it.
2020-11-27 Niels Möller <nisse@lysator.liu.se>
* aclocal.m4: Replace some calls to exit with return, since exit
requires stdlib.h. Including patch contributed by Adrien Béraud.
* testsuite/version-test.c: Include version.h. Patch contributed
by Brian Smith.
2020-11-25 Niels Möller <nisse@lysator.liu.se>
* powerpc64/p7/chacha-2core.asm: Add byte swapping of output, for
big-endian builds.
2020-11-24 Niels Möller <nisse@lysator.liu.se>
Enable ppc chacha_2core in fat builds.
* configure.ac: Add HAVE_NATIVE_fat_chacha_2core.
* chacha-crypt.c: Check HAVE_NATIVE_fat_chacha_2core.
* chacha-internal.h (_chacha_crypt_2core, _chacha_crypt32_2core):
Add declarations.
* fat-ppc.c (fat_init): Use _nettle_chacha_crypt_2core and
_nettle_chacha_crypt32_2core when altivec is available.
* powerpc64/fat/chacha-2core.asm: New file, including p7 version.
2020-11-23 Niels Möller <nisse@lysator.liu.se>
* powerpc64/p7/chacha-2core.asm: New file.
* chacha-crypt.c (_chacha_crypt_2core, _chacha_crypt32_2core): New
variants of chacha_crypt, using _chacha_2core to do two blocks at
a time.
* chacha-internal.h (_chacha_2core, _chacha_2core32): Add declarations.
* configure.ac (asm_nettle_optional_list): Add chacha-2core.asm.
2020-11-14 Niels Möller <nisse@lysator.liu.se>
* ecc-mod-inv.c (ecc_mod_inv): Use passed in scratch for all
scratch needs, don't use memory after the result area.
* ecc-ecdsa-sign.c (ecc_ecdsa_sign): Update invert call.
* ecc-ecdsa-verify.c (ecc_ecdsa_verify): Likewise.
* ecc-eh-to-a.c (ecc_eh_to_a): Likewise.
* ecc-j-to-a.c (ecc_j_to_a): Likewise.
* ecc-gostdsa-verify.c (ecc_gostdsa_verify): Likewise.
* curve25519-eh-to-x.c (curve25519_eh_to_x): Likewise.
* curve448-eh-to-x.c (curve448_eh_to_x): Update invert call, and
reduce scratch need from 9*size to 5*size.
* ecc-internal.h (ECC_MOD_INV_ITCH, ECC_J_TO_A_ITCH)
(ECC_EH_TO_A_ITCH): Update accordingly, but no change in total
scratch need.
2020-11-13 Niels Möller <nisse@lysator.liu.se>
* ecc-internal.h (ECC_J_TO_A_ITCH): Generalize, and take invert
itch as an argument, similarly to ECC_EH_TO_A_ITCH. Updated all
secp and gost curve definitions to use it.
2020-10-21 Niels Möller <nisse@lysator.liu.se>
* ecc-secp384r1.c (ecc_secp384r1_inv): New function, modular
inverse using powering.
(_nettle_secp_384r1): Analogous updates. Increases signing
performance roughly 15% on x86_64.
2020-10-20 Niels Möller <nisse@lysator.liu.se>
* ecc-mod-inv.c (ecc_mod_inv_redc): Deleted, no longer needed.
(ecc_mod_inv_destructive): Deleted, merged with ecc_mod_inv.
* ecc-secp256r1.c (ecc_secp256r1_inv): New function, modular
inverse using powering.
(_nettle_secp_256r1): Analogous updates. Increases signing
performance roughly 6% on x86_64.
* ecc-secp224r1.c (ecc_secp224r1_inv): New function, modular
inverse using powering.
(_nettle_secp_224r1): Analogous updates. Increases signing
performance roughly 17% on x86_64.
2020-10-19 Niels Möller <nisse@lysator.liu.se>
* ecc-secp521r1.c (ecc_secp521r1_inv): New function, modular
inverse using powering.
(_nettle_secp_521r1): Analogous updates. Increases signing
performance roughly 15% on x86_64.
2020-10-15 Niels Möller <nisse@lysator.liu.se>
* ecc-secp192r1.c (ecc_secp192r1_inv): New function, modular
inverse using powering.
(_nettle_secp_192r1): Use it for p.invert, and also update
h_to_a_itch. Increases signing performance roughly 25% on x86_64.
* testsuite/ecc-modinv-test.c (test_modulo): Allow invert function
to return a non-canonical representation.
2020-11-08 Niels Möller <nisse@lysator.liu.se>
Merge refactoring of ecc modulo and reduce functions.
* eddsa-sign.c (_eddsa_sign_itch): Update, since now point
multiplication needs less scratch than point compression.
* eddsa-pubkey.c (_eddsa_public_key_itch): Likewise.
* ecc-internal.h: Update *_ITCH macros for point multiplication
and signatures. They need slightly less scratch after optimization
of the point addition functions.
* ecc-mul-m.c (ecc_mul_m): Reduce scratch need.
(ecc_mul_m): Optimize swapping, with only a single mpn_cnd_swap
per iteration.
* ecc-add-jja.c (ecc_add_jja): Reduce scratch need.
* ecc-add-jjj.c (ecc_add_jjj): Reduce scratch need.
* ecc-internal.h (ECC_ADD_JJA_ITCH, ECC_ADD_JJJ_ITCH): Now 5*size.
(ECC_MUL_M_ITCH): New 8*size.
2020-11-06 Niels Möller <nisse@lysator.liu.se>
After these changes, both curve25519 and curve448 need 4*size for
invert and 6*size for sqrt.
* ecc-curve448.c (ecc_mod_pow_446m224m1): Reduce scratch need.
(ecc_curve448_inv): Likewise.
(ecc_curve448_sqrt): Likewise.
* ecc-curve25519.c (ecc_curve25519_sqrt): Reduce scratch need.
* ecc-add-jja.c (ecc_add_jja): Delete an unneeded copy.
2020-11-05 Niels Möller <nisse@lysator.liu.se>
* ecc-dup-jj.c (ecc_dup_jj): Reduce scratch need.
* ecc-internal.h (ECC_DUP_JJ_ITCH): Now 4*size.
2020-11-03 Niels Möller <nisse@lysator.liu.se>
* ecc-dup-eh.c (ecc_dup_eh): Reduce scratch need.
* ecc-dup-th.c (ecc_dup_th): Analogous changes.
* ecc-internal.h (ECC_DUP_EH_ITCH, ECC_DUP_TH_ITCH): Now 3*size.
* ecc-internal.h (ecc_add_func): Document in-place operation.
* ecc-mul-a-eh.c (ecc_mul_a_eh): Fix call to ecc->add_hhh accordingly.
* testsuite/ecc-add-test.c (test_main): Likewise.
* ecc-add-eh.c (ecc_add_eh): Reduce scratch need.
* ecc-add-th.c (ecc_add_th): Analogous changes.
* ecc-add-ehh.c (ecc_add_ehh): Reduce scratch need.
* ecc-add-thh.c (ecc_add_thh): Analogous changes.
* ecc-internal.h (ECC_ADD_EH_ITCH, ECC_ADD_EHH_ITCH)
(ECC_ADD_TH_ITCH, ECC_ADD_THH_ITCH): Now 4*size.
2020-11-02 Niels Möller <nisse@lysator.liu.se>
* ecc-curve25519.c (ecc_mod_pow_252m3): Reduce scratch need.
(ecc_curve25519_inv): Likewise.
(ecc_curve25519_sqrt): Likewise.
2020-11-01 Niels Möller <nisse@lysator.liu.se>
* ecc-mod-arith.c (ecc_mod_mul, ecc_mod_sqr): Separate argument
for scratch area, reducing required size of result area. Update
all callers to naïvely keep using result in scratch area.
(ecc_mod_pow_2k, ecc_mod_pow_2k_mul): Simplified, also reducing
required size of result area.
* testsuite/testutils.c (test_ecc_point): Show curve bits on failure.
2020-10-31 Niels Möller <nisse@lysator.liu.se>
* ecc-internal.h (typedef ecc_mod_func): Updated all assembly
implementations.
* testsuite/ecc-mod-test.c (test_one): Extend tests, to also test
with different destination area.
* testsuite/ecc-redc-test.c (test_main): Likewise.
2020-10-30 Niels Möller <nisse@lysator.liu.se>
* ecc-internal.h (typedef ecc_mod_func): Add separate result
argument. Updated all C implementations and callers.
2020-10-29 Niels Möller <nisse@lysator.liu.se>
* ecc-mod.c (ecc_mod): More unified handling of final carry
folding. Also eliminates a goto statement.
2020-11-07 Niels Möller <nisse@lysator.liu.se>
Merged initial powerpc64 implementation of chacha.
* configure.ac: New command line option --enable-power-altivec.
Update asm_path logic, and add altivec to FAT_TEST_LIST.
* fat-ppc.c (get_ppc_features): Add logic to check for altivec and
vsx support, and select aither C or altivec implementation of
chacha_core.
* powerpc64/p7/chacha-core-internal.asm: New file.
2020-09-25 Niels Möller <nisse@lysator.liu.se>
* powerpc64/p7/chacha-core-internal.asm: New file.
* Makefile.in (distdir): Add powerpc64/p7.
2020-10-29 Niels Möller <nisse@lysator.liu.se>
* blowfish.c (blowfish_set_key): Add casts to uint32_t. Avoids
undefined behavior, since shifting an 8-bit value left by 24 bits
overflows the range of signed int. Reported by Guido Vranken.
2020-10-28 Niels Möller <nisse@lysator.liu.se>
* gmp-glue.h (cnd_add_n, cnd_sub_n, cnd_swap): Deleted, use
corresponding functions mpn_cnd_add_n, mpn_cnd_sub_n,
mpn_cnd_swap, available from GMP version 6.1.0. Update all
callers, in particular, mpn_cnd_add_n and mpn_cnd_sub_n has one
more argument than the old functions.
* gmp-glue.c (mpn_cnd_add_n, mpn_cnd_sub_n, mpn_cnd_swap)
[NETTLE_USE_MINI_GMP]: Fallback definitions or mini-gmp builds.
2020-10-14 Niels Möller <nisse@lysator.liu.se>
* ecc-mod-arith.c (ecc_mod_pow_2k, ecc_mod_pow_2k_mul): Moved
functions here.
* ecc-internal.h (ecc_mod_pow_2kp1): New macro, calling the more
general ecc_mod_pow_2k_mul.
* ecc-curve25519.c (ecc_mod_pow_2kp1): Deleted static function.
* ecc-curve448.c (ecc_mod_pow_2k, ecc_mod_pow_2kp1): Deleted
static functions.
2020-10-13 Niels Möller <nisse@lysator.liu.se>
* ecc-mod-inv.c (ecc_mod_inv_destructive): New helper function,
not preserving input argument. Extracted from old ecc_mod_inv.
(ecc_mod_inv): Call ecc_mod_inv_destructive.
(ecc_mod_inv_redc): New inversion function, with input and output
in redc form.
* ecc-secp224r1.c: Select between ecc_mod_inv and ecc_mod_inv_redc.
* ecc-secp256r1.c: Likewise.
* ecc-j-to-a.c (ecc_j_to_a): Simplify redc-related logic, taking
advantage of ecc->p.invert handling redc, when appropriate. Reduce
scratch need from 5n to 4n in the process (assuming inversion
needs 2n).
* testsuite/ecc-modinv-test.c (ref_modinv): Updated to do redc, if
appropriate.
2020-09-25 Niels Möller <nisse@lysator.liu.se>
* gcm.c (gcm_fill): Added separate implementations for big- and
little-endian, to use uint64_t stores and less overhead.
2020-09-24 Niels Möller <nisse@lysator.liu.se>
* aclocal.m4 (GMP_ASM_POWERPC_R_REGISTERS): Prefer to use register
names. Can be tested by configuring with CC='gcc -Wa,-mregnames'.
2020-09-21 Niels Möller <nisse@lysator.liu.se>
* m4-utils.m4: New file with m4 utilities, copied from GMP's
mpn/asm-defs.m4.
* Makefile.in (DISTFILES): Add m4-utils.m4.
(%.asm): Include m4-utils.m4 for preprocessing of .asm files, and
include config.m4 before machine.m4.
* aclocal.m4 (GMP_ASM_POWERPC_R_REGISTERS): New configure test,
adapted from corresponding test in GMP's acinlude.m4.
* configure.ac (ASM_PPC_WANT_R_REGISTERS): New substituted
variable. Set using GMP_ASM_POWERPC_R_REGISTERS, when powerpc64
assembly code is enabled.
* config.m4.in: Substituted here.
* powerpc64/machine.m4: Check ASM_PPC_WANT_R_REGISTERS, and
if needed, replace register names like r0, r1, ... with integers.
2020-09-15 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (DISTFILES): Add missing file blowfish-internal.h.
2020-09-14 Niels Möller <nisse@lysator.liu.se>
* asm.m4: Delete use of changequote, stick to the m4 default
quoting characters `'. Updated all assembly and m4 files.
* x86_64/machine.m4 (W64_ENTRY, W64_EXIT): Delete quoting workaround.
2020-09-12 Niels Möller <nisse@lysator.liu.se>
* x86_64/salsa20-2core.asm: Fix incorrect W64_EXIT.
2020-08-29 Niels Möller <nisse@lysator.liu.se>
Initial powerpc64 assembly support, contributed by Mamone Tarsha:
* configure.ac: New configure option --enable-power-crypto-ext.
(asm_path): Setup this and related variables for powerpc64.
* powerpc64/machine.m4: New file.
* powerpc64/README: New file.
* powerpc64/p8/aes-encrypt-internal.asm: New file.
* powerpc64/p8/aes-decrypt-internal.asm: New file.
* powerpc64/fat/aes-encrypt-internal-2.asm: New file.
* powerpc64/fat/aes-decrypt-internal-2.asm: New file.
* fat-ppc.c: New file.
* Makefile.in (OPT_SOURCES): Add fat-ppc.c.
(distdir): Add powerpc64 directories.
* aes-decrypt-internal.c (_nettle_aes_decrypt_c): Alternative
name, for fat builds.
* aes-encrypt-internal.c (_nettle_aes_encrypt_c): Likewise.
2020-07-28 Niels Möller <nisse@lysator.liu.se>
* configure.ac (FAT_TEST_LIST): New substituted variable. Set for
fat builds, otherwise empty.
* Makefile.in (check-fat): New target, using $(FAT_TEST_LIST).
2020-07-13 Niels Möller <nisse@lysator.liu.se>
* chacha-crypt.c (chacha_crypt) [HAVE_NATIVE_chacha_3core]: Use
_chacha_3core.
* arm/neon/chacha-3core.asm: New file, 3-way interleaving of
chacha.
2020-07-11 Niels Möller <nisse@lysator.liu.se>
* testsuite/chacha-test.c (test_main): Delete obsolete tests for
chacha with 128-bit keys. #if:ed out since 2014-03-04, see below.
(test_chacha_core): New function, test chacha with simple input
structure.
2020-07-10 Niels Möller <nisse@lysator.liu.se>
* x86_64/salsa20-2core.asm: New file.
* x86_64/salsa20-crypt.asm: Deleted, since the 2core assembly is
faster.
2020-07-08 Niels Möller <nisse@lysator.liu.se>
Rearrange salsa20, enabling ARM fat builds to use sala20_2core.
* salsa20-crypt-internal.c (_salsa20_crypt_2core)
(_salsa20_crypt_1core): New file, new functions. One or the other
is used for implementing salsa20_crypt and salsa20r12_crypt,
depending on availability of salsa20_2core.
* salsa20-crypt.c (salsa20_crypt): Call _salsa20_crypt.
* salsa20r12-crypt.c (salsa20r12_crypt): Likewise.
* salsa20-internal.h: Declare new internal functions.
* Makefile.in (nettle_SOURCES): Add salsa20-crypt-internal.c.
* fat-setup.h (salsa20_crypt_func): New typedef.
* fat-arm.c (_salsa20_crypt): Select _salsa20_crypt
implementation, use 2core version when Neon instructions are
available.
* arm/fat/salsa20-2core.asm: New file, including Neon
implementation. Trigger configure's HAVE_NATIVE_fat_salsa20_2core,
* configure.ac: Add HAVE_NATIVE_fat_salsa20_2core, to identify the
case that salsa20_2core is defined, but runtime checks are needed
to determine if it is usable.
2020-07-06 Niels Möller <nisse@lysator.liu.se>
* testsuite/salsa20-test.c (test_salsa20_core): New function, test
salsa20 with simple input structure.
* configure.ac: Obey --enable-arm-neon=yes, even if not explicitly
targetting ARM v6 or later.
2020-07-01 Niels Möller <nisse@lysator.liu.se>
* testsuite/bcrypt-test.c: New file. Moved bcrypt tests here.
Support for bcrypt, contributed by Stephen R. van den Berg.
* blowfish-bcrypt.c (blowfish_bcrypt_hash)
(blowfish_bcrypt_verify): New file, new functions.
* blowfish-internal.h: New header file, declaring internals needed
for bcrypt.
* testsuite/blowfish-test.c: Add bcrypt tests.
* nettle.texinfo (Cipher functions): Document bcrypt.
2020-06-30 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo (Miscellaneous hash functions): New section, with
Streebog documentation, contributed by Dmitry Baryshkov.
(Top): Added some missing entries to the detailed node listing
2020-06-29 Niels Möller <nisse@lysator.liu.se>
* .gitlab-ci.yml: Add cross tests for powerpc64le, based on patch
by Maamoun TK.
2020-06-25 Niels Möller <nisse@lysator.liu.se>
* x86_64/chacha-core-internal.asm (QROUND): Fix use of macro
arguments. Spotted by Torbjörn Granlund.
2020-06-02 Niels Möller <nisse@lysator.liu.se>
* examples/nettle-benchmark.c (main): Delete call to
time_overhead. The attempt to measure function call overhead is
not very useful or accurate. The benchmarking loop is optimized
away by gcc-10, making the benchmark program hang.
(bench_nothing, time_overhead): Deleted.
2020-04-29 Niels Möller <nisse@lysator.liu.se>
* Released Nettle-3.6.
2020-04-27 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Tweak gcc command line options. Delete checks for
older gcc versions. Add -Wno-sign-compare, since warnings for
signed/unsigned comparisons adds a lot of noise, in particular
when building mini-gmp.
* mini-gmp.c: Updated mini-gmp from the gmp repository, latest
change from 2020-04-20.
* mini-gmp.h: Likewise.
2020-04-25 Niels Möller <nisse@lysator.liu.se>
* gmp-glue.c (mpz_limbs_read, mpz_limbs_write, mpz_limbs_modify)
(mpz_limbs_finish, mpz_roinit_n): Delete compatibility
definitions. These functions available in GMP since version 6.0.0.
* gmp-glue.h: Delete corresponding declarations, and preprocessor
conditions.
* configure.ac: Update required version of GMP to 6.1.0, needed
for mpn_zero_p.
* ecc-ecdsa-verify.c (zero_p): Deleted static function, usage
replaced with mpn_zero_p.
* testsuite/testutils.c (mpn_zero_p): Delete conditional
definition.
* testsuite/testutils.h: Delete corresponding declarations.
* Makefile.in (DISTFILES): Add poly1305-internal.h.
* testsuite/Makefile.in (DISTFILES): Delete setup-env.
2020-04-23 Niels Möller <nisse@lysator.liu.se>
* run-tests: Set WINEPATH, since it appears wine doesn't search
for dlls in the unix PATH.
* examples/setup-env: Delete creation of extra dll symlinks.
* examples/teardown-env: Delete corresponding cleanup.
* testsuite/setup-env: Deleted file (same symlink creation).
* testsuite/teardown-env: Delete corresponding cleanup.
* testsuite/ecc-add-test.c (test_main): Delete ASSERTs with
functions pointer comparisons. They provide little value, and fail
when linking with hogweed.dll on windows.
* testsuite/ecc-dup-test.c (test_main): Likewise.
2020-04-22 Niels Möller <nisse@lysator.liu.se>
* testsuite/Makefile.in: Use pattern rules for test executables,
replacing...
(test-rules): ...deleted rule.
* testsuite/.test-rules.make: Deleted file.
2020-04-21 Niels Möller <nisse@lysator.liu.se>
From Dmitry Baryshkov:
* gostdsa-vko.c (gostdsa_vko): New file and function.
* testsuite/gostdsa-vko-test.c (test_vko): New test.
* nettle.texinfo (GOSTDSA): Document it.
2020-04-19 Niels Möller <nisse@lysator.liu.se>
From Dmitry Baryshkov:
* gosthash94.h (struct gosthash94_ctx): Rearrange struct to enable
use of MD_UPDATE macro, in particular, replacing byte count with
block count and index. Also move buffer last, for consistency with
other hash functions.
* gosthash94.c (gosthash94_update_int): Use MD_UPDATE macro.
(gosthash94_write_digest): Update for block count rather than byte
count.
2020-04-17 Niels Möller <nisse@lysator.liu.se>
* configure.ac (LIBNETTLE_MAJOR): Increase libnettle version
number to 8.0, for move of internal poly1305 functions.
(LIBNETTLE_MINOR): Reset to zero.
2020-04-15 Niels Möller <nisse@lysator.liu.se>
From Dmitry Baryshkov:
* poly1305.h (poly1305_set_key, poly1305_digest, _poly1305_block):
Removed declarations from this public header file.
* poly1305-internal.h: New file, with declarations of internal
poly1305 functions.
(_poly1305_set_key, _poly1305_digest): Renamed, with leading
underscore. Updated definitions and all uses.
2020-04-12 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (DISTFILES): Reorder to ensure that generated des
headers can't be older than desdata.stamp.
* testsuite/ed448-test.c: Define _GNU_SOURCE, for getline with gcc
-std=c89.
2020-04-06 Niels Möller <nisse@lysator.liu.se>
* configure.ac (LIBHOGWEED_MAJOR): Increase libhogweed version
number to 6.0, at request of Gnutls team.
(LIBHOGWEED_MINOR): Reset to zero.
2020-04-01 Niels Möller <nisse@lysator.liu.se>
* config.guess: Update to 2020-01-01 version, from savannah's
config.git.
* config.sub: Likewise.
2020-03-31 Niels Möller <nisse@lysator.liu.se>
* aclocal.m4 (LSH_TYPE_SOCKLEN_T, LSH_CHECK_KRB_LIB, LSH_LIB_ARGP)
(LSH_MAKE_CONDITIONAL): Delete unused macros.
* config.make.in (abs_top_builddir, TEST_SHLIB_DIR): New variables.
* run-tests: Check TEST_SHLIB_DIR, and set up LD_LIBRARY_PATH and
related member variables.
* testsuite/Makefile.in (check): Pass only TEST_SHLIB_DIR
to the run-tests script, and leave setting of LD_LIBRARY_PATH and
related variables to that script.
* examples/Makefile.in (check): Likewise.
2020-03-26 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Bump package version to 3.6.
(LIBNETTLE_MINOR): Bump minor number, now 7.1.
(LIBHOGWEED_MINOR): Bump minor numbers, now 5.1
2020-03-14 Niels Möller <nisse@lysator.liu.se>
From H.J. Lu:
* configure.ac (ASM_X86_ENDBR, ASM_X86_MARK_CET_ALIGN): New
substituted variables.
* config.m4.in: Substituted here. Add ASM_X86_MARK_CET to
diversion inserted at end of assembly files.
* asm.m4 (PROLOGUE): Add ASM_X86_ENDBR at entry point.
2020-03-09 Niels Möller <nisse@lysator.liu.se>
From Daiki Ueno:
* chacha-crypt.c (chacha_crypt32): New function.
* chacha-set-nonce.c (chacha_set_counter, chacha_set_counter32):
New functions.
* chacha.h (CHACHA_COUNTER_SIZE, CHACHA_COUNTER32_SIZE): New constants.
* chacha-poly1305.c (chacha_poly1305_encrypt)
(chacha_poly1305_decrypt): Use chacha_crypt32.
* testsuite/chacha-test.c: Update tests to use new functions.
* nettle.texinfo: Document new chacha functions, and update
out-of-date chacha-poly1305 documentation.
2020-03-08 Niels Möller <nisse@lysator.liu.se>
From Dmitry Baryshkov:
* cmac-des3-meta.c (nettle_cmac_des): New file, moving definition
from...
* testsuite/cmac-test.c: ... old location.
* nettle-meta.h (nettle_cmac_des): Declare it.
2020-02-15 Niels Möller <nisse@lysator.liu.se>
From Dmitry Baryshkov:
* ecc-internal.h (ecc_modq_add, ecc_modq_mul, ecc_modp_sqr)
(ecc_modp_mul, ecc_mod_submul_1, ecc_modp_mul_1, ecc_modp_add)
(ecc_modp_sub): Deleted macros. Updated callers to use respective
functions instead.
(ecc_modp_addmul_1): Delete unused macro.
2020-02-09 Niels Möller <nisse@lysator.liu.se>
Addition of struct nettle_mac based on patches by Daiki Ueno.
* nettle-meta-macs.c (nettle_get_macs): New file, new function.
* testsuite/meta-mac-test.c: New test.
* nettle-meta.h (_NETTLE_HMAC): New macro.
(nettle_hmac_md5, nettle_hmac_ripemd160, nettle_hmac_sha1)
(nettle_hmac_sha224, nettle_hmac_sha256, nettle_hmac_sha384)
(nettle_hmac_sha512): Declare.
(struct nettle_mac): New public struct,
* testsuite/testutils.h: ...moved from this file.
* hmac-md5-meta.c: New file.
* hmac-ripemd160-meta.c: Likewise.
* hmac-sha1-meta.c: Likewise.
* hmac-sha224-meta.c: Likewise.
* hmac-sha256-meta.c: Likewise.
* hmac-sha384-meta.c: Likewise.
* hmac-sha512-meta.c: Likewise.
* Makefile.in (nettle_SOURCES): Add new files.
* testsuite/testutils.h (_NETTLE_HMAC): Delete unused version of
this macro.
* testsuite/testutils.c (test_mac): Allow testing with smaller
digest size.
* testsuite/hmac-test.c (test_main): Use test_mac for tests using
key size == digest size.
* testsuite/cmac-test.c (nettle_cmac_aes128, nettle_cmac_aes256):
Moved to...
* cmac-aes128-meta.c: New file.
* cmac-aes256-meta.c: New file.
* nettle-meta.h (struct nettle_mac): New public struct,
* testsuite/testutils.h: ...moved from this file.
2020-02-06 Niels Möller <nisse@lysator.liu.se>
From Dmitry Baryshkov:
* gost28147.h: Deleted, move declarations to gost28147-internal.h.
2020-02-05 Niels Möller <nisse@lysator.liu.se>
* configure.ac: On Solaris, link shared libraries with --shared
rather than -G. For gcc, --shared is the proper way. For Solaris'
proprietary cc, according to docs, it accepts --shared as an alias
for -G since Oracle Solaris Studio 12.4, and it was made more gcc
compatible in later versions. Since 12.4 was released in 2014,
don't attempt to cater for older versions.
2020-01-26 Niels Möller <nisse@lysator.liu.se>
* ecc-internal.h (struct ecc_curve): Delete g, the curve
generator, since it was used only by tests. Update all curve
instances.
* eccdata.c (output_curve): Delete output of ecc_g.
(output_point): Delete name argument, and update callers.
* testsuite/testutils.c (ecc_ref): Table of reference points moved
out of test_ecc_mul_a. Add generator to the list of points.
(test_ecc_mul_a): Use ecc_ref table also for the n == 1 case.
(test_ecc_ga, test_ecc_get_g, test_ecc_get_ga): New functions,
using the tabulated generator.
* testsuite/ecc-add-test.c: Use test_ecc_get_g, instead of
accessing ecc->g.
* testsuite/ecc-dup-test.c: Likewise.
* testsuite/ecc-mul-a-test.c: Use test_ecc_get_ga and test_ecc_ga.
Delete special case for n == 1.
* testsuite/ecc-mul-g-test.c: Use test_ecc_ga.
Support for GOST DSA, contributed by Dmitry Baryshkov.
* gostdsa-verify.c (gostdsa_verify): New file and function.
* gostdsa-sign.c (gostdsa_sign): New file and function.
* ecc-gostdsa-verify.c (ecdsa_in_range, ecc_gostdsa_verify_itch)
(ecc_gostdsa_verify): New file and functions.
* ecc-gostdsa-sign.c (ecc_gostdsa_sign_itch, ecc_gostdsa_sign):
New file and functions.
* ecc-internal.h (ECC_GOSTDSA_SIGN_ITCH): New macro.
* ecc-hash.c (gost_hash): New function.
* testsuite/gostdsa-verify-test.c: New test.
* testsuite/gostdsa-sign-test.c: New test.
* testsuite/gostdsa-keygen-test.c: New test.
* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Add new tests.
Support for GOST gc256b and gc512a curves, contributed by Dmitry
Baryshkov.
* eccdata.c (ecc_curve_init): Add parameters for gost_gc256b and
gost_gc512a.
* ecc-gost-gc256b.c: New file, define _nettle_gost_gc256b.
* ecc-gost-gc512a.c: New file, define _nettle_gost_gc512a.
* Makefile.in: Add rules to generate ecc-gost-gc256b.h and
ecc-gost-gc512a.h.
(hogweed_SOURCES): Add ecc-gost-gc256b.c ecc-gost-gc512a.c.
* examples/ecc-benchmark.c (curves): Add to list.
* testsuite/testutils.c (ecc_curves): Add to list.
(test_ecc_mul_a): Reference points for new curves.
* NEWS: Started on entries for Nettle-3.6.
2020-01-25 Niels Möller <nisse@lysator.liu.se>
* examples/hogweed-benchmark.c (bench_curve_init): Pass correct
sizes to knuth_lfib_random. Patch contributed by Dmitry Baryshkov.
2020-01-15 Niels Möller <nisse@lysator.liu.se>
* Makefile.in: Replace suffix rules by pattern rules. Move .asm
rule above .c rule, since now the order of rules in the Makefile
matters, rather than the order in the .SUFFIXES list.
(aesdata, desdata, twofishdata, shadata, gcmdata, eccparams):
Individual rules replaced by a pattern rule.
(eccdata): Add explicit dependencies, to complement the pattern
rule.
* examples/Makefile.in: Replace suffix rules by pattern rules.
* testsuite/Makefile.in: Likewise.
* tools/Makefile.in: Likewise.
* config.make.in: Empty .SUFFIXES, to not accidentally use any
suffix rules.
* aclocal.m4 (DEP_INCLUDE): Delete substituted variable.
* Makefile.in: Use the GNU make directive -include to include
dependency .d files. Delete dependency files on make clean.
* examples/Makefile.in: Likewise.
* testsuite/Makefile.in: Likewise. Also use $(OBJEXT) properly.
* tools/Makefile.in: Likewise.
* configure.ac (dummy-dep-files): Delete these config commands.
2020-01-10 Niels Möller <nisse@lysator.liu.se>
From Dmitry Eremin-Solenikov: Consistently rename ecc files and
internal functions to include curve name rather than just number
of bits. E.g.,
* ecc-256.c (nettle_ecc_256_redc): File and function renamed to...
* ecc-secp256r1.c (_nettle_ecc_256_redc): ... new names.
* eccdata.c (ecc_curve_init, main): Take curve name as input, not
bit size.
2020-01-03 Niels Möller <nisse@lysator.liu.se>
Add benchmarking of ed25519, ed448 and curve448.
* examples/hogweed-benchmark.c: (struct eddsa_ctx): New struct.
(bench_eddsa_init, bench_eddsa_sign, bench_eddsa_verify)
(bench_eddsa_clear): New functions.
(struct curve_ctx): New struct, generalizing struct curve25519_ctx.
(bench_curve_init, bench_curve_mul_g, bench_curve_mul)
(bench_curve_clear): New functions.
(struct curve25519_ctx, bench_curve25519_mul_g)
(bench_curve25519_mul, bench_curve25519): Deleted.
(alg_list): Add eddsa and curve entries.
(main): Delete call to bench_curve25519.
2020-01-02 Niels Möller <nisse@lysator.liu.se>
* eddsa-internal.h (nettle_eddsa_dom_func): New typedef.
(struct ecc_eddsa): Use function pointer to represent eddsa dom
string. To avoid calling sha512_update with empty input for
ed25519.
* ed448-shake256.c (ed448_dom): New function, calling
sha3_256_update with the magic dom prefix.
(_nettle_ed448_shake256): Point to it.
* ed25519-sha512.c (_nettle_ed25519_sha512): Add do-nothing dom function.
* eddsa-sign.c (_eddsa_sign): Update to use dom function pointer.
* eddsa-verify.c (_eddsa_verify): Likewise.
* eddsa-internal.h (struct ecc_eddsa): Add magic dom string,
needed for ed448.
* ed25519-sha512.c (_nettle_ed25519_sha512): Empty dom string.
* ed448-shake256.c (_nettle_ed448_shake256): New file and
parameter struct.
* eddsa-hash.c (_eddsa_hash): Add digest_size as input argument.
Handle ed448 digests with two extra bytes. Update callers.
* eddsa-verify.c (_eddsa_verify): Hash dom string.
* eddsa-sign.c (_eddsa_sign_itch): Assert that
_eddsa_compress_itch isn't too large.
(_eddsa_sign): New argument k1, with the hash prefix. Add hashing
of this prefix and the dom string. Update callers. Fix final
reduction, it's different for ed25519, with q slightly larger than
a power of two, and ed448, with q slightly smaller.
* eddsa-pubkey.c (_eddsa_public_key_itch): Assert that
_eddsa_compress_itch isn't too large.
Implementation of ed448-shake256, based on patch by Daiki Ueno.
* ed448-shake256-pubkey.c (ed448_shake256_public_key): New file
and function.
* ed448-shake256-sign.c (ed448_shake256_sign): New file and function.
* ed448-shake256-verify.c (ed448_shake256_verify): New file and function.
* Makefile.in (hogweed_SOURCES): Add new ed448 files.
* testsuite/eddsa-verify-test.c (test_ed448): New function.
(test_main): New ed448 tests.
* testsuite/eddsa-sign-test.c (test_ed448_sign): New function.
(test_main): New ed448 tests.
* testsuite/ed448-test.c: New tests.
* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Add ed448-test.c.
* nettle.texinfo (Curve 25519 and Curve 448): Document ed448.
2020-01-01 Niels Möller <nisse@lysator.liu.se>
* ecc-448.c (ecc_mod_pow_2kp1): New function.
(ecc_mod_pow_446m224m1): Reduce scratch usage from 6*n to 5*n, at
the cost of one copy operation. Also use ecc_mod_pow_2kp1 where
applicable.
(ECC_448_INV_ITCH): Reduce to 5*ECC_LIMB_SIZE.
(ECC_448_SQRT_ITCH): Reduce to 9*ECC_LIMB_SIZE.
* testsuite/eddsa-compress-test.c: Test also with curve448.
2019-12-30 Niels Möller <nisse@lysator.liu.se>
Preparation for ed448, based on patch by Daiki Ueno.
* eddsa-internal.h (struct ecc_eddsa): New struct for eddsa
parameters.
* ed25519-sha512.c (_nettle_ed25519_sha512): New parameter struct.
* eddsa-expand.c (_eddsa_expand_key): Replace input
struct nettle_hash with struct ecc_eddsa, and generalize for
ed448. Update all callers.
* eddsa-sign.c (_eddsa_sign): Likewise.
* eddsa-verify.c (_eddsa_verify): Likewise.
* eddsa-compress.c (_eddsa_compress): Store sign bit in most
significant bit of last byte, as specified by RFC 8032.
* eddsa-decompress.c (_eddsa_decompress): Corresponding update.
Also generalize to support ed448, and make validity checks
stricter.
* testsuite/eddsa-sign-test.c (test_ed25519_sign): New function.
(test_main): Use it.
* testsuite/eddsa-verify-test.c (test_ed25519): New function.
(test_main): Use it.
2019-12-28 Niels Möller <nisse@lysator.liu.se>
* bignum.h: Drop unrelated include of nettle-meta.h.
* pss.h: Include nettle-meta.h explicitly.
* eddsa-internal.h: Likewise.
2019-12-25 Niels Möller <nisse@lysator.liu.se>
Support for SHAKE256, based on patch by Daiki Ueno.
* shake256.c (sha3_256_shake): New file and function.
* Makefile.in (nettle_SOURCES): Add shake256.c.
* testsuite/testutils.c (test_hash): Allow arbitrary digest size,
if hash->digest_size == 0.
* testsuite/shake.awk: New script to extract test vectors.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Add shake256-test.c.
(DISTFILES): Add shake.awk.
* nettle.texinfo (Recommended hash functions): Document SHAKE-256.
* sha3.c (_sha3_pad): Generalized with an argument for the magic
suffix defining the sha3 instance.
* sha3-internal.h (_sha3_pad_hash): New macro, for SHA3 hashes.
Updated all callers of _sha3_pad.
(_sha3_pad_shake): New macro, using the SHAKE magic byte 0x1f.
2019-12-19 Niels Möller <nisse@lysator.liu.se>
* ecc-mul-a-eh.c (ecc_mul_a_eh) [ECC_MUL_A_EH_WBITS == 0]: Use
add_hh rather than add_hhh.
(table_init) [[ECC_MUL_A_EH_WBITS > 0]: Likewise.
* ecc-internal.h (ECC_MUL_A_EH_ITCH) [ECC_MUL_A_EH_WBITS == 0]:
Reduced from 13*n to 12*n.
2019-12-18 Niels Möller <nisse@lysator.liu.se>
Rename add and dup functions for Edwards curves.
* ecc-dup-th.c (ecc_dup_th): New file, move and rename ecc_dup_eh.
* ecc-add-th.c (ecc_add_th): New file, move and rename ecc_add_eh.
* ecc-add-thh.c (ecc_add_thh): New file, move and rename
ecc_add_ehh.
* ecc-dup-eh.c (ecc_dup_eh_untwisted): Rename to just ecc_dup_eh.
* ecc-add-eh.c (ecc_add_ehh_untwisted): Rename to just ecc_add_eh.
* ecc-add-ehh.c (ecc_add_ehh_untwisted): Rename to just ecc_add_ehh.
* ecc-internal.h (ecc_dup_th, ecc_add_th, ecc_add_thh): Declare
new functions, delete declarations of ecc_*_untwisted variants.
(ECC_DUP_TH_ITCH, ECC_ADD_TH_ITCH, ECC_ADD_THH_ITCH): New macros.
* ecc-25519.c (_nettle_curve25519): Update, use ecc_dup_th and
friends.
* ecc-448.c (_nettle_curve448): Update for rename, without
_untwisted suffix.
* Makefile.in (hogweed_SOURCES): Added ecc-dup-th.c, ecc-add-th.c,
and ecc-add-thh.c
* testsuite/ecc-dup-test.c (test_main): Update asserts.
* testsuite/ecc-add-test.c (test_main): Likewise.
* eddsa-verify.c (_eddsa_verify): Use function pointer rather than
calling ecc_add_eh directly. Preparation for eddsa over curve448.
2019-12-17 Niels Möller <nisse@lysator.liu.se>
* examples/ecc-benchmark.c (bench_dup_hh): Rename, and use
ecc->dup pointer.
(bench_dup_jj): ... old name.
(bench_add_hh): Rename, and use ecc->addd_hh pointer.
(bench_add_jja): ... old name.
(bench_dup_eh, bench_add_eh): Deleted.
(bench_curve): Update, and delete curve25519 special case.
(main): Update table headers accordingly.
2019-12-15 Niels Möller <nisse@lysator.liu.se>
* ecc-dup-eh.c (ecc_dup_eh): Eliminate one unneeded ecc_modp_add.
2019-12-14 Niels Möller <nisse@lysator.liu.se>
* ecc-mul-m.c (ecc_mul_m): New file and function. Implements
multipliction for curves in Montgomery representation, as used for
curve25519 and curve448. Extracted from curve25519_mul.
* ecc-internal.h (ecc_mul_m): Declare.
(ECC_MUL_M_ITCH): New macro.
* Makefile.in (hogweed_SOURCES): Add ecc-mul-m.c.
* curve25519-mul.c (curve25519_mul): Use ecc_mul_m.
* curve448-mul.c (curve448_mul): Likewise.
2019-12-13 Niels Möller <nisse@lysator.liu.se>
* Merge curve448 implementation.
2019-12-09 Niels Möller <nisse@lysator.liu.se>
* ecc-internal.h: Revert itch macro changes. We now have
h_to_a_itch <= mul_itch, mul_g_itch. Add asserts at a few places
relying on this.
(ECC_ECDSA_KEYGEN_ITCH, ECC_MAX): Delete macros.
(ECC_ECDSA_SIGN_ITCH): Revert previous change.
* ecc-448.c (ecc_mod_pow_446m224m1): Reduce scratch space from 9*n
to 6*n.
(ECC_448_INV_ITCH, ECC_448_SQRT_ITCH): Reduce accordingly.
* curve448-mul.c (curve448_mul): Reduce allocation from 14*n to 12*n.
2019-12-08 Niels Möller <nisse@lysator.liu.se>
* x86_64/ecc-curve448-modp.asm (nettle_ecc_curve448_modp): New
assembly function.
* ecc-448.c (ecc_448_modp) [HAVE_NATIVE_ecc_curve448_modp]: Use
native nettle_ecc_curve448_modp if available.
* configure.ac (asm_hogweed_optional_list): Add ecc-curve448-modp.asm.
(HAVE_NATIVE_ecc_curve448_modp): New config.h define.
2019-12-03 Niels Möller <nisse@lysator.liu.se>
* ecc-448.c (ecc_448_modp) [GMP_NUMB_BITS == 64]: New function.
2019-12-01 Niels Möller <nisse@lysator.liu.se>
Curve 448 support contributed by Daiki Ueno.
* eccdata.c (enum ecc_type): Add ECC_TYPE_EDWARDS.
(ecc_add): Support untwisted edwards curves.
(ecc_curve_init): Add curve448 parameters.
* ecc-internal.h (ECC_ECDSA_KEYGEN_ITCH): New macro.
(ECC_ECDSA_SIGN_ITCH): Increased from 12*size to 13*size.
(ECC_MAX): New macro.
* ecc-448.c: New file.
(ecc_mod_pow_2k, ecc_mod_pow_446m224m1, ecc_448_inv)
(ecc_448_zero_p, ecc_448_sqrt): New functions.
(_nettle_curve448): New curve definition.
* curve448.h (CURVE448_SIZE): New constant.
(curve448_mul_g, curve448_mul): Declare new public functions.
* ecc-eh-to-a.c (ecc_eh_to_a): Update assert to allow the curve448
Edwards curve.
* curve448-mul.c (curve448_mul): New file and function.
* curve448-mul-g.c (curve448_mul_g): New file and function.
* curve448-eh-to-x.c (curve448_eh_to_x): New file and function.
* ecc-dup-eh.c (ecc_dup_eh_untwisted): New function.
* ecc-add-ehh.c (ecc_add_ehh_untwisted): New function.
* ecc-add-eh.c (ecc_add_eh_untwisted): New function.
* ecc-point.c (ecc_point_set): Add point validation for curve448.
* ecc-point-mul.c (ecc_point_mul): Allow h_to_a_itch larger than
mul_itch.
* ecc-point-mul-g.c (ecc_point_mul_g): Allow h_to_a_itch
larger than mul_g_itch. Switch from TMP_DECL/_ALLOC/_FREE to
gmp_alloc_limbs/gmp_free_limbs.
* ecdsa-keygen.c (ecdsa_generate_keypair): Use
ECC_ECDSA_KEYGEN_ITCH.
* Makefile.in (hogweed_SOURCES): Add ecc-448.c, curve448-mul-g.c,
curve448-mul.c, and curve448-eh-to-x.c.
(HEADERS): Add curve448.h.
(ecc-448.h): New generated file.
* testsuite/testutils.c (ecc_curves): Add _nettle_curve448 to list
of tested curves.
(test_ecc_mul_a): Add curve448.
* testsuite/ecdsa-keygen-test.c (ecc_valid_p): Add curve448 support.
* testsuite/ecdh-test.c (test_main): Add tests for (non-standard)
curve448 diffie-hellman.
* testsuite/ecc-add-test.c (test_main): Update for testing of curve448.
* testsuite/ecc-dup-test.c (test_main): Likewise.
* testsuite/ecc-mul-a-test.c (test_main): Likewise. Also increase
scratch allocation for h_to_a_itch.
* testsuite/ecc-mul-g-test.c (test_main): Likewise.
* testsuite/curve448-dh-test.c: Test for curve448.
* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Add curve448-dh-test.c.
* examples/ecc-benchmark.c: Add curve448 to list of benchmarked
curves.
* nettle.texinfo (Curve 25519 and Curve 448): Add docs.
2019-12-07 Niels Möller <nisse@lysator.liu.se>
* ecc-eh-to-a.c (ecc_eh_to_a): Require op == 0, delete code only
used for non-standard ecdsa over curve25519.
* testsuite/ecdsa-sign-test.c (test_main): Delete test of ecdsa
over curve25519.
* testsuite/ecdsa-verify-test.c (test_main): Likewise.
* testsuite/ecdsa-keygen-test.c (test_main): Exclude curve25519
from test.
2019-12-05 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Use AC_TRY_LINK rather than AC_TRY_COMPILE to
check for __builtin_bswap64. Since calling an non-existing
function typically results in a warning only at compile time, but
fails at link time. Patch contributed by by George Koehler.
2019-12-04 Niels Möller <nisse@lysator.liu.se>
* testsuite/testutils.c (test_cipher_cfb8): Add cast of size_t to
unsigned long for argument to fprintf.
2019-11-21 Niels Möller <nisse@lysator.liu.se>
* eccdata.c (ecc_curve_init_str): Delete unused t and d arguments.
Related to the the edwards_root member of struct ecc_curve, which
was used by ecc_a_to_eh before it was deleted, see 2014-09-17
entry below.
(ecc_curve_init): Delete corresponding curve25519 constants, and
NULL arguments passed for the other curves.
* Merge curve448 preparations, from September 2017.
2017-09-23 Niels Möller <nisse@lysator.liu.se>
* eccdata.c: Reorganize curve25519 precomputation to work directly
with the twisted Edwards curve, with new point addition based on a
patch from Daiki Ueno.
* ecc-25519.c (_nettle_curve25519): Update for removed Montgomery
curve constant.
* ecc-internal.h (struct ecc_curve): Delete unused pointer
edwards_root. Update all instances.
* eccdata.c (output_curve): Don't output it.
* testsuite/ecc-add-test.c (test_main): Reduce test duplication.
Use ecc->add_hhh_itch.
* testsuite/ecc-dup-test.c (test_main): Reduce test duplication.
Use ecc->dup_itch.
2017-09-23 Daiki Ueno <dueno@redhat.com>
* ecc-eh-to-a.c (ecc_eh_to_a): Use ecc->q.bit_size, instead of
hard-coded value for curve25519.
* eddsa-sign.c (_eddsa_sign): Likewise.
* ecc-internal.h (ecc_dup_func): New typedef.
(struct ecc_curve): New constants add_hh_itch and dup_itch, new
function pointers add_hh and dup.
* ecc-192.c, ecc-224.c, ecc-256.c, ecc-384.c, ecc-521.c,
ecc-25519.c: Update accordingly.
* ecc-mul-g-eh.c (ecc_mul_g_eh): Use new function pointers.
* ecc-mul-a-eh.c (ecc_mul_a_eh, table_init, ecc_mul_a_eh):
Likewise.
* testsuite/ecc-dup-test.c (test_main): Likewise.
* testsuite/ecc-add-test.c (test_main): Likewise.
2019-10-01 Niels Möller <nisse@lysator.liu.se>
* testsuite/testutils.c (test_cipher_cfb8): Reset destination area
between tests. Encrypt/decrypt final partial block.
From Daiki Ueno, fixing bug reported by Stephan Mueller:
* cfb.c (cfb8_decrypt): Don't truncate output IV if input is
shorter than block size.
* testsuite/testutils.c (test_cipher_cfb8): Test splitting input
into multiple calls to cfb8_encrypt and cfb8_decrypt.
2019-09-30 Niels Möller <nisse@lysator.liu.se>
* testsuite/siv-test.c (test_cipher_siv): Fix out-of-bounds read.
Trim allocation size for de_data, drop some uses of
SIV_DIGEST_SIZE, call FAIL for unexpected returned values.
(test_compare_results): Delete digest argument.
2019-09-15 Niels Möller <nisse@lysator.liu.se>
From Dmitry Eremin-Solenikov:
* gost28147.c (_gost28147_encrypt_block): New file, encrypt
function and sbox tables moved here.
* gosthash94.c: Update functions to take sbox array as argument.
(gost_block_compress): Use _gost28147_encrypt_block.
(gosthash94cp_update,gosthash94cp_digest): New functions.
* gost28147-internal.h: New file.
* gost28147.h: New file.
* gosthash94-meta.c (nettle_gosthash94cp): New hash algorithm.
* nettle-meta-hashes.c (_nettle_hashes): Add nettle_gosthash94 and
nettle_gosthash94cp.
* hmac-gosthash94.c (hmac_gosthash94_set_key)
(hmac_gosthash94_update, hmac_gosthash94_digest)
(hmac_gosthash94cp_set_key, hmac_gosthash94cp_update)
(hmac_gosthash94cp_digest): New file and functions.
* pbkdf2-hmac-gosthash94.c (pbkdf2_hmac_gosthash94cp): New file
and function.
* testsuite/pbkdf2-test.c (test_main): Add
pbkdf2-hmac-gosthash94cp tests.
* testsuite/hmac-test.c (test_main): Add hmac-gosthash94 tests.
* testsuite/gosthash94-test.c (test_main): Add gosthash94cp tests.
* nettle.texinfo (Legacy hash functions): Document gosthash94cp.
* testsuite/dlopen-test.c (main): Use libnettle.dylib on MacOS.
2019-07-08 Niels Möller <nisse@lysator.liu.se>
* nettle-types.h (union nettle_block16): Mark w member as deprecated.
* eax.c (block16_xor): Use uint64_t member of nettle_block16.
* gcm.c (gcm_gf_add, gcm_gf_shift, gcm_gf_shift_8): Likewise.
2019-07-10 Niels Möller <nisse@lysator.liu.se>
From Dmitry Eremin-Solenikov:
* cmac64.c (_cmac64_block_mulx, cmac64_set_key, cmac64_init)
(cmac64_update, cmac64_digest): New file, new functions.
* cmac-des3.c (cmac_des3_set_key, cmac_des3_update)
(cmac_des3_digest): New file, new functions.
* cmac.h: Add cmac64 and cmac_des3 declarations.
* Makefile.in (nettle_SOURCES): Add cmac64.c and cmac-des3.c.
* testsuite/cmac-test.c (test_main): Add tests for cmac_des3.
2019-07-02 Niels Möller <nisse@lysator.liu.se>
From Dmitry Eremin-Solenikov:
* testsuite/testutils.c (test_mac): New function.
* testsuite/cmac-test.c (nettle_cmac_aes128, nettle_cmac_aes256):
New algorithm structs.
(test_cmac_aes128, test_cmac_aes256): Use test_mac.
2019-06-06 Niels Möller <nisse@lysator.liu.se>
Update for cmac changes, enabling const for the _message functions.
* siv-cmac.c (_siv_s2v): Take a const struct cmac128_key as argument,
and use a local struct cmac128_ctx for message-specific state.
(siv_cmac_set_key): Take a struct cmac128_key as argument. Updated
callers.
(siv_cmac_encrypt_message, siv_cmac_decrypt_message): Take a const
struct cmac128_key as argument. Updated callers.
* siv-cmac.h (SIV_CMAC_CTX): Changed to use struct cmac128_key
rather than struct cmac128_ctx.
* siv-cmac-aes256.c (siv_cmac_aes256_encrypt_message)
(siv_cmac_aes256_decrypt_message): Likewise.
* siv-cmac-aes128.c (siv_cmac_aes128_encrypt_message)
(siv_cmac_aes128_decrypt_message): The ctx argument made const.
2019-05-15 Niels Möller <nisse@lysator.liu.se>
* siv-cmac.h (SIV_CMAC_AES128_KEY_SIZE, SIV_CMAC_AES256_KEY_SIZE):
New constants.
* testsuite/siv-test.c: Simplify tests a little.
* siv-cmac.h (SIV_MIN_NONCE_SIZE): New constant, 1.
* siv-cmac.c (_siv_s2v): Require non-empty nonce.
* nettle.texinfo (SIV-CMAC): Update documentation.
2019-05-06 Niels Möller <nisse@lysator.liu.se>
SIV-CMAC mode, based on patch by Nikos Mavrogiannopoulos:
* siv-cmac.h (SIV_BLOCK_SIZE, SIV_DIGEST_SIZE): New constants.
(SIV_CMAC_CTX): New macro.
(struct siv_cmac_aes128_ctx, struct siv_cmac_aes256_ctx): New
context structs.
* siv-cmac.c (_siv_s2v, siv_cmac_set_key)
(siv_cmac_encrypt_message)
(siv_cmac_decrypt_message): New file, new functions.
* siv-cmac-aes128.c (siv_cmac_aes128_set_key)
(siv_cmac_aes128_encrypt_message)
(siv_cmac_aes128_decrypt_message): New file, new functions.
* siv-cmac-aes256.c (siv_cmac_aes256_set_key)
(siv_cmac_aes256_encrypt_message)
(siv_cmac_aes256_decrypt_message): New file, new functions.
* Makefile.in (nettle_SOURCES): Add siv-cmac source files.
(HEADERS): Add siv-cmac.h.
* testsuite/siv-test.c: New file.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added siv-test.c
* nettle.texinfo (SIV-CMAC): Documentation.
2019-04-30 Niels Möller <nisse@lysator.liu.se>
Based on a patch contributed by Nikos Mavrogiannopoulos.
* cmac.c (_cmac128_block_mulx): Renamed function...
(block_mulx): ... from old name.
* cmac-internal.h (_cmac128_block_mulx): New file, declare function.
* Makefile.in (DISTFILES): Added cmac-internal.h.
2019-06-26 Niels Möller <nisse@lysator.liu.se>
* Released nettle-3.5.1.
* configure.ac: Update version number to 3.5.1.
* Makefile.in (distdir): Add x86_64/sha_ni to list of distributed
directories.
* Released nettle-3.5.
2019-06-25 Niels Möller <nisse@lysator.liu.se>
* config.sub: Update to 2019-05-23 version, from savannah's
config.git.
* config.guess: Update to 2019-06-10 version, from savannah's
config.git. Adds recognition of mips R6 and riscv.
2019-06-05 Niels Möller <nisse@lysator.liu.se>
Further separation of CMAC per-message state from the
message-independent subkeys, analogous to the gcm implementation.
* cmac.h (struct cmac128_ctx): Remove key, instead a struct
cmac128_key should be passed separately to functions that need it.
(CMAC128_CTX): Include both a struct cmac128_key and a struct
cmac128_ctx.
(CMAC128_SET_KEY, CMAC128_DIGEST): Updated accordingly.
* cmac.c (cmac128_set_key): Change argument type from cmac128_ctx
to cmac128_key. Use a nettle_block16 for the constant zero block.
(cmac128_init): New function, to initialize a cmac128_ctx.
(cmac128_digest): Add cmac128_key argument. Move padding memset
into the block handling a partial block. Call cmac128_init to
reset state.
2019-06-01 Niels Möller <nisse@lysator.liu.se>
* cmac.h (struct cmac128_key): New struct.
* cmac.h (struct cmac128_ctx): Use struct cmac128_key.
* cmac.c (cmac128_set_key, cmac128_digest): Update accordingly.
2019-05-12 Niels Möller <nisse@lysator.liu.se>
Delete old libdes/openssl compatibility interface.
* des-compat.c: Delete file.
* des-compat.h: Delete file.
* testsuite/des-compat-test.c: Delete file.
* nettle.texinfo (Compatibility functions): Delete mention in documentation.
2019-05-11 Niels Möller <nisse@lysator.liu.se>
* NEWS: More updates for Nettle-3.5.
2019-04-27 Niels Möller <nisse@lysator.liu.se>
From Simo Sorce:
* x86_64/poly1305-internal.asm: Add missing EPILOGUE.
* x86_64/serpent-decrypt.asm: Likewise.
* x86_64/serpent-encrypt.asm: Likewise.
2019-04-14 Niels Möller <nisse@lysator.liu.se>
* tools/nettle-pbkdf2.c (main): Check strdup return value.
2019-03-29 Niels Möller <nisse@lysator.liu.se>
* aes.h (struct aes_ctx): Redefine using a union of key-size
specific contexts.
* aes-decrypt.c (aes_decrypt): Use switch on key_size.
* aes-encrypt.c (aes_encrypt): Likewise.
* aes-set-decrypt-key.c (aes_invert_key): Likewise.
* aes-set-encrypt-key.c (aes_set_encrypt_key): Likewise.
2019-03-27 Niels Möller <nisse@lysator.liu.se>
* xts.c (xts_shift): Arrange with a single write to u64[1].
* cmac.c (block_mulx): Rewrite to work in the same way as
xts_shift, with 64-bit operations. XTS and CMAC use opposite
endianness, but otherwise, these two functions are identical.
2019-03-24 Niels Möller <nisse@lysator.liu.se>
From Simo Sorce:
* xts.h: New file.
* xts.c: New file.
(BE_SHIFT): New macro.
(xts_shift, check_length, xts_encrypt_message)
(xts_decrypt_message): New functions.
* xts-aes128.c (xts_aes128_set_encrypt_key)
(xts_aes128_set_decrypt_key, xts_aes128_encrypt_message)
(xts_aes128_decrypt_message): New file, new functions.
* xts-aes256.c (xts_aes256_set_encrypt_key)
(xts_aes256_set_decrypt_key, xts_aes256_encrypt_message)
(xts_aes256_decrypt_message): New file, new functions.
* nettle.texinfo (XTS): Document XTS mode.
* Makefile.in (nettle_SOURCES): Add xts sourcce files.
(HEADERS): New installed header xts.h.
* testsuite/xts-test.c: New file.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Add xts-test.c.
2019-02-06 Niels Möller <nisse@lysator.liu.se>
* gosthash94.h (struct gosthash94_ctx): Move block buffer last in
struct.
* md2.h (struct md2_ctx): Likewise.
* md4.h (struct md4_ctx): Likewise.
* md5.h (struct md5_ctx): Likewise.
* ripemd160.h (struct ripemd160_ctx): Likewise.
* sha1.h (struct sha1_ctx): Likewise.
* sha2.h (struct sha256_ctx, struct sha512_ctx): Likewise.
2019-01-19 Niels Möller <nisse@lysator.liu.se>
* examples/Makefile.in (TARGETS): Delete eratosthenes, left over
from earlier change.
* fat-arm.c: Fix declarations of chacha_core functions.
From Yuriy M. Kaminskiy:
* fat-setup.h (chacha_core_func): New typedef.
* fat-arm.c (fat_init): Enable choice between
_nettle_chacha_core_c and _nettle_chacha_core_neon.
* configure.ac (asm_nettle_optional_list): Add
chacha-core-internal-2.asm.
* chacha-core-internal.c: Enable fat build with C and asm version.
* arm/fat/chacha-core-internal-2.asm: New file.
2019-01-12 Niels Möller <nisse@lysator.liu.se>
* examples/eratosthenes.c: Deleted program.
* examples/Makefile.in: Delete rule to build and distribute it.
2019-01-10 Niels Möller <nisse@lysator.liu.se>
* testsuite/rsa-compute-root-test.c (test_one): Use %u and
corresponding cast, when printing bit sizes.
2019-01-09 Niels Möller <nisse@lysator.liu.se>
* examples/nettle-benchmark.c (GET_CYCLE_COUNTER): Add volatile to
inline asm.
2019-01-08 Niels Möller <nisse@lysator.liu.se>
* sha512-compress.c: Add missing include of sha2-internal.h.
2019-01-06 Niels Möller <nisse@lysator.liu.se>
* testsuite/rsa-compute-root-test.c (generate_keypair): Fix assert
call with side-effects.
2019-01-06 Niels Möller <nisse@lysator.liu.se>
* nettle-types.h: Don't use nettle-stdint.h, include <stdint.h>
directly.
* nettle-write.h: Likewise.
* configure.ac: Delete use of AX_CREATE_STDINT_H.
* aclocal.m4 (AX_CREATE_STDINT_H): Delete.
* Makefile.in (INSTALL_HEADERS, distclean-here): Delete mention of
nettle-stdint.h.
2018-12-26 Niels Möller <nisse@lysator.liu.se>
* examples/hogweed-benchmark.c (make_openssl_rsa_ctx): New helper
function. Call openssl's RSA_generate_key_ex rather then the
deprecated RSA_generate_key.
(bench_openssl_rsa_init, bench_openssl_rsa_tr_init): Use it.
* eccdata.c (ecc_pippenger_precompute): Check that table size is
at least 2. Intended to silence warning from the clang static
analyzer.
* configure.ac: Bump package version to 3.5.
(LIBNETTLE_MAJOR): Bump major number, now 7.
(LIBHOGWEED_MAJOR): Bump major number, now 5.
(LIBNETTLE_MINOR, LIBHOGWEED_MINOR): Reset to zero.
* pkcs1-internal.h: New header file, moved declarations of
_pkcs1_sec_decrypt and _pkcs1_sec_decrypt_variable here.
* rsa-internal.h: ... old location.
* Makefile.in (DISTFILES): Added pkcs1-internal.h.
* pkcs1-decrypt.c: Include new file.
* pkcs1-sec-decrypt.c: Likewise.
* rsa-decrypt-tr.c: Likewise.
* rsa-sec-decrypt.c: Likewise.
* testsuite/pkcs1-sec-decrypt-test.c: Likewise.
* tools/nettle-pbkdf2.c: Add #define _GNU_SOURCE, needed for
strdup with gcc -std=c89.
* testsuite/ed25519-test.c: Add #define _GNU_SOURCE, needed for
getline with gcc -std=c89.
* rsa-sign-tr.c (sec_equal): Fix accidental use of C99 for loop.
Reported by Andreas Gustafsson.
* testsuite/rsa-sec-decrypt-test.c (test_main): Likewise.
2018-12-04 Niels Möller <nisse@lysator.liu.se>
* Released nettle-3.4.1.
2018-11-28 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Update GMP check. Check for the function
mpn_sec_div_r, available since GMP-6.0.0.
* testsuite/rsa-encrypt-test.c (test_main): Fix allocation of
decrypted storage. Update test of rsa_decrypt, to allow clobbering
of all of the passed in message area.
* pkcs1-decrypt.c (pkcs1_decrypt): Rewrite as a wrapper around
_pkcs1_sec_decrypt_variable. Improves side-channel silence of the
only caller, rsa_decrypt.
* Makefile.in (DISTFILES): Add rsa-internal.h, needed for make
dist. Patch from Simo Sorce.
* rsa-internal.h: Add include of rsa.h.
2018-11-27 Niels Möller <nisse@lysator.liu.se>
* rsa-sec-compute-root.c (sec_mul, sec_mod_mul, sec_powm): New
local helper functions, with their own itch functions.
(_rsa_sec_compute_root_itch, _rsa_sec_compute_root): Rewrote to
use helpers, for clarity.
2018-11-26 Niels Möller <nisse@lysator.liu.se>
* testsuite/rsa-compute-root-test.c (generate_keypair): Simplify
selection of psize and qsize, and fix so that qsize is used.
(test_main): Add outer loop, to test with more than one key.
Deallocate storage before exiting.
2018-11-25 Niels Möller <nisse@lysator.liu.se>
* testsuite/rsa-compute-root-test.c: Renamed, from ...
* testsuite/rsa-sec-compute-root-test.c: ... old name.
* rsa.h (rsa_sec_compute_root_tr): Deleted declaration, moved to ...
* rsa-internal.h (_rsa_sec_compute_root_tr): ... new location.
* rsa-sign-tr.c (_rsa_sec_compute_root_tr): Renamed, from...
(rsa_sec_compute_root_tr): ... old name. Updated callers.
(cnd_mpn_zero): Use a volatile-declared mask variable.
* testsuite/testutils.c (mpz_urandomb) [NETTLE_USE_MINI_GMP]: Fix
masking of most significant bits.
* rsa-decrypt-tr.c (rsa_decrypt_tr): Use
NETTLE_OCTET_SIZE_TO_LIMB_SIZE.
* testsuite/rsa-sec-decrypt-test.c (rsa_decrypt_for_test): Tweak
valgrind marking, and document potential leakage of lowest and
highest bits of p and q.
* rsa-sec-compute-root.c (_rsa_sec_compute_root): Avoid calls to
mpz_sizeinbase, since that potentially leaks most significant bits
of private key parameters a and b.
* testsuite/pkcs1-sec-decrypt-test.c (pkcs1_decrypt_for_test): Fix
valgrind marking of return value.
Merged below changes from Simo Sorce, to make RSA private key
operations side-channel silent.
2018-11-08 Simo Sorce <simo@redhat.com>
* rsa-sign.c (rsa_compute_root) [!NETTLE_USE_MINI_GMP]: Use
_rsa_sec_compute_root.
* testsuite/rsa-sec-compute-root-test.c: Add more tests for new
side-channel silent functions.
* rsa-sign.c (rsa_private_key_prepare): Check that qn + cn >= pn,
since that is required for one of the GMP calls in
_rsa_sec_compute_root.
* rsa-decrypt-tr.c: Switch to use side-channel silent functions.
* pkcs1-sec-decrypt.c (_pkcs1_sec_decrypt_variable): New private
function. Variable size version for backwards compatibility.
* testsuite/rsa-sec-decrypt-test.c: Adds more tests.
* rsa-sec-decrypt.c (rsa_sec_decrypt): New function.
Fixed length side-channel silent version of rsa-decrypt.
* testsuite/rsa-encrypt-test.c: add tests for the new fucntion.
* testsuite/pkcs1-sec-decrypt-test.c: Adds tests for
_pkcs1_sec_decrypt.
* gmp-glue.c (mpn_get_base256): New function.
* pkcs1-sec-decrypt.c (_pkcs1_sec_decrypt): New private function.
Fixed length side-channel silent version of pkcs1-decrypt.
* cnd-memcpy.c (cnd_memcpy): New function.
* memops.h: Declare it.
* testsuite/cnd-memcpy-test.c: New test case.
* rsa-sign-tr.c (rsa_sec_compute_root_tr): New function that uses
_rsa_sec_compute_root, as well as side-channel silent RSA
blinding.
(rsa_compute_root_tr) Rewritten as a wrapper around
rsa_sec_compute_root_tr.
(rsa_sec_blind, rsa_sec_unblind, sec_equal, rsa_sec_check_root)
(cnd_mpn_zero): New helper functions.
(rsa_sec_compute_root_tr) [NETTLE_USE_MINI_GMP]: Defined as a not
side-channel silent wrapper around rsa_compute_root_tr, and the
latter function left unchanged.
* rsa-sec-compute-root.c (_rsa_sec_compute_root_itch)
(_rsa_sec_compute_root): New file, new private functions.
Side-channel silent version of rsa_compute_root.
* rsa-internal.h: New header file with declarations.
* gmp-glue.h (NETTLE_OCTET_SIZE_TO_LIMB_SIZE): New macro.
2018-11-24 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Bump package version to 3.4.1.
(LIBNETTLE_MINOR): Bump library version to 6.5.
(LIBHOGWEED_MINOR): Bump library version to 4.5.
2018-11-17 Niels Möller <nisse@lysator.liu.se>
* examples/hogweed-benchmark.c (bench_rsa_verify)
(bench_openssl_rsa_tr_init): New functions.
(alg_list): Benchmark timing-resistant RSA functions, i.e.,
including RSA blinding.
(main): Increase width of first column, here and in other
printouts.
2018-10-10 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* ctr16.c (_ctr_crypt16): Bugfix for the src == dst case, when
processing more than on full block of size CTR_BUFFER_LIMIT, src
and dst arguments to memxor3 were not properly updated.
2018-10-10 Niels Möller <nisse@lysator.liu.se>
* aes-set-encrypt-key.c: Add missing include of stdlib.h.
* des-compat.c: Likewise.
2018-09-13 Niels Möller <nisse@lysator.liu.se>
* rsa-keygen.c (rsa_generate_keypair): Delete unlikely and
redundant check for p == q.
2018-08-09 Niels Möller <nisse@lysator.liu.se>
* rsa-internal.h (_rsa_blind, _rsa_unblind): Mark with
_NETTLE_ATTRIBUTE_DEPRECATED.
* nettle-types.h (_NETTLE_ATTRIBUTE_PURE)
(_NETTLE_ATTRIBUTE_DEPRECATED): New macros, for gcc and
lookalikes.
* ecc-curve.h: Include nettle-types.h, and use
_NETTLE_ATTRIBUTE_PURE instead of local definition.
* nettle-meta.h: Use _NETTLE_ATTRIBUTE_PURE, instead of explicit
#ifdefs.
* aes.h: Mark functions using struct aes_ctx interface as
deprecated. Add #undef _NETTLE_ATTRIBUTE_DEPRECATED in files where
the functions are implemented or tested.
* gcm.h: Similarly mark functions using gcm_aes_ctx as deprecated.
* nettle-internal.c (des_set_key_wrapper, des3_set_key_wrapper)
(blowfish128_set_key_wrapper): Wrapper functions, to avoid cast
between incompatible function types (which gcc-8 warns about).
Wrappers are expected to compile to a single jmp instruction.
* des-compat.c (des_compat_des3_encrypt)
(des_compat_des3_decrypt): Change length argument type to size_t.
2018-08-08 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo (Compatibility): New section on ABI and API
compatibility.
2018-07-25 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* examples/nettle-benchmark.c: Add benchmarking for HMAC functions.
2018-07-13 Niels Möller <nisse@lysator.liu.se>
* examples/eratosthenes.c (vector_alloc): Add assert related to
overflow in the size calculation. Fixes a corner case identified
by static analysis.
(vector_init): Analogous assert.
2018-07-12 Niels Möller <nisse@lysator.liu.se>
* examples/eratosthenes.c (main): Don't allocate bitmap storage
for limit == 2 (early exit), closing memory leak at exit.
(main): Fix handling of short -q option.
* eccdata.c (output_curve): Replace mpz_init_set_ui by mpz_set_ui,
to fix memory leak.
(ecc_curve_clear): New function.
(main): Call it, to deallocate storage before exit.
2018-07-08 Niels Möller <nisse@lysator.liu.se>
* fat-x86_64.c (fat_init): Fix setup for nettle_sha1_compress.
* x86_64/fat/sha1-compress.asm: Add leading underscore to symbol name.
* x86_64/fat/sha1-compress-2.asm: Likewise.
2018-07-07 Niels Möller <nisse@lysator.liu.se>
From Nikos Mavrogiannopoulos.
* sha1-compress.c (nettle_sha1_compress): Renamed, and promoted to
public function, since there's known appliation usage (filezilla).
* sha1.h (_nettle_sha1_compress): Old name, now a preprocessor
alias for the new name.
* md5-compress.c (nettle_md5_compress): Similarly renamed (used by
sogo).
* md5.h (_nettle_md5_compress): Old name,, now a preprocessor
alias for the new name.
* chacha-internal.h, dsa-internal.h, eddsa-internal.h:
* hogweed-internal.h, ripemd160-internal.h, rsa-internal.h:
* salsa20-internal.h, sha2-internal.h, sha3-internal.h:
* umac-internal.h: Internal declarations moved to new header
files, which are not installed..
* Makefile.in (DISTFILES): Added above files.
* libnettle.map.in: Use a different symbol version for _nettle_*
symbols, depending on the minor release. This marks these symbols
explicitly not part of the public Nettle ABI.
* libhogweed.map.in: Analogous change.
2018-06-17 Niels Möller <nisse@lysator.liu.se>
* aclocal.m4 (NETTLE_CHECK_IFUNC): Fix quoting. Patch contributed
by Dmitry Eremin-Solenikov.
* testsuite/symbols-test: Exclude ____chkstk_darwin symbols,
produced by Apple's Xcode 10 compiler. Patch contributed by
Dominyk Tiller.
2018-03-25 Niels Möller <nisse@lysator.liu.se>
From Michael Weiser.
* configure.ac (ASM_WORDS_BIGENDIAN): New substution, set from AC_C_BIGENDIAN.
* config.m4.in: Use it to set WORDS_BIGENDIAN.
* asm.m4 (IF_BE, IF_LE): New macros.
* arm/memxor.asm: Support big-endian ARM.
* arm/memxor3.asm: Likewise.
* arm/neon/chacha-core-internal.asm: Likewise.
* arm/neon/salsa20-core-internal.asm: Likewise.
* arm/neon/umac-nh.asm: Likewise.
* arm/v6/sha1-compress.asm: Likewise.
* arm/v6/sha256-compress.asm: Likewise.
* arm/README: Document big-endian considerations.
2018-03-17 Niels Möller <nisse@lysator.liu.se>
Discourage direct access to data symbols with non-public size.
Direct references to these symbols may result in copy-relocations
like R_X86_64_COPY, which make the symbol size leak into the ABI.
* ecc-curve.h (_nettle_secp_192r1, _nettle_secp_224r1)
(_nettle_secp_256r1, _nettle_secp_384r1, _nettle_secp_521r1): Add
leading underscore on these data symbols.
* nettle-meta.h (_nettle_ciphers, _nettle_hashes, _nettle_aeads)
(_nettle_armors): Add leading underscore on these data symbols.
Update all internal use. Macros without leading underscore remain,
and expand to access via accessor functions nettle_get_ciphers and
similar.
2018-03-10 Niels Möller <nisse@lysator.liu.se>
* eccdata.c (ecc_table_size): New helper function.
(ecc_pippenger_precompute): Display warning for poor parameters.
* eccparams.c (main): New program, to list parameter alternatives
for Pippenger's algorithm.
* Makefile.in: Tweak parameters for ecc tables.
(ecc-192.h): Change parameters from k = 7, c = 6 to k = 8, c = 6.
Reduces table size from 15 KB to 12 KB. Modest speedup, appr. 3%
for ecdsa signatures.
(ecc-224.h): Change parameters from k = 12, c = 6 to k = 16, c =
7. Table size unchanged (14 KB in 32-bit platforms, 18 KB on
64-bit platforms. Minor speedup, appr. 1% for ecdsa signatures.
(ecc-256.h): Change parameters from k = 14, c = 6 to k = 11, c =
6. Table size unchanged, 16 KB. 14% speedup for ecdsa signatures.
(ecc-384.h): Changed parameters from k = 41, c = 6 to k = 32, c =
6. Table size unchanged. 12% speedup for ecdsa signatures.
(ecc-521.h): Changed parameters from k = 56, c = 6 to k 44, c = 6.
Table size unchanged (17 KB on 32-bit platforms, 18 KB on 64-bit
platforms). 15% speedup for ecdsa signatures.
(ecc-255.h): Change parameters from k = 14, c = 6 to k = 11, c =
6. Table size unchanged, 16 KB. 24% speedup for eddsa signatures.
2018-03-14 Niels Möller <nisse@lysator.liu.se>
Merge sha256 code using the x86_64 sha_ni instructions, starting
2018-02-21.
2018-03-11 Niels Möller <nisse@lysator.liu.se>
* x86_64/fat/sha256-compress.asm: New file.
* x86_64/fat/sha256-compress-2.asm: New file.
* fat-x86_64.c (fat_init): Select plain x86_64 assembly version or
sha_ni version for sha256_compress.
2018-02-21 Niels Möller <nisse@lysator.liu.se>
* x86_64/sha_ni/sha256-compress.asm: New implementation using sha_ni
instructions.
2018-02-20 Niels Möller <nisse@lysator.liu.se>
* testsuite/cmac-test.c (test_cmac_hash): Deallocate ctx properly.
2018-02-19 Niels Möller <nisse@lysator.liu.se>
Mostly aesthetic changes. Besides indentation:
* cmac.h (struct cmac128): Rename, to cmac128_ctx.
(CMAC128_CTX): Rename first member from data to ctx.
* cmac.c: Use const void * as the type for cipher arguments.
(block_mulx): Un-inline.
(cmac128_set_key): Make a constant function local.
* testsuite/cmac-test.c: Delete local typedefs.
2018-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
Add support for CMAC.
* cmac.h: New file.
(struct cmac128): New struct.
* cmac.c (block_mulx, cmac128_set_key, cmac128_update)
(cmac128_digest): New file, new functions.
* cmac-aes128.c (cmac_aes128_set_key, cmac_aes128_update)
(cmac_aes128_digest): New file, new functions.
* cmac-aes256.c (cmac_aes256_set_key, cmac_aes256_update)
(cmac_aes256_digest): New file, new functions.
* Makefile.in (nettle_SOURCES): Added cmac.c cmac-aes128.c cmac-aes256.c.
(HEADERS): Added cmac.h.
* testsuite/cmac-test.c: New tests.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Add cmac-test.c.
* examples/nettle-benchmark.c (time_cmac): New function.
(main): Use it.
* nettle.texinfo: Document CMAC.
2018-02-20 Niels Möller <nisse@lysator.liu.se>
* testsuite/cbc-test.c (test_cbc_bulk): Use struct
aes256_ctx, instead of the deprecated struct aes_ctx.
* testsuite/cfb-test.c (test_cfb_bulk): Likewise.
* examples/rsa-session.h (struct rsa_session): Likewise.
* examples/rsa-encrypt.c (rsa_session_set_encrypt_key)
(process_file): Use aes256_* functions.
* examples/rsa-decrypt.c (rsa_session_set_decrypt_key)
(process_file): Likewise.
2018-02-19 Niels Möller <nisse@lysator.liu.se>
* nettle-internal.h: Include sha3.h, needed for the definition of
NETTLE_MAX_HASH_CONTEXT_SIZE.
(TMP_DECL_ALIGN, TMP_ALLOC_ALIGN): New macros, to support
allocation of context structs with alignment requirements.
[!HAVE_ALLOCA]: Also use assert, rather than calling abort
directly.
* pss.c (pss_encode_mgf1, pss_verify_mgf1): Use new macros.
* pss-mgf1.c (pss_mgf1): Likewise.
2018-02-18 Niels Möller <nisse@lysator.liu.se>
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Moved pss-mgf1-test.c...
(TS_HOGWEED_SOURCES): ...to here. Fixes link failure in builds
without public-key support.
2018-02-18 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* examples/nettle-openssl.c): Move expressions with side effects
out of asserts.
2018-02-17 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
(openssl_evp_set_encrypt_key, openssl_evp_set_decrypt_key): Use
EVP_CipherInit_ex.
* examples/nettle-openssl.c (nettle_openssl_gcm_aes128)
(nettle_openssl_gcm_aes192, nettle_openssl_gcm_aes256): New aead
algorithms, for benchmarking purposes, and supporting wrapper functions.
* nettle-internal.h: Corresponding declarations.
* examples/nettle-benchmark.c (main): Include openssl's gcm aes in
benchmark.
2018-02-16 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo: Improved index entries.
(Cipher functions): Update CAST128/CAST5 docs. Inconsistencies
spotted by Henrik Rindlöw.
2018-02-10 Niels Möller <nisse@lysator.liu.se>
* configure.ac: New configure option --enable-x86-sha-ni.
2018-02-07 Niels Möller <nisse@lysator.liu.se>
* x86_64/fat/sha1-compress.asm: New file.
* x86_64/fat/sha1-compress-2.asm: New file.
* fat-x86_64.c (fat_init): Select plain x86_64 assembly version or
sha_ni version for sha1_compress.
2018-02-05 Niels Möller <nisse@lysator.liu.se>
* x86_64/sha_ni/sha1-compress.asm: New implementation using sha_ni
instructions.
* fat-x86_64.c (get_x86_features): Check for sha_ni extension.
* x86_64/fat/cpuid.asm: Clear %ecx input to cpuid instruction.
2018-02-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
* gcm.c (gcm_fill): New function, for use with _ctr_crypt16.
(gcm_encrypt, gcm_decrypt): Use _ctr_crypt16. 50% speedup of
gcm_aes128, benchmarked on x86_64 with aesni instructions.
2018-02-01 Niels Möller <nisse@lysator.liu.se>
Based on a patch contributed by Nikos Mavrogiannopoulos.
* ctr16.c (_ctr_crypt16): New file, renamed and generalized
function. New function pointer argument, used to fill a block with
counter values. Use nettle_block16 * as the type for the buffer to
be filled. Always process any final and partial block, and return
no value.
* ctr.c (ctr_crypt): ... previous, replaced, function.
(ctr_fill16): Updated to new argument type.
(ctr_crypt): Return immediately after using _ctr_crypt16.
* ctr-internal.h: New file, declaring _ctr_crypt16.
(nettle_fill16_func): New function typedef.
* Makefile.in (nettle_SOURCES): Added ctr16.c.
(DISTFILES): Added ctr-internal.h.
2018-01-30 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (clean-here): Don't delete desdata.stamp.
2018-01-24 Jay Foad <jay.foad@gmail.com>
* Makefile.in (TARGETS): Delete dependencies on aesdata, desdata,
twofishdata, shadata and gcmdata. They are not needed for a normal
build.
(clean-here): Explicitly delete of above files.
(desdata.stamp): New stamp target, to avoid building desdata twice
in a parallell build.
2018-01-23 Niels Möller <nisse@lysator.liu.se>
* configure.ac (asm_path): Recognize "x86", in addition to "i?86",
for 32-bit x86 processors. Reportedly needed for x86 android builds.
2018-01-20 Niels Möller <nisse@lysator.liu.se>
CFB8 support, contributed by Dmitry Eremin-Solenikov.
* cfb.c (cfb8_encrypt, cfb8_decrypt): New functions.
* cfb.h: Declare them.
(CFB8_ENCRYPT, CFB8_DECRYPT): New macros.
* testsuite/cfb-test.c: New tests for CFB8.
* nettle.texinfo (CFB and CFB8): Documentation.
2018-01-16 Niels Möller <nisse@lysator.liu.se>
* tools/pkcs1-conv.c (convert_file): Add missing break statements.
2018-01-09 Niels Möller <nisse@lysator.liu.se>
* testsuite/testutils.c (test_cipher_ctr): Test operations with
shorter sizes.
* testsuite/ctr-test.c: Additional unofficial test vectors, to
exercise carry propagation in the counter, and block size
different from 16.
2018-01-08 Niels Möller <nisse@lysator.liu.se>
* ctr.c (ctr_crypt16): New function, with optimizations specific
to 16-byte block size.
(ctr_fill16): New helper function, definition depending on
WORDS_BIGENDIAN, and little endian version requiring
HAVE_BUILTIN_BSWAP64.
(ctr_crypt): Use ctr_crypt16, when appropriate.
* nettle-types.h (union nettle_block16): Add uint64_t field.
* configure.ac: Check for __builtin_bswap64, define
HAVE_BUILTIN_BSWAP64 if available.
* ctr.c (ctr_fill): New function. Use in ctr_crypt.
* ctr.c (ctr_crypt): For in-place operation, increase max buffer
size from 4 blocks to 512 bytes, similarly to CBC and CFB.
Improves in-place aes128 CTR performance by 25% on x86_64.
* examples/nettle-benchmark.c (time_cipher): Benchmark in-place
operation separately, for cbc_decrypt and ctr_crypt.
* cbc.c (cbc_decrypt): For in-place operation (src == dst case),
eliminate use of src variable.
* cfb.c (cfb_decrypt): Likewise.
* gcm.c (gcm_crypt): Likewise, and replace one memxor3 by memxor.
2018-01-03 Niels Möller <nisse@lysator.liu.se>
* x86_64/aesni/aes-encrypt-internal.asm: Read subkeys into xmm
registers before the block loop, and completely unroll the round
loop.
* x86_64/aesni/aes-decrypt-internal.asm: Likewise.
2017-11-19 Niels Möller <nisse@lysator.liu.se>
* Released nettle-3.4.
2017-11-12 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Update check of GMP_NUMB_BITS declaration in
assembly files. Was broken by rename of configure variable
GMP_NUMB_BITS --> NUMB_BITS.
2017-11-11 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo: Document nettle_get_hashes, nettle_get_ciphers
and nettle_get_aeads, and replace nettle_secp_256r1 by
nettle_get_secp_256r1. Update version numbers. Delete ancient
setting of ispell-skip-region-alist as an emacs file-local
variable.
2017-11-08 Niels Möller <nisse@lysator.liu.se>
* ecc-curve.h (nettle_secp_192r1, nettle_secp_224r1)
(nettle_secp_256r1, nettle_secp_384r1, nettle_secp_521r1): Delete
macro wrappers, partially reverting below 2017-04-09 change. They
didn't work at all for applications that only see a forward
declaration of struct ecc_curve. Instead, we will have to make an
ABI and API break and delete these symbols, when the size of
struct ecc_curve is increased.
2017-11-05 Niels Möller <nisse@lysator.liu.se>
* configure.ac Bump package version to 3.4.
(LIBNETTLE_MINOR): Bump library version to 6.4.
(LIBHOGWEED_MINOR): Bump library version to 4.4.
2017-10-23 Niels Möller <nisse@lysator.liu.se>
* examples/Makefile.in (check): Also set DYLD_LIBRARY_PATH in the
environment, to support Mac OSX shared libraries.
* testsuite/Makefile.in (LD_LIBRARY_PATH): Likewise.
2017-10-23 Niels Möller <nisse@lysator.liu.se>
Merge API fixes, starting at 2017-01-12.
2017-04-09 Niels Möller <nisse@lysator.liu.se>
* ecc-curve.h (nettle_get_secp_192r1, nettle_get_secp_224r1)
(nettle_get_secp_256r1, nettle_get_secp_384r1)
(nettle_get_secp_521r1): New functions, returning a pointer to
corresponding structure.
(nettle_secp_192r1, nettle_secp_224r1, nettle_secp_256r1)
(nettle_secp_384r1, nettle_secp_521r1): Redefined as macros,
calling the corresponding function.
* nettle-meta.h (nettle_ciphers, nettle_aeads, nettle_armors): New
macros, analogous to below change to nettle_hashes.
* nettle-meta-ciphers.c (nettle_get_ciphers): New function.
* nettle-meta-aeads.c (nettle_get_aeads): New function.
* nettle-meta-armors.c (nettle_get_armors): New function.
2017-01-12 Niels Möller <nisse@lysator.liu.se>
* tools/nettle-hash.c (find_algorithm): Deleted function.
(main): Replaced by call to nettle_lookup_hash.
* testsuite/meta-hash-test.c (test_main): Use nettle_lookup_hash.
* nettle-meta.h (nettle_hashes): New macro, expanding to a call to
nettle_get_hashes. Direct access to the array causes the array
size to leak into the ABI, since a plain un-relocatable executable
linking with libnettle.so gets copy relocations for any referenced
data items in the shared library.
* nettle-meta-hashes.c (nettle_get_hashes): New function.
2017-10-16 Niels Möller <nisse@lysator.liu.se>
CFB support, contributed by Dmitry Eremin-Solenikov.
* cfb.c (cfb_encrypt, cfb_decrypt): New file, new functions.
* cfb.h: New header file.
(CFB_CTX, CFB_SET_IV, CFB_ENCRYPT, CFB_DECRYPT): New macros.
* Makefile.in (nettle_SOURCES): Add cfb.c.
(HEADERS): Add cfb.h.
* testsuite/cfb-test.c: New test case.
* testsuite/testutils.c (test_cipher_cfb): New function.
* nettle.texinfo (CFB): Documentation.
2017-10-16 Niels Möller <nisse@lysator.liu.se>
* aclocal.m4 (GMP_PROG_CC_FOR_BUILD): Add -g when compiling with
gcc.
2017-09-27 Niels Möller <nisse@lysator.liu.se>
Merged armor-signedness branch, starting 2017-08-27.
2017-09-24 Niels Möller <nisse@lysator.liu.se>
* tools/pkcs1-conv.c (base64_decode_in_place): New helper
function.
(decode_base64): Use it.
* sexp-transport-format.c (base64_encode_in_place): New helper
function.
(sexp_transport_vformat): Use it.
* testsuite/base64-test.c (test_fuzz_once): Update to use char
type where appropriate.
(test_main): Use helper functions base64_encode_in_place and
base64_decode_in_place (copied to this file).
* testsuite/testutils.c (tstring_data): Use uint8_t for data
argument.
* testsuite/testutils.h (SDATA): Use US macro to cast data
argument.
2017-08-27 Niels Möller <nisse@lysator.liu.se>
* base64-encode.c (base64_encode_raw, base64_encode_group)
(base64_encode_single, base64_encode_update)
(base64_encode_final): Change type of destination to char *.
* base16-encode.c (base16_encode_single, base16_encode_update):
Likewise.
* base64-decode.c (base64_decode_single, base64_decode_update):
Change type of source argument to const char *. Update (almost)
all callers.
* base16-decode.c (base16_decode_single, base16_decode_update):
Likewise.
* nettle-types.h (nettle_armor_encode_update_func)
(nettle_armor_encode_final_func, nettle_armor_decode_update_func):
Corresponding updates to typedefs.
2017-09-14 Niels Möller <nisse@lysator.liu.se>
* hkdf.c: Delete unneeded includes. Use Nettle licensing notice.
* hkdf.h: Include only nettle-types.h, not nettle-meta.h.
* ecc-mod.c (ecc_mod): Workaround to silence a false positive from
the clang static analyzer.
2017-09-12 Niels Möller <nisse@lysator.liu.se>
* testsuite/testutils.h (mpn_zero_p): Avoid redefining mpn_zero_p
when building with mini-gmp. Since the mini-gmp update, this
function is defined by mini-gmp, causing link errors if nettle is
configured with --enable-mini-gmp --disable-shared. Reported by
Tim Rühsen.
2017-09-09 Daiki Ueno <dueno@redhat.com>
* testsuite/ecc-mul-g-test.c (test_main): Fixed mpn_cmp call.
* testsuite/ecc-mul-a-test.c (test_main): Likewise.
* eccdata.c (ecc_point_out): Write to given stream, instead of
stderr.
* eccdata.c (output_curve): In curve448, the bit size of the order
is slightly smaller than the one of p's. Adjust ecc_Bmodq_shifted
accordingly.
2017-09-09 Niels Möller <nisse@lysator.liu.se>
* mini-gmp.c: Updated mini-gmp from the gmp repository, latest
change from 2017-07-23.
* mini-gmp.h: Likewise.
2017-09-06 Niels Möller <nisse@lysator.liu.se>
* hkdf.c (hkdf_expand): Eliminate a (signed) ssize_t variable, use
break rather than return at loop termination.
2017-09-06 Niels Möller <nisse@lysator.liu.se>
HKDF implementation, contributed by Nikos Mavrogiannopoulos.
* hkdf.c (hkdf_extract, hkdf_expand): New file, new functions.
* hkdf.h: New file.
* Makefile.in (nettle_SOURCES): Add hkdf.c.
(HEADERS): Add hkdf.h.
* testsuite/hkdf-test.c: Tests for hkdf-sha256 and hkdf-sha1.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added hkdf-test.c.
* nettle.texinfo (Key derivation functions): Document HKDF.
2017-09-04 Andreas Schneider <asn@samba.org>
* fat-arm.c: Add missing define for _GNU_SOURCE.
2017-08-27 Niels Möller <nisse@lysator.liu.se>
* configure.ac (GMP_NUMB_BITS): Set to dummy value "n/a" in
mini-gmp builds.
(NUMB_BITS): New substituted variable which always holds the
configured value.
* Makefile.in (GMP_NUMB_BITS): Renamed variable...
(NUMB_BITS): ...new name
* config.make.in: Update corresponding substitution.
2017-08-26 Niels Möller <nisse@lysator.liu.se>
* ecc-mod-inv.c (ecc_mod_inv): Add missing assert. Fixes a
"dead increment" warning from the clang static analyzer.
2017-08-26 Niels Möller <nisse@lysator.liu.se>
* examples/nettle-openssl.c (struct openssl_cipher_ctx): New
struct. Use everywhere, instead of typing EVP_CIPHER_CTX pointers
directly.
* configure.ac: Update openssl-related tests. Checks for
cipher-specific headers are replaced by a check for openssl/evp.h,
and the check for the BF_ecb_encrypt function is replaced by a
check for EVP_CIPHER_CTX_new.
2017-08-03 Daniel P. Berrange <berrange@redhat.com>
* examples/nettle-openssl.c: Rewritten to use openssl's EVP APIs.
The older cipher-specific functions always use openssl's generic
software implementation, while the EVP functions enables
platform-specific code, e.g., using the x86 AES-NI instructions.
(nettle_openssl_init): New function.
2017-07-18 Niels Möller <nisse@lysator.liu.se>
* ecc-add-eh.c (ecc_add_eh): Fix in-place operation by reordering
two multiplies. Previously, in-place operation resulted in an
invalid call to mpn_mul with overlapping operands. Reported by
Sergei Trofimovich.
2017-06-09 Niels Möller <nisse@lysator.liu.se>
* pss.c (pss_verify_mgf1): Check for m being too large, fixing an
assertion failure for certain invalid signatures. Based on a patch
contributed by Daiki Ueno.
* testsuite/rsa-pss-sign-tr-test.c (test_main): Add test case
contributed by Daiki Ueno. Problem originally found by oss-fuzz,
see https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2132.
That problem report is currently embargoed, but will hopefully be
public in a month or two.
2017-05-23 Niels Möller <nisse@lysator.liu.se>
Rework the previous change, which had the unintended effect of
always regenerating .test-rules.make after ./configure is run.
* testsuite/Makefile.in (test-rules.stamp): New stamp file target,
depend on Makefile.in, and run $(MAKE) test-rules.
(.test-rules.make): Add a level of indirection, by depending on
test-rules.stamp.
2017-05-20 Niels Möller <nisse@lysator.liu.se>
* testsuite/Makefile.in (test-rules): Use $(srddir)/-prefix for
.test-rules.make target, and change dependency from Makefile.in to
Makefile.
2017-05-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
* testsuite/Makefile.in: Ensure .test-rules.make is regenerated
when Makefile.in is modified.
2017-04-09 Niels Möller <nisse@lysator.liu.se>
* testsuite/dlopen-test.c (main): Call dlclose, to fix memory leak
on success.
* testsuite/pss-test.c: Delete magic to let valgrind to check if
pss_encode_mgf1 is side-channel silent with respect to the salt
and digest inputs. It turns out that the most significant bits of
the padded bignum, and hence its size, depends on these inputs.
Which results in a data-dependent branch in the normalization code
of at the end of gmp's mpz_import.
2017-04-04 Niels Möller <nisse@lysator.liu.se>
* pss.c (pss_verify_mgf1): Use const for input mpz_t argument.
(pss_encode_mgf1): Avoid unnecessary memset and xor operations.
Merged RSA-PSS support, contributed by Daiki Ueno.
* pss-mgf1.h, pss.h: New header files.
* pss-mgf1.c (pss_mgf1): New file and function.
* pss.c (pss_encode_mgf1, pss_verify_mgf1): New file and
functions.
* rsa-verify.c (_rsa_verify_recover): New function.
* rsa-pss-sha256-sign-tr.c: (rsa_pss_sha256_sign_digest_tr): New
file and function.
* rsa-pss-sha256-verify.c (rsa_pss_sha256_verify_digest): New
file and function.
* rsa-pss-sha512-sign-tr.c (rsa_pss_sha384_sign_digest_tr)
(rsa_pss_sha512_sign_digest_tr): New file and functions.
* rsa-pss-sha512-verify.c (rsa_pss_sha384_verify_digest)
(rsa_pss_sha512_verify_digest): New file and functions.
* rsa.h: Prototypes for new functions.
* testsuite/rsa-pss-sign-tr-test.c: New test case.
* testsuite/pss-test.c: New test case.
* testsuite/pss-mgf1-test.c: New test case.
* Makefile.in, testsuite/Makefile.in: Added new files.
* nettle.texinfo: Documentation of rsa-pss functions.
2017-03-20 Niels Möller <nisse@lysator.liu.se>
* nettle-internal.h (NETTLE_MAX_HASH_CONTEXT_SIZE): New constant.
* testsuite/meta-hash-test.c (test_main): Add sanity check for
NETTLE_MAX_HASH_CONTEXT_SIZE.
* tools/nettle-hash.c (list_algorithms): Also display the internal
context size.
2017-01-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
* ecdsa-verify.c (ecdsa_verify): Eliminated memory leak on error
path.
2016-10-10 Niels Möller <nisse@lysator.liu.se>
* write-be32.c (_nettle_write_be32): Use const for source argument.
* write-le32.c (_nettle_write_le32): Likewise.
* write-le64.c (_nettle_write_le64): Likewise.
* nettle-write.h: Update prototypes.
2016-10-01 Niels Möller <nisse@lysator.liu.se>
* Released nettle-3.3.
2016-09-13 Niels Möller <nisse@lysator.liu.se>
* nettle-meta-hashes.c (nettle_hashes): Added SHA3 hashes.
Reported missing by Thomas Walter.
* testsuite/meta-hash-test.c: Update test accordingly.
2016-09-07 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo (Elliptic curves): Split into sub-nodes.
(Miscellaneous functions): Document memeql_sec.
* NEWS: Mention memeql_sec.
2016-09-06 Niels Möller <nisse@lysator.liu.se>
* NEWS: Update for 3.3.
* configure.ac: Bump package version to 3.3.
(LIBNETTLE_MINOR): Bump library version to 6.3.
(LIBHOGWEED_MINOR): Bump library version to 4.3.
2016-09-05 Niels Möller <nisse@lysator.liu.se>
* curve25519.h (NETTLE_CURVE25519_RFC7748): New preprocessor
constant.
* nettle.texinfo: Document it.
2016-09-03 Niels Möller <nisse@lysator.liu.se>
* config.make.in (.SUFFIXES): Delete no longer used .p$(OBJEXT).
* sexp.h (TOKEN_CHAR): Delete macro and declaration of
sexp_token_chars. They belong in tools/misc.h, not here.
* examples/ecc-benchmark.c (die): Deleted unused function.
* testsuite/testutils.h (US): New macro, for unsigned string
literals.
(LDATA): Use the US macro, to eliminate pointer signedness
warnings.
* testsuite/eddsa-verify-test.c (test_eddsa): Use LDATA.
* testsuite/pbkdf2-test.c (test_main): Likewise.
* testsuite/pkcs1-test.c (test_main): Likewise.
* testsuite/md5-compat-test.c (test_main): Use US macro.
* testsuite/sexp-test.c (test_main): Use const char * for assoc
keys. Overlooked in 2016-08-16 change.
* testsuite/yarrow-test.c (test_main): Fix pointer
signednesss warnings.
* testsuite/sexp-format-test.c (test_main): Likewise.
* testsuite/rsa-encrypt-test.c (test_main): Likewise.
* tools/nettle-lfib-stream.c (main): Likewise.
* tools/output.c (sexp_put_string): Likewise.
* testsuite/testutils.c (test_armor): Change ascii argument to
const char *.
* testsuite/base16-test.c (test_main): Use LDATA for the non-ascii
argument to test_armor.
* testsuite/base64-test.c (test_main): Likewise.
* tools/nettle-pbkdf2.c (main): Fix some pointer signedness warning.
* tools/nettle-hash.c (hash_file): Likewise.
* examples/rsa-decrypt.c (process_file): Use memeql_sec to check
the digest.
* memeql-sec.c (memeql_sec): New public function, moved from...
* ccm.c (memeql_sec): ... previous location.
* memops.h: New header file, generalizing memxor.h.
* testsuite/memeql-test.c (test_main): New test case.
(memeql_sec_for_test): Wrapper to get valgrind to check for
side-channel silence.
2016-08-29 Niels Möller <nisse@lysator.liu.se>
* sexp-format.c (strlen_u8): New helper function.
(sexp_vformat): Use uint8_t * for strings instead of char *.
2016-08-16 Niels Möller <nisse@lysator.liu.se>
* examples/io.c (hash_file): Use uint8_t for buffer.
* sexp.c (sexp_iterator_check_type, sexp_iterator_check_types)
(sexp_iterator_assoc): Use const char * for caller's expression
types. Updated all callers.
* rsa2openpgp.c (rsa_keypair_to_openpgp): Added cast to const
uint8_t *.
* pgp-encode.c (write_string): New helper function, replacing...
(WRITE): ... deleted macro.
* examples/io.c (write_data): Renamed, and use const void * for
the input data. Updated all callers.
(write_string): ... old name.
(write_file): Use const void * for the input data.
2016-08-05 Niels Möller <nisse@lysator.liu.se>
* examples/hogweed-benchmark.c: Use uint8_t for curve25519 values.
(bench_rsa_init): Use unsigned char for sexp strings.
(bench_dsa_init): Likewise.
(hash_string): Delete length argument, calling strlen instead.
Cast string to const uint8_t *. Updated callers.
* examples/io.c (read_file): Use size_t for sizes, and uint8_t for
the contents.
2016-08-04 Niels Möller <nisse@lysator.liu.se>
* dsa-sign.c (dsa_sign): Return failure if p is even, so that an
invalid key doesn't result in a crash inside mpz_powm_sec.
* rsa-sign-tr.c (rsa_compute_root_tr): Return failure if any of p,
q or n is even, to avoid crashing inside mpz_powm_sec. Invalid
keys with even modulo are rejected by rsa_public_key_prepare and
rsa_private_key_prepare, but some applications, notably gnutls,
don't use them.
2016-07-31 Niels Möller <nisse@lysator.liu.se>
* rsa.c (_rsa_check_size): Check that n is odd. Otherwise, using
an invalid key may crash in mpz_powm_sec. Problem reported by
Hanno Böck.
2016-07-13 Niels Möller <nisse@lysator.liu.se>
* bignum.c (nettle_mpz_from_octets): Unconditionally use
mpz_import.
* gmp-glue.c (mpn_copyd, mpn_copyi, mpn_zero): Deleted
compatibility definitions for older versions of GMP.
* gmp-glue.h (mpn_sqr): Deleted compatibility definition.
* testsuite/testutils.c (mpz_combit): Deleted compatibility
definition.
2016-07-12 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Check for mpz_powm_sec, and require GMP-5.0 or
later.
* bignum.h (mpz_powm_sec): Fall back to plain mpz_powm for
mini-gmp build.
* dsa-sign.c (dsa_sign): Use mpz_powm_sec.
* rsa-sign.c (rsa_compute_root): Likewise.
* rsa-sign-tr.c (rsa_blind, rsa_compute_root_tr): Likewise.
* rsa-blind.c (_rsa_blind): Likewise.
2016-05-02 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo: Update Curve25519 documentation.
* testsuite/curve25519-dh-test.c: Test that inputs bits which must
be ignored really are ignored.
2016-04-25 Niels Möller <nisse@lysator.liu.se>
* curve25519-mul.c (curve25519_mul): Ignore top bit of the input x
coordinate, as required by RFC 7748.
2016-03-30 Niels Möller <nisse@lysator.liu.se>
From Nikos Mavrogiannopoulos.
* configure.ac: Change dll names to follow the libtool convention
with only major version number in the name.
2016-03-15 Niels Möller <nisse@lysator.liu.se>
* twofish.c (gf_multiply): Change return value to uint32_t, to
make shifting of the return value well defined, without any type
casts. Fixes an undefined shift in compute_s, reported by Nikos
Mavrogiannopoulos.
(h_byte): Deleted type casts.
* blowfish.c (blowfish_encrypt, blowfish_decrypt): Use READ_UINT32
macro. Fixes an undefined shift, reported by Nikos
Mavrogiannopoulos.
From Nikos Mavrogiannopoulos.
* configure.ac (HOGWEED_EXTRA_SYMBOLS): Add "mp_*", when building
with mini-gmp.
* des.c (des_weak_p): Check that the hash value is in the proper
range before using it. Fixes an out-of-bounds read.
2016-03-14 Niels Möller <nisse@lysator.liu.se>
* getopt.c (_getopt_internal_r): Fix c99-ism, move declarations to
top of block. Reported by Henrik Grubbström.
2016-02-16 Niels Möller <nisse@lysator.liu.se>
* tools/input.c (sexp_get_string_length): Process advanced string
syntax only when in advanced mode. Fixes an assertion failure
reported by Hanno Böck, for input where advanced syntax is
improperly wrapped inside transport syntax.
* tools/parse.c (sexp_parse): Fail with an error message for
unexpected ']' characters. Fixes crash reported by Hanno Böck.
Also handle SEXP_DISPLAY (internal error) explicitly, without a
default clause.
2016-01-28 Niels Möller <nisse@lysator.liu.se>
* Released nettle-3.2.
2016-01-26 Niels Möller <nisse@lysator.liu.se>
* tools/nettle-pbkdf2.c (main): Fix handling of unrecognized
options. Bug reported by Dongsheng Zhang. Display usage message
and exit non-zero. Also added "Usage: "-prefix to the message.
* tools/nettle-hash.c (usage): New function, extracted from main.
(main): Analogous fix for unrecognized options.
2016-01-23 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo: Set UPDATED-FOR to 3.2.
2016-01-21 Niels Möller <nisse@lysator.liu.se>
* .gitlab-ci.yml: New file. Configuration for gitlab's continuous
integration system.
2016-01-20 Niels Möller <nisse@lysator.liu.se>
* testsuite/dlopen-test.c (main): Mark arguments as UNUSED.
* testsuite/Makefile.in (clean): Delete dlopen-test.
* configure.ac: Bump package version, to nettle-3.2.
(LIBNETTLE_MINOR, LIBHOGWEED_MINOR): Bump minor versions, to
libnettle.so.6.2 and and libhogweed.so.4.2.
2016-01-10 Niels Möller <nisse@lysator.liu.se>
* base64-encode.c (encode_raw): Use const uint8_t * for the
alphabet argument.
* nettle.texinfo (RSA): Document the rsa_pkcs1_verify and
rsa_pkcs1_sign functions, and the new rsa_*_tr functions.
2015-12-18 Niels Möller <nisse@lysator.liu.se>
* testsuite/testutils.h: Fix include order, system headers before
nettle headers. Always include version.h, needed by
version-test.c. It was included indirectly via bignum.h, but only
if configured with publickey support.
* configure.ac (IF_DLOPEN_TEST): Fixed shell conditional.
* testsuite/ecc-mod-test.c (test_main): Handle random seeding if
NETTLE_TEST_SEED is set in the environment.
2015-12-15 Niels Möller <nisse@lysator.liu.se>
* x86_64/ecc-384-modp.asm: Fixed carry propagation bug. Problem
reported by Hanno Böck. Simplified the folding to always use
non-negative carry, the old code attempted to add in a carry which
could be either positive or negative, but didn't get that case
right.
2015-12-10 Niels Möller <nisse@lysator.liu.se>
* ecc-256.c (ecc_256_modp): Fixed carry propagation bug. Problem
reported by Hanno Böck.
(ecc_256_modq): Fixed another carry propagation bug.
2015-11-23 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo: Document rsa_encrypt, rsa_decrypt and
rsa_decrypt_tr. Text contributed by Andy Lawrence.
2015-11-15 Niels Möller <nisse@lysator.liu.se>
* rsa.h (_rsa_blind, _rsa_unblind): Mark as deprecated.
2015-09-17 Niels Möller <nisse@lysator.liu.se>
* rsa-md5-sign-tr.c (rsa_md5_sign_tr, rsa_md5_sign_digest_tr): New
file, new functions.
* rsa-sha1-sign-tr.c (rsa_sha1_sign_tr, rsa_sha1_sign_digest_tr):
Likewise.
* rsa-sha256-sign-tr.c (rsa_sha256_sign_tr)
(rsa_sha256_sign_digest_tr): Likewise.
* rsa-sha512-sign-tr.c (rsa_sha512_sign_tr)
(rsa_sha512_sign_digest_tr): Likewise.
* rsa.h: Added corresponding prototypes.
* Makefile.in (hogweed_SOURCES): Added new files.
* testsuite/testutils.c (SIGN): Extend macro to test new
functions, and the rsa_*_sign_digest functions. Updated callers.
2015-09-14 Niels Möller <nisse@lysator.liu.se>
* rsa-decrypt-tr.c (rsa_decrypt_tr): Use rsa_compute_root_tr.
Mainly for simplicity and consistency, I'm not aware of any CRT
fault attacks on RSA decryption.
* testsuite/rsa-encrypt-test.c (test_main): Added test with
invalid private key.
* rsa-sign-tr.c (rsa_compute_root_tr): New file and function.
* rsa.h: Declare it.
* rsa-pkcs1-sign-tr.c (rsa_pkcs1_sign_tr): Use rsa_compute_root_tr.
(rsa_verify_res): Deleted, replaced by rsa_compute_root_tr.
* testsuite/rsa-sign-tr-test.c (test_rsa_sign_tr): Check that
signature argument is unchanged on failure.
* Makefile.in (hogweed_SOURCES): Added rsa-sign-tr.c.
2015-09-07 Niels Möller <nisse@lysator.liu.se>
* testsuite/rsa-sign-tr-test.c: Drop include of nettle-internal.h.
(test_main): Fix incorrect use of sizeof, and use LDATA macro.
From Nikos Mavrogiannopoulos.
* rsa-pkcs1-sign-tr.c (rsa_verify_res): New function.
(rsa_pkcs1_sign_tr): Check result of private key operation, to
protect against hardware or software errors leaking the private
key.
* testsuite/rsa-sign-tr-test.c: New testcase.
2015-09-06 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo: Updated SHA3 documentation.
2015-09-02 Niels Möller <nisse@lysator.liu.se>
* testsuite/dlopen-test.c: New test program, exposing the problem
with ifunc and RTLD_NOW.
* testsuite/Makefile.in (TS_ALL): Conditionally add dlopen-test.
(SOURCES): Added dlopen-test.c.
(dlopen-test): New target, unlike other test programs, *not*
linked with -lnettle.
* configure.ac: Check for dlfcn.h and the dlopen function.
(IF_DLOPEN_TEST): New substituted variable, true if dlopen is
available and we are building a shared library.
* fat-setup.h: Disable use of ifunc, since it breaks dlopen with
RTLD_NOW.
2015-08-25 Niels Möller <nisse@lysator.liu.se>
* NEWS: Started on entries for Nettle-3.2.
* sha3.h (NETTLE_SHA3_FIPS202): New preprocessor constant.
2015-08-24 Niels Möller <nisse@lysator.liu.se>
* testsuite/sha3.awk: Document origin of test vectors.
From Nikos Mavrogiannopoulos.
* sha3.c (_sha3_pad): Update for NIST version.
* testsuite/sha3-224-test.c: Updated test vectors.
* testsuite/sha3-256-test.c: Likewise.
* testsuite/sha3-384-test.c: Likewise.
* testsuite/sha3-512-test.c: Likewise.
2015-06-03 Niels Möller <nisse@lysator.liu.se>
* arm/neon/chacha-core-internal.asm: New file. 55% speedup over C
version on Cortex-A9.
2015-05-19 Niels Möller <nisse@lysator.liu.se>
* configure.ac: ABI detection (n32 or n64) on Irix, and
appropriate default for libdir. Patch from Klaus Ziegler.
2015-05-12 Niels Möller <nisse@lysator.liu.se>
* version.c (nettle_version_major, nettle_version_minor): New
file. New functions, returning the value of the corresponding
preprocessor constant.
* Makefile.in (nettle_SOURCES): Added version.c.
* testsuite/version-test.c: New testcase.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added version-test.c.
2015-04-29 Niels Möller <nisse@lysator.liu.se>
* arm/v6/sha256-compress.asm: Fix syntax error in offset
addressing. Spotted by Jukka Ukkonen.
* arm/v6/aes-decrypt-internal.asm: Drop %-prefix on r12 register.
* arm/v6/aes-encrypt-internal.asm: Likewise.
2015-04-24 Niels Möller <nisse@lysator.liu.se>
* Released nettle-3.1.1.
* configure.ac: Bump package version, to nettle-3.1.1.
(LIBNETTLE_MINOR, LIBHOGWEED_MINOR): Bump minor versions, to
libnettle.so.6.1 and and libhogweed.so.4.1.
2015-04-22 Niels Möller <nisse@lysator.liu.se>
* x86_64/gcm-hash8.asm: Use ".value" instead of ".short", since
the latter is not supported by the Sun/Oracle assembler.
2015-04-13 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Fix shell quoting in test of GMP_NUMB_BITS asm
compatibility. Reported by Edward Sheldrake.
2015-04-07 Niels Möller <nisse@lysator.liu.se>
* Released nettle-3.1.
2015-03-31 Niels Möller <nisse@lysator.liu.se>
* x86_64/ecc-224-modp.asm: Require that GMP_NUMB_BITS == 64.
* x86_64/ecc-521-modp.asm: Likewise. Note that the other
ecc-*-modp.asm files happen to work fine on x86_64, with either 32
or 64 bits.
* asm.m4 (GMP_NUMB_BITS): New macro, expanding to nothing.
* configure.ac: Move tests for compiler characteristics,
libraries, and GMP_NUMB_BITS, before assembler-related tests.
For files in $asm_hogweed_optional_list, check if they declare
a GMP_NUMB_BITS requirement, and skip files which are incompatible
with the configuration. Needed for --enable-mini-gmp om w64.
* Makefile.in (clean-here): Unconditionally delete *.a (including
stub libraries like *.dll.a).
2015-03-30 Niels Möller <nisse@lysator.liu.se>
* version.h.in (GMP_NUMB_BITS) [NETTLE_USE_MINI_GMP]: Move
definition here (uses configure substitution).
* bignum.h (GMP_NUMB_BITS): ...old location.
* nettle.texinfo: Updated version number.
(Installation): Document some more configure options.
* testsuite/symbols-test: Look for NETTLE_USE_MINI_GMP in
version.h, not bignum.h. Allow leading underscore on mini-gmp
symbols.
2015-03-26 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (PRE_CPPFLAGS): Drop -I$(srcdir), no longer needed.
(HEADERS): Added bignum.h. Removed version.h.
(INSTALL_HEADERS): Added version.h.
(DISTFILES): Removed bignum.h.in.
(bignum.h): Deleted make target.
(distclean-here): Don't delete bignum.h.
* configure.ac: No longer generate bignum.h.
* bignum.h: Renamed. Removed substitution of NETTLE_USE_MINI_GMP,
and include version.h instead.
* bignum.h.in: ... old name.
* version.h.in (NETTLE_USE_MINI_GMP): Substitute here.
2015-03-25 Niels Möller <nisse@lysator.liu.se>
* configure.ac (MAJOR_VERSION, MINOR_VERSION): Tweak sed
expressions, to tolerate version suffixes.
* Makefile.in (distdir): Include assembly files from the new
x86_64/aesni, x86_64/fat, and arm/fat directories.
* ed25519-sha512-pubkey.c: Fix stack overwrite. The digest array
must have room for a complete sha512 digest.
2015-03-19 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (OPT_HOGWEED_SOURCES): Deleted make variable.
(nettle_SOURCES, hogweed_SOURCES): Don't include optional sources
here.
(OPT_SOURCES): New variable.
(SOURCES): Include OPT_SOURCES.
(DISTFILES): Drop mini-gmp.c here, included via OPT_SOURCES.
(nettle_OBJS, hogweed_OBJS): Add the object files corresponding to
the optional source files included in the build.
* ecc-curve.h (nettle_curve25519): Removed public declaration.
* ecc-internal.h (_nettle_curve25519): New location, new name.
Updated all users.
* nettle.texinfo: Updated EdDSA documentation.
* Makefile.in (DISTFILES): Added version.h.in, libnettle.map.in,
and libhogweed.map.in (latter two patch by Nikos).
(version.h): New make target.
(distclean-here): Added version.h, libnettle.map, and
libhogweed.map.
From Nikos Mavrogiannopoulos.
* configure.ac (MAJOR_VERSION, MINOR_VERSION): New substituted
variables.
* version.h.in: New file, defining version numbers.
2015-03-18 Niels Möller <nisse@lysator.liu.se>
EdDSA interface change, use plain strings to represent keys.
* eddsa.h (_ED25519_LIMB_SIZE): Deleted constant.
(struct ed25519_private_key, ed25519_public_key): Deleted.
* eddsa-expand.c (_eddsa_expand_key): Don't compute the public
key.
(_eddsa_expand_key_itch): Deleted function.
* eddsa-pubkey.c (_eddsa_public_key, _eddsa_public_key_itch): New
file, new functions.
* ed25519-sha512-pubkey.c (ed25519_sha512_public_key): New file
and function.
* ed25519-sha512-verify.c (ed25519_sha512_set_public_key): Deleted
function.
(ed25519_sha512_verify): Use a string to represent the public key.
* ed25519-sha512-sign.c (ed25519_sha512_set_private_key): Deleted
function.
(ed25519_sha512_sign): Use strings for the input key pair.
* Makefile.in (hogweed_SOURCES): Added eddsa-pubkey.c and
ed25519-sha512-pubkey.c.
* testsuite/eddsa-sign-test.c (test_eddsa_sign): Adapt to
_eddsa_expand_key changes, and use _eddsa_public_key.
* testsuite/ed25519-test.c (test_one): Test
ed25519_sha512_public_key, and adapt to new ed25519 interface.
2015-03-14 Niels Möller <nisse@lysator.liu.se>
* ccm.c (memeql_sec): New function, more side-channel silent than
memcmp.
(ccm_decrypt_message): Use it.
2015-03-12 Niels Möller <nisse@lysator.liu.se>
* base64.h (struct base64_encode_ctx): Micro optimization of
struct layout, saving a few bytes.
(struct base64_decode_ctx): Likewise.
* base16.h (struct base16_decode_ctx): Likewise.
* nettle.texinfo (ASCII encoding): Document base64url functions.
2015-03-10 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo: Update documentation of curve25519_mul. Say that
the output is undefined for points belonging to the twist rather
than the proper curve.
* curve25519-mul.c (curve25519_mul): Changed return type to void.
* curve25519.h (curve25519_mul): Updated prototype.
* examples/hogweed-benchmark.c (bench_curve25519_mul): Drop check
of curve25519_mul return value.
* testsuite/curve25519-dh-test.c (test_a): Likewise.
2015-02-26 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo: Document curve25519 and eddsa.
2015-02-10 Niels Möller <nisse@lysator.liu.se>
* base64url-meta.c (nettle_base64url): New file.
* nettle-meta.h (nettle_base64url): Declare it.
* nettle-meta-armors.c (nettle_armors): Added nettle_base64url.
* testsuite/meta-armor-test.c: Updated testcase.
* testsuite/base64-test.c (test_main): Additional tests, using
nettle_base64url.
* Makefile.in (nettle_SOURCES): Added base64url-meta.c.
Base-64 generalization to support RFC4648 URL safe alphabet,
contributed by Amos Jeffries.
* base64url-decode.c (base64url_decode_init): New file and
function.
* base64url-encode.c (base64url_encode_init): New file and
function.
* Makefile.in (nettle_SOURCES): Added base64url-encode.c and
base64url-decode.c.
* base64.h: Declare new functions.
* testsuite/base64-test.c (test_fuzz): Test base64url encoding and
decoding.
* base64.h (struct base64_encode_ctx): Added pointer to alphabet.
(struct base64_decode_ctx): Added pointer to decoding table.
* base64-decode.c (base64_decode_init): Initialize table pointer.
Moved definition of table to local scope.
(base64_decode_single): Use the context's decoding table.
* base64-encode.c (ENCODE): Added alphabet argument. Updated all
uses.
(encode_raw): New static function, like base64_encode_raw
but with an alphabet argument.
(base64_encode_raw): Call encode_raw.
(base64_encode_init): Initialize alphabet pointer.
(base64_encode_single, base64_encode_update, base64_encode_final):
Use the context's alphabet.
2015-02-09 Niels Möller <nisse@lysator.liu.se>
* base64-encode.c (base64_encode): Deleted old #if:ed out
function.
* testsuite/base64-test.c (test_fuzz_once, test_fuzz): Additional
tests, based on contribution by Amos Jeffries.
2015-02-05 Niels Möller <nisse@lysator.liu.se>
* configure.ac (LIBHOGWEED_MAJOR): Undo latest bump, 4 should be
enough (previous release, nettle-3.0, used 3).
2015-01-30 Niels Möller <nisse@lysator.liu.se>
Update chacha-poly1305 for draft-irtf-cfrg-chacha20-poly1305-08.
* chacha-poly1305.h (CHACHA_POLY1305_NONCE_SIZE): Increase to 12
bytes, i.e., CHACHA_NONCE96_SIZE.
* chacha-poly1305.c (chacha_poly1305_set_nonce): Use
chacha_set_nonce96.
(poly1305_pad): New function.
(chacha_poly1305_encrypt): Use poly1305_pad.
(chacha_poly1305_digest): Call poly1305_pad, and format length
fields as a single poly1305 block.
* chacha-set-nonce.c (chacha_set_nonce96): New function.
* chacha.h (CHACHA_NONCE96_SIZE): New constant.
* testsuite/chacha-test.c: Add test for chacha with 96-bit nonce.
2015-01-27 Niels Möller <nisse@lysator.liu.se>
* ecc.h: Deleted declarations of unused itch functions. Moved
declarations of internal functions to...
* ecc-internal.h: ...new location. Also added a leading under
score on the symbols.
(ecc_a_to_j, ecc_j_to_a, ecc_eh_to_a, ecc_dup_jj, ecc_add_jja)
(ecc_add_jjj, ecc_dup_eh, ecc_add_eh, ecc_add_ehh, ecc_mul_g)
(ecc_mul_a, ecc_mul_g_eh, ecc_mul_a_eh): Affected functions.
2015-01-26 Niels Möller <nisse@lysator.liu.se>
* ecc-add-eh.c (ecc_add_eh_itch): Deleted.
* ecc-add-ehh.c (ecc_add_ehh_itch): Deleted.
* ecc-add-jja.c (ecc_add_jja_itch): Deleted.
* ecc-add-jjj.c (ecc_add_jjj_itch): Deleted.
* ecc-dup-eh.c (ecc_dup_eh_itch): Deleted.
* ecc-dup-jj.c (ecc_dup_jj_itch): Deleted.
* ecc-eh-to-a.c (ecc_eh_to_a_itch): Deleted.
* ecc-j-to-a.c (ecc_j_to_a_itch): Deleted.
* ecc-mul-a-eh.c (ecc_mul_a_eh_itch): Deleted.
* ecc-mul-a.c (ecc_mul_a_itch): Deleted.
* ecc-mul-g-eh.c (ecc_mul_g_eh_itch): Deleted.
* ecc-mul-g.c (ecc_mul_g_itch): Deleted.
2015-01-25 Niels Möller <nisse@lysator.liu.se>
* arm/fat/sha1-compress-2.asm: New file.
* arm/fat/sha256-compress-2.asm: Likewise.
* fat-arm.c (fat_init): Setup for use of additional v6 assembly
functions.
* sha1-compress.c: Prepare for fat build with C and assembly
implementations.
* sha256-compress.c: Likewise.
* fat-setup.h (sha1_compress_func, sha256_compress_func): New typedefs.
* configure.ac (asm_nettle_optional_list): Added
sha1-compress-2.asm and sha256-compress-2.asm, and corresponding
HAVE_NATIVE_*.
From Martin Storsjö:
* arm: Add .arch directives for armv6. This allows building these
files as part of a fat build, even if the assembler by default
targets a lower architecture version.
2015-01-23 Niels Möller <nisse@lysator.liu.se>
* fat-setup.h (DEFINE_FAT_FUNC): Check value of function pointer,
before calling fat_init. Should be correct even without memory
barrier.
* fat-x86_64.c (fat_init): Deleted static variable initialized.
The checks of the relevant pointer in DEFINE_FAT_FUNC is more
robust.
* fat-arm.c (fat_init): Likewise.
2015-01-21 Niels Möller <nisse@lysator.liu.se>
* fat-arm.c (fat_init): Setup for use of neon assembly functions.
* arm/fat/salsa20-core-internal-2.asm: New file.
* arm/fat/sha3-permute-2.asm: New file.
* arm/fat/sha512-compress-2.asm: New file.
* arm/fat/umac-nh-2.asm: New file.
* arm/fat/umac-nh-n-2.asm: New file.
* salsa20-core-internal.c: Prepare for fat build with C and
assembly implementations.
* sha512-compress.c: Likewise.
* sha3-permute.c: Likewise.
* umac-nh.c: Likewise.
* umac-nh-n.c: Likewise.
* configure.ac (asm_nettle_optional_list): Added more *-2.asm
files, and corresponding HAVE_NATIVE_* defines. Recognize PROLOGUE
macro in asm files, also when not at the start of the line.
2015-01-20 Niels Möller <nisse@lysator.liu.se>
* fat-arm.c (get_arm_features): Check NETTLE_FAT_OVERRIDE
environment variable.
* fat-x86_64.c (get_x86_features): New function. Check
NETTLE_FAT_OVERRIDE environment variable.
(fat_init): Use it.
* fat-setup.h (secure_getenv) [!HAVE_SECURE_GETENV]: Dummy
definition, returning NULL.
(ENV_OVERRIDE): New constant.
* configure.ac: Check for secure_getenv function.
2015-01-19 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Fat library setup for arm.
* fat-arm.c: New file.
* arm/fat/aes-encrypt-internal.asm: New files.
* arm/fat/aes-encrypt-internal-2.asm: New file.
* arm/fat/aes-decrypt-internal.asm: New file.
* arm/fat/aes-decrypt-internal-2.asm: New file.
* Makefile.in (DISTFILES): Added fat-setup.h.
* fat-setup.h: New file, declarations moved from...
* fat-x86_64.c: ... old location
2015-01-17 Niels Möller <nisse@lysator.liu.se>
* fat-x86_64.c (DECLARE_FAT_FUNC, DEFINE_FAT_FUNC)
(DECLARE_FAT_FUNC_VAR): New macros, to define needed resolver and
wrapper functions.
* config.m4.in (SYMBOL_PREFIX): Define from from autoconf
ASM_SYMBOL_PREFIX.
(C_NAMS): move definition to...
* asm.m4 (C_NAME): Define here, also take fat_transform.
(fat_suffix): Replaced by...
(fat_transform): New macro, taking symbol name as argument.
Updated all uses of fat_suffix.
* fat-x86_64.c: Updated for internal "_nettle" prefix on
cpu-specific memxor functions.
* fat-x86_64.c: Set up for sse2 vs non-sse2 memxor. Patch by Nikos
Mavrogiannopoulos.
* configure.ac (asm_nettle_optional_list): Added memxor-2.asm.
* x86_64/fat/memxor-2.asm: New file.
* x86_64/fat/memxor.asm: New file.
* x86_64/memxor.asm: Use ifdef, not ifelse, for testing USE_SSE2.
2015-01-16 Niels Möller <nisse@lysator.liu.se>
* configure.ac (OPT_NETTLE_SOURCES): New substituted variable.
(asm_path): Fixed x86_64 fat setup. Include only x86_64 and
x86_64/fat in the asm_path. Put fat-x86_64.c in
OPT_NETTLE_SOURCES, with no symlinking.
* fat-x86_64.c: Renamed,...
* x86_64/fat/fat.c: ... from old name.
2015-01-13 Niels Möller <nisse@lysator.liu.se>
* x86_64/fat/fat.c: For constructor hack, check
HAVE_GCC_ATTRIBUTE, not __GNUC__. Also support sun compilers, as
suggested by Nikos Mavrogiannopoulos, and attch the constructor
attribute directly to fat_init.
(fat_constructor): Deleted wrapper function.
* x86_64/fat/fat.c: New file, initialization for x86_64 fat
library.
* x86_64/fat/cpuid.asm (_nettle_cpuid): New file and function.
* x86_64/fat/aes-encrypt-internal.asm: New file, including
x86_64/aes-encrypt-internal.asm, after setting fat_suffix to
_x86_64.
* x86_64/fat/aes-decrypt-internal.asm: New file, analogous setup.
* x86_64/fat/aes-encrypt-internal-2.asm: New file, including
x86_64/aesni/aes-encrypt-internal.asm, after setting fat_suffix to
_aesni.
* x86_64/fat/aes-decrypt-internal.asm-2: New file, analogous
setup.
* configure.ac: New command line option --enable-fat.
(asm_nettle_optional_list): Added cpuid.asm, fat.c,
aes-encrypt-internal-2.asm, and aes-decrypt-internal-2.asm.
* asm.m4 (fat_suffix): New suffix added to symbol names.
* x86_64/aesni/aes-encrypt-internal.asm: Use explicit .byte
sequences for aes instructions, don't rely on assembler support.
* x86_64/aesni/aes-decrypt-internal.asm: Likewise.
* aclocal.m4 (NETTLE_CHECK_IFUNC): New macro, checking for ifunc
and settting HAVE_LINK_IFUNC if working.
* configure.ac: Use it.
2015-01-12 Niels Möller <nisse@lysator.liu.se>
* asm.m4 (DECLARE_FUNC): New macro, extracted from PROLOGUE.
(PROLOGUE): Use it.
* configure.ac (OPT_NETTLE_OBJS, OPT_HOGWEED_OBJS): Renamed
substituted variables, and list the object files rather than
source files.
(OPT_ASM_NETTLE_SOURCES, OPT_ASM_HOGWEED_SOURCES): ...Old names.
* Makefile.in (OPT_NETTLE_OBJS, OPT_HOGWEED_OBJS): Use new
variables.
2015-01-11 Niels Möller <nisse@lysator.liu.se>
* x86_64/aesni/aes-decrypt-internal.asm: New file.
* x86_64/aesni/aes-encrypt-internal.asm: New file.
* configure.ac: New configure flag --enable-x86-aesni.
* aclocal.m4 (LSH_RPATH_INIT): Handle freebsd, in the same way as
gnu/linux, with -Wl,-rpath,.
Merged memxor-reorg changes, starting at 2014-10-23.
2015-01-10 Niels Möller <nisse@lysator.liu.se>
* arm/memxor.asm (memxor3): Moved to new file.
* arm/memxor3.asm: New file.
2014-11-24 Niels Möller <nisse@lysator.liu.se>
* x86_64/memxor3.asm (memxor3): New file, code moved from old
memxor.asm.
* x86_64/memxor.asm (memxor): Rewritten, no longer jumps into
memxor3.
* configure.ac (asm_replace_list): Added memxor.asm and
memxor3.asm.
2014-10-23 Niels Möller <nisse@lysator.liu.se>
* configure.ac (IF_ASM): New substituted variable.
* testsuite/Makefile.in (VALGRIND): Allow partial loads only when
build includes assembly files.
* memxor-internal.h (READ_PARTIAL): New macro.
* memxor.c (memxor_different_alignment): Avoid out-of-bounds
reads, corresponding to valgrind's --partial-loads-ok. Use
READ_PARTIAL.
* memxor3.c: Analogous changes for unaligned operations.
* configure.ac (asm_replace_list): Deleted memxor.asm, now
incompatible with the memxor/memxor3 split.
* memxor3.c: New file, split off from memxor.c.
* memxor-internal.h: New file, declarations shared by memxor.c and
memxor3.c.
* memxor.c: memxor3 functions moved out from this file.
* Makefile.in (nettle_SOURCES): Added memxor3.c.
(DISTFILES): Added memxor-internal.h.
* memxor.c (memxor_common_alignment, memxor_different_alignment)
(memxor): Change loop order, iterate from the end.
(memxor3_common_alignment): Unroll twice.
(word_t): On x86_64, unconditionally define as uint64_t, to get 64
bits also in M$ windows. Replaced all uses of SIZEOF_LONG.
2014-12-12 Niels Möller <nisse@lysator.liu.se>
* cbc.h (CBC_ENCRYPT, CBC_DECRYPT): Make type-checking hack
stricter, warn if type of length argument is smaller than size_t.
* ctr.h (CTR_CRYPT): Likewise.
* eax.h (EAX_SET_KEY, EAX_SET_NONCE, EAX_UPDATE, EAX_ENCRYPT)
(EAX_DECRYPT, EAX_DIGEST): Likewise.
* gcm.h (GCM_SET_KEY, GCM_ENCRYPT, GCM_DECRYPT, GCM_DIGEST):
Likewise.
2014-12-08 Niels Möller <nisse@lysator.liu.se>
* aclocal.m4 (LD_VERSION_SCRIPT): Linker scripts no longer located
in the source tree.
* configure.ac (LIBNETTLE_MAJOR): Bump major number, now 6.
(LIBHOGWEED_MAJOR): Bump major number, now 5.
From Nikos Mavrogiannopoulos. Support for versioned symbols.
* aclocal.m4 (LD_VERSION_SCRIPT): New macro. Substitute
EXTRA_LINKER_FLAGS and EXTRA_HOGWEED_LINKER_FLAGS.
* configure.ac: Use LD_VERSION_SCRIPT. Generate libnettle.map
and libhogweed.map.
(HOGWEED_EXTRA_SYMBOLS): New substituted variable.
* libnettle.map.in: New file, libnettle.so linker script
* libhogweed.map.in: New file, libhogweed.so linker script.
* Makefile.in ($(LIBNETTLE_FORLINK)): Use EXTRA_LINKER_FLAGS.
($(LIBHOGWEED_FORLINK)): Use EXTRA_HOGWEED_LINKER_FLAGS.
2014-11-24 Niels Möller <nisse@lysator.liu.se>
* gcm.h (GCM_SET_KEY): Rename macro argument KEY to avoid
collision with a struct tag. Spotted by Nikos Mavrogiannopoulos.
* testsuite/eddsa-verify-test.c (test_eddsa): Fixed test case bug,
showing up as use of uninitialized data with valgrind.
2014-10-23 Niels Möller <nisse@lysator.liu.se>
* examples/nettle-benchmark.c (time_memxor): Allocate buffers as
arrays of unsigned long, for more reliable alignment.
2014-10-22 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Check for getline function.
* testsuite/ed25519-test.c (getline) [!HAVE_GETLINE]: Fallback
definition.
* Makefile.in (clean-here): Unconditionally delete .so and .dll
files.
(IMPLICIT_TARGETS): Deleted variable.
2014-10-21 Niels Möller <nisse@lysator.liu.se>
* testsuite/ed25519-test.c: New test case. Optionally reads the
file pointed to by $ED25519_SIGN_INPUT.
* testsuite/testutils.c (tstring_hex): Rewrite, using Nettle's
base16 functions.
(decode_hex, decode_hex_length): Deleted functions.
2014-10-20 Niels Möller <nisse@lysator.liu.se>
* eddsa.h (ED25519_KEY_SIZE): New constant.
(ED25519_SIGNATURE_SIZE): New constant.
(struct ed25519_private_key): New struct.
(struct ed25519_public_key): New struct.
* ed25519-sha512-sign.c (ed25519_sha512_set_private_key)
(ed25519_sha512_sign): New file and functions.
* ed25519-sha512-verify.c (ed25519_sha512_set_public_key)
(ed25519_sha512_verify): New file and functions.
* Makefile.in (hogweed_SOURCES): Added ed25519-sha512-sign.c and
ed25519-sha512-verify.c.
2014-10-18 Niels Möller <nisse@lysator.liu.se>
* eddsa-verify.c (_eddsa_verify): Change argument order, putting A
before ctx.
* eddsa.h: Updated prototype.
* testsuite/eddsa-verify-test.c (test_eddsa): Updated
_eddsa_verify calls.
2014-10-14 Niels Möller <nisse@lysator.liu.se>
* eddsa-verify.c (equal_h): New function.
(_eddsa_verify): Use it for a proper point compare, replacing an
ecc_add_ehh.
* testsuite/eddsa-verify-test.c: New testcase.
* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
eddsa-verify-test.c.
* eddsa-verify.c (_eddsa_verify, eddsa_verify_itch): New file, new
functions.
* eddsa.h: Declare new functions.
* Makefile.in (hogweed_SOURCES): Added eddsa-verify.c.
2014-10-08 Niels Möller <nisse@lysator.liu.se>
* testsuite/eddsa-sign-test.c (test_eddsa_sign): Use
_eddsa_expand_key, and check its public key output.
* eddsa-expand.c (_eddsa_expand_key): New file, new function.
* eddsa.h (_eddsa_expand_key): Declare it.
* Makefile.in (hogweed_SOURCES): Added eddsa-expand.c.
* eddsa-sign.c: Drop unneeded include of nettle-internal.h.
2014-10-04 Niels Möller <nisse@lysator.liu.se>
* testsuite/eddsa-sign-test.c: New testcase.
* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
eddsa-sign-test.c.
* eddsa-sign.c (_eddsa_sign, _eddsa_sign_itch): New file, new
functions.
* eddsa-hash.c (_eddsa_hash): New file and function.
* eddsa.h: Declare new functions.
* Makefile.in (hogweed_SOURCES): Added eddsa-hash.c and
eddsa-sign.c.
2014-10-03 Niels Möller <nisse@lysator.liu.se>
* testsuite/ecc-redc-test.c [NETTLE_USE_MINI_GMP]: Enable test.
(test_main): Replace gmp_fprintf calls.
* testsuite/ecc-mul-a-test.c: Likewise.
* testsuite/ecc-mul-g-test.c: Likewise.
* testsuite/ecc-modinv-test.c [NETTLE_USE_MINI_GMP]: Enable test.
(ref_modinv): Use mpz_gcdext, instead of mpn_gcdext.
(test_modulo): Replace gmp_fprintf calls.
* testsuite/ecc-mod-test.c [NETTLE_USE_MINI_GMP]: Enable test.
(ref_mod): Use mpz_mod and mpz_limbs_copy, instead of mpn_tdiv_qr.
(test_modulo): Replace gmp_fprintf calls by plain fprintf and
mpn_out_str.
* testsuite/testutils.c (mpn_out_str): New function, needed to
replace uses of gmp_fprintf.
* testsuite/ecc-sqrt-test.c (mpz_ui_kronecker)
[NETTLE_USE_MINI_GMP]: New fallback definition when building with
mini-gmp.
* testsuite/testutils.c (gmp_randinit_default)
[NETTLE_USE_MINI_GMP]: Likewise.
(mpz_urandomb): Likewise.
* testsuite/testutils.h (gmp_randstate_t) [NETTLE_USE_MINI_GMP]:
Fallback typedef, using knuth_lfib_ctx.
2014-10-02 Niels Möller <nisse@lysator.liu.se>
* testsuite/eddsa-compress-test.c: New testcase.
* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
eddsa-compress-test.c.
* eddsa-decompress.c (_eddsa_decompress): New file, new function.
* eddsa-compress.c (_eddsa_compress): New file, new function.
* eddsa.h: New file.
* Makefile.in (HEADERS): Added eddsa.h.
(hogweed_SOURCES): Added eddsa-compress.c and eddsa-decompress.c.
* testsuite/ecc-sqrt-test.c: New test case.
* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
ecc-sqrt-test.c.
* ecc-25519.c (PHIGH_BITS): Always define this constant.
(ecc_25519_zero_p): New function.
(ecc_25519_sqrt): Take a ratio u/v as input. Added scratch
argument. Made static.
* ecc-internal.h (ecc_mod_sqrt_func): New typedef.
(struct ecc_modulo): Added sqrt_itch and sqrt function pointer.
Updated all instances.
(ecc_25519_sqrt): Deleted declaration, function now static.
2014-09-24 Niels Möller <nisse@lysator.liu.se>
* curve25519.h [__cplusplus]: Fixed extern "C" block.
2014-09-23 Niels Möller <nisse@lysator.liu.se>
* ecc-hash.c (ecc_hash): Changed argument type from struct
ecc_curve to struct ecc_modulo. Updated callers.
* testsuite/ecdsa-sign-test.c (test_main): Updated curve25519
signature s. Changed since the hash value is truncated a few bits
more, to match the size of q.
* testsuite/ecdsa-verify-test.c (test_main): Likewise.
* testsuite/ecc-modinv-test.c (zero_p): New function, checking for
zero modulo p.
(test_modulo): Use zero_p. Switch to dynamic allocation. Updated
for larger modinv result area, and use invert_itch.
* ecc-25519.c (ecc_mod_pow_2kp1): Renamed, and take a struct
ecc_modulo * as argument.
(ecc_modp_powm_2kp1): ... old name.
(ecc_mod_pow_252m3): New function, extracted from ecc_25519_sqrt.
(ecc_25519_inv): New modp invert function, about 5.5 times faster
then ecc_mod_inv.
(ecc_25519_sqrt): Use ecc_mod_pow_252m3.
(nettle_curve25519): Point to ecc_25519_inv. Updated p.invert_itch
and h_to_a_itch.
* ecc-internal.h (struct ecc_modulo): New field invert_itch.
Updated all implementations.
(ECC_EH_TO_A_ITCH): Updated, and take invert itch as an argument.
* ecc-eh-to-a.c (ecc_eh_to_a_itch): Take invert scratch into account.
* testsuite/testutils.c (test_ecc_mul_h): Use ecc->h_to_a_itch.
* ecc-mod-inv.c (ecc_mod_inv): Interface change, make ap input
const, and require 2n limbs at rp. Preparing for powm-based
alternative implementations. Drop #if:ed out code and dp
temporary. Updated all callers, more complicated cases described
below.
* ecc-internal.h (typedef ecc_mod_inv_func): Added const to input
argument.
(ECC_MOD_INV_ITCH): Renamed, was ECC_MODINV_ITCH, and reduced to
2*n.
* ecc-ecdsa-verify.c (ecc_ecdsa_verify): Overhauled allocation,
putting mod_inv scratch at the end.
2014-09-22 Niels Möller <nisse@lysator.liu.se>
* ecc-random.c (ecc_mod_random): Renamed, and take a const struct
ecc_modulo * as argument. Updated callers.
(ecc_modq_random): ... old name.
* ecc-mod-arith.c: New file, replacing ecc-modp.c and ecc-modq.c.
All functions take a struct ecc_modulo as argument.
(ecc_mod_add, ecc_mod_sub, ecc_mod_mul_1, ecc_mod_addmul_1)
(ecc_mod_submul_1, ecc_mod_mul, ecc_mod_sqr): New functions,
replacing the corresponding ecc_modp_* functions. For convenience,
old names are defined as macros wrapping the new functions.
* ecc-modp.c: Deleted file.
* ecc-modq.c: Deleted file.
* Makefile.in (hogweed_SOURCES): Updated accordingly.
* testsuite/ecc-redc-test.c (test_main): Relaxed tests for which
tests to run.
* testsuite/ecc-modinv-test.c (test_modulo): New function, same
organization as in ecc-mod-test.c below.
* testsuite/ecc-mod-test.c (test_modulo): New function, testing
one modulo. Replacing...
(test_curve): ... old function.
(test_main): Invoke test_modulo for p and q of each curve.
* ecc-internal.h (ecc_mod_inv_func): New typedef.
(struct ecc_modulo): Added mp1h constant and invert function
pointer. Updated all callers.
* ecc-modp.c (ecc_modp_inv): Deleted wrapper function.
* ecc-modq.c (ecc_modq_inv): Deleted wrapper function.
* ecc-mod-inv.c (ecc_mod_inv): Renamed file and function. Also
take a struct ecc_modulo * as argument.
* sec-modinv.c (sec_modinv): ... the old names. Deleted.
* Makefile.in (hogweed_SOURCES): Updated accordingly.
* examples/ecc-benchmark.c (bench_modinv_powm, bench_curve):
Updated benchmarking of mpn_sec_powm.
* ecc-internal.h (struct ecc_curve): Deleted redc function
pointer. Use only reduce pointer, which is redc or modp as
applicable. Updated all users.
(struct ecc_modulo): Moved mod and reduce function pointers to
this struct.
* ecc-generic-modp.c (ecc_generic_modp): Deleted file and
function. We no longer need a wrapper around ecc_mod.
* ecc-generic-modq.c (ecc_generic_modq): Likewise deleted.
* Makefile.in (hogweed_SOURCES): Removed ecc-generic-modp.c and
ecc-generic-modq.c.
* ecc-internal.h (typedef ecc_mod_func): Take a const struct
ecc_modulo * argument, not const struct ecc_curve *. Updated all
implementations and all callers.
* ecc-mod.c (ecc_mod): Use struct ecc_modulo to specify the
modulo. Drop input size argument, always reduce from 2*size to
size.
* ecc-internal.h (struct ecc_modulo): New struct, collecting
constants needed for modulo arithmetic.
(struct ecc_curve): Use struct ecc_modulo for p and q arithmetic.
Updated all ecc-related files.
2014-09-17 Niels Möller <nisse@lysator.liu.se>
* gmp-glue.c (mpn_get_base256_le): Fixed missing update of rn
counter, making the function clear some bytes beyond the end of
the output buffer. The bug triggered a make check failure on ARM.
* testsuite/testutils.c (ecc_curves): Include curve25519 in list.
(test_ecc_mul_a): Include reference points for curve25519 (with
Edwards coordinates). Allow n == 0 and n == 1, comparing to zero
and the generator, respectively.
* testsuite/ecc-add-test.c (point_zero_p): Deleted function.
(test_main): Replace calls to point_zero_p by calls to
test_ecc_mul_h with n == 0.
* testsuite/ecc-dup-test.c: Likewise.
* testsuite/ecc-modinv-test.c (mpn_zero_p): Moved function, to...
* testsuite/testutils.c (mpn_zero_p): New location. Also make
non-static.
* testsuite/ecdsa-keygen-test.c (ecc_valid_p): Add special case
for curve25519.
* testsuite/ecc-mul-a-test.c (test_main): Fix point negation to
support curve25519.
* testsuite/ecc-mul-g-test.c (test_main): Likewise.
* ecc-a-to-eh.c (ecc_a_to_eh_itch, ecc_a_to_eh): Deleted file and
functions.
* ecc.h: Deleted corresponding declarations.
* ecc-internal.h (ECC_A_TO_EH_ITCH): Deleted macro.
* Makefile.in (hogweed_SOURCES): Removed ecc-a-to-eh.c.
* testsuite/ecdh-test.c (test_main): Update curve25519 test to use
Edwards coordinates.
* testsuite/ecdsa-sign-test.c (test_main): Likewise.
* testsuite/ecdsa-verify-test.c (test_main): Likewise.
* ecc-point.c (ecc_point_set): Use Edwards rather than Montgomery
curve.
* ecc-mul-a-eh.c (ecc_mul_a_eh, table_init): Take an Edwards point
as input, not a Montgomery point. Hence, use ecc_a_to_j, not
ecc_a_to_eh.
* ecc-eh-to-a.c (ecc_eh_to_a): Just convert to affine coordinates,
don't transform from Edwards to Montgomery form. Also reduces
scratch need slightly.
* ecc-internal.h (ECC_EH_TO_A_ITCH): Reduced.
* ecdsa-keygen.c (ecdsa_generate_keypair): Use struct ecc_curve
function pointers.
* testsuite/curve25519-dup-test.c: Deleted file. In the way for
conversion to Edwards coordinate convention, and in the end
the tests will be done by ecc-dup-test.c.
* testsuite/curve25519-add-test.c: Similarly deleted.
* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Removed
curve25519-dup-test.c and curve25519-add-test.c.
2014-09-16 Niels Möller <nisse@lysator.liu.se>
* testsuite/ecc-add-test.c: New generalized testcase, to replace
curve25519-add-test.c.
* testsuite/ecc-dup-test.c: New generalized testcase, to replace
curve25519-dup-test.c.
* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added ecc-add-test.c
and ecc-dup-test.c.
2014-09-14 Niels Möller <nisse@lysator.liu.se>
* testsuite/ecc-mul-a-test.c (test_main): Use struct ecc_curve
function pointers.
* testsuite/ecc-mul-g-test.c (test_main): Likewise.
2014-09-09 Niels Möller <nisse@lysator.liu.se>
* curve25519-mul.c (curve25519_mul): Switch to use Montgomery
ladder. About 20% faster than current Edwards curve operations.
Difference is expected to shrink when Edwards operations are
optimized to take advantage of the twist, but it seems unlikely to
get significantly faster than the Montgomery ladder.
* gmp-glue.c (cnd_swap): Moved function here, made non-static.
Changed cnd type to mp_limb_t, for consistency with GMP
mpn_cnd_add_n.
* sec-modinv.c (cnd_swap): ... old location.
* gmp-glue.h (cnd_swap): Declare function.
2014-09-06 Niels Möller <nisse@lysator.liu.se>
* examples/hogweed-benchmark.c (bench_curve25519_mul_g)
(bench_curve25519_mul, bench_curve25519): New functions.
(main): Added benchmarking of curve25519 functions.
2014-09-03 Niels Möller <nisse@lysator.liu.se>
* Makefile.in: Revert 2013-02-06 Makefile changes: use a single
rule for transforming .asm to .o, and drop include of asm.d.
Possible now since we generate a single object file from each asm
file. This change also helps Solaris' make recognize .asm files.
* config.make.in (.SUFFIXES): Drop .s from list.
* configure.ac: Delete code to generate asm.d.
* Makefile.in: Delete all uses of *.po files, use the same object
files for both shared and static libraries.
* configure.ac (dummy-dep-files): Don't create any .po.d files.
* aclocal.m4 (LSH_CCPIC): Don't substitute CCPIC here, let
configure.ac do that if needed.
* configure.ac (CCPIC_MAYBE, SHLIBCFLAGS): Deleted substituted
variables. Instead, use CCPIC directly when compiling all library
files.
(CCPIC): Set to empty, if --disable-pic is used.
* config.make.in (SHLIBCFLAGS, CCPIC_MAYBE): Deleted.
(COMPILE, COMPILE_CXX): Drop CCPIC. New variable EXTRA_CFLAGS,
which can be set by individual Makefiles.
* Makefile.in (EXTRA_CFLAGS): Set using CCPIC.
Also delete all uses of CCPIC_MAYBE and SHLIBCFLAGS.
2014-09-02 Niels Möller <nisse@lysator.liu.se>
* curve25519-eh-to-x.c (curve25519_eh_to_x): New file, new
function. The curve25519 transform currently done by ecc_eh_to_a,
but which should eventually be eliminted from that function.
* Makefile.in (hogweed_SOURCES): Added curve25519-eh-to-x.c.
* ecc-internal.h (curve25519_eh_to_x): Declare it.
* curve25519-mul.c (curve25519_mul): Use it.
* curve25519-mul-g.c (curve25519_mul_g): Likewise. Also introduce
local variable ecc, and use ecc->mul_g_itch.
2014-08-29 Niels Möller <nisse@lysator.liu.se>
* testsuite/testutils.c (test_ecc_mul_j): Renamed, to ...
(test_ecc_mul_h): ... new name. Use ecc->h_to_a function pointer.
Updated callers.
* examples/ecc-benchmark.c (bench_add_jjj): Renamed, to ...
(bench_add_hhh): ... new name. Use ecc->add_hhh function pointer.
(bench_add_ehh): Deleted.
(bench_curve): Use bench_add_hhh for all curves. Use ecc->mul_itch
for scratch size.
Switch the curve25519 implementation to use the isomorphism to the
twisted Edwards curve which is used for Ed25519 signatures.
* eccdata.c (ecc_curve_init): Tweaked the transformation constant
for the isomorphism between curve25519 and the twisted Edwards
curve.
* ecc-add-ehh.c (ecc_add_ehh): Updated formulas for the twist curve.
* ecc-add-eh.c (ecc_add_eh): Likewise.
* ecc-dup-eh.c (ecc_dup_eh): Likewise.
2014-08-28 Niels Möller <nisse@lysator.liu.se>
* ecdsa-verify.c (ecdsa_verify): Drop include of ecc-internal.h,
use ecc_size function instead.
* ecc-ecdsa-verify.c (ecc_ecdsa_verify): Use the struct ecc_curve
function pointers: mul, mul_g, add_hhh, h_to_a.
* ecc-internal.h (ECC_ECDSA_VERIFY_ITCH): Deleted macro. Needed
scratch depends on curve type, not just size.
(ecc_add_func): New typedef.
(struct ecc_curve): New function pointer add_hhh, and constant
add_hhh_itch. Updated all instances.
* ecdsa-verify.c (ecdsa_verify): Use the ecc_ecdsa_verify_itch
function, not the corresponding macro.
* ecc-ecdsa-verify.c (ecc_ecdsa_verify_itch): Take ecc->mul_itch
into account. Also reduce to 5*ecc->size + ecc->mul_itch.
* testsuite/ecdsa-sign-test.c (test_main): Added test for the
obscure case of ecdsa using curve25519.
* testsuite/ecdsa-verify-test.c (test_main): Likewise (depends on
above changes).
* ecc-ecdsa-sign.c (ecc_ecdsa_sign): Use mul_g and h_to_a function
pointers. Implies (obscure) support for curve25519.
* ecc-25519.c (ecc_25519_modq): Access q via the ecc struct.
* ecc-eh-to-a.c (ecc_eh_to_a): Analogous change as for ecc_j_to_a.
The modulo q case (op == 2) is hardcoded for curve25519.
* ecc-j-to-a.c (ecc_j_to_a): For curves using redc, always convert
back from redc form. When producing x coordinate only, optionally
reduce it modulo q. Completely changes the meaning of the "flags"
argument, and renames it to "op". Update all users of this
function or ecc->h_to_a.
* ecc-ecdsa-sign.c (ecc_ecdsa_sign): Use new ecc_j_to_a modulo q
feature.
* ecc-ecdsa-verify.c (ecc_ecdsa_verify): Likewise.
* testsuite/symbols-test: Regexp fixes, to better filter out
get_pc_thunk functions.
* ecc-generic-redc.c (ecc_generic_redc): Deleted file and
function. Split into...
* ecc-pp1-redc.c (ecc_pp1_redc): New file and function.
* ecc-pm1-redc.c (ecc_pm1_redc): New file and function.
* ecc-internal.h: Updated declarations.
* Makefile.in (hogweed_SOURCES): Replace ecc-generic-redc.c by
ecc-pp1-redc.c and ecc-pm1-redc.c.
* ecc-192.c: Use ecc_pp1_redc (benchmarking only).
* ecc-224.c: Use ecc_pm1_redc when applicable.
* ecc-256.c: Use ecc_pp1_redc when applicable.
* ecc-384.c: Use ecc_pp1_redc (benchmarking only).
* ecc-521.c: Use ecc_pp1_redc (benchmarking only).
* testsuite/ecc-redc-test.c (test_main): Replace use of
ecc_generic_redc by ecc_pp1_redc and ecc_pm1_redc.
* eccdata.c (output_curve): Don't output ecc_redc_g.
* ecc-internal.h (struct ecc_curve): Deleted unused field redc_g.
Updated all instances.
2014-08-27 Niels Möller <nisse@lysator.liu.se>
* ecc-modq.c (ecc_modq_inv): Use q_bit_size.
* ecc-internal.h (struct ecc_curve): New field q_bit_size. Updated
all instances.
* configure.ac: Bumped package version number to 3.1.
(LIBHOGWEED_MAJOR): Bumped library version to 4.0.
Merged curve25519 changes (starting at 2014-07-04).
* Makefile.in (clean-here): Added ecc-25519.h.
2014-08-26 Niels Möller <nisse@lysator.liu.se>
* examples/ecc-benchmark.c (bench_mul_g, bench_mul_a): Use struct
ecc_curve function pointers.
(bench_mul_g_eh, bench_mul_a_eh): Deleted.
(bench_curve): Make modq benchmark unconditional. Use bench_mul_g
and bench_mul_a also for curve25519.
* testsuite/ecc-mod-test.c (test_curve): Make modq test
unconditional, partially reverting 2014-07-04 change.
* ecc-25519.c (ecc_25519_modq): New function.
* eccdata.c (output_curve): Precomputation for curve25519 mod q.
* mini-gmp.c (mpz_abs_sub_bit): Do full normalization, needed in
case the most significant bit is cleared.
2014-08-25 Niels Möller <nisse@lysator.liu.se>
* testsuite/ecdh-test.c (set_point): Check return value of
ecc_point_set.
(test_main): Enable curve25519 test.
* ecc-point-mul-g.c (ecc_point_mul_g): Use ecc->mul_g and
ecc->h_to_a function pointers.
* ecc-point-mul.c (ecc_point_mul): Use the ecc->mul and
ecc->h_to_a function pointers.
* ecc-internal.h (ecc_mul_g_func, ecc_mul_func, ecc_h_to_a_func):
New typedefs.
(struct ecc_curve): New function pointers mul, mul_g, h_to_a, and
constans for their scratch requirements. Updated all instances.
* ecc-point.c (ecc_point_set): Handle curve25519 as a special
case, when checking if the point is on the curve.
2014-08-24 Niels Möller <nisse@lysator.liu.se>
* testsuite/ecdh-test.c: Test ecc_point_mul and ecc_point_mul_g,
using test data generated by ecc-ref.gp. Tests for all curves
except curve25519, which doesn't yet work with the general
ecc_point interface.
* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added ecdh-test.c.
* misc/ecc-ref.gp: Script to generate ECDH test data.
2014-08-23 Niels Möller <nisse@lysator.liu.se>
* ecc-a-to-j.c (ecc_a_to_j): Deleted INITIAL argument.
* ecc.h (ecc_a_to_j): Updated prototype.
* ecc-mul-a.c (ecc_mul_a, table_init): Updated calls to ecc_a_to_j.
* ecc-mul-a.c (ecc_mul_a): Deleted INITIAL argument, all callers,
except the tests, pass 1. Updated all callers.
(table_init): Likewise deleted INITIAL.
* ecc.h (ecc_mul_a): Updated prototype.
* testsuite/ecc-mul-a-test.c (test_main): Deleted tests for
ecc_mul_a with INITIAL == 0.
* ecc-internal.h (struct ecc_curve): Reordered struct, moved
function pointers before pointers to bignum constants.
* sec-modinv.c (sec_modinv): Document that for a == 0 (mod m), we
should produce the "inverse" 0.
* testsuite/ecc-modinv-test.c (test_main): Check that ecc_modp_inv
produces 0 if a == 0 or a == p.
2014-08-22 Niels Möller <nisse@lysator.liu.se>
* x86_64/ecc-25519-modp.asm: New file. Assembly implementation,
initial version yields 30% speedup of ecc_25519_modp. Early
folding eliminates one pass of carry propagation, and yields
almost 20% additional speedup.
* ecc-25519.c [HAVE_NATIVE_ecc_25519_modp]: Use assembly version
if available.
* configure.ac (asm_hogweed_optional_list): Added ecc-25519-modp.asm.
Also add HAVE_NATIVE_ecc_25519_modp to config.h.in.
2014-08-19 Niels Möller <nisse@lysator.liu.se>
* examples/ecc-benchmark.c (bench_curve): Support benchmarking of
curve25519, for now handled as a special case.
(curves): Added nettle_curve25519.
(bench_dup_eh, bench_add_eh, bench_add_ehh, bench_mul_g_eh): New
functions.
2014-08-18 Niels Möller <nisse@lysator.liu.se>
* testsuite/curve25519-dh-test.c (test_a): Use curve25519_mul.
(test_main): Use little-endian inputs for test_a.
(curve25519_sqrt, curve_25519): Deleted static helper functions,
no longer needed.
* curve25519-mul.c (curve25519_mul): New file and function.
* curve25519.h (curve25519_mul): Declare it.
* Makefile.in (hogweed_SOURCES): Added curve25519-mul.c.
* curve25519-mul-g.c (curve25519_mul_g): Renamed file and
function, updated callers.
* curve25519-base.c (curve25519_base): ... old names.
* Makefile.in (hogweed_SOURCES): Updated for rename.
* eccdata.c (output_curve): Compute constants needed for
Shanks-Tonelli.
* ecc-25519.c (ecc_modp_powm_2kp1, ecc_25519_sqrt): New functions.
* ecc-internal.h (ecc_25519_sqrt): Declare it.
2014-08-06 Niels Möller <nisse@lysator.liu.se>
* testsuite/curve25519-dh-test.c (test_g): Use curve25519_base.
(test_main): Use little-endian inputs for test_g.
* curve25519-base.c (curve25519_base): New file, new function.
Analogous to NaCl's crypto_scalarmult_base.
* curve25519.h: New file.
* Makefile.in (hogweed_SOURCES): Added curve25519-base.c.
(HEADERS): Added curve25519.h.
* gmp-glue.c (mpn_set_base256_le, mpn_get_base256_le): New functions.
* gmp-glue.h: Declare them.
2014-08-02 Niels Möller <nisse@lysator.liu.se>
* testsuite/curve25519-dh-test.c (curve25519_sqrt): Fixed memory
leak, a mpz_clear call was missing.
* ecc-internal.h (ECC_MUL_A_EH_WBITS): Set to 4, to enable
window-based scalar multiplication.
* ecc-mul-a-eh.c (table_init) [ECC_MUL_A_EH_WBITS > 0]: Fixed
initialization of TABLE(1).
2014-07-29 Niels Möller <nisse@lysator.liu.se>
* ecc-internal.h (ECC_MUL_A_EH_WBITS): New constant.
(ECC_A_TO_EH_ITCH, ECC_MUL_A_EH_ITCH): New macros.
* ecc-a-to-eh.c (ecc_a_to_eh, ecc_a_to_eh_itch): New file, new
functions.
* ecc-mul-a-eh.c: New file.
(ecc_mul_a_eh): New function. The case [ECC_MUL_A_EH_WBITS > 0]
not yet working).
(ecc_mul_a_eh_itch): New function.
* ecc.h: Declare new functions.
* Makefile.in (hogweed_SOURCES): Added ecc-a-to-eh.c and
ecc-mul-a-eh.c.
* testsuite/curve25519-dh-test.c (curve25519_sqrt): New function.
(curve_25519): Use ecc_mul_a_eh.
(test_a): New function.
(test_main): Test construction of shared secret, using scalar
multiplication with points other than the fix generator.
2014-07-26 Niels Möller <nisse@lysator.liu.se>
* ecc-add-ehh.c (ecc_add_ehh): Reduce scratch need.
* ecc-internal.h (ECC_ADD_EHH_ITCH): Reduced to 7*size.
2014-07-23 Niels Möller <nisse@lysator.liu.se>
* testsuite/curve25519-dh-test.c: New test case, based on
draft-josefsson-tls-curve25519-05 test vectors.
* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added curve25519-dh-test.c.
2014-07-18 Niels Möller <nisse@lysator.liu.se>
* ecc-mul-g-eh.c (ecc_mul_g_eh, ecc_mul_g_eh_itch): New file and
functions. Untested.
* ecc.h (ecc_mul_g_eh_itch): Declare new functions.
* ecc-internal.h (ECC_MUL_G_EH_ITCH): New macro.
* Makefile.in (hogweed_SOURCES): Added ecc-mul-g-eh.c.
2014-07-17 Niels Möller <nisse@lysator.liu.se>
* ecc-add-eh.c (ecc_add_eh): Reduce scratch need.
* ecc-internal.h (ECC_ADD_EH_ITCH): Reduced to 6*size.
* testsuite/curve25519-dup-test.c (test_main): Free allocated
storage.
2014-07-15 Niels Möller <nisse@lysator.liu.se>
* ecc-add-eh.c (ecc_add_eh, ecc_add_eh_itch): New file, new
functions.
* ecc.h: Declare new functions.
* ecc-internal.h (ECC_ADD_EH_ITCH): New macro.
* Makefile.in (hogweed_SOURCES): Added ecc-add-eh.c.
* testsuite/curve25519-add-test.c (test_main): Test ecc_add_eh.
Additional test for g2+g2. Free allocated storage.
2014-07-14 Niels Möller <nisse@lysator.liu.se>
* testsuite/curve25519-add-test.c: New test case.
* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
curve25519-add-test.c.
* ecc-add-ehh.c (ecc_add_ehh, ecc_add_ehh_itch): New file, new
functions.
* ecc.h (ecc_add_ehh, ecc_add_ehh_itch): Declare them.
* ecc-internal.h (ECC_ADD_EHH_ITCH): New macro.
* Makefile.in (hogweed_SOURCES): Added ecc-add-ehh.c.
* ecc-25519.c (nettle_curve25519): Use ecc_d instead of ecc_b.
* eccdata.c: For curve25519, output the Edwards curve constant,
ecc_d = (121665/121666) mod p.
* testsuite/curve25519-dup-test.c (test_main): Add test for 4g.
Delete some left-over debug output.
2014-07-11 Niels Möller <nisse@lysator.liu.se>
* misc/ecc-formulas.tex: Some ECC notes.
* testsuite/curve25519-dup-test.c: New testcase.
* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
curve25519-dup-test.c.
* testsuite/testutils.c (test_ecc_point): Made non-static.
* testsuite/testutils.h (struct ecc_ref_point): Moved here, from
testutils.h.
(test_ecc_point): Declare it.
* ecc-dup-eh.c (ecc_dup_eh, ecc_dup_eh_itch): New file, new functions.
* ecc-eh-to-a.c (ecc_eh_to_a, ecc_eh_to_a_itch): New file, new
functions.
* ecc.h: Declare new functions.
* ecc-internal.h (ECC_EH_TO_A_ITCH, ECC_DUP_EH_ITCH): New macros.
* Makefile.in (hogweed_SOURCES): Added ecc-dup-eh.c and
ecc-eh-to-a.c.
* ecc-internal.h (struct ecc_curve): New constant edwards_root.
* ecc-192.c (nettle_secp_192r1): Updated accordingly, additional
NULL pointer.
* ecc-224.c (nettle_secp_224r1): Likewise.
* ecc-256.c (nettle_secp_256r1): Likewise.
* ecc-384.c (nettle_secp_384r1): Likewise.
* ecc-521.c (nettle_secp_521r1): Likewise.
* ecc-25519.c (nettle_curve25519): Initialize new constant.
* eccdata.c (ecc_curve_init): For curve 25519, use correct
constant for edwards coordinate transform, and output the constant
as ecc_edwards.
2014-07-06 Niels Möller <nisse@lysator.liu.se>
* eccdata.c: Use separate is_zero flag to represent the neutral
element.
(output_point, output_point_redc): Unified to a single function,
with a use_redc flag argument. Also support conversion to Edwards
form.
(ecc_curve_init_str): New argument for Edwards curve conversion
constant.
2014-07-04 Niels Möller <nisse@lysator.liu.se>
Started curve25519 branch.
* ecc-25519.c: New file.
(ecc_25519_modp): New function.
(nettle_curve25519): New curve.
* ecc-curve.h (nettle_curve25519): Declare it.
* Makefile.in (hogweed_SOURCES): Added ecc-25519.c.
(ecc-25519.h): New generated file. Add as explicit dependency for
ecc-25519.o.
* testsuite/ecc-mod-test.c (test_curve): New function, extracted
from test_main. Tolerate NULL modq function pointer.
(test_main): Use test_curve, iterate over supported curves, and
also test curve_25519 for the new modp function.
2014-08-23 Niels Möller <nisse@lysator.liu.se>
* ecc-modp.c (ecc_modp_sub_1): Deleted unused function.
* ecc-internal.h: Deleted corresponding declaration.
* examples/nettle-benchmark.c (time_cipher): Fixed memset calls,
amending the totally broken change from 2014-02-06.
2014-07-02 Niels Möller <nisse@lysator.liu.se>
* eccdata.c (ecc_dup): Use mpz_submul_ui, now available in
mini-gmp.
(ecc_type): New enum, for Weierstrass and Montgomery curves
(ecc_curve): New field type.
(ecc_dup): Support montgomery curves.
(ecc_add): Likewise.
(ecc_curve_init_str): New argument, for the curve type.
(ecc_curve_init): Pass curve type to all ecc_curve_init_str calls.
Recognize curve25519, for bit_size 255.
(output_modulo): Deleted assert, which isn't true for curve25519.
2014-06-30 Niels Möller <nisse@lysator.liu.se>
* camellia-absorb.c: Include <limits.h>, needed for correct use of
HAVE_NATIVE_64_BIT. Reported and debugged by Magnus Holmgren.
Fixes debian build failure on s390x.
2014-06-26 Niels Möller <nisse@lysator.liu.se>
From Martin Storsjö:
* configure.ac (IF_NOT_SHARED): New substituted variable.
* hogweed.pc.in: Use @LIBS@, instead of hardcoding -lgmp. When
shared libraries are disabled, move needed libraries from
Requires.private: to Requires: and from Libs.private: to Libs:.
From Nikos Mavrogiannopoulos.
* examples/hogweed-benchmark.c (bench_alg): Tolerate alg->init
returning NULL.
(bench_openssl_ecdsa_init): Return NULL if
EC_KEY_new_by_curve_name fails, indicating the curve is not
supported.
2014-06-25 Niels Möller <nisse@lysator.liu.se>
Support for building with mini-gmp instead of the real GMP. Loosely
based on work by Nikos Mavrogiannopoulos.
* configure.ac: New command line option --enable-mini-gmp. Also
disable all libgmp-related checks when enabled.
(NETTLE_USE_MINI_GMP): New substituted variable.
(LIBHOGWEED_LIBS): Use $(LIBS) instead of -lgmp.
(IF_MINI_GMP): New Makefile conditional.
(GMP_NUMB_BITS): Alternative test for the mini-gmp case.
Substituted also in bignum.h.
(HAVE_MPZ_POWM_SEC): Drop this unused check.
* bignum.h: Renamed, to...
* bignum.h.in: New name.
(NETTLE_USE_MINI_GMP): Substituted by configure.
(GMP_NUMB_BITS): Substituted by configure, for the mini-gmp case.
* Makefile.in (OPT_HOGWEED_SOURCES): New variable, value
conditional on @IF_MINI_GMP@.
(hogweed_SOURCES): Add $(OPT_HOGWEED_SOURCES).
(PRE_CPPFLAGS): Add -I$(srcdir).
(HEADERS): Delete bignum.h.
(INSTALL_HEADERS): Add bignum.h. Also add mini-gmp.h, if mini-gmp
is enabled.
(DISTFILES): Added bignum.h.in.
(bignum.h): New target.
(distclean-here): Delete bignum.h.
* examples/ecc-benchmark.c (modinv_gcd) [NETTLE_USE_MINI_GMP]:
Disable this benchmark.
(mpn_random) [NETTLE_USE_MINI_GMP]: Provide a simple implementation.
* testsuite/ecc-mod-test.c [NETTLE_USE_MINI_GMP]: Skip test, it
depends on gmp_randstate_t.
* testsuite/ecc-modinv-test.c [NETTLE_USE_MINI_GMP]: Likewise.
* testsuite/ecc-mul-a-test.c [NETTLE_USE_MINI_GMP]: Likewise.
* testsuite/ecc-mul-g-test.c [NETTLE_USE_MINI_GMP]: Likewise.
* testsuite/ecc-redc-test.c [NETTLE_USE_MINI_GMP]: Likewise.
Various preparations for mini-gmp support.
* testsuite/bignum-test.c: Use WITH_HOGWEED instead of HAVE_LIBGMP
for preprocessor conditionals.
* testsuite/testutils.h: Likewise.
* testsuite/sexp-format-test.c: Likewise.
* testsuite/ecdsa-keygen-test.c (test_main): Use printf,
mpz_out_str and write_mpn instead of gmp_fprintf.
* testsuite/ecdsa-sign-test.c (test_ecdsa): Likewise.
* testsuite/ecdsa-verify-test.c (test_ecdsa): Likewise.
* dsa.h: Include bignum.h instead of gmp.h.
* ecc-internal.h: Likewise.
* ecc.h: Likewise.
* gmp-glue.h: Likewise.
* pkcs1.h: Likewise.
* rsa.h: Likewise.
* testsuite/testutils.c (die): Use plain vfprintf, not
gmp_vfprintf.
(write_mpn): New function.
(test_ecc_point): Use it, replacing gmp_fprintf.
* testsuite/testutils.h (write_mpn): Declare it.
* der-iterator.c: Deleted HAVE_LIBGMP conditionals.
2014-06-07 Niels Möller <nisse@lysator.liu.se>
* Released nettle-3.0.
2014-06-04 Niels Möller <nisse@lysator.liu.se>
* NEWS: List des-compat.h as a candidate for removal in the next
release.
* testsuite/des-compat-test.c (test_main): Fixed out of bounds
memory read, reported by Nikos Mavrogiannopoulos.
* nettle-write.h: Include <stddef.h>, fixing compilation on
freebsd.
* aclocal.m4 (ac_stdint): Fixed "unsinged" typo, spotted by Andy
Goth.
2014-06-01 Niels Möller <nisse@lysator.liu.se>
* x86_64/gcm-hash8.asm: Pass correct argument count to W64_EXIT.
* x86_64/camellia-crypt-internal.asm: Pass correct argument count
to W64_ENTRY and W64_EXIT.
* x86_64/machine.m4 [W64_ABI]: Fix for the case of 6 function
arguments. Also push %rdi unconditionally, and use aligned
accesses for save and restore %xmm registers (movdqa).
2014-05-31 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Check for COFF type directives.
(ASM_COFF_STYLE): New substituted variable.
* config.m4.in: Set COFF_STYLE from configure.
* asm.m4 (PROLOGUE): Use COFF type directive, if enabled by
configure. Fixes problem with windows dll linking.
* asm.m4: Deleted unused offsets for struct aes_ctx.
2014-05-28 Niels Möller <nisse@lysator.liu.se>
* testsuite/nettle-pbkdf2-test: Delete carriage return characters
from output.
* configure.ac (LIBHOGWEED_LIBS): Be explicit and link
libhogweed.so with libnettle.so, not -lnettle.
(LIBHOGWEED_LINK): Drop -L. flag, no longer needed, and previously
not at the correct position in the link command line.
2014-05-27 Niels Möller <nisse@lysator.liu.se>
* examples/ecc-benchmark.c: If mpn_sec_powm is available,
benchmark it, for modinv.
(bench_modinv_powm): New function.
(bench_curve): Use it.
2014-05-22 Niels Möller <nisse@lysator.liu.se>
From Claudio Bley:
* Makefile.in ($(des_headers)): Use the EXEEXT_FOR_BUILD.
2014-05-15 Niels Möller <nisse@lysator.liu.se>
* NEWS: Updated with library version numbers.
* configure.ac (dummy-dep-files): Use simpler and more portable
sed expression. Problem reported by Peter Eriksson.
(LIBHOGWEED_MAJOR): Bumped shared library version to 3.0.
(LIBHOGWEED_MINOR): Reset to zero. Also increased the package
version number to 3.0.
* getopt.c: Don't use gettext.
2014-05-14 Niels Möller <nisse@lysator.liu.se>
* testsuite/nettle-pbkdf2-test: Avoid the bash construction
${#foo}.
* getopt.c: Copied from glibc tree, tag glibc-2.19.
* getopt.h: Likewise.
* getopt1.c: Likewise.
* getopt_int.h: New file, also copied from glibc.
* Makefile.in (DISTFILES): Added getopt_int.h.
2014-05-09 Niels Möller <nisse@lysator.liu.se>
* mini-gmp.c: Updated, use version from gmp-6.0.0.
* mini-gmp.h: Likewise.
* testsuite/Makefile.in (all): Drop dependency on $(TARGETS), to
delay building of test programs until make check.
2014-05-08 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo (nettle_aead abstraction): Document nettle_aead.
* Makefile.in (nettle_SOURCES): Added nettle-meta-aeads.c.
* nettle-meta.h (nettle_aeads): Declare array.
* nettle-meta-aeads.c (nettle_aeads): New file, new array.
* testsuite/meta-aead-test.c: New test case.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
meta-aead-test.c.
* aclocal.m4 (GMP_PROG_CC_FOR_BUILD): If CC_FOR_BUILD is gcc, add
-O option. This makes eccdata twice as fast.
2014-05-06 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo: Document SHA3 and ChaCha-Poly1305 as
experimental.
2014-05-05 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo (POLY1305): Document poly1305-aes.
(Authenticated encryption): Move AEAD algorithms to their own
section.
(RSA, DSA, ECDSA): Change some subsections to subsubsections.
(ChaCha-Poly1305): Document ChaCha-Poly1305.
2014-05-04 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo (DSA): Document new DSA interface.
(Salsa20): Update salsa20 docs.
(ChaCha): Document ChaCha.
2014-05-03 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Check for SIZEOF_SIZE_T.
* ccm.c (ccm_set_nonce): Skip code for 64-bit encoding when size_t
is only 32 bits.
* nettle.texinfo (CCM): Document new ccm macros and constants.
Describe ccm restrictions.
* ccm.h (CCM_DIGEST_SIZE): New constant.
2014-04-30 Niels Möller <nisse@lysator.liu.se>
* ccm.c (CCM_IV_MAX_SIZE, CCM_IV_MIN_SIZE): Deleted, replaced by
public constants CCM_MIN_NONCE_SIZE and CCM_MAX_NONCE_SIZE.
(ccm_build_iv): Updated for above rename.
(CCM_L_MAX_SIZE): Deleted, no longer used.
* ccm.h (CCM_MIN_NONCE_SIZE, CCM_MAX_NONCE_SIZE): New constants.
(CCM_MAX_MSG_SIZE): New macro.
2014-04-27 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo (Cipher modes): Subsection on AEAD constructions.
(GCM): Update GCM documentation, including functions for
gcm_aes128, gcm_camellia128, ...
2014-04-26 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo: Update for introduction of nettle_cipher_func.
(GCM): Document GCM_DIGEST_SIZE.
(UMAC): Document new UMAC constants.
(Keyed hash functions): Make HMAC and UMAC their own info nodes.
(EAX): Document EAX.
* umac.h (UMAC_MIN_NONCE_SIZE, UMAC_MAX_NONCE_SIZE): New
constants.
2014-04-25 Niels Möller <nisse@lysator.liu.se>
* All hash-related files: Renamed all _DATA_SIZE constants to
_BLOCK_SIZE, for consistency. Old names kept for backwards
compatibility.
* nettle.texinfo (CCM): Documentation for CCM mode, contributed by
Owen Kirby.
* testsuite/ccm-test.c (test_cipher_ccm): And tests.
* ccm.c (ccm_decrypt_message): Change length argument, should now
be clear text (dst) length.
* ccm-aes128.c (ccm_aes128_decrypt_message): Likewise.
* ccm-aes192.c (ccm_aes192_decrypt_message): Likewise.
* ccm-aes256.c (ccm_aes256_decrypt_message): Likewise.
* ccm.h: Updated prototypes.
2014-04-22 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo (Recommended hash functions): Document additional
sha512 variants.
* sha2.h (sha512_224_ctx, sha512_256_ctx): New aliases for the
sha512_ctx struct tag.
2014-04-17 Niels Möller <nisse@lysator.liu.se>
* examples/Makefile.in (SOURCES): Deleted next-prime.c (forgotten
in 2014-04-13 change).
2014-04-16 Niels Möller <nisse@lysator.liu.se>
* testsuite/ccm-test.c (test_cipher_ccm): Deleted check for NULL
authdata.
* sha3-224.c (sha3_224_init): Pass pointer to context struct, not
pointer to first element, to memset.
* sha3-256.c (sha3_256_init): Likewise.
* sha3-384.c (sha3_384_init): Likewise.
* sha3-512.c (sha3_512_init): Likewise.
* examples/eratosthenes.c (vector_alloc): Use sizeof(*vector)
instead of explicit type in malloc call.
(vector_init): Make constant explicitly unsigned long.
* tools/input.c (sexp_get_quoted_char): Deleted useless for loop.
2014-04-13 Niels Möller <nisse@lysator.liu.se>
* rsa-compat.c: Deleted file.
* rsa-compat.h: Deleted file.
* Makefile.in (hogweed_SOURCES): Deleted rsa-compat.c.
(HEADERS): Deleted rsa-compat.h.
* examples/next-prime.c: Deleted file.
* bignum-next-prime.c (nettle_next_prime): Deleted file and
function.
* prime-list.h: Deleted file.
* bignum.h (nettle_next_prime): Deleted prototype.
* Makefile.in (hogweed_SOURCES): Deleted bignum-next-prime.c.
(DISTFILES): Deleted prime-list.h.
* examples/Makefile.in (HOGWEED_TARGETS): Deleted next-prime, and
corresponding make target.
2014-04-12 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo (Copyright): Updated licensing info.
* README: Likewise.
* Makefile.in (DISTFILES): Distribute new COPYING* files.
* COPYING.LESSERv3: New file.
* COPYINGv3: New file.
* COPYING.LIB: Deleted.
* COPYINGv2: New name for GPL version 2 file.
* COPYING: Old name, deleted.
* Update license headers for LGPL3+ and GPL2+ dual licensing.
2014-04-11 Niels Möller <nisse@lysator.liu.se>
* testsuite/testutils.c (test_aead): Use aead->digest_size.
* configure.ac: Skip GMP tests if public key support is disabled.
* eax.c (block16_xor): Fixed bug effecting 32-bit platforms.
* Makefile.in (DISTFILES): Deleted memxor.c, already included via
nettle_SOURCES.
* tools/Makefile.in (SOURCES): Add nettle-pbkdf2.c.
2014-04-10 Niels Möller <nisse@lysator.liu.se>
From Nikos Mavrogiannopoulos:
* examples/hogweed-benchmark.c (bench_openssl_ecdsa_init): Support
for secp192r1 and secp256r1.
(alg_list): Add them.
2014-04-09 Niels Möller <nisse@lysator.liu.se>
* examples/nettle-benchmark.c (main): Benchmark sha512_224 and
sha512_256.
* testsuite/sha512-224-test.c: New file.
* testsuite/sha512-256-test.c: New file.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added new files.
* nettle-meta.h (nettle_sha512_224, nettle_sha512_256): Declare.
* sha512-224-meta.c (nettle_sha512_224): New file, new nettle_hash.
* sha512-256-meta.c (nettle_sha512_256): New file, new nettle_hash.
* sha2.h (SHA512_224_DIGEST_SIZE, SHA512_224_DATA_SIZE)
(SHA512_256_DIGEST_SIZE, SHA512_256_DATA_SIZE): New constants.
* sha512.c (sha512_256_digest): Typo fix, call sha512_256_init.
* testsuite/testutils.c (test_hash): Removed redundant init call.
Tests that digest implies init.
2014-03-28 Niels Möller <nisse@lysator.liu.se>
* testsuite/dsa-keygen-test.c (test_main): Explicitly use
dsa_compat_generate_keypair.
(test_main): Test dsa_generate_params and dsa_generate_keypair
with a large q; p_bits = 1024, q_bits = 768.
* testsuite/testutils.h: Undo dsa-compat.h name mangling.
* dsa-keygen.c (dsa_generate_keypair): New interface, generating
only a keypair, and no new parameters.
* dsa-compat-keygen.c (dsa_compat_generate_keypair): New file.
Moved old key generation function here. Use dsa_generate_keypair.
2014-03-27 Niels Möller <nisse@lysator.liu.se>
* dsa-compat.c (dsa_public_key_init, dsa_public_key_clear)
(dsa_private_key_init, dsa_private_key_clear): : Move deprecated
DSA functions to a separate file...
* dsa.c: ...from here.
* dsa-compat.h: New file, declaring deprecated DSA interface.
Include in corresponding C files.
* Makefile.in (hogweed_SOURCES): Add dsa-compat.c.
(HEADERS): Add dsa-compat.h.
* dsa-gen-params.c (dsa_generate_params): New file and function,
extracted from DSA key generation.
* dsa-keygen.c (dsa_generate_keypair): Use dsa_generate_params.
2014-03-26 Niels Möller <nisse@lysator.liu.se>
* der2dsa.c (dsa_params_from_der_iterator): Converted to new DSA
interface. Allow q_size == 0, meaning any q < p is allowed.
Additional validity checks.
(dsa_public_key_from_der_iterator): Converted to new DSA
interface. Also check that the public value is in the correct
range.
(dsa_openssl_private_key_from_der_iterator): Converted
to new DSA interface. Additional validity checks.
(dsa_openssl_private_key_from_der): Converted to new DSA
interface.
* tools/pkcs1-conv.c (convert_dsa_private_key): Update to use
struct dsa_params, and adapt to the der decoding changes.
(convert_public_key): Likewise.
* examples/hogweed-benchmark.c: Update dsa benchmarking to use new
DSA interface.
* dsa.c (dsa_params_init, dsa_params_clear): New functions.
(dsa_public_key_init): Use dsa_params_init.
(dsa_public_key_clear): Use dsa_params_clear.
* sexp2dsa.c (dsa_keypair_from_sexp_alist): Converted to new DSA
interface. Allow q_size == 0, meaning any q < p is allowed.
Additional validity checks.
(dsa_sha1_keypair_from_sexp, dsa_sha256_keypair_from_sexp):
Converted to new DSA interface.
* dsa2sexp.c (dsa_keypair_to_sexp): Converted to new DSA
interface.
* tools/pkcs1-conv.c: Updated uses of dsa_keypair_to_sexp.
* dsa.h (struct dsa_params): New struct.
* dsa-sign.c (dsa_sign): Use struct dsa_params, with key as a
separate mpz_t.
* dsa-verify.c (dsa_verify): Likewise.
* dsa-sha1-verify.c (dsa_sha1_verify_digest, dsa_sha1_verify): Use
dsa_verify, cast the struct dsa_public_key * input to a struct
dsa_params *
* dsa-sha256-verify.c (dsa_sha256_verify_digest)
(dsa_sha256_verify): Likewise.
* dsa-sha1-sign.c (dsa_sha1_sign_digest, dsa_sha1_sign): Likewise
use dsa_sign, with a cast from struct dsa_public_key * to struct
dsa_params *.
* dsa-sha256-sign.c (dsa_sha256_sign_digest, dsa_sha256_sign):
Likewise.
* testsuite/testutils.c (test_dsa_verify): Use struct dsa_params.
(test_dsa_key): Likewise.
* testsuite/dsa-test.c (test_main): Adapt to test_dsa_key and
test_dsa_verify changes.
* testsuite/dsa-keygen-test.c (test_main): Adapt to
test_dsa_key change.
* testsuite/testutils.c (test_dsa_sign): #if out, currently
unused.
2014-03-23 Niels Möller <nisse@lysator.liu.se>
From Owen Kirby:
* ccm.c: New file.
* ccm.h: New file.
* ccm-aes128.c: New file.
* ccm-aes192.c: New file.
* ccm-aes256.c: New file.
* Makefile.in (nettle_SOURCES): Added ccm source files.
(HEADERS): Added ccm.h.
* testsuite/ccm-test.c: New file.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added ccm-test.c.
2014-03-20 Niels Möller <nisse@lysator.liu.se>
From Joachim Strömbergson:
* sha512.c (K): Indentation fix.
(sha512_224_init, sha512_224_digest, sha512_256_init)
(sha512_256_digest): New functions.
* sha2.h: Add prototypes.
(sha512_224_update, sha512_256_update): New aliases for
sha512_update.
2014-03-18 Niels Möller <nisse@lysator.liu.se>
* examples/nettle-benchmark.c (main): Add benchmarking of arcfour,
salsa20 and chacha, via time_aead.
* nettle-internal.c (nettle_arcfour128): Define, as a struct
nettle_aead (with NULL set_nonce, update, and digest methods).
* examples/nettle-openssl.c (nettle_openssl_arcfour128): Likewise.
* nettle-internal.h (nettle_arcfour128)
(nettle_openssl_arcfour128): Declare.
* nettle-types.h (nettle_cipher_func): New typedef, similar to
nettle_crypt_func, but with a const context, intended for block
ciphers.
* nettle-meta.h (struct nettle_cipher): Use the nettle_cipher_func
type.
* Many other files affected: aes*-meta.c, camellia*-meta.c,
cast128-meta.c, serpent-meta.c, twofish-meta.c, cbc.[ch],
ctr.[ch], ctr.[ch], des-compat.c, eax.[ch], gcm*.[ch],
nettle-internal.*, testsuite/aes-test.c,
examples/nettle-benchmark.c, examples/nettle-openssl.c.
2014-03-16 Niels Möller <nisse@lysator.liu.se>
* chacha-set-key.c: Include string.h.
* arcfour-meta.c: Deleted file.
* nettle-meta.h (nettle_arcfour128): Deleted declaration.
* nettle-meta-ciphers.c (nettle_ciphers): Deleted
nettle_arcfour128 from list.
* Makefile.in (nettle_SOURCES): Deleted arcfour-meta.c.
* examples/nettle-openssl.c (nettle_openssl_arcfour128): Deleted.
* testsuite/meta-cipher-test.c: Adjust test for removal of
nettle_arcfour128.
2014-03-15 Niels Möller <nisse@lysator.liu.se>
* examples/nettle-benchmark.c (struct bench_aead_info): New
struct.
(bench_aead_crypt, bench_aead_update, init_nonce, time_aead): New
functions, for benchmarking aead algorithms.
(time_gcm, time_eax): Deleted functions.
(main): Use time_aead to benchmark gcm, eax and chacha-poly1305.
* salsa20.h (SALSA20_NONCE_SIZE): Renamed constant, old name
SALSA20_IV_SIZE kept as an alias.
(salsa20_set_nonce): Update prototype for the 2014-01-20 rename.
* Makefile.in (.asm.s): Add dependencies.
(.s.o, .s.po): Empty any dependency .d file.
2014-03-04 Niels Möller <nisse@lysator.liu.se>
* testsuite/chacha-test.c (test_main): Additional test cases, for
256-bit keys.
* Makefile.in (nettle_SOURCES): Deleted chacha128-set-key.c and
chacha256-set-key.c.
* chacha.h (CHACHA256_KEY_SIZE): Deleted.
(chacha_set_key): Updated prototype.
* chacha256-set-key.c (chacha256_set_key): Deleted file and
function, moved to...
* chacha-set-key.c (chacha_set_key): Do 256-bit keys only. Deleted
length argument. Updated all callers.
* chacha128-set-key.c (chacha128_set_key): Deleted file and
function. Support for 128-bit chacha keys may be reintroduced
later, if really needed.
* chacha.h: Deleted chacha128-related declarations.
* chacha-set-key.c (chacha_set_key): Drop support for 128-bit
keys.
* testsuite/chacha-test.c (test_main): #if:ed out all tests with
128-bit keys.
2014-02-16 Niels Möller <nisse@lysator.liu.se>
* gcm.h: Declarations for gcm-camellia256.
* gcm-camellia256.c: New file.
* gcm-camellia256-meta.c: New file.
* nettle-meta.h (nettle_gcm_camellia256): Declare.
* Makefile.in (nettle_SOURCES): Added gcm-camellia256.c and
gcm-camellia256-meta.c.
* testsuite/gcm-test.c (test_main): Test cases for
nettle_gcm_camellia256.
* gcm.h: Include camellia.h. Declarations for gcm-camellia128.
* gcm-camellia128.c: New file.
* gcm-camellia128-meta.c: New file.
* nettle-meta.h (nettle_gcm_camellia128): Declare.
* Makefile.in (nettle_SOURCES): Added gcm-camellia128.c and
gcm-camellia128-meta.c.
* testsuite/gcm-test.c (test_main): Test cases for
nettle_gcm_camellia128. From Nikos Mavrogiannopoulos.
2014-02-13 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (nettle_SOURCES): Added eax-aes128.c
eax-aes128-meta.c.
* examples/nettle-benchmark.c: Include eax.h.
* nettle-meta.h (nettle_eax_aes128): Declare, moved from
nettle-internal.h.
* eax.h: Declare eax_aes128_ctx and related functions. Moved from
nettle-internal.h
(EAX_IV_SIZE): New constant.
* eax-aes128-meta.c (nettle_eax_aes128): Moved definition to new
file.
* eax-aes128.c (eax_aes128_set_key, eax_aes128_set_nonce)
(eax_aes128_update, eax_aes128_encrypt, eax_aes128_decrypt)
(eax_aes128_digest): Moved functions to a new file.
* nettle-internal.c: ... from old location.
* nettle-internal.h: Moved eax declarations elsewhere.
* tools/nettle-pbkdf2.c (main): Added missing deallocation.
2014-02-12 Niels Möller <nisse@lysator.liu.se>
* chacha-poly1305.h: New file.
* chacha-poly1305.c: New file.
* chacha-poly1305-meta.c (nettle_chacha_poly1305): New file, new
aead algorithm.
* nettle-meta.h (nettle_chacha_poly1305): Declare.
* Makefile.in (nettle_SOURCES): Added chacha-poly1305.c and
chacha-poly1305-meta.c.
(HEADERS): Added chacha-poly1305.h.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
chacha-poly1305-test.c.
* testsuite/chacha-poly1305-test.c: New file.
* nettle-meta.h (struct nettle_aead): New generalized version
if this struct.
(nettle_gcm_aes128, nettle_gcm_aes192, nettle_gcm_aes256)
(nettle_eax_aes128): Declare, moved from nettle-internal.h.
* nettle-internal.h (struct nettle_aead): Deleted struct, moved to
nettle-meta.h. Deleted declarations of unused instances.
(_NETTLE_AEAD): Deleted macro.
* nettle-internal.c (nettle_eax_aes128): Updated for new
nettle_aead struct.
(nettle_gcm_aes128, nettle_gcm_aes192, nettle_gcm_aes256):
Deleted, moved to new files.
* gcm-aes128-meta.c (nettle_gcm_aes128): Moved to new file,
updated for new nettle_aead struct.
* gcm-aes192-meta.c (nettle_gcm_aes192): Likewise.
* gcm-aes256-meta.c (nettle_gcm_aes256): Likewise.
* testsuite/testutils.c (test_aead): Take alternative set_nonce
function as argument, and use it when nonce size differs from
aead->nonce_length.
* testsuite/testutils.h (test_aead): Updated prototype.
* testsuite/gcm-test.c (nettle_gcm_unified_aes128): Updated for
new nettle_aead struct.
(test_main): Pass additional argument to test_aead.
* testsuite/eax-test.c (test_main): Pass additional NULL argument
to test_aead.
* eax.h (EAX_DIGEST_SIZE): New constant.
* gcm.h (GCM_DIGEST_SIZE): Likewise.
2014-02-10 Niels Möller <nisse@lysator.liu.se>
* chacha-set-nonce.c (chacha_set_nonce): Renamed file and
function, updated callers and Makefile.in.
* chacha-set-iv.c (chacha_set_iv): ... from old names.
2014-02-08 Niels Möller <nisse@lysator.liu.se>
* testsuite/chacha-test.c (test_chacha): For 20 rounds, use
chacha_crypt, and test varying the message length.
(test_main): Add second key stream block, for all testcases with
20 rounds.
* chacha-crypt.c (chacha_crypt): Fixed block counter update.
2014-02-07 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo (ASCII encoding): Document that
base16_encode_update and base64_encode_update now uses dst_length
as an output only.
* testsuite/base64-test.c (test_main): Updated
base64_decode_update test case.
* sexp-transport.c (sexp_transport_iterator_first): For
base64_decode_update, omit initialization of coded_length.
* examples/base64dec.c (main): Likewise.
* examples/base16dec.c (main): Likewise, for base16_decode_update.
* base64-decode.c (base64_decode_update): Use *dst_length for
output only. Don't require callers to pass a sane value.
* base16-decode.c (base16_decode_update): Likewise.
2014-02-06 Niels Möller <nisse@lysator.liu.se>
* NEWS: List _set_key incompatibilities.
* nettle-meta.h (_NETTLE_CIPHER_SEP, _NETTLE_CIPHER_SEP_SET_KEY)
(_NETTLE_CIPHER_FIX, _NETTLE_CIPHER): Deleted unused macros.
* nettle-internal.c (nettle_blowfish128): Deleted only use of
_NETTLE_CIPHER.
* blowfish.c (blowfish128_set_key): New function.
* blowfish.h (BLOWFISH128_KEY_SIZE): New constant.
* cast128-meta.c (nettle_cast128): Deleted only use of
_NETTLE_CIPHER_FIX.
* examples/nettle-benchmark.c (time_cipher): Fixed memset calls.
2014-01-30 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (nettle_SOURCES): Arrange in alphabetic order.
* nettle.texinfo: Updated, document size_t for length arguments.
Document new AES and Camellia interfaces.
* ecc-size.c (ecc_bit_size): New function.
* ecc.h (ecc_bit_size): Declare it.
2014-01-29 Niels Möller <nisse@lysator.liu.se>
* nettle-types.h (typedef nettle_set_key_func): Deleted length
argument.
* arctwo.c (arctwo40_set_key, arctwo64_set_key)
(arctwo128_set_key, arctwo128_set_key_gutmann): New functions.
* arctwo.h: Declare them.
* arctwo-meta.c (ARCTWO): New macro.
(nettle_arctwo40, nettle_arctwo64, nettle_arctwo128)
(nettle_arctwo_gutmann128): Use new _set_key functions.
* arcfour.h (ARCFOUR128_KEY_SIZE): New constant.
* arcfour.c (arcfour128_set_key): New function.
* arcfour-meta.c (nettle_arcfour128): Use arcfour128_set_key and
ARCFOUR128_KEY_SIZE.
* cast128.c (cast5_set_key): Renamed, was cast128_set_key.
(cast128_set_key): New definition, with fixed key size.
* cast128.h (CAST128_MIN_KEY_SIZE, CAST128_MAX_KEY_SIZE): Renamed
constants, to...
(CAST5_MIN_KEY_SIZE, CAST5_MAX_KEY_SIZE): ... new names.
* eax.h (EAX_SET_KEY): Deleted length argument.
* aes128-meta.c: Deleted _set_key wrappers.
* aes192-meta.c: Likewise.
* aes256-meta.c: Likewise.
* camellia128-meta.c: Likewise.
* camellia192-meta.c: Likewise.
* camellia256-meta.c: Likewise.
* gcm-aes128.c (gcm_aes128_set_key): Deleted length argument.
* gcm-aes192.c (gcm_aes192_set_key): Likewise.
* gcm-aes256.c (gcm_aes256_set_key): Likewise.
* gcm.h: Updated prototypes.
* serpent-set-key.c (serpent128_set_key, serpent192_set_key)
(serpent256_set_key): New functions.
* serpent.h: Declare new functions.
(SERPENT128_KEY_SIZE, SERPENT192_KEY_SIZE)
(SERPENT256_KEY_SIZE): New constants.
* serpent-meta.c (SERPENT): New macro.
(nettle_serpent128, nettle_serpent192, nettle_serpent256): Use new
_set_key functions.
* twofish-set-key.c (twofish128_set_key, twofish192_set_key)
(twofish256_set_key): New functions.
* twofish.h: Declare new functions.
(TWOFISH128_KEY_SIZE, TWOFISH192_KEY_SIZE)
(TWOFISH256_KEY_SIZE): New constants.
* twofish-meta.c (TWOFISH): New macro.
(nettle_twofish128, nettle_twofish192, nettle_twofish256): Use new
_set_key functions.
* nettle-internal.h (struct nettle_aead): Use
nettle_hash_update_func for the set_iv function pointer.
* nettle-internal.c (des_set_key_hack, des3_set_key_hack): Deleted
wrapper functions.
(chacha_set_key_hack): Deleted length argument. Use
chacha256_set_key.
(salsa20_set_key_hack): Deleted length argument. Use
salsa20_256_set_key.
(nettle_unified_aes128, nettle_unified_aes192)
(nettle_unified_aes256): Deleted, moved to test program.
(eax_aes128_set_key): Deleted length argument. Use EAX_SET_KEY.
* examples/nettle-benchmark.c: Updated for _set_key changes.
* examples/nettle-openssl.c: Likewise.
* testsuite/testutils.c: Likewise.
* testsuite/gcm-test.c: Likewise.
* testsuite/aes-test.c (UNIFIED_AES): New macro. Moved glue for
testing the old aes interface (struct aes_ctx) here.
* testsuite/arcfour-test.c (test_arcfour): New function, for key
sizes != 128 bits.
(test_main): Use it.
* testsuite/blowfish-test.c (test_blowfish): New function.
(test_main): Use it. Also deleted old #if:ed out code.
* testsuite/cast128-test.c (test_cast5): New function.
(test_main): Use it, for 40-bit and 80-bit tests.
* testsuite/serpent-test.c (test_serpent): New function.
(test_main): Use it.
2014-01-27 Niels Möller <nisse@lysator.liu.se>
* eax.h (struct eax_key, struct eax_ctx): Use union
nettle_block16, for alignment.
* eax.c: Updated everything to use nettle_block16.
(block16_xor): New function.
* examples/nettle-benchmark.c (time_eax): New function.
(main): Use it.
* x86_64/chacha-core-internal.asm: Use pshufhw + pshuflw for the
16-bit rotate.
* configure.ac (asm_replace_list): Added chacha-core-internal.asm.
* x86_64/chacha-core-internal.asm: New file.
* examples/nettle-benchmark.c (main): Add benchmarking of chacha.
* nettle-internal.c (nettle_chacha): New const struct, for the
benchmark.
Chacha implementation, based on contribution by Joachim
Strömbergson.
* chacha.h: New file.
* chacha256-set-key.c (chacha256_set_key): New file and function.
* chacha128-set-key.c (chacha128_set_key): New file and function.
* chacha-set-key.c (chacha_set_key): New file and function.
* chacha-set-iv.c (chacha_set_iv): New file and function.
* chacha-core-internal.c (_chacha_core): New file and function.
* chacha-crypt.c (chacha_crypt): New file and function.
* Makefile.in (nettle_SOURCES): Added chacha files.
(HEADERS): Added chacha.h.
* testsuite/chacha-test.c: New file.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added chacha-test.c.
2014-01-26 Niels Möller <nisse@lysator.liu.se>
* nettle-internal.h (_NETTLE_AEAD_FIX): Renamed to...
(_NETTLE_AEAD): ... new name, and deleted old definition. Also use
_set_nonce instead of _set_iv.
* nettle-internal.c (nettle_gcm_aes128, nettle_gcm_aes192)
(nettle_gcm_aes256): Define in terms of new interface.
(nettle_eax_aes128): Updated for _NETTLE_AEAD changes.
* testsuite/gcm-test.c (test_gcm_hash): Likewise use struct
gcm_aes128_ctx.
(test_main): Added a testcase using the old interface based on
struct gcm_aes_ctx.
* examples/nettle-benchmark.c (time_gcm): Update to use new struct
gcm_aes128_ctx. Also use name "gcm-aes128" in output.
* gcm.h: New interface for gcm_aes128, gcm_aes192, gcm_aes256,
using the new AES interface.
(GCM_CTX): Reorder fields, putting the cipher context
last.
* Makefile.in (nettle_SOURCES): Added gcm-aes128.c, gcm-aes192.c,
and gcm-aes256.c.
* gcm-aes128.c: New file.
* gcm-aes192.c: New file
* gcm-aes256.c: New file.
2014-01-25 Niels Möller <nisse@lysator.liu.se>
* gcm.h (GCM_SET_KEY): Deleted length argument.
* gcm-aes.c (gcm_aes_set_key): Use aes_set_encrypt_key and
gcm_set_key, can no longer use GCM_SET_KEY macro.
2014-01-23 Niels Möller <nisse@lysator.liu.se>
* testsuite/gcm-test.c (test_main): Use the correct
nettle_gcm_aes128/192/256 object.
2014-01-21 Niels Möller <nisse@lysator.liu.se>
Merged camellia-reorg changes (starting at 2013-10-07).
2013-10-10 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (nettle_SOURCES): Updated list of camellia files.
* testsuite/camellia-test.c (test_invert): Updated for new
camellia interface.
* camellia.h: Reorganized camellia interface, with distinct
context structs and functions for camellia128 and camellia256.
* camellia-meta.c: Deleted file.
* camellia256-meta.c: New file.
* camellia192-meta.c: New file.
* camellia128-meta.c: New file.
* camellia-set-decrypt-key.c: Deleted file, code moved to:
* camellia128-set-decrypt-key.c: New file.
(camellia128_invert_key, camellia128_set_decrypt_key): New
functions.
* camellia256-set-decrypt-key.c: New file.
(camellia256_invert_key, camellia256_set_decrypt_key)
(camellia192_set_decrypt_key): New functions.
* camellia-invert-key.c (_camellia_invert_key): New file and
function.
* camellia-set-encrypt-key.c: Deleted file, code moved to:
* camellia128-set-encrypt-key.c: New file.
(camellia128_set_encrypt_key): New function.
* camellia256-set-encrypt-key.c: New file.
(_camellia256_set_encrypt_key, camellia256_set_encrypt_key)
(camellia192_set_encrypt_key): New functions.
* camellia-absorb.c (_camellia_absorb): New file and function.
* camellia-internal.h: Moved key schedule macros here.
* camellia-crypt.c: Deleted file, code moved to:
* camellia128-crypt.c (camellia128_crypt): New file and function.
* camellia256-crypt.c (camellia256_crypt): New file and function.
2013-10-07 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Delete check for ALIGNOF_UINT64_T, no longer
needed.
* config.m4.in: Likewise delete ALIGNOF_UINT64_T.
* camellia-crypt.c (camellia_crypt): Updated call to
_camellia_crypt.
* camellia-internal.h (_camellia_crypt): Updated prototype.
* camellia-crypt-internal.c (_camellia_crypt): Take separate
arguments for rounds and subkey array.
* x86_64/camellia-crypt-internal.asm: Likewise. Also corrected
.file pseudo-ops.
* x86/camellia-crypt-internal.asm: Likewise.
2014-01-20 Niels Möller <nisse@lysator.liu.se>
* poly1305-internal.c (poly1305_digest): Use union nettle_block16
for s argument.
* poly1305-aes.c (poly1305_aes_digest): Update for poly1305_digest
change.
Merged poly1305 changes (starting at 2013-11-08).
* x86_64/poly1305-internal.asm: Update to new interface.
poly1305_digest much simplified.
* poly1305.h (struct poly1305_ctx): Moved block and index
fields...
(struct poly1305_aes_ctx): ... to here.
* asm.m4: Delete also from the assembly definition of struct
poly1305_ctx.
* poly1305-internal.c (poly1305_digest): Don't do final padding
here, leave that to caller. Add digest to the provided nonce s,
and deleted length and dst arguments. Also reset h0-h4 to zero
when done.
(_poly1305_block): Renamed, from...
(poly1305_block): ...old name.
* poly1305-aes.c (poly1305_aes_update): New function.
(poly1305_aes_digest): Update for poly1305_digest changes, do
final padding here.
* poly1305.c (poly1305_update): Deleted file and function. Moved
to poly1305-aes.c.
* Makefile.in (nettle_SOURCES): Deleted poly1305.c.
2014-01-17 Niels Möller <nisse@lysator.liu.se>
* poly1305-internal.c (poly1305_block): Additional argument with
the high bit.
(poly1305_block_internal): Deleted function, code moved into the
poly1305_block.
(poly1305_digest): Simplified padding code, call poly1305_block
with high bit 0.
* poly1305.h (poly1305_block): Update prototype.
* poly1305.c (poly1305_update): Call poly1305_block with high bit 1.
* x86_64/poly1305-internal.asm (poly1305_block): Handle new
argument.
* poly1305.h (struct poly1305_ctx): Moved nonce field from here...
(struct poly1305_aes_ctx): ... to here.
* poly1305-aes.c (poly1305_aes_set_nonce, poly1305_aes_digest):
Updated for above.
* poly1305.c (poly1305_set_nonce): Deleted function.
* asm.m4: Delete nonce also from the assembly definition of struct
poly1305_ctx.
2014-01-16 Niels Möller <nisse@lysator.liu.se>
* poly1305-aes.c: Include poly1305.h. Rewrite functions without
using the POLY1305_* macros.
* Makefile.in (HEADERS): Deleted poly1305-aes.h.
* poly1305.h (POLY1305_CTX, POLY1305_SET_KEY, POLY1305_SET_NONCE)
(POLY1305_DIGEST): Deleted macros. Only implemented variant is
poly1305-aes.
(POLY1305_DIGEST_SIZE, POLY1305_BLOCK_SIZE, POLY1305_KEY_SIZE):
New constants.
(POLY1305_AES_KEY_SIZE, POLY1305_AES_DIGEST_SIZE): Moved here,
from poly1305-aes.h.
(struct poly1305_aes_ctx): Likewise.
(poly1305_aes_set_key, poly1305_aes_set_nonce)
(poly1305_aes_update, poly1305_aes_digest): Likewise.
* poly1305-aes.h: Deleted file, declarations moved to poly1305.h.
Update all users.
* poly1305-internal.c (s2, s3, s4): Fixed macros.
* poly1305-aes.h (struct poly1305_aes_ctx): Replace struct aes_ctx
by struct aes128_ctx.
* poly1305-aes.c (poly1305_aes_set_key, poly1305_aes_digest):
Update to use aes128_* functions.
* poly1305.h (POLY1305_SET_KEY): Drop key size argument when
calling set_key.
2013-12-19 Niels Möller <nisse@lysator.liu.se>
* poly1305-aes.h (poly1305_aes_update): Define as an alias for
poly1305_update, using preprocessor and a type cast.
* poly1305-aes.c (poly1305_aes_update): Deleted function.
* poly1305.h (poly1305_update): Declare.
(_POLY1305_BLOCK, POLY1305_UPDATE): Deleted macros.
* poly1305.c (poly1305_update): New function.
2013-11-21 Niels Möller <nisse@lysator.liu.se>
* x86_64/poly1305-internal.asm: New file. Almost a factor of two
speedup.
* configure.ac (asm_replace_list): Added poly1305-internal.asm.
* asm.m4: Define struct offsets for 64-bit poly1305_ctx.
* poly1305.h (POLY1305_DIGEST): Pass the encrypted nonce as an
additional argument to poly1305_digest.
(struct poly1305_ctx): Introduce unions, to support either 26-bit
or 64-bit implementation.
* poly1305-internal.c (poly1305_digest): Added s argument.
* poly1305.c (poly1305_set_s): Deleted function.
2013-11-12 Niels Möller <nisse@lysator.liu.se>
* poly1305-internal.c: New file, for poly1305 functions depending
on the internal mod (2^130 - 5) representation.
(poly1305_block_internal): New helper function.
(poly1305_block, poly1305_digest): Use it.
2013-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* poly1305.h: New file.
* poly1305.c: New file.
* poly1305-aes.h: New file.
* poly1305-aes.c: New file.
* Makefile.in (nettle_SOURCES): Added poly1305-aes.c and poly1305.c.
(HEADERS): Added poly1305-aes.h and poly1305.h.
* testsuite/poly1305-test.c: New file.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added poly1305-test.c.
* examples/nettle-benchmark.c (time_poly1305_aes): New function.
(main): Benchmark poly1305.
2014-01-20 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (nettle_SOURCES): Added salsa20-set-nonce.c,
salsa20-128-set-key.c, and salsa20-256-set-key.c.
* salsa20.h: Declare new functions.
(SALSA20_128_KEY_SIZE, SALSA20_256_KEY_SIZE): New constants.
(salsa20_set_iv): Define as an alias for salsa20_set_nonce.
* salsa20-set-key.c (salsa20_set_key): Use salsa20_128_set_key and
salsa20_256_set_key.
(salsa20_set_iv): Renamed and moved...
* salsa20-set-nonce.c (salsa20_set_nonce): ... new file, new name.
* salsa20-256-set-key.c (salsa20_256_set_key): New file and
function.
* salsa20-128-set-key.c (salsa20_128_set_key): New file and
function.
2014-01-13 Niels Möller <nisse@lysator.liu.se>
* nettle-types.h (union nettle_block16): New type, replacing union
gcm_block.
* gcm.h (union gcm_block): Deleted. Replaced by nettle_block16.
* gcm.c: Replaced all use of gcm_block by nettle_block16.
2014-01-04 Niels Möller <nisse@lysator.liu.se>
* config.guess: Updated to 2014-01-01 version, from
git://git.sv.gnu.org/config.git.
* config.sub: Likewise.
* testsuite/memxor-test.c [HAVE_VALGRIND_MEMCHECK_H] (test_mark):
New function.
(test_memxor, test_memxor3): Use test_mark to tell valgrind the
start and end of src and destination areas.
* configure.ac: Check for valgrind/memcheck.h.
* testsuite/Makefile.in (VALGRIND): Added --partial-loads-ok=yes,
needed for the way unaligned data is handled in, e.g., memxor.
2014-01-03 Niels Möller <nisse@lysator.liu.se>
* shadata.c (main): Zero-pad output values to 8 hex digits.
* sha256.c (K): Updated table.
2013-12-17 Niels Möller <nisse@lysator.liu.se>
* configure.ac (ASM_RODATA): New substituted variable. Needed for
portability to darwin.
* config.m4.in: Define RODATA, using configure variable ASM_RODATA
* x86_64/gcm-hash8.asm: Use RODATA macro.
* bignum-random-prime.c (_nettle_generate_pocklington_prime): Use
stronger variants of Pocklington's theorem, to allow p0 of size
down to bits/3.
2013-12-15 Niels Möller <nisse@lysator.liu.se>
* nettle-internal.h (NETTLE_MAX_BIGNUM_BITS)
(NETTLE_MAX_BIGNUM_SIZE): Deleted arbitrary limits.
2013-12-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
Introduced TMP_GMP_ALLOC macro for temporary allocations of
potentially large data, e.g, sized as an RSA key.
* gmp-glue.h (TMP_GMP_DECL, TMP_GMP_ALLOC, TMP_GMP_FREE): New
macros.
* gmp-glue.c (gmp_alloc, gmp_free): New functions.
* bignum-next-prime.c (nettle_next_prime): Use TMP_GMP_ALLOC.
* bignum-random.c (nettle_mpz_random_size): Likewise.
* pkcs1-decrypt.c (pkcs1_decrypt): Likewise.
* pkcs1-encrypt.c (pkcs1_encrypt): Likewise.
* pkcs1-rsa-digest.c (pkcs1_rsa_digest_encode): Likewise.
* pkcs1-rsa-sha512.c (pkcs1_rsa_sha512_encode)
(pkcs1_rsa_sha512_encode_digest): Likewise.
* pkcs1-rsa-sha256.c (pkcs1_rsa_sha256_encode)
(pkcs1_rsa_sha256_encode_digest): Likewise.
* pkcs1-rsa-sha1.c (pkcs1_rsa_sha1_encode)
(pkcs1_rsa_sha1_encode_digest): Likewise.
* pkcs1-rsa-md5.c (pkcs1_rsa_md5_encode)
(pkcs1_rsa_md5_encode_digest): Likewise.
2013-12-14 Niels Möller <nisse@lysator.liu.se>
* x86_64/gcm-hash8.asm: Use .short rather than .hword, for
compatibility with apple's assembler.
2013-12-03 Niels Möller <nisse@lysator.liu.se>
* x86_64/sha1-compress.asm: Reorganized, to get closer to the x86
version. No difference in running time.
* configure.ac (dummy-dep-files): Don't overwrite any existing
dependency files.
* x86_64/md5-compress.asm: New file, similar to the x86 version.
35% speedup on AMD, 15% speedup on Intel.
2013-11-25 Niels Möller <nisse@lysator.liu.se>
* testsuite/dsa-test.c (test_main): Additional tests from NIST
test vectors.
* testsuite/testutils.c (test_dsa_sign, test_dsa_verify): New
functions, supporting arbitrary digest size.
* testsuite/testutils.h (ASSERT): Improved failure message.
* dsa-verify.c (dsa_verify): Renamed, from _dsa_verify.
* dsa-sign.c (dsa_sign): Renamed, from _dsa_sign.
2013-11-24 Niels Möller <nisse@lysator.liu.se>
* testsuite/dsa-keygen-test.c (test_main): Test generating a
key with 224-bit q.
* dsa-verify.c (_dsa_verify): Use _dsa_hash.
* dsa-sign.c (_dsa_sign): Use _dsa_hash. Fix memory leak in
error case, spotted by Nikos.
* dsa-keygen.c (dsa_generate_keypair): Allow q_bits == 224.
* dsa-hash.c (_dsa_hash): New file and function. Allows digest
sizes not matching the bitsize of q.
* dsa.h (_dsa_hash): Declare it.
* Makefile.in (hogweed_SOURCES): Added dsa-hash.c.
2013-11-23 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Check also for openssl/ecdsa.h.
2013-10-05 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (nettle_SOURCES): Added eax.c.
(HEADERS): Added eax.h.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added eax-test.c.
* testsuite/eax-test.c: New file.
* nettle-internal.c (nettle_eax_aes128): New aead algorithm.
(eax_aes128_set_key, eax_aes128_set_nonce, eax_aes128_update)
(eax_aes128_encrypt, eax_aes128_decrypt, eax_aes128_digest): New
functions.
* eax.c: New file.
* eax.h: New file.
* aes.h: Fixed typo in name mangling for new aes functions.
2013-09-28 Niels Möller <nisse@lysator.liu.se>
* Merge aes-reorg branch. Changes below,
dated 2013-05-17 - 2013-08-13.
2013-08-13 Niels Möller <nisse@lysator.liu.se>
* yarrow.h (struct yarrow256_ctx): Use aes256_ctx, not aes_ctx.
* yarrow256.c: Adapted to use new aes256 interface.
2013-08-07 Niels Möller <nisse@lysator.liu.se>
* umac.h (_UMAC_STATE): Use struct aes128_ctx, not aes_ctx.
* umac-set-key.c (umac_kdf, _umac_set_key): Use aes128 interface.
* umac32.c (umac32_digest): Likewise.
* umac64.c (umac64_digest): Likewise.
* umac96.c (umac96_digest): Likewise.
* umac128.c (umac128_digest): Likewise.
2013-06-25 Niels Möller <nisse@lysator.liu.se>
* aes-meta.c: Deleted file.
Analogous changes for new aes192 and aes256 interface.
* aes.h (struct aes128_ctx): New aes128 declarations.
* aes-decrypt.c (aes128_decrypt): New function.
* aes-encrypt.c (aes128_encrypt): New function.
* aes128-meta.c: New file.
* aes128-set-encrypt-key.c (aes128_set_encrypt_key): New file and
function.
* aes128-set-decrypt-key.c (aes128_set_decrypt_key)
(aes128_invert_key): New file and functions.
* Makefile.in (nettle_SOURCES): Added aes128-set-encrypt-key.c,
aes128-set-decrypt-key.c and aes128-meta.c.
* nettle-internal.c (nettle_unified_aes128): For testing the old
AES interface.
* testsuite/aes-test.c (test_cipher2): New function.
(test_main): Test both nettle_aes128 and nettle_unified_aes128.
2013-05-22 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (nettle_SOURCES): Added aes-invert-internal.c and
aes-set-key-internal.c.
* aes.h (AES128_KEY_SIZE, _AES128_ROUNDS): New constants.
Similarly also for aes192 and aes256.
* aes-internal.h: Declare new functions.
* aes-set-key-internal.c (_aes_set_key): New file and funxtion
extracted from aes_set_encrypt_key.
* aes-set-encrypt-key.c (aes_set_encrypt_key): Use _aes_set_key.
* aes-invert-internal.c (_aes_invert): New file and function,
extracted from aes_invert_key.
* aes-set-decrypt-key.c (aes_invert_key): Use _aes_invert.
* arm/v6/aes-encrypt-internal.asm: Adapted to new interface.
Unfortunately, 4% slowdown on Cortex-A9, for unknown reason.
* arm/v6/aes-decrypt-internal.asm: Likewise.
* arm/aes-encrypt-internal.asm: Adapted to new interface.
* arm/aes-decrypt-internal.asm: Likewise.
2013-05-21 Niels Möller <nisse@lysator.liu.se>
* sparc32/aes-encrypt-internal.asm: Adapted to new interface.
* sparc32/aes-decrypt-internal.asm: Likewise.
* sparc64/aes-encrypt-internal.asm: Likewise.
* sparc64/aes-decrypt-internal.asm: Likewise.
* x86/aes-encrypt-internal.asm: Adapted to new interface.
* x86/aes-decrypt-internal.asm: Likewise.
2013-05-20 Niels Möller <nisse@lysator.liu.se>
* x86_64/aes-encrypt-internal.asm: Adapted to new interface.
* x86_64/aes-decrypt-internal.asm: Likewise.
2013-05-17 Niels Möller <nisse@lysator.liu.se>
* aes.h (struct aes_ctx): Renamed nrounds to rounds, and moved
first in the structure.
* aes-set-encrypt-key.c (aes_set_encrypt_key): Updated for renaming.
* aes-set-decrypt-key.c (aes_invert_key): Likewise.
* aes-encrypt-internal.c (_nettle_aes_encrypt): Take rounds and
subkeys as separate arguments, not a struct aes_ctx *. Updated
callers.
* aes-decrypt-internal.c (_nettle_aes_decrypt): Likewise.
* aes-internal.h: Updated prototypes.
* Start of aes-reorg changes.
2013-09-28 Niels Möller <nisse@lysator.liu.se>
* md4.h (struct md4_ctx): Use single uint64_t variable for block
count.
* md4.c: Use new block count variable.
* md5.c, md5.h (struct md5_ctx): Likewise.
* ripemd160.c, ripemd160.h (struct ripemd160_ctx): Likewise.
* sha1.c, sha1.h (struct sha1_ctx): Likewise.
* sha256.c, sha2.h (struct sha256_ctx): Likewise.
* testsuite/testutils.c (test_hash_large): Added simple progress
indicator.
* macros.h (MD_PAD): Use size argument, don't depend on
sizeof of the count field(s).
2013-09-22 Niels Möller <nisse@lysator.liu.se>
* x86_64/gcm-hash8.asm: New file.
* x86_64/gcm-gf-mul-8.asm: Deleted.
* configure.ac (asm_nettle_optional_list): Look for gcm-hash8.asm,
not gcm-gf-mul-8.asm.
* gcm.c [HAVE_NATIVE_gcm_hash8]: Make use of (optional) assembly
implementation.
2013-09-21 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (des.po): Add same dependencies as for des.o.
Reported by Vincent Torri.
2013-09-20 Niels Möller <nisse@lysator.liu.se>
* testsuite/gcm-test.c: Added tests with associated data of
varying size.
* testsuite/testutils.c (tstring_alloc): Add NUL-termination.
2013-09-18 Niels Möller <nisse@lysator.liu.se>
* Makefile.in: New stampfiles, libnettle.stamp and
libhogweed.stamp, updated when both static and shared libraries
are rebuilt. Used as link dependencies in subdirectories.
* examples/Makefile.in: Make executable targets depend on
../libnettle.stamp and libhogweed.stamp, not directly on the
static library files.
* testsuite/Makefile.in: Likewise.
* tools/Makefile.in: Likewise.
2013-09-09 Niels Möller <nisse@lysator.liu.se>
* gcm.c [HAVE_NATIVE_gcm_gf_mul_8]: Make use of (optional)
assembly implementation.
* configure.ac: Support optional assembly files for both nettle
and hogweed. Replaced OPT_ASM_SOURCES with OPT_ASM_NETTLE_SOURCES,
OPT_ASM_HOGWEED_SOURCES, and asm_optional_list with
asm_nettle_optional_list and asm_hogweed_optional_list.
(asm_nettle_optional_list): Added gcm-gf-mul-8.asm.
2013-06-25 Niels Möller <nisse@lysator.liu.se>
* testsuite/gcm-test.c: Deleted redundant include of aes.h.
* testsuite/testutils.c (test_aead): Allow digest size smaller
than the block size.
* tools/nettle-pbkdf2.c: New command line tool.
* tools/Makefile.in (TARGETS): Added nettle-pbkdf2.
(nettle-pbkdf2$(EXEEXT)): New target.
* testsuite/nettle-pbkdf2-test: New test case.
* testsuite/Makefile.in (TS_SH): Added nettle-pbkdf2-test.
* tools/nettle-hash.c (digest_file): Use stack allocation for the
small hex output buffer.
* examples/io.c (MIN): Deleted unused macro.
2013-05-21 Niels Möller <nisse@lysator.liu.se>
From nettle-2.7-fixes branch:
* Makefile.in (distdir): Distribute files in arm/v6 subdirectory.
2013-05-20 Niels Möller <nisse@lysator.liu.se>
* arm/v6/sha1-compress.asm: Moved into v6 directory, since it uses
the v6 instruction uadd8, sel and rev.
* arm/v6/sha256-compress.asm: Likewise.
* nettle-types.h: Include <stddef.h>, for size_t.
2013-05-17 Niels Möller <nisse@lysator.liu.se>
* macros.h (ROTL32, ROTL64): Avoid undefined behaviour for zero
rotation count. Unfortunately makes CAST128 a bit slower with
gcc-4.6.3.
* ecc-j-to-a.c (ecc_j_to_a): Fixed ecc_modp_mul call, to avoid
invalid overlap of arguments to mpn_mul_n. Problem tracked down by
Magnus Holmgren.
2013-05-16 Niels Möller <nisse@lysator.liu.se>
* arm/aes-encrypt-internal.asm: New file, for pre-v6 processors.
* arm/aes-decrypt-internal.asm: New file, likewise.
* arm/aes.m4 (AES_FINAL_ROUND_V5): Variant without using uxtb.
(AES_FINAL_ROUND_V6): New name, updated callers.
(AES_FINAL_ROUND): ... old name. Also eliminated one uxtb
instruction.
(AES_ENCRYPT_ROUND, AES_DECRYPT): Moved macros to the
files using them.
* arm/v6/aes-encrypt-internal.asm: Use ALIGN macro. Use 16-byte
alignment for loops.
* arm/v6/aes-decrypt-internal.asm: Likewise. Also added a nop
which mysteriously improves benchmark performance on Cortex-A9.
2013-05-15 Niels Möller <nisse@lysator.liu.se>
* configure.ac (asm_path): Handle armv6 and armv7 differently from
older ARMs. Add the arm/v6 directory to asm_path when appropriate.
* arm/v6/aes-encrypt-internal.asm: Moved into v6 directory. Uses
the uxtb instruction which is not available for older ARMs.
* arm/v6/aes-decrypt-internal.asm: Likewise.
2013-05-03 Niels Möller <nisse@lysator.liu.se>
* cast128.c: Adapt to new struct cast128_ctx.
(cast128_set_key): Rewrite, eliminating lots of conditions and
some false warnings.
* cast128.h (struct cast128_ctx): Separate the small 5-bit
rotation subkeys and the larger 32-bit masking subkeys.
2013-05-02 Niels Möller <nisse@lysator.liu.se>
* testsuite/testutils.c (mpz_combit): Renamed. Define only if not
provided GMP. Updated all uses.
(mpz_togglebit): ... old name.
* sexp-format.c (sexp_vformat): Use type mpz_srcptr rather
than the old MP_INT *.
2013-04-26 Niels Möller <nisse@lysator.liu.se>
* Many files: Use size_t rather than unsigned for data sizes.
* x86_64/aes-encrypt-internal.asm: Accept 64-bit length.
* x86_64/aes-decrypt-internal.asm: Likewise.
2013-04-25 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Changed version number, to 2.8.
(LIBNETTLE_MAJOR): Bumped major number, following
nettle_memxor ABI break.
(LIBNETTLE_MINOR): Reset to zero.
* examples/hogweed-benchmark.c: Add benchmarking of OpenSSL's RSA
functions.
(all functions): Deleted unneeded casts.
2013-04-24 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo (Miscellaneous functions): Updated memxor
prototype. Document memxor3.
* salsa20-crypt.c (salsa20_crypt): Deleted cast of memxor
argument, no longer needed.
* salsa20r12-crypt.c (salsa20r12_crypt): Likewise.
* sha3.c (sha3_absorb): Likewise.
* memxor.h: Updated prototypes. Drop include of nettle-types.h.
* memxor.c: Include nettle-types.h, for uintptr_t. Replace all
internal uses of uint8_t by plain char.
(memxor): Use void * rather than uint8_t * for
arguments.
(memxor3): Likewise.
* x86_64/memxor.asm: Added nettle_ prefix to symbols.
* arm/memxor.asm: Likewise.
* testsuite/symbols-test: Don't allow memxor functions without
nettle prefix,
* memxor.h (memxor3): Added name mangling to add "nettle_" prefix
to memxor and memxor3 symbols.
* Makefile.in (nettle_OBJS): Deleted $(LIBOBJS), and also deleted
LIBOBJS substitution.
(nettle_SOURCES): Added memxor.c, to include it in the library
unconditionally.
* configure.ac: Deleted AC_REPLACE_FUNCS for memxor.
* Released nettle-2.7.
2013-04-23 Niels Möller <nisse@lysator.liu.se>
From Martin Storsjö:
* x86_64/sha256-compress.asm: Add forgotten W64_EXIT.
* x86_64/sha512-compress.asm: Likewise.
* x86_64/salsa20-crypt.asm (Lpartial): Don't return via W64_EXIT
within this subfunction.
* x86_64/machine.m4 (W64_ENTRY): Use movdqu instead of movdqa for
saving xmm registers, since the stack is not guaranteed to be
16-byte aligned on win64. Take pushed xmm registers into account
when reading the fifth parameter from the stack.
* Makefile.in: Consistently use EXEEXT_FOR_BUILD.
2013-04-21 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (DISTFILES): Added mini-gmp.c and mini-gmp.h.
(distdir): Use find, for identifying assembly files to copy.
2013-04-18 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Recognize cpu type "arm*", not just "armv7*'.
* arm/aes-encrypt-internal.asm: Updated include of aes.m4.
* arm/aes-decrypt-internal.asm: Likewise.
* Makefile.in (distdir): Updated for ARM reorganization.
* configure.ac (asm_path): Generalized, can now be a list of
directories. On ARM, check for neon instructions, and add arm/neon
if appropriate. New command line options
--enable-arm-neon/--disable-arm-neon, for overriding the default.
arm/neon: New subdirectory, for assembly files making use of neon
instructions.
arm: Renamed directory, from...
armv7: ...old name.
* aclocal.m4 (NETTLE_CHECK_ARM_NEON): New macro.
* nettle.texinfo (Keyed hash functions): Document UMAC.
* umac.h (UMAC32_DIGEST_SIZE, UMAC64_DIGEST_SIZE)
(UMAC96_DIGEST_SIZE, UMAC128_DIGEST_SIZE): New constants.
(UMAC_DATA_SIZE): New name, for consistency with hash functions.
Updated all uses.
(UMAC_BLOCK_SIZE): ... old name.
2013-04-17 Niels Möller <nisse@lysator.liu.se>
* examples/nettle-benchmark.c (main): Benchmark salsa20r12.
* nettle-internal.c (nettle_salsa20r12): Cipher struct for
benchmarking only.
* nettle-internal.h (nettle_salsa20): Declare it.
* Makefile.in (eccdata): Depend on mini-gmp files. Drop -lgmp.
* eccdata.c: Use mini-gmp, to avoid gmp dependency and associated
configure tests for the *build* system. Replaced mpz_submul_ui by
mpz_mul_ui + mpz_sub, and gmp_printf and gmp_fprintf by calls to
mpz_out_str.
* mini-gmp.h, mini-gmp.c: New files, copied from gmp-5.1.1.
2013-04-16 Niels Möller <nisse@lysator.liu.se>
* umac-set-key.c (BE_SWAP32_N): Fixed dummy definition used for
big-endian systems.
* Makefile.in (TARGETS): Deleted eccdata, it should be build only
when public key support is enabled.
(clean-here): Exlicitly list it here.
* asm.m4 (m4_log2): New macro, similar to the one in gmp.
(ALIGN): Changed to take alignment in bytes. Updated all callers,
currently used only in x86 and x86_64 files.
* umac.h (umac32_ctx, umac64_ctx, umac96_ctx, umac128_ctx): Make
block count an uint64_t. Reorder some elements to put short values
together.
* umac-l2.c (_umac_l2, _umac_l2_final): Make count argument an uint64_t.
(_umac_l2): Deleted redundant memcpy.
(_umac_l2, _umac_l2_final): Store input buffer at end of the
poly64/poly128 state. Deleted l1_out from corresponding context
structs, and updated all callers.
* configure.ac: Changed version number to 2.7.
(LIBNETTLE_MINOR): Bumped library version, to 4.6.
(LIBHOGWEED_MINOR): And to 2.4.
* Makefile.in (distdir): Include files from armv7 subdirectory.
* x86_64/umac-nh-n.asm: New file, 3.5 time speedup.
* umac32.c (umac32_digest): Fix nonce caching.
* umac64.c (umac64_digest): Likewise.
* testsuite/umac-test.c (test_incr): New function.
(test_main): Test nonce increment.
* misc/umac/umac.py: UMAC reference implementation.
* misc/umac/rijndael.py: AES implementation used by umac.py.
* misc/umac/mkvectors: Script to generate UMAC test vectors.
* misc/umac/vectors.out: Generated test vectors.
* umac32.c (umac32_digest): Fix nonce increment, use INCREMENT
macro.
* umac64.c (umac64_digest): Likewise.
* umac96.c (umac96_digest): Likewise.
* umac128.c (umac128_digest): Likewise.
* macros.h (INCREMENT): Allow size == 1.
2013-04-15 Niels Möller <nisse@lysator.liu.se>
* x86_64/umac-nh.asm: New file. 4.4 time speedup.
* armv7/umac-nh-n.asm: New file. 2.0-2.3 time speedup.
* testsuite/umac-test.c (test_align): Fixed memory leak.
2013-04-12 Niels Möller <nisse@lysator.liu.se>
* armv7/umac-nh.asm: New file. 2.4 time speedup.
* armv7/machine.m4 (D0REG, D1REG): New macros.
* configure.ac (asm_replace_list): Added umac-nh.asm and
umac-nh-n.asm.
* testsuite/umac-test.c: Test different alignments for the
message.
2013-04-11 Niels Möller <nisse@lysator.liu.se>
* umac-nh-n.c (_umac_nh_n): Rewrote as a single pass over the
message data.
* examples/nettle-benchmark.c (time_umac): New function.
(main): Call it.
* umac-set-key.c (_umac_set_key): Drop byteswapping of l3_key2, it
can be xored directly to the pad in native byteorder.
* umac-l3.c (_umac_l3): Drop key_2 argument, let caller do that
xor. Updated all callers.
* umac32.c (umac32_digest): Adapt to l3 changes.
* umac64.c (umac64_digest): Likewise.
* umac96.c (umac96_digest): Likewise.
* umac128.c (umac128_digest): Likewise.
Initial implementation of umac.
* umac.h: New file.
* umac-nh.c: New file.
* umac-nh-n.c: New file.
* umac-poly64.c: New file.
* umac-poly128.c: New file.
* umac-l2.c: New file.
* umac-l3.c: New file.
* Makefile.in (nettle_SOURCES): Added umac source files.
(HEADERS): Added umac.h.
* testsuite/umac-test.c: New file.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added umac-test.c.
* ecc-mul-a.c (ecc_mul_a): Avoid using mp_bitcnt_t, for
compatibility with older GMP versions.
* ecc-mul-g.c (ecc_mul_g): Likewise.
* eccdata.c (ecc_mul_binary): Likewise.
* sec-modinv.c (sec_modinv): Likewise.
* x86_64/sha3-permute.asm: Go via memory for moves between general
registers and xmm registers.
2013-04-06 Niels Möller <nisse@lysator.liu.se>
From Edgar E. Iglesias:
* sha3.c (_sha3_update): Fix condition for when the block buffer
is full.
2013-04-04 Niels Möller <nisse@lysator.liu.se>
* ecc-point.c (ecc_point_get): Allow NULL x or y, ignore
corresponding coordinate.
* nettle.texinfo (Elliptic curves): Document high-level ECDSA
support.
From Martin Storsjö. Fallback functions for older GMP releases.
* gmp-glue.c (mpn_copyd, mpn_copyi, mpn_zero): New functions.
* gmp-glue.h: Declare them.
(mpn_sqr): Fallback macro.
* gmp-glue.h (cnd_add_n, cnd_sub_n): Moved here, define in terms
of mpn_cnd_add_n and mpn_sub_n if available, otherwise in terms of
mpn_addmul_1 and mpn_submul_1. This seems to be an improvement for
subtraction, but more questionable for addition.
* ecc-internal.h: Include gmp-glue.h. Deleted corresponding
include in all files using ecc-internal.h.
(cnd_add_n, cnd_sub_n): Moved from here.
2013-04-03 Niels Möller <nisse@lysator.liu.se>
* ecc-point-mul-g.c (ecc_point_mul_g): New file and function.
* ecc-point-mul.c (ecc_point_mul): New file and function.
* ecc.h: Updated declarations and name mangling.
* Makefile.in (hogweed_SOURCES): Added ecc-point-mul.c and
ecc-point-mul-g.c.
* testsuite/salsa20-test.c (test_main): Tests for salsa20r12,
contributed by Nikos Mavrogiannopoulos.
2013-03-26 Niels Möller <nisse@lysator.liu.se>
* armv7/salsa20-core-internal.asm: New file. 45% speedup.
2013-03-25 Niels Möller <nisse@lysator.liu.se>
From Martin Storsjö:
* examples/timing.c: New file, extracted from nettle-benchmark.c.
* examples/timing.h: New file.
* examples/Makefile.in (SOURCES): Added timing.c.
(DISTFILES): Added timing.h.
(BENCH_OBJS, ECC_BENCH_OBJS, HOGWEED_BENCH_OBJS): Added timing.o.
* examples/nettle-benchmark.c: Use timing.h.
* examples/hogweed-benchmark.c: Likewise.
* examples/ecc-benchmark.c: Likewise.
From Nikos Mavrogiannopoulos:
* salsa20r12-crypt.c (salsa20r12_crypt): New file and function.
* salsa20.h (salsa20r12_crypt): Declare.
* Makefile.in (nettle_SOURCES): Added salsa20r12-crypt.c.
From Martin Storsjö:
* examples/hogweed-benchmark.c: Include local headers.
* testsuite/ecdsa-keygen-test.c: Likewise.
* x86_64/sha3-permute.asm: Workaround for Apple's assembler; write
movq instructions as movd.
* Makefile.in (hogweed_PURE_OBJS): Don't include OPT_ASM_SOURCES
twice.
2013-03-15 Niels Möller <nisse@lysator.liu.se>
* armv7/sha3-permute.asm: New file. 4.5 time speedup.
* armv7/machine.m4 (QREG): New macro.
2013-03-14 Niels Möller <nisse@lysator.liu.se>
* configure.ac (asm_replace_list): Added sha3-permute.asm,
revering 2012-12-30 change. 34% speedup on intel i5, from 2190
cycles for the C implementation down to 1630.
* armv7/sha512-compress.asm: Optimized. Keep expanded data in
registers, exploit parallelism. Another 70% speedup.
* testsuite/sha512-test.c (test_main): Additional test vectors,
including some longer than 128 bytes.
2013-03-13 Niels Möller <nisse@lysator.liu.se>
* armv7/sha512-compress.asm: New file, using neon instructions.
2.3 time speedup.
* configure.ac (asm_replace_list): Added sha512-compress.asm.
* x86_64/machine.m4 (OFFSET64): New macro.
* x86_64/sha512-compress.asm: New file, 20% speedup.
* sha512-compress.c (ROUND): Eliminated a temporary, analogous to
sha256 change below.
* x86_64/sha256-compress.asm: New file, 16% speedup (benchmarked
on intel i5).
2013-03-11 Niels Möller <nisse@lysator.liu.se>
* armv7/sha256-compress.asm: New file, 25% speedup.
* configure.ac (asm_replace_list): Added sha256-compress.asm.
* sha256-compress.c (ROUND): Eliminated a temporary.
* armv7/sha1-compress.asm: New file, 9% speedup.
* testsuite/testutils.c (test_hash): Test different alignments for
the hash input.
2013-03-08 Niels Möller <nisse@lysator.liu.se>
* armv7/aes-decrypt-internal.asm: New file, 15% speedup.
* armv7/aes-encrypt-internal.asm: New file, 25% speedup.
* armv7/aes.m4: New file.
2013-03-07 Niels Möller <nisse@lysator.liu.se>
* gmp-glue.c (mpz_limbs_cmp): Don't use PTR and SIZ macros.
* Makefile.in (aesdata, desdata, twofishdata, shadata, gcmdata)
(eccdata): Arrange for compiling these programs for running on the
build system, also when cross compiling everything else.
* config.make.in (CC_FOR_BUILD, EXEEXT_FOR_BUILD): New variables.
* configure.ac: Use GMP_PROG_CC_FOR_BUILD and
GMP_PROG_EXEEXT_FOR_BUILD.
* aclocal.m4 (GMP_PROG_CC_FOR_BUILD, GMP_PROG_CC_FOR_BUILD_WORKS)
(GMP_PROG_EXEEXT_FOR_BUILD): New macros, based on GMP's.
* aesdata.c: Deleted includes of config.h and nettle-types.h. Use
unsigned char and unsigned long instead of stdint.h types.
* desdata.c: Deleted includes of config.h and desCode.h.
(main): Return 1 on invalid argument. Don't use ROR macro. Use
unsigned long instead of uint32_t, and make it work if unsigned
long is larger than 32 bits.
* gcmdata.c: Deleted include of config.h and use UNUSED macro.
* shadata.c: Likewise.
* twofishdata.c: Deleted include of nettle-types.h. Use unsigned
char instead of stdint.h types.
* x86_64/ecc-521-modp.asm: New file. 2.4 time speedup.
2013-03-06 Niels Möller <nisse@lysator.liu.se>
* x86_64/ecc-384-modp.asm: New file, 3 time speedup.
* x86_64/ecc-256-redc.asm: New file, 2.5 time speedup.
* x86_64/ecc-224-modp.asm: New file, 5 time speedup over C
version.
2013-03-05 Niels Möller <nisse@lysator.liu.se>
* configure.ac (asm_optional_list): Added ecc-521-modp.asm.
* ecc-521.c: Check HAVE_NATIVE_ecc_521_modp, and use native
version if available.
* armv7/ecc-521-modp.asm: New file, 2 time speedup over C version.
2013-03-04 Niels Möller <nisse@lysator.liu.se>
* configure.ac (asm_optional_list): Added ecc-384-modp.asm. Deleted
bogus reference to $asm_search_list.
* ecc-384.c: Check HAVE_NATIVE_ecc_384_modp, and use native
version if available.
* armv7/ecc-384-modp.asm: New file, 3 time speedup over C version.
2013-03-03 Niels Möller <nisse@lysator.liu.se>
* ecc-256.c: Fixed definition of USE_REDC.
2013-03-01 Niels Möller <nisse@lysator.liu.se>
* ecc-256.c: Check HAVE_NATIVE_ecc_256_redc, and use native
version if available.
* armv7/ecc-256-redc.asm: New file, 4 time speedup over C version.
* testsuite/ecc-redc-test.c: Increased test count.
* ecc-224.c: Check HAVE_NATIVE_ecc_224_modp, and use native
version if available.
* armv7/ecc-224-modp.asm: New file, 4.5 time speedup over C
version.
* configure.ac (asm_optional_list): Added ecc-224-modp.asm.
(OPT_ASM_SOURCES): Fixed assignment.
2013-02-28 Niels Möller <nisse@lysator.liu.se>
* x86_64/ecc-192-modp.asm: Reorganized to reduce number of
additions. Use setc instruction.
* examples/Makefile.in: Let $(HOGWEED_TARGETS) depend on
../libhogweed.a.
* armv7/ecc-192-modp.asm: New file. 2.5 time speedup over C
version.
2013-02-27 Niels Möller <nisse@lysator.liu.se>
* ecc-192.c: Check HAVE_NATIVE_ecc_192_modp, and use native
version if available.
(ecc_192_modp): Fixed carry handling bug in 32-bit version.
* x86_64/ecc-192-modp.asm: New file. 3.8 times speedup over C
version.
* configure.ac (OPT_ASM_SOURCES): New substituted variable.
(asm_replace_list, asm_optional_list): New variables. For files in
asm_optional_list, also add them to OPT_ASM_SOURCES and define
appropriate HAVE_NATIVE_* symbols found.
* Makefile.in (OPT_ASM_SOURCES): New variable. Used for setting
hogweed_OBJS and hogweed_PURE_OBJS.
* testsuite/ecc-mod-test.c: Increased test count.
* ecc-384.c (ecc_384_modp): Fixed typo which broke carry handling
in the 64-bit version.
* examples/ecc-benchmark.c (bench_add_jjj): Typo fix, benchmark
the right function.
* gmp-glue.h: Check if GMP provides mpz_limbs_read (expected in
next release).
* gmp-glue.c: Use GMP's mpz_limbs_read and friends if available.
Renamed all functions for consistency with GMP. Updated all
callers.
2013-02-20 Niels Möller <nisse@lysator.liu.se>
* examples/Makefile.in (HOGWEED_TARGETS): Added
hogweed-benchmark$(EXEEXT).
(SOURCES): Added hogweed-benchmark.c.
(hogweed-benchmark$(EXEEXT)): New target.
* examples/hogweed-benchmark.c: New file.
* ecdsa-keygen.c (ecdsa_generate_keypair): New file and function.
* Makefile.in (hogweed_SOURCES): Added ecdsa-keygen.c.
* testsuite/ecdsa-keygen-test.c: New testcase.
* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
ecdsa-keygen-test.c.
* nettle-internal.h (TMP_ALLOC): Added missing parentheses.
2013-02-18 Niels Möller <nisse@lysator.liu.se>
* testsuite/ecdsa-verify-test.c: New testcase.
* testsuite/ecdsa-sign-test.c: New testcase.
* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
ecdsa-sign-test.c and ecdsa-verify-test.c.
* testsuite/testutils.h: Include ecdsa.h.
(SHEX): Deleted const cast.
* ecc-point.c: New file, struct ecc_point abstraction.
* ecc-scalar.c: New file, struct ecc_scalar abstraction.
* ecc-random.c (ecc_modq_random, ecc_scalar_random): New file, new
functions.
* ecc-hash.c (ecc_hash): New file and function.
* ecc-ecdsa-sign.c: New file, low-level signing interface.
* ecc-ecdsa-verify.c: New file, low-level ecdsa verify.
* ecdsa-sign.c: (ecdsa_sign): New file and function.
* ecdsa-verify.c (ecdsa_verify): New file and function.
* ecdsa.h: New header file.
* ecc.h: Declare ecc_point and ecc_scalar functions.
* ecc-internal.h: Added declarations.
* Makefile.in (hogweed_SOURCES): Added new source files.
(HEADERS): Added ecdsa.h.
* gmp-glue.c (_mpz_set_mpn): New convenience function.
(_mpn_set_base256): New function.
(_gmp_alloc_limbs): New function.
(_gmp_free_limbs): New function.
* gmp-glue.h: Corresponding declarations. Include nettle-stdinh.h.
* examples/Makefile.in (HOGWEED_TARGETS): Renamed, was
RSA_TARGETS. Added ecc-benchmark$(EXEEXT).
(SOURCES): Added ecc-benchmark.c.
(ecc-benchmark$(EXEEXT)): New target.
* examples/ecc-benchmark.c: New file, benchmarking ecc primitives.
2013-02-15 Niels Möller <nisse@lysator.liu.se>
Integrate ecc_mul_a.
* ecc-a-to-j.c: New file.
* ecc-add-jjj.c: New file.
* ecc-mul-a.c: New file.
* Makefile.in (hogweed_SOURCES): Added new files.
* testsuite/ecc-mul-a-test.c: New file.
* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
ecc-mul-a-test.c.
* testsuite/testutils.c: Removed redundant includes.
(die): New function.
Integrate ecc_mul_g.
* ecc.h: New file.
* ecc-j-to-a.c: New file.
* ecc-size.c: New file.
* ecc-add-jja.c: New file.
* ecc-dup-jj.c: New file.
* ecc-mul-g.c: New file.
* sec-tabselect.c: New file.
* Makefile.in (hogweed_SOURCES): Added new files.
(HEADERS): Added ecc.h
* testsuite/ecc-mul-g-test.c: New file.
* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
ecc-mul-g-test.c.
* testsuite/testutils.c (xalloc_limbs): New function.
(test_mpn): New function.
(test_ecc_point): New function.
(test_ecc_mul_a): New function.
(test_ecc_mul_j): New function.
* testsuite/testutils.h: Corresponding declarations.
Integrate ECC internals.
* ecc-curve.h: New file.
* ecc-internal.h: New file.
* cnd-copy.c: New file.
* ecc-192.c: New file.
* ecc-224.c: New file.
* ecc-256.c: New file.
* ecc-384.c: New file.
* ecc-521.c: New file.
* ecc-generic-modp.c: New file.
* ecc-generic-modq.c: New file.
* ecc-generic-redc.c: New file.
* ecc-mod.c: New file.
* ecc-modp.c: New file.
* ecc-modq.c: New file.
* sec-add-1.c: New file.
* sec-modinv.c: New file.
* sec-sub-1.c: New file.
* Makefile.in (hogweed_SOURCES): Added new files.
(HEADERS): Added ecc-curve.h.
(DISTFILES): Added ecc-internal.h.
* testsuite/ecc-mod-test.c: New file.
* testsuite/ecc-modinv-test.c: New file.
* testsuite/ecc-redc-test.c: New file.
* testsuite/testutils.c (ecc_curves): New constant array.
* testsuite/testutils.h: Include ecc-related headers. Declare
ecc_curves array.
* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added ecc-mod-test.c
ecc-modinv-test.c ecc-redc-test.c.
* gmp-glue.c: New file, mpn <-> mpz conversions.
* gmp-glue.h: New file.
* Makefile.in: Added to hogweed_SOURCES and DISTFILES, respectively.
* eccdata.c: New program, for generating ECC-related tables.
* Makefile.in (ecc-192.h, ecc-224.h, ecc-256.h, ecc-384.h)
(ecc-512.h): New generated files.
2013-02-19 Niels Möller <nisse@lysator.liu.se>
* armv7/memxor.asm (memxor): Software pipelining for the aligned
case. Runs at 6 cycles (0.5 cycles per byte). Delayed push of
registers until we know how many registers we need.
(memxor3): Use 3-way unrolling also for aligned memxor3.
Runs at 8 cycles (0.67 cycles per byte)
2013-02-14 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Find GMP's GMP_NUMB_BITS. Substitute in Makefile.
* config.make.in (GMP_NUMB_BITS): New variable.
* examples/rsa-keygen.c (uint_arg): New function.
(main): New options -s and -e, to specify key size and public
exponent. Increased default key size to 2048.
2013-02-12 Niels Möller <nisse@lysator.liu.se>
* armv7/memxor.asm (memxor): Optimized aligned case, using 3-way
unrolling.
2013-02-06 Niels Möller <nisse@lysator.liu.se>
* armv7/memxor.asm (memxor, memxor3): Optimized aligned case, now
runs at 0.75 cycles/byte.
* armv7/README: New file.
* armv7/machine.m4: New (empty) file.
* armv7/memxor.asm: Initial assembly implementation.
* config.m4.in: Substitute ASM_TYPE_PROGBITS as TYPE_PROGBITS.
* config.make.in: Added .s to the suffix list.
* Makefile.in (.asm.s): Use a separate make target for .asm
preprocessing. Include asm.d, which the corresponding
dependencies.
* configure.ac (asm_file_list): Collect assembly files into this
variable.
(asm.d): Make config.status write dependencies for .s files into
asm.d.
(ASM_ALIGN_LOG): Set to "no" when appropriate.
(ASM_TYPE_FUNCTION): Default to "@function".
(ASM_TYPE_PROGBITS): New substituted variable, set in the same way
as ASM_TYPE_FUNCTION.
(ASM_MARK_NOEXEC_STACK): Use TYPE_PROGBITS.
(asm_path): Set up asm_path for armv7.
* asm.m4: Use changecom to disable m4 quoting. Use divert to
suppress output.
2013-02-05 Niels Möller <nisse@lysator.liu.se>
* testsuite/rsa-keygen-test.c (test_main): Updated expected
signatures, after the nettle_mpz_random change below.
* testsuite/dsa-test.c (test_main): Likewise. Also fixed the
dsa256 test to actually use the expected signature.
2013-01-31 Niels Möller <nisse@lysator.liu.se>
* bignum-random.c (nettle_mpz_random): Increased number of extra
bits to 64, following FIPS 186-3.
2013-01-16 Niels Möller <nisse@lysator.liu.se>
* Released nettle-2.6.
2013-01-12 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Use AC_LANG_SOURCE.
2013-01-02 Niels Möller <nisse@lysator.liu.se>
* configure.ac (LIBNETTLE_MINOR): Bumped library version, to 4.5.
(LIBHOGWEED_MINOR): And to 2.3.
* examples/Makefile.in: Explicit rules for building objects in
parent directory.
* tools/Makefile.in: Likewise.
* testsuite/Makefile.in: Likewise.
2013-01-01 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo (Recommended hash functions): Document additional
sha3 functions.
* examples/nettle-benchmark.c (main): Benchmark additional sha3
functions.
2012-12-30 Niels Möller <nisse@lysator.liu.se>
* sha3-224.c, sha3-224-meta.c: New files.
* sha3-384.c, sha3-384-meta.c: New files.
* sha3-512.c, sha3-512-meta.c: New files.
* sha3.h: Prototypes for sha3 with sizes 224, 384 and 512.
* nettle-meta.h: Declare nettle_sha3_224, nettle_sha3_384 and
nettle_sha3_512.
* Makefile.in (nettle_SOURCES): Added new sha3 files.
* testsuite/sha3-224-test.c: New file.
* testsuite/sha3-384-test.c: New file.
* testsuite/sha3-512-test.c: New file.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added new sha3 test files.
* configure.ac: Disabled use of sha3-permute.asm.
2012-12-20 Niels Möller <nisse@lysator.liu.se>
From Tim Rühsen:
* testsuite/des-compat-test.c (pt): Use proper prototype, use
const.
* testsuite/testutils.c (test_dsa_key): Deleted spurious
semicolon.
2012-12-15 Niels Möller <nisse@lysator.liu.se>
Based on a patch from Alon Bar-Lev:
* Makefile.in (LIBTARGETS, SHLIBTARGET): Define as empty if static
or shared libraries, respectively, are disabled.
(TARGETS): Deleted @IF_SHARED@ conditional, now in the definition
of SHLIBTARGET.
From Alon Bar-Lev:
* configure.ac: Check for ar program. New option --disable-static.
* config.make.in (AR): Use configured value.
2012-12-13 Niels Möller <nisse@lysator.liu.se>
* x86_64/sha3-permute.asm: Rewrote, to keep all state in
registers. 2400 cycles on x86_64, only slightly faster than the
current C code.
2012-12-09 Niels Möller <nisse@lysator.liu.se>
* sha3-permute.c (sha3_permute): Rewrote to do permutation in
place. 80% speedup on x86_64, 2500 cycles.
2012-12-04 Niels Möller <nisse@lysator.liu.se>
* ctr.c (ctr_crypt): Fix bug reported by Tim Kosse. Don't
increment the counter when length is zero (was broken for the
in-place case).
* testsuite/ctr-test.c (test_main): Added test with zero-length
data.
* testsuite/testutils.c (test_cipher_ctr): Check the ctr value
after encrypt and decrypt.
2012-12-03 Niels Möller <nisse@lysator.liu.se>
* sha3-permute.c (sha3_permute): Optimized, to reduce number of
passes over the data. 20% speedup on x86_64, 4700 cycles.
* configure.ac: Added sha3-permute.asm.
* x86_64/sha3-permute.asm: New file. 30% speedup over current C
code, 4300 cycles.
* nettle.texinfo (Hash functions): Split into several sections,
separating recommended hash functions and legacy hash functions.
Document sha3-256.
2012-12-02 Niels Möller <nisse@lysator.liu.se>
Split sha.h into new files sha1.h and sha2.h. Replaced all
internal usage of sha.h in all files.
* sha.h: Kept for compatibility, just includes both new files.
* sha1.h: New file.
* sha2.h: New file.
* Makefile.in (HEADERS): Added sha1.h and sha2.h.
2012-11-28 Niels Möller <nisse@lysator.liu.se>
From Fredrik Thulin:
* testsuite/pbkdf2-test.c (test_main): Add PBKDF2-HMAC-SHA512 test
cases.
2012-11-15 Niels Möller <nisse@lysator.liu.se>
* sha3-permute.c (sha3_permute): Use ULL suffix on round
constants. Avoid passing shift count 0 to ROTL64.
* sha3.c (sha3_absorb): Fixed big-endian code. Need macros.h.
* macros.h (LE_READ_UINT64): New macro.
2012-11-13 Niels Möller <nisse@lysator.liu.se>
* sha3-permute.c (sha3_permute): Micro optimizations. Partial
unrolling. Use lookup table for the permutation. On an x86_64,
execution time reduced from appr. 13000 cycles to appr. 6000.
* examples/nettle-benchmark.c (TIME_CYCLES): New macro.
(bench_sha1_compress, bench_salsa20_core): Use it.
(bench_sha3_permute): New function.
(main): Call bench_sha3_permute.
2012-11-12 Niels Möller <nisse@lysator.liu.se>
* examples/nettle-benchmark.c (main): Benchmark sha3_256.
* sha3-permute.c: New file. Permutation function for sha3, aka
Keccak.
* sha3.h: New header file.
* sha3.c: New file, absorption and padding for sha3.
* sha3-256.c: New file.
* sha3-256-meta.c: New file.
* nettle-meta.h (nettle_sha3_256): Declare.
* Makefile.in (nettle_SOURCES): Added sha3 files.
(HEADERS): Added sha3.h.
* testsuite/sha3.awk: New file. Script to extract test vectors.
* testsuite/sha3-256-test.c: New file.
* testsuite/sha3-permute-test.c: New file.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
sha3-permute-test.c and sha3-256-test.c.
(DISTFILES): Added sha3.awk.
* testsuite/.test-rules.make: Added sha3 targets.
* macros.h (LE_WRITE_UINT64): New macro.
* write-le64.c (_nettle_write_le64): New file and function.
* nettle-write.h (_nettle_write_le64): Declare. Also deleted
declaration of non-existent _nettle_write_be64.
* Makefile.in (nettle_SOURCES): Added write-le64.c.
* macros.h (ROTL64): New macro, moved from...
* sha512-compress.c (ROTL64): ... old location, deleted.
* serpent-internal.h [HAVE_NATIVE_64_BIT] (DROTL32): Renamed from...
(ROTL64): ... old name.
(DRSHIFT32): Renamed from ...
(RSHIFT64): ... old name.
* serpent-encrypt.c (LINEAR_TRANSFORMATION64): Updated for above
renames.
* serpent-decrypt.c (LINEAR_TRANSFORMATION64_INVERSE): Likewise.
2012-11-11 Niels Möller <nisse@lysator.liu.se>
From Nikos Mavrogiannopoulos:
* nettle.texinfo (Hash functions): Added documentation for
gosthash94.
* examples/nettle-benchmark.c (main): Benchmark gosthash94.
2012-11-10 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo (nettle_hashes, nettle_ciphers): Use deftypevr,
not deftypevrx. Spotted by Nikos Mavrogiannopoulos.
2012-11-08 Niels Möller <nisse@lysator.liu.se>
Gost hash function, ported from Aleksey Kravchenko's rhash library
by Nikos Mavrogiannopoulos.
* gosthash94.c: New file.
* gosthash94.h: New file.
* gosthash94-meta.c: New file.
* nettle-meta.h (nettle_gosthash94): Declare.
* Makefile.in (nettle_SOURCES): Added gosthash94.c and
gosthash94-meta.c.
(HEADERS): Added gosthash94.h.
* testsuite/gosthash94-test.c: New file.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
gosthash94-test.c.
2012-10-29 Niels Möller <nisse@lysator.liu.se>
From Martin Storsjö:
* configure.ac (dummy-dep-files): Avoid non-posix \|-operator in
sed regexp.
2012-10-29 Niels Möller <nisse@lysator.liu.se>
* x86_64/salsa20-core-internal.asm: New file.
* configure.ac: Added salsa20-core-internal.asm.
* examples/nettle-benchmark.c (bench_salsa20_core): New function.
2012-10-27 Niels Möller <nisse@lysator.liu.se>
* testsuite/Makefile.in (TS_SOURCES, CXX_SOURCES): Include sources
unconditionally.
(TS_CXX): Moved @IF_CXX@ conditional here.
(DISTFILES): Use $(SOURCES), which now includes all C source
files. testutils.c was lost in a the 2012-09-20 change.
* x86_64/salsa20-crypt.asm: Include x86_64/salsa20.m4.
Make all exits go via .Lend and W64_EXIT.
* x86_64/salsa20.m4: New file, extracted from
x86_64/salsa20-crypt.asm.
2012-10-26 Niels Möller <nisse@lysator.liu.se>
* configure.ac (LIBNETTLE_LINK, LIBHOGWEED_LIBS): Add $(CFLAGS) on
the link command line. Reported by Dennis Clarke.
2012-10-03 Niels Möller <nisse@lysator.liu.se>
From: Nikos Mavrogiannopoulos:
* testsuite/testutils.c (test_hash): On failure, print the
expected and returned hash values.
2012-09-23 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (nettle_SOURCES): Added salsa20-core-internal.c.
* salsa20-core-internal.c (_salsa20_core): New file and function,
extracted from salsa20_crypt.
* salsa20.h (_salsa20_core): Declare it.
* salsa20-crypt.c (salsa20_crypt): Use _salsa20_core.
2012-09-21 Niels Möller <nisse@lysator.liu.se>
* pbkdf2.c (pbkdf2): assert that iterations > 0. Reorganized
loops.
* nettle.texinfo (Cipher functions): Stress that the salsa20 hash
function is not suitable as a general hash function.
2012-09-20 Simon Josefsson <simon@josefsson.org>
* pbkdf2-hmac-sha1.c, pbkdf2-hmac-sha256.c: New files.
* pbkdf2.h (pbkdf2_hmac_sha1, pbkdf2_hmac_sha256): New prototypes.
* Makefile.in (nettle_SOURCES): Add pbkdf2-hmac-sha1.c and
pbkdf2-hmac-sha256.c.
* nettle.texinfo (Key derivation functions): Improve.
* testsuite/pbkdf2-test.c (test_main): Test new functions.
2012-09-20 Niels Möller <nisse@lysator.liu.se>
* pbkdf2.c (pbkdf2): Reordered arguments, for consistency.
* pbkdf2.h (PBKDF2): Analogous reordering.
* testsuite/pbkdf2-test.c: Adapted to new argument order. Also use
LDATA for the salt.
* nettle.texinfo (Key derivation functions): Updated documented
pbkdf2 prototype.
* testsuite/Makefile.in (VALGRIND): New variable, to make valgrind
checking easier.
* configure.ac: New substitution IF_CXX, replacing CXX_TESTS.
(dummy-dep-files): Handle .cxx files.
* testsuite/Makefile.in: Use IF_CXX. Include dependency file for
cxx-test.o.
2012-09-19 Niels Möller <nisse@lysator.liu.se>
From Tim Rühsen:
* examples/rsa-encrypt.c (main): Added missing mpz_clear.
* examples/rsa-keygen.c (main): Added missing deallocation.
* testsuite/meta-hash-test.c (test_main): Validate
NETTLE_MAX_HASH_DIGEST_SIZE.
* pbkdf2.h (PBKDF2): New macro.
* testsuite/pbkdf2-test.c: Use it.
2012-09-12 Simon Josefsson <simon@josefsson.org>
* NEWS: Mention addition of PBKDF2.
* pbkdf2.c (pbkdf2): New file and function.
* pbkdf2.h: Declare it.
* Makefile.in (nettle_SOURCES): Add pbkdf2.c.
(HEADERS): Add pbkdf2.h.
* nettle.texinfo (Key derivation functions): New section.
* testsuite/pbkdf2-test.c: New test case.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Add pbkdf2-test.c.
* testsuite/.test-rules.make (pbkdf2-test): New target.
2012-09-16 Niels Möller <nisse@lysator.liu.se>
* testsuite/: Overhaul of testsuite, affecting almost all files.
+ Use struct tstring for allocated strings, and deallocate before
exit.
+ Changed most test functions to take struct tstring as arguments.
+ Made all test_main return on success.
* testsuite/testutils.h (struct tstring): New struct type.
(H2, HL, MEMEQH, SUCCESS): Deleted macros.
(SHEX, SDATA): New macros.
(H): Redefined to track storage.
* testsuite/testutils.c (tstring_alloc): New function.
(tstring_clear): New function.
(tstring_data): New function.
(tstring_hex): New function.
(tstring_print_hex): New function.
(decode_hex_length): Made static.
(decode_hex): Made static. No return value, abort on error.
(main): Expect test_main to return, and call tstring_clear before
exit.
(test_dsa_key): Added missing mpz_clear.
(test_mac): Deleted unused function.
* testsuite/rsa2sexp-test.c (test_main): Added missing
nettle_buffer_clear.
* testsuite/yarrow-test.c (open_file): Don't leak filename.
(test_main): fclose input file properly.
* testsuite/sexp-format-test.c (test_main): Added missing calls to
nettle_buffer_clear and mpz_clear.
* testsuite/serpent-test.c (tstring_hex_reverse): New function,
replacing...
(decode_hex_reverse): ... deleted function.
(RHEX): New macro, replacing...
(RH, RHL): ... deleted macros.
* testsuite/rsa2sexp-test.c (test_main): Added missing
nettle_buffer_clear.
* testsuite/random-prime-test.c (test_main): Added missing
mpz_clear.
* realloc.c (nettle_realloc): Only call libc realloc if length >
0, otherwise call free. Fixes a small memory leak.
(nettle_xrealloc): Likewise.
* run-tests (test_program): Don't quote $EMULATOR; allow it to
expand to program and arguments (e.g., valgrind).
* tools/pkcs1-conv.c (convert_public_key): Added missing calls to
dsa_public_key_clear and rsa_public_key_clear.
(main): Added missing nettle_buffer_clear.
2012-09-10 Niels Möller <nisse@lysator.liu.se>
* examples/eratosthenes.c (main): Explicitly deallocate storage
before exit.
* examples/io.c (read_file): Explicitly treat an empty file as an
error. Rearrange loop, check for short fread return value.
* desdata.c: Don't declare printf, include <stdio.h> instead. Also
deleted casts of printf return value.
From Tim Rühsen:
* examples/nettle-benchmark.c (die): Use PRINTF_STYLE attribute.
* pgp-encode.c (pgp_put_rsa_sha1_signature): Deleted unused variable.
* rsa2openpgp.c (rsa_keypair_to_openpgp): Likewise.
* examples/base16enc.c (main): Deleted useless allocations.
2012-09-07 Niels Möller <nisse@lysator.liu.se>
* examples/nettle-benchmark.c (die): Add NORETURN attribute. Patch
from Tim Rühsen.
* tools/misc.h (die, werror): Use PRINTF_STYLE and NORETURN macros
for attributes. Patch from Tim Rühsen.
* examples/io.h (werror): Use PRINTF_STYLE macro.
2012-08-22 Niels Möller <nisse@lysator.liu.se>
From Sam Thursfield <sam.thursfield@codethink.co.uk>:
* configure.ac: Make documentation optional, to avoid requiring
TeX. New option --disable-documentation, and Makefile substitution
IF_DOCUMENTATION.
* Makefile.in: Use IF_DOCUMENTATION.
2012-07-12 Niels Möller <nisse@lysator.liu.se>
* asm.m4 (ALIGN): Use << operator rather than **, with m4 eval.
The latter is not supported by BSD m4.
2012-07-07 Niels Möller <nisse@lysator.liu.se>
Copyright headers: Updated FSF address. Patch from David Woodhouse.
* examples/Makefile.in (BENCH_LIBS): Added -lm, needed for the
ldexp function. Reported by Anthony G. Basile.
* configure.ac: Changed version number to 2.6.
* Released nettle-2.5.
2012-07-05 Niels Möller <nisse@lysator.liu.se>
* x86_64/salsa20-crypt.asm (salsa20_crypt): Write the 64-bit movq
instructions as "movd", since that makes the osx assembler
happier. Assembles to the same machine code on gnu/linux.
2012-07-03 Niels Möller <nisse@lysator.liu.se>
* aclocal.m4 (LSH_FUNC_ALLOCA): In the config.h boilerplate,
include malloc.h if it exists, also when compiling with gcc.
Needed for cross-compiling with --host=i586-mingw32msvc.
* examples/base16dec.c: Don't #include files using <nettle/...>,
we don't want to pick up installed versions. On windows, include
<fcntl.h>, needed for _setmode.
* examples/base16enc.c: Likewise.
* examples/base64dec.c: Likewise.
* examples/base64enc.c: Likewise
* nettle.texinfo (Cipher functions): Document Salsa20.
2012-06-25 Niels Möller <nisse@lysator.liu.se>
* pkcs1.c (_pkcs1_signature_prefix): Renamed function, adding a
leading underscore. Updated all callers.
* bignum-next-prime.c (nettle_next_prime): Consistently use the
type nettle_random_func * (rather then just nettle_random_func)
when passing the function pointer as argument. Similar change for
nettle_progress_func. Should have been done for the 2.0 release,
but a few arguments were overlooked.
* bignum-random-prime.c (_nettle_generate_pocklington_prime)
(nettle_random_prime): Likewise.
* bignum-random.c (nettle_mpz_random_size, nettle_mpz_random):
Likewise.
* dsa-keygen.c (dsa_generate_keypair): Likewise.
* dsa-sha1-sign.c (dsa_sha1_sign_digest, dsa_sha1_sign): Likewise.
* dsa-sha256-sign.c (dsa_sha256_sign_digest, dsa_sha256_sign):
Likewise.
* dsa-sign.c (_dsa_sign): Likewise.
* pkcs1-encrypt.c (pkcs1_encrypt): Likewise.
* rsa-blind.c (_rsa_blind): Likewise.
* rsa-decrypt-tr.c (rsa_decrypt_tr): Likewise.
* rsa-encrypt.c (rsa_encrypt): Likewise.
* rsa-keygen.c (rsa_generate_keypair): Likewise.
* rsa-pkcs1-sign-tr.c (rsa_pkcs1_sign_tr): Likewise.
* cbc.c (cbc_encrypt, cbc_decrypt): Similarly, use the type
nettle_crypt_func * rather than just nettle_crypt_func.
* ctr.c (ctr_crypt): Likewise.
* gcm.c (gcm_set_key): Likewise.
* testsuite/des-compat-test.c (test_main): Disable declarations of
disabled functions and variables, to avoid warnings. No verbose
output unless verbose flag is set.
2012-06-09 Niels Möller <nisse@lysator.liu.se>
* examples/Makefile.in (SOURCES): Added base16dec.c, forgotten
earlier.
General pkcs1 signatures, with a "DigestInfo" input. Suggested by
Nikos Mavrogiannopoulos.
* Makefile.in (hogweed_SOURCES): Added pkcs1-rsa-digest.c,
rsa-pkcs1-sign.c, rsa-pkcs1-sign-tr.c, and rsa-pkcs1-verify.c.
* pkcs1-rsa-digest.c (pkcs1_rsa_digest_encode): New file and
function.
* pkcs1.h: Declare it.
* rsa-pkcs1-verify.c (rsa_pkcs1_verify): New file and function.
* rsa-pkcs1-sign.c (rsa_pkcs1_sign): New file and function.
* rsa-pkcs1-sign-tr.c (rsa_pkcs1_sign_tr): New file and function,
contributed by Nikos Mavrogiannopoulos.
* rsa.h: Declare new functions.
* rsa.h (_rsa_blind, _rsa_unblind): Declare functions.
* rsa-blind.c (_rsa_blind, _rsa_unblind): Functions moved to a
separate file, renamed and made non-static. Moved from...
* rsa-decrypt-tr.c: ... here.
2012-06-03 Niels Möller <nisse@lysator.liu.se>
* testsuite/pkcs1-test.c (test_main): Include leading zero in
expected result.
* pkcs1.c (pkcs1_signature_prefix): Return pointer to where the
digest should be written. Let the size input be the key size in
octets, rather then key size - 1.
* pkcs1-rsa-*.c: Updated for above.
* rsa-*-sign.c, rsa-*-verify.c: Pass key->size, not key->size - 1.
2012-05-18 Niels Möller <nisse@lysator.liu.se>
* pkcs1-encrypt.c (pkcs1_encrypt): New file and function.
* rsa-encrypt.c (rsa_encrypt): Use pkcs1_encrypt.
2012-05-09 Niels Möller <nisse@lysator.liu.se>
* rsa-decrypt-tr.c (rsa_decrypt_tr): Added missing mpz_clear,
spotted by Nikos Mavrogiannopoulos.
2012-05-07 Niels Möller <nisse@lysator.liu.se>
* nettle-types.h (_STDINT_HAVE_INT_FAST32_T): Define here, to
force nettle-stdint.h to not try to define the int_fast*_t types.
Avoids compilation problems with gnutls on SunOS-5.8, where the
definitions here collide with gnulib's.
2012-04-23 Niels Möller <nisse@lysator.liu.se>
* nettle-internal.h (NETTLE_MAX_BIGNUM_SIZE): New constant. Based
on NETTLE_MAX_BIGNUM_BITS, rounded upwards. Replaced all uses of
NETTLE_MAX_BIGNUM_BITS.
2012-04-19 Niels Möller <nisse@lysator.liu.se>
* list-obj-sizes.awk: Use decimal rather than hexadecimal output.
(hex2int): Use local variables.
2012-04-18 Niels Möller <nisse@lysator.liu.se>
* x86_64/salsa20-crypt.asm: New file.
2012-04-17 Niels Möller <nisse@lysator.liu.se>
* testsuite/salsa20-test.c (test_salsa20_stream): Check that
salsa20_crypt doesn't write beyond the given destination area.
(test_salsa20): Likewise.
* salsa20-crypt.c: Renamed file, from...
* salsa20.c: ... old name.
* x86_64/machine.m4 (WREG): New macro.
* salsa20.c (salsa20_hash): Deleted function, inlined into
salsa20_crypt.
(salsa20_set_key, salsa20_set_iv): Moved, to...
* salsa20-set-key.c: ...new file.
2012-04-15 Niels Möller <nisse@lysator.liu.se>
* testsuite/salsa20-test.c (test_salsa20_stream): New function.
(test_main): Tests for encrypting more than one block at a time.
2012-04-14 Niels Möller <nisse@lysator.liu.se>
* examples/io.c (write_file): Use write_string.
* examples/Makefile.in (base64enc): New targets. Also
added missing io.o dependency to several other targets.
(base64dec, base16enc, base16dec): Likewise.
* examples/base64enc.c: New file, based on example code
contributed by Jeronimo Pellegrini.
* examples/base64dec.c: Likewise.
* examples/base16enc.c: Likewise.
* examples/base16dec.c: Likewise.
* examples/rsa-encrypt.c (process_file): Reorganized fread loop.
(usage): New function.
(main): Implemented --help option.
* examples/rsa-decrypt.c (process_file): Improved error message
for too short input file.
* aes-set-decrypt-key.c (gf2_log, gf2_exp): Deleted tables.
(mult, inv_mix_column): Deleted functions.
(mtable): New table.
(MIX_COLUMN): New macro.
(aes_invert_key): Use MIX_COLUMN and mtable.
* aesdata.c (compute_mtable): New table, for the inv mix column
operation in aes_invert_key.
2012-04-13 Niels Möller <nisse@lysator.liu.se>
* aes-set-encrypt-key.c (aes_set_encrypt_key): Use LE_READ_UINT32.
Tabulate the needed "round constants".
(xtime): Deleted function.
* aes-internal.h (SUBBYTE): Cast to uint32_t. Use B0, ..., B3
macros.
2012-04-09 Niels Möller <nisse@lysator.liu.se>
Timing resistant RSA decryption, based on RSA blinding code
contributed by Nikos Mavrogiannopoulos.
* rsa-decrypt-tr.c (rsa_decrypt_tr): New function.
(rsa_blind): Helper function.
(rsa_unblind): Helper function.
* rsa.h: Declare rsa_decrypt_tr. Some cleanups, no longer include
nettle-meta.h, more consistent declarations of function pointer
arguments.
* testsuite/rsa-encrypt-test.c (test_main): Test rsa_decrypt_tr.
Check for writes past the end of the message area.
* Makefile.in (hogweed_SOURCES): Added pkcs1-decrypt.c.
* rsa-decrypt.c (rsa_decrypt): Use pkcs1_decrypt.
* pkcs1-decrypt.c (pkcs1_decrypt): New file and function,
extracted from rsa_decrypt.
2012-04-01 Niels Möller <nisse@lysator.liu.se>
* salsa20.c (LE_SWAP32): Typo fix for big-endian case.
(QROUND): New macro.
(salsa20_hash): Use it.
2012-03-31 Niels Möller <nisse@lysator.liu.se>
* salsa20.c: (salsa20_set_iv): Deleted size argument, only one
size allowed.
(U8TO32_LITTLE): Deleted macro. Use LE_READ_UINT32 instead, which
avoids unaligned reads.
(salsa20_set_key): Rearranged slightly, to avoid unnecessary
byte-to-word conversions.
(LE_SWAP32): Renamed macro from...
(U32TO32_LITTLE): ... old name.
(U32TO8_LITTLE): Deleted macro.
(salsa20_wordtobyte): Renamed function to...
(salsa20_hash): ... new name. Changed output argument from byte
array to word array. Use memxor3, which brings a considerable
performance gain.
* nettle-internal.c (salsa20_set_key_hack): Updated salsa20_set_iv
call.
* testsuite/salsa20-test.c (test_salsa20): Deleted iv_length
argument, updated all calls.
* salsa20.h (SALSA20_BLOCK_SIZE): New constant.
(_SALSA20_INPUT_LENGTH): New constant.
* salsa20.c: Use these constants.
* salsa20.c (ROTL32): Deleted macro, use the one from macros.h
instead, with reversed order of arguments.
(ROTATE, XOR, PLUS, PLUSONE): Deleted macros, use ROTL32 and
builtin operators directly.
Unification of rotation macros.
* macros.h (ROTL32): New macro, to replace (almost) all other
rotation macros.
* aes-set-encrypt-key.c: Include macros.h.
(aes_set_encrypt_key): Use ROTL32.
* aes-internal.h (ROTBYTE, ROTRBYTE): Deleted macros.
* camellia-internal.h (ROL32): Deleted macro.
(ROTL128): Renamed for consistency, from...
(ROL128): ... old name.
* camellia-crypt-internal.c: Updated for renamed rotation macros.
* camellia-set-encrypt-key.c: Likewise.
* cast128.c (ROL): Deleted macro.
(F1, F2, F3): Updated to use ROTL32 (reversed order of arguments).
Also added proper do { ... } while (0) wrappers.
* ripemd160-compress.c (ROL32): Deleted macro.
(R): Updated to use ROTL32 (reversed order of arguments).
* serpent-internal.h (ROL32): Deleted macro.
(ROTL64): Renamed (from ROL64) and reorderd arguments, for
consistency.
(RSHIFT64): Reordered arguments, for consistency.
* serpent-decrypt.c: Updated for renamed rotation macros, with
reversed argument order.
* serpent-encrypt.c: Likewise.
* serpent-set-key.c: Likewise.
* sha1-compress.c (ROTL): Deleted macro, use ROTL32 instead.
* sha256-compress.c (ROTR): Deleted macro. Replaced by ROTL32,
with complemented shift count.
(SHR): Deleted macro, use plain shift operator instead.
* sha512-compress.c (ROTR): Deleted macro, replaced by...
(ROTL64): ...new macro, with complemented shift count
(SHR): Deleted macro, use plain shift operator instead.
(S0, S1, s0, s1): Updated accordingly.
2012-03-30 Niels Möller <nisse@lysator.liu.se>
* nettle-internal.c (nettle_salsa20): Cipher struct for
benchmarking only. Sets a fix zero IV, and ignores block size.
* nettle-internal.h (nettle_salsa20): Declare it.
* examples/nettle-benchmark.c (block_cipher_p): New function.
(time_cipher): Use block_cipher_p.
(main): Include salsa20 in benchmark.
* Makefile.in (soname link): Fixed logic.
(nettle_SOURCES): Removed nettle-internal.c, so that it's not
part of the library...
(internal_SOURCES): ...and put it here.
* testsuite/Makefile.in (TEST_OBJS): Added ../nettle-internal.o.
* examples/Makefile.in (BENCH_OBJS): New variable, to simplify the
nettle-benchmark rule. Also link with ../nettle-internal.o.
2012-03-29 Niels Möller <nisse@lysator.liu.se>
Implementation of Salsa20, contributed by Simon Josefsson.
* salsa20.h: New file.
* salsa20.c: New file.
* Makefile.in (nettle_SOURCES): Added salsa20.c
(HEADERS): Added salsa20.h.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added salsa20-test.c.
* testsuite/salsa20-test.c: New test case.
* Makefile.in (soname links): Adding missing space before ].
2012-03-23 Niels Möller <nisse@lysator.liu.se>
* arcfour.h (arcfour_stream): Deleted obsolete prototype.
2012-03-05 Niels Möller <nisse@lysator.liu.se>
* configure.ac (enable_shared): Build shared libraries by default.
2012-03-04 Niels Möller <nisse@lysator.liu.se>
* configure.ac (LIBNETTLE_MINOR): Bumped library version, to 4.4.
(LIBHOGWEED_MINOR): And to 2.2.
2012-02-27 Niels Möller <nisse@lysator.liu.se>
* list-obj-sizes.awk: Recognize elf64 objects.
* Makefile.in (.texinfo.dvi): Pass -b option to texi2dvi.
* Makefile.in (TARGETS): Added twofishdata.
(SOURCES): Added twofishdata.c.
(twofishdata): New rule.
* twofish.c (q0, q1): Made const, and reformatted to match the
twofishdata program.
* twofishdata.c: Resurrected old file. Used to be called
generate_q.c, when the twofish code was contributed back in 1999.
* nettle.texinfo: Documentation for base16 and base64 encoding.
Text contributed by Jeronimo Pellegrini
<pellegrini@mpcnet.com.br>, back in April 2006.
2012-02-18 Niels Möller <nisse@lysator.liu.se>
* run-tests, getopt.c, getopt1.c, getopt.h: These files were moved
to the top-level in the conversion to an independent git
repository. They used to be symlinks to lsh files, from the
subdirectories which use them.
* Makefile.in: Build and distribute getopt files. Distribute
run-tests script.
* examples/Makefile.in: Adapt to getopt files and the run-tests
script now located in the parent directory.
* testsuite/Makefile.in: Likewise.
* tools/Makefile.in: Likewise.
* index.html: Converted to xhtml (from lsh repository, change
dated 2012-02-03). Updated git instructions.
* nettle.texinfo: Updated charset declaration.
* misc/plan.html: Likewise.
2012-01-17 Niels Möller <nisse@lysator.liu.se>
* testsuite/Makefile.in (DISTFILES): Added setup-env.
* examples/rsa-decrypt.c (main): Use _setmode rather than setmode,
suggested by Eli Zaretskii. Affects windows builds only.
* examples/rsa-encrypt.c: Likewise.
* Makefile.in ($(LIBNETTLE_FORLINK)): Always create a .lib symlink
to the library file. Use LN_S.
($(LIBHOGWEED_FORLINK)): Likewise.
(install-shared-nettle): Use LN_S.
(install-shared-hogweed): Likewise.
* configure.ac: Use AC_PROG_LN_S.
* config.make.in (LN_S): New substitution.
* testsuite/setup-env: New file. Wine workaround. Can't get
../.lib into wine's dll search path, so create additional
symlinks.
* testsuite/teardown-env: ...and delete them here. Also delete
file testtmp.
* examples/setup-env: Similar links setup here.
* examples/teardown-env: ... and deleted.
2012-01-07 Niels Möller <nisse@lysator.liu.se>
* examples/Makefile.in (check): Add ../.lib to PATH, like in
testsuite/Makefile. Needed for w*ndows. Reported by Eli Zaretskii.
2011-11-25 Niels Möller <nisse@lysator.liu.se>
From Martin Storsjö:
* x86_64/machine.m4 (W64_ENTRY, W64_EXIT): New macros for
supporting W64 ABI.
* x86_64: Updated all assembly files to use them.
* configure.ac (W64_ABI): New variable, set when compiling for
W64 ABI (64-bit M$ windows).
* config.m4.in (W64_ABI): Define, from configure substitution.
2011-11-24 Niels Möller <nisse@lysator.liu.se>
From Martin Storsjö:
* examples/Makefile.in (check): Pass $(EMULATOR) and $(EXEEXT) in
the environment of run-tests.
* examples/rsa-encrypt-test: Use $EXEEXT and $EMULATOR.
* examples/rsa-sign-test: Likewise.
* examples/rsa-verify-test: Likewise.
* examples/setup-env: Likewise.
* testsuite/Makefile.in (check): Pass $(EXEEXT) in the environment of
run-tests.
* testsuite/pkcs1-conv-test: Use $EXEEXT and $EMULATOR. Ignore \r
in rsa-sign output.
* examples/rsa-decrypt.c (main) [WIN32]: Set stdout/stdin to
binary mode.
* examples/rsa-encrypt.c (main): Likewise.
2011-11-24 Niels Möller <nisse@lysator.liu.se>
* configure.ac (HAVE_NATIVE_64_BIT): Workaround to get it set to 1
on w64.
* serpent-internal.h (ROL64): Use (uint64_t) 1 rather than 1L, for
M$ w64.
(RSHIFT64): Likewise. Also added a missing parenthesis.
2011-11-24 Niels Möller <nisse@lysator.liu.se>
From Martin Storsjö:
* testsuite/symbols-test: Use $NM, falling back to nm if undefined.
* testsuite/Makefile.in (check): Pass $(NM) in the environment of
run-tests.
* config.make.in (NM): Set NM.
* testsuite/sexp-conv-test: Use $EMULATOR when running test
programs. Also ignore \r for output in the non-canonical output
formats.
* testsuite/Makefile.in (check): Pass $(EMULATOR) in the
environment of run-tests.
* configure.ac (EMULATOR): New substituted variable. Set to wine
or wine64 when cross compiling for windows, otherwise empty.
* config.make.in (EMULATOR): Set from autoconf value.
2011-11-20 Niels Möller <nisse@lysator.liu.se>
* x86/camellia-crypt-internal.asm: Take ALIGNOF_UINT64_T into
account when getting the offset for the subkeys. Differs between
w32 and other systems. w32 problem identified by Martin Storsjö.
* config.m4.in: Define ALIGNOF_UINT64_T (from configure).
* configure.ac: Check alignment of uint64_t, and also use AC_SUBST
for use in config.m4.in.
2011-11-19 Niels Möller <nisse@lysator.liu.se>
Cygwin/mingw32 improvements contributed by Martin Storsjö:
* Makefile.in (IMPLICIT_TARGETS): New variable for DLL link
libraries.
(clean-here): Delete the DLL import libraries.
* configure.ac: Setup installation of DLL files in $bindir.
(IF_DLL, LIBNETTLE_FILE_SRC, LIBHOGWEED_FILE_SRC): New
substitutions.
* config.make.in (LIBNETTLE_FILE_SRC): Substitute new autoconf
variable.
(LIBHOGWEED_FILE_SRC): Likewise.
* Makefile.in (install-dll-nettle, uninstall-dll-nettle): New
target for installing the DLL file in $bindir.
(install-shared-nettle): Conditionally
depend on install-dll-nettle. Use LIBNETTLE_FILE_SRC.
(uninstall-shared-nettle): Conditionally depend on
install-dll-nettle.
(various hogweed targets): Analogous changes.
* configure.ac: Unify shared lib setup for cygwin and mingw.
2011-10-31 Niels Möller <nisse@lysator.liu.se>
* configure.ac (LIBHOGWEED_LIBS): Typo fix for the darwin case.
Spotted by Martin Storsjö.
2011-10-25 Niels Möller <nisse@lysator.liu.se>
* configure.ac (LIBHOGWEED_LIBS): cygwin fix, added
libnettle.dll.a. Reported by Volker Zell.
2011-10-18 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Improved setup för darwin shared libraries.
Patch contributed by Ryan Schmidt.
2011-10-03 Niels Möller <nisse@lysator.liu.se>
* x86_64/memxor.asm: Implemented sse2-loop. Configured at compile
time, and currently disabled.
* testsuite/testutils.h (ASSERT): Write message to stderr.
* testsuite/memxor-test.c: Use 16-byte alignment for "fully
aligned" operands.
2011-09-03 Niels Möller <nisse@lysator.liu.se>
* x86/camellia-crypt-internal.asm: Use "l"-suffix on instructions
more consistently. Reportedly, freebsd and netbsd systems with
clang are more picky about this.
* configure.ac: Changed version number to 2.5.
* Released nettle-2.4.
* configure.ac (LIBNETTLE_MINOR): Bumped library version, to 4.3.
* gcm-aes.c: Include config.h.
* tools/nettle-lfib-stream.c: Likewise.
* ripemd160-compress.c: Added missing include of config.h. Needed
for correct operation on big-endian systems.
2011-09-02 Niels Möller <nisse@amfibolit.hack.org>
* configure.ac: Changed version number to 2.4.
* Released nettle-2.3.
2011-08-30 Niels Möller <nisse@lysator.liu.se>
* testsuite/hmac-test.c: Added tests for hmac-ripemd160.
* hmac.h: Declare hmac-ripemd160 related functions.
* Makefile.in (nettle_SOURCES): Added hmac-ripemd160.c.
2011-08-30 Niels Möller <nisse@amfibolit.hack.org>
* nettle.texinfo (Hash functions): Document ripemd-160.
* hmac-ripemd160.c: New file.
* hmac.h: Declare hmac-ripemd160 functions.
2011-08-29 Niels Möller <nisse@lysator.liu.se>
* sha256.c (sha256_update): Updated MD_UPDATE call for new
conventions.
(sha256_write_digest): Use MD_PAD rather than MD_FINAL, and insert
the length manually.
* sha512.c: Analogous changes.
* sha1.c (COMPRESS): New macro.
(sha1_update): Updated MD_UPDATE call for new conventions.
(sha1_digest): Use MD_PAD rather than MD_FINAL, and insert the
length manually.
* ripemd160.c (ripemd160_init): Use memcpy for initializing the
state vector.
(COMPRESS): New macro.
(ripemd160_update): Use MD_UPDATE.
(ripemd160_digest): Inline ripemd160_final processing. Use MD_PAD
and _nettle_write_le32.
(ripemd160_final): Deleted function.
* ripemd160.h (struct ripemd160_ctx): Use a 64-bit block count.
Renamed digest to state.
* md5.c (md5_init): Use memcpy for initializing the state vector.
(COMPRESS): New macro, wrapping _nettle_md5_compress.
(md5_update): Use MD_UPDATE.
(md5_digest): Inline md5_final processing. Use MD_PAD and
_nettle_write_le32.
(md5_final): Deleted.
* md5.h (struct md5_ctx): Renamed some fields, for consistency.
* md4.h (struct md4_ctx): Renamed some fields, for consistency.
* md4.c (md4_init): Use memcpy for initializing the state vector.
(md4_update): Use MD_UPDATE.
(md4_digest): Inline md4_final processing, using MD_PAD. Use
_nettle_write_le32.
(md4_block): Renamed, to...
(md4_compress): ... new name. Take ctx pinter as argument.
(md4_final): Deleted function.
* md2.c (md2_update): Use MD_UPDATE.
* macros.h (MD_UPDATE): Added incr argument. Invoke compression
function with ctx pointer as argument, rather than ctx->state.
(MD_FINAL): Just pad, don't store length field. Renamed to MD_PAD.
(MD_PAD): Analogous change of compression invocations.
* sha512.c: (COMPRESS): New macro wrapping _nettle_sha512_compress.
(sha512_update): Use MD_UPDATE.
(sha512_final): Deleted function.
(sha512_write_digest): Use MD_FINAL.
* sha256.c (COMPRESS): New macro wrapping _nettle_sha256_compress.
(SHA256_INCR): Deleted macro.
(sha256_update): Use MD_UPDATE.
(sha256_final): Deleted function.
(sha256_write_digest): New function, replacing sha256_final, and
using MD_FINAL.
(sha256_digest): Use sha256_write_digest.
(sha224_digest): Likewise.
* tools/nettle-hash.c (list_algorithms): Fixed typo in header.
* sha1.c (SHA1_DATA_LENGTH): Deleted unused macro.
(sha1_init): Use memcpy to initialize the state vector.
(SHA1_INCR): Deleted macro.
(sha1_update): Use MD_UPDATE macro, to reduce code duplication.
(sha1_digest): Use MD_FINAL macro.
(sha1_final): Deleted function.
* sha.h (struct sha1_ctx): Renamed attribute digest to state.
* macros.h (MD_UPDATE): New macro.
(MD_FINAL): New macro.
2011-08-28 Niels Möller <nisse@lysator.liu.se>
* ripemd160.c (ripemd160_final): Use LE_WRITE_UINT32. Deleted byte
swapping at the end, leaving it to ripemd160_digest.
(ripemd160_digest): Use _nettle_write_le32.
* Makefile.in (nettle_SOURCES): Added write-le32.c.
* md5.c (md5_digest): Use _nettle_write_le32.
* write-le32.c (_nettle_write_le32): New file and function.
* ripemd160-compress.c (ROL32): Renamed macro (was "rol"). Deleted
x86 version using inline assembly; at least gcc-4.4.5 recognizes
shift-and-or expressions which are in fact rotations.
(_nettle_ripemd160_compress): Use LE_READ_UINT32.
* configure.ac (LIBNETTLE_MINOR): Bumped library version, to 4.2.
* testsuite/meta-hash-test.c: Updated for the addition of
ripemd-160.
* testsuite/.test-rules.make: Added rule for ripemd160-test.
* examples/nettle-benchmark.c (main): Benchmark ripemd-160.
2011-08-28 Niels Möller <nisse@lysator.liu.se>
RIPEMD-160 hash function. Ported from libgcrypt by Andres Mejia.
* testsuite/ripemd160-test.c: New file.
* ripemd160.h: New file.
* nettle-meta.h: Declare nettle_ripemd160.
* ripemd160.c: New file, ported from libgcrypt.
* ripemd160-compress.c: Likewise.
* ripemd160-meta.c: New file.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
ripemd160-test.c.
* nettle-meta-hashes.c (nettle_hashes): Added nettle_ripemd160.
* Makefile.in (nettle_SOURCES): Added ripemd160.c,
ripemd160-compress.c, and ripemd160-meta.c.
(HEADERS): Added ripemd160.h.
2011-08-10 Niels Möller <nisse@amfibolit.hack.org>
* nettle.texinfo: Fixed mis-placed const in various prototypes.
Spotted by Tatsuhiro Tsujikawa.
2011-07-24 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (PKGCONFIG_FILES, pkgconfigdir): New variables.
(DISTFILES): Added nettle.pc.in and hogweed.pc.in.
(nettle.pc, hogweed.pc): New targets (invoking config.status).
(install-pkgconfig, uninstall-pkgconfig): New targets.
(install-here): Depend on install-pkgconfig.
(uninstall-here): Depend on uninstall-pkgconfig.
(distclean-here): Delete nettle.pc and hogweed.pc.
2011-07-20 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Generate nettle.pc and hogweed.pc.
* nettle.pc.in, hogweed.pc.in: New files.
2011-07-17 Niels Möller <nisse@lysator.liu.se>
* nettle-internal.h: Added missing extern declarations.
2011-07-11 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Changed version number to 2.3.
* Released nettle-2.2.
* Makefile.in (DISTFILES): Distribute COPYING.LIB, not COPYING,
2011-07-07 Niels Möller <nisse@lysator.liu.se>
* tools/misc.h (werror): Removed incorrect noreturn attribute from
declaration.
* examples/io.c (read_file): Bug fix, in dependence of initial
size on max_size.
2011-07-01 Niels Möller <nisse@lysator.liu.se>
* cbc.c (CBC_BUFFER_LIMIT): Reduced to 512 bytes.
(cbc_decrypt): For in-place operation, use overlapping memxor3 and
eliminate a memcpy.
* ctr.c (ctr_crypt): Reorganized to call the encryption function
with several blocks at a time. Handle the case of a single block
specially.
* x86_64/memxor.asm: Added ALIGN for shifting loop. Deleted
obsolete ifelse.
2011-06-30 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Link in serpent-decrypt.asm, if found.
* x86_64/serpent-decrypt.asm: Added an SSE2 loop, doing four
blocks at a time in parallel.
* x86_64/serpent-encrypt.asm: Include serpent.m4. Deleted a
redundant label.
* x86_64/serpent.m4: New file, with serpent-related macros.
2011-06-29 Niels Möller <nisse@lysator.liu.se>
* x86_64/serpent-decrypt.asm: Wrote main (32-bit) loop.
(SBOX0I, SBOX1I, SBOX7I): Fixed bugs.
* nettle.texinfo (Copyright): Updated for license change to
LGPLv2+. Updated copyright info on serpent.
* NEWS: Updated information for nettle-2.2.
* x86_64/serpent-decrypt.asm: New file.
* x86_64/serpent-encrypt.asm: Fixed .file pseudo op.
* testsuite/testutils.c (test_cipher_ctr): Display more info on
failure.
* examples/nettle-benchmark.c (bench_ctr): New function.
(time_cipher): Also benchmark CTR mode.
* configure.ac (LIBNETTLE_MINOR): Updated library version number
to 4.1.
(LIBHOGWEED_MINOR): And to 2.1.
2011-06-22 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Use pwd -P when examining lib directories.
Link in serpent-encrypt.asm, if found.
2011-06-21 Niels Möller <nisse@lysator.liu.se>
* serpent-decrypt.c (SBOX3_INVERSE): Eliminated temporaries.
(SBOX4_INVERSE): Likewise.
(SBOX5_INVERSE): Likewise.
(SBOX6_INVERSE): Likewise.
(SBOX7_INVERSE): Likewise.
(All SBOX_INVERSE-macros): Deleted type argument, and updated users.
2011-06-20 Niels Möller <nisse@lysator.liu.se>
* serpent-decrypt.c: Renamed arguments in sbox macros.
(SBOX0_INVERSE): Eliminated temporaries.
(SBOX1_INVERSE): Likewise.
(SBOX2_INVERSE): Likewise.
* x86_64/serpent-encrypt.asm: Added an SSE2 loop, doing four
blocks at a time in parallel.
* testsuite/serpent-test.c (test_main): Added some more multiple
block tests.
2011-06-15 Niels Möller <nisse@lysator.liu.se>
* configure.ac (libdir): On 64-bit Linux, we used to assume that
libraries are installed according to the FHS. Since at least
Fedora and Gentoo follow the FHS convention, while at least Debian
doesn't, we have to try to figure out which convention is used.
2011-06-14 Niels Möller <nisse@lysator.liu.se>
* x86_64/serpent-encrypt.asm: Slight simplification of loop logic.
* x86_64/serpent-encrypt.asm: New file.
2011-06-12 Niels Möller <nisse@lysator.liu.se>
* testsuite/serpent-test.c (test_main): Added tests with multiple
blocks at a time.
* serpent-encrypt.c (SBOX6): Renamed arguments. Eliminated
temporaries.
(SBOX7): Likewise.
(All SBOX-macros): Deleted type argument, and updated users.
* configure.ac: Display summary at the end of configure..
(asm_path): Set only if enable_assember is yes.
2011-06-10 Niels Möller <nisse@lysator.liu.se>
* serpent-encrypt.c (SBOX5): Renamed arguments. Eliminated
temporaries.
2011-06-09 Niels Möller <nisse@lysator.liu.se>
* serpent-encrypt.c (SBOX4): Renamed arguments. Eliminated
temporaries.
* configure.ac (LIBNETTLE_LINK, LIBHOGWEED_LINK): Cygwin fix, from
Vincent Torri.
2011-06-08 Niels Möller <nisse@lysator.liu.se>
* examples/eratosthenes.c (find_first_one): Fixed c99-style
declaration. Reported by Sebastian Reitenbach.
(find_first_one): Declare the lookup table as static const, and
use unsigned char rather than unsigned..
2011-06-07 Niels Möller <nisse@lysator.liu.se>
* serpent-encrypt.c (SBOX0): Renamed arguments. Eliminated
temporaries.
(SBOX1): Likewise.
(SBOX2): Likewise.
(SBOX3): Likewise.
2011-06-06 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (DISTFILES): Added serpent-internal.h.
(nettle_SOURCES): Replaced serpent.c by serpent-set-key.c,
serpent-encrypt.c, and serpent-decrypt.c.
* serpent.c: Replaced by several new files.
* serpent-set-key.c: New file.
* serpent-encrypt.c: New file.
* serpent-decrypt.c: New file.
* serpent-internal.h: New file.
* serpent.c [HAVE_NATIVE_64_BIT]: Process two blocks at a time in
parallel. Measured speedup of 10%--25% (higher for encryption) on
x86_64.
2011-06-01 Niels Möller <nisse@lysator.liu.se>
* serpent.c (ROUNDS): Deleted macro.
(serpent_block_t): Deleted array typedef.
(KEYXOR): New macro, replacing BLOCK_XOR.
(BLOCK_COPY, SBOX, SBOX_INVERSE): Deleted macros.
(LINEAR_TRANSFORMATION): Use four separate arguments.
(LINEAR_TRANSFORMATION_INVERSE): Likewise.
(ROUND): Take separate arguments for all input and output words.
(ROUND_INVERSE): Likewise.
(ROUND_LAST, ROUND_FIRST_INVERSE): Deleted macros.
(serpent_set_key): Moved loop termination test.
(serpent_encrypt): Rewrote with unrolling of just eight rounds,
and without serpent_block_t.
(serpent_decrypt): Likewise.
* serpent.c: Added do { ... } while (0) around block macros.
(serpent_key_t): Deleted array typedef.
(ROL32, ROR32): Renamed macros, were rol and ror.
(KS_RECURRENCE, KS): New macros.
(serpent_key_pad): Renamed, from...
(serpent_key_prepare): ...old name.
(serpent_subkeys_generate): Deleted function.
(serpent_set_key): Rewrote the generation of subkeys. Reduced both
temporary storage and code size (less unrolling)
2011-05-31 Niels Möller <nisse@lysator.liu.se>
* testsuite/serpent-test.c (test_main): Enabled test with short,
40-bit, key.
* serpent.c (byte_swap_32): Deleted macro.
(serpent_key_prepare): Use LE_READ_UINT32. Don't require aligned
input, and support arbitrary key sizes.
2011-05-30 Simon Josefsson <simon@josefsson.org>
* serpent.c: Rewrite, based on libgcrypt code. License changed
from GPL to LGPL.
* serpent_sboxes.h: Removed.
* Makefile.in: Drop serpent_sboxes.h.
2011-05-31 Niels Möller <nisse@lysator.liu.se>
* testsuite/serpent-test.c (test_main): Added some tests for
padding of keys of length which is not a multiple of four bytes.
2011-05-30 Simon Josefsson <simon@josefsson.org>
* testsuite/serpent-test.c (test_main): Add test vectors from
libgcrypt.
2011-05-21 Niels Möller <nisse@lysator.liu.se>
* dsa-keygen.c (dsa_generate_keypair): Avoid double init of mpz
variable. Spotted by Nikos Mavrogiannopoulos.
2011-05-06 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Fix link flags for shared libraries on Solaris,
which needs -h to set the soname. Patch contributed by Dagobert
Michelsen.
2011-05-06 Niels Möller <nisse@lysator.liu.se>
* configure.ac: New configure option --enable-gcov.
* arcfour.h (arcfour_stream): Deleted obsolete define.
2011-04-27 Niels Möller <nisse@lysator.liu.se>
* tools/nettle-hash.c (find_algorithm): Require exact match.
2011-04-15 Niels Möller <nisse@lysator.liu.se>
Reverted broken byte-order change from 2001-06-17:
* serpent.c (serpent_set_key): Use correct byteorder.
(serpent_encrypt): Likewise.
(serpent_decrypt): Likewise.
* testsuite/serpent-test.c (decode_hex_reverse): New function.
(RH, RHL): New macros.
(test_main): Byte reverse inputs and outputs for the testvectors
taken from the serpent submission package. Enable test vectors
from http://www.cs.technion.ac.il/~biham/Reports/Serpent/.
2011-03-23 Niels Möller <nisse@lysator.liu.se>
* tools/sexp-conv.c (xalloc): Deleted function, now it's in misc.c
instead.
* configure.ac: Use LSH_FUNC_STRERROR.
* tools/Makefile.in (TARGETS): Added nettle-hash, and related
build rules.
(SOURCES): Added nettle-hash.c.
* tools/misc.c (xalloc): New function.
* tools/pkcs1-conv.c (main): Made the OPT_* constants local, and
fixed numerical values to start with non-ASCII 0x300.
* tools/nettle-hash.c: New file.
2011-03-23 Niels Möller <nisse@lysator.liu.se>
Contributed by Daniel Kahn Gillmor:
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
meta-hash-test.c, meta-cipher-test.c, and meta-armor-test.c.
* testsuite/meta-hash-test.c: New file.
* testsuite/meta-cipher-test.c: New file.
* testsuite/meta-armor-test.c: New file.
* nettle.texinfo: Document nettle_hashes and nettle_ciphers.
* nettle-meta.h: Declare algorithm lists nettle_ciphers,
nettle_hashes, nettle_armors.
* Makefile.in (nettle_SOURCES): Added nettle-meta-hashes.c,
nettle-meta-ciphers.c, and nettle-meta-armors.c.
* nettle-meta-armors.c: New file.
* nettle-meta-ciphers.c: New file.
* nettle-meta-hashes.c: New file.
2011-02-18 Niels Möller <nisse@lysator.liu.se>
* arcfour.c (arcfour_stream): Deleted function. It's not very
useful, and neither documented nor tested.
2011-02-16 Niels Möller <nisse@lysator.liu.se>
* cbc.h (CBC_ENCRYPT): Avoid using NULL; we don't ensure that it
is defined.
(CBC_DECRYPT): Likewise.
* gcm-aes.c (gcm_aes_set_iv): Use GCM_SET_IV.
(gcm_aes_set_key): Deleted cast.
(gcm_aes_encrypt): Likewise.
(gcm_aes_decrypt): Likewise.
(gcm_aes_digest): Likewise.
(gcm_aes_update): One less argument to GCM_UPDATE.
* gcm.h (GCM_SET_KEY): Added cast to nettle_crypt_func *. Help
compiler type checking despite this cast.
(GCM_ENCRYPT): Likewise.
(GCM_DECRYPT): Likewise.
(GCM_DIGEST): Likewise.
(GCM_SET_IV): New macro, for completeness.
(GCM_UPDATE): Deleted unused argument encrypt.
2011-02-14 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo: Split node on cipher modes, and started on
the GCM documentation.
* testsuite/gcm-test.c (test_gcm_aes): Deleted function, replaced
by test_aead.
(test_main): Use test_aead.
* testsuite/testutils.c (test_aead): New function, replacing
test_gcm_aes and before that test_cipher_gcm.
* nettle-internal.c (nettle_gcm_aes128): New const struct.
(nettle_gcm_aes192): Likewise.
(nettle_gcm_aes256): Likewise.
* nettle-internal.h (struct nettle_aead): Tentative interface for
authenticated encryption with associated data.
* examples/nettle-benchmark.c (time_gcm): Renamed. Updated for
gcm_aes_auth to gcm_aes_update renaming. Benchmark both encryption
and hashing.
(time_gmac): ...old name.
* nettle-internal.c (des_set_key_hack): Don't touch the bits
parity, since thay are now ignored.
(des3_set_key_hack): Likewise.
* cast128-meta.c (nettle_cast128): Don't pass keysize.
* nettle-meta.h (_NETTLE_CIPHER_FIX): Deleted keysize parameter
derived from the appropriate constant instead.
* testsuite/gcm-test.c (test_gcm_aes): Updated for gcm_aes_auth to
gcm_aes_update renaming.
2011-02-13 Niels Möller <nisse@lysator.liu.se>
* gcm.h (GCM_UPDATE): Renamed, from...
(GCM_AUTH): ...old name.
* gcm-aes.c (gcm_aes_update): Renamed, from...
(gcm_aes_auth): ...old name.
* gcm.c (gcm_update): Renamed, and fixed an assert. From...
(gcm_auth): ...old name.
* gcm.h (GCM_TABLE_BITS): Increase table size to 8 bits,
corresponding to 4 KByte of key-dependent tables.
2011-02-10 Niels Möller <nisse@lysator.liu.se>
* x86_64/memxor.asm: New file. Improves performance by 22% for the
unaligned01 case and 35% for the unaligned12 case, benchmarked on
Intel SU1400.
* examples/nettle-benchmark.c (cgt_works_p): New function.
(cgt_time_start): Likewise.
(cgt_time_end): Likewise.
(clock_time_start): Likewise.
(clock_time_end): Likewise.
(time_function): Read clock via function pointers time_start and
time_end, so we can select method at runtime.
(xalloc): Use die function.
(main): Choose timing function. If available, try clock_gettime,
and fall back to clock if it doesn't exist.
* examples/nettle-benchmark.c (die): New function.
(TIME_END, TIME_START): Check return value from clock_gettime.
* gcm.h (union gcm_block): Use correct length for w array.
* testsuite/gcm-test.c (test_main): Added the rest of the
testcases from the spec.
2011-02-09 Niels Möller <nisse@lysator.liu.se>
* testsuite/gcm-test.c (test_main): Enabled testcases 5 and 6,
with different IV lengths.
* gcm-aes.c (gcm_aes_set_iv): Updated for gcm_set_iv change.
* gcm.c (gcm_hash_sizes): New function.
(gcm_set_iv): Added support for IVs of arbitrary size. Needed
another argument, for the hash subkey.
(gcm_digest): Use gcm_hash_sizes.
* examples/nettle-benchmark.c (time_gmac): Use gcm_aes interface.
* testsuite/gcm-test.c (test_gcm_aes): New function, replacing
test_cipher_gcm and using the new gcm_aes interface.
(test_main): Updated to use test_gcm_aes.
* testsuite/testutils.c (test_cipher_gcm): Deleted function.
* Makefile.in (nettle_SOURCES): Added gcm-aes.c.
* gcm.c (gcm_set_key): Replaced context argument by a struct
gcm_key *.
(gcm_hash): Replaced context argument by a struct gcm_key * and a
pointer to the hashing state block.
(gcm_auth): Added struct gcm_key * argument.
(gcm_encrypt): Likewise.
(gcm_decrypt): Likewise.
(gcm_digest): Likewise.
* gcm-aes.c: New file.
(gcm_aes_set_key): New function.
(gcm_aes_set_iv): Likewise.
(gcm_aes_auth): Likewise.
(gcm_aes_encrypt): Likewise.
(gcm_aes_decrypt): Likewise.
(gcm_aes_digest): Likewise.
* gcm.h (struct gcm_key): Moved the key-dependent and
message-independent state to its own struct.
(struct gcm_ctx): ... and removed it here.
(GCM_CTX): New macro.
(GCM_SET_KEY): Likewise.
(GCM_AUTH): Likewise.
(GCM_ENCRYPT): Likewise.
(GCM_DECRYPT): Likewise.
(GCM_DIGEST): Likewise.
(struct gcm_aes_ctx): New struct.
2011-02-08 Niels Möller <nisse@lysator.liu.se>
* gcm.h (struct gcm_ctx): The hash key is now always an array,
named h, with array size depending on GCM_TABLE_BITS.
* gcm.c (gcm_gf_shift): Added a separate result argument.
(gcm_gf_mul): Compile bitwise version only when GCM_TABLE_BITS ==
0. Simplified interface with just two arguments pointing to
complete blocks.
(gcm_gf_shift_4, gcm_gf_shift_8): Renamed table-based functions, from...
(gcm_gf_shift_chunk): ... old name.
(gcm_gf_mul): Renamed both table-based versions and made the
argument types compatible with the bitwise gcm_gf_mul.
(gcm_gf_mul_chunk): ... the old name.
(gcm_set_key): Initialize the table using adds and shifts only.
When GCM_TABLE_BITS > 0, this eliminates the only use of the
bitwise multiplication.
(gcm_hash): Simplified, now that we have the same interface for
gcm_gf_mul, regardless of table size.
* gcm.c (GHASH_POLYNOMIAL): Use unsigned long for this constant.
(gcm_gf_shift_chunk): Fixed bugs for the big endian 64-bit case,
e.g., sparc64. For both 4-bit and 8-bit tables.
* gcm.c: Use the new union gcm_block for all gf operations.
* gcm.h (union gcm_block): New union, used to enforce alignment.
2011-02-07 Niels Möller <nisse@lysator.liu.se>
* gcm.c (gcm_gf_shift_chunk) : Bug fix for little-endian 8-bit
tables.
* gcm.c (gcm_gf_mul_chunk): Special case first and last iteration.
(gcm_gf_add): New function, a special case of memxor. Use it for
all memxor calls with word-aligned 16 byte blocks. Improves
performance to 152 cycles/byte with no tables, 28 cycles per byte
with 4-bit tables and 10.5 cycles per byte with 8-bit tables.
Introduced 8-bit tables. If enabled, gives gmac performance of 19
cycles per byte (still on intel x86_64).
* gcm.c (gcm_gf_shift_chunk): New implementation for 8-bit tables.
(gcm_gf_mul_chunk): Likewise.
(gcm_set_key): Generate 8-bit tables.
* Makefile.in (SOURCES): Added gcmdata.c.
* gcm.h (GCM_TABLE_BITS): Set to 4.
2011-02-06 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (TARGETS): Added gcmdata.
(gcmdata): New rule.
Introduced 4-bit tables. Gives gmac performance of 45 cycles per
byte (still on intel x86_64).
* gcm.c (gcm_gf_shift): Renamed. Tweaked little-endian masks.
(gcm_rightshift): ... old name.
(gcm_gf_mul): New argument for the output. Added length argument
for one of the inputs (implicitly padding with zeros).
(shift_table): New table (in 4-bit and 8-bit versions), generated
by gcmdata.
(gcm_gf_shift_chunk): New function shifting 4 bits at
a time.
(gcm_gf_mul_chunk): New function processing 4 bits at a time.
(gcm_set_key): Generation of 4-bit key table.
(gcm_hash): Use tables, when available.
* gcmdata.c (main): New file.
* gcm.c (gcm_rightshift): Moved the reduction of the shifted out
bit here.
(gcm_gf_mul): Updated for gcm_rightshift change. Improves gmac
performance to 181 cycles/byte.
* gcm.c (gcm_gf_mul): Rewrote. Still uses the bitwise algorithm from the
specification, but with separate byte and bit loops. Improves gmac
performance a bit further, to 227 cycles/byte.
* gcm.c (gcm_rightshift): Complete rewrite, to use word rather
than byte operations. Improves gmac performance from 830 cycles /
byte to (still poor) 268 cycles per byte on intel x86_64.
2011-02-05 Niels Möller <nisse@lysator.liu.se>
* examples/nettle-benchmark.c (time_gmac): New function.
(main): Call time_gmac.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added gcm-test.c.
* testsuite/testutils.c (test_cipher_gcm): New function,
contributed by Nikos Mavrogiannopoulos.
* testsuite/gcm-test.c: New file, contributed by Nikos
Mavrogiannopoulos.
* Makefile.in (nettle_SOURCES): Added gcm.c.
(HEADERS): Added gcm.h.
* gcm.c: New file, contributed by Nikos Mavrogiannopoulos.
* gcm.h: New file, contributed by Nikos Mavrogiannopoulos.
* macros.h (INCREMENT): New macro, moved from ctr.c. Deleted third
argument.
* ctr.c: Use INCREMENT macro from macros.h, deleted local version.
2011-01-07 Niels Möller <nisse@lysator.liu.se>
* testsuite/Makefile.in (check): Add ../.lib to PATH, since that's
where w*ndows looks for dlls.
* testsuite/testutils.c (test_cipher_stream): More debug output on
failure.
2010-12-14 Niels Möller <nisse@lysator.liu.se>
* nettle-types.h: Deleted some unnecessary parenthesis from
function typedefs.
(nettle_realloc_func): Moved typedef here...
* realloc.h: ...from here.
* buffer.c (nettle_buffer_init_realloc): Use an explicit pointer
for realloc argument.
2010-12-07 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo (Copyright): Updated info on blowfish.
2010-11-26 Niels Möller <nisse@lysator.liu.se>
Reapplied optimizations (150% speedup on x86_32) and other fixes,
relicensing them as LGPL.
* blowfish.c (do_encrypt): Renamed, to...
(encrypt): ...new name.
(F): Added context argument. Shift input explicitly, instead of
reading individual bytes via memory.
(R): Added context argument.
(encrypt): Deleted a bunch of local variables. Using the context
pointer for everything should consume less registers.
(decrypt): Likewise.
(initial_ctx): Arrange constants into a struct, to simplify key
setup.
(blowfish_set_key): Some simplification.
2010-11-26 Simon Josefsson <simon@josefsson.org>
* blowfish.c: New version ported from libgcrypt. License changed
from GPL to LGPL.
2010-11-25 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (install-shared-nettle): Use INSTALL_DATA, which
clears the execute permission bits.
(install-shared-hogweed): Likewise.
2010-11-16 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Updated gmp url.
2010-11-01 Niels Möller <nisse@lysator.liu.se>
* tools/misc.c (werror): Don't call exit (copy&paste-error).
2010-10-26 Niels Möller <nisse@lysator.liu.se>
* examples/rsa-encrypt.c (main): No extra message for bad options.
* examples/rsa-keygen.c (main): Added long options. Deleted -?,
and fixed handling of bad options.
* examples/next-prime.c (main): Deleted -?, and fixed handling of
bad options.
* examples/random-prime.c (main): Likewise.
2010-10-22 Niels Möller <nisse@lysator.liu.se>
* examples/nettle-benchmark.c (main): Added long options. Deleted -?,
and fixed handling of bad options.
* examples/eratosthenes.c (main): Added long options. Deleted -?,
and fixed handling of bad options. Renamed -s to -q (long option
--quiet).
* tools/pkcs1-conv.c (main): Deleted short alias -? for --help,
and fixed handling of bad options.
* tools/sexp-conv.c (parse_options): Likewise.
2010-10-06 Niels Möller <nisse@lysator.liu.se>
* memxor.c (memxor3): Optimized.
(memxor3_common_alignment): New function.
(memxor3_different_alignment_b): New function.
(memxor3_different_alignment_ab): New function.
(memxor3_different_alignment_all): New function.
* examples/nettle-benchmark.c (time_function): Reorganized, to
reduce overhead.
(time_memxor): Also benchmark memxor3.
* x86_64/memxor.asm: New file.
* examples/nettle-benchmark.c (overhead): New global variable.
(time_function): Compensate for call overhead.
(bench_nothing, time_overhead): New functions.
(time_memxor): Tweaked src size, making it an integral number of
words.
(main): Call time_overhead.
2010-10-01 Niels Möller <nisse@lysator.liu.se>
* x86_64/camellia-crypt-internal.asm (ROUND): Reordered sbox
lookups.
* testsuite/memxor-test.c: Also test memxor3.
2010-09-30 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Link in memxor.asm, if found.
* testsuite/testutils.c (test_cipher_cbc): Print more info when
failing.
* testsuite/memxor-test.c (test_xor): Added verbose printout.
* examples/nettle-benchmark.c (time_memxor): Count size of
unsigned long as "block size" for memxor.
2010-09-24 Niels Möller <nisse@lysator.liu.se>
* testsuite/.test-rules.make: Added rule for memxor-test.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added memxor-test.c
* testsuite/memxor-test.c: New file.
* memxor.c (memxor_common_alignment): New function.
(memxor_different_alignment): New function.
(memxor): Optimized to do word-operations rather than byte
operations.
* configure.ac (HAVE_NATIVE_64_BIT): New config.h define.
Partial revert of 2010-09-20 changes.
* camellia-set-encrypt-key.c (camellia_set_encrypt_key):
Reintroduce CAMELLIA_F_HALF_INV, for 32-bit machines.
* camellia-crypt-internal.c (CAMELLIA_ROUNDSM): Two variants,
differing in where addition of the key is done.
* x86/camellia-crypt-internal.asm: Moved addition of key.
2010-09-22 Niels Möller <nisse@lysator.liu.se>
* examples/nettle-benchmark.c (BENCH_INTERVAL): Changed unit to
seconds.
(time_function): Use clock_gettime with CLOCK_PROCESS_CPUTIME_ID,
if available. This gives better accuracy, at least on recent
linux.
(BENCH_INTERVAL): Reduced to 0.1 s.
(struct bench_memxor_info): New struct.
(bench_memxor): New function.
(time_memxor): New function.
(main): Use time_memxor. Added optional argument used to limit the
algorithms being benchmarked.
(GET_CYCLE_COUNTER): Define also for x86_64.
(time_memxor): Improved display.
* examples/Makefile.in (nettle-benchmark): Link using
$(BENCH_LIBS) rather than $(LIBS).
* configure.ac: Check for clock_gettime, and add -lrt to
BENCH_LIBS if needed.
2010-09-20 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Less quoting when invoking $CC, to allow CC="gcc
-m32".
* x86/camellia-crypt-internal.asm (ROUND): Adapted to new key
convention, moving key xor to the end.
* camellia-set-encrypt-key.c (CAMELLIA_F_HALF_INV): Deleted macro.
(camellia_set_encrypt_key): Deleted the CAMELLIA_F_HALF_INV
operations intended for moving the key xor into the middle of the
round.
* camellia-crypt-internal.c (CAMELLIA_ROUNDSM): Moved addition of
key to the end, to use a 64-bit xor operation.
* x86_64/camellia-crypt-internal.asm: New file.
* x86_64/machine.m4 (LREG, HREG, XREG): New macros.
2010-09-17 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Support shared libraries (dlls) with mingw32.
Contributed by David Hoyt.
2010-07-25 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Changed version number to nettle-2.2.
* Released nettle-2.1.
* configure.ac: Use camellia-crypt-internal.asm, if available.
Bumped soname to libnettle.so.4, and reset LIBNETTLE_MINOR to
zero.
* x86/machine.m4 (LREG, HREG): Moved macros here, from...
* x86/aes.m4: ...here.
* x86/camellia-crypt-internal.asm: New file.
* nettle.texinfo: Updated and expanded section on DSA.
Document aes_invert_key, and camellia. Added missing functions
rsa_sha512_verify and rsa_sha512_verify_digest.
* camellia.h (struct camellia_ctx): Eliminate the two unused
subkeys, and renumber the remaining ones.
* camellia-crypt-internal.c (_camellia_crypt): Updated for
renumbered subkeys.
* camellia-set-encrypt-key.c (camellia_set_encrypt_key): Likewise.
* camellia-set-decrypt-key.c (camellia_invert_key): Likewise.
* camellia-set-encrypt-key.c (camellia_set_encrypt_key): Inline
the expansion of camellia_setup128 and camellia_setup256, keeping
the unexpanded key in scalar variables.
(camellia_setup128): Deleted.
(camellia_setup256): Deleted.
2010-07-24 Niels Möller <nisse@lysator.liu.se>
* camellia-set-encrypt-key.c (camellia_set_encrypt_key): Reduced
code size, no complete loop unroll. Use one loop for each phase of
the post-processing.
* testsuite/camellia-test.c: New tests for camellia_invert_key.
* testsuite/aes-test.c: New tests for aes_invert_key.
* aes.h (aes_invert_key): Declare it.
* aes-set-decrypt-key.c (aes_invert_key): New function, key
inversion code extracted from aes_set_decrypt_key.
(aes_set_decrypt_key): Use aes_invert_key.
* camellia-set-encrypt-key.c (camellia_setup128): Generate
unmodified subkeys according to the spec. Moved clever combination
of subkeys to camellia_set_encrypt_key.
(camellia_setup256): Likewise.
(camellia_set_encrypt_key): Moved subkey post-processing code
here, and reduce code duplication between 128-bit keys and larger
keys.
* camellia.c: Deleted file, split into several new files...
* camellia-table.c (_camellia_table): New file with the constant
sbox tables.
* camellia-set-encrypt-key.c: New file.
(camellia_setup128): Generate unmodified subkeys according to the
spec. Moved clever combination of subkeys to camellia_set_encrypt_key.
(camellia_setup256): Likewise.
* camellia-set-decrypt-key.c: New file.
(camellia_invert_key): Key inversion function.
(camellia_set_decrypt_key): New key setup function.
* camellia-internal.h: New file.
* camellia-crypt.c (camellia_crypt): New file, new wrapper
function passing the sbox table to _camellia_crypt.
* camellia-crypt-internal.c (_camellia_crypt): New file, with main
encrypt/decrypt function.
* Makefile.in (nettle_SOURCES): Updated list of camellia source files.
(DISTFILES): Added camellia-internal.h.
2010-07-20 Niels Möller <nisse@lysator.liu.se>
* camellia-meta.c: Use _NETTLE_CIPHER_SEP_SET_KEY.
* camellia.h (struct camellia_ctx): Replaced flag camellia128 by
expanded key length nkeys.
* camellia.c (camellia_set_encrypt_key): Renamed, from...
(camellia_set_key): ... old name.
(camellia_invert_key): New function.
(camellia_set_decrypt_key): New function, using
camellia_invert_key.
(camellia_crypt): Renamed, from...
(camellia_encrypt): ... old name.
(camellia_decrypt): Deleted, no longer needed. camellia_crypt used
for both encryption and decryption.
* nettle-meta.h (_NETTLE_CIPHER_SEP_SET_KEY): New macro.
* dsa-keygen.c: Removed unnecessary include of memxor.h.
* camellia.c: Rewrote to use 64-bit type for subkeys and use
64-bit operations throughout. Performance on x86_32, when compiled
with gcc-4.4.4, is reduced by roughly 15%, this should be fixed
later.
* camellia.h (struct camellia_ctx): Use type uint64_t for subkeys.
2010-07-07 Niels Möller <nisse@lysator.liu.se>
* aes.h (aes_encrypt, aes_decrypt): Declare ctx argument as const.
Also updated implementation.
* blowfish.h (blowfish_encrypt, blowfish_decrypt): Likewise.
* cast128.h (cast128_encrypt, cast128_decrypt): Likewise.
* serpent.h (serpent_encrypt, serpent_decrypt): Likewise.
* twofish.h (twofish_encrypt, twofish_decrypt): Likewise.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
camellia-test.c.
* examples/nettle-benchmark.c: Added camellia ciphers.
* Makefile.in (nettle_SOURCES): Added camellia.c and
camellia-meta.c.
(HEADERS): Added camellia.h.
* nettle-meta.h (nettle_camellia128): Declare.
(nettle_camellia192): Likewise.
(nettle_camellia256): Likewise.
* camellia-meta.c: New file.
* camellia.h: Rewrote interface to match nettle conventions.
* camellia.c: Converted to nettle conventions.
(camellia_encrypt128, camellia_encrypt256): Unified to new
function...
(camellia_encrypt): ...New function, with a loop doing 6
regular rounds, one FL round and one FLINV round per iteration,
with iteration count depending on the key size.
(camellia_decrypt128, camellia_decrypt256): Similarly unified
as...
(camellia_decrypt): ...New function, analogous to
camellia_encrypt.
2010-07-06 Niels Möller <nisse@lysator.liu.se>
* camellia.c, camellia.h: New files, copied from
http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/camellia-LGPL-1.2.0.tar.gz.
* testsuite/camellia-test.c: New file.
2010-07-05 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo: Document new conventions for weak key and des
parity checks. Document des_check_parity.
* testsuite/des-test.c (test_weak): Don't check the deleted status
attribute.
* des-compat.c (des_key_sched): Rewrote error checking logic for
the case of non-zero des_check_key.
* des3.c (des3_set_key): Changed weak key detection logic.
Complete key setup also for weak keys, and don't set the status
attribute.
* des.c (des_set_key): New iteration logic, to keep key pointer
unchanged. Moved weak key check to the end, and don't set the
status attribute.
(des_encrypt): Ignore status attribute.
(des_decrypt): Likewise.
* des.h (enum des_error): Deleted.
(struct des_ctx): Deleted status attribute.
(struct des3_ctx): Likewise.
* blowfish.c (initial_ctx): Deleted status value.
(blowfish_encrypt): Ignore status attribute.
(blowfish_decrypt): Likewise.
(blowfish_set_key): Return result from weak key check, without
setting the status attribute.
* blowfish.h (enum blowfish_error): Deleted.
(struct blowfish_ctx): Deleted status attribute.
* Makefile.in (des_headers): Deleted parity.h.
2010-06-30 Niels Möller <nisse@lysator.liu.se>
* testsuite/des-test.c (test_des): New function.
(test_weak): New function.
(test_main): Use test_des and test_weak. Added tests for all the
weak keys. Added some tests with invalid (to be ignored) parity
bits.
* des.c (parity_16): New smaller parity table.
(des_check_parity): New function.
(des_fix_parity): Use parity_16.
(des_weak_p): New weak-key detection. Ignores parity bits, and
uses a hash table.
(des_set_key): Deleted parity checking code. Replaced old weak-key
detection code by a call to des_weak_p.
2010-06-04 Niels Möller <nisse@lysator.liu.se>
* testsuite/testutils.c (test_dsa_key): Updated for new name
DSA_SHA1_MIN_P_BITS.
* dsa-keygen.c (dsa_generate_keypair): Use DSA_SHA1_MIN_P_BITS and
DSA_SHA256_MIN_P_BITS.
* dsa.h (DSA_MIN_P_BITS, DSA_Q_OCTETS, DSA_Q_BITS): Renamed to...
(DSA_SHA1_MIN_P_BITS, DSA_SHA1_Q_OCTETS, DSA_SHA1_Q_BITS): New
names.
* sexp2dsa.c (dsa_keypair_from_sexp_alist): New argument q_bits.
Renamed parameter limit to p_max_bits.
(dsa_sha1_keypair_from_sexp): Renamed, was dsa_keypair_from_sexp.
Updated to call dsa_keypair_from_sexp_alist with the new argument.
(dsa_sha256_keypair_from_sexp): New function.
(dsa_signature_from_sexp): New argument q_bits.
* der2dsa.c (dsa_params_from_der_iterator): Enforce 160-bit limit
on q. Renamed parameter limit to p_max_bits.
(dsa_openssl_private_key_from_der_iterator): Enforce 160-bit limit
on q and x. Renamed parameter limit to p_max_bits.
2010-06-03 Niels Möller <nisse@lysator.liu.se>
* testsuite/dsa-test.c (test_main): Added test for dsa-sha256.
2010-06-02 Niels Möller <nisse@lysator.liu.se>
* testsuite/dsa-test.c (test_main): Provide expected value of the
signature.
* testsuite/testutils.c (test_dsa160): Added argument for expected
signature.
(test_dsa256): Likewise.
2010-06-01 Niels Möller <nisse@lysator.liu.se>
* testsuite/rsa-keygen-test.c (test_main): Updated expected
signatures.
* examples/random-prime.c (main): Updated for nettle_random_prime
change.
* testsuite/random-prime-test.c (test_main): Likewise.
* rsa-keygen.c (bignum_random_prime): Deleted function.
(rsa_generate_keypair): Use new nettle_random_prime. Generate
secret factors p and q with the two most significant bits set.
* dsa-keygen.c (dsa_generate_keypair): Updated for changes in
nettle_random_prime and _nettle_generate_pocklington_prime. Invoke
progress callback.
* bignum-random-prime.c (_nettle_generate_pocklington_prime): New
argument top_bits_set, to optionally generate primes with the two
most significant bits set. Reordered argument list.
(nettle_random_prime): Likewise, added top_bits_set argument.
Invoke progress callback when a prime is generated.
2010-05-26 Niels Möller <nisse@lysator.liu.se>
* dsa-keygen.c (dsa_generate_keypair): Use
_nettle_generate_pocklington_prime. Deleted old key generation
code.
* bignum-random-prime.c (_nettle_generate_pocklington_prime): Also
return the used r. Updated caller.
* examples/random-prime.c (main): Allow sizes down to 3 bits.
* bignum-random-prime.c (_nettle_generate_pocklington_prime): New
function. Rely on mpz_probab_prime_p (for lack of a trial division
function) for trial division.
(nettle_random_prime): Rewritten. Uses the prime table for the
smallest sizes, then trial division using a new set of tables, and
then Maurer's algorithm, calling the new
_nettle_generate_pocklington_prime for the final search.
2010-05-25 Niels Möller <nisse@lysator.liu.se>
* testsuite/dsa-test.c (test_main): Updated for dsa testing
changes.
* testsuite/dsa-keygen-test.c (test_main): Test dsa256.
* testsuite/testutils.h (struct nettle_mac): New struct, currently
unused.
* testsuite/testutils.c (test_mac): New function (currently not
used).
(test_dsa): Replaced by two new functions...
(test_dsa160): New function.
(test_dsa256): New function.
(test_dsa_key): New argument q_size.
(DSA_VERIFY): Generalized.
* dsa-keygen.c (dsa_generate_keypair): Rewritten, now generating
primes using Pocklington's theorem. Takes both p_size and q_size
as arguments.
2010-05-20 Niels Möller <nisse@lysator.liu.se>
* bignum-random-prime.c (miller_rabin_pocklington): Fixed broken
logic when Miller-rabin succeeds early.
2010-04-09 Niels Möller <nisse@lysator.liu.se>
* bignum-next-prime.c: Include stdlib.h, needed for alloca on
freebsd.
* hmac.c: Likewise.
* examples/Makefile.in (SOURCES): Added random-prime.c.
* examples/random-prime.c: New program.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Moved
knuth-lfib-test.c, cbc-test.c, ctr-test.c, hmac-test.c here, from
TS_HOGWEED_SOURCES.
(TS_HOGWEED_SOURCES): Added random-prime-test.c.
* testsuite/random-prime-test.c: New test case.
* examples/next-prime.c (main): With no command line arguments.
exit after dislaying usage message.
* examples/io.c (simple_random): Free buffer when done.
* configure.ac: Changed message, say CC is the recommended
way to configure the ABI.
* bignum-random.c: Deleted test of HAVE_LIBGMP.
* bignum.c: Likewise.
* sexp2bignum.c: Likewise.
* Makefile.in (hogweed_SOURCES): Added bignum-random-prime.c.
* bignum-random-prime.c (nettle_random_prime): New file, new
function.
2010-03-31 Niels Möller <nisse@lysator.liu.se>
* examples/nettle-benchmark.c (main): Benchmark sha224.
2010-03-30 Niels Möller <nisse@lysator.liu.se>
* testsuite/testutils.c (DSA_VERIFY): Updated for dsa_sha1_verify
rename.
(test_dsa): Check return value from dsa_sha1_sign.
* Makefile.in (hogweed_SOURCES): Added dsa-sha1-sign.c,
dsa-sha1-verify.c, dsa-sha256-sign.c, and dsa-sha256-verify.c.
* dsa.h: Updated and added dsa declarations.
* dsa-sha256-verify.c (dsa_sha256_verify_digest): New file, new
function.
(dsa_sha256_verify): New function.
* dsa-sha256-sign.c (dsa_sha256_sign_digest): New file, new
function.
(dsa_sha256_sign): New function.
* dsa-sha1-verify.c (dsa_sha1_verify_digest): New file. Moved and
renamed function, from dsa_verify_digest, rewrote to use
_dsa_verify.
(dsa_sha1_verify): Analogous change, renamed from dsa_verify.
* dsa-sha1-sign.c (dsa_sha1_sign_digest): New file. Moved and
renamed function, from dsa_sign_digest, rewrote to use _dsa_sign,
and added return value.
(dsa_sha1_sign): Analogous change, renamed from dsa_sign.
* dsa-verify.c (_dsa_verify): New general verification function,
for any hash.
* dsa-sign.c (_dsa_sign): New general signing function, for any
hash. Returns success code, like the rsa signture functions.
2010-03-29 Niels Möller <nisse@lysator.liu.se>
* configure.ac (ABI): Attempt to use a better, ABI-dependant,
default value for libdir.
* x86/md5-compress.asm: Fixed function name in epilogue.
* asm.m4 (EPILOGUE): Use . to refer to current address.
* configure.ac (ABI): Detect which ABI the compiler is using.
On x86_64, also check for __arch64__.
2010-03-28 Niels Möller <nisse@lysator.liu.se>
* configure.ac (asm_path): For x86_64, check if compiler is
generating 32-bit code.
2010-03-27 Niels Möller <nisse@lysator.liu.se>
* testsuite/hmac-test.c (test_main): Rewrote rest of tests to use
HMAC_TEST, and added more tests from Daniel Kahn Gillmor and from
RFC 4231.
* Makefile.in (nettle_SOURCES): Added hmac-sha224.c and
hmac-sha384.c.
* hmac.h: Added declarations of hmac-sha224 and hmac-sha384.
* hmac-sha224.c: New file.
2010-03-26 Niels Möller <nisse@lysator.liu.se>
* testsuite/hmac-test.c (HMAC_TEST): New macro.
(test_main): Use HMAC_TEST for the md5 and sha1 tests, and add
test vectors from Daniel Kahn Gillmor.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added sha224-test.c.
* Makefile.in (nettle_SOURCES): Added sha224-meta.c and
write-be32.c.
(DISTFILES): Added nettle-write.h.
* sha.h: Added declarations for sha224. Some are aliases for the
corresponding sha256 definition.
* sha256.c (sha256_digest): Use _nettle_write_be32.
(sha224_init): New function.
(sha224_digest): New function.
* sha1.c (sha1_digest): Use _nettle_write_be32.
* nettle-internal.h (NETTLE_MAX_HASH_BLOCK_SIZE)
(NETTLE_MAX_HASH_DIGEST_SIZE): Increased, to take sha512 into
account.
* nettle-write.h: New file.
* write-be32.c (_nettle_write_be32): New file, new function.
* sha224-meta.c: New file.
2010-03-25 Niels Möller <nisse@lysator.liu.se>
* hmac-sha384.c: New file.
* testsuite/sha224-test.c: New file.
* testsuite/md4-test.c (test_main): More test vectors, provided by
Daniel Kahn Gillmor.
* testsuite/md5-test.c (test_main): Likewise.
* testsuite/sha1-test.c (test_main): Likewise.
* testsuite/sha256-test.c (test_main): Likewise.
* testsuite/sha384-test.c (test_main): Likewise.
* testsuite/sha512-test.c (test_main): Likewise.
* configure.ac: Bumped version numbers. Package version
nettle-2.1, library versions libnettle.so.3.1, libhogweed.so.2.0.
* examples/nettle-benchmark.c (main): Benchmark sha384.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added sha384-test.c.
* testsuite/sha384-test.c: New file.
* Makefile.in (nettle_SOURCES): Added sha384-meta.c.
* sha384-meta.c: New file.
* sha.h: Added declarations for sha384. Some are aliases for the
corresponding sha512 definition.
* sha512.c (sha512_write_digest): New function.
(sha512_digest): Use it.
(sha384_init): New function.
(sha384_digest): New function.
2010-03-24 Niels Möller <nisse@lysator.liu.se>
* sha512.c: (sha512_digest): Simplified handling of any final
partial word of the digest.
* sha512.c: Reorganized to use _nettle_sha512_compress.
* sha512-compress.c (_nettle_sha512_compress): Compression
function extracted from sha512.c to a new file.
* Makefile.in (nettle_SOURCES): Added sha256-compress.c and
sha512-compress.c.
* sha256.c: Reorganized to use _nettle_sha256_compress.
* sha256-compress.c (_nettle_sha256_compress): Compression
function extracted from sha256.c to a new file.
* examples/nettle-benchmark.c (main): Benchmark sha512.
* rsa-keygen.c (rsa_generate_keypair): Ensure that bit size of e
is less than bit size of n, and check for the unlikely case p = q.
* rsa.h (RSA_MINIMUM_N_OCTETS, RSA_MINIMUM_N_BITS): Reduced, to
correspond to pkcs#1 encryption of single byte messagees.
* pgp-encode.c (pgp_put_rsa_sha1_signature): Check return value
from rsa_sha1_sign.
* rsa-compat.c (R_SignFinal): Likewise.
* rsa-md5-sign.c (rsa_md5_sign): Check and propagate return value
from pkcs1_rsa_md5_encode.
(rsa_md5_sign_digest): Check and propagate return value from
pkcs1_rsa_md5_encode_digest.
* rsa-md5-verify.c (rsa_md5_verify): Check return value from
pkcs1_rsa_md5_encode.
(rsa_md5_verify_digest): Check return value from
pkcs1_rsa_md5_encode_digest.
* rsa-sha1-sign.c: Analogous changes.
* rsa-sha1-verify.c: Analogous changes.
* rsa-sha256-sign.c: Analogous changes.
* rsa-sha256-verify.c: Analogous changes.
* rsa-sha512-sign.c: Analogous changes.
* rsa-sha512-verify.c: Analogous changes.
* pkcs1-rsa-md5.c (pkcs1_rsa_md5_encode)
(pkcs1_rsa_md5_encode_digest): Added return value. Check and
propagate return value from pkcs1_signature_prefix.
* pkcs1-rsa-sha256.c (pkcs1_rsa_sha256_encode)
(pkcs1_rsa_sha256_encode_digest): Likewise.
* pkcs1-rsa-sha1.c (pkcs1_rsa_sha1_encode)
(pkcs1_rsa_sha1_encode_digest): Likewise.
* pkcs1-rsa-sha512.c (pkcs1_rsa_sha512_encode)
(pkcs1_rsa_sha512_encode_digest): Likewise.
* pkcs1.c (pkcs1_signature_prefix): Interface change, take both
the total size and digest size as arguments, and return a status
code to say if the size was large enough.
* testsuite/Makefile.in: Added hogweed dependency for the test
programs.
2010-03-23 Niels Möller <nisse@lysator.liu.se>
* testsuite/rsa-test.c (test_main): Test signing with sha512.
* testsuite/testutils.c (test_rsa_sha512): New function.
* Makefile.in (hogweed_SOURCES): Added pkcs1-rsa-sha512.c,
rsa-sha512-sign.c and rsa-sha512-verify.c.
* rsa.h: Added prototypes for sha512-related functions.
(RSA_MINIMUM_N_OCTETS, RSA_MINIMUM_N_BITS): Increased.
* pkcs1.h: Added prototypes for sha512-related functions.
* rsa-sha512-verify.c: New file.
* rsa-sha512-sign.c: New file.
* pkcs1-rsa-sha512.c: New file.
2010-03-22 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (nettle_SOURCES): Added hmac-sha512.c.
* testsuite/hmac-test.c (test_main): Added test cases for
hmac-sha512.
* hmac.h: Declare functions sha512-related functions.
* hmac-sha512.c (hmac_sha512_set_key): New file.
Basic sha512 support.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added sha512-test.c.
* testsuite/sha512-test.c: New file.
* macros.h (READ_UINT64, WRITE_UINT64): New macros.
* Makefile.in (nettle_SOURCES): Added sha512.c and sha512-meta.c.
* sha.h: Added sha512-related declarations.
* nettle-meta.h: Likewise.
* sha512-meta.c: New file.
* sha512.c: New file.
2010-03-06 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (distdir): Include x86_64 assembler files.
2010-01-20 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Check for mpz_powm_sec.
2010-01-13 Niels Möller <nisse@lysator.liu.se>
* Makefile.in ($(LIBHOGWEED_FORLINK)): Depend on
$(LIBNETTLE_FORLINK).
* configure.ac (LIBHOGWEED_LIBS): Added -lnettle -lgmp for the
default case. Follows debian, and also makes dlopen of
libhogweed.so work, without having to use RTLD_GLOBAL.
(LIBHOGWEED_LINK): Added -L., to find our libnettle.so.
2009-10-21 Niels Möller <nisse@lysator.liu.se>
* tools/Makefile.in (pkcs1-conv$(EXEEXT)): Added dependency on
../libhogweed.a.
2009-10-19 Niels Möller <nisse@lysator.liu.se>
* tools/pkcs1-conv.c: Updated for dsa/der interface change.
* der2dsa.c (dsa_public_key_from_der_iterators): Split into two
new functions...
(dsa_params_from_der_iterator): New function.
(dsa_public_key_from_der_iterator): New function.
(dsa_openssl_private_key_from_der_iterator): Renamed, was
dsa_private_key_from_der_iterator.
(dsa_openssl_private_key_from_der): Likewise.
* dsa.h: Corresponding changees to prototypes and #defines.
2009-10-12 Niels Möller <nisse@lysator.liu.se>
* sexp-format.c: Removed conditioning on HAVE_LIBGMP.
* tools/pkcs1-conv.c: Support for DSA keys, contributed by Magnus
Holmgren.
* Makefile.in (hogweed_SOURCES): Added dsa2sexp.c and der2dsa.c.
* der2dsa.c: New file, contributed by Magnus Holmgren.
* dsa2sexp.c: Likewise.
* dsa.h: Added prototypes.
* configure.ac (LIBHOGWEED_MINOR): Bumped libhogweed minor
version, now it's 1.1.
* testsuite/rsa2sexp-test.c (test_main): Updated testcase for
"rsa-pkcs1".
2009-10-11 Niels Möller <nisse@lysator.liu.se>
* rsa2sexp.c (rsa_keypair_to_sexp): Changed default algorithm name
to "rsa-pkcs1".
2009-09-20 Niels Möller <nisse@lysator.liu.se>
* x86/sha1-compress.asm: Improved performance by 17% on AMD K7,
by letting loopmix scramble the instruction order.
2009-09-15 Niels Möller <nisse@lysator.liu.se>
* x86/sha1-compress.asm: Cleanup, removing old cruft. Slight
improvement to ROUND_F1_NOEXP. Slight reduction of
dependency-chains.
2009-08-25 Niels Möller <nisse@lysator.liu.se>
* x86/sha1-compress.asm: Eliminated tmp variable for f3 rounds.
* examples/nettle-benchmark.c (bench_sha1_compress): New function,
for precise benchmarking of the compression function.
2009-06-08 Niels Möller <nisse@lysator.liu.se>
* Released nettle-2.0.
2009-06-04 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Set version to 2.0
2009-05-30 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (.texinfo.info): Don't use a temporary output file
$@T, trust makeinfo to remove output file on errors.
2009-05-19 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo: Changed license to public domain.
2009-05-11 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo: Fixes from Karl Berry. Added some more index
terms.
2009-03-06 Niels Möller <nisse@lysator.liu.se>
* x86_64/aes-encrypt-internal.asm: Reduced unrolling. Keep state
in %eax--%edx only.
* x86_64/aes-decrypt-internal.asm: Likewise.
* x86_64/aes.m4 (MOVE_HREG): Deleted, no longer needed.
(AES_STORE): Reduced offsets.
(AES_ROUND): Use HREG directly, not MOVE_HREG.
* x86_64/aes-decrypt-internal.asm: Rearrange register allocation.
Put SA--SD in %eax--%edx, so the second byte can be accessed as
%ah-%dh. TD is not needed, SD can be reused. Use the register that
is saved for the outer loop counter, getting it off the stack.
* x86_64/aes-encrypt-internal.asm: Likewise.
* x86_64/aes.m4 (HREG, MOVE_HREG): New macros.
(XREG): Fixed bug in handling of %r8 and %r9.
(AES_ROUND): Use MOVE_HREG.
2009-02-10 Niels Möller <nisse@lysator.liu.se>
* base16-meta.c (base16_encode_update_wrapper): Mark ctx argument
as UNUSED.
* testsuite/sexp-conv-test: Updated testcases for improved
handling of comments.
* tools/sexp-conv.c (sexp_convert_item): Use sexp_put_soft_newline
to terminate comments, and modify indentation for the case that a
list starts with a comment.
* tools/output.c (sexp_output_init): Initialize soft_newline.
(sexp_put_raw_char): Clear soft_newline.
(sexp_put_newline): Check and reset soft_newline.
(sexp_put_soft_newline): New function.
* tools/output.h (struct sexp_output): Removed union with single
element, and updated all users. New attribute soft_newline.
2008-12-22 Niels Möller <nisse@lysator.liu.se>
* Makefile.in ($(des_headers)): Create files in $(srcdir).
2008-11-28 Niels Möller <nisse@lysator.liu.se>
* testsuite/cxx-test.cxx: Include <cstdio>.
2008-11-22 Niels Möller <nisse@lysator.liu.se>
* yarrow256.c (yarrow256_fast_reseed): Set ctx->seeded = 1, so
that it is set if and only if the aes context has been initialized
with aes_set_encrypt_key.
(yarrow256_seed): No need to set ctx->seeded here.
(yarrow256_update): Likewise.
2008-11-04 Niels Möller <nisse@lysator.liu.se>
* examples/next-prime.c (main): Avoid using gmp_fprintf, to stay
compatible with gmp-3.1.
2008-11-01 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo: Updated for 2.0. New section on linking.
* nettle-types.h, nettle-meta.h: Moved all typedefs for function
types to nettle-types.h. Use non-pointer types, so that the types
can be used to declare functions. Updated all users.
2008-10-31 Niels Möller <nisse@lysator.liu.se>
* testsuite/yarrow-test.c (test_main): Updated for seed file
changes.
* sha-example.c (display_hex): Use %02x, not %2x.
2008-10-30 Niels Möller <nisse@lysator.liu.se>
* tools/sexp-conv.c (main): Fixed file locking.
2008-10-25 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Set version to 2.0rc1.
* examples/Makefile.in (next-prime$(EXEEXT)): Added -lnettle to
linker.
2008-10-24 Niels Möller <nisse@lysator.liu.se>
* sha256.c (ROUND): Simplified macro.
* yarrow256.c (yarrow256_fast_reseed): Renamed (was
yarrow_fast_reseed) and made non-static. Don't generate seed file
here, let the application use yarrow256_random instead.
(yarrow256_slow_reseed): Renamed (was yarrow_slow_reseed) and made
non-static.
(yarrow256_force_reseed): Deleted function, use
yarrow256_slow_reseed instead. For backwards compatibility,
yarrow.h defines yarrow256_force_reseed as an alias for that
function.
* yarrow.h (struct yarrow256_ctx): Deleted seed_file buffer.
2008-09-17 Niels Möller <nisse@lysator.liu.se>
* x86/arcfour-crypt.asm: Improved loop logic, and unrolled
loop twice. Gave a modest speedup.
2008-09-15 Niels Möller <nisse@lysator.liu.se>
* yarrow256.c (yarrow256_seed): Disallow length == 0.
* base64-decode.c (decode_table): Added vertical tab (VT) and form
feed (FF) as white space characters.
* x86_64/aes-decrypt-internal.asm: New file.
2008-09-13 Niels Möller <nisse@lysator.liu.se>
* x86/aes-encrypt-internal.asm: Replaced pushl and popl in the
loop with movl. Eliminated redundant movl.
* x86/aes-decrypt-internal.asm: Likewise.
* x86_64/aes.m4: New file.
* x86/aes-encrypt-internal.asm: Updated for AES_FINAL_ROUND. Only
three times through the substitution loop.
* x86/aes-decrypt-internal.asm: Likewise.
* x86_64/aes-encrypt-internal.asm: Likewise.
* x86/aes.m4 (AES_FINAL_ROUND): Do the substitution on the least
significant byte here.
* x86/aes-encrypt-internal.asm: Updated use of AES_SUBST_BYTE. USe
decl for outer loop.
* x86/aes-decrypt-internal.asm: Likewise.
* x86/aes.m4 (LREG, HREG): New macros.
(AES_SUBST_BYTE): Take state registers as argument. Use LREG to
get the corresponding byte register.
(AES_ROUND): Use movzbl together with LREG and HREG.
(AES_SUBST_BYTE): Likewise.
2008-09-10 Niels Möller <nisse@lysator.liu.se>
* x86_64/sha1-compress.asm: Avoid using registers %rbx and %rbp,
which must be preserved.
2008-09-08 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (stamp-h.in): Use $(AUTOHEADER).
* x86_64/sha1-compress.asm: New x86_64 assembler, based on the x86
version.
* configure.ac (asm_path): Set up asm_path for x86_64.
* x86_64/machine.m4: New file, new directory.
2008-08-28 Niels Möller <nisse@lysator.liu.se>
* examples/eratosthenes.c (main): Rewrote block-wise sieving to
use less memory. New options -s and -v.
2008-08-27 Niels Möller <nisse@lysator.liu.se>
* testsuite/sexp-conv-test (print_raw, print_nl): Use printf.
Updated testcases with comments; comments are now preserved.
* tools/sexp-conv.c (sexp_convert_item): Keep comments in advanced
output.
(parse_options): New --lock option.
(main): Optionally lock output file.
* tools/parse.c (sexp_check_token): Removed check for "any" token.
All callers specify the token they expect.
(sexp_parse): Pass on comment tokens.
* tools/output.c (sexp_put_data): Made non-static.
* tools/input.c (sexp_get_comment): New function.
(sexp_get_token): Use sexp_get_comment.
* tools/misc.h (enum sexp_token): Start enumeration with zero, zero
is no longer used to mean any type. New type SEXP_COMMENT.
* configure.ac: Check for fcntl file locking.
2008-08-26 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (tags-here): Put TAGS file in the source directory.
* examples/Makefile.in (tags): Likewise.
* testsuite/Makefile.in (tags): Likewise.
* tools/Makefile.in (tags): Likewise.
2008-02-29 Niels Möller <nisse@lysator.liu.se>
* examples/Makefile.in (SOURCES): Added next-prime.c.
2008-01-05 Niels Möller <nisse@lysator.liu.se>
* examples/Makefile.in (TARGETS): Added eratosthenes and next-prime.
(next-prime, eratosthenes): New rules.
(nettle-benchmark): Don't rely on $@.
* examples/eratosthenes.c (find_first_one): Optimized, using
slightly larger table.
(main): Use atol, rather than atoi.
* testsuite/symbols-test: Check symbols also in libhogweed.
* examples/next-prime.c: New file.
Deleted code for detailed timing.
* Makefile.in (hogweed_SOURCES): Added bignum-next-prime.c.
(DISTFILES): Added prime-list.h.
(hogweed_OBJS): Removed $(LIBOBJS).
* bignum-next-prime.c (nettle_next_prime): Renamed function, for
name space reasons. Was bignum_next_prime. Updated call in
rsa-keygen.c.
(primes): Use prime-list.h.
(nettle_next_prime): Skip Fermat test. Use mpz_millerrabin
directly, rather than mpz_probab_prime_p, when the former is
available.
* bignum.h (nettle_next_prime): New prototype.
* rsa-keygen.c (bignum_next_prime): Deleted, moved to
bignum-next-prime.c. Call with a larger prime limit, this improves
the running time of lsh-keygen by roughly 25%.
* prime-list.h: List of odd primes < 2^16.
* configure.ac: Check for sizeof(long).
2008-01-03 Niels Möller <nisse@lysator.liu.se>
* examples/nettle-benchmark.c (main): Removed incorrect UNUSED
from declaration.
* bignum-next-prime.c: Moved the bignum_next_prime function to a
separate file.
2007-09-08 Niels Möller <nisse@lysator.liu.se>
* sparc64/aes-encrypt-internal.asm: The directory with the aes.m4
include file was renamed from "sparc" to "sparc32". Updated include.
* sparc64/aes-decrypt-internal.asm: Likewise.
* sparc32/aes-encrypt-internal.asm: Likewise.
* sparc32/aes-decrypt-internal.asm: Likewise.
2007-09-07 Niels Möller <nisse@lysator.liu.se>
* examples/read_rsa_key.c: Include stdlib.h.
2007-06-02 Niels Möller <nisse@lysator.liu.se>
* Makefile.in: Typo fixes to install targets, spotted by Magnus
Holmgren.
2007-05-14 Niels Möller <niels@s3.kth.se>
* configure.ac: Fixed copy-and-paste errors in shared library
name setup.
* config.make.in (LIBNETTLE_SONAME, LIBHOGWEED_SONAME): Define.
* Makefile.in (libnettle.so, libhogweed.so): Fixed rules.
* Makefile.in: Split nettle library into two files, libnettle.a
and libhogweed.a, and similarly for the shared libraries.
* configure.ac: Bumped nettle so-versions to 3.0. Set hogweed
so-versions to 1.0. New makefile conditionals IF_SHARED and
IF_HOGWEED. Renamed WITH_PUBLIC_KEY to WITH_HOGWEED. Deleted
SHLIBTARGET, SHLIBINSTALL, RSA_EXAMPLES and RSA_TOOLS.
* config.make.in: Updated for hogweed split.
* C source files: Don't use WITH_PUBLIC_KEY / WITH_HOGWEED, the
Makefile sorts out which files should be compiled.
* pgp.h: Include bignum.h, don't pretend to work without bignums.
* pgp-encode.c (pgp_put_mpi, pgp_put_public_rsa_key)
(pgp_put_rsa_sha1_signature): Define unconditionally. Removed the
checking of HAVE_LIBGMP and WITH_PUBLIC_KEY.
* examples/io.h: Use WITH_HOGWEED, not WITH_PUBLIC_KEY.
* examples/io.c (read_rsa_key): Deleted, moved to...
* examples/read_rsa_key.c: New file, extracted from io.c.
* examples/Makefile.in: Use IF_HOGWEED instead of RSA_EXAMPLES.
Link appropriate programs with -lhogweed.
(SOURCES): Added read_rsa_key.c.
* tools/Makefile.in (pkcs1-conv): Use IF_HOGWEED, not @RSA_TOOLS@,
for configuration. Link with -lhogweed.
* testsuite/testutils.h: Use WITH_HOGWEED, not WITH_PUBLIC_KEY.
* testsuite/testutils.c: Likewise.
* testsuite/Makefile.in (TS_NETTLE_SOURCES, TS_HOGWEED_SOURCES):
Separate test cases using nettle and those also using hogweed.
2007-04-05 Niels Möller <nisse@lysator.liu.se>
* Moved in CVS tree. Also renamed directory sparc to sparc32.
2007-02-24 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (clean-here): Remove .lib directory.
(distclean-here): Remove machine.m4.
2006-12-05 Niels Möller <nisse@lysator.liu.se>
* configure.ac: AC_PREREQ 2.61, for AC_PROG_MKDIR_P.
* config.make.in (datarootdir): New directory variable (for
autoconf-2.61).
2006-11-28 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Bumped version to 1.16.
* Released nettle-1.15.
2006-11-27 Niels Möller <nisse@lysator.liu.se>
* NEWS: New entry for nettle-1.15.
* configure.ac (SHLIBMINOR): Bumped version. Library name is now
libnettle.so.2.6.
* sha256.c: Changed copyright notice to use the LGPL.
* Makefile.in (DISTFILES): Added COPYING.LIB.
* COPYING.LIB: New file (previously only the plain GPL was
included in the distribution).
* nettle.texinfo: Updated vor nettle-1.15.
* testsuite/rsa-test.c (test_main): Use test_rsa_sha256.
* testsuite/testutils.c (test_rsa_sha256): New function.
* testsuite/Makefile.in (DISTFILES): Replaces rfc1750.txt by
gold-bug.txt.
* rsa.h (rsa_sha256_sign, rsa_sha256_verify)
(rsa_sha256_sign_digest, rsa_sha256_verify_digest): New declarations.
(RSA_MINIMUM_N_OCTETS, RSA_MINIMUM_N_BITS): Increased to
62 octets and 489 bits, respectively, for supporting sha256.
* pkcs1.h (pkcs1_rsa_sha256_encode)
(pkcs1_rsa_sha256_encode_digest): New declarations and name
mangling symbols.
* Makefile.in (nettle_SOURCES): Added pkcs1-rsa-sha256.c,
rsa-sha256-sign.c, rsa-sha256-verify.c.
* pkcs1-rsa-sha256.c, rsa-sha256-sign.c, rsa-sha256-verify.c: New
files.
* COPYING, INSTALL, install-sh, texinfo.tex: Updated files, from
automake-1.10.
2006-11-27 Niels Möller <niels@s3.kth.se>
* tools/Makefile.in (install): Use MKDIR_P to create installation
directory. Install only one file at a time.
* Makefile.in (MKDIR_P): Use MKDIR_P for creating installation
directories.
* configure.ac: Use AC_PROG_MKDIR_P.
2006-11-24 Niels Möller <nisse@lysator.liu.se>
* testsuite/yarrow-test.c (test_main): Use gold-bug.txt as input
file, instead of rfc1750.txt.
* testsuite/gold-bug.txt: New test input file for yarrow-test.
The copyright on this short story by Edgar Allan Poe has expired.
* testsuite/rfc1750.txt: Deleted file. Debian considers RFC:s
non-free, and it was expired anyway. Replaced by gold-bug.txt.
2006-11-24 Niels Möller <niels@s3.kth.se>
* Almost all header files: Added C++ guards.
* configure.ac: Test if the system has any C++ compiler.
* config.make.in (CXX, CXXFLAGS, COMPILE_CXX, LINK_CXX): New variables.
* testsuite/Makefile.in: New variables TS_C and TS_CXX. Setup for
compiling the C++ file cxx-test.cxx.
* testsuite/cxx-test.cxx: New testcase, trying to use nettle from
a C++ program.
2006-08-28 Niels Möller <niels@s3.kth.se>
* index.html: Added section on language bindings.
2006-06-10 Niels Möller <niels@s3.kth.se>
* configure.ac: Darwin shared library support, from Grant
Robinsson.
2006-05-18 Niels Möller <nisse@lysator.liu.se>
* src/nettle/x86/aes.asm: Deleted unused file.
* aes-decrypt.c (_aes_decrypt_table): Deleted the indexing array,
previously commented out.
* aes-encrypt-table.c (_aes_encrypt_table): Likewise.
* Makefile.in (.texinfo.info, .dvi.ps): Use more quotes with
basename.
(install-here, install-shared, install-info, install-headers): Use
plain mkdir, not $(INSTALL) -d.
2006-05-16 Niels Möller <niels@s3.kth.se>
Merged from the lsh experimental branch.
2006-04-26 Niels Möller <nisse@lysator.liu.se>
* examples/rsa-decrypt.c: Don't include "getopt.h", since it's not used.
* examples/nettle-benchmark.c: Include "getopt.h".
* examples/Makefile.in (GETOPT_OBJS): New variable.
(rsa-keygen, rsa-encrypt, nettle-benchmark): Depend on and link
with $(GETOPT_OBJS).
* x86/aes-decrypt-internal.asm: Use ALIGN.
* x86/aes-encrypt-internal.asm: Likewise.
* x86/arcfour-crypt.asm: Likewise.
* x86/md5-compress.asm: Likewise.
* x86/sha1-compress.asm: Likewise.
* config.m4.in (ASM_ALIGN_LOG): Substitute.
* configure.ac (ASM_ALIGN_LOG): Check if .align directive is
logarithmic.
* asm.m4 (ALIGN): New macro. Takes a logarithmic argument, and
expands to a .align directive.
2006-04-21 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo (Public-key algorithms): Say that the public key
operations are undocumented, not unsupported. Reported by Jeronimo
Pellegrini.
2006-04-08 Niels Möller <nisse@lysator.liu.se>
* tools/pkcs1-conv.c (read_pem): Fixed c99-style declaration.
Reported by Henrik Grubbström.
2006-01-31 Niels Möller <niels@s3.kth.se>
* examples/rsa-verify.c: Fixed typo in usage message.
2005-12-05 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Bumped version to 1.15,
* Released nettle-1.14.
* NEWS: Updated for 1.14.
* configure.ac (SHLIBMINOR): Increased minor number. Library
version is now libnettle.so.2.5, soname still libnettle.so.2.
2005-11-28 Niels Möller <nisse@lysator.liu.se>
* config.make.in (INSTALL): Don't substitute INSTALL, INSTALL_DATA
and friends here, to get a correct a relative filename for
install-sh when used in tools/Makefile.
* tools/Makefile.in (INSTALL): Substitute INSTALL, INSTALL_DATA
and friends here.
* Makefile.in (INSTALL): Likewise.
2005-11-27 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (.texinfo.pdf): New rule. Avoid dependency on
intermediate .dvi and .ps files.
* testsuite/Makefile.in (clean): Delete sha1-huge-test.
* Makefile.in (install-info, install-headers): Don't use $< and
$?; Solaris make doesn't support them in explicit rules.
2005-11-26 Niels Möller <nisse@lysator.liu.se>
* testsuite/Makefile.in: Include .test-rules.make, which contains
the rules for all the test executables.
(test-rules): New rule, to update this file.
(DISTFILES): Added $(EXTRA_SOURCES).
* testsuite/.test-rules.make: Automatically generated file for
building the test programs.
2005-11-25 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Disable assembler when compiling with rntcl.
* tools/Makefile.in (pkcs1_conv_SOURCES): New variable.
(pkcs1-conv): Link with getopt.o and getopt1.o.
* Makefile.in (aesdata, desdata, shadata): Use explicit rules for
executables.
* testsuite/Makefile.in: Use %-rules for building the -test
executables, in addition to the suffix rules. Hopefully, this
should make all of GNU make, BSD make and Solaris make happy.
Use $(EXEEXT) and $(OBJEXT) more consistently.
* examples/Makefile.in: Use explicit rules for all executable
targets. Use $(EXEEXT) and $(OBJEXT) more consistently.
2005-11-25 Niels Möller <niels@s3.kth.se>
* testsuite/Makefile.in: Avoid using single-suffix rule to build
executables.
2005-11-24 Niels Möller <niels@s3.kth.se>
* Makefile.in (distdir): Use [ -f, not [ -e, since the latter
is less portable, and not supported by Solaris /bin/sh.
2005-11-23 Niels Möller <niels@s3.kth.se>
* testsuite/Makefile.in (DISTFILES): Added teardown-env.
* testsuite/teardown-env: New file. Delete files created by the
testsuite.
2005-11-21 Niels Möller <nisse@lysator.liu.se>
* testsuite/testutils.c (main): Fixed check for -v option. Spotted
by Goran K.
2005-11-21 Niels Möller <niels@s3.kth.se>
* ctr.h (CTR_CTX, CTR_CRYPT): Fixed bugs, spotted by Goran K.
2005-11-20 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (nettle_SOURCES): Added der2rsa.c.
* testsuite/Makefile.in (TS_SH): Added pkcs1-conv-test.
* tools/Makefile.in (TARGETS): Added @RSA_TOOLS@.
(SOURCES): Added pkcs1-conv.c.
(pkcs1-conv): New rule.
* tools/pkcs1-conv.c: New program.
* testsuite/pkcs1-conv-test: New file.
* examples/rsa-verify-test: Use rsa-sign to create signature.
* examples/io.c (read_file): Fixed spelling in error message.
* rsa.h (rsa_public_key_from_der_iterator)
(rsa_private_key_from_der_iterator, rsa_keypair_from_der): Declare
functions.
* der2rsa.c: New file.
* der-iterator.c (asn1_der_iterator_init): Initialize length and
data.
(asn1_der_iterator_next): Support for lengths >= 0x80.
(asn1_der_decode_constructed_last, asn1_der_decode_bitstring)
(asn1_der_decode_bitstring_last): New functions.
(asn1_der_get_bignum): Check for non-mininal encodings.
* configure.ac (RSA_TOOLS): New substituted variable. Includes
pkcs1-conv, when public-key support is enabled.
* bignum.h (nettle_asn1_der_get_bignum): Include nettle_-prefix in
declaration.
* asn1.h: Added name mangling defines, and a few new declarations.
2005-11-13 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (nettle_SOURCES): Added der-iterator.c.
(HEADERS): Added asn1.h.
* bignum.h (asn1_der_get_bignum): Declare function.
* der-iterator.c: New file.
* asn1.h: New file.
2005-11-07 Niels Möller <nisse@lysator.liu.se>
* examples/nettle-benchmark.c: Check HAVE_UNISTD_H.
* examples/Makefile.in (TARGETS): Use $(EXEEXT).
* tools/Makefile.in (TARGETS, sexp-conv, nettle-lfib-stream): Likewise.
* configure.ac: Use $host_cpu, not $host, when setting up the
assembler path. Use $host_os, not uname, when setting up shared
library flags.
* Makefile.in (des.$(OBJEXT)): Use OBJEXT.
* config.guess, config.sub: In the CVS tree, moved files to the
lsh top-level directory.
2005-10-23 Niels Möller <nisse@lysator.liu.se>
* sparc64/arcfour-crypt.asm: New file, almost the same as
sparc/arcfour-crypt.asm.
* examples/nettle-benchmark.c (display): Use two decimal places.
* sparc/arcfour-crypt.asm: Reorganized. Main loop unrolled four
times. Uses aligned 32-bit write accesses at DST. Still uses 8-bit
read accesses at SRC; could be improved int he case that SRC and
DST have compatible alignment.
2005-10-19 Niels Möller <niels@s3.kth.se>
* testsuite/arcfour-test.c (test_main): New testcase with 512
bytes of data.
2005-10-19 Niels Möller <nisse@lysator.liu.se>
* sparc/arcfour-crypt.asm: Fixed bug, spotted by Mikael Kalms. We
must order the store at [CTX+I] before the load of [CTX+SI+SJ].
2005-10-18 Niels Möller <nisse@lysator.liu.se>
* sparc/arcfour-crypt.asm: Special unrolled code if SRC and DST
have compatible alignment. Improves performance by 20%, but I'm
not sure it's worth the extra complexity.
* bignum.c (nettle_mpz_from_octets): Removed sign argument. If
mpz_import is available, define nettle_mpz_from_octets as a macro
calling mpz_import.
(nettle_mpz_from_octets): Start by setting x to zero; callers no
longer need to do that.
(nettle_mpz_set_str_256_s): New logic for the handling of negative
numbers. Convert in the same way as for positive numbers, and then
subtract the appropriate power of two.
2005-10-17 Niels Möller <nisse@lysator.liu.se>
* bignum.c (nettle_mpz_from_octets): Improved loop. Removed the
digit temporary (suggested by Torbjörn Granlund).
* sparc/arcfour-crypt.asm: Improved instruction scheduling.
* sparc/arcfour-crypt.asm: Bugfix, use lduh and stuh.
* sparc/arcfour-crypt.asm: New file.
* sparc64/aes.asm: Deleted unused file.
* x86/arcfour-crypt.asm: Use ARCFOUR_I and ARCFOUR_J
* asm.m4 (ARCFOUR): New struct.
2005-10-17 Niels Möller <niels@s3.kth.se>
* aes-internal.h (struct aes_table): Deleted idx and sparc_idx
arrays.
* aes-encrypt-table.c (_aes_encrypt_table): Likewise.
* aes-decrypt.c (_aes_decrypt_table): Likewise.
* asm.m4 (AES): Likewise
2005-10-16 Niels Möller <nisse@lysator.liu.se>
* tools/input.c (sexp_get_char): Use unsigned for the done flag.
* sparc64/aes-encrypt-internal.asm: Include sparc/aes.m4.
* sparc64/aes-decrypt-internal.asm: Likewise.
* sparc64/machine.m4: Use .register pseudo op to say that we use
%g2 and %g3 as scratch registers.
* sparc/aes-encrypt-internal.asm: Explicitly include sparc/aes.m4.
* sparc/aes-decrypt-internal.asm: Likewise.
* sparc/aes.m4: New file. Moved aes-related macros here...
* sparc/machine.m4: ... removed aes macros.
* x86/aes-encrypt-internal.asm: Explicitly include x86/aes.m4.
* x86/aes-decrypt-internal.asm: Likewise.
* x86/aes.m4: New file. Moved aes-related macros here, from...
* x86/machine.m4: ... removed aes macros.
* sparc64/aes-encrypt-internal.asm: New file.
* sparc64/aes-decrypt-internal.asm: New file.
* sparc64/machine.m4: Include the same aes macros used for
sparc32.
(BIAS): Define magic stack bias constant.
* sparc/aes-encrypt-internal.asm, sparc/aes-decrypt-internal.asm:
Reduced frame size to 104 bytes, since we no longer need wtxt and
tmp on the stack.
* sparc/aes.asm: Deleted old aes implementation.
* sparc/aes-decrypt-internal.asm: New file.
* sparc/machine.m4: Don't use m4 eval, instead rely on the
assembler's arithmetic.
* sparc/machine.m4 (AES_FINAL_ROUND): Better scheduling, by
interleaving independent operations.
* sparc/machine.m4 (TMP3): A third temporary register.
(AES_FINAL_ROUND): Prepared for scheduling.
* sparc/machine.m4 (AES_ROUND): Deleted unused argument T. Updated
all calls in aes-encrypt-internal.asm.
* sparc/machine.m4 (AES_ROUND): New loop invariants T0-T3, to
avoid the additions of the AES_TABLEx constants in the inner loop.
* sparc/machine.m4 (AES_ROUND): Better scheduling, by
interleaving independent operations.
* sparc/machine.m4 (AES_ROUND): Alternate between using TMP1 and
TMP2, to prepare for scheduling.
* sparc/aes-encrypt-internal.asm: Renamed Ti -> Xi.
* sparc/aes-encrypt-internal.asm: Fixed bugs. Now passes the
testsuite.
* sparc/machine.m4 (AES_ROUND, AES_FINAL_ROUND): Bugfixes. Put
NOPs in the load dely slots.
* sparc/aes-encrypt-internal.asm: Implemented. Not yet working,
and not optimized.
* sparc/machine.m4: Use TMP1 and TMP2, so we don't need to pass
them as arguments.
(AES_FINAL_ROUND): New macro.
2005-10-15 Niels Möller <nisse@lysator.liu.se>
* configure.ac (OBJDUMP): Substitute the program false if objdump
is not found.
* asm.m4 (PROLOGUE): Use TYPE_FUNCTION.
* config.m4.in: Substitute ASM_TYPE_FUNCTION as TYPE_FUNCTION.
* configure.ac (ASM_ELF_STYLE): Check for %function and #function,
but not for @function.
(ASM_TYPE_FUNCTION): New substituted variable.
* configure.ac (ASM_ELF_STYLE): Fixed .type foo,@function statement
used when checking for pseudo operations.
* sparc/machine.m4 (AES_LOAD, AES_ROUND): Started writing new AES
macros.
* sparc/aes-encrypt-internal.asm: New file.
2005-10-14 Niels Möller <nisse@lysator.liu.se>
* x86/aes-decrypt.asm, x86/aes-encrypt.asm: Deleted files.
* x86/aes-decrypt-internal.asm: New file.
* x86/machine.m4: Changed AES macros, to handle a table register.
Also take more of the used registers as argument.
* x86/aes-encrypt-internal.asm: Rewritten to match new interface,
with the table pointer as an argument. Unlike the old code, this
should really be position independent.
* configure.ac: When looking for assembler files, link in
aes-encrypt-internal.asm and aes-decrypt-internal.asm. Don't look
for aes.asm, aes-encrypt.asm and aes-decrypt.asm.
* configure.ac (OBJDUMP): Use AC_CHECK_TOOL to check for objdump.
(ASM_MARK_NOEXEC_STACK): Use $OBJDUMP when examining the object file.
* Makefile.in (nettle_SOURCES): Removed aes.c,
aes-decrypt-table.c. Added aes-decrypt-internal.c and aes-encrypt-internal.c.
* aes.c, aes-decrypt-table.c: Deleted files.
* aes-decrypt.c (_aes_decrypt_table): Moved table here, and made
static.
* aes-internal.h (_aes_decrypt_table): Don't declare, it's no
longer globally visible.
* aes-decrypt-internal.c (_nettle_aes_decrypt): New AES decryption
function, analogous to _nettle_aes_encrypt.
2005-10-14 Niels Möller <niels@s3.kth.se>
* aes-internal.h (AES_ROUND, AES_FINAL_ROUND): New macros.
* aes-encrypt-internal.c (_nettle_aes_encrypt): New AES encryption
function, avoiding the table-based indexing.
* sha1-compress.c: Added debugging code.
* md5-compress.c: Likewise.
2005-10-13 Niels Möller <niels@s3.kth.se>
* config.m4.in (ASM_MARK_NOEXEC_STACK): Use a diversion, to
substitute the value of ASM_MARK_NOEXEC_STACK at the end of each
assembler file.
* configure.ac (ASM_MARK_NOEXEC_STACK): Check if the C compiler
generates a .note.GNU-stack section. If so, we should do the same
in our assembler files.
* sparc64/aes.asm: New file. Copy of sparc/aes.asm, with minor
changes to the stack frame layout. Patch contributed by Henrik
Grubbström. Not yet tested.
* x86/md5-compress.asm: Skip copying of input to the stack, and
don't allocate space for it.
(F1): Fixed bug.
* testsuite/md5-test.c: Document intermediate values for first
test case.
* configure.ac (asm_path): Check for sparc64, and use sparc64
subdirectory. Link in md5-compress.asm, if it exists.
2005-10-13 Niels Möller <nisse@lysator.liu.se>
* x86/md5-compress.asm (REF): Fixed calculation of offset.
2005-10-12 Niels Möller <nisse@lysator.liu.se>
* x86/machine.m4 (OFFSET): Moved macro, used to be in...
* x86/sha1-compress.asm (OFFSET): ... removed macro.
* x86/md5-compress.asm: New file, with first attempt at md5
assembler. Not yet working.
2005-10-11 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (nettle_SOURCES): Added md5-compress.c.
* md5.c: Reorganized to use _nettle_md5_compress, in analogy with
sha1.c.
* md5-compress.c (_nettle_md5_compress): New file and new function.
2005-10-10 Niels Möller <niels@s3.kth.se>
* testsuite/Makefile.in (EXTRA_SOURCES, EXTRA_TARGETS): New
variables, for test cases that are not run by default.
* testsuite/sha1-huge-test.c (test_main): New test case, with a
very large sha1 input.
* testsuite/testutils.c (test_hash_large): New function.
* sha1.c (sha1_block): Deleted function; inlined where used.
(SHA1_INCR): New macro for incrementing the block count.
2005-10-06 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Bumped version to 1.14.
* Released nettle-1.13.
* configure.ac: Check for openssl/aes.h.
* Makefile.in (distdir): Use a loop to pick up the contents of
$(DISTFILES) from source and build directories. For some reason,
$? failed to find stamp-h.in in the source directory.
2005-10-05 Niels Möller <nisse@lysator.liu.se>
* x86/aes-decrypt.asm: Use C_NAME(_nettle_aes_decrypt_table) when
using the AES_SUBST_BYTE macro. Use PROLOGUE and EPILOGUE.
* x86/sha1-compress.asm: Use PROLOGUE and EPILOGUE.
* x86/arcfour-crypt.asm: Likewise.
* x86/aes-encrypt.asm: Likewise.
* config.m4.in (ELF_STYLE): Substitute configure's ASM_ELF_STYLE.
* asm.m4 (PROLOGUE, EPILOGUE): New macros, checking the value of
ELF_STYLE. So far, used and tested only for the x86 assembler
files, and needed to make the assembler happy both with ELF
(linux, solaris) and COFF (windows).
* configure.ac (NM): Use AC_CHECK_TOOL to check for nm.
(ASM_SYMBOL_PREFIX): Use $NM when examining the object file.
(ASM_ELF_STYLE): New variable. Set to 'yes' if assembling a file
with ELF-style .type and .size pseudo ops works.
* Makefile.in (TARGETS, DISTFILES): Added nettle.pdf.
(.texinfo.dvi, .dvi.ps, .ps.pdf): New targets, to build nettle.pdf.
(DOCTARGETS): New variable with targets that shouldn't be deleted
by make clean.
(maintainer-clean-here): New target. Deletes generated
documentation files.
* nettle.texinfo: Define AUTHOR with accents, when running in TeX
mode, which doesn't handle latin-1 properly. Set UPDATED-FOR to
1.13. Updated copyright years, and introduced a COPYRIGHT-YEARS
symbol. Updated copyright section, to mention assembler
implementations.
(Cipher modes): Transformed the Cipher Block Chaining to a section
Cipher modes, describing both CBC and the new CTR mode.
* src/nettle/x86/aes_tables.asm: Deleted unused file.
* x86/aes.asm: Deleted contents. This file is needed just to
override aes.c, which isn't needed for the x86 implementation.
* configure.ac (SHLIBMINOR): Increased minor number. Library
version is now libnettle.so.2.4, soname still libnettle.so.2.
* examples/nettle-benchmark.c (main): Reordered hash benchmarks.
* x86/sha1-compress.asm (EXPAND): Use % 16 instead of & 15 to
compute offsets mod 16, since m4 on FreeBSD 49.RELEASE and NetBSD
doesn't implement & correctly in eval.
2005-10-03 Niels Möller <nisse@lysator.liu.se>
* x86/sha1-compress.asm (OFFSET): New macro.
(F3): Eliminated a movl.
(ROUND): New argument, for k. When using F3, it's TMP3, on the
stack, otherwise, it is kept in TMP2, a register.
2005-10-03 Niels Möller <niels@s3.kth.se>
* examples/nettle-openssl.c: Use correct block sizes for openssl
ciphers.
* examples/nettle-benchmark.c: Also display cycles per block.
2005-10-02 Niels Möller <nisse@lysator.liu.se>
* sha1-compress.c (_nettle_sha1_compress): Updated to new
interface. Now responsible for byte conversion.
* x86/sha1-compress.asm (_nettle_sha1_compress): Do byte order
conversion, and store the input data on the stack. This leaves one
more register free for other uses.
* examples/nettle-benchmark.c: Now display cycles/byte, if the -f
option is used to say what the clock frequency is.
* sha1.c (sha1_block): Don't convert data from uint8_t to
uint32_t, that's now the responsibility of _nettle_sha1_compress.
* sha.h (_nettle_sha1_compress): Changed interface. Second
argument is now a pointer to the input data in unaligned,
big-endian form.
2005-09-28 Niels Möller <niels@s3.kth.se>
* sha1.c (sha1_final): Call sha1_block, don't call the compression
function _nettle_sha1_compress directly.
* nettle-internal.h (nettle_openssl_md5)
(nettle_openssl_sha1): Declare.
* examples/nettle-benchmark.c (main): Benchmark openssl md5 and
sha1.
* examples/nettle-openssl.c (nettle_openssl_md5)
(nettle_openssl_sha1): Added glue for openssl hash functions.
* nettle-internal.h (nettle_openssl_aes128, nettle_openssl_aes192)
(nettle_openssl_aes256, nettle_openssl_arcfour128): Declare.
* examples/nettle-benchmark.c: Check WITH_OPENSSL, not
HAVE_LIBCRYPTO. Benchmark openssl's aes and arcfour code.
* examples/nettle-openssl.c: Updated openssl des glue to use the
new openssl des interface. Added glue for arcfour and aes.
2005-09-27 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo (RSA): Improved text about the RSA patent.
Use @documentencoding ISO-8859-1.
2005-09-07 Niels Möller <niels@s3.kth.se>
* tools/sexp-conv.c (parse_options): New option --raw-hash, for
compatibility with lsh-1.x. Equivalent to --hash.
2005-09-06 Niels Möller <niels@s3.kth.se>
* tools/sexp-conv.c (main): With --hash, output a newline after
each hash.
2005-07-02 Niels Möller <nisse@lysator.liu.se>
* testsuite/Makefile.in (TS_SOURCES): Added ctr-test.c.
* testsuite/testutils.c (test_cipher_ctr): New function.
* testsuite/ctr-test.c: New file.
* testsuite/cbc-test.c (test_main): Use static const for msg.
* Makefile.in (nettle_SOURCES): Added ctr.c.
(HEADERS): Added ctr.h.
(HEADERS): Added nettle-types.h.
(INSTALL_HEADERS): Install nettle-stdint.h.
(distclean-here): Delete nettle-stdint.h, not nettle-types.h.
* ctr.c (ctr_crypt): New file, new function.
* memxor.c (memxor3): New function, suggested by Adam Langley.
* nettle-internal.h (NETTLE_MAX_CIPHER_BLOCK_SIZE): New constant.
* nettle.texinfo (Cipher functions): Fixed typo in prototype for
arctwo_encrypt (noticed by Adam Langley).
* nettle-meta.h: No longer needs to include cbc.h.
* cbc.h (nettle_crypt_func): Moved typedef to nettle-types.h.
(CBC_ENCRYPT, CBC_DECRYPT): Deleted older #if:ed out versions.
* configure.ac (AX_CREATE_STDINT_H): Use the file name
nettle-stdint.h, not nettle-types.h.
* nettle-types.h: New file. Automatically generated declarations
are now in nettle-stdint.h.
2005-03-17 Niels Möller <niels@s3.kth.se>
* config.guess: Support Solaris on x86_64. Fix by Henrik
Grubbström.
2005-01-03 Niels Möller <niels@s3.kth.se>
* examples/io.h: Include RSA declarations only when public key
algorithms are enabled. Problem reported by Meilof Veeningen
<meilof@gmail.com>.
2004-12-07 Niels Möller <nisse@lysator.liu.se>
* Makefile.in: Install directories, using $(INSTALL) -d, only if
they don't exist already.
2004-12-05 Niels Möller <nisse@lysator.liu.se>
* config.make.in (.PRECIOUS): Reverted earlier change. We need
.PRECIOUS to stop GNU make from deleting object files for the test
programs.
2004-12-02 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (.SUFFIXES): Moved from Makefile.in to...
* config.make.in (.SUFFIXES): ... here. This helps compilation
with BSD make.
* testsuite/Makefile.in (.SUFFIXES): Deleted target.
* config.make.in (.c): Disable default rule for BSD-make.
* Makefile.in (all check install uninstall)
(clean distclean mostlyclean maintainer-clean): Don't use the -C
flag when invoking make, for compatibility with Solaris make.
2004-12-02 Niels Möller <niels@s3.kth.se>
* Makefile.in (aesdata, desdata): Commented out the explicit
targets.
(shadata): Avoid using $< in non-pattern rule.
2004-12-01 Niels Möller <nisse@lysator.liu.se>
* config.make.in: Added a default target.
2004-11-29 Niels Möller <nisse@lysator.liu.se>
* testsuite/Makefile.in: Use .$(OBJEXT). Explicitly set .SUFFIXES.
* Makefile.in: Use .$(OBJEXT).
2004-11-28 Niels Möller <nisse@lysator.liu.se>
* tools/Makefile.in (nettle-lfib-stream): Avoid using $< in
non-suffix rule.
* Makefile.in (distdir): Handle absolute $distdir.
Avoid using the GNU extension $^.
* examples/Makefile.in: Avoid using the GNU extension $^.
* tools/Makefile.in: Likewise.
* testsuite/Makefile.in: Likewise.
2004-11-24 Niels Möller <niels@s3.kth.se>
* configure.ac: Fixed typo, preventing the creation of dependency
files.
2004-11-23 Niels Möller <nisse@lysator.liu.se>
* Makefile.in: Use DEP_INCLUDE.
* tools/Makefile.in: Likewise.
* testsuite/Makefile.in: Likewise.
* examples/Makefile.in: Likewise.
* configure.ac (dummy-dep-files): Generate only of dependency
tracking is enabled.
2004-11-18 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (clean-here): The clean target should not delete the
dependency files. Moved to the distclean target.
* examples/Makefile.in: Likewise.
* testsuite/Makefile.in: Likewise.
* tools/Makefile.in: Likewise.
* configure.ac (ASM_SYMBOL_PREFIX): Fixed test.
(dummy-dep-files): Added quotes to sed command.
2004-11-17 Niels Möller <nisse@lysator.liu.se>
* testsuite/symbols-test: Try plain nm if nm -g doesn't work.
* x86/sha1-compress.asm: Use C_NAME for global symbols.
* x86/aes-encrypt.asm: Likewise.
* x86/aes-decrypt.asm: Likewise.
* x86/arcfour-crypt.asm: Likewise.
* Makefile.in (config.m4): New rule.
* config.m4.in (C_NAME): New macro.
* configure.ac (ASM_SYMBOL_PREFIX): Check if global symbols have a
leading underscore.
2004-11-16 Niels Möller <nisse@lysator.liu.se>
* Deleted getopt.c, getopt.h and getopt1.c from the CVS tree. Link
them from shared copies in lsh/misc instead.
2004-11-14 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (DEP_FILES): Try include with only one macro
argument to be expanted.
* configure.ac (dummy-dep-files): Create dummy dependency files,
so that they can be included by the makefiles.
2004-11-13 Niels Möller <nisse@lysator.liu.se>
* Makefile.in: Don't use -include, as it's GNU make specific.
* examples/Makefile.in, tools/Makefile.in, testsuite/Makefile.in:
Likewise.
* examples/nettle-openssl.c: Check WITH_OPENSSL, not HAVE_LIBCRYPTO.
* configure.ac: Check for individual openssl headers blowfish.h,
cast.h, des.h. Renamed symbol HAVE_LIBCRYPTO to WITH_OPENSSL. New
configure option --disable-openssl.
2004-11-04 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Bumped version to 1.13.
* Released nettle-1.12.
2004-11-04 Niels Möller <niels@s3.kth.se>
* nettle.texinfo (UPDATED-FOR): Bumped to 1.12.
2004-11-02 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo (Cipher functions): Updated AES documentation,
for aes_set_encrypt_key and aes_set_decrypt_key.
(UPDATED-FOR): Set to 1.11. I think the manual should be updated
with all user-visible changes.
* aclocal.m4 (LSH_DEPENDENCY_TRACKING): Need extra quoting in case
pattern. (This file really lives in the lsh tree, as
lsh/acinclude.m4. For a complete ChangeLog, see lsh/Changelog).
2004-10-26 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Bumped version to 1.12.
* Released nettle-1.11.
* Makefile.in (clean-here): Delete *.s files.
(PRE_CPPFLAGS): Use this variable, not INCLUDES. Removed
-I$(srcdir).
* x86/arcfour-crypt.asm: Use movzbl when extending %cl to 32 bits.
2004-10-24 Niels Möller <nisse@lysator.liu.se>
* x86/arcfour-crypt.asm: Reverted the latest two changes; update
bost src and dst pointers in the loop, and use plain addb when
updating j. These two previous changes slowed the code down on AMD
Duron.
2004-10-21 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (install-shared): Use $(INSTALL_PROGRAM).
* configure.ac (SHLIBMINOR): Updated, shared library version is
now libnettle.so.2.3, soname still libnettle.so.2.
* Makefile.in (DISTFILES): Added asm.m4.
2004-10-21 Niels Möller <niels@s3.kth.se>
* examples/Makefile.in: Deleted all configure-related rules,
except the one rebuilding this Makefile. One should run make at
top level if other configure related files change.
* tools/Makefile.in: Likewise.
* testsuite/Makefile.in: Likewise.
* configure.ac: Replaced AC_OUTPUT(list...) with an AC_OUTPUT
without arguments, and AC_CONFIG_FILES listing the files.
* Makefile.in: Changed the assembler rules as suffix rules.
Rewrote the configure-related rules, mostly based on the example
in the autoconf manual.
2004-10-20 Niels Möller <nisse@lysator.liu.se>
* examples/nettle-openssl.c (NCOMPAT): Disable openssl backwards
compatibility.
* config.make.in: Insert $(PRE_CPPFLAGS) and $(PRE_LDFLAGS) before
$(CPPFLAGS) and $(LDFLAGS). This mechanism replaces $(INCLUDES).
* examples/Makefile.in (PRE_CPPFLAGS, PRE_LDFLAGS): Use these
flags to get -I.. and -L.. early on the command line.
* testsuite/Makefile.in: Likewise
* tools/Makefile.in: Likewise.
2004-10-20 Niels Möller <niels@s3.kth.se>
* Makefile.in: In the assembler rules, there's no need to look in
$(srcdir) for the input file.
* x86/arcfour-crypt.asm: Reduced inner loop by one instruction, by
precomputing the offset between src and dst.
* tools/Makefile.in (.c.$(OBJEXT)): Removed redundant -I.. flag.
* x86/arcfour-crypt.asm (nettle_arcfour_crypt): Replaced addb ->
addl + andl $0xff, improving speed on PPro by another 15%.
2004-10-20 Niels Möller <nisse@lysator.liu.se>
* tools/Makefile.in (install): Support DESTDIR.
(uninstall): New target.
* testsuite/Makefile.in (uninstall): New dummy target.
* config.sub: Copied from automake-1.8.5.
* examples/Makefile.in (SOURCES): Added rsa-sign.c and rsa-verify.c.
(DISTFILES): Added getopt.h.
(install uninstall): New dummy targets.
* config.make.in (.PHONY): Added more targets.
* Makefile.in (.texinfo.info, .texinfo.html): New targets. Added
support for uninstall and DESTDIR. Various fixes to install and
distcheck.
* examples/Makefile.in (INCLUDES): Added -I flags.
(distdir): Use $^ to refer to the files.
(distclean): New target.
* testsuite/Makefile.in: Likewise.
* tools/Makefile.in: Likewise.
* Makefile.in (INCLUDES): Need -I flags for VPATH build.
(clean distclean mostlyclean maintainer-clean): Clean
subdirectories first.
(DISTFILES): Added a bunch of files.
(des_headers): Added desCore rules.
(install-here): Split off target install-headers, which uses $^ to
refer to the files.
(distdir): Use $^ to refer to the files.
distcheck): Fixes.
* config.make.in (COMPILE): Add $(INCLUDE) to the line.
2004-10-19 Niels Möller <nisse@lysator.liu.se>
Stop using automake. Replaced each Makefile.am with a hand-written
Makefile.in.
* configure.ac: New output variable CCPIC_MAYBE. New output file
config.make. Replaced automake constructions.
* .bootstrap: Don't run aclocal and automake.
* config.make.in: New file, with shared Makefile variables and rules.
2004-10-18 Niels Möller <nisse@lysator.liu.se>
* x86/arcfour-crypt.asm (nettle_arcfour_crypt): Replace incb ->
incl + andl, to improve speed on PPro and PII. Suggested by
Fredrik Olsson.
2004-10-08 Niels Möller <niels@s3.kth.se>
* examples/rsa-encrypt-test: Avoid reading and executing a file at
the same time.
* examples/setup-env: Likewise.
2004-10-06 Niels Möller <niels@s3.kth.se>
* testsuite/symbols-test: Ignore __i686.get_pc_thunk.bx and
similar symbols.
2004-10-05 Niels Möller <nisse@lysator.liu.se>
* twofish.c (q_table): Use a const pointer array.
* sexp2dsa.c (dsa_keypair_from_sexp_alist): Use a const pointer
array for the keywords.
(dsa_signature_from_sexp): Likewise.
* sexp2rsa.c (rsa_keypair_from_sexp_alist): Likewise.
(rsa_keypair_from_sexp): Likewise.
* sexp.c (sexp_iterator_check_types): Use an argument of type
"const uint8_t * const *" for the types list.
(sexp_iterator_assoc): Likewise, for the keys list.
* list-obj-sizes.awk: Fixes to handle multiple .data and .rodata
sections. Also fixed to handle the last file correctly.
2004-09-23 Niels Möller <nisse@lysator.liu.se>
* configure.ac (SHLIBLINK, SHLIBLIBS): On cygwin, linking needs
-Wl,--whole-archive $(OBJECTS) -Wl,--no-whole-archive $(LIBS).
2004-09-22 Niels Möller <niels@s3.kth.se>
* configure.ac: Setup SHLIBFORLINK and friends for cygwin.
* list-obj-sizes.awk: Strip *_a-prefix from all file names.
* Makefile.am (libnettle_a_SOURCES): List only .c files. Headers
moved to noinst_HEADERS.
(SHLIBOBJECTS): Substitute from libnettle_a_SOURCES, not
am_libnettle_a_OBJECTS, since the latter includes
libnettle_a-prefixes with some automake versions.
(SHLIBSONAME): Check if this name is empty, which is the case on
cygwin, before using it.
2004-08-31 Niels Möller <nisse@lysator.liu.se>
* configure.ac: New command line option --disable-pic. Use
LSH_CCPIC.
* Makefile.am (libnettle_a_CFLAGS): Added $(CCPIC), to attempt to
build also the static library as position independent code.
2004-08-24 Niels Möller <nisse@lysator.liu.se>
* des-compat.c (des_cbc_cksum): Pad input with NUL's, if it's not
an integral number of blocks.
2004-08-24 Niels Möller <niels@s3.kth.se>
* testsuite/arctwo-test.c, arctwo.h, arctwo.c
(arctwo_set_key_ekb): Fixed typo; it should be "ekb", not "ebk".
Integrated arctwo patch from Simon Josefsson.
* testsuite/Makefile.am (noinst_PROGRAMS): Added arctwo-test.
* Makefile.am (libnettleinclude_HEADERS): Added arctwo.h.
(libnettle_a_SOURCES): Added arctwo.c, arctwo.h and arctwo-meta.c.
* nettle-meta.h (nettle_arctwo40, nettle_arctwo64)
(nettle_arctwo64, nettle_arctwo_gutmann128): Declare ciphers.
* arctwo-meta.c, arctwo.c, arctwo.h, testsuite/arctwo-test.c: New
files.
* macros.h (LE_READ_UINT16, LE_WRITE_UINT16): New macros.
2004-08-23 Niels Möller <nisse@lysator.liu.se>
* testsuite/md5-test.c (test_main): Added collision, found in 2004.
(test_main): Added second collision.
2004-08-23 Niels Möller <niels@s3.kth.se>
* testsuite/md5-test.c (test_main): Added first half of a
collision test case.
* des-compat.c (des_cbc_cksum): Changed input argument to be of
type const uint8_t * (was const des_cblock *).
* des-compat.h (const_des_cblock): New bogus type. Disabled use of
const, for compatibility with openssl.
2004-06-08 Niels Möller <niels@s3.kth.se>
* aesdata.c: Renamed log and ilog to gf2_log and gf2_exp.
2004-04-07 Niels Möller <nisse@lysator.liu.se>
* aes-set-encrypt-key.c (log, ilog): Deleted unused tables.
* aes-set-decrypt-key.c (gf2_log, gf2_exp, mult): Renamed tables,
were log and ilog.
2004-03-20 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Use AC_CONFIG_AUX_DIR([.]).
2004-03-18 Niels Möller <niels@s3.kth.se>
* examples/io.c (read_file): Display a message if fopen fails.
2004-03-05 Niels Möller <nisse@lysator.liu.se>
* Released nettle-1.10.
* configure.ac (SHLIBMINOR): Shared library version is now 2.2.
2004-03-04 Niels Möller <nisse@lysator.liu.se>
* testsuite/symbols-test: Pass -g flag to nm.
2004-03-02 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Fixed EXEEXT workaround.
2004-03-02 Niels Möller <niels@s3.kth.se>
* configure.ac: Added workaround to get the correct $(EXEEXT)=''
when compiling with rntcl.
2004-03-02 Niels Möller <nisse@lysator.liu.se>
* testsuite/Makefile.am (noinst_PROGRAMS): Put test program list
here, to let automake add $(EXEEXT).
* configure.ac (RSA_EXAMPLES): Append $(EXEEXT) to the filenames.
2004-03-01 Niels Möller <nisse@lysator.liu.se>
* examples/rsa-keygen.c, examples/rsa-encrypt.c,
examples/rsa-decrypt.c: Include "getopt.h" instead of <unistd.h>.
* examples/Makefile.am (rsa_encrypt_SOURCES, rsa_decrypt_SOURCES)
(rsa_keygen_SOURCES): Added getopt.h, getopt.c and getopt1.c.
* examples/getopt.h, examples/getopt.c, examples/getopt1.c: New
files.
* testsuite/des-compat-test.c: Don't include <unistd.h>.
* testsuite/testutils.c (main): Don't use getopt. Then we don't
need to include <unistd.h>.
2004-03-01 Niels Möller <niels@s3.kth.se>
* config.guess: Copied from automake-1.8.2. Hacked to recognize
Windows_NT (and Windows_95 and Windows_98) running on "x86" and
"686".
* install-sh: Removed from CVS repository. Let automake supply it.
2004-02-26 Niels Möller <nisse@lysator.liu.se>
* nettle-meta.h (nettle_crypt_func): Typedef moved to cbc.h.
Include cbc.h instead.
* des-compat.c: Reverted const change, now all the des_key_sched
arguments are not const. This is also what openssl's interface
looks like.
(cbc_crypt_func): Deleted typedef, use nettle_crypt_func instead.
* cbc.h (nettle_crypt_func): Moved typedef here.
* cbc.c (cbc_encrypt, cbc_decrypt_internal, cbc_decrypt): Use it
for typing the f argument. Reverted the const change, for
compatibility with nettle_crypt_func.
2004-02-25 Niels Möller <nisse@lysator.liu.se>
* testsuite/des-compat-test.c: Use des_cblock for typing more of
the variables. Use const. Got rid of most of the explicit casts.
Disabled the input/output alignment tests.
* des.c (des_encrypt, des_decrypt): Use a const context pointer.
* des3.c (des3_encrypt, des3_decrypt): Likewise.
* cbc.c (cbc_encrypt, cbc_decrypt): Use a _const_ void *ctx argument.
* des-compat.c: Use const for all unchanged arguments.
(des_key_sched): Use a copy of the key if we need to fix the
parity.
* testsuite/des-compat-test.c (C_Block, Key_schedule): Deleted
defines. Deleted some of the explicit casts.
* des-compat.c (des_cbc_cksum): Dereference DST pointer.
2004-02-25 Niels Möller <niels@s3.kth.se>
* pgp.h: Include nettle-types.h.
2004-02-24 Niels Möller <nisse@lysator.liu.se>
* testsuite/symbols-test: Allow symbols starting with double
underscores, like on darwin.
2004-02-17 Niels Möller <niels@s3.kth.se>
* Makefile.am: Protected %-rules used for building pure objects,
and for assembler files, by automake conditionals. Needed for
makes such as tru64's, which tries to understand %-patterns, but
doesn't get it right.
(SUFFIXES): Added .html.
(.texinfo.html): Rewrote rule to use a traditional suffix target.
* configure.ac (enable_assembler): Explicitly set
enable_assembler=no, on architectures where we have no assembler
files.
(ENABLE_ASSEMBLER, ENABLE_SHARED): New automake conditionals.
* testsuite/testutils.c (xalloc): xalloc(0) should work also on
systems where malloc(0) returns NULL.
2004-02-16 Niels Möller <niels@s3.kth.se>
* Makefile.am (%.o: %.asm): Added comment about OSF1 make problem.
2004-02-15 Niels Möller <nisse@lysator.liu.se>
* testsuite/testutils.h: #include nettle-types.h instead of
inttypes.h.
2004-02-12 Niels Möller <nisse@lysator.liu.se>
* examples/rsa-encrypt-test: Use -r option when invoking
rsa-encrypt. Needed for the test to work on systems with no
/dev/urandom.
2004-02-12 Niels Möller <niels@s3.kth.se>
* configure.ac (CPPFLAGS, LDFLAGS): No spaces after -I and -L, as
some C compilers, in particular True64 cc, don't like that.
2004-02-08 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Bumped version number to 1.10.
2004-02-07 Niels Möller <nisse@lysator.liu.se>
* Released nettle-1.9.
* configure.ac (SHLIBMINOR): Bumped, library version is now 2.1.
* testsuite/sexp-format-test.c: Include bignum.h only if HAVE_LIBGMP.
* testsuite/rsa-encrypt-test.c: Include rsa.h only if WITH_PUBLIC_KEY.
* testsuite/pkcs1-test.c: Include pkcs1.h only if WITH_PUBLIC_KEY.
* pgp-encode.c [!HAVE_LIBGMP]: Kludge around the pgp.h's
dependency on gmp.h.
(pgp_put_mpi): Condition on HAVE_LIBGMP.
* pgp.h: Don't include bignum.h, to make it possible to compile
the non-bignum parts of pgp-encode.c without bignum support. Needs
to be fixed properly before the pgp interface is advertised.
* tools/sexp-conv.c (xalloc): New function.
(main): Use xalloc.
* tools/output.c (sexp_put_digest): Use TMP_DECL instead of alloca.
* testsuite/testutils.c (xalloc): New function. Made all other
functions use xalloc instead of alloca.
* examples/rsa-keygen.c (main): Use xalloc for allocation.
* examples/rsa-encrypt.c (write_bignum): Likewise.
* examples/rsa-decrypt.c (read_bignum): Likewise.
* testsuite/yarrow-test.c (open_file): Likewise.
* testsuite/rsa-encrypt-test.c (test_main): Likewise.
* testsuite/bignum-test.c (test_bignum): Likewise.
* examples/nettle-openssl.c: When calling des_key_sched and
des_ecb_encrypt, cst arguments to (void *). Openssl's typedefs
des_cblock and const_des_cblock are too broken.
* examples/nettle-benchmark.c (xalloc): New function. Use instead
of alloca, for better portability.
* examples/io.c (xalloc): New function.
* Makefile.am (nodist_libnettleinclude_HEADERS): nettle-types.h
should not be distributed.
2004-02-06 Niels Möller <niels@s3.kth.se>
* x86/sha1-compress.asm: Rename round -> ROUND.
* x86/sha1-compress.asm: Store the magic constants on stack.
Accessing them via %esp should be a little faster than using large
immediate operands.
* Makefile.am (EXTRA_DIST, DISTCLEANFILES): Handle
sha1-compress.asm.
* configure.ac: Use assembler file sha1-compress.asm if available.
* x86/sha1-compress.asm (EXPAND): Fixed the rotation part of the
data expansion.
2004-02-06 Niels Möller <nisse@lysator.liu.se>
* x86/sha1-compress.asm: Assembler implementation of
sha1_compress. (Not yet working).
* Makefile.am (libnettle_a_SOURCES): Added sha1-compress.c.
* sha1.c (sha1_transform): Function renamed to sha1_compress, and
moved to...
* sha1-compress.c: ... New file.
2004-02-05 Niels Möller <nisse@lysator.liu.se>
* examples/rsa-encrypt.c (process_file): Copy the leftover to the
start of the buffer, when preparing for the final processing.
* examples/nettle-benchmark.c (bench_hash, time_hash): New functions.
(main): Benchmark hash functions too.
(BENCH_BLOCK): Increased 10K.
(BENCH_INTERVAL): Decreased to 0.25s.
* examples/nettle-benchmark.c (time_function): Loop around calling
f, until 1s has elapsed. Returns seconds per call. Updated bench
functions to not loop themselves.
(display): Updated MB/s calculation.
* testsuite/arcfour-test.c (test_main): Use test_cipher_stream.
* testsuite/testutils.c (test_cipher_stream): New function, that
tries dividing the input into varying size blocks before
processing.
* x86/arcfour-crypt.asm (nettle_arcfour_crypt): Bug fix, half of
the S array swap was forgotten.
* arcfour.c (arcfour_stream): Likewise.
* arcfour-crypt.c (arcfour_crypt): Likewise.
2004-02-05 Niels Möller <niels@s3.kth.se>
* x86/arcfour-crypt.asm (nettle_arcfour_crypt): Must store the new
i, j at the end of the loop.
* Makefile.am (EXTRA_DIST): Make sure x86 assembler files are
distributed.
(DISTCLEANFILES): And that the symlinks and .s files are deleted.
* x86/aes-encrypt.asm, x86/aes-decrypt.asm, x86/arcfour-crypt.asm:
Fixed debug information.
* x86/arcfour-crypt.asm: New file. About three times faster than
the optimized C code.
* configure.ac: Use assembler file arcfour-crypt.asm if available.
* arcfour.c (arcfour_crypt): Moved function too...
* arcfour-crypt.c (arcfour_crypt): New file.
* arcfour.c (arcfour_crypt): Optimization suggested by Jonas
Walldén. Makes arcfour up to 50% faster on x86 and ppc, and
probably on other architectures as well.
2004-01-31 Niels Möller <nisse@lysator.liu.se>
* configure.ac (AX_CREATE_STDINT_H): Also look for uint32_t and
friends in sys/types.h.
2004-01-11 Niels Möller <nisse@harpo.hack.org>
* Makefile.am (libnettleinclude_HEADERS): Added bignum.h,
memxor.h, pkcs1.h and rsa-compat.h.
* configure.ac: Bumped version to 1.9.
2004-01-10 Niels Möller <nisse@harpo.hack.org>
* Released nettle-1.8.
* examples/teardown-env: Delete more test files.
* nettle.texinfo (Hash functions): Documented md2 and md4.
* configure.ac (SHLIBMAJOR): Bumped to 2.
2004-01-09 Niels Möller <nisse@harpo.hack.org>
* examples/rsa-encrypt-test: New testcase.
* examples/rsa-encrypt.c, examples/rsa-session.h: Expanded the
comment describing the file format, and moved to rsa-session.h.
* examples/rsa-decrypt.c (process_file): Finished this function.
(main): Initialize x. Check the size of the session key after rsa
decryption.
* examples/io.c (write_string): Treat short item count as an error.
2004-01-08 Niels Möller <niels@s3.kth.se>
* index.html: Added instructions for CVS access.
* dsa-keygen.c (dsa_nist_gen): Fixed declaration/statement order.
* rsa-keygen.c (bignum_next_prime): Fixed off-by-one error when
comparing input to the largest listed prime. General cleanup, as
prime_limit > 0 always. Use TMP_DECL and TMP_ALLOC.
* nettle-internal.h (TMP_DECL, TMP_ALLOC): New macros. When alloca
is unavailable, they work by allocating a fix amount of stack and
imposing a hard limit on what can be allocated. Updated all users
of alloca.
2004-01-07 Niels Möller <nisse@harpo.hack.org>
* nettle-types.h: New (generated) file, to be used instead of
including <inttypes.h> directly. Updated all users of inttypes.h.
* Makefile.am (DISTCLEANFILES, libnettleinclude_HEADERS): Added
nettle-types.h.
* configure.ac (AX_CREATE_STDINT_H): Create nettle-types.h.
2003-11-16 Niels Möller <nisse@harpo.hack.org>
* yarrow256.c (yarrow256_seed): Use const for the seed_file input.
2003-11-12 Niels Möller <niels@s3.kth.se>
* list-obj-sizes.awk: New function for decoding hex values, with a
new function hex2int. Also implemented calculation of total
storage, removed the dependence on the .comment section, and use
the $FILTER environment variable as a regexp for restricting the
object files that are considered.
2003-09-21 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/rsa-encrypt-test.c (test_main): Don't use gmp_printf,
as it seems it's only available with the newer gmp. Use
mpz_out_str instead.
2003-09-19 Niels Möller <niels@s3.kth.se>
* examples/Makefile.am (EXTRA_DIST): Added rsa-session.h.
* tools/nettle-lfib-stream.c: New tool, which outputs a sequence
of pseudorandom (non-cryptographic) bytes, using Knuth's lagged
fibonacci generator.
* examples/rsa-decrypt.c: Fixes to get the file to compile. It
won't work yet.
* examples/Makefile.am (EXTRA_PROGRAMS): Added rsa-encrypt and
rsa-decrypt.
* examples/io.c (write_file): New function.
(write_string): Simplified error check, it's no real point in
calling ferror unless we also call fflush.
* examples/rsa-keygen.c (main): Check return value from
simple_random.
* examples/rsa-decrypt.c, examples/rsa-encrypt.c,
examples/rsa-session.h: New files, demonstrating rsa encryption
and decryption.
* configure.ac (RSA_EXAMPLES): Added rsa-encrypt and rsa-decrypt.
2003-09-01 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/testutils.c (print_hex): Use const.
2003-08-30 Niels Möller <niels@s3.kth.se>
* md2.c, md2.h: Added reference to RFC 1319.
* md4.c, md4.h: Added reference to RFC 1320
2003-08-26 Niels Möller <niels@s3.kth.se>
* Makefile.am: Added md2 and md5 files. Deleted the print-path
hack.
* configure.ac: Bumped version to 1.8.
* testsuite/testutils.c (test_rsa_set_key_1): New function.
* testsuite/rsa-test.c (test_main): Use it.
* testsuite/dsa-keygen-test.c: Deleted definition of UNUSED, it's
now in config.h.
* testsuite/rsa-keygen-test.c: Likewise.
* testsuite/Makefile.am (TS_PROGS): Added rsa-encrypt-test,
md4-test, and md2-test.
* testsuite/rsa-encrypt-test.c, testsuite/md4-test.c,
testsuite/md2-test.c: New test cases.
* nettle-meta.h: Declare nettle_md2 and nettle_md4.
* md5.c: Reorderd functions, putting md5_final at the end.
* md2.c, md2.h, md2-meta.c: New files, implemented md2.
* md4.c, md4.h, md4-meta.c: New files, implemented md4.
2003-08-17 Niels Möller <nisse@cuckoo.hack.org>
* desCode.h (des_keymap, des_bigmap): Deleted extern declarations,
they conficted with the static definition in des.c. Reported by
Simon Josefsson.
* des.c (DesSmallFipsEncrypt, DesSmallFipsDecrypt): Moved
definitions after the definition of the des_kemap array.
2003-08-11 Niels Möller <nisse@cuckoo.hack.org>
* rsa-encrypt.c (rsa_encrypt): Bugfix contributed by
leg@terra.com.br.
2003-06-10 Niels Möller <niels@s3.kth.se>
* Makefile.am (EXTRA_DIST): Distribute sha-example.c.
2003-06-05 Niels Möller <nisse@lysator.liu.se>
* Makefile.am (DISTCLEANFILES): Delete .s files.
2003-05-27 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/symbols-test: And allow symbols that start at the
beginning of the line, as output by AIX nm.
2003-05-26 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/symbols-test: Allow symbols to start with a dot.
2003-05-14 Niels Möller <niels@s3.kth.se>
* pgp.h (enum pgp_subpacket_tag): Copied values from RFC 2440.
Renamed PGP_SUBPACKET_ISSUER to PGP_SUBPACKET_ISSUER_KEY_ID.
2003-05-13 Niels Möller <nisse@cuckoo.hack.org>
* pgp.h: Do proper namemangling for pgp_put_public_rsa_key and
pgp_put_rsa_sha1_signature.
* pgp-encode.c (pgp_put_mpi): Fixed nettle_mpz_get_str_256 call.
2003-05-12 Niels Möller <nisse@cuckoo.hack.org>
* rsa2openpgp.c (rsa_keypair_to_openpgp): Some bugfixes.
* pgp.h (enum pgp_subpacket_tag): New enum. Definition is bogus
and needs to be fixed.
Added forward declarations of structs, and prototypes for
pgp_put_public_rsa_key and pgp_put_rsa_sha1_signature.
* pgp-encode.c (pgp_put_mpi): Take a const mpz_t argument. Gugfix,
use nettle_mpz_get_str_256.
(pgp_put_public_rsa_key, pgp_put_rsa_sha1_signature):
Constification. Some bugfixes.
* Use "config.h", not <config.h>.
* Reordered includes in most or all .c-files. All should now
include config.h.
2003-05-12 Niels Möller <niels@s3.kth.se>
* configure.ac: Use LSH_FUNC_ALLOCA.
2003-04-25 Niels Möller <niels@s3.kth.se>
* Makefile.am (libnettle_a_SOURCES): Added hmac-sha256.c.
* testsuite/hmac-test.c (test_main): Added tests for hmac-sha256,
from draft-ietf-ipsec-ciph-sha-256-01.txt.
* hmac-sha256.c (hmac_sha256_digest): New file.
2003-04-22 Niels Möller <nisse@cuckoo.hack.org>
* sha-example.c (display_hex): Simplified by using printf better.
* nettle.texinfo (Example): Use @verbatiminclude to include the
example program.
* sha-example.c: Example program, for inclusion in the manual.
Fixed bugs reported by Mark Arking.
2003-04-14 Niels Möller <niels@s3.kth.se>
* x86/aes-encrypt.asm (nettle_aes_encrypt): Fixed references to
_nettle_aes_encrypt_table.
* x86/aes-decrypt.asm (nettle_aes_decrypt): Fixed references to
_nettle_aes_decrypt_table.
2003-04-12 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/Makefile.am (TS_SH): New test case symbols-test.
(EXTRA_PROGRAMS): Added testutils, as a kludge to
get automake to track dependencies for testutils.o.
* x86/aes-encrypt.asm (nettle_aes_encrypt): Renamed function to
use the nettle_ prefix.
* x86/aes-decrypt.asm (nettle_aes_decrypt): Likewise.
* sparc/aes.asm (_nettle_aes_crypt): Likewise.
* examples/Makefile.am (EXTRA_PROGRAMS): Add "io", as a kludge to
get automake to track dependencies for io.o.
(LDADD): Added ../libnettle.a, for the dependency.
* des-compat.c: Use names with the nettle_ prefix when using
Nettle's des functions.
* base16-meta.c (base16_encode_update): Need to undef before
redefining.
* New name mangling, to reduce the risk of link collisions. All
functions (except memxor) now use a nettle_ or _nettle prefix when
seen by the linker. For most functions, the header file that
declares a function also use #define to provide a shorter more
readable name without the prefix.
2003-03-11 Niels Möller <nisse@cuckoo.hack.org>
* Released nettle-1.7.
* configure.ac: Bumped version to 1.7.
* nettle.texinfo (DSA): New section.
(RSA): Updated documentation.
2003-03-02 Niels Möller <nisse@cuckoo.hack.org>
* examples/nettle-benchmark.c (time_cipher): Don't use GNU C
non-constant initializers.
2003-02-23 Niels Moller <nisse@carduelis>
* configure.ac: Use LSH_GCC_ATTRIBUTES.
2003-02-19 Niels Möller <nisse@cuckoo.hack.org>
* acinclude.m4: Deleted file from cvs, use a link to lsh's
acinclude.m4 instead.
2003-02-16 Niels Möller <nisse@cuckoo.hack.org>
* Makefile.am (libnettleinclude_HEADERS): Added macros.h.
* tools/Makefile.am (EXTRA_DIST): Added getopt.h.
2003-02-14 Niels Möller <niels@s3.kth.se>
* Makefile.am (print_path): Added target to print the used PATH,
for debugging.
(print-path): Moved dependency to all-local.
2003-02-11 Niels Möller <niels@s3.kth.se>
* buffer.c (nettle_buffer_copy): Bug fix, it didn't return any
value.
2003-02-11 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/sexp-format-test.c (test_main): Added test for %( and
%).
* sexp-format.c (sexp_vformat): Handle %( and %).
* realloc.c (nettle_xrealloc): Fixed out-of-memory check.
* configure.ac (SHLIBMAJOR): Bumped version number to 1.
* buffer.c (nettle_buffer_init_realloc): New function.
* buffer-init.c (nettle_buffer_init): Use nettle_buffer_init_realloc.
2003-02-10 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/sexp-format-test.c (test_main): New test with tokens
in the format string.
(test_main): Test space-searated literals too.
* rsa2sexp.c (rsa_keypair_to_sexp): New argument ALGORITHM_NAME.
* examples/rsa-keygen.c (main): Updated call to rsa_keypair_to_sexp.
* testsuite/rsa2sexp-test.c (test_main): Likewise.
* sexp-format.c (sexp_vformat): Allow whitespace in format string.
* rsa2sexp.c (rsa_keypair_to_sexp): Use literals with sexp_format.
* sexp-format.c (format_string): New function.
(sexp_vformat): Implemented support for literals in the format
string.
2003-02-06 Niels Möller <nisse@lysator.liu.se>
* testsuite/sexp-conv-test (print_raw, print_nl): New functions.
The testfunctions use these instead of using echo directly.
Use the test input '3:"\x' instead of '2:"\', to be friendlier to
sysv echo.
2003-02-05 Niels Möller <nisse@lysator.liu.se>
* des-compat.h (des_set_key): Different name mangling, if this
file is included, des_set_key should refer to a function that
behaves like openssl's.
* des-compat.c (des_key_sched, des_is_weak_key): Use the name
nettle_des_set_key for referring to Nettle's function.
* des.h (des_set_key): Name mangling, linker symbols should use a
"nettle_" prefix, and this one collided with openssl. Perhaps all
symbols should be mangled in a similar way, but that's for later.
* configure.ac (LDFLAGS): --with-lib-path should add to LDFLAGS,
not replace it.
2003-01-30 Niels Möller <nisse@cuckoo.hack.org>
* tools/output.c (sexp_put_string): Fixed handling of escapable
characters. The code generated random escape sequences for
characters in the 0x10-0x1f range.
* testsuite/sexp-conv-test: More tests for hex and base64 input
and output.
2003-01-30 Niels Möller <niels@s3.kth.se>
* sexp2bignum.c (nettle_mpz_set_sexp): Call sexp_iterator_next on
success. That means the iterator argument can't be const.
2003-01-29 Niels Möller <niels@s3.kth.se>
* tools/Makefile.am (LDADD): Add libnettle.a, for the dependency.
2003-01-27 Niels Möller <nisse@cuckoo.hack.org>
* sexp2dsa.c (dsa_signature_from_sexp): New function.
RSA renaming. Updated all callers.
* rsa-sign.c (rsa_private_key_init, rsa_private_key_clear)
(rsa_private_key_prepare): Renamed functions.
* rsa.c (rsa_public_key_init, rsa_public_key_clear)
(rsa_public_key_prepare): Renamed functions.
2003-01-23 Niels Möller <nisse@cuckoo.hack.org>
* Makefile.am (libnettle_a_SOURCES): Added new rsa and pkcs1
files. Removed old rsa_md5.c and rsa_sha1.c.
* testsuite/Makefile.am (TS_PROGS): Added pkcs1-test.
* dsa-verify.c (dsa_verify_digest): New function.
(dsa_verify): Most of the code moved to dsa_verify_digest, which
is used here.
* dsa-sign.c (dsa_sign_digest): New function.
(dsa_sign): Most of the code moved to dsa_sign_digest, which is
used here.
* dsa.c (_dsa_hash): Deleted function.
* rsa_md5.c, rsa_sha1.c: Deleted files, contents spread over
several files for signing and verification.
* rsa-sign.c, rsa-sha1-verify.c, rsa-sha1-sign.c,
rsa-md5-verify.c, rsa-md5-sign.c: New files.
* rsa-sha1-verify.c (rsa_sha1_verify_digest): New function.
* rsa-sha1-sign.c (rsa_sha1_sign_digest): New function.
* rsa-md5-verify.c (rsa_md5_verify_digest): New function.
* rsa-md5-sign.c (rsa_md5_sign_digest): New function.
* rsa-verify.c (_rsa_verify): New file, new function.
* rsa.c (_rsa_check_size): Renamed from rsa_check_size, and made
non-static. Private key functions moved to rsa-sign.c.
* pkcs1.c, pkcs1.h, pkcs1-rsa-md5.c, pkcs1-rsa-sha1.c: New files.
(pkcs1_signature_prefix): New function.
* testsuite/pkcs1-test.c: New test.
2003-01-22 Niels Möller <niels@s3.kth.se>
* examples/Makefile.am (nettle_benchmark_LDADD): Use
OPENSSL_LIBFLAGS.
* configure.ac (OPENSSL_LIBFLAGS): If libcrypto is found, add
-lcrypto to OPENSSL_LIBFLAGS, not the plain LDFLAGS.
2003-01-20 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/Makefile.am (CLEANFILES): Delete test.in, test1.out
and test2.out.
2003-01-17 Niels Möller <niels@s3.kth.se>
* examples/Makefile.am (AM_CPPFLAGS): Use AM_CPPFLAGS instead of
AM_CFLAGS.
* testsuite/Makefile.am (AM_CPPFLAGS): Likewise.
2003-01-16 Niels Möller <niels@s3.kth.se>
* testsuite/Makefile.am (check): Can't use quotes around
$(srcdir).
2003-01-14 Niels Möller <nisse@lysator.liu.se>
* testsuite/Makefile.am (check): Don't use "run-tests" as a
target, as it's confused with the file with the same name.
* .bootstrap: Added missing #! /bin/sh.
2003-01-12 Niels Möller <nisse@cuckoo.hack.org>
* buffer.c (nettle_buffer_reset): New function.
(nettle_buffer_copy): New function.
* tools/input.c, tools/input.h, tools/output.c, tools/output.h,
tools/parse.c, tools/parse.h, tools/misc.c, tools/misc.h: Moved
parts ov sexp-conv.c to separate files
* tools/sexp-conv.c (sexp_convert_list): Inlined into
sexp_convert_item.
* tools/sexp-conv.c (struct sexp_input): Deleted string attribute.
Changed all related functions to take a struct nettle_buffer *
argument instead.
(struct sexp_compound_token): New struct.
(sexp_compound_token_init, sexp_compound_token_clear): New
functions.
(struct sexp_parser): Added a struct sexp_compound_token
attribute, as a temporary measure.
(sexp_parse): Take a struct sexp_compound_token * as argument.
Updated all callers. Simplified handling of display types and
transport encoding.
* tools/sexp-conv.c (struct sexp_parser): Renamed struct (was
struct sexp_parse_state). Added input pointer. Updated users to
not pass around both parser and input.
(sexp_check_token): handle token == 0.
(sexp_parse): Simplified a little by calling sexp_check_token
unconditionally.
* tools/sexp-conv.c (sexp_convert_string): Deleted function.
(sexp_skip_token): Likewise.
* tools/sexp-conv.c (enum sexp_token): New constant SEXP_DISPLAY.
Start constants from 1, to keep 0 free for special uses.
(struct sexp_parse_state): New struct for keeping track of parser
state.
(sexp_parse_init): New function.
(sexp_check_token): New function, replacing sexp_skip_token.
(sexp_parse): New function.
(sexp_convert_item): Simplified by using sexp_parse.
(sexp_convert_list): Use sexp_parse.
(main): Likewise.
2003-01-08 Niels Möller <niels@s3.kth.se>
* tools/sexp-conv.c (parse_options): Initialize prefer_hex.
2003-01-07 Niels Möller <nisse@cuckoo.hack.org>
* Makefile.am (des_headers): Refer to the desdata binary using
$(EXEEXT).
2003-01-01 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/sexp-conv-test: New tests for hex and base64 literal
output.
* tools/sexp-conv.c (sexp_put_string): Print binary strings using
either hex or base 64 (in advanced mode).
(parse_options): Implemented -s hex, for output using hex rather
than base64.
2002-12-30 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/rsa2sexp-test.c: Don't include rsa.h (done by
testutils.h, if enabled).
* testsuite/sexp2rsa-test.c: Likewise.
* rsa-decrypt.c: Make compilation conditional on WITH_PUBLIC_KEY.
* rsa-encrypt.c: Likewise.
* rsa-compat.c: Likewise.
2002-12-04 Niels Möller <niels@s3.kth.se>
* testsuite/Makefile.am (LDADD): Added path to ../libnettle.a,
which is redundant except for the dependency.
2002-12-04 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/sexp-format-test.c (test_main): Use %0s instead of %z.
New test for %t.
* sexp-format.c (format_length_string): Deleted function.
(format_string): Deleted function.
(sexp_vformat): New %t specifier, formatting an optional display
type. Deleted %z specifier. Instead, introduced a new modifier "0"
that can be used with %s, %l and %t, which says that the data is
NUL-terminated.
* rsa2sexp.c (rsa_keypair_to_sexp): Use %0s rather than %z, when
formatting s-expressions.
* buffer.c (nettle_buffer_grow): Fixed assertion.
2002-11-22 Niels Möller <niels@s3.kth.se>
* buffer.c: Include assert.h.
2002-11-21 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/testutils.c (print_hex): Add line breaks.
* Makefile.am (libnettleinclude_HEADERS): Added realloc.h.
(libnettle_a_SOURCES): Added buffer-init.c and realloc.c.
* sexp.c (sexp_iterator_exit_lists): New function, #if:ed out for
now.
* desdata.c: Include config.h, to get definition of UNUSED.
* shadata.c: Likewise.
* buffer.c (nettle_buffer_grow): New function, replacing
grow_realloc.
(nettle_buffer_clear): Rewritten to use buffer->realloc.
* buffer.h (struct nettle_buffer): Replaced the GROW function
pointer with a nettle_realloc_func pointer and a
void *realloc_ctx.
(NETTLE_BUFFER_GROW): Deleted macro, use function instead.
* buffer-init.c (nettle_buffer_init): Moved to a separate file.
* realloc.c (nettle_realloc): New function.
(nettle_xrealloc): New function.
* realloc.h (nettle_realloc_func): New typedef.
* configure.ac: Check for gcc:s __attribute__.
2002-11-16 Niels Möller <nisse@cuckoo.hack.org>
* sexp2dsa.c, sexp2rsa.c: (macro GET): Check sign of parsed
numbers.
* sexp2bignum.c (nettle_mpz_set_sexp): In the first check against
limit, added some margin to allow for sign octets.
2002-11-15 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/testutils.h (LDATA): Use sizeof instead of strlen. Now
handles strings including NUL-characters. But works only with
literals and character arrays, no char pointers.
(LLENGTH): New macro, computing length the same way as LDATA.
* testsuite/sexp-test.c (test_main): Test sexp_iterator_get_uint32.
* testsuite/sexp-format-test.c (test_main): Check that %i and %b
generate leading zeroes when needed. Check that %b handles
negative numbers.
* testsuite/rsa2sexp-test.c (test_main): Updated test, one leading
zero is needed in the private key expression. In verbose mode,
print the generated keys.
* testsuite/sexp2rsa-test.c (test_main): Added a leading zero in
the private key expression.
* testsuite/bignum-test.c (test_bignum): Use
nettle_mpz_init_set_str_256_s.
(test_size): New function.
(test_main): Test size computation and formatting of negative
numbers.
* sexp2bignum.c (nettle_mpz_set_sexp): Use
nettle_mpz_set_str_256_s, to handle negative numbers correctly.
* sexp-format.c (sexp_vformat): For %i, output a leading zero when
needed to get a correct, positive, sign. For %b, use
nettle_mpz_sizeinbase_256_s, to handle negative numbers properly.
* bignum.c (nettle_mpz_sizeinbase_256_s): New function.
(nettle_mpz_sizeinbase_256_u): New name, was
nettle_mpz_sizeinbase_256. Updated all callers.
(nettle_mpz_to_octets): New function.
(nettle_mpz_get_str_256): Handle negative numbers.
(nettle_mpz_from_octets): New function.
(nettle_mpz_set_str_256_u): New name, was nettle_mpz_set_str_256.
(nettle_mpz_init_set_str_256_u): New name, was
nettle_mpz_init_set_str_256.
(nettle_mpz_set_str_256_s): New function, handling negative two's
complement numbers.
(nettle_mpz_init_set_str_256_s): And an init variant.
* sexp.c (sexp_iterator_get_uint32): New function.
2002-11-10 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/sexp-conv-test: Use input files without any trailing
newline character, in order to stress the end of file handling.
* tools/sexp-conv.c (sexp_get_token_string): Fixed end of file
handling.
(sexp_get_string): Fixed end of encoding/end of file handling.
(parse_options): Check for negative width and complain.
* tools/sexp-conv.c: Use supplied getopt.
(werror): New function.
(sexp_output_hash_init): New function.
(sexp_put_char): Made base64 linebreaking configurable.
Implemented hashing.
(sexp_put_code_start, sexp_put_code_end): Don't output any
delimiters here.
(sexp_put_string): Output base64 delimiters.
(sexp_put_digest): New function.
(sexp_convert_item): Output transport delimiters.
(sexp_convert_file): Deleted function, folded with main.
(parse_options): New function.
(main): Implemented --hash and --once, needed by lsh-authorize.
* sexp.h (struct sexp_iterator): New field start.
* sexp.c (sexp_iterator_subexpr): New function.
(sexp_iterator_parse): Initialize ITERATOR->start.
* sexp-format.c (sexp_vformat): Abort if format string contains
unhandled characters.
2002-11-08 Niels Möller <niels@s3.kth.se>
* des-compat.c (des_ecb3_encrypt): Don't use struct initialization
(c89 doesn't allow non-constant initializers). Reported by James
Ralston.
(des_ede3_cbc_encrypt): Likewise.
* examples/nettle-openssl.c: Moved from the top-level directory.
Should *not* be included in the nettle library.
2002-11-08 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/testutils.c (test_dsa_key): Bugfix for renamed DSA
constant (noted by James Ralston).
2002-11-07 Niels Möller <niels@s3.kth.se>
* testsuite/run-tests: Copied new version rom lsh/src/testsuite.
This version handles test scripts located in $srcdir.
* examples/Makefile.am (AM_CFLAGS): We need -I$(top_srcdir).
* tools/Makefile.am (AM_CFLAGS): Likewise.
* testsuite/Makefile.am (AM_CFLAGS): Likewise.
2002-11-07 Niels Möller <nisse@cuckoo.hack.org>
* Makefile.am (SUBDIRS): Added tools.
(libnettle_a_SOURCES): Added sexp-transport-format.c,
sexp2bignum.c, sexp2dsa.c.
* sexp2dsa.c (dsa_keypair_from_sexp_alist, dsa_keypair_from_sexp):
New file, new functions.
* rsa2sexp.c (rsa_keypair_to_sexp): %s -> %z renaming.
* sexp-transport.c (sexp_transport_iterator_first): Fixed bug,
length was mishandled.
* sexp-transport-format.c (sexp_transport_format,
sexp_transport_vformat): New file, new functions.
* sexp-format.c (sexp_format): Return length of output. Allow
buffer == NULL, and only compute the needed length in this case.
Renamed %s to %z. New format specifiers %s, %i, and %l.
(sexp_vformat): New function.
(format_prefix): Rewrote to not use snprintf.
* sexp2rsa.c (rsa_keypair_from_sexp): New limit argument. Use
nettle_mpz_set_sexp.
* dsa-keygen.c (dsa_generate_keypair): Added some newlines to
progress display. Use DSA_P_MIN_BITS.
* dsa.h (DSA_MIN_P_BITS): New constant (was DSA_MINIMUM_BITS).
(DSA_Q_OCTETS, DSA_Q_BITS): New constants.
(dsa_keypair_from_sexp_alist, dsa_keypair_from_sexp): New
prototypes.
* configure.ac: Output tools/Makefile.
* sexp2bignum.c (nettle_mpz_set_sexp): New file, and new function.
Moved from sexp2rsa.c:get_value.
* examples/io.c (read_rsa_key): New limit argument in
call of rsa_keypair_from_sexp_alist.
* examples/Makefile.am (noinst_PROGRAMS): Removed sexp-conv.
* tools/sexp-conv.c: Moved file from examples directory.
* testsuite/Makefile.am (TS_SH): New variable. Added
sexp-conv-test.
* testsuite/testutils.h (LDUP): New macro.
* testsuite/sexp2rsa-test.c (test_main): New limit argument in
call of rsa_keypair_from_sexp_alist.
* testsuite/sexp-test.c (test_main): Added test for lengths with
more than one digit. Added tests for transport mode decoding.
* testsuite/sexp-format-test.c (test_main): Added tests for %i and
%l.
* testsuite/sexp-conv-test: Moved test from examples directory.
Updated path to sexp-conv, now in ../tools/sexp-conv.
2002-11-03 Niels Möller <nisse@cuckoo.hack.org>
* sexp-format.c, sexp_format.c: Renamed sexp_format.c to
sexp-format.c.
* Makefile.am (libnettle_a_SOURCES): Renamed sexp_format.c to
sexp-format.c.
* examples/Makefile.am: Don't set CFLAGS or CPPFLAGS explicitly,
let automake handle that.
* testsuite/Makefile.am: Likewise.
* sexp2rsa.c (rsa_keypair_from_sexp_alist): New function.
(rsa_keypair_from_sexp): Use it.
2002-11-01 Niels Möller <niels@s3.kth.se>
* examples/Makefile.am (LDADD): Use -lnettle, instead of an
explicit filename libnettle.a, so that we will use the shared
library, if it exists.
(AM_LDFLAGS): Added -L.., so we can find -lnettle.
(run-tests): Set LD_LIBRARY_PATH to ../.lib, when running the
testsuite.
* testsuite/Makefile.am: Similar changes.
* Makefile.am (LIBOBJS): Put @LIBOBJS@ into the make variable
LIBOBJS.
(CLEANFILES): Delete libnettle.so.
(clean-local): Delete the .lib linkfarm.
($(SHLIBFORLINK)): When building libnettle.so, create a link from
.lib/$SHLIBSONAME. Needed at runtime, for the testsuite.
2002-11-01 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Fixed definitions using SHLIBMAJOR and SHLIBMINOR.
Also AC_SUBST SHLIBMAJOR and SHLIBMINOR. Reported by James
Ralston.
2002-10-31 Niels Möller <niels@s3.kth.se>
* examples/sexp-conv.c(sexp_put_list_start): Deleted function.
(sexp_put_list_end): Likewise.
(sexp_put_display_start): Likewise.
(sexp_put_display_end): Likewise.
(sexp_puts): Likewise.
* examples/sexp-conv.c (sexp_get_quoted_string): Deleted function.
Merged with sexp_get_String.
(sexp_get_hex_string): Likewise.
(sexp_get_base64_string): Likewise.
(sexp_get_string): Do hex and base64 decoding.
* examples/sexp-conv.c (enum sexp_char_type): New enum, for end
markers in the input strem.
(struct sexp_input): Deleted LEVEL attribute. Deleted all usage of
it.
(sexp_get_raw_char): Use INPUT->c and INPUT->ctype to store
results. Deleted OUT argument.
(sexp_get_char): Likewise. Also removed the
INPUT->coding->decode_final call, for symmetry.
(sexp_input_end_coding): Call INPUT->coding->decode_final.
(sexp_next_char): New function.
(sexp_push_char): New function.
(sexp_get_token_char): Deleted function.
(sexp_get_quoted_char): Simplified. Deleted output argument.
(sexp_get_quoted_string): Simplified.
(sexp_get_base64_string): Likewise.
(sexp_get_token_string): Likewise.
(sexp_get_string_length): Skip the character that terminates the
string.
(sexp_get_token): Cleared upp calling conventions. Always consume
the final character of the token.
(sexp_convert_list): Take responsibility for converting the start
and end of the list.
(sexp_convert_file): Call sexp_get_char first, to get the token
reading started.
(sexp_convert_item): Cleared up calling conventions. Should be
called with INPUT->token being the first token of the expression,
and returns with INPUT->token being the final token of the
expression. Return value changed to void..
* examples/sexp-conv-test: Added test for transport mode input.
* examples/sexp-conv.c (sexp_get_char): Use the nettle_armor
interface for decoding.
(sexp_input_start_coding): New function.
(sexp_input_end_coding): New function.
(sexp_get_base64_string): Rewrote to use sexp_input_start_coding
and sexp_input_end_coding.
(sexp_get_token): Generate SEXP_TRANSPORT_START tokens.
(sexp_convert_list): Lists are ended only by SEXP_LIST_END.
(sexp_convert_item): Implemented transport mode, using
sexp_input_start_coding and sexp_input_end_coding.
2002-10-30 Niels Möller <nisse@cuckoo.hack.org>
* Makefile.am: Added base16 files.
* examples/sexp-conv-test: New tests for transport output.
* examples/sexp-conv.c: Deleted hex functions, moved to Nettle's
base16 files.
(struct sexp_output): Represent the current encoding as a
nettle_armor pointer and a state struct.
(sexp_output_init): Deleted MODE argument. Now passed to functions
that need it.
(sexp_get_char): Updated to new base64 conventions.
(sexp_get_base64_string): Likewise.
(sexp_put_raw_char): New function.
(sexp_put_newline): Use sexp_put_raw_char.
(sexp_put_char): Use nettle_armor interface for encoding data.
Use OUTPUT->coding_indent for line breaking, so the INDENT
argument was deleted.
(sexp_put_code_start): New function, replacing sexp_put_base64_start.
(sexp_put_code_end): New function, replacing sexp_put_base64_end.
(sexp_put_data): Deleted argument INDENT.
(sexp_puts): Likewise.
(sexp_put_length): Likewise.
(sexp_put_list_start): Likewise.
(sexp_put_list_end): Likewise.
(sexp_put_display_start): Likewise.
(sexp_put_display_end): Likewise.
(sexp_put_string): Likewise. Also changed base64 handling.
(sexp_convert_string): Deleted argument INDENT. New argument
MODE_OUT.
(sexp_convert_list): New argument MODE_OUT.
(sexp_convert_file): Likewise.
(sexp_convert_item): Likewise. Also handle output in transport
mode.
(match_argument): Simple string comparison.
(main): Adapted to above changes.
* testsuite/testutils.c (test_armor): Allocate a larger buffer
CHECK, to make decode_update happy. Updated to new base64
conventions.
* testsuite/base64-test.c (test_main): Fixed overlap test to not
change the base64 before decoding. Updated to new base64
conventions.
* testsuite/Makefile.am (TS_PROGS): Added base16-test.
* testsuite/base16-test.c: New test.
* sexp-transport.c (sexp_transport_iterator_first): Updated to new
conventions for base64_decode_update and base64_decode_final.
* nettle-meta.h: Updated ascii armor declarations. New declaration
for nettle_base16.
* base64-decode.c (base64_decode_single): Return -1 on error.
Also keep track of the number of padding characters ('=') seen.
(base64_decode_update): New argument dst_length. Return -1 on error.
(base64_decode_status): Renamed function...
(base64_decode_final): ... to this.
* base64.h (struct base64_decode_ctx): Deleted STATUS attribute.
Added PADDING attribute.
* base16.h, base16-encode.c, base16-decode.c, base16-meta.c: New
files.
2002-10-28 Niels Möller <nisse@cuckoo.hack.org>
* examples/sexp-conv.c (struct hex_decode_ctx): New hex decoding
functions.
(sexp_get_raw_char): New function.
(sexp_get_char): Use sexp_get_raw_char.
2002-10-26 Niels Möller <nisse@cuckoo.hack.org>
* examples/sexp-conv.c (sexp_put_length): Bugfix, don't output any
leading zero.
(main): Implemented -s option.
* examples/sexp-conv-test: Test for echo -n vs echo '\c'. Added a
few tests for canonical output.
2002-10-25 Niels Möller <niels@s3.kth.se>
* examples/sexp-conv.c (struct sexp_input): Deleted the mode from
the state, that should be passed as argument to relevant
functions. Instead, introduces enum sexp_coding, to say if base64
coding is in effect.
(struct sexp_output): Added coding attribute.
(sexp_put_char): Use output->coding.
(sexp_put_base64_start): Likewise.
(sexp_put_base64_end): Likewise.
* base64-decode.c (base64_decode_single): Simplified, got rid of
the done variable.
2002-10-25 Niels Möller <nisse@cuckoo.hack.org>
* examples/sexp-conv.c (sexp_put_newline): Return void, die on
error.
(sexp_put_char, sexp_put_data, sexp_puts, sexp_put_length,
sexp_put_base64_start, sexp_put_base64_end, sexp_put_string,
sexp_put_list_start, sexp_put_list_end, sexp_put_display_start,
sexp_put_display_end, sexp_convert_string, sexp_convert_list,
sexp_skip_token): Likewise.
(sexp_convert_item): Die on error.
2002-10-24 Niels Möller <nisse@cuckoo.hack.org>
* examples/sexp-conv-test: Doesn't need echo -n anymore.
* examples/sexp-conv.c (die): New function.
(struct sexp_input): Deleted field ITEM.
(sexp_get_char): Die on failure, never return -1.
(sexp_get_quoted_char): Likewise.
(sexp_get_quoted_string): Die on failure, no returned value.
(sexp_get_base64_string): Likewise.
(sexp_get_token_string): Likewise.
(sexp_get_string): Likewise.
(sexp_get_string_length): Likewise.
(sexp_get_token): Likewise.
(sexp_convert_string): Adapted to sexp_get_token.
(sexp_convert_list): Likewise.
(sexp_convert_file): New function.
(main): Use sexp_convert_file.
2002-10-23 Niels Möller <nisse@cuckoo.hack.org>
* examples/Makefile.am (TS_PROGS): Added sexp-conv-test.
* examples/sexp-conv.c (sexp_input_init): Initialize input->string
properly.
(sexp_get_char): Fixed non-transport case.
(sexp_get_quoted_char): Fixed default case.
(sexp_get_token): Loop over sexp_get_char (needed for handling of
white space). Don't modify input->level. Fixed the code that skips
comments.
(sexp_put_char): Fixed off-by-one bug in assertion.
(sexp_put_string): Fixed escape handling for output of quoted
strings.
(sexp_convert_list): Prettier output, hanging indent after the
first list element.
(sexp_skip_token): New function.
(sexp_convert_item): Use sexp_skip_token to skip the end of a
"[display-type]".
2002-10-22 Niels Möller <nisse@cuckoo.hack.org>
* examples/sexp-conv-test: New test program.
* examples/Makefile.am (noinst_PROGRAMS): Added sexp-conv.
* examples/sexp-conv.c (sexp_convert_list): New function.
(sexp_convert_item): New function.
(main): New function. Compiles and runs now, but doesn't work.
* base64-decode.c (base64_decode_single): New function.
(base64_decode_update): Use base64_decode_single.
* examples/sexp-conv.c: Added output functions.
2002-10-21 Pontus Sköld <pont@soua.net>
* base64-encode.c (base64_encode_raw): Fixed null statement
amongst variable declarations, broke compilation for non C99
compilers.
2002-10-21 Niels Möller <nisse@lysator.liu.se>
* examples/sexp-conv.c: New sexp conversion program.
2002-10-21 Niels Möller <niels@s3.kth.se>
* Makefile.am (libnettle_a_SOURCES): Added
sexp-format-transport.c.
* sexp-transport.c (sexp_transport_iterator_first): New file and
function.
* sexp.h (sexp_transport_iterator_first): Added protoype.
* sexp.c (sexp_iterator_next): Abort if iterator type is boogus.
2002-10-19 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/testutils.c (test_armor): Updated to new armor
conventions.
* testsuite/base64-test.c (test_main): Test BASE64_ENCODE_LENGTH
and BASE64_DECODE_LENGTH. Updated test of base64_encode_raw (used
to be base64_encode).
* base64.h (BASE64_ENCODE_LENGTH, BASE64_DECODE_LENGTH): Fixed and
documented macros.
* base64-meta.c (base64_encode_length, base64_decode_length): New
functions, corresponding to the macros with the same name.
* Makefile.am (libnettle_a_SOURCES): base64.c replaced by
base64-encode.c and base64-decode.c.
* pgp-encode.c (pgp_armor): Use new base64 conventions.
* nettle-meta.h: Updated nettle_armor definitions.
* base64.h: Major reorganization.
* base64.c: Deleted file, contents moved to base64-encode.c or
base64-decode.c.
* base64-encode.c: New file. New supporting both encode-at-once
and streamed operation.
* base64-decode.c: New file.
2002-10-09 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/Makefile.am (TS_PROGS): Added dsa-keygen-test.
* dsa-keygen.c: Call the progress callback only if it's non-NULL.
* Makefile.am (libnettle_a_SOURCES): Added bignum-random.c and
dsa-keygen.c.
* testsuite/testutils.c (test_dsa_key): New function to sanity
check a dsa keypair.
* testsuite/dsa-test.c (test_main): Call dsa_test_key.
* testsuite/dsa-keygen-test.c: New test case.
* dsa.h (DSA_MINIMUM_BITS): New constant.
* bignum.h (nettle_mpz_random, nettle_mpz_random_size): Added
prototypes.
* dsa-keygen.c: New file.
* bignum-random.c: New file.
(nettle_mpz_random): New function, moved from...
* dsa-sign.c (nettle_mpz_random): ... here. Also changed argument
ordering and updated callers.
* bignum-random.c: (nettle_mpz_random_size): New function, renamed
and moved here from...
* rsa-keygen.c (bignum_random_size): ... here. Updated all
callers.
* testsuite/testutils.c (test_dsa): Needs both public and private
key as arguments.
* testsuite/dsa-test.c (test_main): Updated to changes of the
private key struct.
* testsuite/Makefile.am (TS_PROGS): Added dsa-test.
* rsa-decrypt.c (rsa_decrypt): Constification.
* rsa-encrypt.c (rsa_encrypt): Likewise.
* rsa.c (rsa_compute_root): Likewise.
* rsa_md5.c (rsa_md5_sign): Likewise.
(rsa_md5_verify): Likewise.
* rsa_sha1.c (rsa_sha1_sign): Likewise.
(rsa_sha1_verify): Likewise.
* dsa-verify.c (dsa_verify): Use const for the public key
argument.
* dsa-sign.c (dsa_sign): Needs the public key as argument, in
addition to the private key. Use const.
* dsa.h (struct dsa_private_key): Don't include the public
information here.
* dsa.c (dsa_private_key_init, dsa_private_key_clear): Updated to
new struct dsa_private_key.
* dsa-sign.c (dsa_sign): Bugfix, added missing mpz_init call.
* Makefile.am (libnettle_a_SOURCES): Added dsa files.
(libnettleinclude_HEADERS): Added dsa.h.
* testsuite/testutils.c (test_dsa): New function.
* testsuite/dsa-test.c: New test.
* dsa.h, dsa.c, dsa-sign.c, dsa-verify.c: New files.
* nettle-meta.h: Moved the nettle_random_func and
nettle_progress_func typedefs here...
* rsa.h: ... from here.
2002-10-07 Niels Möller <nisse@cuckoo.hack.org>
* sexp.h (enum sexp_type): Deleted SEXP_START.
* sexp.c (sexp_iterator_parse): New function, similar to the old
sexp_iterator_next, but independent of the previous value of the
iterator->type.
(sexp_iterator_first): Use sexp_iterator_parse.
(sexp_iterator_next): Likewise.
(sexp_iterator_enter_list): Use sexp_iterator_parse. SEXP_START
not needed anymore.
(sexp_iterator_exit_list): Likewise.
2002-10-06 Niels Möller <nisse@cuckoo.hack.org>
* sexp2rsa.c (get_value): No need to call sexp_iterator_next
anymore.
* sexp.c (sexp_iterator_assoc): Advance the iterator to the
element after a matching tag, before recording it.
* testsuite/sexp-test.c (test_main): Updated test.
* testsuite/sexp-test.c (test_main): No need to call
sexp_iterator_next after sexp_iterator_exit_list.
* sexp2rsa.c (rsa_keypair_from_sexp): No need to call
sexp_iterator_next anymore.
* sexp.c (sexp_iterator_next): Updated to new sexp_iterator_exit_list.
(sexp_iterator_exit_list): Return with iterator pointing to the
element after the list.
(sexp_iterator_check_type): Call sexp_iterator_next before
returning.
(sexp_iterator_check_types): Likewise.
(sexp_iterator_assoc): Rearranged calls of sexp_iterator_next.
* sexp.c (sexp_iterator_enter_list): Call sexp_iterator_next to
get to the first element of the list. Updated callers.
* base64.c (base64_encode_group): New function, used by openpgp
armoring code.
* Makefile.am: Added openpgp files.
* sexp2rsa.c (rsa_keypair_from_sexp): Use sexp_iterator_first.
* testsuite/sexp-test.c (test_main): Likewise.
* sexp.c (sexp_iterator_init): Made this function static.
(sexp_iterator_first): New, friendlier, initialization function.
* pgp-encode.c: New file. Functions for writing openpgp data
packets.
* pgp.h: New file, with pgp related declarations.
* rsa2openpgp.c (rsa_keypair_to_openpgp): New file, new function.
2002-10-04 Niels Möller <niels@s3.kth.se>
* examples/rsa-keygen.c: Use malloc, instead of asprintf.
2002-10-03 Niels Möller <nisse@cuckoo.hack.org>
* Released nettle-1.6.
* NEWS: Note the aes api change.
* examples/Makefile.am (EXTRA_DIST): Distribute setup-env and
teardown-env.
2002-10-02 Niels Möller <nisse@cuckoo.hack.org>
* examples/rsa-keygen.c (main): Comment on the lax security of the
private key file.
* index.html: Added link to mailing list.
2002-10-02 Niels Möller <niels@s3.kth.se>
* Makefile.am: Fixed assembler rules, and shared libraries.
* configure.ac: Fixed the enable-shared option.
2002-10-01 Niels Möller <nisse@cuckoo.hack.org>
* configure.ac: New option --enable-shared, and a first attempt at
building a shared library (*without* using libtool).
* Makefile.am: A first attempt at rules for building a shared
libnettle.so.
2002-10-01 Niels Möller <niels@s3.kth.se>
* examples/run-tests (test_program): Use basename.
* examples/teardown-env: Delete some more files.
* examples/run-tests (test_program): Strip directory part of
displayed name.
* examples/Makefile.am (TS_PROGS): New variable. Run tests.
* examples/io.c (read_file): Bug fix, used to overwrite pointer.
* examples/rsa-keygen.c (main): Bug fix, private key wasn't
written properly.
* testsuite/Makefile.am: Some cleanup of make check.
* examples/setup-env, examples/teardown-env: Test environment scripts.
* examples/rsa-verify-test, examples/rsa-sign-test: New test cases.
* examples/run-tests: New file (copied from lsh testsuite).
* examples/Makefile.am: Use EXTRA_PROGRAMS and @RSA_EXAMPLES@.
* examples/rsa-sign.c: No need to include config.h. Use werror
instead of fprintf.
* examples/rsa-verify.c: Likewise.
* examples/rsa-keygen.c: Likewise.
* examples/io.h: Forward declare struct rsa_public_key and struct
rsa_private_key, to avoid dependences on config.h.
* configure.ac (RSA_EXAMPLES): New substituted variable,
controlling which example programs to build.
* examples/rsa-verify.c: New example program.
* examples/rsa-keygen.c: Use functions from io.c.
* examples/rsa-sign.c: Likewise.
* examples/Makefile.am (noinst_PROGRAMS): Added rsa-verify.
(LDADD): Added io.o.
* configure.ac: New define WITH_PUBLIC_KEY, and new configure flag
--disable-public-key. Updated rsa-files to check for that, rather
than for HAVE_LIBGMP.
* examples/io.c, examples/io.c: New files. Miscellaneous functions
used by the example programs.
* base64.h (BASE64_DECODE_LENGTH): Comment fix.
2002-09-30 Niels Möller <nisse@cuckoo.hack.org>
* sexp2rsa.c (rsa_keypair_from_sexp): Bugfix: Call
rsa_prepare_public_key and rsa_prepare_private_key.
* examples/Makefile.am (noinst_PROGRAMS): Added rsa-sign.
* examples/rsa-sign.c: New example program.
* testsuite/base64-test.c (test_main): Test encoding and decoding
in place.
* base64.c (base64_encode): Encode from the end of the data
towards the start, in order to support overlapping areas.
(base64_encode): Broke out some common code from the switch..
2002-09-30 Niels Möller <niels@s3.kth.se>
* sexp_format.c (sexp_format): Don't mix code and declarations.
2002-09-29 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/Makefile.am (TS_PROGS): Added buffer-test
sexp-format-test rsa2sexp-test sexp2rsa-test.
* testsuite/sexp-test.c (test_main): Updated calls to
sexp_iterator_assoc.
* testsuite/testutils.h (MEMEQH): New macro.
* testsuite/sexp2rsa-test.c: New test.
* testsuite/sexp-format-test.c: New test.
* testsuite/rsa2sexp-test.c: New test.
* testsuite/buffer-test.c: New test.
* testsuite/testutils.c (test_rsa_key): Copied this function
from...
testsuite/rsa-keygen-test.c: ... here.
* examples/rsa-keygen.c: New file.
* Makefile.am: Added new source files and headers buffer.h,
buffer.c, sexp_format.c, sexp2rsa.c, rsa2sexp.c.
* rsa.h (rsa_keypair_to_sexp, rsa_keypair_from_sexp): New
prototypes.
* rsa2sexp.c, sexp2rsa.c: New files.
* sexp.c (sexp_iterator_assoc): Don't enter the list, associate
keys within the current list. Still exit the list when done.
(sexp_iterator_assoc): Represent keys as plain NUL-terminated
strings.
(sexp_iterator_check_type, sexp_iterator_check_types): New
functions.
* sexp_format.c: New file, implementing an sexp canonical syntax
formatter.
* buffer.c, buffer.h: New files, implementing a bare-bones string
stream.
* bignum.c (nettle_mpz_sizeinbase_256): New function.
2002-09-28 Niels Möller <nisse@cuckoo.hack.org>
* sexp.c (sexp_iterator_assoc): Return 0 for missing or duplicate
keys. Now passes all the tests.
* sexp.c (sexp_iterator_simple): Bugfixes. Check earlier that
length doesn't grow too large.
(sexp_iterator_next): Skip the current list only if type is
SEXP_LIST. Handle ')'.
(sexp_iterator_enter_list): Set type to SEXP_START.
(sexp_iterator_exit_list): Likewise. Don't skip the ')' here.
(sexp_iterator_assoc): Bug fix.
* testsuite/sexp-test.c (test_main): Reordered sexp_iterator_assoc
tests.
* nettle.texinfo (Randomness): Documented that yarrow256_init can
be called with a zero number of sources.
* testsuite/testutils.h (ASSERT): New macro.
* testsuite/sexp-test.c: Test sexp parser.
* Makefile.am (SUBDIRS): Added sexp files.
* sexp.c, sexp.h: New files, implementing an sexp-parser.
2002-08-27 Niels Möller <niels@s3.kth.se>
* Makefile.am (DISTCLEANFILES): make distclean should delete the
assembler-related symlinks.
2002-08-26 Niels Möller <nisse@cuckoo.hack.org>
* Makefile.am (%.o: %.asm): Create an empty (and unused)
dependency file, to make the make/automake dependency tracking
happier.
2002-07-18 Niels Möller <niels@s3.kth.se>
* examples/nettle-benchmark.c (main): Try openssl's ciphers as
well, if available.
* Makefile.am (libnettle_a_SOURCES): Added nettle-openssl.c.
* nettle-openssl.c: New file.
* nettle-internal.h: Declare openssl glue ciphers.
* des-compat.h: Extra name-mangling, to avoid collisions in case a
program links with both nettle and libcrypto (the nettle-benchmark
program does).
* configure.ac: Don't use -ggdb3 with gcc-2.96.
Check for openssl's libcrypto (for benchmarking).
2002-05-16 Niels Möller <nisse@cuckoo.hack.org>
* sparc/aes.asm: Deleted registers i and t3.
(_aes_crypt): Moved some registers around. We now use input
registers only for arguments, local registers for loop invariants,
output registers for temporaries and loop variables, and no global
registers at all.
* sparc/aes.asm (AES_FINAL_ROUND): New macro.
(_aes_crypt): Use AES_FINAL_ROUND for the first word of the final
round.
(_aes_crypt): And for the rest of the final round.
(AES_FINAL_ROUND): Don't update dst, just access it offseted by i.
(_aes_crypt): Add 16 to dst at the end of the final round.
(AES_ROUND): Use ldub, not ld + and, to get the third byte
of wtxt.
(AES_ROUND): Use ldub, not lduh + and, to get the second
byte of a word.
(AES_ROUND): Reordered instructions, so that we can save one
register.
(AES_ROUND): Eliminated use of t3.
(AES_FINAL_ROUND): Eliminated ands.
(AES_FINAL_ROUND): Reordered, so that we can save one register.
(AES_FINAL_ROUND): Eliminated t3.
(AES_LOAD): New macro.
(_aes_crypt): Unrolled source loop.
(_aes_crypt): Use AES_LOAD macro.
(_aes_crypt): Deleted cruft from the old source loop.
(AES_LOAD): Eliminated t3.
2002-05-15 Niels Möller <nisse@cuckoo.hack.org>
* sparc/aes.asm (AES_ROUND): New macro.
(_aes_crypt): Use AES_ROUND for first word of the
round function.
(_aes_crypt): And for the rest of the round function.
* sparc/aes.asm (_aes_crypt): Deleted a bunch of additions,
after accessing IDX1.
* aes-internal.h (struct aes_table): sparc_idx[0] should now
contain index values shifted by the size of a word, and with 2
added. This saves some additions in the sparc assembler code.
Updates aes-encrypt-table.c and aes-decrypt-table.c.
* sparc/aes.asm (_aes_crypt): Unrolled final loop, preparing for
optimizations.
(_aes_crypt): Eliminated i from forst copy of the loop. Some
cleanup.
(_aes_crypt): And from second copy.
(_aes_crypt): And from third.
(_aes_crypt): And fourth.
(_aes_crypt): Eliminated updates of i from the loop.
(_aes_crypt): Access IDX1 and IDX3 through the T pointer, saving
two registers.
* aes-internal.h (struct aes_table): Renamed the shift_idx field
to sparc_idx, as it will be tweaked to improve the sparc code.
Also reduced its size to [2][4].
(IDX_FACTOR): Deleted constant.
* aes-encrypt-table.c (_aes_encrypt_table): Adapted initializer of
sparc_idx.
* aes-decrypt-table.c (_aes_decrypt_table): Likewise.
* asm.m4: Deleted AES_SIDX2, to match struct aes_table.
* sparc/aes.asm (_aes_crypt): Unrolled the inner loop, preparing
for optimizations suggested by Marcus Comstedt.
(_aes_crypt): Eliminated i from the first copy of the inner loop.
(_aes_crypt): And from the second copy.
(_aes_crypt): And from the third copy.
(_aes_crypt): And from the fourth copy.
(_aes_crypt): Renamed .Linner_loop to .Lround_loop.
(_aes_crypt): Eliminated the loop variable i from the unrolled
loop.
(_aes_crypt): Deleted moves of constants into t2.
2002-05-15 Niels Möller <niels@s3.kth.se>
* x86/aes-encrypt.asm (aes_encrypt): Use AES_SUBST_BYTE.
* x86/aes-decrypt.asm (aes_decrypt): Likewise.
(aes_decrypt): Use AES_STORE.
(aes_decrypt): Deleted first xchgl instruction into, permuting the
AES_ROUND calls instead.
(aes_decrypt): Likewise for the final round.
(aes_decrypt): Got rid if the xchgl instruction after the final
round, folding it into the final round.
* x86/machine.m4: Renamed AES_LAST_ROUND to AES_FINAL_ROUND.
Updated users.
* x86/aes-decrypt.asm (aes_decrypt): Use the AES_LOAD macro.
(aes_decrypt): Start using AES_ROUND.
(aes_decrypt): Use AES_LAST_ROUND.
* x86/aes-decrypt.asm (aes_decrypt): Moved function to a separate
file...
* x86/aes.asm: ... from here.
* x86/aes.asm (aes_decrypt): Use _aes_decrypt_table instead of
itbl1-4. Commented out the inclusion of aes_tables.asm.
(aes_decrypt): Use _aes_decrypt_table instead of isbox.
* x86/aes-decrypt.asm: New file, empty at the start.
* Makefile.am (libnettle_a_SOURCES): Added aes-decrypt-table.c.
* aes-decrypt.c (_aes_decrypt_table): Moved from this file...
* aes-decrypt-table.c (_aes_decrypt_table): ... to a new file.
* testsuite/aes-test.out: New file, with the output of
testsuite/aes-test, when aes.c has been compiled with debugging
printouts of intermediate state.
2002-05-15 Niels Möller <nisse@cuckoo.hack.org>
* sparc/aes.asm: (_aes_crypt): Restore %fp at end of function, to
make %fp available for other uses.
* sparc/aes.asm: The frame setup was broken. Tried to fix it.
Reverted to revision 1.70 + minor changes from the head revision.
* x86/aes-encrypt.asm (aes_encrypt): Use test instead of cmpl $0,.
* x86/machine.m4 (AES_SUBST_BYTE): New macro.
* sparc/aes.asm: wtxt needs no register of it's own, as its
pointed to by %sp. %g5 moved to %l0, the register previously
allocated for wtxt, so that we stay clean of the reserved %g
registers.
2002-05-14 Niels Möller <nisse@cuckoo.hack.org>
* sparc/aes.asm: Avoid using %g6 and %g7, as they are reserved for
operating sytem use. Use %i5 and %o7 instead. Also moved %g4 to %g1.
(_aes_crypt): Allocate only 32 bytes local storage on the stack.
Calculate wtxt and tmp using offsets from %sp, not %fp.
2002-05-14 Niels Möller <niels@s3.kth.se>
* x86/aes-encrypt.asm (aes_encrypt): Replaced first quarter of the
round function with an invocation of AES_ROUND.
(aes_encrypt): Similarly for the second column.
(aes_encrypt): Similarly for the rest of the round function.
* x86/machine.m4 (AES_ROUND): New macro.
* x86/aes-encrypt.asm (aes_encrypt): Use AES_LOAD macro.
* x86/machine.m4 (AES_LOAD): New macro.
* x86/aes-encrypt.asm (aes_encrypt): Use AES_STORE.
* x86/machine.m4 (AES_STORE): New macro.
* x86/aes-encrypt.asm (aes_encrypt): Use the AES_LAST_ROUND macro
for the first column of the final round.
(aes_encrypt): Similarly for the second column.
(aes_encrypt): Similarly for the third and fourth column.
(aes_encrypt): Deleted xchgl instruction in final round, by
reordering the second and fourth round.
* x86/machine.m4 (AES_LAST_ROUND): New macro.
* x86/aes-encrypt.asm (aes_encrypt): Move code here...
* x86/aes.asm: ...from here.
* x86/aes.asm: Use addl and subl, not add and sub. Replaced
references to dtbl1-4 with references to _aes_encrypt_table.
* configure.ac (asm_path): Enable x86 assembler.
* x86/aes.asm (aes_decrypt): Adapted to the current interface.
Notably, the order of the subkeys was reversed. Single block
encrypt/decrypt works now.
(aes_encrypt, aes_decrypt): Added an outer loop, so that we can
encrypt more than one block at a time.
2002-05-07 Niels Möller <niels@s3.kth.se>
* configure.ac: Generate config.m4.
* x86/aes.asm: Use C for comments, include the tables using
include_src, and commented out the key setup functions.
Fixed the processing of the first handling of the round function.
Now, encryption of a single block works! Multiple blocks, and
decryption, is still broken.
* x86/machine.m4: New file (empty).
* x86/aes-encrypt.asm: New file, empty for now.
* Makefile.am (%.asm): Added asm.m4, machine.m4 and config.m4 to
the m4 command line.
(libnettle_a_SOURCES): Added aes-encrypt-table.c.
* sparc/aes.asm: No need to include asm.m4, that is taken care of
by the Makefile.
* config.m4.in: New file, configuration for asm.m4.
* asm.m4 (C, include_src): New macros.
* aes-encrypt-table.c: New file, table moved out from
aes-encrypt.c.
2002-05-06 Niels Möller <niels@s3.kth.se>
* configure.ac (CFLAGS): Don't enable -Waggregate-return.
2002-05-05 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Pass no arguments to AM_INIT_AUTOMAKE.
2002-05-05 Niels Möller <nisse@cuckoo.hack.org>
* configure.ac: Update for automake-1.6.
* configure.ac: Renamed file, used to be configure.in.
2002-03-20 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/run-tests (test_program): Added missing single quote.
2002-03-20 Niels Möller <nisse@lysator.liu.se>
* testsuite/run-tests (test_program): Test the exit status of the
right process.
2002-03-19 Pontus Sköld <pont@it.uu.se>
* testsuite/run-tests: Removed /bin/bashisms to use with /bin/sh.
2002-03-18 Niels Möller <nisse@cuckoo.hack.org>
* rsa-keygen.c (rsa_generate_keypair): Output a newline after a
non-empty line of 'e':s (bad e was chosen, try again).
2002-03-16 Niels Möller <nisse@cuckoo.hack.org>
* configure.in (asm_path): AC_CONFIG_LINKS adds $srcdir
automatically.
2002-03-14 Niels Möller <nisse@cuckoo.hack.org>
* sparc/aes.asm, x86/aes.asm: Added copyright notice.
* Makefile.am (libnettle_a_SOURCES): Added aes-internal.h.
(EXTRA_DIST): Added assembler files.
* configure.in (asm_path): Use $srcdir when looking for the files.
* configure.in (asm_path): For now, disable x86 assembler code.
Bumped version to 1.6.
2002-02-25 Niels Möller <nisse@cuckoo.hack.org>
* sparc/aes.asm (_aes_crypt): Moved increment of src into the
source_loop. Also fixed stop condition, the loop was run 5 times,
not 4, as it should.
(_aes_crypt): Use src directly when accessing the source data,
don't use %o5.
(_aes_crypt): Renamed variables in source_loop.
(_aes_crypt): Changed stop condition in source_loop to not depend
on i. Finally reduced the source_loop to 16 instructions. Also
increased the alignment of the code to 16.
(_aes_crypt): In final_loop, use preshifted indices.
(_aes_crypt): In final_loop, construct the result in t0. Use t0-t3
for intermediate values.
(_aes_crypt): In final_loop, use the register idx.
(_aes_crypt): In final_loop, keep i multiplied by 4. Use key to
get to the current roundkey.
(_aes_crypt): In final_loop, use i for indexing.
(_aes_crypt): Update dst in the output loop. This yields a delay
slot that isn't filled yet.
(_aes_crypt): Decrement round when looping, saving yet some
instructions.
(_aes_crypt): Reformatted code as blocks of four instructions
each.
(_aes_crypt): Copy the addresses of the indexing tables into
registers at the start. No more need for the idx register.
(_aes_crypt): Deleted idx register.
(_aes_crypt): Some peep hole optimizations, duplicating some
instructions to fill nop:s, and put branch instructions on even
word addresses.
2002-02-22 Niels Möller <nisse@cuckoo.hack.org>
* sparc/aes.asm (_aes_crypt): Moved some more additions out of the
inner loop, using additional registers.
(_aes_crypt): Deleted one more addition from the inner loop, by
using the subkey pointer.
2002-02-19 Niels Möller <nisse@cuckoo.hack.org>
* configure.in (asm_path): Renamed "path" to "asm_path". Also look
for a machine.m4.
2002-02-16 Niels Möller <nisse@cuckoo.hack.org>
* sparc/aes.asm: Use that IDX2(j) == j ^ 2
* Makefile.am (libnettle_a_SOURCES): Reordered aes-decrypt.c and
aes-encrypt.c. For some strange reason it makes the benchmark go
faster...
* sparc/aes.asm (_aes_crypt): Use double-buffering, and no
separate loop for adding the round key.
(round): Keep round index muliplied by 16, so it can be used
directly for indexing the subkeys.
(_aes_crypt): In the final loop, use ctx+round to access the
subkeys, no need for an extra register.
2002-02-15 Niels Möller <nisse@cuckoo.hack.org>
* sparc/aes.asm (_aes_crypt): Renaming variables, allocating
locals starting from %l0.
(_aes_crypt): Consistently use %l4, aka i, as the variable for the
innermost loops.
(_aes_crypt): Moved reading of ctx->nrounds out of the loop.
(_aes_crypt): In final_loop, deleted a redundant mov, and use i as
loop variable.
(_aes_crypt): Started renumbering registers in the inner loop. The
computation for the table[j] sub-expression should be kept in
register %o[j].
(_aes_crypt): Renamed more variables in the inner loop. Now the
primary variables are t0, t1, t2, t3.
* sparc/aes.asm (_aes_crypt): Swapped register %i0 and %o5, %i1
and %o0, %i2 and %o4, %i3 and %o3, %i4 and %o2.
(_aes_crypt): wtxt was stored in both %l1 and %l2 for the entire
function. Freed %l2 for other uses.
(_aes_crypt): Likewise for tmp, freeing register %o1.
* sparc/machine.m4: New file, for sparc-specific macros.
* sparc/aes.asm (_aes_crypt): Hacked the source_loop, to get rid
of yet another redundant loop variable, and one instruction.
(_aes_crypt): Strength reduce loop variable in the
inner loop, getting rid of one register.
(_aes_crypt): Use pre-shifted indices (aes_table.idx_shift), to
avoid some shifts in the inner loop.
(_aes_crypt): Don't check for nrounds==0 at the start of the loop.
* asm.m4: Define and use structure-defining macros.
* Makefile.am (%.asm): Use a GNU pattern rule, to make %.o depend
on both %.asm and asm.m4.
* aes-internal.h (struct aes_table): New subtable idx_shift.
Updated tables in aes_encrypt.c and aes_decrypt.c.
* asm.m4: Use eval to compute values.
* sparc/aes.asm (_aes_crypt): Deleted commented out old version of
the code.
* asm.m4: Added constants for individual rows of the aes table.
* aes.c (IDX0, IDX1, IDX2, IDX3): New macros, encapsualting the
structure of the idx table.
* asm.m4: Define various aes struct offsets.
* testsuite/cbc-test.c (test_cbc_bulk): Use aes_set_encrypt_key
and aes_set_decrypt_key.
* sparc/aes.asm (_aes_crypt): Use symbolic names for the fucntion
arguments.
2002-02-14 Niels Möller <nisse@cuckoo.hack.org>
* sparc/aes.asm: Copied gcc assembler code for _aes_crypt.
* aesdata.c: New program for generating AES-related tables.
* testsuite/testutils.c (print_hex): New function (moved from
yarrow-test.c).
* testsuite/rsa-keygen-test.c (progress): Declare the ctx argument
as UNUSED.
* testsuite/cbc-test.c (test_cbc_bulk): New function, testing CBC
with larger blocks.
* yarrow256.c: Replaced uses of aes_set_key with
aes_set_encrypt_key.
* nettle-meta.h (_NETTLE_CIPHER_SEP): New macro, useful for
algorithms with separate encyption and decryption key setup.
* aes-internal.h (struct aes_table): New structure, including all
constant tables needed by the unified encryption or decryption
function _aes_crypt.
* aes.c (_aes_crypt): New function, which unifies encryption and
decryption.
AES key setup now uses two separate functions for setting
encryption and decryption keys. Applications that don't do
decryption need no inverted subkeys and no code to generate them.
Similarly, the tables (about 4K each for encryption and
decryption), are put into separate files.
* aes.h (struct aes_ctx): Deleted space for inverse subkeys. For
decryption, the inverse subkeys replace the normal subkeys, and
they are stored _in the order they are used_.
* aes-set-key.c (aes_set_key): Deleted file, code moved...
* aes-set-decrypt-key.c, aes-set-encrypt-key.c: New files,
separated normal and inverse key setup.
* aes-tables.c: Deleted, tables moved elsewhere...
* aes-encrypt.c, aes-decrypt.c: New files; moved encryption and
decryption funktions, and needed tables, into separate files.
2002-02-13 Niels Möller <nisse@cuckoo.hack.org>
* aes.c (aes_encrypt): Don't unroll the innerloop.
(aes_encrypt): Don't unroll the loop for the final round.
(aes_decrypt): Likewise, no loop unrolling.
* aes-set-key.c (aes_set_key): Reversed the order of the inverted
subkeys. They are now stored in the same order as they are used.
* aes-tables.c (itable): New bigger table, generated by aesdata.c.
* aes.c (aes_decrypt): Rewrote to use the bigger tables.
2002-02-12 Niels Möller <nisse@cuckoo.hack.org>
* aes.c (aes_encrypt): Interleave computation and output in the
final round.
* aes-internal.h (AES_SMALL): New macro.
* aes.c (aes_encrypt): Optionally use smaller rotating inner loop.
* aes-tables.c (dtbl): Replaced with table generated by aesdata.
* aes.c (aes_encrypt): Rewrite, now uses larger tables in order to
avoid rotates.
* sparc/aes.asm (aes_encrypt): Strength reduced on j, getting rid
of one register and one instruction in the inner loop.
* sparc/aes.asm (idx, aes_encrypt): Multiplied tabled values by 4,
making it possible to get rid of some shifts in the inner loop.
* configure.in: Fixed spelling of --enable-assembler. Commented
out debug echo:s.
* asm.m4: New file. For now, only doing changequote and changecom.
* sparc/aes.asm (aes_encrypt): Added comments.
(aes_encrypt): Cut off redundant instruction per block, also
saving one redundant register pointing to idx.
(idx_row): New macro. Include asm.m4.
2002-02-11 Niels Möller <nisse@cuckoo.hack.org>
* sparc/aes.asm (key_addition_8to32): Cleaned up.
Deleted gcc-generated debugging information.
* sparc/aes.asm (key_addition32): First attempt at optimization.
Made it slower ;-)
* sparc/aes.asm (key_addition32): Unrolled loop, gained 4%
speed, payed four instructions compared to gcc
generated code.
* Makefile.am (.asm.o): New rule for assembling via m4.
(libnettle_a_SOURCES): Added new rsa and aes files.
* configure.in: New command line option --enable-assembler.
Selects assembler code depending on the host system.
* rsa-decrypt.c, rsa-encrypt.c: New files for rsa pkcs#1
encryption.
* aes-set-key.c, aes-tables.c: New files, split off from aes.c.
Tables are now not static, but use a _aes_ prefix on their names.
* aes-internal.h: New file.
* cast128-meta.c (_NETTLE_CIPHER_FIX): Use _NETTLE_CIPHER_FIX.
* cbc.c (cbc_decrypt_internal): New function, doing the real CBC
procesing and requiring that src != dst.
(cbc_decrypt): Use cbc_decrypt_internal. If src == dst, use a
buffer of limited size to copy the ciphertext.
* nettle-internal.c (nettle_blowfish128): Fixed definition, with
key size in bits.
* nettle-meta.h (_NETTLE_CIPHER_FIX): New macro, suitable for
ciphers with a fixed key size.
* examples/nettle-benchmark.c (display): New function for
displaying the results, including MB/s figures.
* sparc/aes.asm: New file. Not yet tuned in any way (it's just the
code generated by gcc).
2002-02-11 Niels Möller <nisse@lysator.liu.se>
* x86/aes.asm, x86/aes_tables.asm: New assembler implementation by
Rafael Sevilla.
2002-02-06 Niels Möller <nisse@cuckoo.hack.org>
Applied patch from Dan Egnor improving the base64 code.
* base64.h (BASE64_ENCODE_LENGTH): New macro.
(struct base64_ctx): New context struct, for decoding.
(BASE64_DECODE_LENGTH): New macro.
* base64.c (base64_decode_init): New function.
(base64_decode_update): New function, replacing base64_decode.
Takes a struct base64_ctx argument.
* nettle-meta.h: Updated nettle_armor, and related typedefs and
macros.
* testsuite/testutils.c (test_armor): Updated.
* configure.in: Use AC_PREREQ(2.50).
2002-02-01 Niels Möller <nisse@cuckoo.hack.org>
* Released nettle-1.5.
2002-01-31 Niels Möller <nisse@cuckoo.hack.org>
* acinclude.m4: Commented out gmp-related macros, they're probably
not needed anymore.
2002-01-31 Niels Möller <nisse@lysator.liu.se>
* configure.in: Added command line options --with-lib-path and
--with-include-path. Use the RPATH-macros to get correct flags for
linking the test programs with gmp.
* acinclude.m4: New file.
2002-01-31 Niels Möller <nisse@cuckoo.hack.org>
* nettle.texinfo (Randomness): New subsection on Yarrow.
2002-01-30 Niels Möller <nisse@cuckoo.hack.org>
* nettle.texinfo (Randomness): New chapter.
Spell checking and ispell configuration.
* md5.c: Added reference to RFC 1321.
2002-01-24 Niels Möller <nisse@cuckoo.hack.org>
* nettle.texinfo (Public-key algorithms): Minor fixes.
2002-01-22 Niels Möller <nisse@cuckoo.hack.org>
* nettle.texinfo (Nettle soup): New chapter.
(Hash functions): New subsection on struct nettle_hash.
(Hash functions): New subsection on struct nettle_cipher.
(Keyed hash functions): New section, describing MAC:s and HMAC.
(Public-key algorithms): New chapter.
* testsuite/testutils.c (test_armor): New function.
* testsuite/base64-test.c: New testcase.
* testsuite/Makefile.am (TS_PROGS): Added base64-test.
* nettle-meta.h (struct nettle_armor): New struct.
* configure.in: Bumped version to 1.5.
* Makefile.am (libnettle_a_SOURCES): Added base64 files, and some
missing header files.
* base64.c, base64.h, base64-meta.c: New files, hacked by Dan
Egnor.
2002-01-16 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/yarrow-test.c: Deleted ran_array code, use
knuth-lfib.h instead.
* testsuite/testutils.c (test_rsa_md5, test_rsa_sha1): Moved
functions here...
* testsuite/rsa-test.c: ...from here.
* testsuite/rsa-keygen-test.c: New file.
* testsuite/knuth-lfib-test.c: New file.
* Makefile.am (libnettle_a_SOURCES): Added knuth-lfib.c and
rsa-keygen.c.
* rsa-keygen.c: New file.
* rsa.h (RSA_MINIMUM_N_OCTETS): New constant.
(RSA_MINIMUM_N_BITS): New constant.
(nettle_random_func, nettle_progress_func): New typedefs. Perhaps
they don't really belong in this file.
(rsa_generate_keypair): Added progress-callback argument.
* macros.h (READ_UINT24, WRITE_UINT24, READ_UINT16, WRITE_UINT16):
New macros.
* knuth-lfib.c, knuth-lfib.h: New files, implementing a
non-cryptographic prng.
2002-01-15 Niels Möller <nisse@cuckoo.hack.org>
* hmac-sha1.c: New file.
2002-01-14 Niels Möller <nisse@cuckoo.hack.org>
* configure.in: Bumped version to 1.1.
* testsuite/hmac-test.c (test_main): Added hmac-sha1 test cases.
* rsa.c (rsa_init_private_key, rsa_clear_private_key): Handle d.
* rsa.h (struct rsa_private_key): Reintroduced d attribute, to be
used only for key generation output.
(rsa_generate_keypair): Wrote a prototype.
* Makefile.am (libnettle_a_SOURCES): Added hmac-sha1.c and
nettle-internal.h.
* des.c: Use static const for all tables.
(des_set_key): Use a new const * variable for the parity
procesing, for constness reasons.
* list-obj-sizes.awk: New file.
* nettle-internal.c, nettle-internal.h: New files.
* testsuite/Makefile.am (TS_PROGS): Added hmac-test. Deleted old
m4-stuff.
* testsuite/testutils.h (LDATA): Moved this macro here,...
* testsuite/rsa-test.c: ... from here.
* testsuite/hmac-test.c: New file.
* hmac.h: General cleanup. Added declarations of hmac-md5,
hmac-sha1 and hmac-sha256.
* hmac.c: Bug fixes.
* hmac-md5.c: First working version.
* Makefile.am (libnettle_a_SOURCES): Added hmac.c and hmac-md5.c.
(libnettleinclude_HEADERS): Added hmac.h.
* testsuite/rsa-test.c: Also test a 777-bit key.
* rsa.c (rsa_check_size): Changed argument to an mpz_t. Updated
callers.
(rsa_prepare_private_key): Compute the size of the key by
computing n = p * q.
* rsa-compat.c: Adapted to new private key struct.
* rsa_md5.c: Likewise.
* rsa_sha1.c: Likewise.
* rsa.c (rsa_check_size): New function, for computing and checking
the size of the modulo in octets.
(rsa_prepare_public_key): Usa rsa_check_size.
(rsa_init_private_key): Removed code handling n, e and d.
(rsa_clear_private_key): Likewise.
(rsa_compute_root): Always use CRT.
* rsa.h (struct rsa_private_key): Deleted public key and d from
the struct, as they are not needed. Added size attribute.
2002-01-12 Niels Möller <nisse@cuckoo.hack.org>
* Makefile.am: Added *-meta files.
* rsa.c (rsa_init_public_key): New function.
(rsa_clear_public_key): Likewise.
(rsa_init_private_key): Likewise.
(rsa_clear_private_key): Likewise.
* aes-meta.c: New file.
* arcfour-meta.c: New file.
* cast128-meta.c: New file.
* serpent-meta.c: New file.
* twofish-meta.c: New file.
* examples/nettle-benchmark.c: Use the interface in nettle-meta.h.
2002-01-11 Niels Möller <nisse@cuckoo.hack.org>
Don't use m4 for generating test programs, it's way overkill. Use
the C preprocessor instead.
* testsuite/*-test.c: New file.
* hmac.c, hmac.h, hmac-md5.c: New files.
Defined structures describing the algoriths. Useful for code that
wants to treat an algorithm as a black box.
* nettle-meta.h, md5-meta.c, sha1-meta.c, sha256-meta.c: New
files.
2002-01-09 Niels Möller <nisse@cuckoo.hack.org>
* rsa-compat.c: Updated for new md5 and rsa conventions.
* rsa_md5.c: Represent a signature as an mpz_t, not a string.
Updated calls of md5 functions.
* rsa_sha1.c: Likewise.
* rsa.c (rsa_prepare_public_key): Renamed function, was
rsa_init_public_key.
(rsa_prepare_private_key): Renamed function, was
rsa_init_private_key.
* nettle.texinfo (Hash functions): Update for the changed
interface without *_final. Document sha256.
* testsuite/md5-test.m4, testsuite/sha1-test.m4,
testsuite/sha256-test.m4, testsuite/yarrow-test.c: Updated for new
hash function interface.
* yarrow256.c: Removed calls of sha256_final and and some calls of
sha256_init.
* md5-compat.c (MD5Final): Call only md5_digest.
* md5.c (md5_digest): Call md5_final and md5_init.
(md5_final): Declared static.
sha1.c, sha256.c: Analogous changes.
* bignum.c (nettle_mpz_get_str_256): Declare the input argument
const.
2001-12-14 Niels Möller <nisse@cuckoo.hack.org>
* Makefile.am (EXTRA_DIST): Added $(des_headers). Changed
dependencies for $(des_headers) to depend only on the source file
desdata.c, not on the executable.
2001-12-12 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/yarrow-test.c (main): Updated testcase to match fixed
generator. Send verbose output to stdout, not stderr.
* yarrow256.c (yarrow_slow_reseed): Bug fix, update the fast pool
with the digest of the slow pool.
(yarrow256_init): Initialize seed_file and counter to zero, to
ease debugging.
2001-12-07 Niels Möller <nisse@cuckoo.hack.org>
* bignum.c (nettle_mpz_get_str_256): Fixed handling of leading
zeroes.
2001-12-05 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/yarrow-test.c (main): Updated test to match the fixed
key event estimator.
* yarrow_key_event.c (yarrow_key_event_estimate): Fixed handling
of timing info.
* nettle.texinfo (Copyright): Say that under certain
circumstances, Nettle can be used as if under the LGPL.
* README: Added a paragraph on copyright.
2001-11-15 Niels Möller <nisse@cuckoo.hack.org>
* yarrow256.c (yarrow256_force_reseed): New function.
2001-11-14 Niels Möller <nisse@ehand.com>
* testsuite/yarrow-test.c (main): Use yarrow256_is_seeded.
* yarrow256.c (yarrow256_needed_sources): New function.
(yarrow256_is_seeded): New function.
(yarrow256_update): Use yarrow256_needed_sources.
2001-11-14 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/yarrow-test.out: Updated, to match the seed-file aware
generator.
* testsuite/yarrow-test.c: Updated expected_output. Check the seed
file contents at the end.
* yarrow256.c (yarrow256_seed): New function.
(yarrow_fast_reseed): Create new seed file contents.
2001-11-13 Niels Möller <nisse@cuckoo.hack.org>
* yarrow.h: Deleted yarrow160 declarations.
2001-11-02 Niels Möller <nisse@ehand.com>
* yarrow256.c (yarrow256_init): Fixed order of code and
declarations.
2001-10-30 Niels Möller <nisse@ehand.com>
* rsa-compat.h: Added real prototypes and declarations.
* Makefile.am (libnettle_a_SOURCES): Added rsa-compat.h and
rsa-compat.c.
* rsa-compat.c: New file, implementing RSA ref signature and
verification functions.
* configure.in: Check for libgmp. Deleted tests for SIZEOF_INT and
friends.
* rsa_sha1.c: New file, PKCS#1 rsa-sha1 signatures.
* rsa_md5.c: New file, PKCS#1 rsa-md5 signatures.
* rsa.c: New file with general rsa functions.
* Makefile.am (libnettle_a_SOURCES): Added rsa and bignum files.
* bignum.c, bignum.h: New file, with base256 functions missing in
gmp.
* testsuite/Makefile.am: Added bignum-test.
* testsuite/run-tests (test_program): Check the exit code more
carefully, and treat 77 as skip. This convention was borrowed from
autotest.
* testsuite/macros.m4: New macro SKIP which exits with code 77.
* testsuite/bignum-test.m4: New file.
2001-10-15 Niels Möller <nisse@ehand.com>
* testsuite/Makefile.am (EXTRA_DIST): Include rfc1750.txt in the
distribution.
2001-10-14 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/des-test.m4: Added testcase taken from applied
cryptography.
* testsuite/yarrow-test.c: Use sha256 instead of sha1 for checking
input and output. Updated the expected values.
* yarrow256.c (YARROW_RESEED_ITERATIONS): New constant.
(yarrow_iterate): New function.
(yarrow_fast_reseed): Call yarrow_iterate.
* testsuite/yarrow-test.c: Added verbose flag, disabled by
default.
2001-10-12 Niels Möller <nisse@ehand.com>
* examples/nettle-benchmark.c: Added more ciphers.
* Makefile.am (SUBDIRS): Added the examples subdir.
* configure.in: Output examples/Makefile.
2001-10-12 Niels Möller <nisse@cuckoo.hack.org>
* examples/nettle-benchmark.c: New benchmarking program.
2001-10-10 Niels Möller <nisse@ehand.com>
* testsuite/yarrow-test.c: Open rfc1750.txt. Hash input and
output, and compare to expected values.
* testsuite/Makefile.am (CFLAGS): Don't disable optimization.
(run-tests): Set srcdir in the environment when running run-tests.
* testsuite/rfc1750.txt: Added this rfc as test input for yarrow.
* yarrow_key_event.c (yarrow_key_event_estimate): Check if
previous is zero.
(yarrow_key_event_init): Initialize previous to zero.
* yarrow256.c: Added debug some output.
* testsuite/yarrow-test.c (main): Better output of entropy
estimates at the end.
2001-10-09 Niels Möller <nisse@ehand.com>
* testsuite/Makefile.am (TS_PROGS): Added yarrow-test.
* testsuite/yarrow-test.c: New file.
* yarrow256.c (yarrow256_init): Initialize the sources.
(yarrow256_random): Fixed loop condition.
* yarrow.h (YARROW_KEY_EVENT_BUFFER): New constant.
* yarrow_key_event.c: New file.
* Makefile.am (libnettle_a_SOURCES): Added yarrow_key_event.c.
2001-10-08 Niels Möller <nisse@cuckoo.hack.org>
* yarrow.h (struct yarrow_key_event_ctx): New struct.
* yarrow256.c (yarrow_fast_reseed): Generate two block of output
using the old key and feed into the pool.
* yarrow.h (struct yarrow256_ctx): Deleted buffer, index and
block_count.
* yarrow256.c (yarrow_fast_reseed): New function.
(yarrow_slow_reseed): New function.
(yarrow256_update): Check seed/reseed thresholds.
(yarrow_gate): New function, extracted from
yarrow_generate_block_with_gate which was deleted.
(yarrow_generate_block_with_gate): Deleted function.
(yarrow256_random): Don't buffer any output, instead gate after
each request.
(YARROW_GATE_THRESHOLD): Deleted constant.
2001-10-07 Niels Möller <nisse@cuckoo.hack.org>
* Makefile.am: Added yarrow files.
* yarrow256.c: New file, implementing Yarrow. Work in progress.
* sha256.c: New file, implementing sha256.
* testsuite/Makefile.am (CFLAGS): Added sha256-test.
* testsuite/sha256-test.m4: New testcases for sha256.
* shadata.c: New file, for generating sha256 constants.
* sha.h: Renamed sha1.h to sha.h, and added declarations for
sha256.
2001-10-05 Niels Möller <nisse@ehand.com>
* testsuite/aes-test.m4: Added a comment with NIST test vectors.
2001-10-04 Niels Möller <nisse@ehand.com>
* rsa.h, rsa-compat.h, yarrow.h: New files.
2001-09-25 Niels Möller <nisse@cuckoo.hack.org>
* Released version 1.0.
2001-09-25 Niels Möller <nisse@ehand.com>
* sha1.c: Include stdlib.h, for abort.
* md5.c: Include string.h, for memcpy.
* testsuite/Makefile.am (M4_FILES): New variable. Explicitly list
those C source files that should be generated by m4.
* configure.in: Changed package name from "libnettle" to "nettle".
* Makefile.am (EXTRA_DIST): Added .bootstrap.
* AUTHORS: Added a reference to the manual.
2001-09-25 Niels Möller <nisse@lysator.liu.se>
* des-compat.c (des_cbc_cksum): Bug fix, local variable was
declared in the middle of a block.
2001-09-19 Niels Möller <nisse@cuckoo.hack.org>
* nettle.texinfo (Compatibility functions): New section,
mentioning md5-compat.h and des-compat.h.
2001-09-18 Niels Möller <nisse@ehand.com>
* index.html: New file.
2001-09-16 Niels Möller <nisse@cuckoo.hack.org>
* nettle.texinfo: Added description of des3. Minor fixes.
* testsuite/des-compat-test.c (cbc_data): Shorten to 32 bytes (4
blocks), the last block of zeroes wasn't used anyway.
* des-compat.c (des_compat_des3_decrypt): Decrypt in the right
order.
(des_ncbc_encrypt): Bug fixed.
(des_cbc_encrypt): Rewritten as a wrapper around des_ncbc_encrypt.
2001-09-14 Niels Möller <nisse@ehand.com>
* testsuite/des-compat-test.c: New file, copied from libdes
(freeswan). All implemented functions but des_cbc_cksum seems to
work now.
* testsuite/Makefile.am (TS_PROGS): Added des-compat-test.
* des-compat.c: Added libdes typedef:s. Had to remove all use of
const in the process.
(des_check_key): New global variable, checked by des_set_key.
* des.c (des_set_key): Go on and expand the key even if it is
weak.
* des-compat.c (des_cbc_cksum): Implemented.
(des_key_sched): Fixed return values.
2001-09-11 Niels Möller <nisse@cuckoo.hack.org>
* Makefile.am: Added des-compat.c and des-compat.h
* des-compat.c: Bugfixes, more functions implemented.
* des-compat.h: Define DES_ENCRYPT and DES_DECRYPT. Bugfixes.
2001-09-10 Niels Möller <nisse@ehand.com>
* nettle.texinfo (Copyright): Added copyright information for
serpent.
(Miscellaneous functions): Started writing documentation on the CBC
functions.
(Cipher Block Chaining): This section more or less complete now.
2001-09-09 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/cbc-test.m4: Record intermediate values in a comment.
* testsuite/des3-test.m4: Likewise.
* testsuite/aes-test.m4: Added test case that appeared broken in
the cbc test.
* cbc.c (cbc_encrypt): Bug fix, encrypt block *after* XOR:ing the
iv.
* Makefile.am (libnettleinclude_HEADERS): Added cbc.h. Deleted
des3.h.
(libnettle_a_SOURCES): Added des3.c.
* testsuite/Makefile.am (TS_PROGS): Added des3-test and cbc-test.
* testsuite/cbc-test.m4: New testcase.
* testsuite/des3-test.m4: New testcase.
* cbc.h (CBC_CTX): New macro.
(CBC_ENCRYPT): New macro.
(CBC_DECRYPT): New macro.
* des.c (des_fix_parity): New function.
* des3.c: New file, implementing triple des.
2001-09-06 Niels Möller <nisse@cuckoo.hack.org>
* cbc.c, cbc.h: New files, for general CBC encryption.
* des-compat.h: Added some prototypes.
2001-09-05 Niels Möller <nisse@ehand.com>
* testsuite/Makefile.am (TS_PROGS): Added md5-compat-test.
* README: Copied introduction from the manual.
* configure.in: Bumped version to 1.0.
* Makefile.am (libnettleinclude_HEADERS): Added missing includes.
(libnettle_a_SOURCES): Added md5-compat.c and md5-compat.h.
* md5-compat.c, md5-compat.h: New files, implementing an RFC
1321-style interface.
2001-09-02 Niels Möller <nisse@cuckoo.hack.org>
* twofish.c (twofish_decrypt): Fixed for();-bug in the block-loop.
Spotted by Jean-Pierre.
(twofish_encrypt): Likewise.
2001-07-03 Niels Möller <nisse@ehand.com>
* testsuite/testutils.c: Include string.h.
* twofish.c: Include string.h.
2001-06-17 Niels Möller <nisse@lysator.liu.se>
* Makefile.am (des_headers): Dont use $(srcdir)/-prefixes as that
seems to break with GNU make 3.79.1.
* testsuite/testutils.c, testsuite/testutils.h: Use <inttypes.h>,
not <stdint.h>.
Include <stdlib.h>.
2001-06-17 Niels Möller <nisse@cuckoo.hack.org>
* Use <inttypes.h>, not <stdint.h>.
* blowfish.h (BLOWFISH_MAX_KEY_SIZE): Fixed, should be 56.
* Fixed copyright notices.
* Makefile.am (libnettle_a_SOURCES): Added desinfo.h and
desCode.h.
(info_TEXINFOS): Added manual.
(EXTRA_DIST): Added nettle.html.
(%.html): Added rule for building nettle.html.
* nettle.texinfo: New manual.
* configure.in: Bumped version to 0.2.
* testsuite/Makefile.am (TS_PROGS): Added cast128 test.
* Added CAST128.
* testsuite/serpent-test.m4: Added a few rudimentary tests
extracted from the serpent package.
* twofish.c: Adapted to nettle. Made constant tables const.
Deleted bytes_to_word and word_to_bytes; use LE_READ_UINT32 and
LE_WRITE_UINT32 instead.
(twofish_selftest): Deleted. Moved the tests to the external
testsuite.
(twofish_set_key): Don't silently truncate too large keys.
* sha1.c (sha1_update): Use unsigned for length.
* serpent.c (serpent_set_key): Read the key backwards. Fixed
padding (but there are no test vectors for key_size not a multiple
of 4).
(serpent_encrypt): Read and write data in the strange order used
by the reference implementation.
(serpent_decrypt): Likewise.
* macros.h (FOR_BLOCKS): New macro, taken from lsh.
* blowfish.h (struct blowfish_ctx): Use a two-dimensional array
for s.
* blowfish.c (initial_ctx): Arrange constants into a struct, to
simplify key setup.
(F): Deleted all but one definitions of the F function/macro.
Added a context argument, and use that to find the subkeys.
(R): Added context argument, and use that to find the subkeys.
(blowfish_set_key): Some simplification.
(encrypt): Deleted code for non-standard number of rounds. Deleted
a bunch of local variables. Using the context pointer for
everything should consume less registers.
(decrypt): Likewise.
* Makefile.am (libnettle_a_SOURCES): Added twofish.
2001-06-16 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/blowfish-test.m4: Fixed test.
* Added twofish implementation.
* blowfish.h (struct blowfish_ctx): Use the correct size for the p
array.
2001-06-15 Niels Möller <nisse@ehand.com>
* testsuite/blowfish-test.m4: Fixed testcase, use correct key
length.
* Makefile.am (libnettle_a_SOURCES): Added blowfish files.
($(des_headers)): Strip directory part when passing file name to
desdata.
* testsuite/blowfish-test.m4: Added one test, from GNUPG.
* Created blowfish.c and blowfish.h (from GNUPG via LSH). Needs
more work.
* aes.h: Fixed copyright notice to not mention GNU MP. XXX: Review
all nettle copyrights.
* testsuite/Makefile.am (TS_PROGS): Added tests for twofish and
blowfish.
2001-06-13 Niels Möller <nisse@ehand.com>
* Makefile.am (libnettle_a_SOURCES): Added serpent files.
2001-06-12 Niels Möller <nisse@cuckoo.hack.org>
* des.c (des_encrypt, des_decrypt): Assert that the key setup was
successful.
* testsuite/Makefile.am (TS_PROGS): Added tests for des and sha1.
* testsuite/sha1-test.m4: New file.
* testsuite/des-test.m4: New file.
* Added sha1 files.
* Added desCore files.
* Makefile.am: Added desCore and sha1.
2001-04-17 Niels Möller <nisse@cuckoo.hack.org>
* install-sh: Copied the standard install script.
* testsuite/Makefile.am (CFLAGS): Disable optimization. Add
$(top_srcdir) to the include path.
(EXTRA_DIST): Added testutils.h, testutils.c and run-tests.
(run-tests): Fixed path to run-tests.
* Makefile.am (EXTRA_DIST): Added memxor.h.
(libnettleinclude_HEADERS): Install headers in
$(libnettleincludedir).
2001-04-13 Niels Möller <nisse@cuckoo.hack.org>
* Initial checkin.
Generated by dwww version 1.15 on Sat May 18 09:47:05 CEST 2024.