+ 2014-01-20 Niels Möller <nisse@lysator.liu.se>
+
++ Merged poly1305-changes (starting at 2013-11-08).
+ * x86_64/poly1305-internal.asm: Update to new interface.
+ poly1305_digest much simplified.
+
+ * poly1305.h (struct poly1305_ctx): Moved block and index
+ fields...
+ (struct poly1305_aes_ctx): ... to here.
+ * asm.m4: Delete also from the assembly definition of struct
+ poly1305_ctx.
+
+ * poly1305-internal.c (poly1305_digest): Don't do final padding
+ here, leave that to caller. Add digest to the provided nonce s,
+ and deleted length and dst arguments. Also reset h0-h4 to zero
+ when done.
+ (_poly1305_block): Renamed, from...
+ (poly1305_block): ...old name.
+
+ * poly1305-aes.c (poly1305_aes_update): New function.
+ (poly1305_aes_digest): Update for poly1305_digest changes, do
+ final padding here.
+
+ * poly1305.c (poly1305_update): Deleted file and function. Moved
+ to poly1305-aes.c.
+ * Makefile.in (nettle_SOURCES): Deleted poly1305.c.
+
+ 2014-01-17 Niels Möller <nisse@lysator.liu.se>
+
+ * poly1305-internal.c (poly1305_block): Additional argument with
+ the high bit.
+ (poly1305_block_internal): Deleted function, code moved into the
+ poly1305_block.
+ (poly1305_digest): Simplified padding code, call poly1305_block
+ with high bit 0.
+ * poly1305.h (poly1305_block): Update prototype.
+ * poly1305.c (poly1305_update): Call poly1305_block with high bit 1.
+ * x86_64/poly1305-internal.asm (poly1305_block): Handle new
+ argument.
+
+ * poly1305.h (struct poly1305_ctx): Moved nonce field from here...
+ (struct poly1305_aes_ctx): ... to here.
+ * poly1305-aes.c (poly1305_aes_set_nonce, poly1305_aes_digest):
+ Updated for above.
+ * poly1305.c (poly1305_set_nonce): Deleted function.
+ * asm.m4: Delete nonce also from the assembly definition of struct
+ poly1305_ctx.
+
+ 2014-01-16 Niels Möller <nisse@lysator.liu.se>
+
+ * poly1305-aes.c: Include poly1305.c. Rewrite functions without
+ using the POLY1305_* macros.
+
+ * Makefile.in (HEADERS): Deleted poly1305-aes.h.
+
+ * poly1305.h (POLY1305_CTX, POLY1305_SET_KEY, POLY1305_SET_NONCE)
+ (POLY1305_DIGEST): Deleted macros. Only implemented variant is
+ poly1305-aes.
+ (POLY1305_DIGEST_SIZE, POLY1305_BLOCK_SIZE, POLY1305_KEY_SIZE):
+ New constants.
+ (POLY1305_AES_KEY_SIZE, POLY1305_AES_DIGEST_SIZE): Moved here,
+ from poly1305-aes.h.
+ (struct poly1305_aes_ctx): Likewise.
+ (poly1305_aes_set_key, poly1305_aes_set_nonce)
+ (poly1305_aes_update, poly1305_aes_digest): Likewise.
+ * poly1305-aes.h: Deleted file, declarations moved to poly1305.h.
+ Update all users.
+
+ * poly1305-internal.c (s2, s3, s4): Fixed macros.
+
+ * poly1305-aes.h (struct poly1305_aes_ctx): Replace struct aes_ctx
+ by struct aes128_ctx.
+ * poly1305-aes.c (poly1305_aes_set_key, poly1305_aes_digest):
+ Update to use aes128_* functions.
+ * poly1305.h (POLY1305_SET_KEY): Drop key size argument when
+ calling set_key.
+
+ 2013-12-19 Niels Möller <nisse@lysator.liu.se>
+
+ * poly1305-aes.h (poly1305_aes_update): Define as an alias for
+ poly1305_update, using preprocessor and a type cast.
+
+ * poly1305-aes.c (poly1305_aes_update): Deleted function.
+
+ * poly1305.h (poly1305_update): Declare.
+ (_POLY1305_BLOCK, POLY1305_UPDATE): Deleted macros.
+
+ * poly1305.c (poly1305_update): New function.
+
+ 2013-11-21 Niels Möller <nisse@lysator.liu.se>
+
+ * x86_64/poly1305-internal.asm: New file. Almost a factor of two
+ speedup.
+
+ * configure.ac (asm_replace_list): Added poly1305-internal.asm.
+
+ * asm.m4: Define struct ffsets for 64-bit poly1305_ctx.
+
+ * poly1305.h (POLY1305_DIGEST): Pass the encrypted nonce as an
+ additional argument to poly1305_digest.
+ (struct poly1305_ctx): Introduce unions, to support either 26-bit
+ or 64-bit implementation.
+
+ * poly1305-internal.c (poly1305_digest): Added s argument.
+
+ * poly1305.c (poly1305_set_s): Deleted function.
+
+ 2013-11-12 Niels Möller <nisse@lysator.liu.se>
+
+ * poly1305-internal.c: New file, for poly1305 functions depending
+ on the internal mod (2^130 - 5) representation.
+ (poly1305_block_internal): New helper function.
+ (poly1305_block, poly1305_digest): Use it.
+
+ 2013-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * poly1305.h: New file.
+ * poly1305.c: New file.
+ * poly1305-aes.h: New file.
+ * poly1305-aes.c: New file.
+ * Makefile.in (nettle_SOURCES): Added poly1305-aes.c and poly1305.c.
+ (HEADERS): Added poly1305-aes.h and poly1305.h.
+
+ * testsuite/poly1305-test.c: New file.
+ * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added poly1305-test.c.
+
+ * examples/nettle-benchmark.c (time_poly1305_aes): New function.
+ (main): Benchmark poly1305.
+
+2014-01-20 Niels Möller <nisse@lysator.liu.se>
+
+ * Makefile.in (nettle_SOURCES): Added salsa20-set-nonce.c,
+ salsa20-128-set-key.c, and salsa20-256-set-key.c.
+
+ * salsa20.h: Declare new functions.
+ (SALSA20_128_KEY_SIZE, SALSA20_256_KEY_SIZE): New constants.
+ (salsa20_set_iv): Define as an alias for salsa20_set_nonce.
+
+ * salsa20-set-key.c (salsa20_set_key): Use salsa20_128_set_key and
+ salsa20_256_set_key.
+ (salsa20_set_iv): Renamed and moved...
+ * salsa20-set-nonce.c (salsa20_set_nonce): ... new file, new name.
+
+ * salsa20-256-set-key.c (salsa20_256_set_key): New file and
+ function.
+ * salsa20-128-set-key.c (salsa20_128_set_key): New file and
+ function.
+
+2014-01-13 Niels Möller <nisse@lysator.liu.se>
+
+ * nettle-types.h (union nettle_block16): New type, replacing union
+ gcm_block.
+ * gcm.h (union gcm_block): Deleted. Replaced by nettle_block16.
+ * gcm.c: Replaced all use of gcm_block by nettle_block16.
+
+2014-01-04 Niels Möller <nisse@lysator.liu.se>
+
+ * config.guess: Updated to 2014-01-01 version, from
+ git://git.sv.gnu.org/config.git.
+ * config.sub: Likewise.
+
+ * testsuite/memxor-test.c [HAVE_VALGRIND_MEMCHECK_H] (test_mark):
+ New function.
+ (test_memxor, test_memxor3): Use test_mark to tell valgrind the
+ start and end of src and destination areas.
+
+ * configure.ac: Check for valgrind/memcheck.h.
+
+ * testsuite/Makefile.in (VALGRIND): Added --partial-loads-ok=yes,
+ needed for the way unaligned data is handled in, e.g., memxor.
+
+2014-01-03 Niels Möller <nisse@lysator.liu.se>
+
+ * shadata.c (main): Zero-pad output values to 8 hex digits.
+ * sha256.c (K): Updated table.
+
+2013-12-17 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac (ASM_RODATA): New substituted variable. Needed for
+ portability to darwin.
+ * config.m4.in: Define RODATA, using configure variable ASM_RODATA
+ * x86_64/gcm-hash8.asm: Use RODATA macro.
+
+ * bignum-random-prime.c (_nettle_generate_pocklington_prime): Use
+ stronger variants of Pocklington's theorem, to allow p0 of size
+ down to bits/3.
+
+2013-12-15 Niels Möller <nisse@lysator.liu.se>
+
+ * nettle-internal.h (NETTLE_MAX_BIGNUM_BITS)
+ (NETTLE_MAX_BIGNUM_SIZE): Deleted arbitrary limits.
+
+2013-12-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+ Introduced TMP_GMP_ALLOC macro for temporary allocations of
+ potentially large data, e.g, sized as an RSA key.
+ * gmp-glue.h (TMP_GMP_DECL, TMP_GMP_ALLOC, TMP_GMP_FREE): New
+ macros.
+ * gmp-glue.c (gmp_alloc, gmp_free): New functions.
+ * bignum-next-prime.c (nettle_next_prime): Use TMP_GMP_ALLOC.
+ * bignum-random.c (nettle_mpz_random_size): Likewise.
+ * pkcs1-decrypt.c (pkcs1_decrypt): Likewise.
+ * pkcs1-encrypt.c (pkcs1_encrypt): Likewise.
+ * pkcs1-rsa-digest.c (pkcs1_rsa_digest_encode): Likewise.
+ * pkcs1-rsa-sha512.c (pkcs1_rsa_sha512_encode)
+ (pkcs1_rsa_sha512_encode_digest): Likewise.
+ * pkcs1-rsa-sha256.c (pkcs1_rsa_sha256_encode)
+ (pkcs1_rsa_sha256_encode_digest): Likewise.
+ * pkcs1-rsa-sha1.c (pkcs1_rsa_sha1_encode)
+ (pkcs1_rsa_sha1_encode_digest): Likewise.
+ * pkcs1-rsa-md5.c (pkcs1_rsa_md5_encode)
+ (pkcs1_rsa_md5_encode_digest): Likewise.
+
+2013-12-14 Niels Möller <nisse@lysator.liu.se>
+
+ * x86_64/gcm-hash8.asm: Use .short rather than .hword, for
+ compatibility with apple's assembler.
+
+2013-12-03 Niels Möller <nisse@lysator.liu.se>
+
+ * x86_64/sha1-compress.asm: Reorganized, to get closer to the x86
+ version. No difference in running time.
+
+ * configure.ac (dummy-dep-files): Don't overwrite any existing
+ dependency files.
+
+ * x86_64/md5-compress.asm: New file, similar to the x86 version.
+ 35% speedup on AMD, 15% speedup on Intel.
+
+2013-11-25 Niels Möller <nisse@lysator.liu.se>
+
+ * testsuite/dsa-test.c (test_main): Additional tests from NIST
+ test vectors.
+
+ * testsuite/testutils.c (test_dsa_sign, test_dsa_verify): New
+ functions, supporting arbitrary digest size.
+
+ * testsuite/testutils.h (ASSERT): Improved failure message.
+
+ * dsa-verify.c (dsa_verify): Renamed, from _dsa_verify.
+ * dsa-sign.c (dsa_sign): Renamed, from _dsa_sign.
+
+2013-11-24 Niels Möller <nisse@lysator.liu.se>
+
+ * testsuite/dsa-keygen-test.c (test_main): Test generating a
+ key with 224-bit q.
+
+ * dsa-verify.c (_dsa_verify): Use _dsa_hash.
+
+ * dsa-sign.c (_dsa_sign): Use _dsa_hash. Fix memory leak in
+ error case, spotted by Nikos.
+
+ * dsa-keygen.c (dsa_generate_keypair): Allow q_bits == 224.
+
+ * dsa-hash.c (_dsa_hash): New file and function. Allows digest
+ sizes not matching the bitsize of q.
+ * dsa.h (_dsa_hash): Declare it.
+ * Makefile.in (hogweed_SOURCES): Added dsa-hash.c.
+
+2013-11-23 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac: Check also for openssl/ecdsa.h.
+
2013-10-05 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (nettle_SOURCES): Added eax.c.
--- /dev/null
-/* Optional, if not used, messages get incrementing nonces starting from zero. */
+ /* poly1305.h
+ *
+ * Poly1305 message authentication code.
+ */
+
+ /* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Nikos Mavrogiannopoulos
+ * Copyright (C) 2013, 2014 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+ #ifndef NETTLE_POLY1305_H_INCLUDED
+ #define NETTLE_POLY1305_H_INCLUDED
+
+ #include "aes.h"
+
+ #ifdef __cplusplus
+ extern "C" {
+ #endif
+
+ /* Name mangling */
+ #define poly1305_set_key nettle_poly1305_set_key
+ #define poly1305_digest nettle_poly1305_digest
+ #define _poly1305_block _nettle_poly1305_block
+
+ #define poly1305_aes_set_key nettle_poly1305_aes_set_key
+ #define poly1305_aes_set_nonce nettle_poly1305_aes_set_nonce
+ #define poly1305_aes_update nettle_poly1305_aes_update
+ #define poly1305_aes_digest nettle_poly1305_aes_digest
+
+ /* Low level functions/macros for the poly1305 construction. */
+
+ #define POLY1305_DIGEST_SIZE 16
+ #define POLY1305_BLOCK_SIZE 16
+ #define POLY1305_KEY_SIZE 16
+
+ struct poly1305_ctx {
+ /* Key, 128-bit value and some cached multiples. */
+ union
+ {
+ uint32_t r32[6];
+ uint64_t r64[3];
+ } r;
+ uint32_t s32[3];
+ /* State, represented as words of 26, 32 or 64 bits, depending on
+ implementation. */
+ /* High bits first, to maintain alignment. */
+ uint32_t hh;
+ union
+ {
+ uint32_t h32[4];
+ uint64_t h64[2];
+ } h;
+ };
+
+ /* Low-level internal interface. */
+ void poly1305_set_key(struct poly1305_ctx *ctx, const uint8_t key[POLY1305_KEY_SIZE]);
+ /* Extracts digest, and adds it to s, the encrypted nonce. */
+ void poly1305_digest (struct poly1305_ctx *ctx, uint8_t *s);
+ /* Internal function. Process one block. */
+ void _poly1305_block (struct poly1305_ctx *ctx, const uint8_t m[POLY1305_BLOCK_SIZE],
+ unsigned high);
+
+ /* poly1305-aes */
+
+ #define POLY1305_AES_KEY_SIZE 32
+ #define POLY1305_AES_DIGEST_SIZE 16
+ #define POLY1305_AES_NONCE_SIZE 16
+
+ struct poly1305_aes_ctx
+ {
+ /* Keep aes context last, to make it possible to use a general
+ poly1305_update if other variants are added. */
+ struct poly1305_ctx pctx;
+ uint8_t block[POLY1305_BLOCK_SIZE];
+ unsigned index;
+ uint8_t nonce[POLY1305_BLOCK_SIZE];
+ struct aes128_ctx aes;
+ };
+
+ /* Also initialize the nonce to zero. */
+ void
+ poly1305_aes_set_key (struct poly1305_aes_ctx *ctx, const uint8_t *key);
+
++/* Optional, if not used, messages get incrementing nonces starting
++ from zero. */
+ void
+ poly1305_aes_set_nonce (struct poly1305_aes_ctx *ctx,
+ const uint8_t *nonce);
+
+ /* Update is not aes-specific, but since this is the only implemented
+ variant, we need no more general poly1305_update. */
+ void
+ poly1305_aes_update (struct poly1305_aes_ctx *ctx, size_t length, const uint8_t *data);
+
+ /* Also increments the nonce */
+ void
+ poly1305_aes_digest (struct poly1305_aes_ctx *ctx,
+ size_t length, uint8_t *digest);
+
+ #ifdef __cplusplus
+ }
+ #endif
+
+ #endif /* NETTLE_POLY1305_H_INCLUDED */
projects / thirdparty / nettle.git / commitdiff
