From: Niels Möller Date: Tue, 21 Jan 2014 13:24:59 +0000 (+0100) Subject: Merge branch 'camellia-reorg' into master. X-Git-Tag: nettle_3.0_release_20140607~167 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=38597d4e07b8b8bc3ca621652852198b90b1e911;p=thirdparty%2Fnettle.git Merge branch 'camellia-reorg' into master. --- 38597d4e07b8b8bc3ca621652852198b90b1e911 diff --cc ChangeLog index 5c9ac8ae,0409cab2..7a038811 --- a/ChangeLog +++ b/ChangeLog @@@ -1,271 -1,56 +1,328 @@@ ++2014-01-21 Niels Möller ++ ++ Merged camellia-reorg changes (starting at 2013-10-07). ++ + 2013-10-10 Niels Möller + + * Makefile.in (nettle_SOURCES): Updated list of camellia files. + + * testsuite/camellia-test.c (test_invert): Updated for new + camellia interface. + + * camellia.h: Reorganized camellia interface, with distinct + context structs and functions for camellia128 and camellia256. + + * camellia-meta.c: Deleted file. + * camellia256-meta.c: New file. + * camellia192-meta.c: New file. + * camellia128-meta.c: New file. + + * camellia-set-decrypt-key.c: Deleted file, code moved to: + * camellia128-set-decrypt-key.c: New file. + (camellia128_invert_key, camellia128_set_decrypt_key): New + functions. + * camellia256-set-decrypt-key.c: New file. + (camellia256_invert_key, camellia256_set_decrypt_key) + (camellia192_set_decrypt_key): New functions. + * camellia-invert-key.c (_camellia_invert_key): New file and + function. + + * camellia-set-encrypt-key.c: Deleted file, code moved to: + * camellia128-set-encrypt-key.c: New file. + (camellia128_set_encrypt_key): New function. + * camellia256-set-encrypt-key.c: New file. + (_camellia256_set_encrypt_key, camellia256_set_encrypt_key) + (camellia192_set_encrypt_key): New functions. + * camellia-absorb.c (_camellia_absorb): New file and function. + * camellia-internal.h: Moved key schedule macros here. + + * camellia-crypt.c: Deleted file, code moved to: + * camellia128-crypt.c (camellia128_crypt): New file and function. + * camellia256-crypt.c (camellia256_crypt): New file and function. + + 2013-10-07 Niels Möller + + * configure.ac: Delete check for ALIGNOF_UINT64_T, no longer + needed. + * config.m4.in: Likewise delete ALIGNOF_UINT64_T. + + * camellia-crypt.c (camellia_crypt): Updated call to + _camellia_crypt. + * camellia-internal.h (_camellia_crypt): Updated prototype. + * camellia-crypt-internal.c (_camellia_crypt): Take separate + arguments for rounds and subkey array. + * x86_64/camellia-crypt-internal.asm: Likewise. Also corrected + .file pseudo-ops. + * x86/camellia-crypt-internal.asm: Likewise. + +2014-01-20 Niels Möller + + * poly1305-internal.c (poly1305_digest): Use union nettle_block16 + for s argument. + * poly1305-aes.c (poly1305_aes_digest): Update for poly1305_digest + change. + + Merged poly1305 changes (starting at 2013-11-08). + * x86_64/poly1305-internal.asm: Update to new interface. + poly1305_digest much simplified. + + * poly1305.h (struct poly1305_ctx): Moved block and index + fields... + (struct poly1305_aes_ctx): ... to here. + * asm.m4: Delete also from the assembly definition of struct + poly1305_ctx. + + * poly1305-internal.c (poly1305_digest): Don't do final padding + here, leave that to caller. Add digest to the provided nonce s, + and deleted length and dst arguments. Also reset h0-h4 to zero + when done. + (_poly1305_block): Renamed, from... + (poly1305_block): ...old name. + + * poly1305-aes.c (poly1305_aes_update): New function. + (poly1305_aes_digest): Update for poly1305_digest changes, do + final padding here. + + * poly1305.c (poly1305_update): Deleted file and function. Moved + to poly1305-aes.c. + * Makefile.in (nettle_SOURCES): Deleted poly1305.c. + +2014-01-17 Niels Möller + + * poly1305-internal.c (poly1305_block): Additional argument with + the high bit. + (poly1305_block_internal): Deleted function, code moved into the + poly1305_block. + (poly1305_digest): Simplified padding code, call poly1305_block + with high bit 0. + * poly1305.h (poly1305_block): Update prototype. + * poly1305.c (poly1305_update): Call poly1305_block with high bit 1. + * x86_64/poly1305-internal.asm (poly1305_block): Handle new + argument. + + * poly1305.h (struct poly1305_ctx): Moved nonce field from here... + (struct poly1305_aes_ctx): ... to here. + * poly1305-aes.c (poly1305_aes_set_nonce, poly1305_aes_digest): + Updated for above. + * poly1305.c (poly1305_set_nonce): Deleted function. + * asm.m4: Delete nonce also from the assembly definition of struct + poly1305_ctx. + +2014-01-16 Niels Möller + + * poly1305-aes.c: Include poly1305.h. Rewrite functions without + using the POLY1305_* macros. + + * Makefile.in (HEADERS): Deleted poly1305-aes.h. + + * poly1305.h (POLY1305_CTX, POLY1305_SET_KEY, POLY1305_SET_NONCE) + (POLY1305_DIGEST): Deleted macros. Only implemented variant is + poly1305-aes. + (POLY1305_DIGEST_SIZE, POLY1305_BLOCK_SIZE, POLY1305_KEY_SIZE): + New constants. + (POLY1305_AES_KEY_SIZE, POLY1305_AES_DIGEST_SIZE): Moved here, + from poly1305-aes.h. + (struct poly1305_aes_ctx): Likewise. + (poly1305_aes_set_key, poly1305_aes_set_nonce) + (poly1305_aes_update, poly1305_aes_digest): Likewise. + * poly1305-aes.h: Deleted file, declarations moved to poly1305.h. + Update all users. + + * poly1305-internal.c (s2, s3, s4): Fixed macros. + + * poly1305-aes.h (struct poly1305_aes_ctx): Replace struct aes_ctx + by struct aes128_ctx. + * poly1305-aes.c (poly1305_aes_set_key, poly1305_aes_digest): + Update to use aes128_* functions. + * poly1305.h (POLY1305_SET_KEY): Drop key size argument when + calling set_key. + +2013-12-19 Niels Möller + + * poly1305-aes.h (poly1305_aes_update): Define as an alias for + poly1305_update, using preprocessor and a type cast. + + * poly1305-aes.c (poly1305_aes_update): Deleted function. + + * poly1305.h (poly1305_update): Declare. + (_POLY1305_BLOCK, POLY1305_UPDATE): Deleted macros. + + * poly1305.c (poly1305_update): New function. + +2013-11-21 Niels Möller + + * x86_64/poly1305-internal.asm: New file. Almost a factor of two + speedup. + + * configure.ac (asm_replace_list): Added poly1305-internal.asm. + + * asm.m4: Define struct ffsets for 64-bit poly1305_ctx. + + * poly1305.h (POLY1305_DIGEST): Pass the encrypted nonce as an + additional argument to poly1305_digest. + (struct poly1305_ctx): Introduce unions, to support either 26-bit + or 64-bit implementation. + + * poly1305-internal.c (poly1305_digest): Added s argument. + + * poly1305.c (poly1305_set_s): Deleted function. + +2013-11-12 Niels Möller + + * poly1305-internal.c: New file, for poly1305 functions depending + on the internal mod (2^130 - 5) representation. + (poly1305_block_internal): New helper function. + (poly1305_block, poly1305_digest): Use it. + +2013-11-08 Nikos Mavrogiannopoulos + + * poly1305.h: New file. + * poly1305.c: New file. + * poly1305-aes.h: New file. + * poly1305-aes.c: New file. + * Makefile.in (nettle_SOURCES): Added poly1305-aes.c and poly1305.c. + (HEADERS): Added poly1305-aes.h and poly1305.h. + + * testsuite/poly1305-test.c: New file. + * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added poly1305-test.c. + + * examples/nettle-benchmark.c (time_poly1305_aes): New function. + (main): Benchmark poly1305. + +2014-01-20 Niels Möller + + * Makefile.in (nettle_SOURCES): Added salsa20-set-nonce.c, + salsa20-128-set-key.c, and salsa20-256-set-key.c. + + * salsa20.h: Declare new functions. + (SALSA20_128_KEY_SIZE, SALSA20_256_KEY_SIZE): New constants. + (salsa20_set_iv): Define as an alias for salsa20_set_nonce. + + * salsa20-set-key.c (salsa20_set_key): Use salsa20_128_set_key and + salsa20_256_set_key. + (salsa20_set_iv): Renamed and moved... + * salsa20-set-nonce.c (salsa20_set_nonce): ... new file, new name. + + * salsa20-256-set-key.c (salsa20_256_set_key): New file and + function. + * salsa20-128-set-key.c (salsa20_128_set_key): New file and + function. + +2014-01-13 Niels Möller + + * nettle-types.h (union nettle_block16): New type, replacing union + gcm_block. + * gcm.h (union gcm_block): Deleted. Replaced by nettle_block16. + * gcm.c: Replaced all use of gcm_block by nettle_block16. + +2014-01-04 Niels Möller + + * config.guess: Updated to 2014-01-01 version, from + git://git.sv.gnu.org/config.git. + * config.sub: Likewise. + + * testsuite/memxor-test.c [HAVE_VALGRIND_MEMCHECK_H] (test_mark): + New function. + (test_memxor, test_memxor3): Use test_mark to tell valgrind the + start and end of src and destination areas. + + * configure.ac: Check for valgrind/memcheck.h. + + * testsuite/Makefile.in (VALGRIND): Added --partial-loads-ok=yes, + needed for the way unaligned data is handled in, e.g., memxor. + +2014-01-03 Niels Möller + + * shadata.c (main): Zero-pad output values to 8 hex digits. + * sha256.c (K): Updated table. + +2013-12-17 Niels Möller + + * configure.ac (ASM_RODATA): New substituted variable. Needed for + portability to darwin. + * config.m4.in: Define RODATA, using configure variable ASM_RODATA + * x86_64/gcm-hash8.asm: Use RODATA macro. + + * bignum-random-prime.c (_nettle_generate_pocklington_prime): Use + stronger variants of Pocklington's theorem, to allow p0 of size + down to bits/3. + +2013-12-15 Niels Möller + + * nettle-internal.h (NETTLE_MAX_BIGNUM_BITS) + (NETTLE_MAX_BIGNUM_SIZE): Deleted arbitrary limits. + +2013-12-15 Nikos Mavrogiannopoulos + + Introduced TMP_GMP_ALLOC macro for temporary allocations of + potentially large data, e.g, sized as an RSA key. + * gmp-glue.h (TMP_GMP_DECL, TMP_GMP_ALLOC, TMP_GMP_FREE): New + macros. + * gmp-glue.c (gmp_alloc, gmp_free): New functions. + * bignum-next-prime.c (nettle_next_prime): Use TMP_GMP_ALLOC. + * bignum-random.c (nettle_mpz_random_size): Likewise. + * pkcs1-decrypt.c (pkcs1_decrypt): Likewise. + * pkcs1-encrypt.c (pkcs1_encrypt): Likewise. + * pkcs1-rsa-digest.c (pkcs1_rsa_digest_encode): Likewise. + * pkcs1-rsa-sha512.c (pkcs1_rsa_sha512_encode) + (pkcs1_rsa_sha512_encode_digest): Likewise. + * pkcs1-rsa-sha256.c (pkcs1_rsa_sha256_encode) + (pkcs1_rsa_sha256_encode_digest): Likewise. + * pkcs1-rsa-sha1.c (pkcs1_rsa_sha1_encode) + (pkcs1_rsa_sha1_encode_digest): Likewise. + * pkcs1-rsa-md5.c (pkcs1_rsa_md5_encode) + (pkcs1_rsa_md5_encode_digest): Likewise. + +2013-12-14 Niels Möller + + * x86_64/gcm-hash8.asm: Use .short rather than .hword, for + compatibility with apple's assembler. + +2013-12-03 Niels Möller + + * x86_64/sha1-compress.asm: Reorganized, to get closer to the x86 + version. No difference in running time. + + * configure.ac (dummy-dep-files): Don't overwrite any existing + dependency files. + + * x86_64/md5-compress.asm: New file, similar to the x86 version. + 35% speedup on AMD, 15% speedup on Intel. + +2013-11-25 Niels Möller + + * testsuite/dsa-test.c (test_main): Additional tests from NIST + test vectors. + + * testsuite/testutils.c (test_dsa_sign, test_dsa_verify): New + functions, supporting arbitrary digest size. + + * testsuite/testutils.h (ASSERT): Improved failure message. + + * dsa-verify.c (dsa_verify): Renamed, from _dsa_verify. + * dsa-sign.c (dsa_sign): Renamed, from _dsa_sign. + +2013-11-24 Niels Möller + + * testsuite/dsa-keygen-test.c (test_main): Test generating a + key with 224-bit q. + + * dsa-verify.c (_dsa_verify): Use _dsa_hash. + + * dsa-sign.c (_dsa_sign): Use _dsa_hash. Fix memory leak in + error case, spotted by Nikos. + + * dsa-keygen.c (dsa_generate_keypair): Allow q_bits == 224. + + * dsa-hash.c (_dsa_hash): New file and function. Allows digest + sizes not matching the bitsize of q. + * dsa.h (_dsa_hash): Declare it. + * Makefile.in (hogweed_SOURCES): Added dsa-hash.c. + +2013-11-23 Niels Möller + + * configure.ac: Check also for openssl/ecdsa.h. + 2013-10-05 Niels Möller * Makefile.in (nettle_SOURCES): Added eax.c. diff --cc config.m4.in index da57e253,52db8d29..bcfb95e5 --- a/config.m4.in +++ b/config.m4.in @@@ -4,9 -4,7 +4,8 @@@ define(, <@ASM_ELF_STYLE@>)d define(, <@ASM_TYPE_FUNCTION@>)dnl define(, <@ASM_TYPE_PROGBITS@>)dnl define(, <@ASM_ALIGN_LOG@>)dnl - define(, <@ALIGNOF_UINT64_T@>)dnl define(, <@W64_ABI@>)dnl +define(, <@ASM_RODATA@>)dnl divert(1) @ASM_MARK_NOEXEC_STACK@ divert diff --cc configure.ac index d54e91d3,7f1e9cb0..6c4b1d28 --- a/configure.ac +++ b/configure.ac @@@ -629,12 -617,8 +629,8 @@@ AC_TYPE_UID_ AC_TYPE_SIZE_T AC_HEADER_TIME AC_CHECK_SIZEOF(long) - AC_CHECK_ALIGNOF(uint64_t) - - ALIGNOF_UINT64_T="$ac_cv_alignof_uint64_t" - AC_SUBST(ALIGNOF_UINT64_T) -AC_CHECK_HEADERS([openssl/blowfish.h openssl/des.h openssl/cast.h openssl/aes.h],, +AC_CHECK_HEADERS([openssl/blowfish.h openssl/des.h openssl/cast.h openssl/aes.h openssl/ecdsa.h],, [enable_openssl=no break])