671 lines
42 KiB
Plaintext
671 lines
42 KiB
Plaintext
Nov 28th, 2002
|
|
v0.78 -- Made the default ARGCHK macro a function call instead which reduced the code size from 264KB to 239KB.
|
|
-- Fixed a bug in the XTEA keysize function which called ARGCHK incorrectly.
|
|
-- Added Noekeon block cipher at 2,800 bytes of object code and 345Mbit/sec it is a welcome addition.
|
|
-- Made the KR code check if the other PK systems are included [provides error when building otherwise].
|
|
-- Made "aes" an alias for Rijndael via a pre-processor macro. Now you can use "aes_ecb_encrypt", etc... :-)
|
|
Thanks to Jean-Luc Cooke for the "buzzword conformance" suggestion.
|
|
-- Removed the old PK code entirely (e.g. rsa_sign, dh_encrypt). The *_sign_hash and *_encrypt_key functions
|
|
are all that is to remain.
|
|
-- **NOTE** Changed the PK *_import (including the keyring) routine to accept a "inlen" parameter. This fixes a
|
|
bug where improperly made key packets could result in reading passed the end of the buffer. This means
|
|
the code is no longer source compatible but still binary compatible.
|
|
-- Fixed a few other minor bugs in the PK import code while I was at it.
|
|
|
|
Nov 26th, 2002
|
|
v0.77 -- Updated the XTEA code to use pre-computed keys. With optimizations for speed it achieves 222Mbit/sec
|
|
compared to the 121Mbit/sec before. It is 288 bytes bigger than before.
|
|
-- Cleaned up some of the ciphers and hashes (coding style, cosmetic changes)
|
|
-- Optimized AES slightly for 256-bit keys [only one if statement now, still two for 192-bit keys]
|
|
-- Removed most test cases from Blowfish, left three of them there. Makes it smaller and faster to test.
|
|
-- Changed the primality routines around. I now use 8 rounds of Rabin-Miller, I use 256 primes in the sieve
|
|
step and the "rand_prime" function uses a modified sieve that avoids alot of un-needed bignum work.
|
|
-- Fixed a bug in the ECC/DH signatures where the keys "setting" value was not checked for validity. This means
|
|
that a invalid value could have caused segfaults, etc...
|
|
-- **NOTE** Changed the way the ECC/DH export/import functions work. They are source but not binary compatible
|
|
with v0.76. Essentially insteading of exporting the setting index like before I export the key size. Now
|
|
if you ever re-configure which key settings are supported the lib will still be able to make use of your
|
|
keys.
|
|
-- Optimized Blowfish by inlining the round function, unrolling it for four rounds then using a for loop for the
|
|
rest. It achieves a rate of 425Mbit/sec with the new code compared to 314Mbit/sec before. The new blowfish
|
|
object file is 7,813 bytes compared to 8,663 before and is 850 bytes smaller. So the code is both smaller and
|
|
faster!
|
|
-- Optimized Twofish as well by inlining the round function. Gets ~400Mbit/sec compared to 280Mbit/sec before
|
|
and the code is only 78 bytes larger than the previous copy.
|
|
-- Removed SMALL_PRIME_TAB build option. I use the smaller table always.
|
|
-- Fixed some mistakes concerning prime generation in the manual.
|
|
-- [Note: sizes/speeds are for GCC 3.2 on an x86 Athlon XP @ 1.53Ghz]
|
|
|
|
Nov 25th, 2002
|
|
v0.76 -- Updated makefiles a bit more, use "-Os" instead of "-O2" to optimize for size. Got the lib
|
|
downto 265KB using GCC 3.2 on my x86 box.
|
|
-- Updated the SAFER+, Twofish and Rijndael test vector routine to use the table driven design.
|
|
-- Updated all other test vector routines to return as soon as an error is found
|
|
-- fixed a bug in the test program where errors in the hash test routines would not be reported
|
|
correctly. I found this by temporarily changing one of the bytes of the test vectors. All the
|
|
hashes check out [the demos/test.c would still have reported an error, just the wrong one].
|
|
|
|
|
|
Nov 24th, 2002
|
|
v0.75 -- Fixed a flaw in hash_filehandle, it should ARGCHK that the filehandle is not NULL
|
|
-- Fixed a bug where in hash_file if the call to hash_filehandle failed the open file would
|
|
not be closed.
|
|
-- Added more strict rules to build process, starting to weed out "oh this works in GCC" style code
|
|
In the next release "-Wconversion" will be enabled which will deal with all implicit casts.
|
|
|
|
Nov 22nd, 2002 [later in the day]
|
|
v0.74 -- Wrote a small variant of SAFER+ which shaved 50KB off the size of the library on x86 platforms
|
|
-- Wrote a build option to remove the PK packet functions [keeps the encrypt_key/sign_hash functions]
|
|
-- Wrote a small variant of Rijndael (trimmed 13KB)
|
|
-- Trimmed the TIGER/192 hash function a bit
|
|
-- Overall the entire lib compiled is 295KB [down from 400KB before]
|
|
-- Fixed a few minor oversights in the MSVC makefile
|
|
|
|
Nov 22nd, 2002
|
|
v0.73 -- Fixed bug in RC4 code where it could only use 255 byte keys.
|
|
-- Fixed bug in yarrow code where it would allow cast5 or md2 to be used with it...
|
|
-- Removed the ecc compress/expand points from the global scope. Reduces namespace polution
|
|
-- Fixed bug where if you used the SPRNG you couldn't pass NULL as your prng_state which you should be
|
|
able todo since the SPRNG has no state...
|
|
-- Corrected some oversights in the manual and the examples...
|
|
-- By default the GF(2^W) math library is excluded from the build. The source is maintained because I wrote it
|
|
and like it :-). This way the built library is a tad smaller
|
|
-- the MSVC makefile will now build for a SPACE optimized library rather than TIME optimized.
|
|
|
|
Nov 21th, 2002
|
|
v0.72 -- Fixed bug in the prime testing. In the Miller-Rabin test I was raising the base to "N-1" not "r".
|
|
The math still worked out fine because in effect it was performing a Fermat test. Tested the new code and it
|
|
works properly
|
|
-- Fixed some of the code where it was still using the old error syntax
|
|
-- Sped up the RSA decrypt/sign routines
|
|
-- Optimized the ecc_shared_secret routine to not use so much stack
|
|
-- Fixed up the makefile to make releases where the version # is in the file name and directory it will unzip
|
|
to
|
|
|
|
Nov 19th, 2002
|
|
v0.71 -- HELP TOM. I need tuition for the January semester. Now I don't want to force donations [nor will I ever]
|
|
but I really need the help! See my website http://tom.iahu.ca/help_tom.html for more details. Please help
|
|
if you can!
|
|
--------------------------------------------------------------------------------------------------------------
|
|
-- Officially the library is no longer supported in GCC 3.2 in windows [cygwin].
|
|
In windows you can either use GCC 2.95.3 or try your luck with 3.2 It seems that
|
|
"-fomit-frame-pointer" is broken in the windows build [but not the linux x86 build???]
|
|
If you simply must use 3.2 then I suggest you limit the optimizations to simply "-O2"
|
|
-- Started new error handling API. Similar to the previous except there are more error codes than just
|
|
CRYPT_ERROR
|
|
-- Added my implementation of the MD2 hash function [despite the errors in the RFC I managed to get it right!]
|
|
-- Merged in more changes from Sky Schulz. I have to make mention here that he has been a tremendous help in
|
|
getting me motivated to make some much needed updates to the library!
|
|
-- Fixed one of the many mistakes in the manual as pointed out by Daniel Richards
|
|
-- Fixed a bug in the RC4 code [wasn't setting up the key correctly]
|
|
-- Added my implementation of the CAST5 [aka CAST-128] block cipher (conforms...)
|
|
-- Fixed numerous bugs in the PK code. Essentially I was "freeing" keys when the import failed. This is neither
|
|
required nor a good a idea [double free].
|
|
-- Tom needs a job.
|
|
-- Fixed up the test harness as requested by Sky Schulz. Also modifed the timing routines to run for X seconds
|
|
and count # of ops performed. This is more suitable than say encrypting 10 million blocks on a slow processor
|
|
where it could take minutes!
|
|
-- Modified test programs hashsum/encrypt to use the new algorithms and error handling syntax
|
|
-- Removed the PKCS code since it was incomplete. In the future I plan on writing a "add-on" library that
|
|
provides PKCS support...
|
|
-- updated the config system so the #defines are in the makefiles instead of mycrypt_cfg.h
|
|
-- Willing to work on an hourly basis for 15$ CDN per hour.
|
|
-- updated the test program to not test ciphers not included
|
|
-- updated the makefile to make "rsa_sys.c" a dependency of rsa.o [helps develop the code...]
|
|
-- fixed numerous failures to detect buffer overflows [minor] in the PK code.
|
|
-- fixed the safer [64-bit block version] test routines which didn't check the returns of the setup
|
|
function
|
|
-- check out my CV at http://tom.iahu.ca/cv.html
|
|
-- removed the GBA makefile and code from demos/test.c [not a particularly useful demo...]
|
|
-- merged in rudimentary [for testing] PS2 RNG from Sky Schulz
|
|
-- merged in PS2 timer code [only shell included due to NDA reasons...]
|
|
-- updated HMAC code to return errors where possible
|
|
-- Thanks go to Sky Schulz who bought me a RegCode for TextPad [the official editor of libtomcrypt]
|
|
|
|
Nov 12th, 2002
|
|
v0.70 -- Updated so you can swap out the default malloc/calloc/free routines at build time with others. (Sky Schulz)
|
|
-- Sky Schulz contributed some code towards autodetecting the PS2 in mycrypt_cfg.h
|
|
-- Added PS2 makefile contributed by Sky Schulz [see a pattern forming?]
|
|
-- Added ability to have no FILE I/O functions at all (see makefile), Sky Schulz....
|
|
-- Added support for substituting out the clock() function (Sky Schulz)
|
|
-- Fixed up makefile to include new headers in the HEADERS variable
|
|
-- Removed "coin.c" as its not really useful anyways
|
|
-- Removed many "debug" printfs that would show up on failures. Basically I wanted to ensure the only output
|
|
would be from the developer themselves.
|
|
-- Added "rc4.c" a RC4 implementation with a PRNG interface. Since RC4 isn't a block cipher it wouldn't work
|
|
too well as a block cipher.
|
|
-- Fixed ARGCHK macro usage when ARGTYPE=1 throughout the code
|
|
-- updated makefile to make subdirectory properly (Sku Schulz)
|
|
-- Started towards new API setup. Instead of checking for "== CRYPT_ERROR" you should check "!= CRYPT_OK"
|
|
In future releases functions will return things other than CRYPT_ERROR on error to give more useful
|
|
thread safe error reporting. The manual will be updated to reflect this. For this release all
|
|
errors are returned as CRYPT_ERROR (except as noted) but in future releases this will change.
|
|
-- Removed the zlib branch since its not really required anyways. Makes the package smaller
|
|
|
|
Nov 11th, 2002
|
|
v0.69 -- Added ARGCHK (see mycrypt_argchk.h) "arguement checking" to all functions that accept pointers
|
|
-- Note I forgot to change the CRYPT version tag in v0.68... fixed now.
|
|
|
|
Nov 8th, 2002
|
|
v0.68 -- Fixed flaw in kr_import/kr_export that wasted 4 bytes. Source but not binary compatible with v0.67
|
|
-- Fixed bug in kr_find_name that used memcmp to match strings. Uses strncmp now.
|
|
-- kr_clear now sets the pointer to NULL to facilate debugging [e.g. using the keyring after clearing]
|
|
-- static functions in _write/_read in keyring.c now check the return of ctr_encrypt/ctr_decrypt.
|
|
-- Updated blowfish/rc2/rc5/rc6 keysize() function to not reject keys larger than the biggest key the
|
|
respective ciphers can use.
|
|
-- Fixed a bug in hashsum demo that would report the hash for files that don't exist!
|
|
|
|
Oct 16th, 2002
|
|
v0.67 -- Moved the function prototypes into files mycrypt_*.h. To "install" the lib just copy all the
|
|
header files "*.h" from the base of this project into your global include path.
|
|
-- Made the OFB/CFB/CTR functions use "unsigned long" for the length instead of "int"
|
|
-- Added keyring support for the PK functions
|
|
-- ***API CHANGE*** changed the ecc_make_key and dh_make_key to act more like rsa_make_key. Basically
|
|
move the first argument to the next to last.
|
|
-- Fixed bug in dh_test() that wouldn't test the primality of the order of the sub-group
|
|
-- replaced the primes in the DH code with new ones that are larger than the size they are
|
|
associated with. That is a 1024-bit DH key will have a 1025-bit prime as the modulus
|
|
-- cleaned up all the PK code, changed a bit of the API around [not source compatible with v0.66]
|
|
-- major editing of the manual, started Docer program
|
|
-- added 160 and 224 bit key settings for ECC. This makes the DH and ECC binary wise incompatible with v0.66
|
|
-- Added an additional check for memory errors in is_prime() and cleaned up prime.c a bit
|
|
-- Removed ID_TAG from all files [meh, not a big fan...]
|
|
-- Removed unused variable from yarrow state and made AES/SHA256 the default cipher/hash combo
|
|
-- Fixed a bug in the Yarrow code that called prng_is_valid instead of cipher_is_valid from yarrow_start()
|
|
-- The ECB/CBC/OFB/CFB/CTR wrappers now check that the cipher is valid in the encrypt/decrypt calls
|
|
Returns int now instead of void.
|
|
|
|
Sept 24th, 2002
|
|
v0.66 -- Updated the /demos/test.c program to time the hashes correctly. Also it uses the yarrow PRNG for all of the
|
|
tests meaning its possible to run on RNG less platforms
|
|
-- Updated the /demos/hashsum.c program to hash from the standard input
|
|
-- Updated the RSA code to make keys a bit quicker [update by Wayne Scott] by not making both primes at the same
|
|
time.
|
|
-- Dan Kaminsky suggested some cleanups for the code and the MPI config
|
|
Code ships in unix LF format by default now too... will still build in MSVC and all... but if you want
|
|
to read the stuff you'll have to convert it
|
|
-- Changes to the manual to reflect new API [e.g. hash_memory/file have v0.65 prototypes]and some typos fixed
|
|
|
|
Sept 20th, 2002
|
|
v0.65 -- Wayne Scott (wscott@bitmover.com) made a few of suggestions to improve the library. Most
|
|
importantly he pointed out the math lib is not really required. He's also tested the lib on 18
|
|
different platforms. According to him with only a few troubles [lack of /dev/random, etc] the
|
|
library worked as it was supposed to. You can find the list at
|
|
http://www.bitkeeper.com/Products.BitKeeper.Platforms.html
|
|
-- Updated the hash_file and hash_memory functions to keep track of the size of the output
|
|
-- Wayne Scott updated the demos/test.c file to use the SPRNG less and Yarrow more
|
|
-- Modified the mycrypt_cfg.h to autodetect x86-32 machines
|
|
|
|
Sept 19th, 2002
|
|
v0.64 -- wrote makefile for the GBA device [and hacked the demos/test.c file to support it conditionally]
|
|
-- Fixed error in PK (e.g. ECC, RSA, DH) import functions where I was clobbering the packet error messages
|
|
-- fixed more typos in the manual
|
|
-- removed all unused variables from the core library (ignore the ID_TAG stuff)
|
|
-- added "const char *crypt_build_settings" string which is a build time constant that gives a listing
|
|
of all the build time options. Useful for debugging since you can send that to me and I will know what
|
|
exactly you had set for the mycrypt_cfg.h file.
|
|
-- Added control over endianess. Out of the box it defaults to endianess neutral but you can trivially
|
|
configure the library for your platform. Using this I boosted RC5 from 660Mbit/sec to 785Mbit/sec on my
|
|
Athlon box. See "mycrypt_cfg.h" for more information.
|
|
|
|
Sept 11th, 2002
|
|
v0.63 -- Made hashsum demo output like the original md5sum program
|
|
-- Made additions to the examples in the manual (fixed them up a bunch)
|
|
-- Merged in the base64 code from Wayne Scott (wscott@bitmover.com)
|
|
|
|
Aug 29th, 2002
|
|
v0.62 -- Added the CLEAN_STACK functionality to several of the hashes I forgot to update.
|
|
|
|
Aug 9th, 2002
|
|
v0.61 -- Fixed a bug in the DES code [oops I read something wrong].
|
|
|
|
Aug 8th, 2002
|
|
v0.60 -- Merged in DES code [and wrote 3DES-EDE code based on it] from Dobes V.
|
|
|
|
Aug 7th, 2002
|
|
v0.59 -- Fixed a "unsigned long long" bug that caused v0.58 not to build in MSVC.
|
|
-- Cleaned up a little in the makefile
|
|
-- added code that times the hash functions too in the test program
|
|
|
|
Aug 3rd, 2002
|
|
v0.58 -- Added more stack cleaning conditionals throughout the code.
|
|
-- corrected some CLEAR_STACK conditionals... should have been CLEAN_STACK
|
|
-- Simplified the RSA, DH and ECC encrypt() routines where they use CTR to encode the message
|
|
now they only make one call to ctr_encrypt()/ctr_decrypt().
|
|
|
|
Aug 2nd, 2002
|
|
v0.57 -- Fixed a few errors messages in the SAFER code to actually report the correct cipher name.
|
|
-- rsa_encrypt() uses the "keysize()" method of the cipher being used to more accurately pick a
|
|
key size. By default rsa_encrypt() will choose to use a 256-bit key but the cipher can turn that
|
|
down if required.
|
|
-- The rsa_exptmod() function will now more reliably detect invalid inputs (e.g. greater than the modulus).
|
|
-- The padding method for RSA is more clearly documented. Namely if you want to encrypt/sign something of length
|
|
N then your modulus must be of length 1+3N. So to sign a message with say SHA-384 [48 bytes] you need a
|
|
145 byte (1160 bits) modulus. This is all in the manual now.
|
|
-- Added build option CLEAN_STACK which will allow you to choose whether you want to clean the stack or not after every
|
|
cipher/hash call
|
|
-- Sped up the hash "process()" functions by not copying one byte at a time.
|
|
++ (added just after I uploaded...)
|
|
MD4 process() now handles input buffers > 64 bytes
|
|
|
|
Aug 1st, 2002
|
|
v0.56 -- Cleaned up the comments in the Blowfish code.
|
|
-- Oh yeah, in v0.55 I made all of the descriptor elements constant. I just forgot to mention it.
|
|
-- fixed a couple of places where descriptor indexes were tested wrong. Not a huge bug but now its harder
|
|
to mess up.
|
|
-- Added the SAFER [64-bit block] ciphers K64, SK64, K128 and SK128 to the library.
|
|
-- Added the RC2 block cipher to the library.
|
|
-- Changed the SAFER define for the SAFER+ cipher to SAFERP so that the new SAFER [64-bit] ciphers
|
|
can use them with less confusion.
|
|
|
|
July 29th, 2002
|
|
v0.55 -- My god stupid Blowfish has yet again been fixed. I swear I hate that cipher. Next bug in it and boom its out of the
|
|
library. Use AES or something else cuz I really hate Blowfish at this stage....
|
|
-- Partial PKCS support [hint DONT USE IT YET CUZ ITS UNTESTED!]
|
|
|
|
July 19th, 2002
|
|
v0.54 -- Blowfish now conforms to known test vectors. Silly bad coding tom!
|
|
-- RC5/RC6/Serpent all have more test vectors now [and they seemed to have been working before]
|
|
|
|
July 18th, 2002
|
|
v0.53 -- Added more test vectors to the blowfish code just for kicks [and they are const now too :-)]
|
|
-- added prng/hash/cipher is_valid functions and used them in all of the PK code so you can't enter the code
|
|
with an invalid index ever now.
|
|
-- Simplified the Yarrow code once again :-)
|
|
|
|
July 12th, 2002
|
|
v0.52 -- Fixed a bug in MD4 where the hash descriptor ID was the same as SHA-512. Now MD4 will work with
|
|
all the routines...
|
|
-- Fixed the comments in SHA-512 to be a bit more meaningful
|
|
-- In md4 I made the PADDING array const [again to store it in ROM]
|
|
-- in hash_file I switched the constant "512" to "sizeof(buf)" to be a bit safer
|
|
-- in SHA-1's test routine I fixed the string literal to say SHA-1 not sha1
|
|
-- Fixed a logical error in the CTR code which would make it skip the first IV value. This means
|
|
the CTR code from v0.52 will be incompatible [binary wise] with previous releases but it makes more
|
|
sense this way.
|
|
-- Added {} braces for as many if/for/blocks of code I could find. My rule is that every for/if/while/do block
|
|
must have {} braces around it.
|
|
-- made the rounds table in saferp_setup const [again for the ROM think about the ROM!]
|
|
-- fixed RC5 since it no longer requires rc5 to be registered in the lib. It used to since the descriptors used to
|
|
be part of the table...
|
|
-- the packet.c code now makes crypt_error literal string errors when an error occurs
|
|
-- cleaned up the SAFER+ key schedule to be a bit easier to read.
|
|
-- fixed a huge bug in Twofish with the TWOFISH_SMALL define. Because I clean the stack now I had
|
|
changed the "g_func()" to be called indirectly. I forgot to actually return the return of the Twofish
|
|
g_func() function which caused it not to work... [does now :-)]
|
|
|
|
July 11th, 2002
|
|
v0.51 -- Fixed a bug in SHA512/384 code for multi-block messages.
|
|
-- Added more test vectors to the SHA384/512 and TIGER hash functions
|
|
-- cleaned up the hash done routines to make more sense
|
|
|
|
July 10th, 2002
|
|
v0.50 -- Fixed yarrow.c so that the cipher/hash used would be registered. Also fixed
|
|
a bug where the SAFER+ name was "safer" but should have been "safer+".
|
|
-- Added an element to the hash descriptors that gives the size of a block [sent into the compressor]
|
|
-- Cleaned up the support for HMAC's
|
|
-- Cleaned up the test vector routines to make the test vector data const. This means on some platforms it will be
|
|
placed in ROM not RAM now.
|
|
-- Added MD4 code submited by Dobes Vandermeer (dobes@smartt.com)
|
|
-- Added "burn_stack" function [idea taken from another source of crypto code]. The idea is if a function has
|
|
alot of variables it will clean up better. Functions like the ecb serpent and twofish code will now have their
|
|
stacks cleaned and the rest of the code is getting much more straightforward.
|
|
-- Added a hashing demo by Daniel Richards (kyhwana@world-net.co.nz)
|
|
-- I (Tom) modified some of the test vector routines to use more vectors ala Dobes style.
|
|
For example, the MD5/SHA1 code now uses all of the test vectors from the RFC/FIPS spec.
|
|
-- Fixed the register/unregister functions to properly report errors in crypt_error
|
|
-- Correctly updated yarrow code to remove a few unused variables.
|
|
-- Updated manual to fix a few erroneous examples.
|
|
-- Added section on Hash based Message Authentication Codes (HMAC) to the manual
|
|
|
|
June 19th, 2002
|
|
v0.46 -- Added in HMAC code from Dobes Vandermeer (dobes@smartt.com)
|
|
|
|
June 8th, 2002
|
|
v0.45 -- Fixed bug in rc5.c where if you called rc5_setup() before registering RC5 it would cause
|
|
undefined behaviour.
|
|
-- Fixed mycrypt_cfg.h to eliminate the 224 bit ECC key.
|
|
-- made the "default" makefile target have depends on mycrypt.h and mycrypt_cfg.h
|
|
|
|
Apr 4th, 2002
|
|
v0.44 -- Fixed bug in ecc.c::new_point() where if the initial malloc fails it would not catch it.
|
|
|
|
Mar 22nd, 2002
|
|
v0.43 -- Changed the ZLIB code over to the 1.1.4 code base to avoid the "double free" bug.
|
|
-- Updated the GCC makefile not to use -O3 or -funroll-loops
|
|
-- Version tag in mycrypt.h has been updated :-)
|
|
|
|
Mar 10th, 2002
|
|
v0.42 -- The RNG code can now use /dev/urandom before trying /dev/random (J. Klapste)
|
|
|
|
Mar 3rd, 2002
|
|
v0.41 -- Added support to link and use ciphers at compile time. This can greatly reduce the code size!
|
|
-- Added a demo to show off how small an application can get... 46kb!
|
|
-- Disastry pointed out that Blowfish is supposed to be high endian.
|
|
-- Made registry code for the PRNGs as well [now the smallest useable link is 43kb]
|
|
|
|
Feb 11th, 2002
|
|
v0.40 -- RSA signatures use [and check for] fixed padding scheme.
|
|
-- I'm developing in Linux now :-)
|
|
-- No more warnings from GCC 2.96
|
|
|
|
Feb 5th, 2002
|
|
v0.39 -- Updated the XTEA code to work in accordance with the XTEA design
|
|
|
|
January 24th, 2002
|
|
v0.38 -- CFB and OFB modes can now handle blocks of variable size like the CTR code
|
|
-- Wrote a wrapper around the memory compress functions in Zlib that act like the functions
|
|
in the rest of my crypto lib
|
|
|
|
January 23rd, 2002
|
|
v0.37 -- Added support code so that if a hash size and key size for a cipher don't match up they will
|
|
use the next lower key supported. (mainly for the PK code). So you can now use SHA-1 with
|
|
Twofish, etc...
|
|
-- Added more options for Twofish. You can now tell it to use precomputed sboxes and MDS multiplications
|
|
This will speed up the TWOFISH_SMALL implementation by increasing the code size by 1024 bytes.
|
|
-- Fixed a bug in prime.c that would not use the correct table if you undefined SMALL_PRIME_TAB
|
|
-- Fixed all of the PK packet code to use the same header format [see packet.c]. This makes the PK code
|
|
binary wise incompatible with previous releases while the API has not changed at all.
|
|
|
|
January 22nd, 2002
|
|
v0.36 -- Corrections to the manual
|
|
-- Made a modification to Twofish which lets you build a "small ram" variant. It requires
|
|
about 190 bytes of ram for the key storage compared to the 4,200 bytes the normal
|
|
variant requires.
|
|
-- Reduced the stack space used in all of the PK routines.
|
|
|
|
January 19th, 2002
|
|
v0.35 -- If you removed the first hash or cipher from the library it wouldn't return an error if
|
|
you used an ID=0 [i.e blowfish or sha256] in any routine. Now it checks for that and will
|
|
return an error like it should
|
|
-- Merged in new routines from Clay Culver. These routines are for the PK code so you can easily
|
|
encode a symmetric key for multiple recipients.
|
|
-- Made the ecc and DH make_key() routines make secret keys of the same size as the keysize listed.
|
|
Originally I wanted to ensure that the keys were smaller than the order of the field used
|
|
However, the bias is so insignifcant using full sizes. For example, with a ECC-192 key the order
|
|
is about 2^191.99, so instead I rounded down and used a 184-bit secret key. Now I simply use a full 192-bit
|
|
key the code will work just the same except that some 192-bit keys will be duplicates which is not a big
|
|
deal since 1/2^192 is a very small bias!
|
|
-- Made the configuration a bit simpler and more exacting. You can for example now select which DH or ECC
|
|
key settings you wish to support without including the data for all other key settings. I put the #defines
|
|
in a new file called "mycrypt_cfg.h"
|
|
-- Configured "mpi-config.h" so its a bit more conservative with the memory required and code space used
|
|
-- Jason Klapste submitted bug fixes to the yarrow, hash and various other issues. The yarrow code will now
|
|
use what ever remaining hash/cipher combo is left [after you #undef them] at build time. He also suggested
|
|
a fix to remove unused structures from the symmetric_key and hash_state unions.
|
|
-- Made the CTR code handle variable length blocks better. It will buffer the encryption pad so you can
|
|
encrypt messages any size block at a time.
|
|
-- Simplified the yarrow code to take advantage of the new CTR code.
|
|
-- Added a 4096-bit DH key setting. That took me about 36 hours to find!
|
|
-- Changed the base64 routines to use a real base64 encoding scheme.
|
|
-- Added in DH and ECC "encrypt_key()" functions. They are still rather "beta"ish.
|
|
-- Added **Twofish** to the list of ciphers!
|
|
|
|
January 18th, 2002
|
|
v0.34 -- Added "sha512" to the list of hashes. Produces a 512-bit message digest. Note that with the current
|
|
padding with the rsa_sign() function you cannot use sha512 with a key less than 1536 bits for signatures.
|
|
-- Cleaned up the other hash functions to use the LOAD and STORE macros...
|
|
|
|
January 17th, 2002
|
|
v0.33 -- Made the lower limit on keysizes for RSA 1024 bits again because I realized that 768 bit keys wouldn't
|
|
work with the padding scheme and large symmetric keys.
|
|
-- Added information concerning the Zlib license to the manual
|
|
-- Added a 3072-bit key setting for the DH code.
|
|
-- Made the "find_xyz()" routines take "const char *" as per Clay Culver's suggestion.
|
|
-- Fixed an embarassing typo in the manual concerning the hashes. Thank's Clay for finding it!
|
|
-- Fixed rand_prime() so that it makes primes bigger than the setting you give. For example,
|
|
if you want a 1024-bit prime it would make a 1023-bit one. Now it ensures that the prime
|
|
it makes is always greater than 2^(8n) (n == bytes in prime). This doesn't have a huge
|
|
impact on security but I corrected it just the same.
|
|
-- Fixed the CTR routine to work on platforms where char != 8-bits
|
|
-- Fixed sha1/sha256/md5/blowfish to not assume "unsigned long == 32-bits", Basically any operation with carries
|
|
I "AND" with 0xFFFFFFFF. That forces only the lower 32-bits to have information in it. On x86 platforms
|
|
most compilers optimize out the AND operation since its a nop.
|
|
|
|
January 16th, 2002
|
|
v0.32 -- Made Rijndael's setup function fully static so it is thread safe
|
|
-- Svante Seleborg suggested a cosmetic style fixup for aes.c,
|
|
basically to remove some of the #defines to clean it up
|
|
-- Made the PK routines not export the ASCII version of the names of ciphers/hashes which makes
|
|
the PK message formats *incompatible* with previous releases.
|
|
-- Merge in Zlib :-)
|
|
|
|
|
|
January 15th, 2002
|
|
v0.31 -- The RSA routines can now use CRT to speed up decryption/signatures. The routines are backwards
|
|
compatible with previous releases.
|
|
-- Fixed another bug that Svante Seleborg found. Basically you could buffer-overrun the
|
|
rsa_exptmod() function itself if you're not careful. That's fixed now. Fixed another bug in
|
|
rsa_exptmod() where if it knows the buffer you passed is too small it wouldn't free all used
|
|
memory.
|
|
-- improved the readability of the PK import/export functions
|
|
-- Added a fix to RSA.C by Clay Culver
|
|
-- Changed the CONST64 macro for MSVC to use the "unsigned __int64" type, e.g. "ui64" instead of "i64".
|
|
|
|
January 14th, 2002
|
|
v0.30 -- Major change to the Yarrow PRNG code, fixed a bug that Eugene Starokoltsev found.
|
|
Basically if you added entropy to the pool in small increments it could in fact
|
|
cancel out. Now I hash the pool with the new data which is way smarter.
|
|
|
|
January 12th, 2002
|
|
v0.29 -- Added MPI code written by Svante Seleborg to the library. This will make the PK code much
|
|
easier to follow and debug. Actually I've already fixed a memory leak in dh_shared_secret().
|
|
-- Memory leaks found and correct in all three PK routines. The leaks would occur when a bignum
|
|
operation fails so it wouldn't normally turn up in the course of a program
|
|
-- Fixed bugs in dh_key_size and ecc_key_size which would return garbage for invalid key idx'es
|
|
|
|
January 11th, 2002
|
|
v0.28 -- Cleaned up some code so that it doesn't assume "char == 8bits". Mainly SAFER+ has been
|
|
changed.
|
|
-- ***HUGE*** changes in the PK code. I check all return values in the bignum code so if there
|
|
are errors [insufficient memory, etc..] it will be reported. This makes the code fairly more
|
|
robust and likely to catch any errors.
|
|
-- Updated the is_prime() function to use a new prototype [it can return errors now] and it also
|
|
does trial divisions against more primes before the Rabin Miller steps
|
|
-- Added OFB, CFB and ECB generic wrappers for the symmetric ciphers to round out the implementations.
|
|
-- Added Xtea to the list of ciphers, to the best of my ability I have verified this implementation.
|
|
I should note that there is not alot of concrete information about the cipher. "Ansi C" versions
|
|
I found did not address endianess and were not even portable!. This code is portable and to the
|
|
best of my knowledge implements the Xtea algorithm as per the [short] X-Tea paper.
|
|
-- Reformated the manual to include the **FULL** source code optimized to be pritable.
|
|
|
|
January 9th, 2002
|
|
v0.27 -- Changed the char constants to numerical values. It is backwards compatible and should work on
|
|
platforms where 'd' != 100 [for example].
|
|
-- Made a change to rand_prime() which takes the input length as a signed type so you can pass
|
|
a negative len to get a "3 mod 4" style prime... oops
|
|
-- changed the MSVC makefile to build with a warning level of three, no warnings!
|
|
|
|
January 8th, 2002
|
|
v0.26 -- updated SHA-256 to use ROR() for a rotate so 64-bit machines won't corrupt
|
|
the output
|
|
-- Changed #include <> to #include "" for local .h files as per Richard Heathfields' suggestions.
|
|
-- Fixed bug in MPI [well bug in MSVC] that compiled code incorrectly in mp_set_int()
|
|
I added a work around that catches the error and continues normally.
|
|
|
|
January 8th, 2002
|
|
v0.25 -- Added a stupid define so MSVC 6.00 can build the library.
|
|
-- Big thanks to sci.crypt and "Ajay K. Agrawal" for helping me port this to MSVC
|
|
|
|
January 7th, 2002
|
|
v0.24 -- Sped up Blowfish by unrolling and removing the swaps.
|
|
-- Made the code comply with more traditional ANSI C standards
|
|
Should compile with MSVC with less errors
|
|
-- moved the demos and documentation into their own directories
|
|
so you can easily build the library with other tool chains
|
|
by compiling the files in the root
|
|
-- converted functions with length of outputs to use
|
|
"unsigned long" so 16-bit platforms will like this library more.
|
|
|
|
January 5th, 2002
|
|
v0.23 -- Fixed a small error in the MPI config it should build fine anywhere.
|
|
|
|
January 4th, 2002
|
|
v0.22 -- faster gf_mul() code
|
|
-- gf_shl() and gf_shr() are safe on 64-bit platforms now
|
|
-- Fixed an error in the hashes that Brian Gladman found.
|
|
Basically if the message has exactly 56 bytes left to be
|
|
compressed I handled them incorrectly.
|
|
|
|
January 4th, 2002
|
|
v0.21 -- sped up the ECC code by removing redundant divisions in the
|
|
point add and double routines. I also extract the bits more
|
|
efficiently in "ecc_mulmod()" now.
|
|
-- sped up [and documented] the rand_prime() function. Now it just
|
|
makes a random integer and increments by two until a prime is found
|
|
This is faster since it doesn't require alot of calls to the PRNG and
|
|
it doesn't require loading huge integers over and over. rand_prime()
|
|
can also make primes congruent to 3 mod 4 [i.e for a blum integer]
|
|
-- added a gf_sqrt() function that finds square roots in a GF(2^w) field
|
|
-- fixed a bug in gf_div() that would return the wrong results if the divisor had a greator
|
|
divisor than the dividend.
|
|
|
|
January 4th, 2002
|
|
v0.20 -- Added the fixed MPI back in so RSA and DH are much faster again
|
|
|
|
v0.19 -- Updated the manual to reflect the fact that Brian Gladman wrote the AES and Serpent code.
|
|
-- DH, ECC and RSA signature/decryption functions check if the key is private
|
|
-- new DH signature/verification code works just like the RSA/ECC versions
|
|
|
|
January 3rd, 2002
|
|
v0.18 -- Added way more comments to each .C file
|
|
-- fixed a bug in cbc_decrypt(pt, ct, key) where pt == ct [i.e same buffer]
|
|
-- fixed RC5 so it reads the default rounds out of the cipher_descriptor table
|
|
-- cleaned up ecc_export()
|
|
-- Cleaned up dh_import() and ecc_import() which also perform more
|
|
error checking now
|
|
-- Fixed a serious flaw in rsa_import() with private keys.
|
|
|
|
January 2nd, 2002
|
|
v0.17 -- Fixed a bug in the random prime generator that fixes the wrong bits to one
|
|
-- ECC and DH code verify that the moduli and orders are in fact prime. That
|
|
slows down the test routines alot but what are you gonna do?
|
|
-- Fixed a huge bug in the mp_exptmod() function which incorrectly calculates g^x mod p for some
|
|
values of p. I replaced it with a slow function. Once the author of MPI fixes his faster routine
|
|
I will switch back.
|
|
|
|
January 1st, 2002 [whoa new year!]
|
|
v0.16 -- Improved GF division code that is faster.
|
|
-- documented the GF code
|
|
|
|
December 31st, 2001
|
|
v0.15 -- A 1792-bit and 2048-bit DH setting was added. Took me all night to
|
|
find a 1792 and 2048-bit strong prime but what the heck
|
|
-- Library now has polynomial-basis GF(2^w) routines I wrote myself. Can be used to perform
|
|
ECC over GF(2^w) later on....
|
|
-- Fixed a bug with the defines that allows it to build in windows
|
|
|
|
December 30th, 2001
|
|
v0.14 -- Fixed the xxx_encrypt() packet routines to make an IV of appropriate size
|
|
for the cipher used. It was defaulting to making a 256-bit IV...
|
|
-- base64_encode() now appends a NULL byte, um "duh" stupid mistake now fixed...
|
|
-- spell checked the manual again... :-)
|
|
|
|
December 30th, 2001
|
|
v0.13 -- Switching back to older copy of MPI since it works! arrg..
|
|
-- Added sign/verify functions for ECC
|
|
-- all signature verification routines default to invalid signatures.
|
|
-- Changed all calls to memset to zeromem. Fixed up some buffer problems
|
|
in other routines. All calls to zeromem let the compiler determine the size
|
|
of the data to wipe.
|
|
|
|
December 29th, 2001
|
|
v0.12 -- Imported a new version of MPI [the bignum library] that should
|
|
be a bit more stable [if you want to write your own bignum
|
|
routines with the library that is...]
|
|
-- Manual has way more info
|
|
-- hash_file() clears stack now [like it should]
|
|
-- The artificial cap on the hash input size of 2^32 bits has been
|
|
removed. Basically I was too lazy todo 64-bit math before
|
|
[don't ask why... I can't remember]. Anyways the hashes
|
|
support the size of 2^64 bits [if you ever use that many bits in a message
|
|
that's just wierd...]
|
|
-- The hashes now wipe the "hash_state" after the digest is computed. This helps
|
|
prevent the internal state of the hash being leaked accidently [i.e stack problems]
|
|
|
|
December 29th, 2001
|
|
v0.11 -- Made #define's so you can trim the library down by removing
|
|
ciphers, hashs, modes of operation, prngs, and even PK algorithms
|
|
For example, the library with rijndael+ctr+sha1+ECC is 91KB compared
|
|
to the 246kb the full library takes.
|
|
-- Added ECC packet routines for encrypt/decrypt/sign/verify much akin to
|
|
the RSA packet routines.
|
|
-- ECC now compresses the public key, a ECC-192 public key takes 33 bytes
|
|
for example....
|
|
|
|
December 28th, 2001
|
|
v0.10 -- going to restart the manual from scratch to make it more
|
|
clear and professional
|
|
-- Added ECC over Z/pZ. Basically provides as much as DH
|
|
except its faster since the numbers are smaller. For example,
|
|
A comparable 256-bit ECC key provides as much security as expected
|
|
from a DH key over 1024-bits.
|
|
-- Cleaned up the DH code to not export the symbol "sets[]"
|
|
-- Fixed a bug in the DH code that would not make the correct size
|
|
random string if you made the key short. For instance if you wanted
|
|
a 512-bit DH key it would make a 768-bit one but only make up 512-bits
|
|
for the exponent... now it makes the full 768 bits [or whatever the case
|
|
is]
|
|
-- Fixed another ***SERIOUS*** bug in the DH code that would default to 768-bit
|
|
keys by mistake.
|
|
|
|
December 25th, 2001
|
|
v0.09 -- Includes a demo program called file_crypt which shows off
|
|
how to use the library to make a command line tool which
|
|
allows the user to encode/decode a file with any
|
|
hash (on the passphrase) and cipher in CTR mode.
|
|
-- Switched everything to use typedef's now to clear up the code.
|
|
-- Added AES (128/192 and 256 bit key modes)
|
|
|
|
December 24th, 2001
|
|
v0.08 -- fixed a typo in the manual. MPI stores its bignums in
|
|
BIG endian not little.
|
|
-- Started adding a RNG to the library. Right now it tries
|
|
to open /dev/random and if that fails it uses either the
|
|
MS CSP or the clock drift RNG. It also allows callbacks
|
|
since the drift RNG is slow (about 3.5 bytes/sec)
|
|
-- the RNG can also automatically setup a PRNG as well now
|
|
|
|
v0.07 -- Added basic DH routines sufficient to
|
|
negotiate shared secrets
|
|
[see the manual for a complete example!]
|
|
-- Fixed rsa_import to detect when the input
|
|
could be corrupt.
|
|
-- added more to the manual.
|
|
|
|
December 22nd, 2001
|
|
v0.06 -- Fixed some formatting errors in
|
|
the hash functions [just source code cleaning]
|
|
-- Fixed a typo in the error message for sha256 :-)
|
|
-- Fixed an error in base64_encode() that
|
|
would fail to catch all buffer overruns
|
|
-- Test program times the RSA and symmetric cipher
|
|
routines for kicks...
|
|
-- Added the "const" modifier to alot of routines to
|
|
clear up the purpose of each function.
|
|
-- Changed the name of the library to "TomCrypt"
|
|
following a suggestion from a sci.crypt reader....
|
|
|
|
v0.05 -- Fixed the ROL/ROR macro to be safe on platforms
|
|
where unsigned long is not 32-bits
|
|
-- I have added a bit more to the documentation
|
|
manual "crypt.pdf" provided.
|
|
-- I have added a makefile for LCC-Win32. It should be
|
|
easy to port to other LCC platforms by changing a few lines.
|
|
-- Ran a spell checker over the manual.
|
|
-- Changed the header and library from "crypt" to "mycrypt" to not
|
|
clash with the *nix package "crypt".
|
|
|
|
v0.04 -- Fixed a bug in the RC5,RC6,Blowfish key schedules
|
|
where if the key was not a multiple of 4 bytes it would
|
|
not get loaded correctly.
|
|
|
|
December 21st, 2001
|
|
|
|
v0.03 -- Added Serpent to the list of ciphers.
|
|
|
|
v0.02 -- Changed RC5 to only allow 12 to 24 rounds
|
|
-- Added more to the manual.
|
|
|
|
v0.01 -- We will call this the first version.
|