diff options
Diffstat (limited to 'botan/doc')
73 files changed, 0 insertions, 12343 deletions
diff --git a/botan/doc/api.pdf b/botan/doc/api.pdf Binary files differdeleted file mode 100644 index a9939f2..0000000 --- a/botan/doc/api.pdf +++ /dev/null diff --git a/botan/doc/api.tex b/botan/doc/api.tex deleted file mode 100644 index 556e76a..0000000 --- a/botan/doc/api.tex +++ /dev/null @@ -1,3103 +0,0 @@ -\documentclass{article} - -\setlength{\textwidth}{6.5in} -\setlength{\textheight}{9in} - -\setlength{\headheight}{0in} -\setlength{\topmargin}{0in} -\setlength{\headsep}{0in} - -\setlength{\oddsidemargin}{0in} -\setlength{\evensidemargin}{0in} - -\title{\textbf{Botan API Reference}} -\author{} -\date{2009/2/19} - -\newcommand{\filename}[1]{\texttt{#1}} -\newcommand{\manpage}[2]{\texttt{#1}(#2)} - -\newcommand{\macro}[1]{\texttt{#1}} - -\newcommand{\function}[1]{\textbf{#1}} -\newcommand{\keyword}[1]{\texttt{#1}} -\newcommand{\type}[1]{\texttt{#1}} -\renewcommand{\arg}[1]{\textsl{#1}} -\newcommand{\namespace}[1]{\texttt{#1}} - -\newcommand{\url}[1]{\texttt{#1}} - -\newcommand{\ie}[0]{\emph{i.e.}} -\newcommand{\eg}[0]{\emph{e.g.}} - -\begin{document} - -\maketitle - -\tableofcontents - -\parskip=5pt - -\pagebreak -\section{Introduction} - -Botan is a C++ library that attempts to provide the most common -cryptographic algorithms and operations in an easy to use, efficient, -and portable way. It runs on a wide variety of systems, and can be -used with a number of different compilers. - -The base library is written in ISO C++, so it can be ported with -minimal fuss, but Botan also supports a modules system. This system -exposes system dependent code to the library through portable -interfaces, extending the set of services available to users. - -\subsection{Targets} - -Botan's primary targets (system-wise) are 32 and 64-bit CPUs, with a -flat memory address space of at least 32 bits. Generally, given the -choice between optimizing for 32-bit systems and 64-bit systems, Botan -is written to prefer 64-bit, simply on the theory that where -performance is a real concern, modern 64-bit processors are the -obvious choice. However in most cases this is not an issue, as many -algorithms are specified in terms of 32-bit operations precisely to -target commodity processors. - -Smaller handhelds, set-top boxes, and the bigger smart phones and smart -cards, are also capable of using Botan. However, Botan uses a fairly -large amount of code space (up to several megabytes, depending upon -the compiler and options used), which could be prohibitive in some -systems. Usage of RAM is fairly modest, usually under 64K. - -Botan's design makes it quite easy to remove unused algorithms in such -a way that applications do not need to be recompiled to work, even -applications that use the algorithms in question. They can simply ask -Botan if the algorithm exists, and if Botan says yes, ask the library -to give them such an object for that algorithm. - -\subsection{Why Botan?} - -Botan may be the perfect choice for your application. Or it might be a -terribly bad idea. This section will make clear what Botan is -and is not. - -First, let's cover the major strengths: - -\begin{list}{$\cdot$} - \item Support is (usually) quickly available on the project mailing lists. - Commercial support licenses are available for those that desire them. - - \item - \item Is written in a (fairly) clean object-oriented style, and the usual - API works in terms of reasonably high-level abstractions. - - \item Supports a huge variety of algorithms, including most of the major - public key algorithms and standards (such as IEEE 1363, PKCS, and - X.509v3). - - \item Supports a name-based lookup scheme, so you can get a hold of any - algorithm on the fly. - - \item You can easily extend much of the system at application compile time or - at run time. - - \item Works well with a wide variety of compilers, operating systems, and - CPUs, and more all the time. - - \item Is the only open source crypto library (that I know of) that has - support for memory allocation techniques that prevent an attacker from - reading swap in an attempt to gain access to keys or other secrets. In - fact several different such methods are supported, depending on the - system (two methods for Unix, another for Windows). - - \item Has (optional) support for Zlib and Bzip2 compression/decompression - integrated completely into the system -- it only takes a line or two of - code to add compression to your application. -\end{list} - -\noindent -And the major downsides and deficiencies are: - -\begin{list}{$\cdot$} - \item It's written in C++. If your application isn't, Botan is probably - going to be more pain than it's worth. - \item - - \item Botan doesn't directly support higher-level protocols and - formats like SSL or OpenPGP. SSH support is available from a - third-party, and there is an alpha-level SSL/TLS library - currently available. - - \item Doesn't currently support any very high level 'envelope' style - processing - support for this will probably be added once support for - CMS is available, so code using the high level interface will produce - data readable by many other libraries. -\end{list} - -\pagebreak -\section{Getting Started} - -\subsection{Basic Conventions} - -With a very small number of exceptions, declarations in the library -are contained within the namespace \namespace{Botan}. Botan declares -several typedef'ed types to help buffer it against changes in machine -architecture. These types are used extensively in the interface, -thus it would be often be convenient to use them without the -\namespace{Botan} prefix. You can do so by \keyword{using} the -namespace \namespace{Botan::types} (this way you can use the type -names without the namespace prefix, but the remainder of the library -stays out of the global namespace). The included types are \type{byte} -and \type{u32bit}, which are unsigned integer types. - -The headers for Botan are usually available in the form -\filename{botan/headername.h}. For brevity in this documentation, -headers are always just called \filename{headername.h}, but they -should be used with the \filename{botan/} prefix in your actual code. - -\subsection{Initializing the Library} - -There is a set of core services that the library needs access to -while it is performing requests. To ensure these are set up, you must -create a \type{LibraryInitializer} object (usually called 'init' in -Botan example code; 'botan\_library' or 'botan\_init' may make more -sense in real applications) prior to making any calls to Botan. This -object's lifetime must exceed that of all other Botan objects your -application creates; for this reason the best place to create the -\type{LibraryInitializer} is at the start of your \function{main} -function, since this guarantees that it will be created first and -destroyed last (via standard C++ RAII rules). The initializer does -things like setting up the memory allocation system and algorithm -lookup tables, finding out if there is a high resolution timer -available to use, and similar such matters. With no arguments, the -library is initialized with various default settings. So most of the -time (unless you are writing threaded code; see below), all you need -is: - -\texttt{Botan::LibraryInitializer init;} - -at the start of your \texttt{main}. - -The constructor takes an optional string that specifies arguments. -Currently the only possible argument is ``thread\_safe'', which must -have an Boolean argument (for instance ``thread\_safe=false'' or -``thread\_safe=true''). If ``thread\_safe'' is specified as true the -library will attempt to register a mutex type to properly guard access -to shared resources. However these locks do not protect individual -Botan objects: explicit locking must be used in this case. - -If you do not create a \type{LibraryInitializer} object, pretty much -any Botan operation will fail, because it will be unable to do basic -things like allocate memory or get random bits. Note too, that you -should be careful to only create one such object. - -It is not strictly necessary to create a \type{LibraryInitializer}; -the actual code performing the initialization and shutdown are in -static member functions of \type{LibraryInitializer}, called -\function{initialize} and \function{deinitialize}. A -\type{LibraryInitializer} merely provides a convenient RAII wrapper -for the operations (thus for the internal library state as well). - -\subsection{Pitfalls} - -There are a few things to watch out for to prevent problems when using Botan. - -Never allocate any kind of Botan object globally. The problem with -doing this is that the constructor for such an object will be called -before the library is initialized. Many Botan objects will, in their -constructor, make one or more calls into the library global state -object. Access to this object is checked, so an exception should be -thrown (rather than a memory access violation or undetected -uninitialized object access). A rough equivalent that will work is to -keep a global pointer to the object, initializing it after creating -your \type{LibraryInitializer}. Merely making the -\type{LibraryInitializer} also global will probably not help, because -C++ does not make very strong guarantees about the order that such -objects will be created. - -The same rule applies for making sure the destructors of all your -Botan objects are called before the \type{LibraryInitializer} is -destroyed. This implies you can't have static variables that are Botan -objects inside functions or classes (since in most C++ runtimes, these -objects will be destroyed after main has returned). This is inelegant, -but seems to not cause many problems in practice. - -Botan's memory object classes (\type{MemoryVector}, -\type{SecureVector}, \type{SecureBuffer}) are extremely primitive, and -do not (currently) meet the requirements for an STL container -object. After Botan starts adopting C++0x features, they will be -replaced by typedefs of \type{std::vector} with a custom allocator. - -Use a \function{try}/\function{catch} block inside your -\function{main} function, and catch any \type{std::exception} throws -(remember to catch by reference, as \type{std::exception}'s -\function{what} method is polymorphic). This is not strictly required, -but if you don't, and Botan throws an exception, the runtime will call -\function{std::terminate}, which usually calls \function{abort} or -something like it, leaving you (or worse, a user of your application) -wondering what went wrong. - -\subsection{Information Flow: Pipes and Filters} - -Many common uses of cryptography involve processing one or more -streams of data (be it from sockets, files, or a hardware device). -Botan provides services that make setting up data flows through -various operations, such as compression, encryption, and base64 -encoding. Each of these operations is implemented in what are called -\emph{filters} in Botan. A set of filters are created and placed into -a \emph{pipe}, and information ``flows'' through the pipe until it -reaches the end, where the output is collected for retrieval. If -you're familiar with the Unix shell environment, this design will -sound quite familiar. - -Here is an example that uses a pipe to base64 encode some strings: - -\begin{verbatim} - Pipe pipe(new Base64_Encoder); // pipe owns the pointer - pipe.start_msg(); - pipe.write(``message 1''); - pipe.end_msg(); // flushes buffers, increments message number - - // process_msg(x) is start_msg() && write(x) && end_msg() - pipe.process_msg(``message2''); - - std::string m1 = pipe.read_all_as_string(0); // ``message1'' - std::string m2 = pipe.read_all_as_string(1); // ``message2'' -\end{verbatim} - -Bytestreams in the pipe are grouped into messages; blocks of data that -are processed in an identical fashion (\ie, with the same sequence of -\type{Filter}s). Messages are delimited by calls to -\function{start\_msg} and \function{end\_msg}. Each message in a pipe -has its own identifier, which currently is an integer that increments -up from zero. - -As you can see, the \type{Base64\_Encoder} was allocated using -\keyword{new}; but where was it deallocated? When a filter object is -passed to a \type{Pipe}, the pipe takes ownership of the object, and -will deallocate it when it is no longer needed. - -There are two different ways to make use of messages. One is to send -several messages through a \type{Pipe} without changing the -\type{Pipe}'s configuration, so you end up with a sequence of -messages; one use of this would be to send a sequence of identically -encrypted UDP packets, for example (note that the \emph{data} need not -be identical; it is just that each is encrypted, encoded, signed, etc -in an identical fashion). Another is to change the filters that are -used in the \type{Pipe} between each message, by adding or removing -\type{Filter}s; functions that let you do this are documented in the -Pipe API section. - -Most operations in Botan have a corresponding filter for use in Pipe. -Here's code that encrypts a string with AES-128 in CBC mode: - -\begin{verbatim} - AutoSeeded_RNG rng, - SymmetricKey key(rng, 16); // a random 128-bit key - InitializationVector iv(rng, 16); // a random 128-bit IV - - // Notice the algorithm we want is specified by a string - Pipe pipe(get_cipher(``AES-128/CBC'', key, iv, ENCRYPTION)); - - pipe.process_msg(``secrets''); - pipe.process_msg(``more secrets''); - - MemoryVector<byte> c1 = pipe.read_all(0); - - byte c2[4096] = { 0 }; - u32bit got_out = pipe.read(c2, sizeof(c2), 1); - // use c2[0...got_out] -\end{verbatim} - -Note the use of \type{AutoSeeded\_RNG}, which is a random number -generator. If you want to, you can explicitly set up the random number -generators and entropy sources you want to, however for 99\% of cases -\type{AutoSeeded\_RNG} is preferable. - -\type{Pipe} also has convenience methods for dealing with -\type{std::iostream}s. Here is an example of those, using the -\type{Bzip\_Compression} filter (included as a module; if you have -bzlib available, check \filename{building.pdf} for how to enable it) -to compress a file: - -\begin{verbatim} - std::ifstream in(``data.bin'', std::ios::binary) - std::ofstream out(``data.bin.bz2'', std::ios::binary) - - Pipe pipe(new Bzip_Compression); - - pipe.start_msg(); - in >> pipe; - pipe.end_msg(); - out << pipe; -\end{verbatim} - -However there is a hitch to the code above; the complete contents of -the compressed data will be held in memory until the entire message -has been compressed, at which time the statement \verb|out << pipe| is -executed, and the data is freed as it is read from the pipe and -written to the file. But if the file is very large, we might not have -enough physical memory (or even enough virtual memory!) for that to be -practical. So instead of storing the compressed data in the pipe for -reading it out later, we divert it directly to the file: - -\begin{verbatim} - std::ifstream in(``data.bin'', std::ios::binary) - std::ofstream out(``data.bin.bz2'', std::ios::binary) - - Pipe pipe(new Bzip_Compression, new DataSink_Stream(out)); - - pipe.start_msg(); - in >> pipe; - pipe.end_msg(); -\end{verbatim} - -This is the first code we've seen so far that uses more than one -filter in a pipe. The output of the compressor is sent to the -\type{DataSink\_Stream}. Anything written to a \type{DataSink\_Stream} -is written to a file; the filter produces no output. As soon as the -compression algorithm finishes up a block of data, it will send it along, -at which point it will immediately be written to disk; if you were to -call \verb|pipe.read_all()| after \verb|pipe.end_msg()|, you'd get an -empty vector out. - -Here's an example using two computational filters: - -\begin{verbatim} - AutoSeeded_RNG rng, - SymmetricKey key(rng, 32); - InitializationVector iv(rng, 16); - - Pipe encryptor(get_cipher("AES/CBC/PKCS7", key, iv, ENCRYPTION), - new Base64_Encoder); - - encryptor.start_msg(); - file >> encryptor; - encryptor.end_msg(); // flush buffers, complete computations - std::cout << encryptor; -\end{verbatim} - -\subsection{Fork} - -It is fairly common that you might receive some data and want to -perform more than one operation on it (\ie, encrypt it with Serpent -and calculate the SHA-256 hash of the plaintext at the same -time). That's where \type{Fork} comes in. \type{Fork} is a filter that -takes input and passes it on to \emph{one or more} \type{Filter}s -that are attached to it. \type{Fork} changes the nature of the pipe -system completely. Instead of being a linked list, it becomes a tree. - -Each \type{Filter} in the fork is given its own output buffer, and -thus its own message. For example, if you had previously written two -messages into a \type{Pipe}, then you start a new one with a -\type{Fork} that has three paths of \type{Filter}'s inside it, you -add three new messages to the \type{Pipe}. The data you put into the -\type{Pipe} is duplicated and sent into each set of \type{Filter}s, -and the eventual output is placed into a dedicated message slot in the -\type{Pipe}. - -Messages in the \type{Pipe} are allocated in a depth-first manner. This is only -interesting if you are using more than one \type{Fork} in a single \type{Pipe}. -As an example, consider the following: - -\begin{verbatim} - Pipe pipe(new Fork( - new Fork( - new Base64_Encoder, - new Fork( - NULL, - new Base64_Encoder - ) - ), - new Hex_Encoder - ) - ); -\end{verbatim} - -In this case, message 0 will be the output of the first \type{Base64\_Encoder}, -message 1 will be a copy of the input (see below for how \type{Fork} interprets -NULL pointers), message 2 will be the output of the second -\type{Base64\_Encoder}, and message 3 will be the output of the -\type{Hex\_Encoder}. As you can see, this results in message numbers being -allocated in a top to bottom fashion, when looked at on the screen. However, -note that there could be potential for bugs if this is not anticipated. For -example, if your code is passed a \type{Filter}, and you assume it is a -``normal'' one that only uses one message, your message offsets would be -wrong, leading to some confusion during output. - -If Fork's first argument is a null pointer, but a later argument is -not, then Fork will feed a copy of its input directly through. Here's -a case where that is useful: - -\begin{verbatim} - // have std::string ciphertext, auth_code, key, iv, mac_key; - - Pipe pipe(new Base64_Decoder, - get_cipher(``AES-128'', key, iv, DECRYPTION), - new Fork( - 0 - new MAC_Filter(``HMAC(SHA-1)'', mac_key) - ) - ); - - pipe.process_msg(ciphertext); - std::string plaintext = pipe.read_all_as_string(0); - SecureVector<byte> mac = pipe.read_all(1); - - if(mac != auth_code) - error(); -\end{verbatim} - -Here we wanted to not only decrypt the message, but send the decrypted -text through an additional computation, in order to compute the -authentication code. - -Any \type{Filter}s that are attached to the \type{Pipe} after the -\type{Fork} are implicitly attached onto the first branch created by -the fork. For example, let's say you created this \type{Pipe}: - -\begin{verbatim} -Pipe pipe(new Fork(new Hash_Filter("MD5"), new Hash_Filter("SHA-1")), - new Hex_Encoder); -\end{verbatim} - -And then called \function{start\_msg}, inserted some data, then -\function{end\_msg}. Then \arg{pipe} would contain two messages. The -first one (message number 0) would contain the MD5 sum of the input in -hex encoded form, and the other would contain the SHA-1 sum of the -input in raw binary. However, it's much better to use a \type{Chain} -instead. - -\subsubsection{Chain} - -A \type{Chain} filter creates a chain of \type{Filter}s and -encapsulates them inside a single filter (itself). This allows a -sequence of filters to become a single filter, to be passed into or -out of a function, or to a \type{Fork} constructor. - -You can call \type{Chain}'s constructor with up to 4 \type{Filter*}s -(they will be added in order), or with an array of \type{Filter*}s and -a \type{u32bit} that tells \type{Chain} how many \type{Filter*}s are -in the array (again, they will be attached in order). Here's the -example from the last section, using chain instead of relying on the -obscure rule that version used. - -\begin{verbatim} - Pipe pipe(new Fork( - new Chain(new Hash_Filter("MD5"), new Hex_Encoder), - new Hash_Filter("SHA-1") - ) - ); -\end{verbatim} - -\subsection{The Pipe API} - -\subsubsection{Initializing Pipe} - -By default, \type{Pipe} will do nothing at all; any input placed into -the \type{Pipe} will be read back unchanged. Obviously, this has -limited utility, and presumably you want to use one or more -\type{Filter}s to somehow process the data. First, you can choose a -set of \type{Filter}s to initialize the \type{Pipe} via the -constructor. You can pass it either a set of up to 4 \type{Filter*}s, -or a pre-defined array and a length: - -\begin{verbatim} - Pipe pipe1(new Filter1(/*args*/), new Filter2(/*args*/), - new Filter3(/*args*/), new Filter4(/*args*/)); - Pipe pipe2(new Filter1(/*args*/), new Filter2(/*args*/)); - - Filter* filters[5] = { - new Filter1(/*args*/), new Filter2(/*args*/), new Filter3(/*args*/), - new Filter4(/*args*/), new Filter5(/*args*/) /* more if desired... */ - }; - Pipe pipe3(filters, 5); -\end{verbatim} - -This is by far the most common way to initialize a \type{Pipe}. However, -occasionally a more flexible initialization strategy is necessary; this is -supported by 4 member functions: \function{prepend}(\type{Filter*}), -\function{append}(\type{Filter*}), \function{pop}(), and \function{reset}(). -These functions may only be used while the \type{Pipe} in question is not in -use; that is, either before calling \function{start\_msg}, or after -\function{end\_msg} has been called (and no new calls to \function{start\_msg} -have been made yet). - -The function \function{reset}() simply removes all the \type{Filter}s -that the \type{Pipe} is currently using~--~it is reset to an -initialize, ``empty'' state. Any data that is being retained by the -\type{Pipe} is retained after a \function{reset}(), and -\function{reset}() does not affect the message numbers (discussed -later). - -Calling \function{prepend} and \function{append} will either prepend -or append the passed \type{Filter} object to the list of -transformations. For example, if you \function{prepend} a -\type{Filter} implementing encryption, and the \type{Pipe} already had -a \type{Filter} that hex encoded the input, then the next set of -input would be first encrypted, then hex encoded. Alternately, if you -called \function{append}, then the input would be first be hex -encoded, and then encrypted (which is not terribly useful in this -particular example). - -Finally, calling \function{pop}() will remove the first transformation -of the \type{Pipe}. Say we had called \function{prepend} to put an -encryption \type{Filter} into a \type{Pipe}; calling \function{pop}() -would remove this \type{Filter} and return the \type{Pipe} to its -state before we called \function{prepend}. - -\subsubsection{Giving Data to a Pipe} - -Input to a \type{Pipe} is delimited into messages, which can be read from -independently (\ie, you can read 5 bytes from one message, and then all of -another message, without either read affecting any other messages). The -messages are delimited by calls to \function{start\_msg} and -\function{end\_msg}. In between these two calls, you can write data into a -\type{Pipe}, and it will be processed by the \type{Filter}(s) that it -contains. Writes at any other time are invalid, and will result in an -exception. - -As to writing, you can call any of the functions called \function{write}(), -that can take any of: a \type{byte[]}/\type{u32bit} pair, a -\type{SecureVector<byte>}, a \type{std::string}, a \type{DataSource\&}, or a -single \type{byte}. - -Sometimes, you may want to do only a single write per message. In this case, -you can use the \function{process\_msg} series of functions, which start a -message, write their argument into the \type{Pipe}, and then end the -message. In this case you would not make any explicit calls to -\function{start\_msg}/\function{end\_msg}. The version of \function{write} -that takes a single \type{byte} is not supported by \function{process\_msg}, -but all the other variants are. - -\type{Pipe} can also be used with the \verb|>>| operator, and will accept a -\type{std::istream}, (or on Unix systems with the \verb|fd_unix| module), a -Unix file descriptor. In either case, the entire contents of the file will be -read into the \type{Pipe}. - -\subsubsection{Getting Output from a Pipe} - -Retrieving the processed data from a \type{Pipe} is a bit more complicated, for -various reasons. In particular, because \type{Pipe} will separate each message -into a separate buffer, you have to be able to retrieve data from each message -independently. Each of \type{Pipe}'s read functions has a final parameter that -specifies what message to read from (as a 32-bit integer). If this parameter is -set to \type{Pipe::DEFAULT\_MESSAGE}, it will read the current default message -(\type{DEFAULT\_MESSAGE} is also the default value of this parameter). The -parameter will not be mentioned in further discussion of the reading API, but -it is always there (unless otherwise noted). - -Reading is done with a variety of functions. The most basic are \type{u32bit} -\function{read}(\type{byte} \arg{out}[], \type{u32bit} \arg{len}) and -\type{u32bit} \function{read}(\type{byte\&} \arg{out}). Each reads into -\arg{out} (either up to \arg{len} bytes, or a single byte for the one taking a -\type{byte\&}), and returns the total number of bytes read. There is a variant -of these functions, all named \function{peek}, which performs the same -operations, but does not remove the bytes from the message (reading is a -destructive operation with a \type{Pipe}). - -There are also the functions \type{SecureVector<byte>} \function{read\_all}(), -and \type{std::string} \function{read\_all\_as\_string}(), which return the -entire contents of the message, either as a memory buffer, or a -\type{std::string} (which is generally only useful if the \type{Pipe} has -encoded the message into a text string, such as when a \type{Base64\_Encoder} -is used). - -To determine how many bytes are left in a message, call \type{u32bit} -\function{remaining}() (which can also take an optional message -number). Finally, there are some functions for managing the default message -number: \type{u32bit} \function{default\_msg}() will return the current default -message, \type{u32bit} \function{message\_count}() will return the total number -of messages (0...\function{message\_count}()-1), and -\function{set\_default\_msg}(\type{u32bit} \arg{msgno}) will set a new default -message number (which must be a valid message number for that \type{Pipe}). The -ability to set the default message number is particularly important in the case -of using the file output operations (\verb|<<| with a \type{std::ostream} or -Unix file descriptor), because there is no way to specify it explicitly when -using the output operator. - -\subsection{A Filter Example} - -Here is some code that takes one or more filenames in \arg{argv} and -calculates the result of several hash functions for each file. The complete -program can be found as \filename{hasher.cpp} in the Botan distribution. For -brevity, most error checking has been removed. - -\begin{verbatim} - string name[3] = { "MD5", "SHA-1", "RIPEMD-160" }; - Botan::Filter* hash[3] = { - new Botan::Chain(new Botan::Hash_Filter(name[0]), - new Botan::Hex_Encoder), - new Botan::Chain(new Botan::Hash_Filter(name[1]), - new Botan::Hex_Encoder), - new Botan::Chain(new Botan::Hash_Filter(name[2]), - new Botan::Hex_Encoder) }; - - Botan::Pipe pipe(new Botan::Fork(hash, COUNT)); - - for(u32bit j = 1; argv[j] != 0; j++) - { - ifstream file(argv[j]); - pipe.start_msg(); - file >> pipe; - pipe.end_msg(); - file.close(); - for(u32bit k = 0; k != 3; k++) - { - pipe.set_default_msg(3*(j-1)+k); - cout << name[k] << "(" << argv[j] << ") = " << pipe << endl; - } - } -\end{verbatim} - - -\subsection{Filter Catalog} - -This section contains descriptions of every \type{Filter} included in -the portable sections of Botan. \type{Filter}s provided by modules -are documented elsewhere. - -\subsubsection{Keyed Filters} - -A few sections ago, it was mentioned that \type{Pipe} can process multiple -messages, treating each of them exactly the same. Well, that was a bit of a -lie. There are some algorithms (in particular, block ciphers not in ECB mode, -and all stream ciphers) that change their state as data is put through them. - -Naturally, you might well want to reset the keys or (in the case of block -cipher modes) IVs used by such filters, so multiple messages can be processed -using completely different keys, or new IVs, or new keys and IVs, or whatever. -And in fact, even for a MAC or an ECB block cipher, you might well want to -change the key used from message to message. - -Enter \type{Keyed\_Filter}, which acts as an abstract interface for -any filter that is uses keys: block cipher modes, stream ciphers, -MACs, and so on. It has two functions, \function{set\_key} and -\function{set\_iv}. Calling \function{set\_key} will, naturally, set -(or reset) the key used by the algorithm. Setting the IV only makes -sense in certain algorithms -- a call to \function{set\_iv} on an -object that doesn't support IVs will be ignored. You \emph{must} call -\function{set\_key} before calling \function{set\_iv}: while not all -\type{Keyed\_Filter} objects require this, you should assume it is -required anytime you are using a \type{Keyed\_Filter}. - -Here's a example: - -\begin{verbatim} - Keyed_Filter *cast, *hmac; - Pipe pipe(new Base64_Decoder, - // Note the assignments to the cast and hmac variables - cast = new CBC_Decryption("CAST-128", "PKCS7", cast_key, iv), - new Fork( - 0, // Read the section 'Fork' to understand this - new Chain( - hmac = new MAC_Filter("HMAC(SHA-1)", mac_key, 12), - new Base64_Encoder - ) - ) - ); - pipe.start_msg(); - [use pipe for a while, decrypt some stuff, derive new keys and IVs] - pipe.end_msg(); - - cast->set_key(cast_key2); - cast->set_iv(iv2); - hmac->set_key(mac_key2); - - pipe.start_msg(); - [use pipe for some other things] - pipe.end_msg(); -\end{verbatim} - -There are some requirements to using \type{Keyed\_Filter} that you must -follow. If you call \function{set\_key} or \function{set\_iv} on a filter that -is owned by a \type{Pipe}, you must do so while the \type{Pipe} is -``unlocked''. This refers to the times when no messages are being processed by -\type{Pipe} -- either before \type{Pipe}'s \function{start\_msg} is called, or -after \function{end\_msg} is called (and no new call to \function{start\_msg} -has happened yet). Doing otherwise will result in undefined behavior, probably -silently getting invalid output. - -And remember: if you're resetting both values, reset the key \emph{first}. - -\subsubsection{Cipher Filters} - -Getting a hold of a \type{Filter} implementing a cipher is very easy. Simply -make sure you're including the header \filename{lookup.h}, and call -\function{get\_cipher}. Generally you will pass the return value directly into -a \type{Pipe}. There are actually a couple different functions, which do pretty -much the same thing: - -\function{get\_cipher}(\type{std::string} \arg{cipher\_spec}, - \type{SymmetricKey} \arg{key}, - \type{InitializationVector} \arg{iv}, - \type{Cipher\_Dir} \arg{dir}); - -\function{get\_cipher}(\type{std::string} \arg{cipher\_spec}, - \type{SymmetricKey} \arg{key}, - \type{Cipher\_Dir} \arg{dir}); - -The version that doesn't take an IV is useful for things that don't use them, -like block ciphers in ECB mode, or most stream ciphers. If you specify a -\arg{cipher\_spec} that does want a IV, and you use the version that doesn't -take one, an exception will be thrown. The \arg{dir} argument can be either -\type{ENCRYPTION} or \type{DECRYPTION}. In a few cases, like most (but not all) -stream ciphers, these are equivalent, but even then it provides a way of -showing the ``intent'' of the operation to readers of your code. - -The \arg{cipher\_spec} is a string that specifies what cipher is to be -used. The general syntax for \arg{cipher\_spec} is ``STREAM\_CIPHER'', -``BLOCK\_CIPHER/MODE'', or ``BLOCK\_CIPHER/MODE/PADDING''. In the case of -stream ciphers, no mode is necessary, so just the name is sufficient. A block -cipher requires a mode of some sort, which can be ``ECB'', ``CBC'', ``CFB(n)'', -``OFB'', ``CTR-BE'', or ``EAX(n)''. The argument to CFB mode is how many bits -of feedback should be used. If you just use ``CFB'' with no argument, it will -default to using a feedback equal to the block size of the cipher. EAX mode -also takes an optional bit argument, which tells EAX how large a tag size to -use~--~generally this is the size of the block size of the cipher, which is the -default if you don't specify any argument. - -In the case of the ECB and CBC modes, a padding method can also be -specified. If it is not supplied, ECB defaults to not padding, and CBC defaults -to using PKCS \#5/\#7 compatible padding. The padding methods currently -available are ``NoPadding'', ``PKCS7'', ``OneAndZeros'', and ``CTS''. CTS -padding is currently only available for CBC mode, but the others can also be -used in ECB mode. - -Some example \arg{cipher\_spec} arguments are: ``DES/CFB(32)'', -``TripleDES/OFB'', ``Blowfish/CBC/CTS'', ``SAFER-SK(10)/CBC/OneAndZeros'', -``AES/EAX'', ``ARC4'' - -``CTR-BE'' refers to counter mode where the counter is incremented as if it -were a big-endian encoded integer. This is compatible with most other -implementations, but it is possible some will use the incompatible little -endian convention. This version would be denoted as ``CTR-LE'' if it were -supported. - -``EAX'' is a new cipher mode designed by Wagner, Rogaway, and Bellare. It is an -authenticated cipher mode (that is, no separate authentication is needed), has -provable security, and is free from patent entanglements. It runs about half as -fast as most of the other cipher modes (like CBC, OFB, or CTR), which is not -bad considering you don't need to use an authentication code. - -\subsubsection{Hashes and MACs} - -Hash functions and MACs don't need anything special when it comes to -filters. Both just take their input and produce no output until -\function{end\_msg()} is called, at which time they complete the hash or MAC -and send that as output. - -These \type{Filter}s take a string naming the type to be used. If for some -reason you name something that doesn't exist, an exception will be thrown. - -\noindent -\function{Hash\_Filter}(\type{std::string} \arg{hash}, - \type{u32bit} \arg{outlength}): - -This type hashes its input with \arg{hash}. When \function{end\_msg} is called -on the owning \type{Pipe}, the hash is completed and the digest is sent on to -the next thing in the pipe. The argument \arg{outlength} specifies how much of -the output of the hash will be passed along to the next filter when -\function{end\_msg} is called. By default, it will pass the entire hash. - -Examples of names for \function{Hash\_Filter} are ``SHA-1'' and ``Whirlpool''. - -\noindent -\function{MAC\_Filter}(\type{std::string} \arg{mac}, - \type{const SymmetricKey\&} \arg{key}, - \type{u32bit} \arg{outlength}): - -The constructor for a \type{MAC\_Filter} takes a key, used in calculating the -MAC, and a length parameter, which has semantics exactly the same as the one -passed to \type{Hash\_Filter}s constructor. - -Examples for \arg{mac} are ``HMAC(SHA-1)'', ``CMAC(AES-128)'', and the -exceptionally long, strange, and probably useless name -``CMAC(Lion(Tiger(20,3),MARK-4,1024))''. - -\subsubsection{PK Filters} - -There are four classes in this category, \type{PK\_Encryptor\_Filter}, -\type{PK\_Decryptor\_Filter}, \type{PK\_Signer\_Filter}, and -\type{PK\_Verifier\_Filter}. Each takes a pointer to an object of the -appropriate type (\type{PK\_Encryptor}, \type{PK\_Decryptor}, etc) that is -deleted by the destructor. These classes are found in \filename{pk\_filts.h}. - -Three of these, for encryption, decryption, and signing are pretty much -identical conceptually. Each of them buffers its input until the end of the -message is marked with a call to the \function{end\_msg} function. Then they -encrypt, decrypt, or sign their input and send the output (the ciphertext, the -plaintext, or the signature) into the next filter. - -Signature verification works a little differently, because it needs to know -what the signature is in order to check it. You can either pass this in along -with the constructor, or call the function \function{set\_signature} -- with -this second method, you need to keep a pointer to the filter around so you can -send it this command. In either case, after \function{end\_msg} is called, it -will try to verify the signature (if the signature has not been set by either -method, an exception will be thrown here). It will then send a single byte onto -the next filter -- a 1 or a 0, which specifies whether the signature verified -or not (respectively). - -For more information about PK algorithms (including creating the appropriate -objects to pass to the constructors), read the section ``Public Key -Cryptography'' in this manual. - -\subsubsection{Encoders} - -Often you want your data to be in some form of text (for sending over channels -that aren't 8-bit clean, printing it, etc). The filters \type{Hex\_Encoder} -and \type{Base64\_Encoder} will convert arbitrary binary data into hex or -base64 formats. Not surprisingly, you can use \type{Hex\_Decoder} and -\type{Base64\_Decoder} to convert it back into its original form. - -Both of the encoders can take a few options about how the data should be -formatted (all of which have defaults). The first is a \type{bool} which simply -says if the encoder should insert line breaks. This defaults to -false. Line breaks don't matter either way to the decoder, but it makes the -output a bit more appealing to the human eye, and a few transport mechanisms -(notably some email systems) limit the maximum line length. - -The second encoder option is an integer specifying how long such lines will be -(obviously this will be ignored if line-breaking isn't being used). The default -tends to be in the range of 60-80 characters, but is not specified exactly. If -you want a specific value, set it. Otherwise the default should be fine. - -Lastly, \type{Hex\_Encoder} takes an argument of type \type{Case}, which can be -\type{Uppercase} or \type{Lowercase} (default is \type{Uppercase}). This -specifies what case the characters A-F should be output as. The base64 encoder -has no such option, because it uses both upper and lower case letters for its -output. - -The decoders both take a single option, which tells it how the object should -behave in the case of invalid input. The enum (called \type{Decoder\_Checking}) -can take on any of three values: \type{NONE}, \type{IGNORE\_WS}, and -\type{FULL\_CHECK}. With \type{NONE} (the default, for compatibility with -previous releases), invalid input (for example, a ``z'' character in supposedly -hex input) will simply be ignored. With \type{IGNORE\_WS}, whitespace will be -ignored by the decoder, but receiving other non-valid data will raise an -exception. Finally, \type{FULL\_CHECK} will raise an exception for \emph{any} -characters not in the encoded character set, including whitespace. - -You can find the declarations for these types in \filename{hex.h} and -\filename{base64.h}. - -\subsection{Rolling Your Own} - -The system of filters and pipes was designed in an attempt to make it -as simple as possible to write new \type{Filter} objects. There are -essentially four functions that need to be implemented by an object -deriving from \type{Filter}: - -\noindent -\type{void} \function{write}(\type{byte} \arg{input}[], \type{u32bit} -\arg{length}): - -The \function{write} function is what is called when a filter receives input -for it to process. The filter is \emph{not} required to process it right away; -many filters buffer their input before producing any output. A filter will -usually have \function{write} called many times during its lifetime. - -\noindent -\type{void} \function{send}(\type{byte} \arg{output}[], \type{u32bit} -\arg{length}): - -Eventually, a filter will want to produce some output to send along to the next -filter in the pipeline. It does so by calling \function{send} with whatever it -wants to send along to the next filter. There is also a version of -\function{send} taking a single byte argument, as a convenience. - -\noindent -\type{void} \function{start\_msg()}: - -This function is optional. Implement it if your \type{Filter} would like to do -some processing or setup at the start of each message (for an example, see the -Zlib compression module). - -\noindent -\type{void} \function{end\_msg()}: - -Implementing the \function{end\_msg} function is optional. It is called when it -has been requested that filters finish up their computations. Note that they -must \emph{not} deallocate their resources; this should be done by their -destructor. They should simply finish up with whatever computation they have -been working on (for example, a compressing filter would flush the compressor -and \function{send} the final block), and empty any buffers in preparation for -processing a fresh new set of input. It is essentially the inverse of -\function{start\_msg}. - -Additionally, if necessary, filters can define a constructor that takes any -needed arguments, and a destructor to deal with deallocating memory, closing -files, etc. - -There is also a \type{BufferingFilter} class (in \filename{buf\_filt.h}) that -will take a message and split it up into an initial block that can be of any -size (including zero), a sequence of fixed sized blocks of any non-zero size, -and last (possibly zero-sized) final block. This might make a useful base class -for your filters, depending on what you have in mind. - - -\pagebreak -\section{Public Key Cryptography} - -Let's create a 1024-bit RSA private key, encode the public key as a -PKCS \#1 file with PEM encoding (which can be understood by many other -cryptographic programs) - -\begin{verbatim} -// everyone does: -AutoSeeded_RNG rng; - -// Alice -RSA_PrivateKey priv_rsa(rng, 1024 /* bits */); - -std::string alice_pem = X509::PEM_encode(priv_rsa); - -// send alice_pem to Bob, who does - -// Bob -std::auto_ptr<X509_PublicKey> alice(load_key(alice_pem)); - -RSA_PublicKey* alice_rsa = dynamic_cast<RSA_PublicKey>(alice); -if(alice_rsa) - { - /* ... */ - } - -\end{verbatim} - -\subsection{Creating PK Algorithm Key Objects} - -The library has interfaces for encryption, signatures, etc that do not require -knowing the exact algorithm in use (for example RSA and Rabin-Williams -signatures are handled by the exact same code path). - -One place where we \emph{do} need to know exactly what kind of algorithm is in -use is when we are creating a key (\emph{But}: read the section ``Importing and -Exporting PK Keys'', later in this manual). - -There are (currently) two kinds of public key algorithms in Botan: ones based -on integer factorization (RSA and Rabin-Williams), and ones based on the -discrete logarithm problem (DSA, Diffie-Hellman, Nyberg-Rueppel, and -ElGamal). Since discrete logarithm parameters (primes and generators) can be -shared among many keys, there is the notion of these being a combined type -(called \type{DL\_Group}). - -There are two ways to create a DL private key (such as -\type{DSA\_PrivateKey}). One is to pass in just a \type{DL\_Group} object -- a -new key will automatically be generated. The other involves passing in a group -to use, along with both the public and private values (private value first). - -Since in integer factorization algorithms, the modulus used isn't shared by -other keys, we don't use this notion. You can create a new key by passing in a -\type{u32bit} telling how long (in bits) the key should be, or you can copy an -pre-existing key by passing in the appropriate parameters (primes, exponents, -etc). For RSA and Rabin-Williams (the two IF schemes in Botan), the parameters -are all \type{BigInt}s: prime 1, prime 2, encryption exponent, decryption -exponent, modulus. The last two are optional, since they can easily be derived -from the first three. - -\subsubsection{Creating a DL\_Group} - -There are quite a few ways to get a \type{DL\_Group} object. The best is to use -the function \function{get\_dl\_group}, which takes a string naming a group; it -will either return that group, if it knows about it, or throw an -exception. Names it knows about include ``IETF-n'' where n is 768, 1024, 1536, -2048, 3072, or 4096, and ``DSA-n'', where n is 512, 768, or 1024. The IETF -groups are the ones specified for use with IPSec, and the DSA ones are the -default DSA parameters specified by Java's JCE. For DSA and Nyberg-Rueppel, you -should only use the ``DSA-n'' groups, while Diffie-Hellman and ElGamal can use -either type (keep in mind that some applications/standards require DH/ELG to -use DSA-style primes, while others require strong prime groups). - -You can also generate a new random group. This is not recommend, because it is -quite slow, especially for safe primes. - -\subsection{Key Checking} - -Most public key algorithms have limitations or restrictions on their -parameters. For example RSA requires an odd exponent, and algorithms based on -the discrete logarithm problem need a generator $> 1$. - -Each low-level public key type has a function named \function{check\_key} that -takes a \type{bool}. This function returns a Boolean value that declares -whether or not the key is valid (from an algorithmic standpoint). For example, -it will check to make sure that the prime parameters of a DSA key are, in fact, -prime. It does not have anything to do with the validity of the key for any -particular use, nor does it have anything to do with certificates that link a -key (which, after all, is just some numbers) with a user or other entity. If -\function{check\_key}'s argument is \type{true}, then it does ``strong'' -checking, which includes fairly expensive operations like primality checking. - -Keys are always checked when they are loaded or generated, so typically there -is no reason to use this function directly. However, you can disable or reduce -the checks for particular cases (public keys, loaded private keys, generated -private keys) by setting the right config toggle (see the section on the -configuration subsystem for details). - -\subsection{Getting a PK algorithm object} - -The key types, like \type{RSA\_PrivateKey}, do not implement any kind -of padding or encoding (which is generally necessary for security). To -get an object like this, the easiest thing to do is call the functions -found in \filename{look\_pk.h}. Generally these take a key, followed -by a string that specified what hashing and encoding method(s) to -use. Examples of such strings are ``EME1(SHA-256)'' for OAEP -encryption and ``EMSA4(SHA-256)'' for PSS signatures (where the -message is hashed using SHA-256). - -Here are some basic examples (using an RSA key) to give you a feel for the -possibilities. These examples assume \type{rsakey} is an -\type{RSA\_PrivateKey}, since otherwise we would not be able to create a -decryption or signature object with it (you can create encryption or signature -verification objects with public keys, naturally). Remember to delete these -objects when you're done with them. - -\begin{verbatim} - // PKCS #1 v2.0 / IEEE 1363 compatible encryption - PK_Encryptor* rsa_enc1 = get_pk_encryptor(rsakey, "EME1(RIPEMD-160)"); - // PKCS #1 v1.5 compatible encryption - PK_Encryptor* rsa_enc2 = get_pk_encryptor(rsakey, "PKCS1v15"); - - // Raw encryption: no padding, input is directly encrypted by the key - // Don't use this unless you know what you're doing - PK_Encryptor* rsa_enc3 = get_pk_encryptor(rsakey, "Raw"); - - // This object can decrypt things encrypted by rsa_enc1 - PK_Decryptor* rsa_dec1 = get_pk_decryptor(rsakey, "EME1(RIPEMD-160)"); - - // PKCS #1 v1.5 compatible signatures - PK_Signer* rsa_sig = get_pk_signer(rsakey, "EMSA3(MD5)"); - PK_Verifier* rsa_verify = get_pk_verifier(rsakey, "EMSA3(MD5)"); - - // PKCS #1 v2.1 compatible signatures - PK_Signer* rsa_sig2 = get_pk_signer(rsakey, "EMSA4(SHA-1)"); - PK_Verifier* rsa_verify2 = get_pk_verifier(rsakey, "EMSA4(SHA-1)"); - - // Hash input with SHA-1, but don't pad the input in any way; usually - // used with DSA/NR, not RSA - PK_Signer* rsa_sig = get_pk_signer(rsakey, "EMSA1(SHA-1)"); -\end{verbatim} - -\subsection{Encryption} - -The \type{PK\_Encryptor} and \type{PK\_Decryptor} classes are the interface for -encryption and decryption, respectively. - -Calling \function{encrypt} with a \type{byte} array, a length -parameter, and an RNG object will return the input encrypted with -whatever scheme is being used. Calling the similar \function{decrypt} -will perform the inverse operation. You can also do these operations -with \type{SecureVector<byte>}s. In all cases, the output is returned -via a \type{SecureVector<byte>}. - -If you attempt an operation with a larger size than the key can -support (this limit varies based on the algorithm, the key size, and -the padding method used (if any)), an exception will be -thrown. Alternately, you can call \function{maximum\_input\_size}, -that will return the maximum size you can safely encrypt. In fact, -you can often encrypt an object that is one byte longer, but only if -enough of the high bits of the leading byte are set to zero. Since -this is pretty dicey, it's best to stick with the advertised maximum. - -Available public key encryption algorithms in Botan are RSA and ElGamal. The -encoding methods are EME1, denoted by ``EME1(HASHNAME)'', PKCS \#1 v1.5, -called ``PKCS1v15'' or ``EME-PKCS1-v1\_5'', and raw encoding (``Raw''). - -For compatibility reasons, PKCS \#1 v1.5 is recommend for use with -ElGamal (most other implementations of ElGamal do not support any -other encoding format). RSA can also be used with PKCS \# 1 encoding, -but because of various possible attacks, EME1 is the preferred -encoding. EME1 requires the use of a hash function: unless a competent -applied cryptographer tells you otherwise, you should use SHA-256 or -SHA-512. - -Don't use ``Raw'' encoding unless you need it for backward -compatibility with old protocols. There are many possible attacks -against both ElGamal and RSA when they are used in this way. - -\subsection{Signatures} - -The signature algorithms look quite a bit like the hash functions. You -can repeatedly call \function{update}, giving more and more of a -message you wish to sign, and then call \function{signature}, which -will return a signature for that message. If you want to do it all in -one shot, call \function{sign\_message}, which will just call -\function{update} with its argument and then return whatever -\function{signature} returns. Generating a signature requires random -numbers with some schemes, so \function{signature} and -\function{sign\_message} both take a \type{RandomNumberGenerator\&}. - -You can validate a signature by updating the verifier class, and finally seeing -the if the value returned from \function{check\_signature} is true (you pass -the supposed signature to the \function{check\_signature} function as a byte -array and a length or as a \type{MemoryRegion<byte>}). There is another -function, \function{verify\_message}, which takes a pair of byte array/length -pairs (or a pair of \type{MemoryRegion<byte>} objects), the first of which is -the message, the second being the (supposed) signature. It returns true if the -signature is valid and false otherwise. - -Available public key signature algorithms in Botan are RSA, DSA, -Nyberg-Rueppel, and Rabin-Williams. Signature encoding methods include EMSA1, -EMSA2, EMSA3, EMSA4, and Raw. All of them, except Raw, take a parameter naming -a message digest function to hash the message with. Raw actually signs the -input directly; if the message is too big, the signing operation will fail. Raw -is not useful except in very specialized applications. - -There are various interactions that make certain encoding schemes and signing -algorithms more or less useful. - -EMSA2 is the usual method for encoding Rabin-William signatures, so for -compatibility with other implementations you may have to use that. EMSA4 (also -called PSS), also works with Rabin-Williams. EMSA1 and EMSA3 do \emph{not} work -with Rabin-Williams. - -RSA can be used with any of the available encoding methods. EMSA4 is by far the -most secure, but is not (as of now) widely implemented. EMSA3 (also called -``EMSA-PKCS1-v1\_5'') is commonly used with RSA (for example in SSL). EMSA1 -signs the message digest directly, without any extra padding or encoding. This -may be useful, but is not as secure as either EMSA3 or EMSA4. EMSA2 may be used -but is not recommended. - -For DSA and Nyberg-Rueppel, you should use EMSA1. None of the other encoding -methods are particularly useful for these algorithms. - -\subsection{Key Agreement} - -You can get a hold of a \type{PK\_Key\_Agreement\_Scheme} object by calling -\function{get\_pk\_kas} with a key that is of a type that supports key -agreement (such as a Diffie-Hellman key stored in a \type{DH\_PrivateKey} -object), and the name of a key derivation function. This can be ``Raw'', -meaning the output of the primitive itself is returned as the key, or -``KDF1(hash)'' or ``KDF2(hash)'' where ``hash'' is any string you happen to -like (hopefully you like strings like ``SHA-256'' or ``RIPEMD-160''), or -``X9.42-PRF(keywrap)'', which uses the PRF specified in ANSI X9.42. It takes -the name or OID of the key wrap algorithm that will be used to encrypt a -content encryption key. - -How key agreement generally works is that you trade public values with some -other party, and then each of you runs a computation with the other's value and -your key (this should return the same result to both parties). This computation -can be called by using \function{derive\_key} with either a byte array/length -pair, or a \type{SecureVector<byte>} than holds the public value of the other -party. The last argument to either call is a number that specifies how long a -key you want. - -Depending on the key derivation function you're using, you many not -\emph{actually} get back a key of that size. In particular, ``Raw'' will return -a number about the size of the Diffie-Hellman modulus, and KDF1 can only return -a key that is the same size as the output of the hash. KDF2, on the other -hand, will always give you a key exactly as long as you request, regardless of -the underlying hash used with it. The key returned is a \type{SymmetricKey}, -ready to pass to a block cipher, MAC, or other symmetric algorithm. - -The public value that should be used can be obtained by calling -\function{public\_data}, which exists for any key that is associated with a -key agreement algorithm. It returns a \type{SecureVector<byte>}. - -``KDF2(SHA-256)'' is by far the preferred algorithm for key derivation -in new applications. The X9.42 algorithm may be useful in some -circumstances, but unless you need X9.42 compatibility, KDF2 is easier -to use. - -There is a Diffie-Hellman example included in the distribution, which you may -want to examine. - -\subsection{Importing and Exporting PK Keys} - -[This section mentions \type{Pipe} and \type{DataSource}, which is not covered -until later in the manual. Please read those sections for more about -\type{Pipe} and \type{DataSource} and their uses.] - -There are many, many different (often conflicting) standards surrounding public -key cryptography. There is, thankfully, only two major standards surrounding -the representation of a public or private key: X.509 (for public keys), and -PKCS \#8 (for private keys). Other crypto libraries, like OpenSSL and B-SAFE, -also support these formats, so you can easily exchange keys with software that -doesn't use Botan. - -In addition to ``plain'' public keys, Botan also supports X.509 certificates. -These are documented in the section ``Certificate Handling'', later in this -manual. - -\subsubsection{Public Keys} - -The interfaces for doing either of these are quite similar. Let's look at the -X.509 stuff first: -\begin{verbatim} -namespace X509 { - void encode(const X509_PublicKey& key, Pipe& out, X509_Encoding enc = PEM); - std::string PEM_encode(const X509_PublicKey& out); - - X509_PublicKey* load_key(DataSource& in); - X509_PublicKey* load_key(const std::string& file); - X509_PublicKey* load_key(const SecureVector<byte>& buffer); -} -\end{verbatim} - -Basically, \function{X509::encode} will take an \type{X509\_PublicKey} -(as of now, that's any RSA, DSA, or Diffie-Hellman key) and encodes it -using \arg{enc}, which can be either \type{PEM} or -\type{RAW\_BER}. Using \type{PEM} is \emph{highly} recommended for -many reasons, including compatibility with other software, for -transmission over 8-bit unclean channels, because it can be identified -by a human without special tools, and because it sometimes allows more -sane behavior of tools that process the data. It will place the -encoding into \arg{out}. Remember that if you have just created the -\type{Pipe} that you are passing to \function{X509::encode}, you need -to call \function{start\_msg} first. Particularly with public keys, -about 99\% of the time you just want to PEM encode the key and then -write it to a file or something. In this case, it's probably easier to -use \function{X509::PEM\_encode}. This function will simply return the -PEM encoding of the key as a \type{std::string}. - -For loading a public key, the preferred method is one of the variants -of \function{load\_key}. This function will return a newly allocated -key based on the data from whatever source it is using (assuming, of -course, the source is in fact storing a representation of a public -key). The encoding used (PEM or BER) need not be specified; the format -will be detected automatically. The key is allocated with -\function{new}, and should be released with \function{delete} when you -are done with it. The first takes a generic \type{DataSource} that -you have to allocate~--~the others are simple wrapper functions that -take either a filename or a memory buffer. - -So what can you do with the return value of \function{load\_key}? On -its own, a \type{X509\_PublicKey} isn't particularly useful; you can't -encrypt messages or verify signatures, or much else. But, using -\function{dynamic\_cast}, you can figure out what kind of operations -the key supports. Then, you can cast the key to the appropriate type -and pass it to a higher-level class. For example: - -\begin{verbatim} - /* Might be RSA, might be ElGamal, might be ... */ - X509_PublicKey* key = X509::load_key("pubkey.asc"); - /* You MUST use dynamic_cast to convert, because of virtual bases */ - PK_Encrypting_Key* enc_key = dynamic_cast<PK_Encrypting_Key*>(key); - if(!enc_key) - throw Some_Exception(); - PK_Encryptor* enc = get_pk_encryptor(*enc_key, "EME1(SHA-256)"); - SecureVector<byte> cipher = enc->encrypt(some_message, size_of_message); -\end{verbatim} - -\subsubsection{Private Keys} - -There are two different options for private key import/export. The first is a -plaintext version of the private key. This is supported by the following -functions: - -\begin{verbatim} -namespace PKCS8 { - void encode(const PKCS8_PrivateKey& key, Pipe& to, X509_Encoding enc = PEM); - - std::string PEM_encode(const PKCS8_PrivateKey& key); -} -\end{verbatim} - -These functions are basically the same as the X.509 functions described -previously. The only difference is that they take a \type{PKCS8\_PrivateKey} -type (which, again, can be either RSA, DSA, or Diffie-Hellman, but this time -the key must be a private key). In most situations, using these is a bad idea, -because anyone can come along and grab the private key without having to know -any passwords or other secrets. Unless you have very particular security -requirements, always use the versions that encrypt the key based on a -passphrase. For importing, the same functions can be used for encrypted and -unencrypted keys. - -The other way to export a PKCS \#8 key is to first encode it in the same manner -as done above, then encrypt it (using a passphrase and the techniques of PKCS -\#5), and store the whole thing into another structure. This method is -definitely preferred, since otherwise the private key is unprotected. The -following functions support this technique: - -\begin{verbatim} -namespace PKCS8 { - void encrypt_key(const PKCS8_PrivateKey& key, Pipe& out, - std::string passphrase, std::string pbe = "", - X509_Encoding enc = PEM); - - std::string PEM_encode(const PKCS8_PrivateKey& key, std::string passphrase, - std::string pbe = ""); -} -\end{verbatim} - -To export an encrypted private key, call \function{PKCS8::encrypt\_key}. The -\arg{key}, \arg{out}, and \arg{enc} arguments are similar in usage to the ones -for \function{PKCS8::encode}. As you might notice, there are two new arguments -for \function{PKCS8::encrypt\_key}, however. The first is a passphrase (which -you presumably got from a user somehow). This will be used to encrypt the key. -The second new argument is \arg{pbe}; this specifies a particular password -based encryption (or PBE) algorithm. - -The \function{PEM\_encode} version shown here is similar to the one that -doesn't take a passphrase. Essentially it encrypts the key (using the default -PBE algorithm), and then returns a C++ string with the PEM encoding of the key. - -If \arg{pbe} is blank, then the default algorithm (controlled by the -``base/default\_pbe'' option) will be used. As shipped, this default is -``PBE-PKCS5v20(SHA-1,TripleDES/CBC)'' . This is among the more secure options -of PKCS \#5, and is widely supported among implementations of PKCS \#5 v2.0. It -offers 168 bits of security against attacks, which should be more that -sufficient. If you need compatibility with systems that only support PKCS \#5 -v1.5, pass ``PBE-PKCS5v15(MD5,DES/CBC)'' as \arg{pbe}. However, be warned that -this PBE algorithm only has 56 bits of security against brute force attacks. As -of 1.4.5, all three keylengths of AES are also available as options, which can -be used with by specifying a PBE algorithm of -``PBE-PKCS5v20(SHA-1,AES-256/CBC)'' (or ``AES-128'' or ``AES-192''). Support -for AES is slightly non-standard, and some applications or libraries might not -handle it. It is known that OpenSSL (0.9.7 and later) do handle AES for private -key encryption. - -There may be some strange programs out there that support the v2.0 extensions -to PBES1 but not PBES2; if you need to inter-operate with a program like that, -use ``PBE-PKCS5v15(MD5,RC2/CBC)''. For example, OpenSSL supports this format -(though since it also supports the v2.0 schemes, there is no reason not to just -use TripleDES or AES). This scheme uses a 64-bit key that, while -significantly better than a 56-bit key, is a bit too small for comfort. - -Last but not least, there are some functions that are basically identical to -\function{X509::load\_key} that will load, and possibly decrypt, a PKCS \#8 -private key: - -\begin{verbatim} -namespace PKCS8 { - PKCS8_PrivateKey* load_key(DataSource& in, - RandomNumberGenerator& rng, - const User_Interface& ui); - PKCS8_PrivateKey* load_key(DataSource& in, - RandomNumberGenerator& rng, - std::string passphrase = ""); - - PKCS8_PrivateKey* load_key(const std::string& filename, - RandomNumberGenerator& rng, - const User_Interface& ui); - PKCS8_PrivateKey* load_key(const std::string& filename, - RandomNumberGenerator& rng, - const std::string& passphrase = ""); -} -\end{verbatim} - -The versions that take \type{std::string} \arg{passphrase}s are primarily for -compatibility, but they are useful in limited circumstances. The -\type{User\_Interface} versions are how \function{load\_key} is actually -implemented, and provides for much more flexibility. Essentially, if the -passphrase given to the function is not correct, then an exception is thrown -and that is that. However, if you pass in an UI object instead, then the UI -object can keep asking the user for the passphrase until they get it right (or -until they cancel the action, though the UI interface). A -\type{User\_Interface} has very little to do with talking to users; it's just a -way to glue together Botan and whatever user interface you happen to be -using. You can think of it as a user interface interface. The default -\type{User\_Interface} is actually very dumb, and effectively acts just like -the versions taking the \type{std::string}. - -All versions need access to a \type{RandomNumberGenerator} in order to -perform probabilistic tests on the loaded key material. - -After loading a key, you can use \function{dynamic\_cast} to find out what -operations it supports, and use it appropriately. Remember to \function{delete} -it once you are done with it. - -\subsubsection{Limitations} - -As of now Nyberg-Rueppel and Rabin-Williams keys cannot be imported or -exported, because they have no official ASN.1 OID or definition. ElGamal keys -can (as of Botan 1.3.8) be imported and exported, but the only other -implementation that supports the format is Peter Gutmann's Cryptlib. If you -can help it, stick to RSA and DSA. - -\emph{Note}: Currently NR and RW are given basic ASN.1 key formats (which -mirror DSA and RSA, respectively), which means that, if they are assigned an -OID, they can be imported and exported just as easily as RSA and DSA. You can -assign them an OID by putting a line in a Botan configuration file, calling -\function{OIDS::add\_oid}, or editing \filename{src/policy.cpp}. Be warned that -it is possible that a future version will use a format that is different from -the current one (\ie, a newly standardized format). - -\pagebreak -\section{Certificate Handling} - -A certificate is essentially a binding between some identifying information of -a person or other entity (called a \emph{subject}) and a public key. This -binding is asserted by a signature on the certificate, which is placed there by -some authority (the \emph{issuer}) that at least claims that it knows the -subject named in the certificate really ``owns'' the private key -corresponding to the public key in the certificate. - -The major certificate format in use today is X.509v3, designed by ISO and -further hacked on by dozens (hundreds?) of other organizations. - -When working with certificates, the main class to remember is -\type{X509\_Certificate}. You can read an object of this type, but you can't -create one on the fly; a CA object is necessary for actually making a new -certificate. So for the most part, you only have to worry about reading them -in, verifying the signatures, and getting the bits of data in them (most -commonly the public key, and the information about the user of that key). An -X.509v3 certificate can contain a literally infinite number of items related to -all kinds of things. Botan doesn't support a lot of them, simply because nobody -uses them and they're an impossible mess to work with. This section only -documents the most commonly used ones of the ones that are supported; for the -rest, read \filename{x509cert.h} and \filename{asn1\_obj.h} (which has the -definitions of various common ASN.1 constructs used in X.509). - -\subsection{So what's in an X.509 certificate?} - -Obviously, you want to be able to get the public key. This is achieved by -calling the member function \function{subject\_public\_key}, which will return -a \type{X509\_PublicKey*}. As to what to do with this, read about -\function{load\_key} in the section ``Importing and Exporting PK Keys''. In the -general case, this could be any kind of public key, though 99\% of the time it -will be an RSA key. However, Diffie-Hellman and DSA keys are also supported, so -be careful about how you treat this. It is also a wise idea to examine the -value returned by \function{constraints}, to see what uses the public key is -approved for. - -The second major piece of information you'll want is the name/email/etc of the -person to whom this certificate is assigned. Here is where things get a little -nasty. X.509v3 has two (well, mostly just two $\ldots$) different places where -you can stick information about the user: the \emph{subject} field, and in an -extension called \emph{subjectAlternativeName}. The \emph{subject} field is -supposed to only included the following information: country, organization -(possibly), an organizational sub-unit name (possibly), and a so-called common -name. The common name is usually the name of the person, or it could be a title -associated with a position of some sort in the organization. It may also -include fields for state/province and locality. What exactly a locality is, -nobody knows, but it's usually given as a city name. - -Botan doesn't currently support any of the Unicode variants used in ASN.1 -(UTF-8, UCS-2, and UCS-4), any of which could be used for the fields in the -DN. This could be problematic, particularly in Asia and other areas where -non-ASCII characters are needed for most names. The UTF-8 and UCS-2 string -types \emph{are} accepted (in fact, UTF-8 is used when encoding much of the -time), but if any of the characters included in the string are not in ISO -8859-1 (\ie 0 \ldots 255), an exception will get thrown. Currently the -\type{ASN1\_String} type holds its data as ISO 8859-1 internally (regardless -of local character set); this would have to be changed to hold UCS-2 or UCS-4 -in order to support Unicode (also, many interfaces in the X.509 code would have -to accept or return a \type{std::wstring} instead of a \type{std::string}). - -Like the distinguished names, subject alternative names can contain a lot of -things that Botan will flat out ignore (most of which you would never actually -want to use). However, there are three very useful pieces of information that -this extension might hold: an email address (``person@site1.com''), a DNS name -(``somehost.site2.com''), or a URI (``http://www.site3.com''). - -So, how to get the information? Simply call \function{subject\_info} with the -name of the piece of information you want, and it will return a -\type{std::string} that is either empty (signifying that the certificate -doesn't have this information), or has the information requested. There are -several names for each possible item, but the most easily readable ones are: -``Name'', ``Country'', ``Organization'', ``Organizational Unit'', ``Locality'', -``State'', ``RFC822'', ``URI'', and ``DNS''. These values are returned as a -\type{std::string}. - -You can also get information about the issuer of the certificate in the same -way, using \function{issuer\_info}. - -\subsubsection{X.509v3 Extensions} - -X.509v3 specifies a large number of possible extensions. Botan supports some, -but by no means all of them. This section lists which ones are supported, and -notes areas where there may be problems with the handling. You have to be -pretty familiar with X.509 in order to understand what this is talking about. - -\begin{list}{$\cdot$} - \item Key Usage and Extended Key Usage: No problems known. - \item - - \item Basic Constraints: No problems known. The default for a v1/v2 - certificate is assume it's a CA if and only if the option - ``x509/default\_to\_ca'' is set. A v3 certificate is marked as a CA if - (and only if) the basic constraints extension is present and set for a - CA cert. - - \item Subject Alternative Names: Only the ``rfc822Name'', ``dNSName'', and - ``uniformResourceIdentifier'' fields will be stored; all others are - ignored. - - \item Issuer Alternative Names: Same restrictions as the Subject Alternative - Names extension. New certificates generated by Botan never include the - issuer alternative name. - - \item Authority Key Identifier: Only the version using KeyIdentifier is - supported. If the GeneralNames version is used and the extension is - critical, an exception is thrown. If both the KeyIdentifier and - GeneralNames versions are present, then the KeyIdentifier will be - used, and the GeneralNames ignored. - - \item Subject Key Identifier: No problems known. -\end{list} - -\subsubsection{Revocation Lists} - -It will occasionally happen that a certificate must be revoked before its -expiration date. Examples of this happening include the private key being -compromised, or the user to which it has been assigned leaving an -organization. Certificate revocation lists are an answer to this problem -(though online certificate validation techniques are starting to become -somewhat more popular). Essentially, every once in a while the CA will release -a CRL, listing all certificates that have been revoked. Also included is -various pieces of information like what time a particular certificate was -revoked, and for what reason. In most systems, it is wise to support some form -of certificate revocation, and CRLs handle this fairly easily. - -For most users, processing a CRL is quite easy. All you have to do is call the -constructor, which will take a filename (or a \type{DataSource\&}). The CRLs -can either be in raw BER/DER, or in PEM format; the constructor will figure out -which format without any extra information. For example: - -\begin{verbatim} - X509_CRL crl1("crl1.der"); - - DataSource_Stream in("crl2.pem"); - X509_CRL crl2(in); -\end{verbatim} - -After that, pass the \type{X509\_CRL} object to a \type{X509\_Store} object -with \type{X509\_Code} \function{add\_crl}(\type{X509\_CRL}), and all future -verifications will take into account the certificates listed, assuming -\function{add\_crl} returns \type{VERIFIED}. If it doesn't return -\type{VERIFIED}, then the return value is an error code signifying that the CRL -could not be processed due to some problem (which could range from the issuing -certificate not being found, to the CRL having some format problem). For more -about the \type{X509\_Store} API, read the section later in this chapter. - -\subsection{Reading Certificates} - -\type{X509\_Certificate} has two constructors, each of which takes a source of -data; a filename to read, and a \type{DataSource\&}. - -\subsection{Storing and Using Certificates} - -If you read a certificate, you probably want to verify the signature on -it. However, consider that to do so, we may have to verify the signature on the -certificate that we used to verify the first certificate, and on and on until -we hit the top of the certificate tree somewhere. It would be a might huge pain -to have to handle all of that manually in every application, so there is -something that does it for you: \type{X509\_Store}. - -This is a pretty easy thing to use. The basic operations are: put certificates -and CRLs into it, search for certificates, and attempt to verify -certificates. That's about it. In the future, there will be support for online -retrieval of certificates and CRLs (\eg with the HTTP cert-store interface -currently under consideration by PKIX). - -\subsubsection{Adding Certificates} - -You can add new certificates to a certificate store using any of these -functions: - -\function{add\_cert}(\type{const X509\_Certificate\&} \arg{cert}, - \type{bool} \arg{trusted} \type{= false}) - -\function{add\_certs}(\type{DataSource\&} \arg{source}) - -\function{add\_trusted\_certs}(\type{DataSource\&} \arg{source}) - -The versions that take a \type{DataSource\&} will add all the certificates -that it can find in that source. - -All of them add the cert(s) to the store. The 'trusted' certificates are the -ones that you have some reason to trust are genuine. For example, say your -application is working with certificates that are owned by employees of some -company, and all of their certificates are signed by the company CA, whose -certificate is in turned signed by a commercial root CA. What you would then do -is include the certificate of the commercial CA with your application, and read -it in as a trusted certificate. From there, you could verify the company CA's -certificate, and then use that to verify the end user's certificates. Only -self-signed certificates may be considered trusted. - -\subsubsection{Adding CRLs} - -\type{X509\_Code} \function{add\_crl}(\type{const X509\_CRL\&} \arg{crl}); - -This will process the CRL and mark the revoked certificates. This will also -work if a revoked certificate is added to the store sometime after the CRL is -processed. The function can return an error code (listed later), or will return -\type{VERIFIED} if everything completed successfully. - -\subsubsection{Storing Certificates} - -You can output a set of certificates by calling \function{PEM\_encode}, which -will return a \type{std::string} containing each of the certificates in the -store, PEM encoded and concatenated. This simple format can easily be read by -both Botan and other libraries/applications. - -\subsubsection{Searching for Certificates} - -You can find certificates in the store with a series of functions contained -in the \function{X509\_Store\_Search} namespace: - -\begin{verbatim} -namespace X509_Store_Search { -std::vector<X509_Certificate> by_email(const X509_Store& store, - const std::string& email_addr); -std::vector<X509_Certificate> by_name(const X509_Store& store, - const std::string& name); -std::vector<X509_Certificate> by_dns(const X509_Store&, - const std::string& dns_name); -} -\end{verbatim} - -These functions will return a (possibly empty) vector of certificates from -\arg{store} matching your search criteria. The email address and DNS name -searches are case-insensitive but are sensitive to extra whitespace and so -on. The name search will do case-insensitive substring matching, so, for -example, calling \function{X509\_Store\_Search::by\_name}(\arg{your\_store}, -``dob'') will return certificates for ``J.R. 'Bob' Dobbs'' and -``H. Dobbertin'', assuming both of those certificates are in \arg{your\_store}. - -You could then display the results to a user, and allow them to select the -appropriate one. Searching using an email address as the key is usually more -effective than the name, since email addresses are rarely shared. - -\subsubsection{Certificate Stores} - -An object of type \type{Certificate\_Store} is a generalized interface to an -external source for certificates (and CRLs). Examples of such a store would be -one that looked up the certificates in a SQL database, or by contacting a CGI -script running on a HTTP server. There are currently three mechanisms for -looking up a certificate, and one for retrieving CRLs. By default, most of -these mechanisms will simply return an empty \type{std::vector} of -\type{X509\_Certificate}. This storage mechanism is \emph{only} queried when -doing certificate validation: it allows you to distribute only the root key -with an application, and let some online method handle getting all the other -certificates that are needed to validate an end entity certificate. In -particular, the search routines will not attempt to access the external -database. - -The three certificate lookup methods are \function{by\_SKID} (Subject Key -Identifier), \function{by\_name} (the CommonName DN entry), and -\function{by\_email} (stored in either the distinguished name, or in a -subjectAlternativeName extension). The name and email versions take a -\type{std::string}, while the SKID version takes a \type{SecureVector<byte>} -containing the subject key identifier in raw binary. You can choose not to -implement \function{by\_name} or \function{by\_email}, but \function{by\_SKID} -is mandatory to implement, and, currently, is the only version that is used by -\type{X509\_Store}. - -Finally, there is a method for finding CRLs, called \function{get\_crls\_for}, -that takes an \type{X509\_Certificate} object, and returns a -\type{std::vector} of \type{X509\_CRL}. While generally there will be only one -CRL, the use of the vector makes it easy to return no CRLs (\eg, if the -certificate store doesn't support retrieving them), or return multiple ones -(for example, if the certificate store can't determine precisely which key was -used to sign the certificate). Implementing the function is optional, and by -default will return no CRLs. If it is available, it will be used by -\type{X509\_CRL}. - -As for actually using such a store, you have to tell \type{X509\_Store} about -it, by calling the \type{X509\_Store} member function - -\function{add\_new\_certstore}(\type{Certificate\_Store}* \arg{new\_store}) - -The argument, \arg{new\_store}, will be deleted by \type{X509\_Store}'s -destructor, so make sure to allocate it with \function{new}. - -\subsubsection{Verifying Certificates} - -There is a single function in \type{X509\_Store} related to verifying a -certificate: - -\type{X509\_Code} -\function{validate\_cert}(\type{const X509\_Certificate\&} \arg{cert}, - \type{Cert\_Usage} \arg{usage} = \type{ANY}) - -To sum things up simply, it returns \type{VERIFIED} if the certificate can -safely be considered valid for the usage(s) described by \arg{usage}, and an -error code if it is not. Naturally, things are a bit more complicated than -that. The enum \type{Cert\_Usage} is defined inside the \type{X509\_Store} -class, it (currently) can take on any of the values \type{ANY} (any usage is -OK), \type{TLS\_SERVER} (for SSL/TLS server authentication), \type{TLS\_CLIENT} -(for SSL/TLS client authentication), \type{CODE\_SIGNING}, -\type{EMAIL\_PROTECTION} (email encryption, usually this means S/MIME), -\type{TIME\_STAMPING} (in theory any time stamp application, usually IETF -PKIX's Time Stamp Protocol), or \type{CRL\_SIGNING}. Note that Microsoft's code -signing system, certainly the most widely used, uses a completely different -(and basically undocumented) method for marking certificates for code signing. - -First, how does it know if a certificate is valid? Basically, a certificate is -valid if both of the following hold: a) the signature in the certificate can be -verified using the public key in the issuer's certificate, and b) the issuer's -certificate is a valid CA certificate. Note that this definition is -recursive. We get out of this by ``bottoming out'' when we reach a certificate -that we consider trusted. In general this will either be a commercial root CA, -or an organization or application specific CA. - -There are actually a few other restrictions (validity periods, key usage -restrictions, etc), but the above summarizes the major points of the validation -algorithm. In theory, Botan implements the certificate path validation -algorithm given in RFC 2459, but in practice it does not (yet), because we -don't support the X.509v3 policy or name constraint extensions. - -Possible values for \arg{usage} are \type{TLS\_SERVER}, \type{TLS\_CLIENT}, -\type{CODE\_SIGNING}, \type{EMAIL\_PROTECTION}, \type{CRL\_SIGNING}, and -\type{TIME\_STAMPING}, and \type{ANY}. The default \type{ANY} does not mean -valid for any use, it means ``is valid for some usage''. This is generally -fine, and in fact requiring that a random certificate support a particular -usage will likely result in a lot of failures, unless your application is very -careful to always issue certificates with the proper extensions, and you never -use certificates generated by other apps. - -Return values for \function{validate\_cert} (and \function{add\_crl}) include: - -\begin{list}{$\cdot$} - \item VERIFIED: The certificate is valid for the specified use. - \item - \item INVALID\_USAGE: The certificate cannot be used for the specified use. - - \item CANNOT\_ESTABLISH\_TRUST: The root certificate was not marked as - trusted. - \item CERT\_CHAIN\_TOO\_LONG: The certificate chain exceeded the length - allowed by a basicConstraints extension. - \item SIGNATURE\_ERROR: An invalid signature was found - \item POLICY\_ERROR: Some problem with the certificate policies was found. - - \item CERT\_FORMAT\_ERROR: Some format problem was found in a certificate. - \item CERT\_ISSUER\_NOT\_FOUND: The issuer of a certificate could not be - found. - \item CERT\_NOT\_YET\_VALID: The certificate is not yet valid. - \item CERT\_HAS\_EXPIRED: The certificate has expired. - \item CERT\_IS\_REVOKED: The certificate has been revoked. - - \item CRL\_FORMAT\_ERROR: Some format problem was found in a CRL. - \item CRL\_ISSUER\_NOT\_FOUND: The issuer of a CRL could not be found. - \item CRL\_NOT\_YET\_VALID: The CRL is not yet valid. - \item CRL\_HAS\_EXPIRED: The CRL has expired. - - \item CA\_CERT\_CANNOT\_SIGN: The CA certificate found does not have an - contain a public key that allows signature verification. - \item CA\_CERT\_NOT\_FOR\_CERT\_ISSUER: The CA cert found is not allowed to - issue certificates. - \item CA\_CERT\_NOT\_FOR\_CRL\_ISSUER: The CA cert found is not allowed to - issue CRLs. - - \item UNKNOWN\_X509\_ERROR: Some other error occurred. - -\end{list} - -\subsection{Certificate Authorities} - -Setting up a CA for X.509 certificates is actually probably the easiest thing -to do related to X.509. A CA is represented by the type \type{X509\_CA}, which -can be found in \filename{x509\_ca.h}. A CA always needs its own certificate, -which can either be a self-signed certificate (see below on how to create one) -or one issued by another CA (see the section on PKCS \#10 requests). Creating -a CA object is done by the following constructor: - -\begin{verbatim} - X509_CA(const X509_Certificate& cert, const PKCS8_PrivateKey& key); -\end{verbatim} - -The private key is the private key corresponding to the public key in the -CA's certificate. - -Generally, requests for new certificates are supplied to a CA in the form on -PKCS \#10 certificate requests (called a \type{PKCS10\_Request} object in -Botan). These are decoded in a similar manner to -certificates/CRLs/etc. Generally, a request is vetted by humans (who somehow -verify that the name in the request corresponds to the name of the person who -requested it), and then signed by a CA key, generating a new certificate. - -\begin{verbatim} - X509_Certificate sign_request(const PKCS10_Request&) const; -\end{verbatim} - -\subsubsection{Generating CRLs} - -As mentioned previously, the ability to process CRLs is highly important in -many PKI systems. In fact, according to strict X.509 rules, you must not -validate any certificate if the appropriate CRLs are not available (though -hardly any systems are that strict). In any case, a CA should have a valid CRL -available at all times. - -Of course, you might be wondering what to do if no certificates have been -revoked. In fact, CRLs can be issued without any actually revoked certificates -- the list of certs will simply be empty. To generate a new, empty CRL, just -call \type{X509\_CRL} -\function{X509\_CA::new\_crl}(\type{u32bit}~\arg{seconds}~=~0)~--~it will -create a new, empty, CRL. If \arg{seconds} is the default 0, then the normal -default CRL next update time (the value of the ``x509/crl/next\_update'') will -be used. If not, then \arg{seconds} specifies how long (in seconds) it will be -until the CRL's next update time (after this time, most clients will reject the -CRL as too old). - -On the other hand, you may have issued a CRL before. In that case, you will -want to issue a new CRL that contains all previously revoked -certificates, along with any new ones. This is done by calling the -\type{X509\_CA} member function -\function{update\_crl}(\type{X509\_CRL}~\arg{old\_crl}, -\type{std::vector<CRL\_Entry>}~\arg{new\_revoked}, -\type{u32bit}~\arg{seconds}~=~0), where \type{X509\_CRL} is the last CRL this -CA issued, and \arg{new\_revoked} is a list of any newly revoked certificates. -The function returns a new \type{X509\_CRL} to make available for clients. The -semantics for the \arg{seconds} argument is the same as \function{new\_crl}. - -The \type{CRL\_Entry} type is a structure that contains, at a minimum, the -serial number of the revoked certificate. As serial numbers are never repeated, -the pairing of an issuer and a serial number (should) distinctly identify any -certificate. In this case, we represent the serial number as a -\type{SecureVector<byte>} called \arg{serial}. There are two additional -(optional) values, an enumeration called \type{CRL\_Code} that specifies the -reason for revocation (\arg{reason}), and an object that represents the time -that the certificate became invalid (if this information is known). - -If you wish to remove an old entry from the CRL, insert a new entry for the -same cert, with a \arg{reason} code of \type{DELETE\_CRL\_ENTRY}. For example, -if a revoked certificate has expired 'normally', there is no reason to continue -to explicitly revoke it, since clients will reject the cert as expired in any -case. - -\subsubsection{Self-Signed Certificates} - -Generating a new self-signed certificate can often be useful, for example when -setting up a new root CA, or for use in email applications. In this case, -the solution is summed up simply as: - -\begin{verbatim} -namespace X509 { - X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts, - const PKCS8_PrivateKey& key); -} -\end{verbatim} - -Where \arg{key} is obviously the private key you wish to use (the public key, -used in the certificate itself, is extracted from the private key), and -\arg{opts} is an structure that has various bits of information that will be -used in creating the certificate (this structure, and its use, is discussed -below). This function is found in the header \filename{x509self.h}. There is an -example of using this function in the \filename{self\_sig} example. - -\subsubsection{Creating PKCS \#10 Requests} - -Also in \filename{x509self.h}, there is a function for generating new PKCS \#10 -certificate requests. - -\begin{verbatim} -namespace X509 { - PKCS10_Request create_cert_req(const X509_Cert_Options&, - const PKCS8_PrivateKey&); -} -\end{verbatim} - -This function acts quite similarly to \function{create\_self\_signed\_cert}, -except it instead returns a PKCS \#10 certificate request. After creating it, -one would typically transmit it to a CA, who signs it and returns a freshly -minted X.509 certificate. There is an example of using this function in the -\filename{pkcs10} example. - -\subsubsection{Certificate Options} - -So what is this \type{X509\_Cert\_Options} thing we've been passing around? -Basically, it's a bunch of information that will end up being stored into the -certificate. This information comes in 3 major flavors: information about the -subject (CA or end-user), the validity period of the certificate, and -restrictions on the usage of the certificate. - -First and foremost is a number of \type{std::string} members, which contains -various bits of information about the user: \arg{common\_name}, -\arg{serial\_number}, \arg{country}, \arg{organization}, \arg{org\_unit}, -\arg{locality}, \arg{state}, \arg{email}, \arg{dns\_name}, and \arg{uri}. As -many of these as possible should be filled it (especially an email address), -though the only required ones are \arg{common\_name} and \arg{country}. - -There is another value that is only useful when creating a PKCS \#10 request, -which is called \arg{challenge}. This is a challenge password, which you can -later use to request certificate revocation (\emph{if} the CA supports doing -revocations in this manner). - -Then there is the validity period; these are set with \function{not\_before} -and \function{not\_after}. Both of these functions also take a -\type{std::string}, which specifies when the certificate should start being -valid, and when it should stop being valid. If you don't set the starting -validity period, it will automatically choose the current time. If you don't -set the ending time, it will choose the starting time plus a default time -period. The arguments to these functions specify the time in the following -format: ``2002/11/27 1:50:14''. The time is in 24-hour format, and the date is -encoded as year/month/day. The date must be specified, but you can omit the -time or trailing parts of it, for example ``2002/11/27 1:50'' or -``2002/11/27''. - -Lastly, you can set constraints on a key. The one you're mostly likely to want -to use is to create (or request) a CA certificate, which can be done by calling -the member function \function{CA\_key}. This should only be used when needed. - -Other constraints can be set by calling the member functions -\function{add\_constraints} and \function{add\_ex\_constraints}. The first -takes a \type{Key\_Constraints} value, and replaces any previously set -value. If no value is set, then the certificate key is marked as being valid -for any usage. You can set it to any of the following (for more than one -usage, OR them together): \type{DIGITAL\_SIGNATURE}, \type{NON\_REPUDIATION}, -\type{KEY\_ENCIPHERMENT}, \type{DATA\_ENCIPHERMENT}, \type{KEY\_AGREEMENT}, -\type{KEY\_CERT\_SIGN}, \type{CRL\_SIGN}, \type{ENCIPHER\_ONLY}, -\type{DECIPHER\_ONLY}. Many of these have quite special semantics, so you -should either consult the appropriate standards document (such as RFC 3280), or -simply not call \function{add\_constraints}, in which case the appropriate -values will be chosen for you. - -The second function, \function{add\_ex\_constraints}, allows you to specify an -OID that has some meaning with regards to restricting the key to particular -usages. You can, if you wish, specify any OID you like, but there is a set of -standard ones that other applications will be able to understand. These are -the ones specified by the PKIX standard, and are named ``PKIX.ServerAuth'' (for -TLS server authentication), ``PKIX.ClientAuth'' (for TLS client -authentication), ``PKIX.CodeSigning'', ``PKIX.EmailProtection'' (most likely -for use with S/MIME), ``PKIX.IPsecUser'', ``PKIX.IPsecTunnel'', -``PKIX.IPsecEndSystem'', and ``PKIX.TimeStamping''. You can call -\function{add\_ex\_constraints} any number of times~--~each new OID will be -added to the list to include in the certificate. - -\pagebreak -\section{The Low-Level Interface} - -Botan has two different interfaces. The one documented in this section is meant -more for implementing higher-level types (see the section on filters, earlier in -this manual) than for use by applications. Using it safely requires a solid -knowledge of encryption techniques and best practices, so unless you know, for -example, what CBC mode and nonces are, and why PKCS \#1 padding is important, -you should avoid this interface in favor of something working at a higher level -(such as the CMS interface). - -\subsection{Basic Algorithm Abilities} - -There are a small handful of functions implemented by most of Botan's -algorithm objects. Among these are: - -\noindent -\type{std::string} \function{name}(): - -Returns a human-readable string of the name of this algorithm. Examples of -names returned are ``Blowfish'' and ``HMAC(MD5)''. You can turn names back into -algorithm objects using the functions in \filename{lookup.h}. - -\noindent -\type{void} \function{clear}(): - -Clear out the algorithm's internal state. A block cipher object will ``forget'' -its key, a hash function will ``forget'' any data put into it, etc. Basically, -the object will look exactly as it did when you initially allocated it. - -\noindent -\function{clone}(): - -This function is central to Botan's name-based interface. The \function{clone} -has many different return types, such as \type{BlockCipher*} and -\type{HashFunction*}, depending on what kind of object it is called on. Note -that unlike Java's clone, this returns a new object in a ``pristine'' state; -that is, operations done on the initial object before calling \function{clone} -do not affect the initial state of the new clone. - -Cloned objects can (and should) be deallocated with the C++ \texttt{delete} -operator. - -\subsection{Keys and IVs} - -Both symmetric keys and initialization values can simply be considered byte (or -octet) strings. These are represented by the classes \type{SymmetricKey} and -\type{InitializationVector}, which are subclasses of \type{OctetString}. - -Since often it's hard to distinguish between a key and IV, many things (such as -key derivation mechanisms) return \type{OctetString} instead of -\type{SymmetricKey} to allow its use as a key or an IV. - -\noindent -\function{OctetString}(\type{u32bit} \arg{length}): - -This constructor creates a new random key of size \arg{length}. - -\noindent -\function{OctetString}(\type{std::string} \arg{str}): - -The argument \arg{str} is assumed to be a hex string; it is converted to binary -and stored. Whitespace is ignored. - -\noindent -\function{OctetString}(\type{const byte} \arg{input}[], \type{u32bit} -\arg{length}): - -This constructor simply copies its input. - -\subsection{Symmetrically Keyed Algorithms} - -Block ciphers, stream ciphers, and MACs all handle keys in pretty much the same -way. To make this similarity explicit, all algorithms of those types are -derived from the \type{SymmetricAlgorithm} base class. This type has three -functions: - -\noindent -\type{void} \function{set\_key}(\type{const byte} \arg{key}[], \type{u32bit} -\arg{length}): - -Most algorithms only accept keys of certain lengths. If you attempt to call -\function{set\_key} with a key length that is not supported, the exception -\type{Invalid\_Key\_Length} will be thrown. There is also another version of -\function{set\_key} that takes a \type{SymmetricKey} as an argument. - -\noindent -\type{bool} \function{valid\_keylength}(\type{u32bit} \arg{length}) const: - -This function returns true if a key of the given length will be accepted by -the cipher. - -There are also three constant data members of every \type{SymmetricAlgorithm} -object, which specify exactly what limits there are on keys which that object -can accept: - -MAXIMUM\_KEYLENGTH: The maximum length of a key. Usually, this is at most 32 -(256 bits), even if the algorithm actually supports more. In a few rare cases -larger keys will be supported. - -MINIMUM\_KEYLENGTH: The minimum length of a key. This is at least 1. - -KEYLENGTH\_MULTIPLE: The length of the key must be a multiple of this value. - -In all cases, \function{set\_key} must be called on an object before any data -processing (encryption, decryption, etc) is done by that object. If this is not -done, the results are undefined -- that is to say, Botan reserves the right in -this situation to do anything from printing a nasty, insulting message on the -screen to dumping core. - -\subsection{Block Ciphers} - -Block ciphers implement the interface \type{BlockCipher}, found in -\filename{base.h}, as well as the \type{SymmetricAlgorithm} interface. - -\noindent -\type{void} \function{encrypt}(\type{const byte} \arg{in}[BLOCK\_SIZE], - \type{byte} \arg{out}[BLOCK\_SIZE]) const - -\noindent -\type{void} \function{encrypt}(\type{byte} \arg{block}[BLOCK\_SIZE]) const - -These functions apply the block cipher transformation to \arg{in} and -place the result in \arg{out}, or encrypts \arg{block} in place -(\arg{in} may be the same as \arg{out}). BLOCK\_SIZE is a constant -member of each class, which specifies how much data a block cipher can -process at one time. Note that BLOCK\_SIZE is not a static class -member, meaning you can (given a \type{BlockCipher*} named -\arg{cipher}), call \verb|cipher->BLOCK_SIZE| to get the block size of -that particular object. \type{BlockCipher}s have similar functions -\function{decrypt}, which perform the inverse operation. - -\begin{verbatim} -AES_128 cipher; -SymmetricKey key(cipher.MAXIMUM_KEYLENGTH); // randomly created -cipher.set_key(key); - -byte in[16] = { /* secrets */ }; -byte out[16]; -cipher.encrypt(in, out); -\end{verbatim} - -\subsection{Stream Ciphers} - -Stream ciphers are somewhat different from block ciphers, in that encrypting -data results in changing the internal state of the cipher. Also, you may -encrypt any length of data in one go (in byte amounts). - -\noindent -\type{void} \function{encrypt}(\type{const byte} \arg{in}[], \type{byte} -\arg{out}[], \type{u32bit} \arg{length}) - -\noindent -\type{void} \function{encrypt}(\type{byte} \arg{data}[], \type{u32bit} -\arg{length}): - -These functions encrypt the arbitrary length (well, less than 4 gigabyte long) -string \arg{in} and place it into \arg{out}, or encrypts it in place in -\arg{data}. The \function{decrypt} functions look just like -\function{encrypt}. - -Stream ciphers implement the \type{SymmetricAlgorithm} interface. - -Some stream ciphers support random access to any point in their cipher -stream. For such ciphers, calling \type{void} \function{seek}(\type{u32bit} -\arg{byte}) will change the cipher's state so that it is as if the cipher had been -keyed as normal, then encrypted \arg{byte} -- 1 bytes of data (so the next byte -in the cipher stream is byte number \arg{byte}). - -\subsection{Hash Functions / Message Authentication Codes} - -Hash functions take their input without producing any output, only producing -anything when all input has already taken place. MACs are very similar, but are -additionally keyed. Both of these are derived from the base class -\type{BufferedComputation}, which has the following functions. - -\noindent -\type{void} \function{update}(\type{const byte} \arg{input}[], \type{u32bit} -\arg{length}) - -\noindent -\type{void} \function{update}(\type{byte} \arg{input}) - -\noindent -\type{void} \function{update}(\type{const std::string \&} \arg{input}) - -Updates the hash/mac calculation with \arg{input}. - -\noindent -\type{void} \function{final}(\type{byte} \arg{out}[OUTPUT\_LENGTH]) - -\noindent -\type{SecureVector<byte>} \function{final}(): - -Complete the hash/MAC calculation and place the result into \arg{out}. -OUTPUT\_LENGTH is a public constant in each object that gives the length of the -hash in bytes. After you call \function{final}, the hash function is reset to -its initial state, so it may be reused immediately. - -The second method of using final is to call it with no arguments at all, as -shown in the second prototype. It will return the hash/mac value in a memory -buffer, which will have size OUTPUT\_LENGTH. - -There is also a pair of functions called \function{process}. They are -essentially a combination of a single \function{update}, and \function{final}. -Both versions return the final value, rather than placing it an array. Calling -\function{process} with a single byte value isn't available, mostly because it -would rarely be useful. - -A MAC can be viewed (in most cases) as simply a keyed hash function, so classes -that are derived from \type{MessageAuthenticationCode} have \function{update} -and \function{final} classes just like a \type{HashFunction} (and like a -\type{HashFunction}, after \function{final} is called, it can be used to make a -new MAC right away; the key is kept around). - -A MAC has the \type{SymmetricAlgorithm} interface in addition to the -\type{BufferedComputation} interface. - -\pagebreak -\section{Random Number Generators} - -The random number generators provided in Botan are meant for creating keys, -IVs, padding, nonces, and anything else that requires 'random' data. It is -important to remember that the output of these classes will vary, even if they -are supplied with exactly the same seed (\ie, two \type{Randpool} objects with -similar initial states will not produce the same output, because the value of -high resolution timers is added to the state at various points). - -To ensure good quality output, a PRNG needs to be seeded with truly random data -(such as that produced by a hardware RNG). Typically, you will use an -\type{EntropySource} (see below). To add entropy to a PRNG, you can use -\type{void} \function{add\_entropy}(\type{const byte} \arg{data}[], -\type{u32bit} \arg{length}) or (better), use the \type{EntropySource} -interface. - -Once a PRNG has been initialized, you can get a single byte of random data by -calling \type{byte} \function{random()}, or get a large block by calling -\type{void} \function{randomize}(\type{byte} \arg{data}[], \type{u32bit} -\arg{length}), which will put random bytes into each member of the array from -indexes 0 $\ldots$ \arg{length} -- 1. - -You can avoid all the problems inherent in seeding the PRNG by using the -globally shared PRNG, described later in this section. - -\subsection{Randpool} - -\type{Randpool} is the primary PRNG within Botan. In recent versions all uses -of it have been wrapped by an implementation of the X9.31 PRNG (see below). If -for some reason you should have cause to create a PRNG instead of using the -``global'' one owned by the library, it would be wise to consider the same on -the grounds of general caution; while \type{Randpool} is designed with known -attacks and PRNG weaknesses in mind, it is not an standard/official PRNG. The -remainder of this section is a (fairly technical, though high-level) description -of the algorithms used in this PRNG. Unless you have a specific interest in -this subject, the rest of this section might prove somewhat uninteresting. - -\type{Randpool} has an internal state called pool, which is 512 bytes -long. This is where entropy is mixed into and extracted from. There is also a -small output buffer (called buffer), which holds the data which has already -been generated but has just not been output yet. - -It is based around a MAC and a block cipher (which are currently HMAC(SHA-256) -and AES-256). Where a specific size is mentioned, it should be taken as a -multiple of the cipher's block size. For example, if a 256-bit block cipher -were used instead of AES, all the sizes internally would double. Every time -some new output is needed, we compute the MAC of a counter and a high -resolution timer. The resulting MAC is XORed into the output buffer (wrapping -as needed), and the output buffer is then encrypted with AES, producing 16 -bytes of output. - -After 8 blocks (or 128 bytes) have been produced, we mix the pool. To do this, -we first rekey both the MAC and the cipher; the new MAC key is the MAC of the -current pool under the old MAC key, while the new cipher key is the MAC of the -current pool under the just-chosen MAC key. We then encrypt the entire pool in -CBC mode, using the current (unused) output buffer as the IV. We then generate -a new output buffer, using the mechanism described in the previous paragraph. - -To add randomness to the PRNG, we compute the MAC of the input and XOR the -output into the start of the pool. Then we remix the pool and produce a new -output buffer. The initial MAC operation should make it very hard for chosen -inputs to harm the security of \type{Randpool}, and as HMAC should be able to -hold roughly 256 bits of state, it is unlikely that we are wasting much input -entropy (or, if we are, it doesn't matter, because we have a very abundant -supply). - -\subsection{ANSI X9.31} - -\type{ANSI\_X931\_PRNG} is the standard issue X9.31 Appendix A.2.4 PRNG, though -using AES-256 instead of 3DES as the block cipher. This PRNG implementation has -been checked against official X9.31 test vectors. - -Internally, the PRNG holds a pointer to another PRNG (typically -Randpool). This internal PRNG generates the key and seed used by the -X9.31 algorithm, as well as the date/time vectors. Each time an X9.31 -PRNG object receives entropy, it simply passes it along to the PRNG it -is holding, and then pulls out some random bits to generate a new key -and seed. This PRNG considers itself seeded as soon as the internal -PRNG is seeded. - -As of version 1.4.7, the X9.31 PRNG is by default used for all random number -generation. - -\subsection{Entropy Sources} - -An \type{EntropySource} is an abstract representation of some method of gather -``real'' entropy. This tends to be very system dependent. The \emph{only} way -you should use an \type{EntropySource} is to pass it to a PRNG that will -extract entropy from it -- never use the output directly for any kind of key or -nonce generation! - -\type{EntropySource} has a pair of functions for getting entropy from some -external source, called \function{fast\_poll} and \function{slow\_poll}. These -pass a buffer of bytes to be written; the functions then return how many bytes -of entropy were actually gathered. \type{EntropySource}s are usually used to -seed the global PRNG using the functions found in the \namespace{Global\_RNG} -namespace. - -Note for writers of \type{EntropySource}s: it isn't necessary to use any kind -of cryptographic hash on your output. The data produced by an EntropySource is -only used by an application after it has been hashed by the -\type{RandomNumberGenerator} that asked for the entropy, thus any hashing -you do will be wasteful of both CPU cycles and possibly entropy. - -\pagebreak -\section{User Interfaces} - -Botan has recently changed some infrastructure to better accommodate more -complex user interfaces, in particular ones that are based on event -loops. Primary among these was the fact that when doing something like loading -a PKCS \#8 encoded private key, a passphrase might be needed, but then again it -might not (a PKCS \#8 key doesn't have to be encrypted). Asking for a -passphrase to decrypt an unencrypted key is rather pointless. Not only that, -but the way to handle the user typing the wrong passphrase was complicated, -undocumented, and inefficient. - -So now Botan has an object called \type{UI}, which provides a simple interface -for the aspects of user interaction the library has to be concerned -with. Currently, this means getting a passphrase from the user, and that's it -(\type{UI} will probably be extended in the future to support other operations -as they are needed). The base \type{UI} class is very stupid, because the -library can't directly assume anything about the environment that it's running -under (for example, if there will be someone sitting at the terminal, if the -application is even \emph{attached} to a terminal, and so on). But since you -can subclass \type{UI} to use whatever method happens to be appropriate for -your application, this isn't a big deal. - -There is (currently) a single function that can be overridden by subclasses of -\type{UI} (the \type{std::string} arguments are actually \type{const -std::string\&}, but shown as simply \type{std::string} to keep the line from -wrapping): - -\noindent -\type{std::string} \function{get\_passphrase}(\type{std::string} \arg{what}, - \type{std::string} \arg{source}, - \type{UI\_Result\&} \arg{result}) const; - -The \arg{what} argument specifies what the passphrase is needed for (for -example, PKCS \#8 key loading passes \arg{what} as ``PKCS \#8 private -key''). This lets you provide the user with some indication of \emph{why} your -application is asking for a passphrase; feel free to pass the string through -\function{gettext(3)} or moral equivalent for i18n purposes. Similarly, -\arg{source} specifies where the data in question came from, if available (for -example, a file name). If the source is not available for whatever reason, then -\arg{source} will be an empty string; be sure to account for this possibility -when writing a \type{UI} subclass. - -The function returns the passphrase as the return value, and a status code in -\arg{result} (either \type{OK} or \type{CANCEL\_ACTION}). If -\type{CANCEL\_ACTION} is returned in \arg{result}, then the return value will -be ignored, and the caller will take whatever action is necessary (typically, -throwing an exception stating that the passphrase couldn't be determined). In -the specific case of PKCS \#8 key decryption, a \type{Decoding\_Error} -exception will be thrown; your UI should assume this can happen, and provide -appropriate error handling (such as putting up a dialog box informing the user -of the situation, and canceling the operation in progress). - -There is an example \type{UI} that uses GTK+ available on the web site. The -\type{GTK\_UI} code is cleanly separated from the rest of the example, so if -you happen to be using GTK+, you can copy (and/or adapt) that code for your -application. If you write a \type{UI} object for another windowing system -(Win32, Qt, wxWidgets, FOX, etc), and would like to make it available to users -in general (ideally under a permissive license such as public domain or -MIT/BSD), feel free to send in a copy. - -\pagebreak -\section{Botan's Modules} - -Botan comes with a variety of modules that can be compiled into the system. -These will not be available on all installations of the library, but you can -check for their availability based on whether or not certain macros are -defined. - -\subsection{Pipe I/O for Unix File Descriptors} - -This is a fairly minor feature, but it comes in handy sometimes. In all -installations of the library, Botan's \type{Pipe} object overloads the -\keyword{<<} and \keyword{>>} operators for C++ iostream objects, which is -usually more than sufficient for doing I/O. - -However, there are cases where the iostream hierarchy does not map well to -local 'file types', so there is also the ability to do I/O directly with Unix -file descriptors. This is most useful when you want to read from or write to -something like a TCP or Unix-domain socket, or a pipe, since for simple file -access it's usually easier to just use C++'s file streams. - -If \macro{BOTAN\_EXT\_PIPE\_UNIXFD\_IO} is defined, then you can use the -overloaded I/O operators with Unix file descriptors. For an example of this, -check out the \filename{hash\_fd} example, included in the Botan distribution. - -\subsection{Entropy Sources} - -All of these are used by the \function{Global\_RNG::seed} function if they are -available. Since this function is called by the \type{LibraryInitializer} class -when it is created, it is fairly rare that you will need to deal with any of -these classes directly. Even in the case of a long-running server that needs to -renew its entropy poll, it is easier to simply call -\function{Global\_RNG::seed} (see the section entitled ``The Global PRNG'' for -more details). - -\noindent -\type{EGD\_EntropySource}: Query an EGD socket. If the macro -\macro{BOTAN\_EXT\_ENTROPY\_SRC\_EGD} is defined, it can be found in -\filename{es\_egd.h}. The constructor takes a \type{std::vector<std::string>} -that specifies the paths to look for an EGD socket. - -\noindent -\type{Unix\_EntropySource}: This entropy source executes programs common on -Unix systems (such as \filename{uptime}, \filename{vmstat}, and \filename{df}) -and adds it to a buffer. It's quite slow due to process overhead, and (roughly) -1 bit of real entropy is in each byte that is output. It is declared in -\filename{es\_unix.h}, if \macro{BOTAN\_EXT\_ENTROPY\_SRC\_UNIX} is -defined. If you don't have \filename{/dev/urandom} \emph{or} EGD, this is -probably the thing to use. For a long-running process on Unix, keep on object -of this type around and run fast polls ever few minutes. - -\noindent -\type{FTW\_EntropySource}: Walk through a filesystem (the root to start -searching is passed as a string to the constructor), reading files. This tends -to only be useful on things like \filename{/proc} that have a great deal of -variability over time, and even then there is only a small amount of entropy -gathered: about 1 bit of entropy for every 16 bits of output (and many hundreds -of bits are read in order to get that 16 bits). It is declared in -\filename{es\_ftw.h}, if \macro{BOTAN\_EXT\_ENTROPY\_SRC\_FTW} is defined. Only -use this as a last resort. I don't really trust it, and neither should you. - -\noindent -\type{Win32\_CAPI\_EntropySource}: This routines gathers entropy from a Win32 -CAPI module. It takes an optional \type{std::string} that will specify what -type of CAPI provider to use. Generally the CAPI RNG is always the same -software-based PRNG, but there are a few that may use a hardware RNG. By -default it will use the first provider listed in the option -``rng/ms\_capi\_prov\_type'' that is available on the machine (currently the -providers ``RSA\_FULL'', ``INTEL\_SEC'', ``FORTEZZA'', and ``RNG'' are -recognized). - -\noindent -\type{BeOS\_EntropySource}: Query system statistics using various BeOS-specific -APIs. - -\noindent -\type{Pthread\_EntropySource}: Attempt to gather entropy based on jitter -between a number of threads competing for a single mutex. This entropy source -is \emph{very} slow, and highly questionable in terms of security. However, it -provides a worst-case fallback on systems that don't have Unix-like features, -but do support POSIX threads. This module is currently unavailable due to -problems on some systems. - -\subsection{Compressors} - -There are two compression algorithms supported by Botan, Zlib and Bzip2 (Gzip -and Zip encoding will be supported in future releases). Only lossless -compression algorithms are currently supported by Botan, because they tend to -be the most useful for cryptography. However, it is very reasonable to consider -supporting something like GSM speech encoding (which is lossy), for use in -encrypted voice applications. - -You should always compress \emph{before} you encrypt, because encryption seeks -to hide the redundancy that compression is supposed to try to find and remove. - -\subsubsection{Bzip2} - -To test for Bzip2, check to see if \macro{BOTAN\_EXT\_COMPRESSOR\_BZIP2} is -defined. If so, you can include \filename{bzip2.h}, which will declare a pair -of \type{Filter} objects: \type{Bzip2\_Compression} and -\type{Bzip2\_Decompression}. - -You should be prepared to take an exception when using the decompressing -filter, for if the input is not valid Bzip2 data, that is what you will -receive. You can specify the desired level of compression to -\type{Bzip2\_Compression}'s constructor as an integer between 1 and 9, 1 -meaning worst compression, and 9 meaning the best. The default is to use 9, -since small values take the same amount of time, just use a little less memory. - -The Bzip2 module was contributed by Peter J. Jones. - -\subsubsection{Zlib} - -Zlib compression works pretty much like Bzip2 compression. The only differences -in this case are that the macro is \macro{BOTAN\_EXT\_COMPRESSOR\_ZLIB}, the -header you need to include is called \filename{botan/zlib.h} (remember that you -shouldn't just \verb|#include <zlib.h>|, or you'll get the regular zlib API, -which is not what you want). The Botan classes for Zlib -compression/decompression are called \type{Zlib\_Compression} and -\type{Zlib\_Decompression}. - -Like Bzip2, a \type{Zlib\_Decompression} object will throw an exception if -invalid (in the sense of not being in the Zlib format) data is passed into it. - -In the case of zlib's algorithm, a worse compression level will be faster than -a very high compression ratio. For this reason, the Zlib compressor will -default to using a compression level of 6. This tends to give a good trade off -in terms of time spent to compression achieved. There are several factors you -need to consider in order to decide if you should use a higher compression -level: - -\begin{list}{$\cdot$} - \item Better security: the less redundancy in the source text, the harder it - is to attack your ciphertext. This is not too much of a concern, - because with decent algorithms using sufficiently long keys, it doesn't - really matter \emph{that} much (but it certainly can't hurt). - \item - - \item Decreasing returns. Some simple experiments by the author showed - minimal decreases in the size between level 6 and level 9 compression - with large (1 to 3 megabyte) files. There was some difference, but it - wasn't that much. - - \item CPU time. Level 9 zlib compression is often two to four times as slow - as level 6 compression. This can make a substantial difference in the - overall runtime of a program. -\end{list} - -While the zlib compression library uses the same compression algorithm as the -gzip and zip programs, the format is different. The zlib format is defined in -RFC 1950. - -\subsubsection{Data Sources} - -A \type{DataSource} is a simple abstraction for a thing that stores bytes. This -type is used fairly heavily in the areas of the API related to ASN.1 -encoding/decoding. The following types are \type{DataSource}s: \type{Pipe}, -\type{SecureQueue}, and a couple of special purpose ones: -\type{DataSource\_Memory} and \type{DataSource\_Stream}. - -You can create a \type{DataSource\_Memory} with an array of bytes and a length -field. The object will make a copy of the data, so you don't have to worry -about keeping that memory allocated. This is mostly for internal use, but if it -comes in handy, feel free to use it. - -A \type{DataSource\_Stream} is probably more useful than the memory based -one. Its constructors take either a \type{std::istream} or a -\type{std::string}. If it's a stream, the data source will use the -\type{istream} to satisfy read requests (this is particularly useful to use -with \type{std::cin}). If the string version is used, it will attempt to open -up a file with that name and read from it. - -\subsubsection{Data Sinks} - -A \type{DataSink} (in \filename{data\_snk.h}) is a \type{Filter} that takes -arbitrary amounts of input, and produces no output. Generally, this means it's -doing something with the data outside the realm of what -\type{Filter}/\type{Pipe} can handle, for example, writing it to a file (which -is what the \type{DataSink\_Stream} does). There is no need for -\type{DataSink}s that write to a \type{std::string} or memory buffer, because -\type{Pipe} can handle that by itself. - -Here's a quick example of using a \type{DataSink}, which encrypts -\filename{in.txt} and sends the output to \filename{out.txt}. There is -no explicit output operation; the writing of \filename{out.txt} is -implicit. - -\begin{verbatim} - DataSource_Stream in("in.txt"); - Pipe pipe(new CBC_Encryption("Blowfish", "PKCS7", key, iv), - new DataSink_Stream("out.txt")); - pipe.process_msg(in); -\end{verbatim} - -A real advantage of this is that even if ``in.txt'' is large, only as -much memory is needed for internal I/O buffers will actually be used. - -\subsection{Writing Modules} - -It's a lot simpler to write modules for Botan that it is to write code -in the core library, for several reasons. First, a module can rely on -external libraries and services beyond the base ISO C++ libraries, and -also machine dependent features. Also, the code can be added at -configuration time on the user's end with very little effort (\ie the -code can be distributed separately, and included by the user without -needing to patch any existing source files). - -Each module lives in a subdirectory of the \filename{modules} -directory, which exists at the top-level of the Botan source tree. The -``short name'' of the module is the same as the name of this -directory. The only required file in this directory is -\filename{info.txt}, which contains directives that specify what a -particular module does, what systems it runs on, and so on. Comments -in \filename{info.txt} start with a \verb|#| character and continue -to end of line. - -Recognized directives include: - -\newcommand{\directive}[2]{ - \vskip 4pt - \noindent - \texttt{#1}: #2 -} - -\directive{realname <name>}{Specify that the 'real world' name of this module - is \texttt{<name>}.} - -\directive{note <note>}{Add a note that will be seen by the end-user at -configure time if the module is included into the library.} - -\directive{require\_version <version>}{Require at configure time that -the version of Botan in use be at least \texttt{<version>}.} - -\directive{define <macro>[,<macro>[,...]]}{Cause the macro - \macro{BOTAN\_EXT\_<macro>} (for each instance of \macro{<macro>} - in the directive) to be defined in \filename{build.h}. This should - only be used if the module creates user-visible changes. There is a - set of conventions that should be followed in deciding what to call - this macro (where xxx denotes some descriptive and distinguishing - characteristic of the thing implemented, such as - \macro{ALLOC\_MLOCK} or \macro{MUTEX\_PTHREAD}): - -\begin{itemize} -\item Allocator: \macro{ALLOC\_xxx} -\item Compressors: \macro{COMPRESSOR\_xxx} -\item EntropySource: \macro{ENTROPY\_SRC\_xxx} -\item Engines: \macro{ENGINE\_xxx} -\item Mutex: \macro{MUTEX\_xxx} -\item Timer: \macro{TIMER\_xxx} -\end{itemize} -} - -\directive{<libs> / </libs>}{This specifies any extra libraries to be -linked in. It is a mapping from OS to library name, for example -\texttt{linux -> rt}, which means that on Linux librt should be linked -in. You can also use ``all'' to force the library to be linked in on -all systems.} - -\directive{<add> / </add>}{Tell the configuration script to add the - files named between these two tags into the source tree. All these - files must exist in the current module directory.} - -\directive{<ignore> / </ignore>}{Tell the configuration script to - ignore the files named in the main source tree. This is useful, for - example, when replacing a C++ implementation with a pure assembly - version.} - -\directive{<replace> / </replace>}{Tell the configuration script to - ignore the file given in the main source tree, and instead use the - one in the module's directory.} - -Additionally, the module file can contain blocks, delimited by the -following pairs: - -\texttt{<os> / </os>}, \texttt{<arch> / </arch>}, \texttt{<cc> / </cc>} - -\noindent -For example, putting ``alpha'' and ``ia64'' in a \texttt{<arch>} block will -make the configuration script only allow the module to be compiled on those -architectures. Not having a block means any value is acceptable. - -\pagebreak -\section{Miscellaneous} - -This section has documentation for anything that just didn't fit into any of -the major categories. Many of them (Timers, Allocators) will rarely be used in -actual application code, but others, like the S2K algorithms, have a wide -degree of applicability. - -\subsection{S2K Algorithms} - -There are various procedures (usually fairly ad-hoc) for turning a passphrase -into a (mostly) arbitrary length key for a symmetric cipher. A general -interface for such algorithms is presented in \filename{s2k.h}. The main -function is \function{derive\_key}, which takes a passphrase, and the desired -length of the output key, and returns a key of that length, deterministically -produced from the passphrase. If an algorithm can't produce a key of that size, -it will throw an exception (most notably, PKCS \#5's PBKDF1 can only produce -strings between 1 and $n$ bytes, where $n$ is the output size of the underlying -hash function). - -Most such algorithms allow the use of a ``salt'', which provides some extra -randomness and helps against dictionary attacks on the passphrase. Simply call -\function{change\_salt} (there are variations of it for most of the ways you -might wish to specify a salt, check the header for details) with a block of -random data. You can also have the class generate a new salt for you with -\function{new\_random\_salt}; the salt that was generated can be retrieved with -\function{current\_salt}. - -Additionally some algorithms allow you to set some sort of iteration -count, which will make the algorithm take longer to compute the final -key (reducing the speed of brute-force attacks of various kinds). This -can be changed with the \function{set\_iterations} function. Most -standards recommend an iteration count of at least 1000. Currently -defined S2K algorithms are ``PBKDF1(digest)'', ``PBKDF2(digest)'', and -``OpenPGP-S2K(digest)''; you can retrieve any of these using the -\function{get\_s2k}, found in \filename{lookup.h}. As of this writing, -``PBKDF2(SHA-256)'' with 10000 iterations and an 8 byte salt is -recommend for new applications. - -\subsubsection{OpenPGP S2K} - -There are some oddities about OpenPGP's S2K algorithms that are documented -here. For one thing, it uses the iteration count in a strange manner; instead -of specifying how many times to iterate the hash, it tells how many -\emph{bytes} should be hashed in total (including the salt). So the exact -iteration count will depend on the size of the salt (which is fixed at 8 bytes -by the OpenPGP standard, though the implementation will allow any salt size) -and the size of the passphrase. - -To get what OpenPGP calls ``Simple S2K'', set iterations to 0 (the default for -OpenPGP S2K), and do not specify a salt. To get ``Salted S2K'', again leave the -iteration count at 0, but give an 8-byte salt. ``Salted and Iterated S2K'' -requires an 8-byte salt and some iteration count (this should be significantly -larger than the size of the longest passphrase that might reasonably be used; -somewhere from 1024 to 65536 would probably be about right). Using both a -reasonably sized salt and a large iteration count is highly recommended to -prevent password guessing attempts. - -\subsection{Checksums} - -Checksums are very similar to hash functions, and in fact share the same -interface. But there are some significant differences, the major ones being -that the output size is very small (usually in the range of 2 to 4 bytes), and -is not cryptographically secure. But for their intended purpose (error -checking), they perform very well. Some examples of checksums included in Botan -are the Adler32 and CRC32 checksums. - -\subsection{Exceptions} - -Sooner or later, something is going to go wrong. Botan's behavior when -something unusual occurs, like most C++ software, is to throw an exception. -Exceptions in Botan are derived from the \type{Exception} class. You can see -most of the major varieties of exceptions used in Botan by looking at -\filename{exceptn.h}. The only function you really need to concern yourself -with is \type{const char*} \function{what()}. This will return an error message -relevant to the error that occurred. For example: - -\begin{verbatim} -try { - // various Botan operations - } -catch(Botan::Exception& e) - { - cout << "Botan exception caught: " << e.what() << endl; - // error handling, or just abort - } -\end{verbatim} - -Botan's exceptions are derived from \type{std::exception}, so you don't need -to explicitly check for Botan exceptions if you're already catching the ISO -standard ones. - -\subsection{Threads and Mutexes} - -Botan includes a mutex system, which is used internally to lock some shared -data structures that must be kept shared for efficiency reasons (mostly, these -are in the allocation systems~--~handing out 1000 separate allocators hurts -performance and makes caching memory blocks useless). This system is supported -by the \texttt{mux\_pthr} module, implementing the \type{Mutex} interface for -systems that have POSIX threads. - -If your application is using threads, you \emph{must} add the option -``thread\_safe'' to the options string when you create the -\type{LibraryInitializer} object. If you specify this option and no mutex type -is available, an exception is thrown, since otherwise you would probably be -facing a nasty crash. - -\subsection{Secure Memory} - -A major concern with mixing modern multiuser OSes and cryptographic -code is that at any time the code (including secret keys) could be -swapped to disk, where it can later be read by an attacker. Botan -stores almost everything (and especially anything sensitive) in memory -buffers that a) clear out their contents when their destructors are -called, and b) have easy plugins for various memory locking functions, -such as the \function{mlock}(2) call on many Unix systems. - -Two of the allocation method used (``malloc'' and ``mmap'') don't -require any extra privileges on Unix, but locking memory does. At -startup, each allocator type will attempt to allocate a few blocks -(typically totaling 128k), so if you want, you can run your -application \texttt{setuid} \texttt{root}, and then drop privileges -immediately after creating your \type{LibraryInitializer}. If you end -up using more than what's been allocated, some of your sensitive data -might end up being swappable, but that beats running as \texttt{root} -all the time. BTW, I would note that, at least on Linux, you can use a -kernel module to give your process extra privileges (such as the -ability to call \function{mlock}) without being root. For example, -check out my Capability Override LSM -(\url{http://www.randombit.net/projects/cap\_over/}), which makes this -pretty easy to do. - -These classes should also be used within your own code for storing sensitive -data. They are only meant for primitive data types (int, long, etc): if you -want a container of higher level Botan objects, you can just use a -\verb|std::vector|, since these objects know how to clear themselves when they -are destroyed. You cannot, however, have a \verb|std::vector| (or any other -container) of \type{Pipe}s or \type{Filter}s, because these types have pointers -to other \type{Filter}s, and implementing copy constructors for these types -would be both hard and quite expensive (vectors of pointers to such objects is -fine, though). - -These types are not described in any great detail: for more information, -consult the definitive sources~--~the header files \filename{secmem.h} and -\filename{allocate.h}. - -\type{SecureBuffer} is a simple array type, whose size is specified at compile -time. It will automatically convert to a pointer of the appropriate type, and -has a number of useful functions, including \function{clear()}, and -\type{u32bit} \function{size()}, which returns the length of the array. It is a -template that takes as parameters a type, and a constant integer which is how -long the array is (for example: \verb|SecureBuffer<byte, 8> key;|). - -\type{SecureVector} is a variable length array. Its size can be increased or -decreased as need be, and it has a wide variety of functions useful for copying -data into its buffer. Like \type{SecureBuffer}, it implements \function{clear} -and \function{size}. - -\subsection{Allocators} - -The containers described above get their memory from allocators. As a user of -the library, you can add new allocator methods at run time for containers, -including the ones used internally by the library, to use. The interface to -this is in \filename{allocate.h}. Basically how it works is that code needing -an allocator uses \function{get\_allocator}, which returns a pointer to an -allocator. This pointer should not be freed: the caller does not own the -allocator (it is shared among multiple users, and locks itself as needed). It -is possible to call \function{get\_allocator} with a specific name to request a -particular type of allocator, otherwise, a default allocator type is returned. - -At start time, the only allocator known is a \type{Default\_Allocator}, which -just allocates memory using \function{malloc}, and \function{memset}s it to 0 -when the memory is released. It is known by the name ``malloc''. If you ask for -another type of allocator (``locking'' and ``mmap'' are currently used), and it -is not available, some other allocator will be returned. - -You can add in a new allocator type using \function{add\_allocator\_type}. This -function takes a string and a pointer to an allocator. The string gives this -allocator type a name to which it can be referred when one is requesting it -with \function{get\_allocator}. If an error occurs (such as the name being -already registered), this function returns false. It will return true if the -allocator was successfully registered. If you ask it to, -\type{LibraryInitializer} will do this for you. - -Finally, you can set the default allocator type that will be returned using -the policy setting ``default\_alloc'' to the name of any previously registered -allocator. - -\subsection{BigInt} - -\type{BigInt} is Botan's implementation of a multiple-precision -integer. Thanks to C++'s operator overloading features, using \type{BigInt} is -often quite similar to using a native integer type. The number of functions -related to \type{BigInt} is quite large. You can find most of them in -\filename{bigint.h} and \filename{numthry.h}. - -Due to the sheer number of functions involved, only a few, which a regular user -of the library might have to deal with, are mentioned here. Fully documenting -the MPI library would take a significant while, so if you need to use it now, -the best way to learn is to look at the headers. - -Probably the most important are the encoding/decoding functions, which -transform the normal representation of a \type{BigInt} into some other form, -such as a decimal string. The most useful of these functions are - -\type{SecureVector<byte>} \function{BigInt::encode}(\type{BigInt}, -\type{Encoding}) - -\noindent -and - -\type{BigInt} \function{BigInt::decode}(\type{SecureVector<byte>}, -\type{Encoding}) - -\type{Encoding} is an enum that has values \type{Binary}, \type{Octal}, -\type{Decimal}, and \type{Hexadecimal}. The parameter will default to -\type{Binary}. These functions are static member functions, so they would be -called like this: - -\begin{verbatim} - BigInt n1; // some number - SecureVector<byte> n1_encoded = BigInt::encode(n1); - BigInt n2 = BigInt::decode(n1_encoded); - // now n1 == n2 -\end{verbatim} - -There are also C++-style I/O operators defined for use with \type{BigInt}. The -input operator understands negative numbers, hexadecimal numbers (marked with a -leading ``0x''), and octal numbers (marked with a leading '0'). The '-' must -come before the ``0x'' or '0' marker. The output operator will never adorn the -output; for example, when printing a hexadecimal number, there will not be a -leading ``0x'' (though a leading '-' will be printed if the number is -negative). If you want such things, you'll have to do them yourself. - -\type{BigInt} has constructors that can create a \type{BigInt} from an unsigned -integer or a string. You can also decode a \type{byte}[] / length pair into a -BigInt. There are several other \type{BigInt} constructors, which I would -seriously recommend you avoid, as they are only intended for use internally by -the library, and may arbitrarily change, or be removed, in a future release. - -An essentially random sampling of \type{BigInt} related functions: - -\type{u32bit} \function{BigInt::bytes}(): Return the size of this \type{BigInt} -in bytes. - -\type{BigInt} \function{random\_prime(\type{u32bit} \arg{b})}: Return a prime -number \arg{b} bits long. - -\type{BigInt} \function{gcd}(\type{BigInt} \arg{x}, \type{BigInt} \arg{y}): -Returns the greatest common divisor of \arg{x} and \arg{y}. Uses the binary -GCD algorithm. - -\type{bool} \function{is\_prime}(\type{BigInt} \arg{x}): Returns true if -\arg{x} is a (possible) prime number. Uses the Miller-Rabin probabilistic -primality test with fixed bases. For higher assurance, use -\function{verify\_prime}, which uses more rounds and randomized 48-bit bases. - -\subsubsection{Efficiency Hints} - -If you can, always use expressions of the form \verb|a += b| over -\verb|a = a + b|. The difference can be \emph{very} substantial, because the -first form prevents at least one needless memory allocation, and possibly as -many as three. - -If you're doing repeated modular exponentiations with the same modulus, create -a \type{BarrettReducer} ahead of time. If the exponent or base is a constant, -use the classes in \filename{mod\_exp.h}. This stuff is all handled for you by -the normal high-level interfaces, of course. - -Never use the low-level MPI functions (those that begin with -\texttt{bigint\_}). These are completely internal to the library, and -may make arbitrarily strange and undocumented assumptions about their -inputs, and don't check to see if they are actually true, on the -assumption that only the library itself calls them, and that the -library knows what the assumptions are. The interfaces for these -functions can change completely without notice. - -\pagebreak -\section{Algorithms} - -\subsection{Recommended Algorithms} - -This section is by no means the last word on selecting which algorithms to use. -However, Botan includes a sometimes bewildering array of possible algorithms, -and unless you're familiar with the latest developments in the field, it can be -hard to know what is secure and what is not. The following attributes of the -algorithms were evaluated when making this list: security, standardization, -patent status, support by other implementations, and efficiency (in roughly -that order). - -It is intended as a set of simple guidelines for developers, and nothing more. -It's entirely possible that there are algorithms in Botan that will turn out to -be more secure than the ones listed, but the algorithms listed here are -(currently) thought to be safe. - -\begin{list}{$\cdot$} - \item Block ciphers: AES or Serpent in CBC or CTR mode - - \item Hash functions: SHA-256, SHA-512 - - \item MACs: HMAC with any recommended hash function - - \item Public Key Encryption: RSA with ``EME1(SHA-256)'' - - \item Public Key Signatures: RSA with EMSA4 and any recommended hash, or DSA - with ``EMSA1(SHA-256)'' - - \item Key Agreement: Diffie-Hellman, with ``KDF2(SHA-256)'' -\end{list} - -\subsection{Compliance with Standards} - -Botan is/should be at least roughly compatible with many cryptographic -standards, including the following: - -\newcommand{\standard}[2]{ - \vskip 4pt - * #1: \textbf{#2} -} - -\standard{RSA}{PKCS \#1 v2.1, ANSI X9.31} - -\standard{DSA}{ANSI X9.30, FIPS 186-2} - -\standard{Diffie-Hellman}{ANSI X9.42, PKCS \#3} - -\standard{Certificates}{ITU X.509, RFC 3280/3281 (PKIX), PKCS \#9 v2.0, -PKCS \#10} - -\standard{Private Key Formats}{PKCS \#5 v2.0, PKCS \#8} - -\standard{DES/DES-EDE}{FIPS 46-3, ANSI X3.92, ANSI X3.106} - -\standard{SHA-1}{FIPS 180-2} - -\standard{HMAC}{ANSI X9.71, FIPS 198} - -\standard{ANSI X9.19 MAC}{ANSI X9.9, ANSI X9.19} - -\vskip 8pt -\noindent -There is also support for the very general standards of \textbf{IEEE 1363-2000} -and \textbf{1363a}. Most of the contents of such are included in the standards -mentioned above, in various forms (usually with extra restrictions that 1363 -does not impose). - -\subsection{Algorithms Listing} - -Botan includes a very sizable number of cryptographic algorithms. In -nearly all cases, you never need to know the header file or type name -to use them. However, you do need to know what string (or strings) are -used to identify that algorithm. Generally, these names conform to -those set out by SCAN (Standard Cryptographic Algorithm Naming), which -is a document that specifies how strings are mapped onto algorithm -objects, which is useful for a wide variety of crypto APIs (SCAN is -oriented towards Java, but Botan and several other non-Java libraries -also make at least some use of it). For full details, read the SCAN -document, which can be found at -\url{http://www.users.zetnet.co.uk/hopwood/crypto/scan/} - -Many of these algorithms can take options (such as the number of -rounds in a block cipher, the output size of a hash function, -etc). These are shown in the following list; all of them default to -reasonable values (unless otherwise marked). There are -algorithm-specific limits on most of them. When you see something like -``HASH'' or ``BLOCK'', that means you should insert the name of some -algorithm of that type. There are no defaults for those options. - -A few very obscure algorithms are skipped; if you need one of them, -you'll know it, and you can look in the appropriate header to see what -that classes' \function{name} function returns (the names tend to -match that in SCAN, if it's defined there). - -\begin{list}{$\cdot$} - \item ROUNDS: The number of rounds in a block cipher. - \item - \item OUTSZ: The output size of a hash function or MAC - \item PASS: The number of passes in a hash function (more passes generally - means more security). -\end{list} - -\vskip .05in -\noindent -\textbf{Block Ciphers:} ``AES'', ``Blowfish'', ``CAST-128'', -``CAST-256'', ``DES'', ``DESX'', ``TripleDES'', ``GOST'', ``IDEA'', -``MARS'', ``MISTY1(ROUNDS)'', ``RC2'', ``RC5(ROUNDS)'', ``RC6'', -``SAFER-SK(ROUNDS)'', ``SEED'', ``Serpent'', ``Skipjack'', ``Square'', -``TEA'', ``Twofish'', ``XTEA'' - -\noindent -\textbf{Stream Ciphers:} ``ARC4'', ``MARK4'', ``Turing'', ``WiderWake4+1-BE'' - -\noindent -\textbf{Hash Functions:} ``FORK-256'', ``HAS-160'', ``GOST-34.11'', -``MD2'', ``MD4'', ``MD5'', ``RIPEMD-128'', ``RIPEMD-160'', -``SHA-160'', ``SHA-256'', ``SHA-384'', ``SHA-512'', ``Skein-512'', -``Tiger(OUTSZ,PASS)'', ``Whirlpool'' - -\noindent -\textbf{MACs:} ``HMAC(HASH)'', ``CMAC(BLOCK)'', ``X9.19-MAC'' - -\subsection{Compatibility} - -Generally, cryptographic algorithms are well standardized, thus -compatibility between implementations is relatively simple (of course, not all -algorithms are supported by all implementations). But there are a few -algorithms that are poorly specified, and these should be avoided if you wish -your data to be processed in the same way by another implementation (including -future versions of Botan). - -The block cipher GOST has a particularly poor specification: there are no -standard Sboxes, and the specification does not give test vectors even for -sample boxes, which leads to issues of endian conventions, etc. - -If you wish maximum portability between different implementations of an -algorithm, it's best to stick to strongly defined and well standardized -algorithms, TripleDES, AES, HMAC, and SHA-256 all being good examples. - -\pagebreak -\section{Support and Further Information} - -\subsection{Patents} - -Some of the algorithms implemented by Botan may be covered by patents in some -locations. Algorithms known to have patent claims on them in the United States -and that are not available in a license-free/royalty-free manner include: -IDEA, MISTY1, RC5, RC6, and Nyberg-Rueppel. - -You must not assume that, just because an algorithm is not listed here, it is -not encumbered by patents. If you have any concerns about the patent status of -any algorithm you are considering using in an application, please discuss it -with your attorney. - -\subsection{Recommended Reading} - -It's a very good idea if you have some knowledge of cryptography prior -to trying to use this stuff. You really should read one or more of -these books before seriously using the library (note that the Handbook -of Applied Cryptography is available for free online): - -\setlength{\parskip}{5pt} - -\noindent -\textit{Handbook of Applied Cryptography}, Alfred J. Menezes, -Paul C. Van Oorschot, and Scott A. Vanstone; CRC Press - -\noindent -\textit{Security Engineering -- A Guide to Building Dependable Distributed -Systems}, Ross Anderson; Wiley - -\noindent -\textit{Cryptography: Theory and Practice}, Douglas R. Stinson; CRC Press - -\noindent -\textit{Applied Cryptography, 2nd Ed.}, Bruce Schneier; Wiley - -\noindent -Once you've got the basics down, these are good things to at least take a look -at: IEEE 1363 and 1363a, SCAN, NESSIE, PKCS \#1 v2.1, the security related FIPS -documents, and the CFRG RFCs. - -\subsection{Support} - -Questions or problems you have with Botan can be directed to the -development mailing list. Joining this list is highly recommended if -you're going to be using Botan, since often advance notice of upcoming -changes is sent there. ``Philosophical'' bug reports, announcements of -programs using Botan, and basically anything else having to do with -Botan are also welcome. - -The lists can be found at -\url{http://lists.randombit.net/mailman/listinfo/}. - -\subsection{Contact Information} - -A PGP key with a fingerprint of -\verb|621D AF64 11E1 851C 4CF9 A2E1 6211 EBF1 EFBA DFBC| is used to sign all -Botan releases. This key can be found in the file \filename{doc/pgpkeys.asc}; -PGP keys for the developers are also stored there. - -\vskip 5pt \noindent -Web Site: \url{http://botan.randombit.net} - -\subsection{License} - -Copyright \copyright 2000-2008, Jack Lloyd - -Licensed under the same terms as the Botan source - -\end{document} diff --git a/botan/doc/architecture.pdf b/botan/doc/architecture.pdf Binary files differdeleted file mode 100644 index f0edc3f..0000000 --- a/botan/doc/architecture.pdf +++ /dev/null diff --git a/botan/doc/building.pdf b/botan/doc/building.pdf Binary files differdeleted file mode 100644 index 9b7d45a..0000000 --- a/botan/doc/building.pdf +++ /dev/null diff --git a/botan/doc/building.tex b/botan/doc/building.tex deleted file mode 100644 index aa4435c..0000000 --- a/botan/doc/building.tex +++ /dev/null @@ -1,398 +0,0 @@ -\documentclass{article} - -\setlength{\textwidth}{6.5in} -\setlength{\textheight}{9in} - -\setlength{\headheight}{0in} -\setlength{\topmargin}{0in} -\setlength{\headsep}{0in} - -\setlength{\oddsidemargin}{0in} -\setlength{\evensidemargin}{0in} - -\title{\textbf{Botan Build Guide}} -\author{Jack Lloyd \\ - \texttt{lloyd@randombit.net}} -\date{2008-11-24} - -\newcommand{\filename}[1]{\texttt{#1}} -\newcommand{\module}[1]{\texttt{#1}} - -\newcommand{\type}[1]{\texttt{#1}} -\newcommand{\function}[1]{\textbf{#1}} -\newcommand{\macro}[1]{\texttt{#1}} - -\begin{document} - -\maketitle - -\tableofcontents - -\parskip=5pt -\pagebreak - -\section{Introduction} - -This document describes how to build Botan on Unix/POSIX and MS -Windows systems. The POSIX oriented descriptions should apply to most -common Unix systems (including MacOS X), along with POSIX-ish systems -like BeOS, QNX, and Plan 9. Currently, systems other than Windows and -POSIX (such as VMS, MacOS 9, OS/390, OS/400, ...) are not supported by -the build system, primarily due to lack of access. Please contact the -maintainer if you would like to build Botan on such a system. - -Botan's build is controlled by configure.pl, which is a Perl -script. Perl 5.6 or later is required. - -\section{For the Impatient} - -\begin{verbatim} -$ ./configure.pl [--prefix=/some/directory] -$ make -$ make install -\end{verbatim} - -Or using \verb|nmake|, if you're compiling on Windows with Visual -C++. On platforms that do not understand the '\#!' convention for -beginning script files, or that have Perl installed in an unusual -spot, you might need to prefix the \texttt{configure.pl} command with -\texttt{perl} or \texttt{/path/to/perl}. - -\section{Building the Library} - -The first step is to run \filename{configure.pl}, which is a Perl -script that creates various directories, config files, and a Makefile -for building everything. The script requires at least Perl 5.6; any -later version should also work. - -The script will attempt to guess what kind of system you are trying -to compile for (and will print messages telling you what it guessed). -You can override this process by passing the options \verb|--cc|, -\verb|--os|, and \verb|--cpu| -- acceptable values are printed if -you run \verb|configure.pl| with \verb|--help|. - -You can pass basically anything reasonable with \verb|--cpu|: the -script knows about a large number of different architectures, their -sub-models, and common aliases for them. The script does not display -all the possibilities in its help message because there are simply too -many entries. You should only select the 64-bit version of a CPU (such -as ``sparc64'' or ``mips64'') if your operating system knows how to -handle 64-bit object code -- a 32-bit kernel on a 64-bit CPU will -generally not like 64-bit code. - -By default the script tries to figure out what will work on your -system, and use that. It will print a display at the end showing -which algorithms have and have not been abled. For instance on one -system we might see the line: - -\begin{verbatim} - (loading): entropy: [beos_stats] buf_es [cryptoapi_rng] - dev_random egd proc_walk unix_procs [win32_stats] -\end{verbatim} - -The names listed in brackets are disabled, the others are -enabled. Here we see the list of entropy sources which are going to be -compiled into Botan. Since this particular line comes when Botan was -configuring for a Linux system, the Win32 and BeOS specific modules -were disabled, while modules that use Unix APIs and /dev/random are -built. - -You can control which algorithms and modules are built using the -options ``\verb|--enable-modules=MODS|'' and -``\verb|--disable-modules=MODS|'', for instance \\ -``\verb|--enable-modules=blowfish,md5,rsa,zlib --disable-modules=arc4,cmac|''. -Modules not listed on the command line will simply be loaded if needed -or if configured to load by default. - -Not all OSes or CPUs have specific support in -\filename{configure.pl}. If the CPU architecture of your system isn't -supported by \filename{configure.pl}, use 'generic'. This setting -disables machine-specific optimization flags. Similarly, setting OS to -'generic' disables things which depend greatly on OS support -(specifically, shared libraries). - -However, it's impossible to guess which options to give to a system -compiler. Thus, if you want to compile Botan with a compiler which -\filename{configure.pl} does not support, you will need to tell it how -that compiler works. This is done by adding a new file in the -directory \filename{src/build-data/cc}; the existing files should put you -in the right direction. - -The script tries to guess what kind of makefile to generate, and it -almost always guesses correctly (basically, Visual C++ uses NMAKE with -Windows commands, and everything else uses Unix make with POSIX -commands). Just in case, you can override it with -\verb|--make-style=somestyle|. The styles Botan currently knows about -are 'unix' (normal Unix makefiles), and 'nmake', the make variant -commonly used by Windows compilers. To add a new variant (eg, a build -script for VMS), you will need to create a new template file in -\filename{src/build-data/makefile}. - -\pagebreak - -\subsection{POSIX / Unix} - -The basic build procedure on Unix and Unix-like systems is: - -\begin{verbatim} - $ ./configure.pl [--enable-modules=<list>] [--cc=CC] - $ make - # You may need to set your LD_LIBRARY_PATH or equivalent for ./check to run - $ make check # optional, but a good idea - $ make install -\end{verbatim} - -This will probably default to using GCC, depending on what can be -found within your PATH. - -The \verb|make install| target has a default directory in which it -will install Botan (typically \verb|/usr/local|). You can override -this by using the \texttt{--prefix} argument to -\filename{configure.pl}, like so: - -\verb|./configure.pl --prefix=/opt <other arguments>| - -On some systems shared libraries might not be immediately visible to -the runtime linker. For example, on Linux you may have to edit -\filename{/etc/ld.so.conf} and run \texttt{ldconfig} (as root) in -order for new shared libraries to be picked up by the linker. An -alternative is to set your \texttt{LD\_LIBRARY\_PATH} shell variable -to include the directory that the Botan libraries were installed into. - -\subsection{MS Windows} - -The situation is not much different here. We'll assume you're using Visual C++ -(for Cygwin, the Unix instructions are probably more relevant). You need to -have a copy of Perl installed, and have both Perl and Visual C++ in your path. - -\begin{verbatim} - > perl configure.pl --cc=msvc (or --cc=gcc for MinGW) [--cpu=CPU] - > nmake - > nmake check # optional, but recommended -\end{verbatim} - -For Win95 pre OSR2, the \verb|cryptoapi_rng| module will not work, -because CryptoAPI didn't exist. And all versions of NT4 lack the -ToolHelp32 interface, which is how \verb|win32_stats| does its slow -polls, so a version of the library built with that module will not -load under NT4. Later systems (98/ME/2000/XP) support both methods, so -this shouldn't be much of an issue. - -Unfortunately, there currently isn't an install script usable on -Windows. Basically all you have to do is copy the newly created -\filename{libbotan.lib} to someplace where you can find it later (say, -\verb|C:\botan\|). Then copy the entire \verb|build\include\botan| -directory, which was constructed when you built the library, into the -same directory. - -When building your applications, all you have to do is tell the -compiler to look for both include files and library files in -\verb|C:\botan|, and it will find both. Or you can move them to a -place where they will be in the default compiler search paths (consult -your documentation and/or local expert for details). - -\pagebreak - -\subsection{Configuration Parameters} - -There are some configuration parameters which you may want to tweak -before building the library. These can be found in -\filename{config.h}. This file is overwritten every time the configure -script is run (and does not exist until after you run the script for -the first time). - -Also included in \filename{build/build.h} are macros which are defined -if one or more extensions are available. All of them begin with -\verb|BOTAN_HAS_|. For example, if \verb|BOTAN_HAS_COMPRESSOR_BZIP2| -is defined, then an application using Botan can include -\filename{<botan/bzip2.h>} and use the Bzip2 filters. - -\macro{BOTAN\_MP\_WORD\_BITS}: This macro controls the size of the -words used for calculations with the MPI implementation in Botan. You -can choose 8, 16, 32, or 64, with 32 being the default. You can use 8, -16, or 32 bit words on any CPU, but the value should be set to the -same size as the CPU's registers for best performance. You can only -use 64-bit words if an assembly module (such as \module{mp\_ia32} or -\module{mp\_asm64}) is used. If the appropriate module is available, -64 bits are used, otherwise this is set to 32. Unless you are building -for a 8 or 16-bit CPU, this isn't worth messing with. - -\macro{BOTAN\_VECTOR\_OVER\_ALLOCATE}: The memory container -\type{SecureVector} will over-allocate requests by this amount (in -elements). In several areas of the library, we grow a vector fairly often. By -over-allocating by a small amount, we don't have to do allocations as often -(which is good, because the allocators can be quite slow). If you \emph{really} -want to reduce memory usage, set it to 0. Otherwise, the default should be -perfectly fine. - -\macro{BOTAN\_DEFAULT\_BUFFER\_SIZE}: This constant is used as the size of -buffers throughout Botan. A good rule of thumb would be to use the page size of -your machine. The default should be fine for most, if not all, purposes. - -\macro{BOTAN\_GZIP\_OS\_CODE}: The OS code is included in the Gzip header when -compressing. The default is 255, which means 'Unknown'. You can look in RFC -1952 for the full list; the most common are Windows (0) and Unix (3). There is -also a Macintosh (7), but it probably makes more sense to use the Unix code on -OS X. - -\subsection{Multiple Builds} - -It may be useful to run multiple builds with different -configurations. Specify \verb|--build-dir=<dir>| to set up a build -environment in a different directory. - -\subsection{Local Configuration} - -You may want to do something peculiar with the configuration; to -support this there is a flag to \filename{configure.pl} called -\texttt{--with-local-config=<file>}. The contents of the file are -inserted into \filename{build/build.h} which is (indirectly) included -into every Botan header and source file. - -\pagebreak - -\section{Modules} - -There are a fairly large number of modules included with Botan. Some -of these are extremely useful, while others are only necessary in very -unusual circumstances. The modules included with this release are: - -\newcommand{\mod}[2]{\textbf{#1}: #2} - -\begin{list}{$\cdot$} - \item \mod{alloc\_mmap}{Allocates memory using memory mappings of temporary - files. This means that if the OS swaps all or part of the application, - the sensitive data will be swapped to where we can later clean it, - rather than somewhere in the swap partition.} - - \item \mod{bzip2}{Enables an application to perform bzip2 compression - and decompression using the library. Available on any system that has - bzip2.} - - \item \mod{zlib}{Enables an application to perform zlib compression and - decompression using the library. Available on any system that has - zlib.} - - %\item \mod{eng\_aep}{An engine that uses any available AEP accelerator card - % to speed up PK operations. You have to have the AEP drivers installed - % for this to link correctly, but you don't have to have a card - % installed - it will automatically be enabled if a card is detected at - % run time.} - - \item \mod{gnump}{An engine that uses GNU MP to speed up PK operations. - GNU MP 4.1 or later is required.} - - \item \mod{openssl}{An engine that uses OpenSSL to speed up public key - operations and some ciphers/hashes. OpenSSL 0.9.7 or - later is required.} - - \item \mod{beos\_stats}{An entropy source that uses BeOS-specific - APIs to gather (hopefully unpredictable) data from the system.} - - \item \mod{cryptoapi\_rng}{An entropy source that uses the Win32 - CryptoAPI function \texttt{CryptGenRandom} to gather - entropy. Supported on NT4, Win95 OSR2, and all later Windows - systems.} - - \item \mod{egd}{An entropy source that accesses EGD (the entropy - gathering daemon). Common on Unix systems that don't have - \texttt{/dev/random}.} - - \item \mod{proc\_walk}{Gather entropy by reading files from a particular file - tree. Usually used with \texttt{/proc}; most other file trees don't - have sufficient variability over time to be useful.} - - \item \mod{unix\_procs}{Gather entropy by running various Unix programs, like - \texttt{arp} and \texttt{vmstat}, and reading their output in the - hopes that at least some of it will be unpredictable to an attacker.} - - \item \mod{win32\_stats}{Gather entropy by walking through various pieces of - information about processes running on the system. Does not run on - NT4, but should run on all other Win32 systems.} - - \item \mod{fd\_unix}{Let the users of \texttt{Pipe} perform I/O with Unix - file descriptors in addition to \texttt{iostream} objects.} - - \item \mod{pthread}{Add support for using \texttt{pthread} mutexes to - lock internal data structures. Important if you are using threads - with the library.} - - \item \mod{qt\_mutex}{Add support for using Qt mutexes to lock internal data - structures.} - - \item \mod{cpu\_counter}{Use the contents of the CPU cycle counter when - generating random bits to further randomize the results. Works on x86 - (Pentium and up), Alpha, and SPARCv9.} - - \item \mod{posix\_rt}{Use the POSIX realtime clock as a high-resolution - timer.} - - \item \mod{gettimeofday}{Use the traditional Unix - \texttt{gettimeofday} as a high resolution timer.} - - \item \mod{win32\_query\_perf\_ctr}{Use Win32's - \texttt{QueryPerformanceCounter} as a high resolution timer.} - -\end{list} - -\pagebreak - -\section{Building Applications} - -\subsection{Unix} - -Botan usually links in several different system libraries (such as -\texttt{librt} and \texttt{libz}), depending on which modules are -configured at compile time. In many environments, particularly ones -using static libraries, an application has to link against the same -libraries as Botan for the linking step to succeed. But how does it -figure out what libraries it \emph{is} linked against? - -The answer is to ask the \filename{botan-config} script. This -basically solves the same problem all the other \filename{*-config} -scripts solve, and in basically the same manner. - -There are 4 options: - -\texttt{--prefix[=DIR]}: If no argument, print the prefix where Botan -is installed (such as \filename{/opt} or \filename{/usr/local}). If an -argument is specified, other options given with the same command will -execute as if Botan as actually installed at \filename{DIR} and not -where it really is; or at least where \filename{botan-config} thinks -it really is. I should mention that it - -\texttt{--version}: Print the Botan version number. - -\texttt{--cflags}: Print options that should be passed to the compiler -whenever a C++ file is compiled. Typically this is used for setting -include paths. - -\texttt{--libs}: Print options for which libraries to link to (this includes -\texttt{-lbotan}). - -Your \filename{Makefile} can run \filename{botan-config} and get the -options necessary for getting your application to compile and link, -regardless of whatever crazy libraries Botan might be linked against. - -Botan also by default installs a file for \texttt{pkg-config}, -namespaced by the major and minor versions. So it can be used, -for instance, as - -\begin{verbatim} -$ pkg-config botan-1.8 --modversion -1.8.0 -$ pkg-config botan-1.8 --cflags --I/usr/local/include -$ pkg-config botan-1.8 --libs --L/usr/local/lib -lbotan -lm -lbz2 -lpthread -lrt -\end{verbatim} - -\subsection{MS Windows} - -No special help exists for building applications on Windows. However, -given that typically Windows software is distributed as binaries, this -is less of a problem - only the developer needs to worry about it. As -long as they can remember where they installed Botan, they just have -to set the appropriate flags in their Makefile/project file. - -\end{document} diff --git a/botan/doc/credits.txt b/botan/doc/credits.txt deleted file mode 100644 index ef2ee6b..0000000 --- a/botan/doc/credits.txt +++ /dev/null @@ -1,78 +0,0 @@ - This is the credits file of people that have contributed to Botan. It uses - the same format as the Linux credits file. Please keep it sorted by last - name. - - The fields are: - N - name - E - email - W - web URL - P - PGP fingerprint - D - description - S - meatspace location ----------- - -N - Charles Brockman -W - http://www.securitygenetics.com/ -D - documentation editing -S - Oregon, USA - -N: Martin Doering -E: doering@cdc.informatik.tu-darmstadt.de -D: GF(p) arithmetic - -N: Matthew Gregan -D: Binary file I/O support, allocator fixes - -N: Hany Greiss -D: Windows porting - -N: Manuel Hartl -E: hartl@flexsecure.de -W: http://www.flexsecure.de/ -D: ECDSA, ECKAEG - -N: Yves Jerschow -E: yves.jerschow@uni-duesseldorf.de -D: Optimizations for memory load/store and HMAC -D: Support for IPv4 addresses in X.509 alternative names -S: Germany - -N: Matt Johnston -D: Allocator fixes and optimizations, decompressor fixes - -N: Peter J. Jones -E: pjones@pmade.org -D: Bzip2 compression module -S: Colorado, USA - -N: Justin Karneges -D: Qt support modules (mutexes and types), X.509 API design - -N: Jack Lloyd -E: lloyd@randombit.net -W: http://www.randombit.net/ -P: 3F69 2E64 6D92 3BBE E7AE 9258 5C0F 96E8 4EC1 6D6B -D: Original designer/author, maintainer 2001-current -S: Vermont, USA - -N: Joel Low -D: DLL symbol visibility - -N: Christoph Ludwig -E: ludwig@fh-worms.de -D: GP(p) arithmetic - -N: Vaclav Ovsik -E: vaclav.ovsik@i.cz -D: Perl XS module - -N: Luca Piccarreta -E: luca.piccarreta@gmail.com -D: x86/amd64 assembler, BigInt optimizations, Win32 mutex module -S: Italy - -N: Falko Strenzke -E: strenzke@flexsecure.de -W: http://www.flexsecure.de/ -D: GF(p) arithmetic, CVC, Shanks-Tonelli algorithm -S: Darmstadt, Germany diff --git a/botan/doc/examples/GNUmakefile b/botan/doc/examples/GNUmakefile deleted file mode 100644 index d854c81..0000000 --- a/botan/doc/examples/GNUmakefile +++ /dev/null @@ -1,21 +0,0 @@ - -BOTAN_CONFIG = botan-config - -CXX = g++ -CFLAGS = -O2 -ansi -W -Wall $(shell $(BOTAN_CONFIG) --cflags) -LIBS = $(shell $(BOTAN_CONFIG) --libs) - -SRCS=$(wildcard *.cpp) - -PROGS=$(patsubst %.cpp,%,$(SRCS)) - -all: $(PROGS) - -clean: - @rm -f $(PROGS) - -%: %.cpp - $(CXX) $(CFLAGS) $? $(LIBS) -o $@ - -eax_test: eax_test.cpp - $(CXX) $(CFLAGS) $? $(LIBS) -lboost_regex -o $@ diff --git a/botan/doc/examples/asn1.cpp b/botan/doc/examples/asn1.cpp deleted file mode 100644 index e8fc015..0000000 --- a/botan/doc/examples/asn1.cpp +++ /dev/null @@ -1,312 +0,0 @@ -/* - A simple ASN.1 parser, similiar to 'dumpasn1' or 'openssl asn1parse', though - without some of the bells and whistles of those. Primarily used for testing - the BER decoder. The output format is modeled loosely on 'asn1parse -i' - - The output is actually less precise than the other decoders named, because - the underlying BER_Decoder hides quite a bit from userspace, such as the use - of indefinite length encodings (and the EOC markers). At some point it will - also hide the constructed string types from the user, but right now you'll - seem them as-is. - - Written by Jack Lloyd, November 9-10, 2003 - - Nov 22: Updated to new BER_Object format (tag -> class_tag/type_tag) - - Nov 25: Much improved BIT STRING output - Can deal with non-constructed taggings - Can produce UTF-8 output - - This file is in the public domain. -*/ - -/*******************************************************************/ - -// Set this if your terminal understands UTF-8; otherwise output is in Latin-1 -#define UTF8_TERMINAL 1 - -/* - What level the outermost layer of stuff is at. Probably 0 or 1; asn1parse - uses 0 as the outermost, while 1 makes more sense to me. 2+ doesn't make - much sense at all. -*/ -#define INITIAL_LEVEL 0 - -/*******************************************************************/ - -#include <botan/botan.h> -#include <botan/bigint.h> -#include <botan/der_enc.h> -#include <botan/ber_dec.h> -#include <botan/asn1_obj.h> -#include <botan/oids.h> -#include <botan/pem.h> -#include <botan/charset.h> -using namespace Botan; - -#include <stdio.h> -#include <ctype.h> - -void decode(BER_Decoder&, u32bit); -void emit(const std::string&, u32bit, u32bit, const std::string& = ""); -std::string type_name(ASN1_Tag); - -int main(int argc, char* argv[]) - { - if(argc != 2) - { - printf("Usage: %s <file>\n", argv[0]); - return 1; - } - - Botan::LibraryInitializer init; - - try { - DataSource_Stream in(argv[1]); - - if(!PEM_Code::matches(in)) - { - BER_Decoder decoder(in); - decode(decoder, INITIAL_LEVEL); - } - else - { - std::string label; // ignored - BER_Decoder decoder(PEM_Code::decode(in, label)); - decode(decoder, INITIAL_LEVEL); - } - - } - catch(std::exception& e) - { - printf("%s\n", e.what()); - return 1; - } - return 0; - } - -void decode(BER_Decoder& decoder, u32bit level) - { - BER_Object obj = decoder.get_next_object(); - - while(obj.type_tag != NO_OBJECT) - { - const ASN1_Tag type_tag = obj.type_tag; - const ASN1_Tag class_tag = obj.class_tag; - const u32bit length = obj.value.size(); - - /* hack to insert the tag+length back in front of the stuff now - that we've gotten the type info */ - DER_Encoder encoder; - encoder.add_object(type_tag, class_tag, obj.value, obj.value.size()); - SecureVector<byte> bits = encoder.get_contents(); - - BER_Decoder data(bits); - - if(class_tag & CONSTRUCTED) - { - BER_Decoder cons_info(obj.value); - if(type_tag == SEQUENCE) - { - emit("SEQUENCE", level, length); - decode(cons_info, level+1); - } - else if(type_tag == SET) - { - emit("SET", level, length); - decode(cons_info, level+1); - } - else - { - std::string name; - - if((class_tag & APPLICATION) || (class_tag & CONTEXT_SPECIFIC) || - (class_tag & PRIVATE)) - { - name = "cons [" + to_string(type_tag) + "]"; - - if(class_tag & APPLICATION) - name += " appl"; - if(class_tag & CONTEXT_SPECIFIC) - name += " context"; - if(class_tag & PRIVATE) - name += " private"; - } - else - name = type_name(type_tag) + " (cons)"; - - emit(name, level, length); - decode(cons_info, level+1); - } - } - else if(class_tag == APPLICATION || class_tag == CONTEXT_SPECIFIC || - class_tag == PRIVATE) - { - bool not_text = false; - - for(u32bit j = 0; j != bits.size(); j++) - if(!isgraph(bits[j]) && !isspace(bits[j])) - not_text = true; - - Pipe pipe(((not_text) ? new Hex_Encoder : 0)); - pipe.process_msg(bits); - emit("[" + to_string(type_tag) + "]", level, length, - pipe.read_all_as_string()); - } - else if(type_tag == OBJECT_ID) - { - OID oid; - data.decode(oid); - - std::string out = OIDS::lookup(oid); - if(out != oid.as_string()) - out += " [" + oid.as_string() + "]"; - - emit(type_name(type_tag), level, length, out); - } - else if(type_tag == INTEGER) - { - BigInt number; - data.decode(number); - - SecureVector<byte> rep; - - /* If it's small, it's probably a number, not a hash */ - if(number.bits() <= 16) - rep = BigInt::encode(number, BigInt::Decimal); - else - rep = BigInt::encode(number, BigInt::Hexadecimal); - - std::string str; - for(u32bit j = 0; j != rep.size(); j++) - str += (char)rep[j]; - - emit(type_name(type_tag), level, length, str); - } - else if(type_tag == BOOLEAN) - { - bool boolean; - data.decode(boolean); - emit(type_name(type_tag), - level, length, (boolean ? "true" : "false")); - } - else if(type_tag == NULL_TAG) - { - emit(type_name(type_tag), level, length); - } - else if(type_tag == OCTET_STRING) - { - SecureVector<byte> bits; - data.decode(bits, type_tag); - bool not_text = false; - - for(u32bit j = 0; j != bits.size(); j++) - if(!isgraph(bits[j]) && !isspace(bits[j])) - not_text = true; - - Pipe pipe(((not_text) ? new Hex_Encoder : 0)); - pipe.process_msg(bits); - emit(type_name(type_tag), level, length, pipe.read_all_as_string()); - } - else if(type_tag == BIT_STRING) - { - SecureVector<byte> bits; - data.decode(bits, type_tag); - - std::vector<bool> bit_set; - - for(u32bit j = 0; j != bits.size(); j++) - for(u32bit k = 0; k != 8; k++) - bit_set.push_back((bool)((bits[bits.size()-j-1] >> (7-k)) & 1)); - - std::string bit_str; - for(u32bit j = 0; j != bit_set.size(); j++) - { - bool the_bit = bit_set[bit_set.size()-j-1]; - - if(!the_bit && bit_str.size() == 0) - continue; - bit_str += (the_bit ? "1" : "0"); - } - - emit(type_name(type_tag), level, length, bit_str); - } - else if(type_tag == PRINTABLE_STRING || - type_tag == NUMERIC_STRING || - type_tag == IA5_STRING || - type_tag == T61_STRING || - type_tag == VISIBLE_STRING || - type_tag == UTF8_STRING || - type_tag == BMP_STRING) - { - ASN1_String str; - data.decode(str); - if(UTF8_TERMINAL) - emit(type_name(type_tag), level, length, - Charset::transcode(str.iso_8859(), - LATIN1_CHARSET, UTF8_CHARSET)); - else - emit(type_name(type_tag), level, length, str.iso_8859()); - } - else if(type_tag == UTC_TIME || type_tag == GENERALIZED_TIME) - { - X509_Time time; - data.decode(time); - emit(type_name(type_tag), level, length, time.readable_string()); - } - else - fprintf(stderr, "Unknown tag: class=%02X, type=%02X\n", - class_tag, type_tag); - - obj = decoder.get_next_object(); - } - } - -void emit(const std::string& type, u32bit level, u32bit length, - const std::string& value) - { - const u32bit LIMIT = 128; - const u32bit BIN_LIMIT = 64; - - int written = 0; - written += printf(" d=%2d, l=%4d: ", level, length); - for(u32bit j = INITIAL_LEVEL; j != level; j++) - written += printf(" "); - written += printf("%s ", type.c_str()); - - bool should_skip = false; - if(value.length() > LIMIT) should_skip = true; - if((type == "OCTET STRING" || type == "BIT STRING") && - value.length() > BIN_LIMIT) - should_skip = true; - - if(value != "" && !should_skip) - { - if(written % 2 == 0) printf(" "); - while(written < 50) written += printf(" "); - printf(":%s\n", value.c_str()); - } - else - printf("\n"); - } - -std::string type_name(ASN1_Tag type) - { - if(type == PRINTABLE_STRING) return "PRINTABLE STRING"; - if(type == NUMERIC_STRING) return "NUMERIC STRING"; - if(type == IA5_STRING) return "IA5 STRING"; - if(type == T61_STRING) return "T61 STRING"; - if(type == UTF8_STRING) return "UTF8 STRING"; - if(type == VISIBLE_STRING) return "VISIBLE STRING"; - if(type == BMP_STRING) return "BMP STRING"; - - if(type == UTC_TIME) return "UTC TIME"; - if(type == GENERALIZED_TIME) return "GENERALIZED TIME"; - - if(type == OCTET_STRING) return "OCTET STRING"; - if(type == BIT_STRING) return "BIT STRING"; - - if(type == INTEGER) return "INTEGER"; - if(type == NULL_TAG) return "NULL"; - if(type == OBJECT_ID) return "OBJECT"; - if(type == BOOLEAN) return "BOOLEAN"; - return "(UNKNOWN)"; - } diff --git a/botan/doc/examples/base.cpp b/botan/doc/examples/base.cpp deleted file mode 100644 index eca0ccf..0000000 --- a/botan/doc/examples/base.cpp +++ /dev/null @@ -1,44 +0,0 @@ -/* - A simple template for Botan applications, showing startup, etc -*/ -#include <botan/botan.h> -using namespace Botan; - -/* This is how you can do compile-time version checking */ - -#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,6,3) - #error Your Botan installation is too old; upgrade to 1.6.3 or later -#endif - -#include <iostream> - -int main(int argc, char* argv[]) - { - Botan::LibraryInitializer init; - - try - { - /* Put it inside the try block so exceptions at startup/shutdown will - get caught. - - It will be initialized with default options - */ - - if(argc > 2) - { - std::cout << "Usage: " << argv[0] << "[initializer args]\n"; - return 2; - } - - std::string args = (argc == 2) ? argv[1] : ""; - - LibraryInitializer init(args); - // your operations here - } - catch(std::exception& e) - { - std::cout << e.what() << std::endl; - return 1; - } - return 0; - } diff --git a/botan/doc/examples/base64.cpp b/botan/doc/examples/base64.cpp deleted file mode 100644 index d35aaf5..0000000 --- a/botan/doc/examples/base64.cpp +++ /dev/null @@ -1,82 +0,0 @@ -/* -An Botan example application which emulates a poorly written version of -"uuencode -m" - -Written by Jack Lloyd (lloyd@randombit.net), in maybe an hour scattered -over 2000/2001 - -This file is in the public domain -*/ -#include <fstream> -#include <iostream> -#include <string> -#include <vector> -#include <cstring> -#include <cstdlib> -#include <botan/botan.h> - -int main(int argc, char* argv[]) - { - if(argc < 2) - { - std::cout << "Usage: " << argv[0] << " [-w] [-c n] [-e|-d] files...\n" - " -e : Encode input to base64 strings (default) \n" - " -d : Decode base64 input\n" - " -w : Wrap lines\n" - " -c n: Wrap lines at column n, default 78\n"; - return 1; - } - - Botan::LibraryInitializer init; - - int column = 78; - bool wrap = false; - bool encoding = true; - std::vector<std::string> files; - - for(int j = 1; argv[j] != 0; j++) - { - std::string this_arg = argv[j]; - - if(this_arg == "-w") - wrap = true; - else if(this_arg == "-e"); - else if(this_arg == "-d") - encoding = false; - else if(this_arg == "-c") - { - if(argv[j+1]) - { column = atoi(argv[j+1]); j++; } - else - { - std::cout << "No argument for -c option" << std::endl; - return 1; - } - } - else files.push_back(argv[j]); - } - - for(unsigned int j = 0; j != files.size(); j++) - { - std::istream* stream; - if(files[j] == "-") stream = &std::cin; - else stream = new std::ifstream(files[j].c_str()); - - if(!*stream) - { - std::cout << "ERROR, couldn't open " << files[j] << std::endl; - continue; - } - - Botan::Pipe pipe((encoding) ? - ((Botan::Filter*)new Botan::Base64_Encoder(wrap, column)) : - ((Botan::Filter*)new Botan::Base64_Decoder)); - pipe.start_msg(); - *stream >> pipe; - pipe.end_msg(); - pipe.set_default_msg(j); - std::cout << pipe; - if(files[j] != "-") delete stream; - } - return 0; - } diff --git a/botan/doc/examples/bench.cpp b/botan/doc/examples/bench.cpp deleted file mode 100644 index 37ef110..0000000 --- a/botan/doc/examples/bench.cpp +++ /dev/null @@ -1,98 +0,0 @@ -#include <botan/benchmark.h> -#include <botan/init.h> -#include <botan/auto_rng.h> -#include <botan/libstate.h> - -using namespace Botan; - -#include <iostream> - -double best_speed(const std::string& algorithm, - u32bit milliseconds, - RandomNumberGenerator& rng, - Timer& timer) - { - std::map<std::string, double> speeds = - algorithm_benchmark(algorithm, milliseconds, - timer, rng, - global_state().algorithm_factory()); - - double best_time = 0; - - for(std::map<std::string, double>::const_iterator i = speeds.begin(); - i != speeds.end(); ++i) - if(i->second > best_time) - best_time = i->second; - - return best_time; - } - -const std::string algos[] = { - "AES-128", - "AES-192", - "AES-256", - "Blowfish", - "CAST-128", - "CAST-256", - "DES", - "DESX", - "TripleDES", - "GOST", - "IDEA", - "KASUMI", - "Lion(SHA-256,Turing,8192)", - "Luby-Rackoff(SHA-512)", - "MARS", - "MISTY1", - "Noekeon", - "RC2", - "RC5(12)", - "RC5(16)", - "RC6", - "SAFER-SK(10)", - "SEED", - "Serpent", - "Skipjack", - "Square", - "TEA", - "Twofish", - "XTEA", - "Adler32", - "CRC32", - "FORK-256", - "GOST-34.11", - "HAS-160", - "HAS-V", - "MD2", - "MD4", - "MD5", - "RIPEMD-128", - "RIPEMD-160", - "SHA-160", - "SHA-256", - "SHA-384", - "SHA-512", - "Skein-512", - "Tiger", - "Whirlpool", - "CMAC(AES-128)", - "HMAC(SHA-1)", - "X9.19-MAC", - "", -}; - -int main() - { - LibraryInitializer init; - - u32bit milliseconds = 1000; - AutoSeeded_RNG rng; - Default_Benchmark_Timer timer; - - for(u32bit i = 0; algos[i] != ""; ++i) - { - std::string algo = algos[i]; - std::cout << algo << ' ' - << best_speed(algo, milliseconds, rng, timer) << "\n"; - } - } diff --git a/botan/doc/examples/benchmark.cpp b/botan/doc/examples/benchmark.cpp deleted file mode 100644 index d046e8d..0000000 --- a/botan/doc/examples/benchmark.cpp +++ /dev/null @@ -1,41 +0,0 @@ -#include <botan/botan.h> -#include <botan/benchmark.h> - -#include <iostream> -#include <string> -#include <map> -#include <cstdlib> - -int main(int argc, char* argv[]) - { - if(argc <= 2) - { - std::cout << "Usage: " << argv[0] << " seconds <algo1> <algo2> ...\n"; - return 1; - } - - Botan::LibraryInitializer init; - - Botan::AutoSeeded_RNG rng; - Botan::Default_Benchmark_Timer timer; - - Botan::Algorithm_Factory& af = Botan::global_state().algorithm_factory(); - - double ms = 1000 * std::atof(argv[1]); - - for(size_t i = 2; argv[i]; ++i) - { - std::string algo = argv[i]; - - std::map<std::string, double> results = - Botan::algorithm_benchmark(algo, ms, timer, rng, af); - - std::cout << algo << ":\n"; - for(std::map<std::string, double>::iterator r = results.begin(); - r != results.end(); ++r) - { - std::cout << " " << r->first << ": " << r->second << " MiB/s\n"; - } - std::cout << "\n"; - } - } diff --git a/botan/doc/examples/bzip.cpp b/botan/doc/examples/bzip.cpp deleted file mode 100644 index 02252fb..0000000 --- a/botan/doc/examples/bzip.cpp +++ /dev/null @@ -1,108 +0,0 @@ -/* -An Botan example application which emulates a poorly written version of bzip2 - -Written by Jack Lloyd (lloyd@randombit.net), Jun 9, 2001 - -This file is in the public domain -*/ -#include <string> -#include <cstring> -#include <vector> -#include <fstream> -#include <iostream> -#include <botan/botan.h> - -#if defined(BOTAN_HAS_COMPRESSOR_BZIP2) - #include <botan/bzip2.h> -#endif - -const std::string SUFFIX = ".bz2"; - -int main(int argc, char* argv[]) - { - if(argc < 2) - { - std::cout << "Usage: " << argv[0] - << " [-s] [-d] [-1...9] <filenames>" << std::endl; - return 1; - } - - Botan::LibraryInitializer init; - - std::vector<std::string> files; - bool decompress = false, small = false; - int level = 9; - - for(int j = 1; argv[j] != 0; j++) - { - if(std::strcmp(argv[j], "-d") == 0) { decompress = true; continue; } - if(std::strcmp(argv[j], "-s") == 0) { small = true; continue; } - if(std::strcmp(argv[j], "-1") == 0) { level = 1; continue; } - if(std::strcmp(argv[j], "-2") == 0) { level = 2; continue; } - if(std::strcmp(argv[j], "-3") == 0) { level = 3; continue; } - if(std::strcmp(argv[j], "-4") == 0) { level = 4; continue; } - if(std::strcmp(argv[j], "-5") == 0) { level = 5; continue; } - if(std::strcmp(argv[j], "-6") == 0) { level = 6; continue; } - if(std::strcmp(argv[j], "-7") == 0) { level = 7; continue; } - if(std::strcmp(argv[j], "-8") == 0) { level = 8; continue; } - if(std::strcmp(argv[j], "-9") == 0) { level = 9; continue; } - files.push_back(argv[j]); - } - - try { - - Botan::Filter* bzip = 0; -#ifdef BOTAN_HAS_COMPRESSOR_BZIP2 - if(decompress) - bzip = new Botan::Bzip_Decompression(small); - else - bzip = new Botan::Bzip_Compression(level); -#endif - - if(!bzip) - { - std::cout << "Sorry, support for bzip2 not compiled into Botan\n"; - return 1; - } - - Botan::Pipe pipe(bzip); - - for(unsigned int j = 0; j != files.size(); j++) - { - std::string infile = files[j], outfile = files[j]; - if(!decompress) - outfile = outfile += SUFFIX; - else - outfile = outfile.replace(outfile.find(SUFFIX), - SUFFIX.length(), ""); - - std::ifstream in(infile.c_str()); - std::ofstream out(outfile.c_str()); - if(!in) - { - std::cout << "ERROR: could not read " << infile << std::endl; - continue; - } - if(!out) - { - std::cout << "ERROR: could not write " << outfile << std::endl; - continue; - } - - pipe.start_msg(); - in >> pipe; - pipe.end_msg(); - pipe.set_default_msg(j); - out << pipe; - - in.close(); - out.close(); - } - } - catch(std::exception& e) - { - std::cout << "Exception caught: " << e.what() << std::endl; - return 1; - } - return 0; - } diff --git a/botan/doc/examples/ca.cpp b/botan/doc/examples/ca.cpp deleted file mode 100644 index 41dd409..0000000 --- a/botan/doc/examples/ca.cpp +++ /dev/null @@ -1,74 +0,0 @@ -/* - Implement the functionality of a simple CA: read in a CA certificate, - the associated private key, and a PKCS #10 certificate request. Sign the - request and print out the new certificate. - - File names are hardcoded for simplicity. - cacert.pem: The CA's certificate (perhaps created by self_sig) - caprivate.pem: The CA's private key - req.pem: The user's PKCS #10 certificate request - - Written by Jack Lloyd, May 19, 2003 - - This file is in the public domain. -*/ - -#include <botan/botan.h> -#include <botan/x509_ca.h> -#include <botan/util.h> -using namespace Botan; - -#include <iostream> -#include <memory> - -int main(int argc, char* argv[]) - { - if(argc != 5) - { - std::cout << "Usage: " << argv[0] << " <passphrase> " - << "<ca cert> <ca key> <pkcs10>" << std::endl; - return 1; - } - - Botan::LibraryInitializer init; - - try - { - const std::string arg_passphrase = argv[1]; - const std::string arg_ca_cert = argv[2]; - const std::string arg_ca_key = argv[3]; - const std::string arg_req_file = argv[4]; - - AutoSeeded_RNG rng; - - X509_Certificate ca_cert(arg_ca_cert); - - std::auto_ptr<PKCS8_PrivateKey> privkey( - PKCS8::load_key(arg_ca_key, rng, arg_passphrase) - ); - - X509_CA ca(ca_cert, *privkey); - - // got a request - PKCS10_Request req(arg_req_file); - - // you would insert checks here, and perhaps modify the request - // (this example should be extended to show how) - - // now sign the request - X509_Time start_time(system_time()); - X509_Time end_time(system_time() + 365 * 60 * 60 * 24); - - X509_Certificate new_cert = ca.sign_request(req, rng, - start_time, end_time); - - // send the new cert back to the requestor - std::cout << new_cert.PEM_encode(); - } - catch(std::exception& e) - { - std::cout << e.what() << std::endl; - return 1; - } - return 0; - } diff --git a/botan/doc/examples/checksum.cpp b/botan/doc/examples/checksum.cpp deleted file mode 100644 index 232be05..0000000 --- a/botan/doc/examples/checksum.cpp +++ /dev/null @@ -1,31 +0,0 @@ -#include <botan/botan.h> -#include <botan/filters.h> - -#include <iostream> - -using namespace Botan; - -int main(int argc, char* argv[]) - { - if(argc != 2) - { - std::cout << "Usage: " << argv[0] << " filename\n"; - return 1; - } - - Botan::LibraryInitializer init; - - Pipe pipe(new Fork( - new Chain(new Hash_Filter("CRC24"), new Hex_Encoder), - new Chain(new Hash_Filter("CRC32"), new Hex_Encoder), - new Chain(new Hash_Filter("Adler32"), new Hex_Encoder) - )); - - DataSource_Stream in(argv[1]); - - pipe.process_msg(in); - - std::cout << pipe.read_all_as_string(0) << "\n"; - std::cout << pipe.read_all_as_string(1) << "\n"; - std::cout << pipe.read_all_as_string(2) << "\n"; - } diff --git a/botan/doc/examples/cms_dec.cpp b/botan/doc/examples/cms_dec.cpp deleted file mode 100644 index 3fa2853..0000000 --- a/botan/doc/examples/cms_dec.cpp +++ /dev/null @@ -1,116 +0,0 @@ -#include <botan/botan.h> -#include <botan/pkcs8.h> -#include <botan/cms_dec.h> -using namespace Botan; - -#include <iostream> -#include <memory> - -int main(int argc, char* argv[]) - { - if(argc != 2) - { - printf("Usage: %s <filename>\n", argv[0]); - return 1; - } - - Botan::LibraryInitializer init; - - try { - AutoSeeded_RNG rng; - - X509_Certificate mycert("mycert.pem"); - PKCS8_PrivateKey* mykey = PKCS8::load_key("mykey.pem", rng, "cut"); - - X509_Certificate yourcert("yourcert.pem"); - X509_Certificate cacert("cacert.pem"); - X509_Certificate int_ca("int_ca.pem"); - - X509_Store store; - store.add_cert(mycert); - store.add_cert(yourcert); - store.add_cert(cacert, true); - store.add_cert(int_ca); - - DataSource_Stream message(argv[1]); - - User_Interface ui; - - CMS_Decoder decoder(message, store, ui, mykey); - - while(decoder.layer_type() != CMS_Decoder::DATA) - { - CMS_Decoder::Status status = decoder.layer_status(); - CMS_Decoder::Content_Type content = decoder.layer_type(); - - if(status == CMS_Decoder::FAILURE) - { - std::cout << "Failure reading CMS data" << std::endl; - break; - } - - if(content == CMS_Decoder::DIGESTED) - { - std::cout << "Digested data, hash = " << decoder.layer_info() - << std::endl; - std::cout << "Hash is " - << ((status == CMS_Decoder::GOOD) ? "good" : "bad") - << std::endl; - } - - if(content == CMS_Decoder::SIGNED) - { - // how to handle multiple signers? they can all exist within a - // single level... - - std::cout << "Signed by " << decoder.layer_info() << std::endl; - //std::cout << "Sign time: " << decoder.xxx() << std::endl; - std::cout << "Signature is "; - if(status == CMS_Decoder::GOOD) - std::cout << "valid"; - else if(status == CMS_Decoder::BAD) - std::cout << "bad"; - else if(status == CMS_Decoder::NO_KEY) - std::cout << "(cannot check, no known cert)"; - std::cout << std::endl; - } - if(content == CMS_Decoder::ENVELOPED || - content == CMS_Decoder::COMPRESSED || - content == CMS_Decoder::AUTHENTICATED) - { - if(content == CMS_Decoder::ENVELOPED) - std::cout << "Enveloped"; - if(content == CMS_Decoder::COMPRESSED) - std::cout << "Compressed"; - if(content == CMS_Decoder::AUTHENTICATED) - std::cout << "MACed"; - - std::cout << ", algo = " << decoder.layer_info() << std::endl; - - if(content == CMS_Decoder::AUTHENTICATED) - { - std::cout << "MAC status is "; - if(status == CMS_Decoder::GOOD) - std::cout << "valid"; - else if(status == CMS_Decoder::BAD) - std::cout << "bad"; - else if(status == CMS_Decoder::NO_KEY) - std::cout << "(cannot check, no key)"; - std::cout << std::endl; - } - } - decoder.next_layer(); - } - - if(decoder.layer_type() == CMS_Decoder::DATA) - std::cout << "Message is \"" << decoder.get_data() - << '"' << std::endl; - else - std::cout << "No data anywhere?" << std::endl; - } - catch(std::exception& e) - { - std::cerr << e.what() << std::endl; - } - return 0; - } diff --git a/botan/doc/examples/cms_enc.cpp b/botan/doc/examples/cms_enc.cpp deleted file mode 100644 index de16bba..0000000 --- a/botan/doc/examples/cms_enc.cpp +++ /dev/null @@ -1,53 +0,0 @@ -#include <botan/botan.h> -#include <botan/cms_enc.h> -using namespace Botan; - -#include <iostream> -#include <fstream> -#include <memory> - -int main() - { - Botan::LibraryInitializer init; - - try { - - X509_Certificate mycert("mycert.pem"); - X509_Certificate mycert2("mycert2.pem"); - X509_Certificate yourcert("yourcert.pem"); - X509_Certificate cacert("cacert.pem"); - X509_Certificate int_ca("int_ca.pem"); - - AutoSeeded_RNG rng; - - X509_Store store; - store.add_cert(mycert); - store.add_cert(mycert2); - store.add_cert(yourcert); - store.add_cert(int_ca); - store.add_cert(cacert, true); - - const std::string msg = "prioncorp: we don't toy\n"; - - CMS_Encoder encoder(msg); - - encoder.compress("Zlib"); - encoder.digest(); - encoder.encrypt(rng, mycert); - - /* - PKCS8_PrivateKey* mykey = PKCS8::load_key("mykey.pem", rng, "cut"); - encoder.sign(store, *mykey); - */ - - SecureVector<byte> raw = encoder.get_contents(); - std::ofstream out("out.der"); - - out.write((const char*)raw.begin(), raw.size()); - } - catch(std::exception& e) - { - std::cerr << e.what() << std::endl; - } - return 0; - } diff --git a/botan/doc/examples/cryptobox.cpp b/botan/doc/examples/cryptobox.cpp deleted file mode 100644 index 0a769b0..0000000 --- a/botan/doc/examples/cryptobox.cpp +++ /dev/null @@ -1,50 +0,0 @@ -/* -* Cryptobox example -*/ -#include <botan/botan.h> -#include <botan/cryptobox.h> -#include <fstream> -#include <iostream> -#include <vector> - -using namespace Botan; - -int main(int argc, char* argv[]) - { - LibraryInitializer init; - - AutoSeeded_RNG rng; - - if(argc != 3) - { - std::cout << "Usage: cryptobox pass filename\n"; - return 1; - } - - std::string pass = argv[1]; - std::string filename = argv[2]; - - std::ifstream input(filename.c_str()); - - std::vector<byte> file_contents; - while(input.good()) - { - byte filebuf[4096] = { 0 }; - input.read((char*)filebuf, sizeof(filebuf)); - size_t got = input.gcount(); - - file_contents.insert(file_contents.end(), filebuf, filebuf+got); - } - - std::string ciphertext = CryptoBox::encrypt(&file_contents[0], - file_contents.size(), - pass, rng); - - std::cout << ciphertext; - - /* - std::cout << CryptoBox::decrypt((const byte*)&ciphertext[0], - ciphertext.length(), - pass); - */ - } diff --git a/botan/doc/examples/decrypt.cpp b/botan/doc/examples/decrypt.cpp deleted file mode 100644 index 68d5f89..0000000 --- a/botan/doc/examples/decrypt.cpp +++ /dev/null @@ -1,158 +0,0 @@ -/* -Decrypt files encrypted with the 'encrypt' example application. - -I'm being lazy and writing the output to stdout rather than stripping off the -".enc" suffix and writing it there. So all diagnostics go to stderr so there is -no confusion. - -Written by Jack Lloyd (lloyd@randombit.net) on August 5, 2002 - -This file is in the public domain -*/ -#include <fstream> -#include <iostream> -#include <string> -#include <vector> -#include <cstring> -#include <memory> - -#include <botan/botan.h> - -#if defined(BOTAN_HAS_COMPRESSOR_ZLIB) - #include <botan/zlib.h> -#endif - -using namespace Botan; - -SecureVector<byte> b64_decode(const std::string&); - -int main(int argc, char* argv[]) - { - if(argc < 2) - { - std::cout << "Usage: " << argv[0] << " [-p passphrase] file\n" - << " -p : Use this passphrase to decrypt\n"; - return 1; - } - - Botan::LibraryInitializer init; - - std::string filename, passphrase; - - for(int j = 1; argv[j] != 0; j++) - { - if(std::strcmp(argv[j], "-p") == 0) - { - if(argv[j+1]) - { - passphrase = argv[j+1]; - j++; - } - else - { - std::cout << "No argument for -p option" << std::endl; - return 1; - } - } - else - { - if(filename != "") - { - std::cout << "You can only specify one file at a time\n"; - return 1; - } - filename = argv[j]; - } - } - - if(passphrase == "") - { - std::cout << "You have to specify a passphrase!" << std::endl; - return 1; - } - - std::ifstream in(filename.c_str()); - if(!in) - { - std::cout << "ERROR: couldn't open " << filename << std::endl; - return 1; - } - - std::string algo; - - try { - std::string header, salt_str, mac_str; - std::getline(in, header); - std::getline(in, algo); - std::getline(in, salt_str); - std::getline(in, mac_str); - - if(header != "-------- ENCRYPTED FILE --------") - { - std::cout << "ERROR: File is missing the usual header" << std::endl; - return 1; - } - - if(!have_block_cipher(algo)) - { - std::cout << "Don't know about the block cipher \"" << algo << "\"\n"; - return 1; - } - - const u32bit key_len = max_keylength_of(algo); - const u32bit iv_len = block_size_of(algo); - - std::auto_ptr<S2K> s2k(get_s2k("PBKDF2(SHA-1)")); - s2k->set_iterations(8192); - s2k->change_salt(b64_decode(salt_str)); - - SymmetricKey bc_key = s2k->derive_key(key_len, "BLK" + passphrase); - InitializationVector iv = s2k->derive_key(iv_len, "IVL" + passphrase); - SymmetricKey mac_key = s2k->derive_key(16, "MAC" + passphrase); - - Pipe pipe(new Base64_Decoder, - get_cipher(algo + "/CBC", bc_key, iv, DECRYPTION), -#ifdef BOTAN_HAS_COMPRESSOR_ZLIB - new Zlib_Decompression, -#endif - new Fork( - 0, - new Chain(new MAC_Filter("HMAC(SHA-1)", mac_key), - new Base64_Encoder) - ) - ); - - pipe.start_msg(); - in >> pipe; - pipe.end_msg(); - - std::string our_mac = pipe.read_all_as_string(1); - if(our_mac != mac_str) - std::cout << "WARNING: MAC in message failed to verify\n"; - - std::cout << pipe.read_all_as_string(0); - } - catch(Algorithm_Not_Found) - { - std::cout << "Don't know about the block cipher \"" << algo << "\"\n"; - return 1; - } - catch(Decoding_Error) - { - std::cout << "Bad passphrase or corrupt file\n"; - return 1; - } - catch(std::exception& e) - { - std::cout << "Exception caught: " << e.what() << std::endl; - return 1; - } - return 0; - } - -SecureVector<byte> b64_decode(const std::string& in) - { - Pipe pipe(new Base64_Decoder); - pipe.process_msg(in); - return pipe.read_all(); - } diff --git a/botan/doc/examples/dh.cpp b/botan/doc/examples/dh.cpp deleted file mode 100644 index c808928..0000000 --- a/botan/doc/examples/dh.cpp +++ /dev/null @@ -1,59 +0,0 @@ -/* - A simple DH example - - Written by Jack Lloyd (lloyd@randombit.net), on December 24, 2003 - - This file is in the public domain -*/ -#include <botan/botan.h> -#include <botan/dh.h> -#include <botan/rng.h> -using namespace Botan; - -#include <iostream> -#include <memory> - -int main() - { - Botan::LibraryInitializer init; - - try - { - AutoSeeded_RNG rng; - - // Alice creates a DH key and sends (the public part) to Bob - DH_PrivateKey private_a(rng, DL_Group("modp/ietf/1024")); - DH_PublicKey public_a = private_a; // Bob gets this - - // Bob creates a key with a matching group - DH_PrivateKey private_b(rng, public_a.get_domain()); - - // Bob sends the key back to Alice - DH_PublicKey public_b = private_b; // Alice gets this - - // Both of them create a key using their private key and the other's - // public key - SymmetricKey alice_key = private_a.derive_key(public_b); - SymmetricKey bob_key = private_b.derive_key(public_a); - - if(alice_key == bob_key) - { - std::cout << "The two keys matched, everything worked\n"; - std::cout << "The shared key was: " << alice_key.as_string() << "\n"; - } - else - { - std::cout << "The two keys didn't match!\n"; - std::cout << "Alice's key was: " << alice_key.as_string() << "\n"; - std::cout << "Bob's key was: " << bob_key.as_string() << "\n"; - } - - // Now Alice and Bob hash the key and use it for something - } - catch(std::exception& e) - { - std::cout << e.what() << std::endl; - return 1; - } - return 0; - } diff --git a/botan/doc/examples/dsa_kgen.cpp b/botan/doc/examples/dsa_kgen.cpp deleted file mode 100644 index 4669cf7..0000000 --- a/botan/doc/examples/dsa_kgen.cpp +++ /dev/null @@ -1,66 +0,0 @@ -/* -Generate a 1024 bit DSA key and put it into a file. The public key format is -that specified by X.509, while the private key format is PKCS #8. - -The domain parameters are the ones specified as the Java default DSA -parameters. There is nothing special about these, it's just the only 1024-bit -DSA parameter set that's included in Botan at the time of this writing. The -application always reads/writes all of the domain parameters to/from the file, -so a new set could be used without any problems. We could generate a new set -for each key, or read a set of DSA params from a file and use those, but they -mostly seem like needless complications. - -Written by Jack Lloyd (lloyd@randombit.net), August 5, 2002 - Updated to use X.509 and PKCS #8 formats, October 21, 2002 - -This file is in the public domain -*/ - -#include <iostream> -#include <fstream> -#include <string> -#include <botan/botan.h> -#include <botan/dsa.h> -#include <botan/rng.h> -using namespace Botan; - -#include <memory> - -int main(int argc, char* argv[]) - { - if(argc != 1 && argc != 2) - { - std::cout << "Usage: " << argv[0] << " [passphrase]" << std::endl; - return 1; - } - - Botan::LibraryInitializer init; - - std::ofstream priv("dsapriv.pem"); - std::ofstream pub("dsapub.pem"); - if(!priv || !pub) - { - std::cout << "Couldn't write output files" << std::endl; - return 1; - } - - try - { - AutoSeeded_RNG rng; - - DL_Group group(rng, DL_Group::DSA_Kosherizer, 2048, 256); - - DSA_PrivateKey key(rng, group); - - pub << X509::PEM_encode(key); - if(argc == 1) - priv << PKCS8::PEM_encode(key); - else - priv << PKCS8::PEM_encode(key, rng, argv[1]); - } - catch(std::exception& e) - { - std::cout << "Exception caught: " << e.what() << std::endl; - } - return 0; - } diff --git a/botan/doc/examples/dsa_sign.cpp b/botan/doc/examples/dsa_sign.cpp deleted file mode 100644 index caf0503..0000000 --- a/botan/doc/examples/dsa_sign.cpp +++ /dev/null @@ -1,83 +0,0 @@ -/* -Decrypt an encrypted DSA private key. Then use that key to sign a message. - -Written by Jack Lloyd (lloyd@randombit.net), August 5, 2002 - Updated to use X.509 and PKCS #8 format keys, October 21, 2002 - -This file is in the public domain -*/ - -#include <iostream> -#include <iomanip> -#include <fstream> -#include <string> -#include <memory> - -#include <botan/botan.h> -#include <botan/look_pk.h> -#include <botan/dsa.h> -using namespace Botan; - -const std::string SUFFIX = ".sig"; - -int main(int argc, char* argv[]) - { - if(argc != 4) - { - std::cout << "Usage: " << argv[0] << " keyfile messagefile passphrase" - << std::endl; - return 1; - } - - Botan::LibraryInitializer init; - - try { - std::string passphrase(argv[3]); - - std::ifstream message(argv[2]); - if(!message) - { - std::cout << "Couldn't read the message file." << std::endl; - return 1; - } - - std::string outfile = argv[2] + SUFFIX; - std::ofstream sigfile(outfile.c_str()); - if(!sigfile) - { - std::cout << "Couldn't write the signature to " - << outfile << std::endl; - return 1; - } - - AutoSeeded_RNG rng; - - std::auto_ptr<PKCS8_PrivateKey> key( - PKCS8::load_key(argv[1], rng, passphrase) - ); - - DSA_PrivateKey* dsakey = dynamic_cast<DSA_PrivateKey*>(key.get()); - - if(!dsakey) - { - std::cout << "The loaded key is not a DSA key!\n"; - return 1; - } - - PK_Signer signer(*dsakey, get_emsa("EMSA1(SHA-1)")); - - DataSource_Stream in(message); - byte buf[4096] = { 0 }; - while(u32bit got = in.read(buf, sizeof(buf))) - signer.update(buf, got); - - Pipe pipe(new Base64_Encoder); - pipe.process_msg(signer.signature(rng)); - sigfile << pipe.read_all_as_string() << std::endl; - } - catch(std::exception& e) - { - std::cout << "Exception caught: " << e.what() << std::endl; - } - return 0; - } diff --git a/botan/doc/examples/dsa_ver.cpp b/botan/doc/examples/dsa_ver.cpp deleted file mode 100644 index 3b7ea02..0000000 --- a/botan/doc/examples/dsa_ver.cpp +++ /dev/null @@ -1,92 +0,0 @@ -/* -Grab an DSA public key from the file given as an argument, grab a signature -from another file, and verify the message (which, suprise, is also in a file). - -The signature format isn't particularly standard, but it's not bad. It's simply -the IEEE 1363 signature format, encoded into base64 with a trailing newline - -Written by Jack Lloyd (lloyd@randombit.net), August 5, 2002 - Updated to use X.509 format keys, October 21, 2002 - -This file is in the public domain -*/ - -#include <iostream> -#include <iomanip> -#include <fstream> -#include <cstdlib> -#include <string> -#include <memory> - -#include <botan/botan.h> -#include <botan/look_pk.h> -#include <botan/dsa.h> -using namespace Botan; - -SecureVector<byte> b64_decode(const std::string& in) - { - Pipe pipe(new Base64_Decoder); - pipe.process_msg(in); - return pipe.read_all(); - } - -int main(int argc, char* argv[]) - { - if(argc != 4) - { - std::cout << "Usage: " << argv[0] - << " keyfile messagefile sigfile" << std::endl; - return 1; - } - - Botan::LibraryInitializer init; - - std::ifstream message(argv[2]); - if(!message) - { - std::cout << "Couldn't read the message file." << std::endl; - return 1; - } - - std::ifstream sigfile(argv[3]); - if(!sigfile) - { - std::cout << "Couldn't read the signature file." << std::endl; - return 1; - } - - try { - std::string sigstr; - getline(sigfile, sigstr); - - std::auto_ptr<X509_PublicKey> key(X509::load_key(argv[1])); - DSA_PublicKey* dsakey = dynamic_cast<DSA_PublicKey*>(key.get()); - if(!dsakey) - { - std::cout << "The loaded key is not a DSA key!\n"; - return 1; - } - - SecureVector<byte> sig = b64_decode(sigstr); - - std::auto_ptr<PK_Verifier> ver(get_pk_verifier(*dsakey, "EMSA1(SHA-1)")); - - DataSource_Stream in(message); - byte buf[4096] = { 0 }; - while(u32bit got = in.read(buf, sizeof(buf))) - ver->update(buf, got); - - bool ok = ver->check_signature(sig); - - if(ok) - std::cout << "Signature verified\n"; - else - std::cout << "Signature did NOT verify\n"; - } - catch(std::exception& e) - { - std::cout << "Exception caught: " << e.what() << std::endl; - return 1; - } - return 0; - } diff --git a/botan/doc/examples/eax_test.cpp b/botan/doc/examples/eax_test.cpp deleted file mode 100644 index 283e335..0000000 --- a/botan/doc/examples/eax_test.cpp +++ /dev/null @@ -1,241 +0,0 @@ -#include <fstream> -#include <iostream> -#include <sstream> -#include <boost/regex.hpp> - -#include <botan/botan.h> -#include <botan/eax.h> - -using namespace Botan; - -unsigned to_string(const std::string& s) - { - std::istringstream stream(s); - unsigned n; - stream >> n; - return n; - } - -std::string seq(unsigned n) - { - std::string s; - - for(unsigned i = 0; i != n; ++i) - { - unsigned char b = (i & 0xFF); - - const char bin2hex[] = { '0', '1', '2', '3', '4', '5', '6', '7', - '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' }; - - s += bin2hex[(b >> 4)]; - s += bin2hex[(b & 0x0f)]; - } - - return s; - } - -void eax_test(const std::string& algo, - const std::string& key_str, - const std::string& nonce_str, - const std::string& header_str, - const std::string& tag_str, - const std::string& plaintext_str, - const std::string& ciphertext) - { - /* - printf("EAX(algo=%s key=%s nonce=%s header=%s tag=%s pt=%s ct=%s)\n", - algo.c_str(), key_str.c_str(), nonce_str.c_str(), header_str.c_str(), tag_str.c_str(), - plaintext_str.c_str(), ciphertext.c_str()); - */ - - SymmetricKey key(key_str); - InitializationVector iv(nonce_str); - - EAX_Encryption* enc; - - Pipe pipe(new Hex_Decoder, - enc = new EAX_Encryption(get_block_cipher(algo)), - new Hex_Encoder); - - enc->set_key(key); - enc->set_iv(iv); - - OctetString header(header_str); - - enc->set_header(header.begin(), header.length()); - - pipe.start_msg(); - pipe.write(plaintext_str); - pipe.end_msg(); - - std::string out = pipe.read_all_as_string(); - - if(out != ciphertext + tag_str) - { - printf("BAD enc %s '%s' != '%s%s'\n", algo.c_str(), - out.c_str(), ciphertext.c_str(), tag_str.c_str()); - } - else - printf("OK enc %s\n", algo.c_str()); - - try - { - EAX_Decryption* dec; - Pipe pipe2(new Hex_Decoder, - dec = new EAX_Decryption(get_block_cipher(algo)), - new Hex_Encoder); - - dec->set_key(key); - dec->set_iv(iv); - - dec->set_header(header.begin(), header.length()); - - pipe2.start_msg(); - pipe2.write(ciphertext); - pipe2.write(tag_str); - pipe2.end_msg(); - - std::string out2 = pipe2.read_all_as_string(); - - if(out2 != plaintext_str) - { - printf("BAD decrypt %s '%s'\n", algo.c_str(), out2.c_str()); - } - else - printf("OK decrypt %s\n", algo.c_str()); - } - catch(std::exception& e) - { - printf("%s\n", e.what()); - } - - } - -std::pair<std::string, int> translate_algo(const std::string& in) - { - if(in == "aes (16 byte key)") - return std::make_pair("AES-128", 16); - - if(in == "blowfish (8 byte key)") - return std::make_pair("Blowfish", 8); - - if(in == "rc2 (8 byte key)") - return std::make_pair("RC2", 8); - - if(in == "rc5 (8 byte key)") - return std::make_pair("RC5", 8); - - if(in == "rc6 (16 byte key)") - return std::make_pair("RC6", 16); - - if(in == "safer-sk128 (16 byte key)") - return std::make_pair("SAFER-SK(10)", 16); - - if(in == "twofish (16 byte key)") - return std::make_pair("Twofish", 16); - - if(in == "des (8 byte key)") - return std::make_pair("DES", 8); - - if(in == "3des (24 byte key)") - return std::make_pair("TripleDES", 24); - - // These 3 are disabled due to differences in base algorithm. - -#if 0 - // XTEA: LTC uses little endian, Botan (and Crypto++) use big-endian - // I swapped to LE in XTEA and the vectors did match - if(in == "xtea (16 byte key)") - return std::make_pair("XTEA", 16); - - // Skipjack: LTC uses big-endian, Botan (and Crypto++) use - // little-endian I am not sure if that was the full difference - // though, was unable to replicate LTC's EAX vectors with Skipjack - if(in == "skipjack (10 byte key)") - return std::make_pair("Skipjack", 10); - - // Noekeon: unknown cause, though LTC's lone test vector does not - // match Botan - - if(in == "noekeon (16 byte key)") - return std::make_pair("Noekeon", 16); - -#endif - - return std::make_pair("", 0); - } - -std::string rep(const std::string& s_in, unsigned n) - { - std::string s_out; - - for(unsigned i = 0; i != n; ++i) - s_out += s_in[i % s_in.size()]; - - return s_out; - } - -void run_tests(std::istream& in) - { - std::string algo; - std::string key; - - while(in.good()) - { - std::string line; - - std::getline(in, line); - - if(line == "") - continue; - - if(line.size() > 5 && line.substr(0, 4) == "EAX-") - { - std::pair<std::string, int> name_and_keylen = - translate_algo(line.substr(4)); - - algo = name_and_keylen.first; - key = seq(name_and_keylen.second); - } - else if(algo != "") - { - boost::regex vec_regex("^([ 0-9]{3}): (.*), (.*)$"); - - boost::smatch what; - - if(boost::regex_match(line, what, vec_regex, boost::match_extra)) - { - unsigned n = to_string(what[1]); - std::string ciphertext = what[2]; - std::string tag = what[3]; - - std::string plaintext = seq(n); - std::string header = seq(n); - std::string nonce = seq(n); - - eax_test(algo, key, nonce, header, tag, - plaintext, ciphertext); - - key = rep(tag, key.size()); // repeat as needed - } - } - } - - - } - -int main() - { - std::ifstream in("eax_tv.txt"); - - Botan::LibraryInitializer init; - - if(!in) - { - std::cerr << "Couldn't read input file\n"; - return 1; - } - - run_tests(in); - - } diff --git a/botan/doc/examples/eax_tv.txt b/botan/doc/examples/eax_tv.txt deleted file mode 100644 index 95cd7c1..0000000 --- a/botan/doc/examples/eax_tv.txt +++ /dev/null @@ -1,461 +0,0 @@ -EAX Test Vectors. Uses the 00010203...NN-1 pattern for header/nonce/plaintext/key. The outputs -are of the form ciphertext,tag for a given NN. The key for step N>1 is the tag of the previous -step repeated sufficiently. - -EAX-aes (16 byte key) - 0: , 9AD07E7DBFF301F505DE596B9615DFFF - 1: 47, 57C4AC75A42D05260AFA093ACD4499ED - 2: C4E2, 26C5AB00325306772E6F6E4C8093F3D2 - 3: 16177B, 852260F91F27898D4FC176E311F6E1D1 - 4: F09F68BE, 700766CA231643B5D60C3B91B1B700C1 - 5: 8472705EDF, AC4C3359326EEA4CF71FC03E0E0292F2 - 6: 14C25EB5FD0D, 8DBD749CA79CCF11C1B370F8C975858C - 7: F6A37F60670A85, AFBD1D5921557187504ADE61014C9622 - 8: 1AACFEAE8FBAD833, 82F477325D6F76BB81940AE25F9801C2 - 9: 069414324EC293697C, B980E21C09CA129B69E9032D980A9DC5 - 10: D8174DE9A2FC92B7DA9C, 1E42CC58BA2C8BFD83806444EA29DB61 - 11: 2C087DEA30F8B7EE510990, 83DB400A080C4D43CAA6EC3F1085A923 - 12: F36B93C272A703D3422C6A11, 1370C3AF2F3392916364BBBCC2C62EC1 - 13: A0F33477BAE2E28E6747AA3193, B626DC719528CAC65DB0EF94E35422CE - 14: FCF5193506052E8BFA095C1A5205, F5BD02E0B3C91CC7D6FAAA8A9A76CE6A - 15: 3797D7F8599B8EEAB39C56241880DC, 0B70003E77146B903F06EF294FECD517 - 16: C4BAD0E0356FFD369110C048D45D81BE, DE7C2B1D83BE2CC8EA402ABE1038BB79 - 17: AF5C358BD31CDCAC2F0EA5252F1C3BE1E4, 2D700986F93B22DFE6695C2A243B4E42 - 18: 7DEF9056FBDAF491D7206B26B19DEF617AA1, E71A7D00BE972D85C77931D7591B2151 - 19: 6E9B2C0A90BF9D38A6EA3B5D2B9B2D97F938EB, 5B483D7F15C39602C2918181E57DA341 - 20: 7C5F68DEE9BBA3B04F11D5FC7C9C7FE6E8B5025C, 0AE6A12D37A9C10BB1A494E16705DC05 - 21: AF0A886BF673BC72045FC074F06A0176C96105E2E6, 06B2DC9A2868C23F86D710E01E37E07B - 22: 5F228A986DFE4301EDBAF07A02E114F1B30932995CD1, 74EBF68627C78B1FD024A59B56B2A8FA - 23: 911322F60555118CBECD8DD82F186AC19514316E8D48BA, B6A8BAF2F175CD0C71B63B1EF37E185E - 24: E7F52730CFB808EFDB376A5D5DF31A7EF8292DC5FC37E9BC, BA2AD158A2D2E5CE01296402B592E1DB - 25: B3F8D7CA47D8D86E94D670AFBAFA3B8D9E186C97DC029D4705, 709D2D2B9975D4729C19D4EAC430E65E - 26: 7178FEC027AFADDC2C03518E75CF34D207CAC2EB1537A0DBA520, A315F034CE5E66601444402520F55DE2 - 27: FC230B2B8522F53459D0B968421469BBA7E683ACB0190393B2870F, 48679A78E470E175CF3D3E9B46CEDFCE - 28: 35A641127C78C721ECDC50866C21637FDC9515E41CE60F09015EA713, 0062987222F6412B7AAF8A9ABF6FBF98 - 29: 3D42D6C113421743C08A6F682CFA0E517D5531BB66241C02EC4DCC26F7, B1AAFE11FA2D6E0C870177DDD7F98FF0 - 30: DAD065B4669B7C59C8392D8E7BD7E64BC01CEFFF27E335B25A328D356F0E, 8973B9B9ECF26DAB58CCF0787EE928E5 - 31: EBE626F9E241FD233D9781C359430C982667AA26921B62E98FAEC502C01B0B, 2AC0D7052A2CDCCE8E26FEA7595198AA - 32: 64D842B66796A797C2B4C6905742FDF2148FFC445E192F9E03B53810C082F788, 9778B345EC12D222DCC6DBABD2651750 - -EAX-blowfish (8 byte key) - 0: , D8C4C23A6AC0B7B7 - 1: 2A, 5E0E4BDDB60772FB - 2: 7695, 7581B16CCC9C45F1 - 3: EB14C8, 6223A121CFA216C7 - 4: 5A5C809C, 4A47658796337D6A - 5: 8BC2041181, E1FBA8DBA00571FC - 6: 89C666F015FA, 2B4A76A0E699FCFE - 7: 86C1FA92484AF6, 31B3B738A261D6F5 - 8: D1F401C145C9328B, 4C4A045EB489F59C - 9: 70C9C7753698324A73, AB298B5B20567EB4 - 10: A50D9D88DC101B6DC8D2, 529DFCBFD13B8E6C - 11: 7CC2885C2BE79C44F28FF2, 566255022B40C81C - 12: 6902D58347C29250EE07981C, 34619AF18E14C690 - 13: AB6C3C4AD3EC45143392B642DA, E6D2DD323DA175BB - 14: 7065B28BA8AB67B2FB7B6D5E3FAF, AEDCAA54F4B0772F - 15: CBBA14A74AD4ADC0EF036EDAE42D51, F2BFFA4D81BAC034 - 16: 60A315193F58144F5701D547C79FEEED, 912FDBDB05467DF5 - -EAX-xtea (16 byte key) - 0: , 86881D824E3BC561 - 1: EE, 4C3505F04611D9C2 - 2: 80C8, 6A3428BEEAD60738 - 3: BF88E7, 04F1E99E9F5906C2 - 4: E06574B7, 33B0153AAEF9776F - 5: 42D950AF63, 4A0F415640322FDF - 6: C30F6AD46EC9, 9646FE909D2B95CB - 7: A0049FCA856A14, A0257289C6BBF278 - 8: 2814B0C1358440E0, C4B0A2354925E887 - 9: BF4F062B52C1E489CF, B56442A3CA57A041 - 10: 63DF433956831B8780FC, ADF9ED0B46DCA19E - 11: C317FD079817F50E0E8A16, 2EA0EC993FC603AE - 12: 2BD12FDDD81EB11660346D2A, FBC6F69125BBA88D - 13: 85D356536FE2843C6BBE60EDBC, BB2FEFD04F230E79 - 14: 22493009DB01B4746F4927A8C4FB, 64CC08471D93C9AC - 15: C0F3C0DB08DC93FBA725D1E02DE084, 77B762213DDCCFFE - 16: 568B66D3112556BD98FF9339E9C002E5, C8355F508219FE0C - -EAX-rc5 (8 byte key) - 0: , 169C7954341EF44D - 1: 22, DABFDA9A0B0BA067 - 2: 2E54, 6A3D6D9AA5877C5A - 3: 2A6ECF, 2A34A3AF5DE8919E - 4: 9CC5F84F, D3F673EDAF75E3B5 - 5: FF5611756C, CC647FAAC8D49BF1 - 6: 74C939BEB31C, C335999CCFE8F5FA - 7: 7976B6F7709B5F, 2A7969C5FD063A88 - 8: 421EEC5022276174, 2C9BFB1EAC3C54A2 - 9: 6A4761CD266B1C0ECB, 3EA3CCEBC85FAC4E - 10: 7C09201098E764239A2E, 8043ABA9BF4D5AEE - 11: 8CE26277562F646DE33C88, D72AED48895E3B40 - 12: 52150F44D37D121560DA87F6, 58E865E22B485906 - 13: BA0A73B45F93ECFBFC3AB3D8D0, 683D52FA47FB1A52 - 14: 96546CBE01054AD24CC95DB54724, D80D0D530E5D1DDE - 15: 61E654BB18CD26FC36C09F874DC2C7, C65884CB9D9FEC1E - 16: 1D77B8BF02CDEAB4A707C07628826D5B, F18D1730C3D64701 - -EAX-rc6 (16 byte key) - 0: , 1DF8B0B92A3F0C951C425AF4830E63FD - 1: 1A, 8A2959EBBE90180999994DEB7036DB85 - 2: 435D, 7EF00CB57DB7B4155DB530D75CE6B025 - 3: 08A6CF, 2ED6AF0F2D5BAB05F623D389480A01F2 - 4: A86E54D3, FC69547C8BD922A5BF2F7B26C4D20F98 - 5: ED0822E439, 0007A3C6DEFC6C912C0E5B853B520368 - 6: 7BEFC7FD4054, D32C43A4D1086D57C5BCFAEE04EBC600 - 7: 5235E58E79287C, A27E9C781327C0FC7C55410EB0C828A9 - 8: CEB5EE99BE521F4D, 547F46383987F2A3582A81A3BCF9B280 - 9: 0358B063D5F99C3770, C0A73730512CDA6AD49599775D59EDA1 - 10: 434B9AEE07DFADD0A332, 499BD88881E558E09A8E822BE27D2496 - 11: D47849E650F350BB622D74, 638E37A84E7FAAF8F5D77F1B061773DC - 12: 814592F568284085E79A024B, 9EB1405E8422FE50BC0D88D837A2C650 - 13: 6F2B55EC91B591082053AF692E, C48F91EF01AA43A1EE3B36D233DDD48B - 14: 506CBDD2901838EE2F178B6953DA, 03778957F536509BFCA577B23A18F726 - 15: 446EE435D3D1848B51BB8C5F7BE4A1, 1129EAEAADE534940546D43242A4C839 - 16: FB9D2B150C42465B1685D8F069CC06DB, 41E2940F5DC63CB4E2FBEC25ED8A31E6 - 17: 9684F683260107BE8FEBBEE1D3EEDAA7BD, BAE7C116F7FF96631F4ACEE95C65CEF3 - 18: 5082B1FE48CD3AB58F63C2DCFDD4069AC736, 19AC7B8EE315CBB7131A283851B32266 - 19: 8C72AE495B6F003A3C784D144E84E88885F78E, FA4CEC023740A8D670E351FBCF62C1CB - 20: 815D6361C7AE34C9D796ADF9C71ABC46AEF88BC9, 9A1F7288C61A6623B9A82748137ED7CC - 21: 904A853E2E96BD2B85AAB3F5DFB900E9B3642EE667, 9AA90DBDD461CAD20495DCFBCB513DD2 - 22: 79D738A462F727B3D3C529ED999B6FDCCD991D1C5A4D, BF0987BEDDE650D73CAE7D380FED3431 - 23: B2DEFDB7D503A84E83155A04B8DE8C8DBB68C2FC475007, B7CE900CF43CD518024123C76F6DA328 - 24: 9E723E15439E12F6C46DF8A309AE1E97B6FD18436259CFB0, DF8B6E1E23512CC4CF5FF531A1908F69 - 25: A7F0AD03CEBCC9202718AA164886E1026975306A664C5AC7A9, 4A771BF8B9A4325705C85E5499FD98E9 - 26: A53A92AD1C6835F28E04EF591E783D36F3D76E489B31B87BEB7A, AA263B52A6E6A043DE4D7029D4DC73F5 - 27: 79BE3C38291A7F77E932C8A9DEAC08DE6442EA9B3895B101A14E7B, 33B84DE06342E675E019CD0237292ED0 - 28: FA108123C5A69571CFDFE8C3D00535121FDE3096DDC0D700F8F26A5A, 764025D7CA1A3F2C54D28956423B0C77 - 29: 36EC2D67FD977BD2B73DB6D8EB756B3EADA13690E1B6DFC12A4781B34B, 4BC6B38DE3B02283D92F4DF19A5C48C5 - 30: 96D3243C945905C9732B5927E46F00886D511463B38C86002FC26B65AB8C, 5B5511CDEC35687AB8425AB22D58B4F1 - 31: 9CF83B87BEA3374AF7722E999863E3DABB858B0383383EAC7757F5B80FD44B, 1E0CBC961940FDA93B73A92DACFD67F3 - 32: CE3BC3C9FA5EF4AFE5272B3EDD24B1B003FED2C2E501528CFF44D3FABFF52CB4, DC94FDDC78AAB2B7CAA1E1EF149AC355 - -EAX-safer+ (16 byte key) - 0: , B120C7B37450C46189712E4DFD1F0C44 - 1: CA, 82BA1869C5FF1EF2A4F6ADC1E7DC1F1D - 2: DD20, 6BD5601B16C9943A84AC1F99A176E6D1 - 3: C1C09F, 0911DC63AA414C004E2BD825BECDC93B - 4: 27E43F59, BD858F084B082F76814DC385E1FB20D1 - 5: 2A9A92F246, 5ADC4A32491934AC0BD00FCE686B26F1 - 6: 52C78C0CD6F4, F35886F46C03EDCA10B3D01CF07B1E0A - 7: 23E0D3CED3795F, FE33D96FC98B78A30C0A412C60E93992 - 8: CD3FC9961559F239, 9982364A61609FC41068260267231EE9 - 9: 6EA46CB7AD7505C1BC, BB15053EF0F78B9091B3064118F3E9BF - 10: 05D9BA230A56CCA0703A, 1338E68E3DC992B6EB2685C668E75869 - 11: 7AAD6049DFDCA6771AE42B, 35267E431051E1812495615324C4CBE6 - 12: 8695091532B83B23C296F620, 7B2EEA861E9A91E6B6A911E10FC3FDD1 - 13: D909DA4BC7372ACAEA78E6A0EE, EA6C1CD16180DF0B07F4E204A4B4FACB - 14: 7DEC8443600D0563AEFE87A2064F, DA454728069B3B409889664783588189 - 15: C042FE656742CD2FE5D9C212D18C6C, 5929E4AECC2CA047BAE948E7023FE4D0 - 16: 0B84D3CF59EEF7319633F4A397D47CF8, 31F892FFDB7535DF5D9143456E404163 - 17: 8C9E57AAFA7969B142742B63AB73286600, C418231C44F96660DDBA8C26B3BB3681 - 18: E9EED66D370A3A6A39C7E0E570D96F807EAC, A4AFE8D1D3C31B956A3BDBD043E7A665 - 19: 1A5D47992DA5597D1449B4C8DD47B7404C7657, F3ECEE5182014FC3365FDBC4C33CC06A - 20: E7C7945FD1AFD3F5DCE666D8A5A2E8A3C11A7A5F, 86D78B2FBA7597B8806BED505B52BDF6 - 21: 9E2165B47B29CBC4ACD50660E011D691F061209969, E9B1E860BD02085177E1A94E1EE6F3F0 - 22: 48EA2945C8DD3FE09407BAC8973A861DB15B788C8FFD, 502926712EDB1B3DD13806052C6C75D7 - 23: F37D46B35B60819EA52B00457D79155C04B55972D0DFA9, BB2B7D210BF0570F422640BF81F39B9E - 24: 12E85C0C78227205CC682360C79E35BF58EC6551CF8FE2D0, 042990D7A58D458C570A15DD375DB4E7 - 25: 4F6C15109DE980DD14A7F4C27F48671E4787C53A564232F427, B097A5990D8067DD89C21473150C070F - 26: AAC472E49DB101B564A8A01E2C80C0C6AE9065D332C2DE79FAB6, ACDD587A7DB86542E195DF73AF1C1CBC - 27: B9912CE18019C31692A1F7E11D9CCB20297ACCB9DC62C47C01D2C2, B0ACBF028CA5B15E0035D2EB8CA916BE - 28: B4F2B1FE14A1ECDC9C8EA1A0120395E6ED1E69D3FC85DD0F3F90F350, 9A561EBC769369B95B9CB74FC6AC27D3 - 29: 3FE397C8AD02689B7437A37861F0907AF1F6014A293B46419348771C5A, 6B7BEB9BD5018FECD71BE5081C7C2544 - 30: 5019089142199F7207E1B7731B8B247A18A685B231499DF12A73F5D67D37, 307E93446777005BA1B088F178A0DB6E - 31: EAE8F9F02F8DB3D70B78B08CFB0949D99F1A86C958A8E3823736BCEAB86BE1, 6C94F48591C18BF9C450515B73379973 - 32: B9C795F7A87305B4AD36DBA10B3B1C70B329D29E49C8C6A932D96A74334AEE4A, D18E6E233FEFD6E5C7148BDC1504299C - -EAX-twofish (16 byte key) - 0: , DB0C02CB069E3773296D3BD4A87A381B - 1: 99, 7D21D19E9C440F68E99F1F2EA2668694 - 2: 0696, EA590EC417C88E23FD23917F9ECFB0C6 - 3: B9B082, 82D4C9B68DDB02C906496413E13A2D68 - 4: D6B29D74, 5BCE5CA4F662E883BF7FCAAE5FB2CE01 - 5: A59C9CB009, CBFB04226D1029A7EC9D64A48A6729BE - 6: F4924FE3E355, 3D85B3900DECA0528C815F1447A1F209 - 7: 679C88D52FB519, 931C7A863C3701D8015FDBD8696C6C30 - 8: 26DA41C0D115375E, 7627E23E791A4DCB0FA5ED71B1ED2288 - 9: 8FEC6EB7016AD2B178, F65ED0286A724F0CB2EA317D5022B0D8 - 10: B5F22415B1334133C531, 87C4F3A8991BBB85984BC4D3305A5CF1 - 11: 23E1D0ED2E820AFE7DA2FE, 100499F1093FAB2ECF73B643594E98E3 - 12: 79519ABA91F46B8DAD6D5335, FBDCD1FCDB20AB99135F28A714C6992F - 13: 5968D0B4198A0AAD3D0395018F, 781F22E2DA98F83398FCF911B2010057 - 14: 4E55B14432B601E3EF2EF567CB15, 8BF6E53D7657E56EA3DA1BFD9C9EC06E - 15: 6ED89651CE19B3DD1EE5C8780B5015, 131CFD657D32D4E1B35140ADDCA0E13A - 16: 2295A968B4D072D12757756247554850, F35FAC95C2AA4155450EAAA6E2E789B5 - 17: F9B2AA2AA502EA79BBA0C5EAD932B8E1EE, 0ED81AA40B9BF39A9AAEDDDB7A04BEA6 - 18: 385055F1C1C26C0472A504B4CD225DCA55FE, 24831680B56368231AC54227D737F582 - 19: 771529585C741A3F8B1C973709892F255A99EE, 2A132B4BF96FD5109DB04459103F5E84 - 20: E7A2197D9FAA8AB8B303B5EC71AE34AD5EC5DD66, CCAB6518371EC8E0A9E9EE4F7CA5878B - 21: 279E54F755EAC6B57375B9EC4406E43DB3139D740C, 7B6F26F2C0ECC9F2DF4EDD7513E6E0B7 - 22: 27816AA94CBA2BF98E49E595AF5B3FAD12BF1D6F1AC6, D04876C5492D275F15C834E3CF794F0E - 23: B5658DC148855F68B282211D879F688F3C142FE555CF81, 4539CDA8A65DB9047AAD76B421B81120 - 24: 72F0BD4F939C2C9B4FA734DCB0AE4FB9BD342BC8459ED2FE, CEA8469BC0457EBF3418C1114288C904 - 25: 70568245E6E6BD5D11AD0C74030D7AE08BA05057DEA0FBF4AD, 71554FDE6B87477A51EE4499D78783D2 - 26: 8702D35BE07D7ADF70684046CC6C72FBBBF821E0BBCCBC973601, 33CC6FBFDA15E306919E0C3BB2E22BB6 - 27: 0BA23F4A6174165D4A8BA80B7C875340B0F8B2A6967D34E106BC22, 00E6679496714236EECEC84B9AF3072E - 28: B9E25ABA84C6BD95B5149E7616FE2E1D6FAACEAAD77A636C60279176, 8D8AD0B9D4C709E1DA370EE01611482A - 29: 74759711F6D542581F9F83498FB616638D092732BA07109BF4B5BE045C, 71A40DC777BD09F75362F7B20E0B7576 - 30: ADBF7E98926484BA2C7F6CD7CD9734FC19265F68AF3BFCAEB025F6296E37, 8DF15B5F69B67F7DABE44E3666B55047 - 31: 2DC26D449379997D110309B2A0DC2760FCE8CADB4B14ED580F86C70F69C9BA, EFCB60EB2B25737E256BC76700B198EF - 32: 2B1890EB9FC0B8293E45D42D2126F4072754AA54E220C853C5F20FBA86BE0795, 1A1B15BBC287372FB9AF035FB124B6A1 - -EAX-safer-k64 (8 byte key) - 0: , 9065118C8F6F7842 - 1: A1, 1926B3F5112C33BA - 2: 2E9A, 5FA6078A0AA7B7C8 - 3: 56FCE2, 984E385F9441FEC8 - 4: C33ACE8A, 24AC1CBBCCD0D00A - 5: 24307E196B, DD2D52EFCA571B68 - 6: 31471EAA5155, EB41C2B36FAAA774 - 7: 03D397F6CFFF62, 7DFBC8485C8B169B - 8: 8FA39E282C21B5B2, 2C7EC769966B36D7 - 9: FEA5402D9A8BE34946, A058E165B5FFB556 - 10: 6CDEF76554CA845193F0, FED516001FFE039A - 11: DC50D19E98463543D94820, 8F9CCF32394498A1 - 12: 42D8DC34F1974FB4EB2535D7, 77F648526BCBB5AF - 13: B75F1299EF6211A6318F6A8EAA, C5086AEA1BE7640B - 14: 1E28D68373330829DD1FFC5D083E, 33EDA06A7B5929A2 - 15: 85529CF87C4706751B0D47CC89CEA6, D031905D6141CBED - 16: FE5CB61BAF93B30ED3C296EE85F51864, CC484888F0ABD922 - -EAX-safer-sk64 (8 byte key) - 0: , 5254AB3079CDCB78 - 1: 75, 798DCF14FEF8F4D1 - 2: 0300, D5FCA75DAC97849C - 3: 520F98, 10E357957CE20898 - 4: 80E2764D, 5C7F46656C6A46EA - 5: C48960CDAA, 3CCF44BD41F01CA8 - 6: E0E60BD9AA2C, EBB493983FCEE79D - 7: D13D8804906A1B, 6EDDCA919978F0B6 - 8: B7AE14C37A343BFB, 2369E38A9B686747 - 9: 5DE326BBCC7D0D35E9, 041E5EE8568E941C - 10: 13494F5B0635BA3D6E53, EAEEA8AFA55141DD - 11: A9BB35B14C831FDA0D83F7, 4002A696F1363987 - 12: E242043A1C355409819FABFC, 63A085B8886C5FDC - 13: 204598B889272C6FE694BDBB4D, 194A1530138EFECE - 14: EE3F39E0823A82615679C664DEBF, 1EFF8134C8BEFB3A - 15: 8579D87FD3B5E2780BC229665F1D1B, A832CD3E1C1C2289 - 16: 74D7290D72DA67C4A9EAD434AE3A0A85, 96BAA615A5253CB5 - -EAX-safer-k128 (16 byte key) - 0: , 7E32E3F943777EE7 - 1: D1, BA00336F561731A7 - 2: F6D7, 8E3862846CD1F482 - 3: 5323B5, BD1B8C27B061969B - 4: A3EC3416, 170BBB9CE17D1D62 - 5: 0C74D66716, 7BD024B890C5CE01 - 6: 6158A630EB37, B5C5BD0652ACB712 - 7: 17F2D0E019947D, F9FF81E2638EC21C - 8: 68E135CC154509C8, AA9EAEF8426886AA - 9: EDB1ABE0B486749C21, 355C99E4651C0400 - 10: DB0C30E9367A72E8F5B2, 631B5671B8A1DB9A - 11: D4E5453D9A4C9DB5170FCE, 75A2DF0042E14D82 - 12: 3F429CC9A550CBDA44107AA7, 2C2977EA13FEBD45 - 13: A7CA22A97C2361171B415E7083, BFE81185F31727A8 - 14: 170F79D8B0E3F77299C44208C5B1, D5ED9F9459DF9C22 - 15: 2E24312D2AE5D5F09D5410900A4BBA, 2FC865CA96EA5A7E - 16: 8F3C49A316BA27067FF2C6D99EC8C846, 9D840F40CDB62E4B - -EAX-safer-sk128 (16 byte key) - 0: , 22D90A75BBA5F298 - 1: 3F, 98C31AB2DE61DE82 - 2: 584D, F4701D4A1A09928C - 3: B9DEAD, 6E221A98505153DA - 4: 06D4A6EB, 0E57C51B96BA13B6 - 5: 7B58B441CA, E28CCF271F5D0A29 - 6: 7950E0D1EC24, 2ACDDE6E38180C07 - 7: 65A4F4E098D7C6, 7DC1C9E9602BACF2 - 8: FEBE4E72BAA0848F, C4607EA3F138BAD9 - 9: 9B7BD6D6D655985AA3, 8B2C58A9530EA6AC - 10: 60C92F925D1478470203, 51E6F5F6DC996F84 - 11: 7B40769370E651F64AA654, 74F1F8A8D3F4B9AF - 12: 7215832C2FB9C54DF7A9C686, 9BF9AEF14F9151D1 - 13: AD0F9C79008572AB8AE2466EFF, F375D0583D921B69 - 14: C05076E2C330A0D25D7CEC80597F, 843C12F84B00A8E0 - 15: D18F0563AB0278140B0CD9A9B07B34, 262B1688E16A171E - 16: 650747091F5C532EE37D2D78EE1EC605, 1BAC36144F9A0E8D - -EAX-rc2 (8 byte key) - 0: , D6CC8632EEE0F46B - 1: 4C, EA19572CB8970CB4 - 2: 5537, 3EDD3253F6D0C1A8 - 3: 206FA6, 20FA88F03F240D31 - 4: 17EE8B40, 702E8194F1FCBFDE - 5: 2A89287136, 31C5534786E15FB3 - 6: 3A6AEDC7066B, 3C663A4081E1D243 - 7: 8BC5203947A644, 6AAC806C92BFBD6E - 8: 2E0274BBE14D21A3, CEB0E0CB73C3664C - 9: 9C4B292B0CF17E3A29, F23CD535559023EC - 10: 8E322734308F85662877, 46363D7EFC322821 - 11: C413C405767FF5F98E3667, E7BA35D8F3678E7E - 12: D77806B7A218098B1569EADC, BA67C306E5C0181B - 13: 4BE5EF74F9E9799A4D636FEA9F, 4C511C44ADBA4030 - 14: 7E19969170C2C8D8AEBA8C7FBC2C, 54CC6D466A2DF6DA - 15: 2EF1CEDC1DD3403CF440FC5561BE33, 61C6FB277E93701F - 16: DE052719153EBACE9D7B19F52AC4282F, 4AC2A96F2FA8634C - -EAX-des (8 byte key) - 0: , 44048B7F240B6F5F - 1: 0A, 37009B7D4E09953A - 2: 03BA, BFD2FD7758961728 - 3: 37EE10, 16A6AF96DE888A19 - 4: 07F44290, 100CA84AA0EDAA1D - 5: 389EF0023B, 9614FB800A533268 - 6: 3F4DBA8AA01C, EFA6B55B7ED5E40F - 7: 8C7B837896EAE7, C113CE8F664CE3D4 - 8: 7011D993D8EDB0C7, B4C370A919F60497 - 9: 0DEB30A31351B13D7B, 00ABC82DC5F3A1AF - 10: 8D3897B2CBE323D6EE1C, 7A2D15627CA1441B - 11: DBC002C817DEBFB419F94B, D8EB87F86D6ACDEF - 12: 17048E2976FA85AA849E9A80, 229FCD1C9D1E3B9C - 13: 30B989EF646544885A478AC198, C1B7EB4F799105C8 - 14: 5C2E12A7F118A08D6FD585F9C839, C358679FEE6FE7D7 - 15: 8D1A1E888BBB8648E638C4E74E11B8, 685E006C441448B8 - 16: 93AE906B8BE4EAC8ED6D8F48F04A7AFF, 71DD7AF752FE28FB - -EAX-3des (24 byte key) - 0: , 8914311BB990B725 - 1: D8, 2094EDC5D03E54B1 - 2: FEE5, 781CFB0EBE3895CA - 3: DECF5E, 59918E8A5C4B459B - 4: BD583AAD, 2013BEEBEEA795A1 - 5: 2BC01C6C78, 0B1134DBBEAB5D3F - 6: 4D5EAF01A895, AB4D17516ECBA50A - 7: AF229F90614480, D3113C0A9D133CD4 - 8: BCA6F375DF4568E0, 8E9EAEC8E77786BC - 9: 575F34219E6DD8DB4C, B40C75139E5D1860 - 10: A199B8AC433B615EC96F, 774AF803698ADE3D - 11: 718A2975DD9A872A68AE10, 3B9460F849CBA7FB - 12: AB38E148180F6E2FFBB96F91, E3EE3B8FC50DADBC - 13: EB10E0233507459D4A6C29EE80, 8D90B46BB1EAB27E - 14: EB48559C320DFB056C37458E19B5, 9315F0C4AF8500EB - 15: 9E8C73EADA105749B5D8D97392EDC3, 2E749EE66C1E6A16 - 16: 600FA4149AF252C87B828C780AEFF8BC, 33D7D11DCDC19936 - -EAX-cast5 (8 byte key) - 0: , 382FB8F7E9F69FDC - 1: 99, 20DA959849B3F7AB - 2: C54B, D05547C6AFA3484A - 3: 579836, AAA92B2321FC50C5 - 4: FEB7AE55, 639EDF01C4FB965D - 5: EA8A6023FA, 01274B3ED5CE102C - 6: B7C4E995121F, 712BFE27CAFF6DDE - 7: F44236660B0004, FAC51D1DF8EC7093 - 8: 01CD7E3D0BF29E8A, 049C47A45D868D0B - 9: DAB170493DFD6E0365, 6F3AEDD9A3ECF4FD - 10: 82C9EEC4803D9CD11FA8, 32683C0A9128C6EA - 11: 324AC59E87B244ECE0F32F, F6B095AAB49353CF - 12: DBDDAB11D02C9CA5843C406E, EA728FC46DDD3B04 - 13: D67376C2A4AD92E7DD80E39303, CAF72B7E7C237EB3 - 14: F2B9BBEF08036C2982C6DDD06918, 70A29D780C22752C - 15: 96E3D9141F8EBF520540C2BC9A9C23, CEFC86A1CD48203D - 16: 70CABBA983179106AE7FCD5F1F31D5C3, BF7F9168F4F82F56 - -EAX-noekeon (16 byte key) - 0: , 556805EEA595CFB9A30FAD196103D7FD - 1: F5, 0A7DAEDFB656526CEF4DDBA8087A227A - 2: 7B8C, 249895D79962D5B4D18FE07366281B72 - 3: ACFF15, DCC489D24832EB106F576AE6B6EB957A - 4: 08ADE7DB, 0D3215999E9960EDAB29B78744C7F139 - 5: 66139213F6, 505E1E7141D043E903C26EE0959EEECD - 6: 078B79F880A8, 35B7EB326A55E50332866EEDB682EC20 - 7: 2809E34D9667D4, FFDEC555F68524A09A6ABACA372077D9 - 8: 93D267DE1EC635D3, 4FF3561990A56E4B374618722EF850FF - 9: F377A4D93FF32F4A51, 91D4070423A90FC54D305169C03F49ED - 10: 6244B717E082993EB7A1, 2E3A8A354AFA9473667ED7FDD46BE9FC - 11: E917559625D25E6E5F2EDA, 19295C37A70314CC9A1D11FDE8D23C92 - 12: 1E6DF2EE112A893AB14DFA92, 12C4A89D4CD65F8116A03A135AFD3701 - 13: 47B18CD762E011770E203CF605, 434909A97E118B20D3AEDC79AFE33A9E - 14: 72D9A1A7DA6F33D5E0B927F9F32C, 779C23714FCAA2B2321EC7FB5B03E222 - 15: DA8B830FFCB3DB274807F780D33240, EDC2F1C8A401F328A53392597730B007 - 16: B53DD2BB840AD933D36A7B5FFDCCFBBB, 4EC0E6D1F916BF633869239B672B37A1 - 17: 42936BB9A936C30408660855F4F47F3314, F0DAA6DDA15585E1697ABBB4790B15B5 - 18: 00372E47F5BA016F1B2A1E680B76AB02052A, CDBF3D241BF7FF96D3DFBEDDB872E901 - 19: 8AA236B0C8BEF6F67A97C2DF90628F6E5838FF, 731DCD61F7F26004C03519F9500EA824 - 20: 55338647812FC9D86CBDDCED7120268A4D43F8BA, 0E61B3C835CAD95FD49FEF002C014E72 - 21: 435820B28E52154B47A04D5E635D8FE37FA47FC985, F6A96DCE4917E8D7C610923627E80970 - 22: 0D30C15B6FEB4A48B14DD15D41A4B25D442AA677B25C, 28E15CCB74AE992C68BDDC8D87802050 - 23: D9D701F9AD6B0E13D2CDDA15A5194E7CE8BD2C02137391, 2DB9A15884E9C996C3D6B5BDA44B9598 - 24: E2390AC5CE10CCFBC72106A52C7F180CB477E3C193CBACA8, 22D3F7DCD6947EA4E78DF57A8E1A9A59 - 25: ADEFB7D9500658D34996AF6BE6336CD78891064EA1DB8E9785, F239D67D039A15C620A7CD4BE4796B3F - 26: 89964C90ABF54A6DF9F13C3681E70C702D80A17BE79F8160F30E, 6336F729ECE1ED7368669D75B7E2DCBA - 27: 576B2813CECDA4F905BD5D58349EF070FF41B7EB6BB2B01B061B0B, 125324CBF2ACF1011A44A99A11EC8AFC - 28: 430B957481748519A60494F0B5F698F34B1A8235B00AC0D1F0A4442E, 1E80A7FCEBBB8E1E12D6831906154485 - 29: E781BFE5FCDE0BFC056CC86C4A0B9DD3B815BE8CA678204CF47289B5B5, 190D5AAA9EC1CB4CC86FACE53BF1201B - 30: 78BFAC07A9B7B2AE9329BF9F9BF18A1A49DD9587001EFCA00E9AD9752764, 4FB5ECBEEB0995C150EBC66508FA19C1 - 31: 7D6C20694109DE21F7955855A8FF832347518DD496C2A114DF142C68ACDEAA, B25D4BB34056DC091A7A3950D46C32EC - 32: 3E1E4395DEC1AFEA9212B95F37E679B6E2D14DF23C5DE49018C2C8038CC4AD45, 9A6DE7BD41A21918AD504490EF4E581D - -EAX-skipjack (10 byte key) - 0: , 85F74B6AFFB10ACD - 1: 3F, 604DF8BDD98A0B3F - 2: EA87, 792374FE07588BF9 - 3: 0169CA, 489AB8AF69DA3306 - 4: A7AC3EB1, 428DAF508E24B583 - 5: AA9028D5B3, C0A44EDA71FB2C86 - 6: DA97BA88A061, DA2EC34077F42585 - 7: 7E25FAA41CEBC8, 36D4987551E06D5B - 8: F662DA6C9001CBFE, B7DEF76680C316A9 - 9: 6D3F73EC716E1DA897, 5F0F83BAE4D3513B - 10: 2A300F585BEE9C889743, F4756C24DEB72A9C - 11: 80518B010DD77C82D19106, 50FF5CAA365F4A70 - 12: 6E579A2173C861B6F37B4CD3, 81E3E5ABBA8F0292 - 13: 5B04829880A72C38871C7021F3, 6B26F463708A3294 - 14: 934177878E9A9A9FB4DEB3895922, EBC1C32F0A2A3E96 - 15: 07AF486D1C458AAB2DBF13C3243FAD, 87288E41A9E64089 - 16: 84059283DF9A2A8563E7AF69235F26DF, 351652A0DBCE9D6E - -EAX-anubis (16 byte key) - 0: , 8E20F19D9BA22ABA09FB86FDE6B9EF38 - 1: 3B, F4201E546A9160F989191942EC8FD1D3 - 2: 9F38, 4E3CEAE3E1CB954E021A10E814B71732 - 3: 4F4769, 3E8F35A6A5B11200E9F1AA38590066CD - 4: AB41F5FC, EC4C97A8892AAF5433106D4AC8A49843 - 5: 414F95D61B, BF831E34D1E3FECB973A8C730ECA2E6D - 6: 4798322F06D1, 005BBC30BFEDBE6463536C4F80D1A071 - 7: F256B6CD1BF4F5, 468A28F0661884B846B191B530C8D064 - 8: 90906F27A633ADDE, 6D9200A37A7F6A456CB103673184C2E5 - 9: 16CD3C17C9B4EAB135, 6D716E23D7B35109F55B036EDFA7742E - 10: 7AD1C22F1F06298DFB25, B076990F8193543C8F3185D3792BCE56 - 11: 0476F2ABCD057FE6FEE39D, BB2876DB18C00038FADBBD9B264ACC3C - 12: B69EDE336407DBC2EE735857, AB63E5906116A8BE22C52B5DA31B1839 - 13: C3864C1354065A56470669E602, C72BFD3A0BC73BFF051C9AB2F0DFED93 - 14: 296D8F183A59020D33890420DD7B, C9D90B9EB42C32EDCF6223587D1598A6 - 15: 256ED8E9D982616680559979BDF2E9, 179FE4E7BA7E966050D35900317E9916 - 16: D4ED8F30FF9C0470D75B3B16750A3AE4, 5D50F05BB270A292DFF9F67A3BA84675 - 17: 40CDEB6388274143CA3C4F6020BD9A4875, B27C7DFB1BFBB3FCCEE0171852C7924E - 18: 54EF262EC1801D505C7629D038654EBA0594, 9D2060FCD0A2C577511C7752ADE60BBE - 19: F39EE54A37F16DD38B624D7AB8F0D9CBD4B981, BC056C7D2C09D813703CDD63C1C69F44 - 20: F4E7AD474FCA153ABD670E43081ED09EB2C4CC1A, F244BD4D630272F0D98FCA04226C04F1 - 21: 039ECC36A0A16273E7246CA1FF19D213AC87B53F29, 3056DB6916C925DF220B6C9980EE141A - 22: 7DE1DCDEF01447CA2FE83375A48DD84E4A7CB7C01992, 79AFEA4816EAF8DAC8A5E93960F1594F - 23: A886C4B914BF0983003272F226F9B2197EF2DC05ACDDE0, B59D85A0FDA5FA4422F7203C055B97A9 - 24: 00B3E1E91448E250AAFB695C0643A6577AB453EFECFABF53, 4A7EFF1CBC1AB535122A017203616D85 - 25: 85E972E774D66D0531E40B8FE9E264A77B50FA883AB0943080, B18E164BF89B7E7AB0DC256DFEC7C72F - 26: 004849E39334969B392CB0CF3FDEFB3D792DCBBC15F8328C7EDC, 3C51295711F5F878DE8F0B2B5A26A227 - 27: A0BAD6C2264AB1578993BA49E59D4598822FFED20A57D88F756FF1, 2EB9D525697A419A10DB2A84AEEA5FBC - 28: C34DD806EAB5AD823D78BCA78A7709A705FC94ECC521A367D76C9588, 3C57580C7903039D645C06DBAF07B477 - 29: C447EC77512938CF7862388C32AF22ACE6B5E4CBAA998BE4F5CBC4D215, 43425D09B7ACFD90371C08953946A955 - 30: 2C16993AAE624CBA4CDAF34FE3D368559E6BE548292B281439866375013B, 3B7360C3FA8FB1C15D19F567153CB46C - 31: 538E5DFAF14854A786851E4165F2E01CDDA963E318FCE4FB58E31A6B5CFC33, 2F8EA13B7A6873FE556CA535ABA0968B - 32: 5E29CDB7D9695A110043E9C260104BDF020A3A2A139D4112E918AB584BDD7EDA, 9133213AA7BCF062D2BD37F866683D3F - -EAX-khazad (16 byte key) - 0: , 75968E54452F6781 - 1: 95, ADAF5949F09B5A22 - 2: 6B8F, A06B201947424A11 - 3: 5BE668, 3251416625DF347A - 4: 5A92E82B, 33E25772427D9786 - 5: 62F9F2ABCC, DE714F5F5D17D6D0 - 6: 0E3CD825BD8D, A7991C8CB8975ED9 - 7: 4AD0D999503AAD, 53A827D7886F7227 - 8: BB08E6FAED1DAEE8, 91A118749B7AB9F3 - 9: 16E30CB12E20D18495, F8F8B8C1280158F9 - 10: 616DBCC6346959D89E4A, 506BF35A70297D53 - 11: F86B022D4B28FDB1F0B7D3, EA42220C805FD759 - 12: 9B8A3D9CDBADD9BBCCCD2B28, BB478D3CE9A229C9 - 13: CDC4AB4EF2D5B46E87827241F0, 658EDB9497A91823 - 14: 1A113D96B21B4AEBDB13E34C381A, 63AD0C4084AC84B0 - 15: 14DA751E5AF7E01F35B3CE74EE1ACF, 3C76AB64E1724DCE - 16: A13BBC7E408D2C550634CBC64690B8FE, 3D4BBC0C76536730 - diff --git a/botan/doc/examples/ecdsa.cpp b/botan/doc/examples/ecdsa.cpp deleted file mode 100644 index 065203a..0000000 --- a/botan/doc/examples/ecdsa.cpp +++ /dev/null @@ -1,57 +0,0 @@ -#include <botan/botan.h> -#include <botan/ecdsa.h> -#include <botan/pubkey.h> -#include <botan/look_pk.h> - -#include <memory> -#include <iostream> - -using namespace Botan; - -int main() - { - Botan::LibraryInitializer init; - - try - { - AutoSeeded_RNG rng; - - EC_Domain_Params params = get_EC_Dom_Pars_by_oid("1.3.132.0.8"); - - ECDSA_PrivateKey ecdsa(rng, params); - - ECDSA_PublicKey ecdsa_pub = ecdsa; - - /* - std::cout << params.get_curve().get_p() << "\n"; - std::cout << params.get_order() << "\n"; - std::cout << X509::PEM_encode(ecdsa); - std::cout << PKCS8::PEM_encode(ecdsa); - */ - - std::auto_ptr<PK_Signer> signer(get_pk_signer(ecdsa, "EMSA1(SHA-256)")); - - const char* message = "Hello World"; - - signer->update((const byte*)message, strlen(message)); - - SecureVector<byte> sig = signer->signature(rng); - - std::cout << sig.size() << "\n"; - - std::auto_ptr<PK_Verifier> verifier( - get_pk_verifier(ecdsa_pub, "EMSA1(SHA-256)")); - - verifier->update((const byte*)message, strlen(message)); - - bool ok = verifier->check_signature(sig); - if(ok) - std::cout << "Signature valid\n"; - else - std::cout << "Bad signature\n"; - } - catch(std::exception& e) - { - std::cout << e.what() << "\n"; - } - } diff --git a/botan/doc/examples/encrypt.cpp b/botan/doc/examples/encrypt.cpp deleted file mode 100644 index 348ee8d..0000000 --- a/botan/doc/examples/encrypt.cpp +++ /dev/null @@ -1,179 +0,0 @@ -/* -Encrypt a file using a block cipher in CBC mode. Compresses the plaintext -with Zlib, MACs with HMAC(SHA-1). Stores the block cipher used in the file, -so you don't have to specify it when decrypting. - -What a real application would do (and what this example should do), is test for -the presence of the Zlib module, and use it only if it's available. Then add -some marker to the stream so the other side knows whether or not the plaintext -was compressed. Bonus points for supporting multiple compression schemes. - -Another flaw is that is stores the entire ciphertext in memory, so if the file -you're encrypting is 1 Gb... you better have a lot of RAM. - -Based on the base64 example, of all things - -Written by Jack Lloyd (lloyd@randombit.net) on August 5, 2002 - -This file is in the public domain -*/ -#include <fstream> -#include <iostream> -#include <string> -#include <vector> -#include <cstring> -#include <memory> - -#include <botan/botan.h> - -#if defined(BOTAN_HAS_COMPRESSOR_ZLIB) - #include <botan/zlib.h> -#endif - -using namespace Botan; - -std::string b64_encode(const SecureVector<byte>&); - -int main(int argc, char* argv[]) - { - if(argc < 2) - { - std::cout << "Usage: " << argv[0] << " [-c algo] -p passphrase file\n" - " -p : Use this passphrase to encrypt\n" - " -c : Encrypt with block cipher 'algo' (default 3DES)\n"; - return 1; - } - - Botan::LibraryInitializer init; - - std::string algo = "TripleDES"; - std::string filename, passphrase; - - // Holy hell, argument processing is a PITA - for(int j = 1; argv[j] != 0; j++) - { - if(std::strcmp(argv[j], "-c") == 0) - { - if(argv[j+1]) - { - algo = argv[j+1]; - j++; - } - else - { - std::cout << "No argument for -c option" << std::endl; - return 1; - } - } - else if(std::strcmp(argv[j], "-p") == 0) - { - if(argv[j+1]) - { - passphrase = argv[j+1]; - j++; - } - else - { - std::cout << "No argument for -p option" << std::endl; - return 1; - } - } - else - { - if(filename != "") - { - std::cout << "You can only specify one file at a time\n"; - return 1; - } - filename = argv[j]; - } - } - - if(passphrase == "") - { - std::cout << "You have to specify a passphrase!" << std::endl; - return 1; - } - - std::ifstream in(filename.c_str()); - if(!in) - { - std::cout << "ERROR: couldn't open " << filename << std::endl; - return 1; - } - - std::string outfile = filename + ".enc"; - std::ofstream out(outfile.c_str()); - if(!out) - { - std::cout << "ERROR: couldn't open " << outfile << std::endl; - return 1; - } - - try - { - if(!have_block_cipher(algo)) - { - std::cout << "Don't know about the block cipher \"" << algo << "\"\n"; - return 1; - } - - const u32bit key_len = max_keylength_of(algo); - const u32bit iv_len = block_size_of(algo); - - AutoSeeded_RNG rng; - - std::auto_ptr<S2K> s2k(get_s2k("PBKDF2(SHA-1)")); - s2k->set_iterations(8192); - s2k->new_random_salt(rng, 8); - - SymmetricKey bc_key = s2k->derive_key(key_len, "BLK" + passphrase); - InitializationVector iv = s2k->derive_key(iv_len, "IVL" + passphrase); - SymmetricKey mac_key = s2k->derive_key(16, "MAC" + passphrase); - - // Just to be all fancy we even write a (simple) header. - out << "-------- ENCRYPTED FILE --------" << std::endl; - out << algo << std::endl; - out << b64_encode(s2k->current_salt()) << std::endl; - - Pipe pipe(new Fork( - new Chain(new MAC_Filter("HMAC(SHA-1)", mac_key), - new Base64_Encoder - ), - new Chain( -#ifdef BOTAN_HAS_COMPRESSOR_ZLIB - new Zlib_Compression, -#endif - get_cipher(algo + "/CBC", bc_key, iv, ENCRYPTION), - new Base64_Encoder(true) - ) - ) - ); - - pipe.start_msg(); - in >> pipe; - pipe.end_msg(); - - out << pipe.read_all_as_string(0) << std::endl; - out << pipe.read_all_as_string(1); - - } - catch(Algorithm_Not_Found) - { - std::cout << "Don't know about the block cipher \"" << algo << "\"\n"; - return 1; - } - catch(std::exception& e) - { - std::cout << "Exception caught: " << e.what() << std::endl; - return 1; - } - return 0; - } - -std::string b64_encode(const SecureVector<byte>& in) - { - Pipe pipe(new Base64_Encoder); - pipe.process_msg(in); - return pipe.read_all_as_string(); - } diff --git a/botan/doc/examples/encrypt2.cpp b/botan/doc/examples/encrypt2.cpp deleted file mode 100644 index 4af0cf0..0000000 --- a/botan/doc/examples/encrypt2.cpp +++ /dev/null @@ -1,55 +0,0 @@ -#include <botan/botan.h> -#include <botan/pbkdf2.h> -#include <botan/hmac.h> -#include <botan/sha160.h> - -#include <fstream> - -using namespace Botan; - -int main() - { - Botan::LibraryInitializer init; - - AutoSeeded_RNG rng; - - std::string passphrase = "secret"; - - std::ifstream infile("readme.txt"); - std::ofstream outfile("readme.txt.enc"); - - PKCS5_PBKDF2 pbkdf2(new HMAC(new SHA_160)); - - pbkdf2.set_iterations(4096); - pbkdf2.new_random_salt(rng, 8); - SecureVector<byte> the_salt = pbkdf2.current_salt(); - - SecureVector<byte> master_key = pbkdf2.derive_key(48, passphrase).bits_of(); - - KDF* kdf = get_kdf("KDF2(SHA-1)"); - - SymmetricKey key = kdf->derive_key(20, master_key, "cipher key"); - SymmetricKey mac_key = kdf->derive_key(20, master_key, "hmac key"); - InitializationVector iv = kdf->derive_key(8, master_key, "cipher iv"); - - Pipe pipe(new Fork( - new Chain( - get_cipher("Blowfish/CBC/PKCS7", key, iv, ENCRYPTION), - new Base64_Encoder, - new DataSink_Stream(outfile) - ), - new Chain( - new MAC_Filter("HMAC(SHA-1)", mac_key), - new Hex_Encoder) - ) - ); - - outfile.write((const char*)the_salt.begin(), the_salt.size()); - - pipe.start_msg(); - infile >> pipe; - pipe.end_msg(); - - SecureVector<byte> hmac = pipe.read_all(1); - outfile.write((const char*)hmac.begin(), hmac.size()); - } diff --git a/botan/doc/examples/factor.cpp b/botan/doc/examples/factor.cpp deleted file mode 100644 index ff3c23c..0000000 --- a/botan/doc/examples/factor.cpp +++ /dev/null @@ -1,144 +0,0 @@ -/* - Factor integers using a combination of trial division by small primes, - and Pollard's Rho algorithm -*/ -#include <botan/botan.h> -#include <botan/reducer.h> -#include <botan/numthry.h> -using namespace Botan; - -#include <algorithm> -#include <iostream> -#include <memory> - -// Pollard's Rho algorithm, as described in the MIT algorithms book - -// We use (x^2+x) mod n instead of (x*2-1) mod n as the random function, -// it _seems_ to lead to faster factorization for the values I tried. - -BigInt rho(const BigInt& n, RandomNumberGenerator& rng) - { - BigInt x = BigInt::random_integer(rng, 0, n-1); - BigInt y = x; - BigInt d = 0; - - Modular_Reducer mod_n(n); - - u32bit i = 1, k = 2; - while(true) - { - i++; - - if(i == 0) // overflow, bail out - break; - - x = mod_n.multiply((x + 1), x); - - d = gcd(y - x, n); - if(d != 1 && d != n) - return d; - - if(i == k) - { - y = x; - k = 2*k; - } - } - return 0; - } - -// Remove (and return) any small (< 2^16) factors -std::vector<BigInt> remove_small_factors(BigInt& n) - { - std::vector<BigInt> factors; - - while(n.is_even()) - { - factors.push_back(2); - n /= 2; - } - - for(u32bit j = 0; j != PRIME_TABLE_SIZE; j++) - { - if(n < PRIMES[j]) - break; - - BigInt x = gcd(n, PRIMES[j]); - - if(x != 1) - { - n /= x; - - u32bit occurs = 0; - while(x != 1) - { - x /= PRIMES[j]; - occurs++; - } - - for(u32bit k = 0; k != occurs; k++) - factors.push_back(PRIMES[j]); - } - } - - return factors; - } - -std::vector<BigInt> factorize(const BigInt& n_in, - RandomNumberGenerator& rng) - { - BigInt n = n_in; - std::vector<BigInt> factors = remove_small_factors(n); - - while(n != 1) - { - if(is_prime(n, rng)) - { - factors.push_back(n); - break; - } - - BigInt a_factor = 0; - while(a_factor == 0) - a_factor = rho(n, rng); - - std::vector<BigInt> rho_factored = factorize(a_factor, rng); - for(u32bit j = 0; j != rho_factored.size(); j++) - factors.push_back(rho_factored[j]); - - n /= a_factor; - } - return factors; - } - -int main(int argc, char* argv[]) - { - if(argc != 2) - { - std::cerr << "Usage: " << argv[0] << " integer\n"; - return 1; - } - - Botan::LibraryInitializer init; - - try - { - BigInt n(argv[1]); - - AutoSeeded_RNG rng; - - std::vector<BigInt> factors = factorize(n, rng); - std::sort(factors.begin(), factors.end()); - - std::cout << n << ": "; - for(u32bit j = 0; j != factors.size(); j++) - std::cout << factors[j] << " "; - std::cout << "\n"; - } - catch(std::exception& e) - { - std::cout << e.what() << std::endl; - return 1; - } - return 0; - } diff --git a/botan/doc/examples/gen_certs.cpp b/botan/doc/examples/gen_certs.cpp deleted file mode 100644 index f635e1c..0000000 --- a/botan/doc/examples/gen_certs.cpp +++ /dev/null @@ -1,124 +0,0 @@ -/* -* Generate a root CA plus httpd, dovecot, and postfix certs/keys -* -*/ - -#include <botan/botan.h> -#include <botan/rsa.h> -#include <botan/util.h> -#include <botan/x509self.h> -#include <botan/x509_ca.h> - -using namespace Botan; - -#include <iostream> -#include <fstream> - -void fill_commoninfo(X509_Cert_Options& opts) - { - opts.country = "US"; - opts.organization = "randombit.net"; - opts.email = "admin@randombit.net"; - opts.locality = "Vermont"; - } - -X509_Certificate make_ca_cert(RandomNumberGenerator& rng, - const Private_Key& priv_key, - const X509_Time& now, - const X509_Time& later) - { - X509_Cert_Options opts; - fill_commoninfo(opts); - opts.common_name = "randombit.net CA"; - opts.start = now; - opts.end = later; - opts.CA_key(); - - return X509::create_self_signed_cert(opts, priv_key, rng); - } - -PKCS10_Request make_server_cert_req(const Private_Key& key, - const std::string& hostname, - RandomNumberGenerator& rng) - { - X509_Cert_Options opts; - opts.common_name = hostname; - fill_commoninfo(opts); - - opts.add_ex_constraint("PKIX.ServerAuth"); - - return X509::create_cert_req(opts, key, rng); - } - -void save_pair(const std::string& name, - const std::string& password, - const X509_Certificate& cert, - const Private_Key& key, - RandomNumberGenerator& rng) - { - std::string cert_fsname = name + "_cert.pem"; - std::string key_fsname = name + "_key.pem"; - - std::ofstream cert_out(cert_fsname.c_str()); - cert_out << cert.PEM_encode() << "\n"; - cert_out.close(); - - std::ofstream key_out(key_fsname.c_str()); - if(password != "") - key_out << PKCS8::PEM_encode(key, rng, password); - else - key_out << PKCS8::PEM_encode(key); - key_out.close(); - } - -int main() - { - const u32bit seconds_in_a_year = 31556926; - - const u32bit current_time = system_time(); - - X509_Time now = X509_Time(current_time); - X509_Time later = X509_Time(current_time + 4*seconds_in_a_year); - - LibraryInitializer init; - - AutoSeeded_RNG rng; - - RSA_PrivateKey ca_key(rng, 2048); - - X509_Certificate ca_cert = make_ca_cert(rng, ca_key, now, later); - - const std::string ca_password = "sekrit"; - - save_pair("ca", ca_password, ca_cert, ca_key, rng); - - X509_CA ca(ca_cert, ca_key); - - RSA_PrivateKey httpd_key(rng, 1536); - X509_Certificate httpd_cert = ca.sign_request( - make_server_cert_req(httpd_key, "www.randombit.net", rng), - rng, now, later); - - save_pair("httpd", "", httpd_cert, httpd_key, rng); - - RSA_PrivateKey bugzilla_key(rng, 1536); - X509_Certificate bugzilla_cert = ca.sign_request( - make_server_cert_req(bugzilla_key, "bugs.randombit.net", rng), - rng, now, later); - - save_pair("bugzilla", "", bugzilla_cert, bugzilla_key, rng); - - RSA_PrivateKey postfix_key(rng, 1536); - X509_Certificate postfix_cert = ca.sign_request( - make_server_cert_req(postfix_key, "mail.randombit.net", rng), - rng, now, later); - - save_pair("postfix", "", postfix_cert, postfix_key, rng); - - RSA_PrivateKey dovecot_key(rng, 1536); - X509_Certificate dovecot_cert = ca.sign_request( - make_server_cert_req(dovecot_key, "imap.randombit.net", rng), - rng, now, later); - - save_pair("dovecot", "", dovecot_cert, dovecot_key, rng); - } diff --git a/botan/doc/examples/gtk/dsa.cpp b/botan/doc/examples/gtk/dsa.cpp deleted file mode 100644 index dff5477..0000000 --- a/botan/doc/examples/gtk/dsa.cpp +++ /dev/null @@ -1,556 +0,0 @@ -/* - This shows some of the details involved in a GUI application that uses - Botan. Actually most of the code is just dealing with GTK+, but it shows how - the password callback and pulse function stuff works. (See gtk_ui.cpp for the - acutal password callback code.) - - The major points of interest (assuming what you care about is how to use - Botan from a GUI, and not looking at my terrible GTK code) are gtk_ui.cpp - and, in this file, GTK_Pulse, gen_key(), and get_key(): - - gtk_ui.cpp and get_key() show how to get a passphrase from a user for - decrypting (well, in theory, anything), but in this case, PKCS #8 private - keys. Which is coincidentally the only thing Botan currently uses UI - objects for, though that will probably change eventually. GTK_UI does - double duty, for getting passphrases for encryption as well (in - do_save_key). - - gen_key() and GTK_Pulse show how to do an activity meter while doing a - long-term operation inside Botan. Since, typically, the only operations - which take a long time and can't be broken up into smaller parts are prime - generation/testing, that is currently where the pulse hooks are - called. It's certainly not the most general callback method in the world, - but it's general enough that it's usable without getting in the way too - much. The callbacks will eventually be extended to other parts of the - library (Pipe, maybe) where it's useful. - - This program is in the public domain. -*/ -#include <fstream> -#include <iostream> -#include <memory> - -#include <botan/botan.h> -#include <botan/libstate.h> -#include <botan/look_pk.h> -#include <botan/filters.h> -#include <botan/dsa.h> -// we don't have a 'using namespace' here, so it's easy to grep for code that -// is actually dealing with the library (rather than messing around with GTK). - -#include <gtk/gtk.h> -#include "gtk_ui.h" - -/************************************************* -* Pop up an message box * -*************************************************/ -static void show_dialog(const std::string& about_message, - const std::string& dialog_name) - { - GtkDialogFlags flags = - (GtkDialogFlags)(GTK_DIALOG_DESTROY_WITH_PARENT | GTK_DIALOG_MODAL); - - GtkWidget* dialog = gtk_dialog_new_with_buttons(dialog_name.c_str(), - NULL, flags, - GTK_STOCK_OK, - GTK_RESPONSE_NONE, - NULL); - GtkWidget* label = gtk_label_new(NULL); - gtk_label_set_markup(GTK_LABEL(label), about_message.c_str()); - gtk_label_set_justify(GTK_LABEL(label), GTK_JUSTIFY_CENTER); - - g_signal_connect_swapped(GTK_OBJECT(dialog), "response", - G_CALLBACK(gtk_widget_destroy), - GTK_OBJECT(dialog)); - - gtk_container_add(GTK_CONTAINER(GTK_DIALOG(dialog)->vbox), label); - gtk_widget_show_all(dialog); - } - -/************************************************* -* Pop up an About box * -*************************************************/ -static void show_about() - { - const std::string about_message = - "<big>DSA Utility</big>\n" - "\n" - "A simple application showing how to use Botan within a GUI.\n" - "It lets you generate or load keys, and sign text files.\n" - "\n" - "Send comments/questions to <tt>lloyd@randombit.net</tt>"; - - show_dialog(about_message, "About"); - } - -/************************************************* -* Pop up a help box * -*************************************************/ -static void show_help() - { - const std::string help_message = - "<big>DSA Utility Help</big>\n" - "\n" - "Simply, this is a (very) simple text editor, with the added ability\n" - "of being able to generate or read a DSA private key, and sign the\n" - "text buffer using that key.\n" - "\n" - "You can load, edit, and save text files as you would normally. If a\n" - "key is loaded (done using the commands in the Keys menu), you can\n" - "also use the Sign command (in the Signing menu) to generate a\n" - "signature for the current file. It will be displayed at the bottom\n" - "of the screen (if it has been calculated for the current buffer\n" - "contents), and can be saved using the \"Save Sig\" command.\n" - "\n" - "Signatures generated by this program can be verified using a the\n" - "<tt>dsa_ver</tt> example included in the Botan distribution.\n"; - - show_dialog(help_message, "Help"); - } - -/************************************************* -* Get and return a filename from the user * -*************************************************/ -static std::string get_filename(const std::string& title) - { - GtkWidget* dialog = gtk_file_selection_new(title.c_str()); - - /* Some window managers don't display the titles of transient windows, - put a message elsewhere for those people. - */ - GtkWidget* label = gtk_label_new(title.c_str()); - gtk_container_add(GTK_CONTAINER(GTK_DIALOG(dialog)->vbox), label); - - std::string fsname; - - gtk_widget_show(label); /* dialog_run won't show sub-widgets */ - if(gtk_dialog_run(GTK_DIALOG(dialog)) == GTK_RESPONSE_OK) - fsname = gtk_file_selection_get_filename(GTK_FILE_SELECTION(dialog)); - gtk_widget_destroy(dialog); - - /* If it's a directory, that's no good */ - if(fsname.size() && fsname[fsname.size()-1] == '/') - return ""; - - return fsname; - } - -/************************************************* -* Global state * -*************************************************/ -static Botan::DSA_PrivateKey* key = 0; // our key -static GtkTextBuffer* buffer = 0; // the text buffer -static std::string buffer_source; - // what file (if any) the buffer's data came from -static GtkWidget* sig_view = 0; // the signature - -/************************************************* -* Zap the currently set signature (if any) * -*************************************************/ -static void zap_sig() - { - gtk_editable_delete_text(GTK_EDITABLE(sig_view), 0, -1); - } - -/************************************************* -* Save the current key * -*************************************************/ -static void do_save_key(const std::string& title) - { - if(key == 0) - return; - - std::string filename = get_filename(title.c_str()); - - if(filename != "") - { - const std::string msg = "Select a passphrase to encrypt the key:"; - - std::ofstream out_priv(filename.c_str()); - - GTK_UI ui; - Botan::User_Interface::UI_Result result; - std::string passphrase = ui.get_passphrase(msg, result); - - if(result == Botan::User_Interface::OK) - out_priv << Botan::PKCS8::PEM_encode(*key, passphrase); - else - out_priv << Botan::PKCS8::PEM_encode(*key); - - // for testing - //std::cout << X509::PEM_encode(*key); - } - } - -/************************************************* -* Generate a signature for the text buffer * -*************************************************/ -static void sign_buffer() - { - /* No key? Ignore request. */ - if(key == 0) - return; - - /* same format as the text-mode dsa_sign example */ - Botan::Pipe pipe(new Botan::PK_Signer_Filter( - Botan::get_pk_signer(*key, "EMSA1(SHA-1)") - ), - new Botan::Base64_Encoder - ); - - /* It would probably be smart to do this a little bit at a time */ - GtkTextIter start, end; - gtk_text_buffer_get_bounds(buffer, &start, &end); - gchar* bits = gtk_text_buffer_get_text(buffer, &start, &end, FALSE); - size_t length = strlen(bits); - - pipe.start_msg(); - pipe.write((unsigned char*)bits, length); - pipe.end_msg(); - - std::string sig = pipe.read_all_as_string(); - - zap_sig(); - - gint position = 0; - gtk_editable_insert_text(GTK_EDITABLE(sig_view), sig.c_str(), sig.length(), - &position); - - g_free(bits); - } - -/************************************************* -* GTK+ pulse callback * -*************************************************/ -class GTK_Pulse : public Botan::Library_State::UI - { - public: - void pulse(Botan::Pulse_Type); - }; - -void GTK_Pulse::pulse(Botan::Pulse_Type) - { - /* We need this to flush the updates, otherwise GTK+ will wait until we're - done with the computation before doing any updates (generally the right - thing, but not with a progress bar). - */ - - while(gtk_events_pending()) - gtk_main_iteration(); - } - -/************************************************* -* Actual do the pulse (as a GTK+ timeout func) * -*************************************************/ -static gboolean gtk_pulse_timeout(void* pbar) - { - GtkWidget* progress_bar = (GtkWidget*)pbar; - gtk_progress_bar_pulse(GTK_PROGRESS_BAR(progress_bar)); - return TRUE; /* keep calling us */ - } - -/************************************************* -* Generate a new key * -*************************************************/ -static void gen_key() - { - /* This gives a nice smooth progress bar, though we do use up quite a bit of - CPU for it. Keep in mind that if PULSE_INTERVAL is significantly less - than the average time between pulses from the library, the progress bar - will jerk around going slower or faster. Keep it at at least 50ms. - */ - const double PROGRESS_PER_PULSE = .01; /* % of bar */ - const guint32 PULSE_INTERVAL = 30; /* ms */ - - delete key; - - GtkDialogFlags flags = - (GtkDialogFlags)(GTK_DIALOG_DESTROY_WITH_PARENT | GTK_DIALOG_MODAL); - - GtkWidget* dialog = - gtk_dialog_new_with_buttons("Generating Key", NULL, flags, NULL); - - GtkWidget* label = gtk_label_new(" Generating new key, please wait... \n"); - gtk_container_add(GTK_CONTAINER(GTK_DIALOG(dialog)->vbox), label); - - GtkWidget* progress_bar = gtk_progress_bar_new(); - gtk_progress_bar_set_pulse_step(GTK_PROGRESS_BAR(progress_bar), - PROGRESS_PER_PULSE); - gtk_container_add(GTK_CONTAINER(GTK_DIALOG(dialog)->vbox), progress_bar); - - guint timer_id = gtk_timeout_add(PULSE_INTERVAL, gtk_pulse_timeout, - progress_bar); - - gtk_widget_show_all(dialog); - - while(gtk_events_pending()) - gtk_main_iteration(); - - /* Register gtk_pulse so it will be called every so often when we embark - on our prime generation quest... - */ - /* this just updates the GUI; the GTK+ timeout function actually updates - the progress bar. That's because the amount of time between pulses - from the library is rather irregular, so the progress bar looks jerky. - */ - Botan::global_state().set_ui(new GTK_Pulse); - - /* Not generally recommended, since it's slow and there's not much point. - However, *because* it's slow, we'll want to put up a progress bar or - something, and part of this whole thing is to show how to do that and get - the pulse functions to do the right thing. - */ - Botan::DL_Group group(1024, Botan::DL_Group::DSA_Kosherizer); - key = new Botan::DSA_PrivateKey(group); - - gtk_timeout_remove(timer_id); - Botan::global_state().set_ui(0); // unset the pulse function - - gtk_widget_destroy(dialog); - - do_save_key("Save New Key"); - - /* new key, any old sigs are no longer useful */ - zap_sig(); - } - -/************************************************* -* Load up a key * -*************************************************/ -static void get_key() - { - std::string fsname = get_filename("Select a DSA Key"); - - if(fsname != "") - { - try { - delete key; - key = 0; - zap_sig(); - - /* - A GTK_UI is a subclass of User_Interface that pops up a dialog that - asks the user for a passphrase. It actually works quite well, - though the fixed upper limit on the passphrase size is not - ideal. Feel free to use it as-is or modify it however you like - (gtk_ui.* is public domain). - */ - GTK_UI ui; - Botan::PKCS8_PrivateKey* p8_key = Botan::PKCS8::load_key(fsname, ui); - key = dynamic_cast<Botan::DSA_PrivateKey*>(p8_key); - if(!key) - show_dialog("The key in " + fsname + " is not a DSA key", - "Failure"); - } - catch(std::exception) - { - key = 0; // make sure it's not something random - show_dialog("Loading the key from " + fsname + " failed.", "Failure"); - } - } - } - -static void really_sign_buffer() - { - /* No key? Ask the user for one. */ - if(key == 0) - get_key(); - sign_buffer(); - } - -/************************************************* -* Clear the text buffer * -*************************************************/ -static void new_buffer() - { - /* - In theory, it would be nice to check if this was unsaved text and prompt - to save it. However, this really isn't supposed to be a GTK+ example, so - we won't. - */ - gtk_text_buffer_set_text(buffer, "", -1); - buffer_source = ""; - } - -/************************************************* -* Put the contents of a file into the buffer * -*************************************************/ -static void open_buffer() - { - std::string filename = get_filename("Select File"); - - if(filename == "") - return; - - std::ifstream in(filename.c_str()); - - new_buffer(); - buffer_source = filename; - - while(in.good()) - { - char buf[1024] = { 0 }; - - in.read(buf, 1024); - size_t got = in.gcount(); - - GtkTextIter iter; - gtk_text_buffer_get_end_iter(buffer, &iter); - gtk_text_buffer_insert(buffer, &iter, buf, got); - } - } - -/************************************************* -* Save the signature to a file * -*************************************************/ -static void save_sig() - { - std::string sig_file = buffer_source; - - /* No sig, nothing to save */ - const gchar* sig = gtk_entry_get_text(GTK_ENTRY(sig_view)); - if(strlen(sig) == 0) - return; - - if(sig_file == "") - sig_file = get_filename("Select Signature Output File"); - else - sig_file += ".sig"; - - std::ofstream out(sig_file.c_str()); - out << sig << std::endl; - } - -/************************************************* -* Save the current key * -*************************************************/ -static void save_key() - { - do_save_key("Save Current Key"); - } - -/************************************************* -* Common case of Save/Save As * -*************************************************/ -static void do_save(const std::string& filename) - { - std::ofstream out(filename.c_str()); - - GtkTextIter start, end; - gtk_text_buffer_get_bounds(buffer, &start, &end); - gchar* bits = gtk_text_buffer_get_text(buffer, &start, &end, FALSE); - out.write(bits, strlen(bits)); - g_free(bits); - buffer_source = filename; - } - -/************************************************* -* Save the buffer * -*************************************************/ -static void save_buffer_as() - { - std::string filename = get_filename("Select Output File"); - if(filename != "") - do_save(filename); - } - -/************************************************* -* Save the buffer * -*************************************************/ -static void save_buffer() - { - if(buffer_source != "") - do_save(buffer_source); - else - save_buffer_as(); - } - -/************************************************* -* Make a menubar for the app * -*************************************************/ -static GtkWidget* make_menubar(GtkWidget *window) - { - static GtkItemFactoryEntry menu_items[] = { - { "/_File", NULL, NULL, 0, "<Branch>", NULL }, - { "/File/_New", "<control>N", new_buffer, 0, NULL, NULL }, - { "/File/_Open", "<control>O", open_buffer, 0, NULL, NULL }, - { "/File/_Save", "<control>S", save_buffer, 0, NULL, NULL }, - { "/File/Save _As", NULL, save_buffer_as, 0, NULL, NULL }, - { "/File/sep1", NULL, NULL, 0, "<Separator>", NULL }, - { "/File/Save Sig", NULL, save_sig, 0, NULL, NULL }, - { "/File/sep2", NULL, NULL, 0, "<Separator>", NULL }, - { "/File/_Quit", "<control>Q", gtk_main_quit, 0, NULL, NULL }, - - { "/_Keys", NULL, NULL, 0, "<Branch>", NULL }, - { "/Keys/Open", NULL, get_key, 0, NULL, NULL }, - { "/Keys/_Generate", NULL, gen_key, 0, NULL, NULL }, - { "/Keys/Save Current", NULL, save_key, 0, NULL, NULL }, - - { "/Signing", NULL, NULL, 0, "<Branch>", NULL }, - { "/Signing/Sign", NULL, really_sign_buffer, 0, NULL, NULL }, - - { "/_Help", NULL, NULL, 0, "<LastBranch>", NULL }, - { "/Help/Help", NULL, show_help, 0, NULL, NULL }, - { "/Help/sep1", NULL, NULL, 0, "<Separator>", NULL }, - { "/Help/About", NULL, show_about, 0, NULL, NULL }, - }; - - GtkAccelGroup* accel_group = gtk_accel_group_new(); - GtkItemFactory* item_factory = - gtk_item_factory_new(GTK_TYPE_MENU_BAR, "<main>", accel_group); - const gint nmenu_items = sizeof(menu_items) / sizeof(menu_items[0]); - gtk_item_factory_create_items(item_factory, nmenu_items, menu_items, NULL); - gtk_window_add_accel_group(GTK_WINDOW(window), accel_group); - return gtk_item_factory_get_widget(item_factory, "<main>"); - } - -int main(int argc, char *argv[]) - { - gtk_init(&argc, &argv); - - try { - Botan::LibraryInitializer init; - - /* Create a new top-level window */ - GtkWidget* window = gtk_window_new(GTK_WINDOW_TOPLEVEL); - gtk_window_set_title(GTK_WINDOW(window), "DSA Utility"); - gtk_signal_connect(GTK_OBJECT(window), "delete_event", - gtk_main_quit, NULL); - - /* Create the vbox to hold our stuff */ - GtkWidget* vbox = gtk_vbox_new(FALSE, 0); - gtk_container_border_width(GTK_CONTAINER(vbox), 1); - gtk_container_add(GTK_CONTAINER(window), vbox); - - /* Create the menu bar */ - GtkWidget *menubar = make_menubar(window); - - /* Create the entry that holds the signature */ - sig_view = gtk_entry_new(); - gtk_editable_set_editable(GTK_EDITABLE(sig_view), FALSE); - - /* Create the text box */ - GtkWidget* view = gtk_text_view_new(); - buffer = gtk_text_view_get_buffer(GTK_TEXT_VIEW(view)); - - gtk_widget_set_size_request(view, 640, 480); - gtk_text_buffer_set_text(buffer, "Some initial contents.", -1); - - // Resign it on each change: fast enough, but probably not really useful - //g_signal_connect(G_OBJECT(buffer), "changed", sign_buffer, 0); - g_signal_connect(G_OBJECT(buffer), "changed", zap_sig, 0); - - gtk_container_add(GTK_CONTAINER(vbox), menubar); - gtk_container_add(GTK_CONTAINER(vbox), view); - gtk_container_add(GTK_CONTAINER(vbox), sig_view); - - gtk_widget_show_all(window); - - gtk_main(); - } - catch(std::exception& e) - { - std::cout << e.what() << std::endl; - } - return 0; - } diff --git a/botan/doc/examples/gtk/gtk_ui.cpp b/botan/doc/examples/gtk/gtk_ui.cpp deleted file mode 100644 index 515fbc5..0000000 --- a/botan/doc/examples/gtk/gtk_ui.cpp +++ /dev/null @@ -1,78 +0,0 @@ -/************************************************* -* GTK+ User Interface Source File * -*************************************************/ - -#include "gtk_ui.h" - -/************************************************* -* GTK+ Callback * -*************************************************/ -void GTK_UI::callback(GtkWidget* entry, gpointer passphrase_ptr) - { - const gchar *entry_text = gtk_entry_get_text(GTK_ENTRY(entry)); - char* passphrase = (char*)passphrase_ptr; - strcpy(passphrase, entry_text); - } - -/************************************************* -* Get a passphrase from the user * -*************************************************/ -std::string GTK_UI::get_passphrase(const std::string& what, - const std::string& source, - UI_Result& result) const - { - std::string msg = "A passphrase is needed to access the " + what; - if(source != "") msg += "\nin " + source; - return get_passphrase(msg, result); - } - -/************************************************* -* Get a passphrase from the user * -*************************************************/ -std::string GTK_UI::get_passphrase(const std::string& label_text, - UI_Result& result) const - { - const int MAX_PASSPHRASE = 64; - - GtkDialogFlags flags = - (GtkDialogFlags)(GTK_DIALOG_DESTROY_WITH_PARENT | GTK_DIALOG_MODAL); - - GtkWidget* dialog = gtk_dialog_new_with_buttons( - "Enter Passphrase", - NULL, flags, - GTK_STOCK_OK, GTK_RESPONSE_OK, - GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, - NULL); - - gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK); - - GtkWidget* label = gtk_label_new(label_text.c_str()); - - GtkWidget* entry = gtk_entry_new(); - gtk_entry_set_visibility(GTK_ENTRY(entry), 0); - gtk_entry_set_activates_default(GTK_ENTRY(entry), TRUE); - gtk_entry_set_max_length(GTK_ENTRY(entry), MAX_PASSPHRASE); - - char passphrase_buf[MAX_PASSPHRASE + 1] = { 0 }; - - gtk_signal_connect(GTK_OBJECT(entry), "activate", - GTK_SIGNAL_FUNC(callback), passphrase_buf); - - GtkWidget* vbox = gtk_vbox_new(FALSE, 0); - gtk_box_pack_start(GTK_BOX(vbox), label, FALSE, FALSE, 0); - gtk_box_pack_start(GTK_BOX(vbox), entry, FALSE, FALSE, 0); - - gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), vbox, TRUE, TRUE, 0); - gtk_widget_show_all(vbox); - - /* Block until we get something back */ - result = CANCEL_ACTION; - if(gtk_dialog_run(GTK_DIALOG(dialog)) == GTK_RESPONSE_OK) - result = OK; - - gtk_widget_destroy(dialog); - - if(result == OK) - return std::string(passphrase_buf); - return ""; - } diff --git a/botan/doc/examples/gtk/gtk_ui.h b/botan/doc/examples/gtk/gtk_ui.h deleted file mode 100644 index 9ced83a..0000000 --- a/botan/doc/examples/gtk/gtk_ui.h +++ /dev/null @@ -1,25 +0,0 @@ -/************************************************* -* GTK+ User Interface Header File * -*************************************************/ - -#ifndef BOTAN_EXT_GTK_UI__ -#define BOTAN_EXT_GTK_UI__ - -#include <botan/ui.h> -#include <gtk/gtk.h> - -/************************************************* -* GTK+ Passphrase Callback Object * -*************************************************/ -class GTK_UI : public Botan::User_Interface - { - public: - std::string get_passphrase(const std::string&, const std::string&, - UI_Result&) const; - - std::string get_passphrase(const std::string&, UI_Result&) const; - - static void callback(GtkWidget*, gpointer); - }; - -#endif diff --git a/botan/doc/examples/gtk/readme.txt b/botan/doc/examples/gtk/readme.txt deleted file mode 100644 index 4f36911..0000000 --- a/botan/doc/examples/gtk/readme.txt +++ /dev/null @@ -1,18 +0,0 @@ - -This is an example of how to use Botan in a GUI. You need at least -Botan 1.6.0. - -You'll also need GTK+ 2.x (tested with GTK+ 2.10; should work with -most versions). Keep in mind that I was learning GTK as I was writing -this code, so it is not exactly the best GTK code you're likely to -see. - -dsa.cpp is the main GTK+ driver. It has some comments at the top which -point out major areas of interest. - -gtk_ui.* implement a User_Interface object that opens up a GTK+ dialog -box that asks the user for their passphrase. It works pretty well, the -only major deficiency is a fixed upper limit on the size of the -passphrase (currently 64). You may want to use this in your own code, -assuming you use GTK. If not, it should at least provide an outline -for writing a version for your favorite windowing system. diff --git a/botan/doc/examples/hash.cpp b/botan/doc/examples/hash.cpp deleted file mode 100644 index a97cd60..0000000 --- a/botan/doc/examples/hash.cpp +++ /dev/null @@ -1,64 +0,0 @@ -/* -Prints the message digest of files, using an arbitrary hash function -chosen by the user. This is less flexible that I might like, for example: - ./hash sha1 some_file [or md5 or sha-1 or ripemd160 or ...] -will not work, cause the name lookup is case-sensitive. Oh well... - -Written by Jack Lloyd (lloyd@randombit.net), on August 4, 2002 - - December 16, 2003: "Fixed" to accept "sha1" or "md5" as a hash name - -This file is in the public domain -*/ - -#include <iostream> -#include <fstream> -#include <botan/botan.h> - -int main(int argc, char* argv[]) - { - if(argc < 3) - { - std::cout << "Usage: " << argv[0] << " digest <filenames>" << std::endl; - return 1; - } - - Botan::LibraryInitializer init; - - std::string hash = argv[1]; - /* a couple of special cases, kind of a crock */ - if(hash == "sha1") hash = "SHA-1"; - if(hash == "md5") hash = "MD5"; - - try { - if(!Botan::have_hash(hash)) - { - std::cout << "Unknown hash \"" << argv[1] << "\"" << std::endl; - return 1; - } - - Botan::Pipe pipe(new Botan::Hash_Filter(hash), - new Botan::Hex_Encoder); - - int skipped = 0; - for(int j = 2; argv[j] != 0; j++) - { - std::ifstream file(argv[j]); - if(!file) - { - std::cout << "ERROR: could not open " << argv[j] << std::endl; - skipped++; - continue; - } - pipe.start_msg(); - file >> pipe; - pipe.end_msg(); - pipe.set_default_msg(j-2-skipped); - std::cout << pipe << " " << argv[j] << std::endl; - } - } - catch(std::exception& e) - { - std::cout << "Exception caught: " << e.what() << std::endl; - } - return 0; - } diff --git a/botan/doc/examples/hash_fd.cpp b/botan/doc/examples/hash_fd.cpp deleted file mode 100644 index 82ca2c3..0000000 --- a/botan/doc/examples/hash_fd.cpp +++ /dev/null @@ -1,71 +0,0 @@ -/* -Written by Jack Lloyd (lloyd@randombit.net), on Prickle-Prickle, -the 10th of Bureaucracy, 3167. - -This file is in the public domain - -This is just like the normal hash application, but uses the Unix I/O system -calls instead of C++ iostreams. Previously, this version was much faster and -smaller, but GCC 3.1's libstdc++ seems to have been improved enough that the -difference is now fairly minimal. - -Nicely enough, doing the change required changing only about 3 lines of code. - -Note that this requires you to be on a machine running some sort of Unix. Well, -I guess any POSIX.1 compliant OS (in theory). -*/ - -#include <iostream> -#include <botan/botan.h> - -#if !defined(BOTAN_HAS_PIPE_UNIXFD_IO) - #error "You didn't compile the pipe_unixfd module into Botan" -#endif - -#include <fcntl.h> -#include <unistd.h> - -int main(int argc, char* argv[]) - { - if(argc < 3) - { - std::cout << "Usage: " << argv[0] << " digest <filenames>" << std::endl; - return 1; - } - - Botan::LibraryInitializer init; - - try - { - Botan::Pipe pipe(new Botan::Hash_Filter(argv[1]), - new Botan::Hex_Encoder); - - int skipped = 0; - for(int j = 2; argv[j] != 0; j++) - { - int file = open(argv[j], O_RDONLY); - if(file == -1) - { - std::cout << "ERROR: could not open " << argv[j] << std::endl; - skipped++; - continue; - } - pipe.start_msg(); - file >> pipe; - pipe.end_msg(); - close(file); - pipe.set_default_msg(j-2-skipped); - std::cout << pipe << " " << argv[j] << std::endl; - } - } - catch(Botan::Algorithm_Not_Found) - { - std::cout << "Don't know about the hash function \"" << argv[1] << "\"" - << std::endl; - } - catch(std::exception& e) - { - std::cout << "Exception caught: " << e.what() << std::endl; - } - return 0; - } diff --git a/botan/doc/examples/hash_quickly.cpp b/botan/doc/examples/hash_quickly.cpp deleted file mode 100644 index e719a71..0000000 --- a/botan/doc/examples/hash_quickly.cpp +++ /dev/null @@ -1,90 +0,0 @@ -#include <botan/botan.h> -#include <botan/benchmark.h> -#include <botan/filters.h> - -#include <iostream> -#include <fstream> -#include <string> -#include <map> -#include <cstdlib> - -/* -Try to find the fastest SHA-1 implementation and use it to hash -files. In most programs this isn't worth the bother and -overhead. However with large amount of input, it is worth it. On tests -on a Core2 system with the SHA-1 SSE2 code enabled, over a few hundred -Mb or so the overhead paid for itself. - -Of course you could also just do this once and save it as an -application config, which is probably the smart thing to do. -*/ - -void set_fastest_implementation(const std::string& algo, - Botan::RandomNumberGenerator& rng, - double ms = 30) - { - Botan::Default_Benchmark_Timer timer; - - Botan::Algorithm_Factory& af = Botan::global_state().algorithm_factory(); - - std::map<std::string, double> results = - Botan::algorithm_benchmark(algo, ms, timer, rng, af); - - std::string fastest_provider = ""; - double best_res = 0; - - for(std::map<std::string, double>::iterator r = results.begin(); - r != results.end(); ++r) - { - std::cout << r->first << " @ " << r->second << " MiB/sec\n"; - - if(fastest_provider == "" || r->second > best_res) - { - fastest_provider = r->first; - best_res = r->second; - } - } - - std::cout << "Using " << fastest_provider << "\n"; - - af.set_preferred_provider(algo, fastest_provider); - } - -int main(int argc, char* argv[]) - { - if(argc <= 1) - { - std::cout << "Usage: " << argv[0] << " <file> <file> ...\n"; - return 1; - } - - Botan::LibraryInitializer init; - Botan::AutoSeeded_RNG rng; - - const std::string hash = "SHA-1"; - - set_fastest_implementation(hash, rng); - - // Here we intentionally use the 'old style' lookup interface - // which will also respect the provider settings. Or can use: - // global_state().algorithm_factory().make_hash_function(hash) - Botan::Pipe pipe( - new Botan::Hash_Filter(Botan::get_hash(hash)), - new Botan::Hex_Encoder - ); - - for(size_t i = 1; argv[i]; ++i) - { - std::ifstream in(argv[i]); - if(!in) - continue; - - pipe.start_msg(); - in >> pipe; - pipe.end_msg(); - - std::cout << argv[i] << " = " - << pipe.read_all_as_string(Botan::Pipe::LAST_MESSAGE) << "\n"; - - } - } diff --git a/botan/doc/examples/hasher.cpp b/botan/doc/examples/hasher.cpp deleted file mode 100644 index 5ba982f..0000000 --- a/botan/doc/examples/hasher.cpp +++ /dev/null @@ -1,58 +0,0 @@ -/* -A Botan example application which emulates a -poorly written version of "gpg --print-md" - -Written by Jack Lloyd (lloyd@randombit.net), quite a while ago (as of June -2001) - -This file is in the public domain -*/ -#include <fstream> -#include <iostream> -#include <string> -#include <botan/botan.h> - -int main(int argc, char* argv[]) - { - if(argc < 2) - { - std::cout << "Usage: " << argv[0] << " <filenames>" << std::endl; - return 1; - } - - Botan::LibraryInitializer init; - - const int COUNT = 3; - std::string name[COUNT] = { "MD5", "SHA-1", "RIPEMD-160" }; - - for(int j = 1; argv[j] != 0; j++) - { - Botan::Filter* hash[COUNT] = { - new Botan::Chain(new Botan::Hash_Filter(name[0]), - new Botan::Hex_Encoder), - new Botan::Chain(new Botan::Hash_Filter(name[1]), - new Botan::Hex_Encoder), - new Botan::Chain(new Botan::Hash_Filter(name[2]), - new Botan::Hex_Encoder) - }; - - Botan::Pipe pipe(new Botan::Fork(hash, COUNT)); - - std::ifstream file(argv[j]); - if(!file) - { - std::cout << "ERROR: could not open " << argv[j] << std::endl; - continue; - } - pipe.start_msg(); - file >> pipe; - pipe.end_msg(); - file.close(); - for(int k = 0; k != COUNT; k++) - { - pipe.set_default_msg(k); - std::cout << name[k] << "(" << argv[j] << ") = " << pipe << std::endl; - } - } - return 0; - } diff --git a/botan/doc/examples/hasher2.cpp b/botan/doc/examples/hasher2.cpp deleted file mode 100644 index 12d3c85..0000000 --- a/botan/doc/examples/hasher2.cpp +++ /dev/null @@ -1,72 +0,0 @@ -/* -Identical to hasher.cpp, but uses Pipe in a different way. - -Note this tends to be much less efficient than hasher.cpp, because it does -three passes over the file. For a small file, it doesn't really matter. But for -a large file, or for something you can't re-read easily (socket, stdin, ...) -this is a bad idea. - -Written by Jack Lloyd (lloyd@randombit.net), Feb 8 2001 - -This file is in the public domain -*/ -#include <fstream> -#include <iostream> -#include <string> -#include <botan/botan.h> - -int main(int argc, char* argv[]) - { - if(argc < 2) - { - std::cout << "Usage: " << argv[0] << " <filenames>" << std::endl; - return 1; - } - - Botan::LibraryInitializer init; - - const int COUNT = 3; - std::string name[COUNT] = { "MD5", "SHA-1", "RIPEMD-160" }; - - Botan::Pipe pipe; - - int skipped = 0; - for(int j = 1; argv[j] != 0; j++) - { - Botan::Filter* hash[COUNT] = { - new Botan::Hash_Filter(name[0]), - new Botan::Hash_Filter(name[1]), - new Botan::Hash_Filter(name[2]), - }; - - std::ifstream file(argv[j]); - if(!file) - { - std::cout << "ERROR: could not open " << argv[j] << std::endl; - skipped++; - continue; - } - for(int k = 0; k != COUNT; k++) - { - pipe.reset(); - pipe.append(hash[k]); - pipe.append(new Botan::Hex_Encoder); - pipe.start_msg(); - - // trickiness: the >> op reads until EOF, but seekg won't work - // unless we're in the "good" state (which EOF is not). - file.clear(); - file.seekg(0, std::ios::beg); - file >> pipe; - pipe.end_msg(); - } - file.close(); - for(int k = 0; k != COUNT; k++) - { - std::string out = pipe.read_all_as_string(COUNT*(j-1-skipped) + k); - std::cout << name[k] << "(" << argv[j] << ") = " << out << std::endl; - } - } - - return 0; - } diff --git a/botan/doc/examples/make_prime.cpp b/botan/doc/examples/make_prime.cpp deleted file mode 100644 index 0c90b2b..0000000 --- a/botan/doc/examples/make_prime.cpp +++ /dev/null @@ -1,73 +0,0 @@ -#include <botan/numthry.h> -#include <botan/auto_rng.h> -#include <botan/botan.h> - -using namespace Botan; - -#include <set> -#include <iostream> -#include <iterator> -#include <map> - -int main() - { - Botan::LibraryInitializer init; - AutoSeeded_RNG rng; - - std::set<BigInt> primes; - - std::map<int, int> bit_count; - - int not_new = 0; - - while(primes.size() < 10000) - { - u32bit start_cnt = primes.size(); - - u32bit bits = 18; - - if(rng.next_byte() % 128 == 0) - bits -= rng.next_byte() % (bits-2); - - bit_count[bits]++; - - //std::cout << "random_prime(" << bits << ")\n"; - - BigInt p = random_prime(rng, bits); - - if(p.bits() != bits) - { - std::cout << "Asked for " << bits << " got " << p - << " " << p.bits() << " bits\n"; - return 1; - } - - primes.insert(random_prime(rng, bits)); - - if(primes.size() != start_cnt) - std::cout << primes.size() << "\n"; - else - not_new++; - - //std::cout << "miss: " << not_new << "\n"; - - if(not_new % 100000 == 0) - { - for(std::map<int, int>::iterator i = bit_count.begin(); - i != bit_count.end(); ++i) - std::cout << "bit_count[" << i->first << "] = " - << i->second << "\n"; - std::copy(primes.begin(), primes.end(), - std::ostream_iterator<BigInt>(std::cout, " ")); - } - } - - std::cout << "Generated all? primes\n"; - /* - for(u32bit j = 0; j != PRIME_TABLE_SIZE; ++j) - { - if(primes.count(PRIMES[j]) != 1) - std::cout << "Missing " << PRIMES[j] << "\n"; - } - */ - } diff --git a/botan/doc/examples/passhash.cpp b/botan/doc/examples/passhash.cpp deleted file mode 100644 index 7f5bbc2..0000000 --- a/botan/doc/examples/passhash.cpp +++ /dev/null @@ -1,86 +0,0 @@ -#include <botan/botan.h> -#include <botan/pbkdf2.h> -#include <botan/hmac.h> -#include <botan/sha160.h> -#include <iostream> -#include <memory> - -using namespace Botan; - -std::string password_hash(const std::string& pass, - RandomNumberGenerator& rng); -bool password_hash_ok(const std::string& pass, const std::string& hash); - -int main(int argc, char* argv[]) - { - if(argc != 2 && argc != 3) - { - std::cerr << "Usage: " << argv[0] << " password\n"; - std::cerr << "Usage: " << argv[0] << " password hash\n"; - return 1; - } - - Botan::LibraryInitializer init; - - try - { - - if(argc == 2) - { - AutoSeeded_RNG rng; - - std::cout << "H('" << argv[1] << "') = " - << password_hash(argv[1], rng) << '\n'; - } - else - { - bool ok = password_hash_ok(argv[1], argv[2]); - if(ok) - std::cout << "Password and hash match\n"; - else - std::cout << "Password and hash do not match\n"; - } - } - catch(std::exception& e) - { - std::cerr << e.what() << '\n'; - return 1; - } - return 0; - } - -std::string password_hash(const std::string& pass, - RandomNumberGenerator& rng) - { - PKCS5_PBKDF2 kdf(new HMAC(new SHA_160)); - - kdf.set_iterations(10000); - kdf.new_random_salt(rng, 6); // 48 bits - - Pipe pipe(new Base64_Encoder); - pipe.start_msg(); - pipe.write(kdf.current_salt()); - pipe.write(kdf.derive_key(12, pass).bits_of()); - pipe.end_msg(); - - return pipe.read_all_as_string(); - } - -bool password_hash_ok(const std::string& pass, const std::string& hash) - { - Pipe pipe(new Base64_Decoder); - pipe.start_msg(); - pipe.write(hash); - pipe.end_msg(); - - SecureVector<byte> hash_bin = pipe.read_all(); - - PKCS5_PBKDF2 kdf(new HMAC(new SHA_160)); - - kdf.set_iterations(10000); - kdf.change_salt(hash_bin, 6); - - SecureVector<byte> cmp = kdf.derive_key(12, pass).bits_of(); - - return same_mem(cmp.begin(), hash_bin.begin() + 6, 12); - } diff --git a/botan/doc/examples/pkcs10.cpp b/botan/doc/examples/pkcs10.cpp deleted file mode 100644 index d719baf..0000000 --- a/botan/doc/examples/pkcs10.cpp +++ /dev/null @@ -1,73 +0,0 @@ -/* -Generate a 1024 bit RSA key, and then create a PKCS #10 certificate request for -that key. The private key will be stored as an encrypted PKCS #8 object, and -stored in another file. - -Written by Jack Lloyd (lloyd@randombit.net), April 7, 2003 - -This file is in the public domain -*/ -#include <botan/init.h> -#include <botan/auto_rng.h> -#include <botan/x509self.h> -#include <botan/rsa.h> -#include <botan/dsa.h> -using namespace Botan; - -#include <iostream> -#include <fstream> -#include <memory> - -int main(int argc, char* argv[]) - { - if(argc != 6) - { - std::cout << "Usage: " << argv[0] << - " passphrase name country_code organization email" << std::endl; - return 1; - } - - Botan::LibraryInitializer init; - - try - { - AutoSeeded_RNG rng; - - RSA_PrivateKey priv_key(rng, 1024); - // If you want a DSA key instead of RSA, comment out the above line and - // uncomment this one: - //DSA_PrivateKey priv_key(DL_Group("dsa/jce/1024")); - - std::ofstream key_file("private.pem"); - key_file << PKCS8::PEM_encode(priv_key, rng, argv[1]); - - X509_Cert_Options opts; - - opts.common_name = argv[2]; - opts.country = argv[3]; - opts.organization = argv[4]; - opts.email = argv[5]; - - /* Some hard-coded options, just to give you an idea of what's there */ - opts.challenge = "a fixed challenge passphrase"; - opts.locality = "Baltimore"; - opts.state = "MD"; - opts.org_unit = "Testing"; - opts.add_ex_constraint("PKIX.ClientAuth"); - opts.add_ex_constraint("PKIX.IPsecUser"); - opts.add_ex_constraint("PKIX.EmailProtection"); - - opts.xmpp = "someid@xmpp.org"; - - PKCS10_Request req = X509::create_cert_req(opts, priv_key, rng); - - std::ofstream req_file("req.pem"); - req_file << req.PEM_encode(); - } - catch(std::exception& e) - { - std::cout << e.what() << std::endl; - return 1; - } - return 0; - } diff --git a/botan/doc/examples/pqg_gen.cpp b/botan/doc/examples/pqg_gen.cpp deleted file mode 100644 index e4b9598..0000000 --- a/botan/doc/examples/pqg_gen.cpp +++ /dev/null @@ -1,116 +0,0 @@ -#include <iostream> -#include <fstream> -#include <string> -#include <vector> -#include <map> -#include <memory> - -#include <botan/botan.h> -#include <botan/auto_rng.h> -#include <botan/look_pk.h> -#include <botan/dsa.h> -#include <botan/numthry.h> -#include <botan/dl_group.h> -using namespace Botan; - -bool check(RandomNumberGenerator& rng, - std::map<std::string, std::string>); - -int main() - { - try { - Botan::LibraryInitializer init("use_engines"); - - AutoSeeded_RNG rng; - - std::ifstream in("PQGGen.rsp"); - if(!in) - throw Exception("Can't open response file"); - - std::map<std::string, std::string> inputs; - - while(in.good()) - { - std::string line; - std::getline(in, line); - - if(line == "" || line[0] == '[' || line[0] == '#') - continue; - - std::vector<std::string> name_and_val = split_on(line, '='); - - if(name_and_val.size() != 2) - throw Decoding_Error("Unexpected input: " + line); - - name_and_val[0].erase(name_and_val[0].size()-1); - name_and_val[1].erase(0, 1); - - std::string name = name_and_val[0], value = name_and_val[1]; - - inputs[name] = value; - - if(name == "H") - { - bool result = check(rng, inputs); - std::cout << "." << std::flush; - if(result == false) - { - std::cout << " Check failed\n"; - - std::map<std::string, std::string>::const_iterator i; - - for(i = inputs.begin(); i != inputs.end(); i++) - std::cout << i->first << " = " << i->second << "\n"; - - std::cout << "\n"; - } - - inputs.clear(); - } - } - } - catch(std::exception& e) - { - std::cout << e.what() << std::endl; - return 1; - } - return 0; - } - -bool check(RandomNumberGenerator& rng, - std::map<std::string, std::string> inputs) - { - BigInt p("0x"+inputs["P"]), - q("0x"+inputs["Q"]), - g("0x"+inputs["G"]), - h("0x"+inputs["H"]); - - if(h < 1 || h >= p-1) return false; - - //u32bit c = to_u32bit(inputs["c"]); - - Pipe pipe(new Hex_Decoder); - pipe.process_msg(inputs["Seed"]); - SecureVector<byte> seed = pipe.read_all(); - - BigInt our_p, our_q; - - u32bit qbits = (p.bits() <= 1024) ? 160 : 256; - - Algorithm_Factory& af = global_state().algorithm_factory(); - - bool found = generate_dsa_primes(rng, af, our_p, our_q, - p.bits(), qbits, seed); - - if(!found) /* bad seed */ - return false; - - if(our_p != p) return false; - if(our_q != q) return false; - - BigInt our_g = power_mod(h, (p-1)/q, p); - - if(our_g != g) return false; - - return true; - } diff --git a/botan/doc/examples/readme.txt b/botan/doc/examples/readme.txt deleted file mode 100644 index 48686db..0000000 --- a/botan/doc/examples/readme.txt +++ /dev/null @@ -1,77 +0,0 @@ -This directory contains some simple example applications for the Botan crypto -library. If you want to see something a bit more complicated, check out the -stuff in the checks/ directory. Both it and the files in this directory are in -the public domain, and you may do with them however you please. - -The makefile assumes that you built the library with g++; you'll have to change -it if this assumption proves incorrect. - -Some of these examples will not build on all configurations of the library, -particularly 'bzip', 'encrypt', 'decrypt', and 'hash_fd', as they require -various extensions. - -The examples are fairly small (50-150 lines). And that's with argument -processing, I/O, error checking, etc (which counts for 40% or more of most of -them). This is partially to make them easy to understand, and partially because -I'm lazy. For the most part, the examples cover the stuff a 'regular' -application might need. - -Feel free to contribute new examples. You too can gain fame and fortune by -writing example apps for obscure libraries! - -The examples are: - -* X.509 examples --------- -ca: A (very) simple CA application - -x509info: Prints some information about an X.509 certificate - -pkcs10: Generates a PKCS #10 certificate request for a 1024 bit RSA key - -self_sig: Generates a self-signed X.509v3 certificate with a 1024 bit RSA key --------- - -* RSA examples (also uses X.509, PKCS #8, block ciphers, MACs, S2K algorithms) --------- -rsa_kgen: Generate an RSA key, encrypt the private key with a passphrase, - output the keys to a pair of files -rsa_enc: Take a public key (generated by rsa_kgen) and encrypt a file - using CAST-128, MAC it with HMAC(SHA-1) -rsa_dec: Decrypt a file encrypted by rsa_enc - -* DSA examples (also uses X.509, PKCS #8) --------- -dsa_kgen: Generates a DSA key, encrypts the private key with a passphrase - and stores it in PKCS #8 format. -dsa_sign: Produce a DSA signature for a file. Uses SHA-1 -dsa_ver: Verify a message signed with dsa_sign - -* Encryption examples --------- -encrypt: Encrypt a file in CBC mode with a block cipher of your choice. Adds - a MAC for authentication, and compresses the plaintext with Zlib. - -decrypt: Decrypt the result of 'encrypt' - -xor_ciph: Shows how to add a new algorithm from application code - -* Hash function examples (also shows different methods of using Pipe) --------- -hash: Print digests of files, using any chosen hash function - -hash_fd: Same as hash, except that it uses Unix file I/O. Requires the - pipe_unixfd extension - -hasher: Print MD5, SHA-1, and RIPEMD-160 digests of files - -hasher2: Same as hasher, just shows an alternate method - -stack: A demonstration of some more advanced Pipe functionality. Prints - MD5 hashes - -* Misc examples --------- -base64: Simple base64 encoding/decoding tool - -bzip: Bzip2 compression/decompression. diff --git a/botan/doc/examples/ressol.cpp b/botan/doc/examples/ressol.cpp deleted file mode 100644 index 43bb68d..0000000 --- a/botan/doc/examples/ressol.cpp +++ /dev/null @@ -1,80 +0,0 @@ -#include <botan/numthry.h> -#include <botan/auto_rng.h> -#include <botan/botan.h> - -using namespace Botan; - -#include <iostream> - -void test_ressol(const BigInt& p, RandomNumberGenerator& rng) - { - std::cout << p << std::endl; - - // const BigInt p_16 = p / 16; - - int noroot = 0, false_result = 0; - - for(int j = 0; j != 1000; ++j) - { - BigInt x = BigInt::random_integer(rng, 0, p); - //if(x % p_16 == 0) - //std::cout << "p = " << p << " x = " << x << "\n"; - - BigInt sqrt_x = ressol(x, p); - - if(sqrt_x < 0) - { - ++noroot; - continue; - } - - BigInt check = square(sqrt_x) % p; - - if(check != x % p) - { - std::cout << "FAIL " - << "x = " << x << "; " - << "p = " << p << "; " - << "s = " << sqrt_x << "; " - << "s^2%p = " << check << "\n"; - ++false_result; - } - } - /* - std::cout << "nomatch=" << nomatch << " " - << "noroot=" << noroot << " " - << "false=" << false_result << "\n"; - */ - } - -int main() - { - Botan::LibraryInitializer init; - AutoSeeded_RNG rng; - -#if 0 - std::cout << ressol(8, 17) << "\n"; - std::cout << ressol_orig(8, 17) << "\n"; -#endif - -#if 1 - for(int j = 16; j != 1024; ++j) - { - std::cout << "Round " << j << "\n"; - BigInt p = random_prime(rng, j); - test_ressol(p, rng); - //printf("%d\n", j); - - - } -#endif - /* - for(u32bit j = 9; j != PRIME_TABLE_SIZE; ++j) - { - std::cout << "PRIME[" << j << "] == " << PRIMES[j] << std::endl; - //printf("%d - ", PRIMES[j]); - test_ressol(PRIMES[j], rng); - //printf("\n"); - } - */ - } diff --git a/botan/doc/examples/rng_test.cpp b/botan/doc/examples/rng_test.cpp deleted file mode 100644 index 8d4253a..0000000 --- a/botan/doc/examples/rng_test.cpp +++ /dev/null @@ -1,143 +0,0 @@ -#include <botan/botan.h> -#include <botan/x931_rng.h> -#include <botan/filters.h> -#include <botan/lookup.h> - -#include <iostream> -#include <fstream> -#include <boost/algorithm/string.hpp> -#include <stdexcept> - -using namespace Botan; - -std::vector<std::pair<std::string, std::string> > read_file(const std::string&); - -SecureVector<byte> decode_hex(const std::string& in) - { - SecureVector<byte> result; - - try { - Botan::Pipe pipe(new Botan::Hex_Decoder); - pipe.process_msg(in); - result = pipe.read_all(); - } - catch(std::exception& e) - { - result.destroy(); - } - return result; - } - -std::string hex_encode(const byte in[], u32bit len) - { - Botan::Pipe pipe(new Botan::Hex_Encoder); - pipe.process_msg(in, len); - return pipe.read_all_as_string(); - } - -class Fixed_Output_RNG : public RandomNumberGenerator - { - public: - bool is_seeded() const { return !buf.empty(); } - - byte random() - { - if(buf.empty()) - throw std::runtime_error("Out of bytes"); - - byte out = buf.front(); - buf.pop_front(); - return out; - } - - void randomize(byte out[], u32bit len) throw() - { - for(u32bit j = 0; j != len; j++) - out[j] = random(); - } - - std::string name() const { return "Fixed_Output_RNG"; } - - void reseed(u32bit) {} - - void clear() throw() {} - - void add_entropy(const byte in[], u32bit len) - { - buf.insert(buf.end(), in, in + len); - } - - void add_entropy_source(EntropySource* es) { delete es; } - - Fixed_Output_RNG() {} - private: - std::deque<byte> buf; - }; - -void x931_tests(std::vector<std::pair<std::string, std::string> > vecs, - const std::string& cipher) - { - for(size_t j = 0; j != vecs.size(); ++j) - { - const std::string result = vecs[j].first; - const std::string input = vecs[j].second; - - ANSI_X931_RNG prng(get_block_cipher(cipher), - new Fixed_Output_RNG); - - SecureVector<byte> x = decode_hex(input); - prng.add_entropy(x.begin(), x.size()); - - SecureVector<byte> output(result.size() / 2); - prng.randomize(output, output.size()); - - if(decode_hex(result) != output) - std::cout << "FAIL"; - else - std::cout << "PASS"; - - std::cout << " Seed " << input << " " - << "Got " << hex_encode(output, output.size()) << " " - << "Exp " << result << "\n"; - } - - } - -int main() - { - Botan::LibraryInitializer init; - - x931_tests(read_file("ANSI931_AES128VST.txt.vst"), "AES-128"); - x931_tests(read_file("ANSI931_AES192VST.txt.vst"), "AES-192"); - x931_tests(read_file("ANSI931_AES256VST.txt.vst"), "AES-256"); - x931_tests(read_file("ANSI931_TDES2VST.txt.vst"), "TripleDES"); - x931_tests(read_file("ANSI931_TDES3VST.txt.vst"), "TripleDES"); - } - - -std::vector<std::pair<std::string, std::string> > -read_file(const std::string& fsname) - { - std::ifstream in(fsname.c_str()); - - std::vector<std::pair<std::string, std::string> > out; - - while(in.good()) - { - std::string line; - std::getline(in, line); - - if(line == "") - break; - - std::vector<std::string> l; - boost::split(l, line, boost::is_any_of(":")); - - if(l.size() != 2) - throw std::runtime_error("Bad line " + line); - - out.push_back(std::make_pair(l[0], l[1])); - } - - return out; - } diff --git a/botan/doc/examples/row_encryptor.cpp b/botan/doc/examples/row_encryptor.cpp deleted file mode 100644 index 1dac82f..0000000 --- a/botan/doc/examples/row_encryptor.cpp +++ /dev/null @@ -1,143 +0,0 @@ -#include <string> -#include <memory> -#include <sstream> -#include <iostream> -#include <stdexcept> - -#include <botan/botan.h> -#include <botan/filters.h> -#include <botan/eax.h> - -using namespace Botan; - -/** -Encrypt and decrypt small rows -*/ -class Row_Encryptor - { - public: - Row_Encryptor(const std::string& passphrase, - RandomNumberGenerator& rng); - - std::string encrypt(const std::string& input, - const MemoryRegion<byte>& salt); - - std::string decrypt(const std::string& input, - const MemoryRegion<byte>& salt); - - private: - Row_Encryptor(const Row_Encryptor&) {} - Row_Encryptor& operator=(const Row_Encryptor&) { return (*this); } - - Pipe enc_pipe, dec_pipe; - EAX_Encryption* eax_enc; // owned by enc_pipe - EAX_Decryption* eax_dec; // owned by dec_pipe; - }; - -Row_Encryptor::Row_Encryptor(const std::string& passphrase, - RandomNumberGenerator& rng) - { - std::auto_ptr<S2K> s2k(get_s2k("PBKDF2(SHA-160)")); - - s2k->set_iterations(10000); - - s2k->new_random_salt(rng, 10); // 10 bytes == 80 bits - - SecureVector<byte> key = s2k->derive_key(32, passphrase).bits_of(); - - /* - Save pointers to the EAX objects so we can change the IV as needed - */ - - Algorithm_Factory& af = global_state().algorithm_factory(); - - const BlockCipher* proto = af.prototype_block_cipher("Serpent"); - - if(!proto) - throw std::runtime_error("Could not get a Serpent proto object"); - - enc_pipe.append(eax_enc = new EAX_Encryption(proto->clone())); - dec_pipe.append(eax_dec = new EAX_Decryption(proto->clone())); - - eax_enc->set_key(key); - eax_dec->set_key(key); - } - -std::string Row_Encryptor::encrypt(const std::string& input, - const MemoryRegion<byte>& salt) - { - eax_enc->set_iv(salt); - - enc_pipe.start_msg(); - enc_pipe.write(input); - enc_pipe.end_msg(); - - return enc_pipe.read_all_as_string(Pipe::LAST_MESSAGE); - } - -std::string Row_Encryptor::decrypt(const std::string& input, - const MemoryRegion<byte>& salt) - { - eax_dec->set_iv(salt); - - dec_pipe.start_msg(); - dec_pipe.write(input); - dec_pipe.end_msg(); - - return dec_pipe.read_all_as_string(Pipe::LAST_MESSAGE); - } - -/************************* - Test code follows: -*/ - -#include <botan/loadstor.h> - -int main() - { - Botan::LibraryInitializer init; - - AutoSeeded_RNG rng; - - Row_Encryptor encryptor("secret passphrase", rng); - - std::vector<std::string> original_inputs; - - for(u32bit i = 0; i != 15000; ++i) - { - std::ostringstream out; - - // This will actually generate variable length inputs (when - // there are leading 0s, which are skipped), which is good - // since it assures performance is OK across a mix of lengths - // TODO: Maybe randomize the length slightly? - - for(u32bit j = 0; j != 32; ++j) - out << std::hex << (int)rng.next_byte(); - - original_inputs.push_back(out.str()); - } - - std::vector<std::string> encrypted_values; - MemoryVector<byte> salt(4); // keep out of loop to avoid excessive dynamic allocation - - for(u32bit i = 0; i != original_inputs.size(); ++i) - { - std::string input = original_inputs[i]; - store_le(i, salt); - - encrypted_values.push_back(encryptor.encrypt(input, salt)); - } - - for(u32bit i = 0; i != encrypted_values.size(); ++i) - { - std::string ciphertext = encrypted_values[i]; - store_le(i, salt); // NOTE: same salt value as previous loop (index value) - - std::string output = encryptor.decrypt(ciphertext, salt); - - if(output != original_inputs[i]) - std::cout << "BOOM " << i << "\n"; - } - - } diff --git a/botan/doc/examples/rsa_dec.cpp b/botan/doc/examples/rsa_dec.cpp deleted file mode 100644 index 25ce33f..0000000 --- a/botan/doc/examples/rsa_dec.cpp +++ /dev/null @@ -1,127 +0,0 @@ -/* -Decrypt an encrypted RSA private key. Then use that key to decrypt a -message. This program can decrypt messages generated by rsa_enc, and uses the -same key format as that generated by rsa_kgen. - -Written by Jack Lloyd (lloyd@randombit.net), June 3-5, 2002 - -This file is in the public domain -*/ - -#include <iostream> -#include <fstream> -#include <string> -#include <memory> - -#include <botan/botan.h> -#include <botan/look_pk.h> // for get_kdf -#include <botan/rsa.h> -using namespace Botan; - -SecureVector<byte> b64_decode(const std::string&); -SymmetricKey derive_key(const std::string&, const SymmetricKey&, u32bit); - -const std::string SUFFIX = ".enc"; - -int main(int argc, char* argv[]) - { - if(argc != 4) - { - std::cout << "Usage: " << argv[0] << " keyfile messagefile passphrase" - << std::endl; - return 1; - } - - Botan::LibraryInitializer init; - - try - { - AutoSeeded_RNG rng; - - std::auto_ptr<PKCS8_PrivateKey> key( - PKCS8::load_key(argv[1], rng, argv[3])); - - RSA_PrivateKey* rsakey = dynamic_cast<RSA_PrivateKey*>(key.get()); - if(!rsakey) - { - std::cout << "The loaded key is not a RSA key!\n"; - return 1; - } - - std::ifstream message(argv[2]); - if(!message) - { - std::cout << "Couldn't read the message file." << std::endl; - return 1; - } - - std::string outfile(argv[2]); - outfile = outfile.replace(outfile.find(SUFFIX), SUFFIX.length(), ""); - - std::ofstream plaintext(outfile.c_str()); - if(!plaintext) - { - std::cout << "Couldn't write the plaintext to " - << outfile << std::endl; - return 1; - } - - std::string enc_masterkey_str; - std::getline(message, enc_masterkey_str); - std::string mac_str; - std::getline(message, mac_str); - - SecureVector<byte> enc_masterkey = b64_decode(enc_masterkey_str); - - std::auto_ptr<PK_Decryptor> decryptor(get_pk_decryptor(*rsakey, - "EME1(SHA-1)")); - SecureVector<byte> masterkey = decryptor->decrypt(enc_masterkey); - - SymmetricKey cast_key = derive_key("CAST", masterkey, 16); - InitializationVector iv = derive_key("IV", masterkey, 8); - SymmetricKey mac_key = derive_key("MAC", masterkey, 16); - - Pipe pipe(new Base64_Decoder, - get_cipher("CAST-128/CBC/PKCS7", cast_key, iv, DECRYPTION), - new Fork( - 0, - new Chain( - new MAC_Filter("HMAC(SHA-1)", mac_key, 12), - new Base64_Encoder - ) - ) - ); - - pipe.start_msg(); - message >> pipe; - pipe.end_msg(); - - std::string our_mac = pipe.read_all_as_string(1); - - if(our_mac != mac_str) - std::cout << "WARNING: MAC in message failed to verify\n"; - - plaintext << pipe.read_all_as_string(0); - } - catch(std::exception& e) - { - std::cout << "Exception caught: " << e.what() << std::endl; - return 1; - } - return 0; - } - -SecureVector<byte> b64_decode(const std::string& in) - { - Pipe pipe(new Base64_Decoder); - pipe.process_msg(in); - return pipe.read_all(); - } - -SymmetricKey derive_key(const std::string& param, - const SymmetricKey& masterkey, - u32bit outputlength) - { - std::auto_ptr<KDF> kdf(get_kdf("KDF2(SHA-1)")); - return kdf->derive_key(outputlength, masterkey.bits_of(), param); - } diff --git a/botan/doc/examples/rsa_enc.cpp b/botan/doc/examples/rsa_enc.cpp deleted file mode 100644 index f9b8c55..0000000 --- a/botan/doc/examples/rsa_enc.cpp +++ /dev/null @@ -1,151 +0,0 @@ -/* - Grab an RSA public key from the file given as an argument, grab a message - from another file, and encrypt the message. - - Algorithms used: - RSA with EME1(SHA-1) padding to encrypt the master key - CAST-128 in CBC mode with PKCS#7 padding to encrypt the message. - HMAC with SHA-1 is used to authenticate the message - - The keys+IV used are derived from the master key (the thing that's encrypted - with RSA) using KDF2(SHA-1). The 3 outputs of KDF2 are parameterized by P, - where P is "CAST", "IV" or "MAC", in order to make each key/IV unique. - - The format is: - 1) First line is the master key, encrypted with the recipients public key - using EME1(SHA-1), and then base64 encoded. - 2) Second line is the first 96 bits (12 bytes) of the HMAC(SHA-1) of - the _plaintext_ - 3) Following lines are base64 encoded ciphertext (CAST-128 as described), - each broken after ~72 characters. - -Written by Jack Lloyd (lloyd@randombit.net), June 3, 2002 - Updated to use KDF2, September 8, 2002 - Updated to read X.509 keys, October 21, 2002 - -This file is in the public domain -*/ - -#include <iostream> -#include <fstream> -#include <string> -#include <memory> - -#include <botan/botan.h> -#include <botan/look_pk.h> -#include <botan/rsa.h> -using namespace Botan; - -std::string b64_encode(const SecureVector<byte>&); -SymmetricKey derive_key(const std::string&, const SymmetricKey&, u32bit); - -int main(int argc, char* argv[]) - { - if(argc != 3) - { - std::cout << "Usage: " << argv[0] << " keyfile messagefile" << std::endl; - return 1; - } - - std::ifstream message(argv[2]); - if(!message) - { - std::cout << "Couldn't read the message file." << std::endl; - return 1; - } - - Botan::LibraryInitializer init; - - std::string output_name(argv[2]); - output_name += ".enc"; - std::ofstream ciphertext(output_name.c_str()); - if(!ciphertext) - { - std::cout << "Couldn't write the ciphertext to " << output_name - << std::endl; - return 1; - } - - try { - std::auto_ptr<X509_PublicKey> key(X509::load_key(argv[1])); - RSA_PublicKey* rsakey = dynamic_cast<RSA_PublicKey*>(key.get()); - if(!rsakey) - { - std::cout << "The loaded key is not a RSA key!\n"; - return 1; - } - - AutoSeeded_RNG rng; - - std::auto_ptr<PK_Encryptor> encryptor(get_pk_encryptor(*rsakey, - "EME1(SHA-1)")); - - /* Generate the master key (the other keys are derived from this) - - Basically, make the key as large as can be encrypted by this key, up - to a limit of 256 bits. For 512 bit keys, the master key will be >160 - bits. A >600 bit key will use the full 256 bit master key. - - In theory, this is not enough, because we derive 16+16+8=40 bytes of - secrets (if you include the IV) using the master key, so they are not - statistically indepedent. Practically speaking I don't think this is - a problem. - */ - SymmetricKey masterkey(rng, - std::min(32U, encryptor->maximum_input_size())); - - SymmetricKey cast_key = derive_key("CAST", masterkey, 16); - SymmetricKey mac_key = derive_key("MAC", masterkey, 16); - SymmetricKey iv = derive_key("IV", masterkey, 8); - - SecureVector<byte> encrypted_key = - encryptor->encrypt(masterkey.bits_of(), rng); - - ciphertext << b64_encode(encrypted_key) << std::endl; - - Pipe pipe(new Fork( - new Chain( - get_cipher("CAST-128/CBC/PKCS7", cast_key, iv, - ENCRYPTION), - new Base64_Encoder(true) // true == do linebreaking - ), - new Chain( - new MAC_Filter("HMAC(SHA-1)", mac_key, 12), - new Base64_Encoder - ) - ) - ); - - pipe.start_msg(); - message >> pipe; - pipe.end_msg(); - - /* Write the MAC as the second line. That way we can pull it off right - from the start, and feed the rest of the file right into a pipe on the - decrypting end. - */ - - ciphertext << pipe.read_all_as_string(1) << std::endl; - ciphertext << pipe.read_all_as_string(0); - } - catch(std::exception& e) - { - std::cout << "Exception: " << e.what() << std::endl; - } - return 0; - } - -std::string b64_encode(const SecureVector<byte>& in) - { - Pipe pipe(new Base64_Encoder); - pipe.process_msg(in); - return pipe.read_all_as_string(); - } - -SymmetricKey derive_key(const std::string& param, - const SymmetricKey& masterkey, - u32bit outputlength) - { - std::auto_ptr<KDF> kdf(get_kdf("KDF2(SHA-1)")); - return kdf->derive_key(outputlength, masterkey.bits_of(), param); - } diff --git a/botan/doc/examples/rsa_kgen.cpp b/botan/doc/examples/rsa_kgen.cpp deleted file mode 100644 index b7e90ef..0000000 --- a/botan/doc/examples/rsa_kgen.cpp +++ /dev/null @@ -1,65 +0,0 @@ -/* -Generate an RSA key of a specified bitlength, and put it into a pair of key -files. One is the public key in X.509 format (PEM encoded), the private key is -in PKCS #8 format (also PEM encoded). - -Written by Jack Lloyd (lloyd@randombit.net), June 2-3, 2002 - Updated to use X.509 and PKCS #8 on October 21, 2002 - -This file is in the public domain -*/ - -#include <iostream> -#include <fstream> -#include <string> -#include <cstdlib> -#include <memory> - -#include <botan/botan.h> -#include <botan/rsa.h> -using namespace Botan; - -int main(int argc, char* argv[]) - { - if(argc != 2 && argc != 3) - { - std::cout << "Usage: " << argv[0] << " bitsize [passphrase]" - << std::endl; - return 1; - } - - u32bit bits = std::atoi(argv[1]); - if(bits < 1024 || bits > 4096) - { - std::cout << "Invalid argument for bitsize" << std::endl; - return 1; - } - - Botan::LibraryInitializer init; - - std::ofstream pub("rsapub.pem"); - std::ofstream priv("rsapriv.pem"); - if(!priv || !pub) - { - std::cout << "Couldn't write output files" << std::endl; - return 1; - } - - try - { - AutoSeeded_RNG rng; - - RSA_PrivateKey key(rng, bits); - pub << X509::PEM_encode(key); - - if(argc == 2) - priv << PKCS8::PEM_encode(key); - else - priv << PKCS8::PEM_encode(key, rng, argv[2]); - } - catch(std::exception& e) - { - std::cout << "Exception caught: " << e.what() << std::endl; - } - return 0; - } diff --git a/botan/doc/examples/rsa_manykey.cpp b/botan/doc/examples/rsa_manykey.cpp deleted file mode 100644 index 4122bc8..0000000 --- a/botan/doc/examples/rsa_manykey.cpp +++ /dev/null @@ -1,36 +0,0 @@ -/* -Generate a whole sequence of keys (for benchmarking) -*/ - -#include <iostream> -#include <fstream> -#include <string> -#include <cstdlib> -#include <memory> - -#include <botan/botan.h> -#include <botan/rsa.h> -#include <botan/parsing.h> -using namespace Botan; - -int main() - { - Botan::LibraryInitializer init; - - AutoSeeded_RNG rng; - - for(u32bit j = 512; j <= 8192; j += 256) - { - std::cout << j << "..."; - - RSA_PrivateKey key(rng, j); - - std::ofstream priv(("rsa/" + to_string(j) + ".pem").c_str()); - priv << PKCS8::PEM_encode(key); - priv.close(); - - std::cout << " done" << std::endl; - } - - return 0; - } diff --git a/botan/doc/examples/self_sig.cpp b/botan/doc/examples/self_sig.cpp deleted file mode 100644 index 0bf17e3..0000000 --- a/botan/doc/examples/self_sig.cpp +++ /dev/null @@ -1,79 +0,0 @@ -/* -Generate a 1024 bit RSA key, and then create a self-signed X.509v3 certificate -with that key. If the do_CA variable is set to true, then it will be marked for -CA use, otherwise it will get extensions appropriate for use with a client -certificate. The private key is stored as an encrypted PKCS #8 object in -another file. - -Written by Jack Lloyd (lloyd@randombit.net), April 7, 2003 - -This file is in the public domain -*/ -#include <botan/botan.h> -#include <botan/x509self.h> -#include <botan/rsa.h> -#include <botan/dsa.h> -using namespace Botan; - -#include <iostream> -#include <fstream> -#include <memory> - -int main(int argc, char* argv[]) - { - if(argc != 7) - { - std::cout << "Usage: " << argv[0] - << " passphrase [CA|user] name country_code organization email" - << std::endl; - return 1; - } - - Botan::LibraryInitializer init; - - std::string CA_flag = argv[2]; - bool do_CA = false; - - if(CA_flag == "CA") do_CA = true; - else if(CA_flag == "user") do_CA = false; - else - { - std::cout << "Bad flag for CA/user switch: " << CA_flag << std::endl; - return 1; - } - - try - { - AutoSeeded_RNG rng; - - RSA_PrivateKey key(rng, 1024); - - std::ofstream priv_key("private.pem"); - priv_key << PKCS8::PEM_encode(key, rng, argv[1]); - - X509_Cert_Options opts; - - opts.common_name = argv[3]; - opts.country = argv[4]; - opts.organization = argv[5]; - opts.email = argv[6]; - /* Fill in other values of opts here */ - - //opts.xmpp = "lloyd@randombit.net"; - - if(do_CA) - opts.CA_key(); - - X509_Certificate cert = X509::create_self_signed_cert(opts, key, rng); - - std::ofstream cert_file("cert.pem"); - cert_file << cert.PEM_encode(); - } - catch(std::exception& e) - { - std::cout << "Exception: " << e.what() << std::endl; - return 1; - } - - return 0; - } diff --git a/botan/doc/examples/sig_gen.cpp b/botan/doc/examples/sig_gen.cpp deleted file mode 100644 index 6dd7490..0000000 --- a/botan/doc/examples/sig_gen.cpp +++ /dev/null @@ -1,90 +0,0 @@ -#include <iostream> -#include <fstream> -#include <string> -#include <vector> -#include <map> -#include <memory> - -#include <botan/botan.h> -#include <botan/look_pk.h> -#include <botan/dsa.h> -using namespace Botan; - -bool check(std::map<std::string, std::string>); - -int main() - { - try { - Botan::LibraryInitializer init; - - std::ifstream in("SigGen.rsp"); - if(!in) - throw Exception("Can't open response file"); - - std::map<std::string, std::string> inputs; - - while(in.good()) - { - std::string line; - std::getline(in, line); - - if(line == "" || line[0] == '[' || line[0] == '#') - continue; - - std::vector<std::string> name_and_val = split_on(line, '='); - - if(name_and_val.size() != 2) - throw Decoding_Error("Unexpected input: " + line); - - name_and_val[0].erase(name_and_val[0].size()-1); - name_and_val[1].erase(0, 1); - - std::string name = name_and_val[0], value = name_and_val[1]; - - inputs[name] = value; - - if(name == "S") - { - bool result = check(inputs); - if(result == false) - { - std::cout << " Check failed\n"; - - std::map<std::string, std::string>::const_iterator i; - - for(i = inputs.begin(); i != inputs.end(); i++) - std::cout << i->first << " = " << i->second << "\n"; - } - inputs["Msg"] = inputs["R"] = inputs["S"] = ""; - } - } - } - catch(std::exception& e) - { - std::cout << e.what() << std::endl; - return 1; - } - return 0; - } - -bool check(std::map<std::string, std::string> inputs) - { - BigInt p("0x"+inputs["P"]), - q("0x"+inputs["Q"]), - g("0x"+inputs["G"]), - y("0x"+inputs["Y"]); - - DSA_PublicKey key(DL_Group(p, q, g), y); - - Pipe pipe(new Hex_Decoder); - - pipe.process_msg(inputs["Msg"]); - pipe.start_msg(); - pipe.write(inputs["R"]); - pipe.write(inputs["S"] ); - pipe.end_msg(); - - std::auto_ptr<PK_Verifier> verify(get_pk_verifier(key, "EMSA1(SHA-1)")); - - return verify->verify_message(pipe.read_all(0), pipe.read_all(1)); - } diff --git a/botan/doc/examples/stack.cpp b/botan/doc/examples/stack.cpp deleted file mode 100644 index 1522b05..0000000 --- a/botan/doc/examples/stack.cpp +++ /dev/null @@ -1,86 +0,0 @@ -/* -An Botan example application showing how to use the pop and prepend functions -of Pipe. Based on the md5 example. It's output should always be identical to -such. - -Written by Jack Lloyd (lloyd@randombit.net), Feb 3, 2002 - -This file is in the public domain -*/ - -#include <iostream> -#include <fstream> -#include <botan/botan.h> - -int main(int argc, char* argv[]) - { - if(argc < 2) - { - std::cout << "Usage: " << argv[0] << " <filenames>" << std::endl; - return 1; - } - - Botan::LibraryInitializer init; - - // this is a pretty vacuous example, but it's useful as a test - Botan::Pipe pipe; - - // CPS == Current Pipe Status, ie what Filters are set up - - pipe.prepend(new Botan::Hash_Filter("MD5")); - // CPS: MD5 - - pipe.prepend(new Botan::Hash_Filter("RIPEMD-160")); - // CPS: RIPEMD-160 | MD5 - - pipe.prepend(new Botan::Chain( - new Botan::Hash_Filter("RIPEMD-160"), - new Botan::Hash_Filter("RIPEMD-160"))); - // CPS: (RIPEMD-160 | RIPEMD-160) | RIPEMD-160 | MD5 - - pipe.pop(); // will pop everything inside the Chain as well as Chain itself - // CPS: RIPEMD-160 | MD5 - - pipe.pop(); // will get rid of the RIPEMD-160 Hash_Filter - // CPS: MD5 - - pipe.prepend(new Botan::Hash_Filter("SHA-1")); - // CPS: SHA-1 | MD5 - - pipe.append(new Botan::Hex_Encoder); - // CPS: SHA-1 | MD5 | Hex_Encoder - - pipe.prepend(new Botan::Hash_Filter("SHA-1")); - // CPS: SHA-1 | SHA-1 | MD5 | Hex_Encoder - - pipe.pop(); // Get rid of the Hash_Filter(SHA-1) - pipe.pop(); // Get rid of the other Hash_Filter(SHA-1) - // CPS: MD5 | Hex_Encoder - // The Hex_Encoder is safe because it is at the end of the Pipe, - // and pop() pulls off the Filter that is at the start. - - pipe.prepend(new Botan::Hash_Filter("RIPEMD-160")); - // CPS: RIPEMD-160 | MD5 | Hex_Encoder - - pipe.pop(); // Get rid of that last prepended Hash_Filter(RIPEMD-160) - // CPS: MD5 | Hex_Encoder - - int skipped = 0; - for(int j = 1; argv[j] != 0; j++) - { - std::ifstream file(argv[j]); - if(!file) - { - std::cout << "ERROR: could not open " << argv[j] << std::endl; - skipped++; - continue; - } - pipe.start_msg(); - file >> pipe; - pipe.end_msg(); - file.close(); - pipe.set_default_msg(j-1-skipped); - std::cout << pipe << " " << argv[j] << std::endl; - } - return 0; - } diff --git a/botan/doc/examples/test_es.cpp b/botan/doc/examples/test_es.cpp deleted file mode 100644 index 951d51a..0000000 --- a/botan/doc/examples/test_es.cpp +++ /dev/null @@ -1,115 +0,0 @@ -#include <botan/botan.h> -#include <stdio.h> - -#if defined(BOTAN_HAS_ENTROPY_SRC_DEVICE) - #include <botan/es_dev.h> -#endif - -#if defined(BOTAN_HAS_ENTROPY_SRC_EGD) - #include <botan/es_egd.h> -#endif - -#if defined(BOTAN_HAS_ENTROPY_SRC_UNIX) - #include <botan/es_unix.h> -#endif - -#if defined(BOTAN_HAS_ENTROPY_SRC_BEOS) - #include <botan/es_beos.h> -#endif - -#if defined(BOTAN_HAS_ENTROPY_SRC_CAPI) - #include <botan/es_capi.h> -#endif - -#if defined(BOTAN_HAS_ENTROPY_SRC_WIN32) - #include <botan/es_win32.h> -#endif - -#if defined(BOTAN_HAS_ENTROPY_SRC_FTW) - #include <botan/es_ftw.h> -#endif - - -using namespace Botan; - -class Saver_Of_Bytes : public Entropy_Accumulator - { - public: - Saver_Of_Bytes(u32bit bits) : - Entropy_Accumulator(bits), outbuf(64), written(0) {} - - void add_bytes(const byte in[], u32bit length) - { - for(size_t i = 0; i != length; ++i) - outbuf[i % outbuf.size()] ^= in[i]; - - written += length; - } - - void trunc() { if(written < 64) outbuf.resize(written); } - - std::vector<byte> outbuf; - u32bit written; - }; - -void test_entropy_source(EntropySource* es) - { - // sometimes iostreams really is just a pain - - printf("Polling '%s':\n", es->name().c_str()); - - Saver_Of_Bytes accum(128); - - es->poll(accum); - - accum.trunc(); - - printf("Got %d bytes\n", accum.written); - for(size_t i = 0; i != accum.outbuf.size(); ++i) - printf("%02X", accum.outbuf[i]); - printf("\n"); - - delete es; - } - -int main() - { - Botan::LibraryInitializer init; - -#if defined(BOTAN_HAS_ENTROPY_SRC_DEVICE) - test_entropy_source( - new Device_EntropySource( - split_on("/dev/random:/dev/srandom:/dev/urandom", ':') - ) - ); -#endif - -#if defined(BOTAN_HAS_ENTROPY_SRC_EGD) - test_entropy_source( - new EGD_EntropySource(split_on("/var/run/egd-pool:/dev/egd-pool", ':')) - ); -#endif - -#if defined(BOTAN_HAS_ENTROPY_SRC_CAPI) - test_entropy_source(new Win32_CAPI_EntropySource); -#endif - -#if defined(BOTAN_HAS_ENTROPY_SRC_FTW) - test_entropy_source(new FTW_EntropySource("/proc")); -#endif - - -#if defined(BOTAN_HAS_ENTROPY_SRC_WIN32) - test_entropy_source(new Win32_EntropySource); -#endif - -#if defined(BOTAN_HAS_ENTROPY_SRC_BEOS) - test_entropy_source(new BeOS_EntropySource); -#endif - -#if defined(BOTAN_HAS_ENTROPY_SRC_UNIX) - test_entropy_source( - new Unix_EntropySource(split_on("/bin:/sbin:/usr/bin:/usr/sbin", ':')) - ); -#endif - } diff --git a/botan/doc/examples/x509info.cpp b/botan/doc/examples/x509info.cpp deleted file mode 100644 index 0e34f2f..0000000 --- a/botan/doc/examples/x509info.cpp +++ /dev/null @@ -1,154 +0,0 @@ -/* - Read an X.509 certificate, and print various things about it - - Written by Jack Lloyd, March 23 2003 - - October 31, 2003: Prints the public key - - November 1, 2003: Removed the -d flag; it can tell automatically now - - This file is in the public domain -*/ -#include <botan/botan.h> -#include <botan/x509cert.h> -#include <botan/oids.h> -using namespace Botan; - -#include <iostream> -#include <iterator> -#include <algorithm> - -std::string to_hex(const SecureVector<byte>& bin) - { - Pipe pipe(new Hex_Encoder); - pipe.process_msg(bin); - if(pipe.remaining()) - return pipe.read_all_as_string(); - else - return "(none)"; - } - -void do_print(const std::string& what, - const std::vector<std::string>& vals) - { - if(vals.size() == 0) - return; - - std::cout << " " << what << ": "; - std::copy(vals.begin(), vals.end(), - std::ostream_iterator<std::string>(std::cout, " ")); - std::cout << "\n"; - } - -void do_subject(const X509_Certificate& cert, const std::string& what) - { - do_print(what, cert.subject_info(what)); - } - -void do_issuer(const X509_Certificate& cert, const std::string& what) - { - do_print(what, cert.issuer_info(what)); - } - -int main(int argc, char* argv[]) - { - if(argc != 2) - { - std::cout << "Usage: " << argv[0] << " <x509cert>\n"; - return 1; - } - - Botan::LibraryInitializer init; - - try { - X509_Certificate cert(argv[1]); - - std::cout << "Version: " << cert.x509_version() << std::endl; - - std::cout << "Subject" << std::endl; - do_subject(cert, "Name"); - do_subject(cert, "Email"); - do_subject(cert, "Organization"); - do_subject(cert, "Organizational Unit"); - do_subject(cert, "Locality"); - do_subject(cert, "State"); - do_subject(cert, "Country"); - do_subject(cert, "IP"); - do_subject(cert, "DNS"); - do_subject(cert, "URI"); - do_subject(cert, "PKIX.XMPPAddr"); - - std::cout << "Issuer" << std::endl; - do_issuer(cert, "Name"); - do_issuer(cert, "Email"); - do_issuer(cert, "Organization"); - do_issuer(cert, "Organizational Unit"); - do_issuer(cert, "Locality"); - do_issuer(cert, "State"); - do_issuer(cert, "Country"); - do_issuer(cert, "IP"); - do_issuer(cert, "DNS"); - do_issuer(cert, "URI"); - - std::cout << "Validity" << std::endl; - - std::cout << " Not before: " << cert.start_time() << std::endl; - std::cout << " Not after: " << cert.end_time() << std::endl; - - std::cout << "Constraints" << std::endl; - Key_Constraints constraints = cert.constraints(); - if(constraints == NO_CONSTRAINTS) - std::cout << "No constraints" << std::endl; - else - { - if(constraints & DIGITAL_SIGNATURE) - std::cout << " Digital Signature\n"; - if(constraints & NON_REPUDIATION) - std::cout << " Non-Repuidation\n"; - if(constraints & KEY_ENCIPHERMENT) - std::cout << " Key Encipherment\n"; - if(constraints & DATA_ENCIPHERMENT) - std::cout << " Data Encipherment\n"; - if(constraints & KEY_AGREEMENT) - std::cout << " Key Agreement\n"; - if(constraints & KEY_CERT_SIGN) - std::cout << " Cert Sign\n"; - if(constraints & CRL_SIGN) - std::cout << " CRL Sign\n"; - } - - std::vector<std::string> policies = cert.policies(); - if(policies.size()) - { - std::cout << "Policies: " << std::endl; - for(u32bit j = 0; j != policies.size(); j++) - std::cout << " " << policies[j] << std::endl; - } - - std::vector<std::string> ex_constraints = cert.ex_constraints(); - if(ex_constraints.size()) - { - std::cout << "Extended Constraints: " << std::endl; - for(u32bit j = 0; j != ex_constraints.size(); j++) - std::cout << " " << ex_constraints[j] << std::endl; - } - - std::cout << "Signature algorithm: " << - OIDS::lookup(cert.signature_algorithm().oid) << std::endl; - - std::cout << "Serial: " - << to_hex(cert.serial_number()) << std::endl; - std::cout << "Authority keyid: " - << to_hex(cert.authority_key_id()) << std::endl; - std::cout << "Subject keyid: " - << to_hex(cert.subject_key_id()) << std::endl; - - X509_PublicKey* pubkey = cert.subject_public_key(); - std::cout << "Public Key:\n" << X509::PEM_encode(*pubkey); - delete pubkey; - } - catch(std::exception& e) - { - std::cout << e.what() << std::endl; - return 1; - } - return 0; - } diff --git a/botan/doc/examples/xor_ciph.cpp b/botan/doc/examples/xor_ciph.cpp deleted file mode 100644 index 6a914b1..0000000 --- a/botan/doc/examples/xor_ciph.cpp +++ /dev/null @@ -1,96 +0,0 @@ -/* - An implementation of the highly secure (not) XOR cipher. AKA, how to write - and use your own cipher object. DO NOT make up your own ciphers. Please. - - Written by Jack Lloyd (lloyd@randombit.net) on Feb 17, 2004 - Update November 21 2008 for new algorithm factory in 1.8 - - This file is in the public domain -*/ - -#include <botan/stream_cipher.h> -#include <botan/init.h> -using namespace Botan; - -class XOR_Cipher : public StreamCipher - { - public: - void clear() throw() { mask.destroy(); mask_pos = 0; } - - // what we want to call this cipher - std::string name() const { return "XOR"; } - - // return a new object of this type - StreamCipher* clone() const { return new XOR_Cipher; } - - XOR_Cipher() : StreamCipher(1, 32) { mask_pos = 0; } - private: - void cipher(const byte[], byte[], u32bit); - void key_schedule(const byte[], u32bit); - - SecureVector<byte> mask; - u32bit mask_pos; - }; - -void XOR_Cipher::cipher(const byte in[], byte out[], u32bit length) - { - for(u32bit j = 0; j != length; j++) - { - out[j] = in[j] ^ mask[mask_pos]; - mask_pos = (mask_pos + 1) % mask.size(); - } - } - -void XOR_Cipher::key_schedule(const byte key[], u32bit length) - { - mask.set(key, length); - } - -#include <fstream> -#include <iostream> -#include <string> -#include <vector> -#include <cstring> - -#include <botan/lookup.h> -#include <botan/filters.h> -#include <botan/libstate.h> - -int main() - { - - Botan::LibraryInitializer init; - - global_state().algorithm_factory().add_stream_cipher(new XOR_Cipher, "app"); - - // a hex key value - SymmetricKey key("010203040506070809101112AAFF"); - - /* - Since stream ciphers are typically additive, the encryption and - decryption ops are the same, so this isn't terribly interesting. - - If this where a block cipher you would have to add a cipher mode and - padding method, such as "/CBC/PKCS7". - */ - Pipe enc(get_cipher("XOR", key, ENCRYPTION), new Hex_Encoder); - Pipe dec(new Hex_Decoder, get_cipher("XOR", key, DECRYPTION)); - - // I think the pigeons are actually asleep at midnight... - std::string secret = "The pigeon flys at midnight."; - - std::cout << "The secret message is '" << secret << "'" << std::endl; - - enc.process_msg(secret); - std::string cipher = enc.read_all_as_string(); - - std::cout << "The encrypted secret message is " << cipher << std::endl; - - dec.process_msg(cipher); - secret = dec.read_all_as_string(); - - std::cout << "The decrypted secret message is '" - << secret << "'" << std::endl; - - return 0; - } diff --git a/botan/doc/fips140.tex b/botan/doc/fips140.tex deleted file mode 100644 index 8b20045..0000000 --- a/botan/doc/fips140.tex +++ /dev/null @@ -1,156 +0,0 @@ -\documentclass{article} - -\setlength{\textwidth}{6.5in} -\setlength{\textheight}{9in} - -\setlength{\headheight}{0in} -\setlength{\topmargin}{0in} -\setlength{\headsep}{0in} - -\setlength{\oddsidemargin}{0in} -\setlength{\evensidemargin}{0in} - -\title{\textbf{Botan FIPS 140-2 Security Policy}} -\author{Jack Lloyd \\ - \texttt{lloyd@randombit.net}} -\date{} - -\newcommand{\filename}[1]{\texttt{#1}} -\newcommand{\module}[1]{\texttt{#1}} - -\newcommand{\type}[1]{\texttt{#1}} -\newcommand{\function}[1]{\textbf{#1}} -\newcommand{\macro}[1]{\texttt{#1}} - -\begin{document} - -\maketitle - -\tableofcontents - -\parskip=5pt -%\baselineskip=15pt - -\pagebreak - -\section{Introduction} - -\emph{Note that this is a draft, and almost certainly does not comply with what -FIPS 140-2 wants (also it's incomplete). In any case, there is no way for me to -afford paying the validation lab, so this is all theoretical.} - -\emph{I would welcome comments from people who are familiar with the FIPS 140 -process. I am currently basing this off a few dozen other security policies and -the FIPS itself.} - -\subsection{Purpose} - -This document is a security policy for the Botan C++ crypto library for use in -a FIPS 140-2 Level 1 validation process. It describes how to configure and use -the library to comply with the requirements of FIPS 140-2. - -This document is non-proprietary, and may be freely reproduced and distributed -in unmodified form. - -\subsection{Product Description} - -The Botan C++ crypto library (hereafter ``Botan'' or ``the library'') is an -open source C++ class library providing a general-purpose interface to a wide -variety of cryptographic algorithms and formats (such as X.509v3 and PKCS -\#10). It runs on most Win32 and POSIX-like systems, including Windows -NT/2000/XP, MacOS X, Linux, Solaris, FreeBSD, and QNX. However, only versions -running on \emph{(goal:)} Windows XP, Linux, and Solaris have been validated by -FIPS 140-2 at this time. - -\subsection{Algorithms} - -The library contains the following FIPS Approved algorithms: RSA, DSA, DES, -TripleDES, Skipjack, AES, SHA-1, HMAC, the X9.19 DES MAC, and the FIPS 186-2 -SHA-1 RNG. Other (non-Approved) algorithms, such as MD5 and Diffie-Hellman, are -also included. - -\section{Initialization} - -Certain tests are only performed if the flag ``fips140'' is passed as part of -the initialization process to the library (the argument to -\type{LibraryInitializer} or \function{Init::initialize}). Known answer tests -and key generation self-checks for RSA and DSA are always performed, regardless -of this setting. This flag must be passed by any application which desires -using the FIPS 140 mode of operation. - -\section{Roles and Services} - -Botan supports two roles, the User and the Crypto Officer. Authentication is -not performed by the module; all authentication is implicitly done by the -operating system. - -\subsection{User Role} - -The user has the ability to access the services of the module. This role is -implicitly selected whenever the module's services are accessed. - -\subsection{Crypto Officer Role} - -The crypto officer has all of the powers of the user, and in addition has the -power to install and uninstall the module and to configure the operating -system. This role is implicitly selected whenever these actions are performed. - -\section{Key Management} - -\subsection{Key Import/Export} - -Symmetric keys can be imported and exported in either unencrypted, encrypted, -or split-knowledge forms, as the application desires. Private keys for -asymmetric algorithms can be imported and exported as either encrypted or -unencrypted PKCS \#8 structures. The library natively supports PKCS \#5 -encryption with TripleDES for encrypting private keys. - -\subsection{Key Storage} - -In no case does the library itself import or export keys from/to an external -storage device; all such operations are done explicitly by the application. It -is the responsibly of the operator to ensure than any such operations comply -with the requirements of FIPS 140-2 Level 1. - -\subsection{Key Generation} - -Keys for symmetric algorithms (such as DES, AES, and HMAC) are generated by an -Approved RNG, by generating a random byte string of the appropriate size, and -using it as a key. - -DSA keys are generated as specified in FIPS 186-2 (or not?). RSA keys are -generated as specified in ANSI X9.31 (\emph{I think...}). Diffie-Hellman keys -are generated in a manner compatible with ANSI X9.42. All newly created DSA and -RSA keys are checked with a pairwise consistency test before being returned to -the caller. A pairwise consistency check can be performed on any RSA, DSA, or -Diffie-Hellman key by calling the \function{check\_key} member function with -an argument of \type{true}. - -\subsection{Key Establishment} - -Botan supports using RSA or Diffie-Hellman to establish keys. RSA can be used -with PKCS \#1 v1.5 or OAEP padding. None of these methods are FIPS Approved, -but Annex D of FIPS 140-2 allows for their use until such time as a FIPS -Approved asymmetric key establishment method is established. - -\subsection{Key Protection / Zeroization} - -Keys are protected against external access by the operating system's memory and -process protection mechanisms. If the library is used by multiple processes at -once, the OS virtual memory mechanisms ensure that each version will have it's -own data space (and thus, keys are not shared among multiple processes). - -All keys and other sensitive materials are zeroed in memory before being -released to the system. - -On Windows systems the \function{VirtualLock} system call is used to notify the -operating system that the memory containing potentially sensitive keying -material is not swapped to disk, preventing an attacker from applying disk -forenistics techniques to recovery data. - -On Unix systems, Botan allocates memory from file-backed memory mappings, which -are thoroughly erased when the memory is freed. - -\section{References} - -\end{document} diff --git a/botan/doc/indent.el b/botan/doc/indent.el deleted file mode 100644 index 9811bf8..0000000 --- a/botan/doc/indent.el +++ /dev/null @@ -1,57 +0,0 @@ -; This Emacs Lips code defines the indentation style used in Botan. If doesn't -; get everything perfectly correct, but it's pretty close. Copy this code into -; your .emacs file, or use M-x eval-buffer. Make sure to also set -; indent-tabs-mode to nil so spaces are inserted instead. - -; This style is basically Whitesmiths style with 3 space indents (the Emacs -; "whitesmith" style seems more like a weird Whitesmiths/Allman mutant style). - -; To activate using this style, open the file you want to edit and run this: -; M-x c-set-style <RET> and then enter "botan". Alternately, put something -; like this in your .emacs file to make it the default style: - -; (add-hook 'c++-mode-common-hook -; (function (lambda() -; (c-add-style "botan" botan t)))) - -(setq botan '( - (c-basic-offset . 3) - (c-comment-only-line-offset . 0) - (c-offsets-alist - (c . 0) - (comment-intro . 0) - - (statement-block-intro . 0) - (statement-cont . +) - - (substatement . +) - (substatement-open . +) - - (block-open . +) - (block-close . 0) - - (defun-open . +) - (defun-close . 0) - (defun-block-intro . 0) - (func-decl-cont . +) - - (class-open . +) - (class-close . +) - (inclass . +) - (access-label . -) - (inline-open . +) - (inline-close . 0) - - (extern-lang-open . 0) - (extern-lang-close . 0) - (inextern-lang . 0) - - (statement-case-open +) - - (namespace-open . 0) - (namespace-close . 0) - (innamespace . 0) - - (label . 0) - ) -)) diff --git a/botan/doc/insito_manual.pdf b/botan/doc/insito_manual.pdf Binary files differdeleted file mode 100644 index b071469..0000000 --- a/botan/doc/insito_manual.pdf +++ /dev/null diff --git a/botan/doc/internals.tex b/botan/doc/internals.tex deleted file mode 100644 index 5b1650f..0000000 --- a/botan/doc/internals.tex +++ /dev/null @@ -1,179 +0,0 @@ -\documentclass{article} - -\setlength{\textwidth}{6.75in} % 1 inch side margins -\setlength{\textheight}{9in} % ~1 inch top and bottom margins - -\setlength{\headheight}{0in} -\setlength{\topmargin}{0in} -\setlength{\headsep}{0in} - -\setlength{\oddsidemargin}{0in} -\setlength{\evensidemargin}{0in} - -\title{Botan Internals} -\author{Jack Lloyd (lloyd@randombit.net)} -\date{August 20, 2006} - -\newcommand{\filename}[1]{\texttt{#1}} -\newcommand{\manpage}[2]{\texttt{#1}(#2)} - -\newcommand{\function}[1]{\textbf{#1}} -\newcommand{\type}[1]{\texttt{#1}} -\renewcommand{\arg}[1]{\textsl{#1}} - -\begin{document} - -\maketitle - -\tableofcontents - -\parskip=5pt - -\section{Introduction} - -This document is intended to document some of the trickier and/or more -complicated parts of Botan. This is not going to be terribly useful if -you just want to use the library, but for people wishing to understand -how it works, or contribute new code to it, it will hopefully prove -helpful. - -I've realized that a lot of things Botan does internally are pretty -hard to understand, and that a lot of things are only inside my head, -which is a bad place for them to be (things tend to get lost in there, -not to mention the possibility that I'll get hit by a truck next -week). - -This document is currently very incomplete. I'll be working on it as I -have time. - -\pagebreak - -\section{Filter} - -\type{Filter} is one of the core abstractions of the library. It is -used to represent any sort of transformation. Nearly all -\type{Filter}s are linear; they take input from a single source and -send their output (if any) to another single \type{Filter}. The one -exception is \type{Fanout\_Filter}, which uses friend access to -\type{Filter} in order to allow for multiple \type{Filter}s to attach -to its output. This special access is used by the Chain and Fork -filters; Chain encapsulates one or more \type{Filter}s into a single -Filter, and Fork sends its input to a set of several \type{Filter} -objects. - -The majority of the relations between filters is maintained by the -\type{Pipe} object which ``owns'' the \type{Filter}s. - -\section{Pipe} - -\type{Pipe} is, conceptually, a tree structure of \type{Filter} -objects. There is a single unique top, and an arbitrary number of -leaves (which are \type{SecureQueue} objects). \type{SecureQueue} is a -simple \type{Filter} that buffers its input. - -Writing into the pipe writes into the top of the tree. The filter at -the top of the tree writes its output into the next \type{Filter}, and -so on until eventually data trickles down into the bottommost -\type{Filter}s, where the data is stored for later retrieval. - -When a new message is started, \type{Pipe} searches through the tree -of \type{Filter}s and finds places where the \arg{next} field of the -\type{Filter} is NULL. This implies that it was the lowest layer of -the \type{Filter} tree that the user added. It then adds -\type{SecureQueue} objects onto these \type{Filter}s. These queues are -also stored in an deque; this is so \type{Pipe} can read from them -later without doing a tree traversal each time. - -\type{Pipe} will, if asked, destroy the existing tree structure, in -order to create a new one. However, the queue objects are not deleted, -because \type{Pipe} might be asked to read from them later (while -\type{Pipe} could delete all the messages in this case, the principle -of least astonishment suggested keeping them). - -What I wrote about \type{Pipe} keeing the queues in a deque is a -lie. Sort of. It keeps them in an object called -\type{Output\_Buffers}, which keeps them in a -deque. \type{Output\_Buffers} is intended to abstract away how message -queues are stored from \type{Pipe}. After a queue has been added to -the output buffers object, \type{Pipe} keeps no references to it -whatsoever; all access is mediated by the \type{Output\_Buffers}. -This allows queues which have been read to be deleted, rather than -leaving empty queue objects all over the place. - -\section{Library Initialization} - -WRITEME - -\section{Lookup Mechanism} - -Most objects know their name, and they know how to create a new copy -of themselves. We build mapping tables that map from an algorithm name -into a single instance of that algorithm. The tables themselves can be -found in \filename{src/lookup.cpp}. - -There are a set of functions named \function{add\_algorithm} that can -be used to populate the tables. We get something out of the table with -\function{retrieve\_x}, where x is the name of a type -(\texttt{block\_cipher}, \texttt{hash}, etc). This returns a const -pointer to the single unique instance of the algorithm that the lookup -tables know about. If it doesn't know about it, it falls back on -calling a function called \function{try\_to\_get\_x}. These functions -live in \filename{src/algolist.cpp}. They are mostly used to handle -algorithms which need (or at least can have) arguments passed to them, -like \type{HMAC} and \type{SAFER\_SK}. It will return NULL if it can't -find the algorithm at all. - -When it's asked for an algorithm it doesn't know about (ie, isn't in -the mapping tables), the retrieval functions will ask the try-to-get -functions if \emph{they} know about it. If they do, then the object -returned will be stored into the table for later retrieval. - -The functions \function{get\_x} call the retrieval functions. If we -get back NULL, an exception is thrown. Otherwise it will call the -\function{clone} method to get a new copy of the algorithm, which it -returns. - -The various functions like \function{output\_length\_of} call the -retrieval function for each type of object that the parameter in -question (in this case, \texttt{OUTPUT\_LENGTH}) might be meaningful -for. If it manages to get back an object, it will return (in this -case) the \texttt{OUTPUT\_LENGTH} field of the object. No allocations -are required to call this function: all of its operations work -directly on the copies living in the lookup tables. - -\section{Allocators} - -A big (slow) mess. - -\section{BigInt} - -Read ``Handbook of Applied Cryptography''. - -\section{PEM/BER Identification} - -We have a specific algorithm for figuring out if something is PEM or -BER. Previous versions (everything before 1.3.0) requried that the -caller specify which one it was, and they had to be right. Now we use -a hueristic (aka, an algorithm that sometimes doesn't work right) to -figure it out. If the first character is not 0x30 (equal to ASCII -'0'), then it can't possibly be BER (because everything we care about -is enclosed in an ASN.1 SEQUENCE, which for BER/DER is encoded as -beginning with 0x30). Roughly 99.9% of PEM blocks \emph{won't} have a -random 0 character in front of them, so we are mostly safe (unless -someone does it on purpose, in which case, please hit them for me). -But to be sure, if there is a 0, then we search the first \emph{N} -bytes of the block for the string ``-----BEGIN ``, which marks the -typical start of a PEM block. The specific \emph{N} depends on the -variable ``base/pem\_search'', which defaults to 4 kilobytes. - -So, you can actually fool it either way: that a PEM file is really -BER, or that a BER file is actually PEM. To fool it that a BER file is -PEM, just have the string ``-----BEGIN `` somewhere (I can't imagine -this string shows up in certificates or CRLs too often, so if it is -there it means somebody is being a jerk). If a file starts with 0 and -has at least ``base/pem\_search'' byte more junk in the way, it won't -notice that its PEM at all. In either case, of course, the loading -will fail, and you'll get a nice exception saying that the decoding -failed. - -\end{document} diff --git a/botan/doc/license.txt b/botan/doc/license.txt deleted file mode 100644 index 9d1067c..0000000 --- a/botan/doc/license.txt +++ /dev/null @@ -1,40 +0,0 @@ -Botan (http://botan.randombit.net/) is distributed under these terms: - -Copyright (C) 1999-2009 Jack Lloyd - 2001 Peter J Jones - 2004-2007 Justin Karneges - 2005 Matthew Gregan - 2005-2006 Matt Johnston - 2006 Luca Piccarreta - 2007 Yves Jerschow - 2007-2008 FlexSecure GmbH - 2007-2008 Technische Universitat Darmstadt - 2007-2008 Falko Strenzke - 2007-2008 Martin Doering - 2007 Manuel Hartl - 2007 Christoph Ludwig - 2007 Patrick Sona -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - -1. Redistributions of source code must retain the above copyright -notice, this list of conditions, and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright -notice, this list of conditions, and the following disclaimer in the -documentation and/or other materials provided with the distribution. - -THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) "AS IS" AND ANY EXPRESS OR -IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, -ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE -LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE -OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN -IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/botan/doc/log.txt b/botan/doc/log.txt deleted file mode 100644 index 97476c3..0000000 --- a/botan/doc/log.txt +++ /dev/null @@ -1,1323 +0,0 @@ - -* 1.8.8, 2009-11-03 - - Alter Skein-512 to match the tweaked 1.2 specification - - Fix use of inline asm for access to x86 bswap function - - Allow building the library without AES enabled - - Add 'powerpc64' alias to ppc64 arch for Gentoo ebuild - -* 1.8.7, 2009-09-09 - - Fix processing multiple messages in XTS mode - - Add --no-autoload option to configure.py, for minimized builds - -* 1.8.6, 2009-08-13 - - Add Cryptobox, a set of simple password-based encryption routines - - Only read world-readable files when walking /proc for entropy - - Fix building with TR1 disabled - - Fix x86 bswap support for Visual C++ - - Fixes for compilation under Sun C++ - - Add support for Dragonfly BSD (contributed by Patrick Georgi) - - Add support for the Open64 C++ compiler - - Build fixes for MIPS systems running Linux - - Minor changes to license, now equivalent to the FreeBSD/NetBSD license - -* 1.8.5, 2009-07-23 - - Change configure.py to work on stock Python 2.4 - - Avoid a crash in Skein_512::add_data processing a zero-length input - - Small build fixes for SPARC, ARM, and HP-PA processors - - The test suite now returns an error code from main() if any tests failed - -* 1.8.4, 2009-07-12 - - Fix a bug in nonce generation in the Miller-Rabin test - -* 1.8.3, 2009-07-11 - - Add a new Python configuration script - - Add the Skein-512 SHA-3 candidate hash function - - Add the XTS block cipher mode from IEEE P1619 - - Fix random_prime when generating a prime of less than 7 bits - - Improve handling of low-entropy situations during PRNG seeding - - Change random device polling to prefer /dev/urandom over /dev/random - - Use an input insensitive implementation of same_mem instead of memcmp - - Correct DataSource::discard_next to return the number of discarded bytes - - Provide a default value for AutoSeeded_RNG::reseed - - Fix Gentoo bug 272242 - -* 1.8.2, 2009-04-07 - - Make entropy polling more flexible and in most cases faster - - GOST 28147 now supports multiple sbox parameters - - Added the GOST 34.11 hash function - - Fix botan-config problems on MacOS X - -* 1.8.1, 2009-01-20 - - Avoid a valgrind warning in es_unix.cpp on 32-bit Linux - - Fix memory leak in PKCS8 load_key and encrypt_key - - Relicense api.tex from CC-By-SA 2.5 to BSD - - Fix botan-config on MacOS X, Solaris - -* 1.8.0, 2008-12-08 - - Fix compilation on Solaris with GCC - -* 1.7.24, 2008-12-01 - - Fix a compatibility problem with SHA-512/EMSA3 signature padding - - Fix bug preventing EGD/PRNGD entropy poller from working - - Fix integer overflow in Pooling_Allocator::get_more_core (bug id #27) - - Add EMSA3_Raw, a variant of EMSA3 called CKM_RSA_PKCS in PKCS #11 - - Add support for SHA-224 in EMSA2 and EMSA3 PK signature padding schemes - - Add many more test vectors for RSA with EMSA2, EMSA3, and EMSA4 - - Wrap private structs in SSE2 SHA-1 code in anonymous namespace - - Change configure.pl's CPU autodetection output to be more consistent - - Disable using OpenSSL's AES due to crashes of unknown cause - - Fix warning in /proc walking entropy poller - - Fix compilation with IBM XLC for Cell 0.9-200709 - -* 1.7.23, 2008-11-23 - - Change to use TR1 (thus enabling ECDSA) with GCC and ICC - - Optimize almost all hash functions, especially MD4 and Tiger - - Add configure.pl options --{with,without}-{bzip2,zlib,openssl,gnump} - - Change Timer to be pure virtual, and add ANSI_Clock_Timer - - Cache socket descriptors in the EGD entropy source - - Avoid bogging down startup in /proc walking entropy source - - Remove Buffered_EntropySource helper class - - Add a Default_Benchmark_Timer typedef in benchmark.h - - Add examples using benchmark.h and Algorithm_Factory - - Add ECC tests from InSiTo - - Minor documentation updates - -* 1.7.22, 2008-11-17 - - Add provider preferences to Algorithm_Factory - - Fix memory leaks in PBE_PKCS5v20 and get_pbe introduced in 1.7.21 - - Optimize AES encryption and decryption (about 10% faster) - - Enable SSE2 optimized SHA-1 implementation on Intel Prescott CPUs - - Fix nanoseconds overflow in benchmark code - - Remove Engine::add_engine - -* 1.7.21, 2008-11-11 - - Make algorithm lookup much more configuable - - Add facilities for runtime performance testing of algorithms - - Drop use of entropy estimation in the PRNGs - - Increase intervals between HMAC_RNG automatic reseeding - - Drop InitializerOptions class, all options but thread safety - -* 1.7.20, 2008-11-09 - - Namespace pkg-config file by major and minor versions - - Cache device descriptors in Device_EntropySource - - Split base.h into {block_cipher,stream_cipher,mac,hash}.h - - Removed get_mgf function from lookup.h - -* 1.7.19, 2008-11-06 - - Add HMAC_RNG, based on a design by Hugo Krawczyk - - Optimized the Turing stream cipher (about 20% faster on x86-64) - - Modify Randpool's reseeding algorithm to poll more sources - - Add a new AutoSeeded_RNG in auto_rng.h - - OpenPGP_S2K changed to take hash object instead of name - - Add automatic identification for Intel's Prescott processors - -* 1.7.18, 2008-10-22 - - Add Doxygen comments from InSiTo - - Add ECDSA and ECKAEG benchmarks - - Add configure.pl switch --with-tr1-implementation - - Fix configure.pl's --with-endian and --with-unaligned-mem options - - Added support for pkg-config - - Optimize byteswap with x86 inline asm for Visual C++ by Yves Jerschow - - Use const references to avoid copying overhead in CurveGFp, GFpModulus - -* 1.7.17, 2008-10-12 - - Add missing ECDSA object identifiers - - Fix error in x86 and x86-64 assembler affecting GF(p) math - - Remove Boost dependency from GF(p) math - - Modify botan-config to not print -L/usr/lib or -L/usr/local/lib - - Add BOTAN_DLL macro to over 30 classes missing it - - Rename the two SHA-2 base classes for consistency - -* 1.7.16, 2008-10-09 - - Add several missing pieces needed for ECDSA and ECKAEG - - Add Card Verifiable Certificates from InSiTo - - Add SHA-224 from InSiTo - - Add BSI variant of EMSA1 from InSiTo - - Add GF(p) and ECDSA tests from InSiTo - - Split ECDSA and ECKAEG into distinct modules - - Allow OpenSSL and GNU MP engines to be built with public key algos disabled - - Rename sha256.h to sha2_32.h and sha_64.h to sha2_64.h - -* 1.7.15, 2008-10-07 - - Add GF(p) arithmetic from InSiTo - - Add ECDSA and ECKAEG implementations from InSiTo - - Minimize internal dependencies, allowing for smaller build configurations - - Add new User Manual and Architecture Guide from FlexSecure GmbH - - Alter configure.pl options for better autotools compatibility - - Update build instructions for recent changes to configure.pl - - Fix CPU detection using /proc/cpuinfo - -* 1.7.14, 2008-09-30 - - Split library into parts allowing modular builds - - Add (very preliminary) CMS support to the main library - - Some constructors now require object pointers instead of names - - Support multiple implementations of the same algorithm - - Build support for Pentium-M processors, from Derek Scherger - - Build support for MinGW/MSYS, from Zbigniew Zagorski - - Use inline assembly for bswap on 32-bit x86 - -* 1.7.13, 2008-09-27 - - Add SSLv3 MAC, SSLv3 PRF, and TLS v1.0 PRF from Ajisai - - Allow all examples to compile even if compression not enabled - - Make CMAC's polynomial doubling operation a public class method - - Use the -m64 flag when compiling with Sun Forte on x86-64 - - Clean up and slightly optimize CMAC::final_result - -* 1.7.12, 2008-09-18 - - Add x86 assembly for Visual Studio C++, by Luca Piccarreta - - Add a Perl XS module, by Vaclav Ovsik - - Add SWIG-based wrapper for Botan - - Add SSE2 implementation of SHA-1, by Dean Gaudet - - Remove the BigInt::sig_words cache due to bugs - - Combined the 4 Blowfish sboxes, suggested by Yves Jerschow - - Changed BigInt::grow_by and BigInt::grow_to to be non-const - - Add private assignment operators to classes that don't support assignment - - Benchmark RSA encryption and signatures - - Added test programs for random_prime and ressol - - Add high resolution timers for IA-64, HP-PA, S390x - - Reduce use of the RNG during benchmarks - - Fix builds on STI Cell PPU - - Add support for IBM's XLC compiler - - Add IETF 8192 bit MODP group - -* 1.7.11, 2008-09-11 - - Added the Salsa20 stream cipher - - Optimized Montgomery reduction, Karatsuba squaring - - Added 16x16->32 word Comba multiplication and squaring - - Use a much larger Karatsuba cutoff point - - Remove bigint_mul_add_words - - Inlined several BigInt functions - - Add useful information to the generated build.h - - Rename alg_{ia32,amd64} modules to asm_{ia32,amd64} - - Fix the Windows build - -* 1.7.10, 2008-09-05 - - Public key benchmarks run using a selection of random keys - - New benchmark timer options are clock_gettime, gettimeofday, times, clock - - Including reinterpret_cast optimization for xor_buf in default header - - Split byte swapping and word rotation functions into distinct headers - - Add IETF modp 6144 group and 2048 and 3072 bit DSS groups - - Optimizes BigInt right shift - - Add aliases in DL_Group::Format enum - - BigInt now caches the significant word count - -* 1.7.9, 2008-08-27 - - Make clear() in most algorithm base classes a pure virtual - - Add noexec stack marker for GNU linker in assembly code - - Avoid string operations in ressol - - Compilation fixes for MinGW and Visual Studio C++ 2008 - - Some autoconfiguration fixes for Windows - -* 1.6.5, 2008-08-27 - - Add noexec stack marker for GNU linker in assembly code - - Fix autoconfiguration problem on x86 with GCC 4.2 and 4.3 - -* 1.7.8, 2008-07-15 - - Added the block cipher Noekeon - - Remove global deref_alias function - - X509_Store takes timeout options as constructor arguments - - Add Shanks-Tonelli algorithm, contributed by FlexSecure GmbH - - Extend random_prime() for generating primes of any bit length - - Remove Config class - - Allow adding new entropy via base RNG interface - - Reseeding a X9.31 PRNG also reseeds the underlying PRNG - -* 1.7.7, 2008-06-28 - - Remove the global PRNG object - - The PK filter objects were removed - - Add a test suite for the ANSI X9.31 PRNG - - Much cleaner and (mostly) thread-safe reimplementation of es_ftw - - Remove both default arguments to ANSI_X931_RNG's constructor - - Remove the randomizing version of OctetString::change - - Make the cipher and MAC to use in Randpool configurable - - Move RandomNumberGenerator declaration to rng.h - - RSA_PrivateKey will not generate keys smaller than 1024 bits - - Fix an error decoding BER UNIVERSAL types with special taggings - -* 1.7.6, 2008-05-05 - - Initial support for Windows DLLs, from Joel Low - - Reset the position pointer when a new block is generated in X9.32 PRNG - - Timer objects are now treated as entropy sources - - Moved several ASN.1-related enums from enums.h to an appropriate header - - Removed the AEP module, due to inability to test - - Removed Global_RNG and rng.h - - Removed system_clock - - Removed Library_State::UI and the pulse callback logic - -* 1.7.5, 2008-04-12 - - The API of X509_CA::sign_request was altered to avoid race conditions - - New type Pipe::message_id to represent the Pipe message number - - Remove the Named_Mutex_Holder for a small performance gain - - Removed several unused or rarely used functions from Config - - Ignore spaces inside of a decimal string in BigInt::decode - - Allow using a std::istream to initialize a DataSource_Stream object - - Fix compilation problem in zlib compression module - - The chunk sized used by Pooling_Allocator is now a compile time setting - - The size of random blinding factors is now a compile time setting - - The install target no longer tries to set a particular owner/group - -* 1.7.4, 2008-03-10 - - Use unaligned memory read/writes on systems that allow it, for performance - - Assembly for x86-64 for accessing the bswap instruction - - Use larger buffers in ARC4 and WiderWAKE for significant throughput increase - - Unroll loops in SHA-160 for a few percent increase in performance - - Fix compilation with GCC 3.2 in es_ftw and es_unix - - Build fix for NetBSD systems - - Prevent es_dev from being built except on Unix systems - -* 1.6.4, 2008-03-08 - - Fix a compilation problem with Visual Studio C++ 2003 - -* 1.7.3, 2008-01-23 - - New invocation syntax for configure.pl with several new options - - Support for IPv4 addresses in a subject alternative name - - New fast poll for the generic Unix entropy source (es_unix) - - The es_file entropy source has been replaced by the es_dev module - - The malloc allocator does not inherit from Pooling_Allocator anymore - - The path that es_unix will search in are now fully user-configurable - - Truncate X9.42 PRF output rather than allow counter overflow - - PowerPC is now assumed to be big-endian - -* 1.7.2, 2007-10-13 - - Initialize the global library state lazily - - Add plain CBC-MAC for backwards compatibility with old systems - - Clean up some of the self test code - - Throw a sensible exception if a DL_Group is not found - - Truncate KDF2 output rather than allowing counter overflow - - Add newly assigned OIDs for SHA-2 and DSA with SHA-224/256 - - Fix a Visual Studio compilation problem in x509stat.cpp - -* 1.6.3, 2007-07-23 - - Fix a race condition in the algorithm lookup cache - - Fix problems building the memory pool on some versions of Visual C++ - -* 1.7.1, 2007-07-23 - - Fix a race condition in the algorithm object cache - - HMAC key schedule optimization - - The build header sets a macro defining endianness, if known - - New word load/store abstraction allowing further optimization - - Modify most of the library to avoid use the C-style casts - - Use higher resolution timers in symmetric benchmarks - -* 1.7.0, 2007-05-19 - - DSA parameter generation now follows FIPS 186-3 - - Added OIDs for Rabin-Williams and Nyberg-Rueppel - - Somewhat better support for out of tree builds - - Minor optimizations for RC2 and Tiger - - Documentation updates - - Update the todo list - -* 1.6.2, 2007-03-24 - - Fix autodection on Athlon64s running Linux - - Fix builds on QNX and compilers using STLport - - Remove a call to abort() that crept into production - -* 1.6.1, 2007-01-20 - - Fix some base64 decoder bugs - - Add a new option to base64 encoding, to always append a newline - - Fix some build problems under Visual Studio with debug enabled - - Fix a bug in BER_Decoder that was triggered under some compilers - -* 1.6.0, 2006-12-17 - - Minor cleanups versus 1.5.13 - -* 1.5.13, 2006-12-10 - - Compilation fixes for the bzip2, zlib, and GNU MP modules - - Better support for Intel C++ and EKOpath C++ on x86-64 - -* 1.5.12, 2006-10-27 - - Cleanups in the initialization routines - - Add some x86-64 assembly for multiply-add - - Fix problems generating very small (below 384 bit) RSA keys - - Support out of tree builds - - Bring some of the documentation up to date - - More improvements to the Python bindings - -* 1.5.11, 2006-09-10 - - Removed the Algorithm base class - - Various cleanups in the public key inheritance hierarchy - - Major overhaul of the configure/build setup - - Added x86 assembler implementations of Serpent and low-level MPI code - - Optimizations for the SHA-1 x86 assembler - - Various improvements to the Python wrappers - - Work around a Visual Studio compiler bug - -* 1.5.10, 2006-08-13 - - Add x86 assembler versions of MD4, MD5, and SHA-1 - - Expand InitializerOptions' language to support on/off switches - - Fix definition of OID 2.5.4.8; was accidentally changed in 1.5.9 - - Fix possible resource leaks in the mmap allocator - - Slightly optimized buffering in MDx_HashFunction - - Initialization failures are dealt with somewhat better - - Add an example implementing Pollard's Rho algorithm - - Better option handling in the test/benchmark tool - - Expand the xor_ciph example to support longer keys - - Some updates to the documentation - -* 1.5.9, 2006-07-12 - - Fixed bitrot in the AEP engine - - Fix support for marking certificate/CRL extensions as critical - - Significant cleanups in the library state / initialization code - - LibraryInitializer takes an explicit InitializerOptions object - - Make Mutex_Factory an abstract class, add Default_Mutex_Factory - - Change configuration access to using global_state() - - Add support for global named mutexes throughout the library - - Add some STL wrappers for the delete operator - - Change how certificates are created to be more flexible and general - -* 1.5.8, 2006-06-23 - - Many internal cleanups to the X.509 cert/CRL code - - Allow for application code to support new X.509 extensions - - Change the return type of X509_Certificate::{subject,issuer}_info - - Allow for alternate character set handling mechanisms - - Fix a bug that was slowing squaring performance somewhat - - Fix a very hard to hit overflow bug in the C version of word3_muladd - - Minor cleanups to the assembler modules - - Disable es_unix module on FreeBSD due to build problem on FreeBSD 6.1 - - Support for GCC 2.95.x has been dropped in this release - -* 1.5.7, 2006-05-28 - - Further, major changes to the BER/DER coding system - - Updated the Qt mutex module to use Mutex_Factory - - Moved the library global state object into an anonymous namespace - - Drop the Visual C++ x86 assembly module due to bugs - -* 1.5.6, 2006-03-01 - - The low-level DER/BER coding system was redesigned and rewritten - - Portions of the certificate code were cleaned up internally - - Use macros to substantially clean up the GCC assembly code - - Added 32-bit x86 assembly for Visual C++ (by Luca Piccarreta) - - Avoid a couple of spurious warnings under Visual C++ - - Some slight cleanups in X509_PublicKey::key_id - -* 1.5.5, 2006-02-04 - - Fixed a potential infinite loop in the memory pool code (Matt Johnston) - - Made Pooling_Allocator::Memory_Block an actual class of sorts - - Some small optimizations to the division and modulo computations - - Cleaned up the implementation of some of the BigInt operators - - Reduced use of dynamic memory allocation in low-level BigInt functions - - A few simplifications in the Randpool mixing function - - Removed power(), as it was not particularly useful (or fast) - - Fixed some annoying bugs in the benchmark code - - Added a real credits file - -* 1.5.4, 2006-01-29 - - Integrated x86 and amd64 assembly code, contributed by Luca Piccarreta - - Fixed a memory access off-by-one in the Karatsuba code - - Changed Pooling_Allocator's free list search to a log(N) algorithm - - Merged ModularReducer with its only subclass, Barrett_Reducer - - Fixed sign-handling bugs in some of the division and modulo code - - Renamed the module description files to modinfo.txt - - Further cleanups in the initialization code - - Removed BigInt::add and BigInt::sub - - Merged all the division-related functions into just divide() - - Modified the <mp_asmi.h> functions to allow for better optimizations - - Made the number of bits polled from an EntropySource user configurable - - Avoid including <algorithm> in <botan/secmem.h> - - Fixed some build problems with Sun Forte - - Removed some dead code from bigint_modop - - Fix the definition of same_mem - -* 1.5.3, 2006-01-24 - - Many optimizations in the low-level multiple precision integer code - - Added hooks for assembly implementations of the MPI code - - Support for the X.509 issuer alternative name extension in new certs - - Fixed a bug in the decompression modules; found and patched by Matt Johnston - - New Windows mutex module (mux_win32), by Luca Piccarreta - - Changed the Windows timer module to use QueryPerformanceCounter - - mem_pool.cpp was using std::set iterators instead of std::multiset ones - - Fixed a bug in X509_CA preventing users from disabling particular extensions - - Fixed the mp_asm64 module, which was entirely broken in 1.5.2 - - Fixed some module build problems on FreeBSD and Tru64 - -* 1.4.12, 2006-01-15 - - Fixed an off-by-one memory read in MISTY1::key() - - Fixed a nasty memory leak in Output_Buffers::retire() - - Changed maximum HMAC keylength to 1024 bits - - Fixed a build problem in the hardware timer module on 64-bit PowerPC - -* 1.5.2, 2006-01-15 - - Fixed an off-by-one memory read in MISTY1::key() - - Fixed a nasty memory leak in Output_Buffers::retire() - - Reimplemented the memory allocator from scratch - - Improved memory caching in Montgomery exponentiation - - Optimizations for multiple precision addition and subtraction - - Fixed a build problem in the hardware timer module on 64-bit PowerPC - - Changed default Karatsuba cutoff to 12 words (was 14) - - Removed MemoryRegion::bits(), which was unused and incorrect - - Changed maximum HMAC keylength to 1024 bits - - Various minor Makefile and build system changes - - Avoid using std::min in <secmem.h> to bypass Windows libc macro pollution - - Switched checks/clock.cpp back to using clock() by default - - Enabled the symmetric algorithm tests, which were accidentally off in 1.5.1 - - Removed the Default_Mutex's unused clone() member function - -* 1.5.1, 2006-01-08 - - Implemented Montgomery exponentiation - - Implemented generalized Karatsuba multiplication and squaring - - Implemented Comba squaring for 4, 6, and 8 word inputs - - Added new Modular_Exponentiator and Power_Mod classes - - Removed FixedBase_Exp and FixedExponent_Exp - - Fixed a performance regression in get_allocator introduced in 1.5.0 - - Engines can now offer S2K algorithms and block cipher padding methods - - Merged the remaining global 'algolist' code into Default_Engine - - The low-level MPI code is linked as C again - - Replaced BigInt's get_nibble with the more general get_substring - - Some documentation updates - -* 1.5.0, 2006-01-01 - - Moved all global/shared library state into a single object - - Mutex objects are created through mutex factories instead of a global - - Removed ::get_mutex(), ::initialize_mutex(), and Mutex::clone() - - Removed the RNG_Quality enum entirely - - There is now only a single global-use PRNG - - Removed the no_aliases and no_oids options for LibraryInitializer - - Removed the deprecated algorithms SEAL, ISAAC, and HAVAL - - Change es_ftw to use unbuffered I/O - -* 1.4.11, 2005-12-31 - - Changed Whirlpool diffusion matrix to match updated algorithm spec - - Fixed several engine module build errors introduced in 1.4.10 - - Fixed two build problems in es_capi; reported by Matthew Gregan - - Added a constructor to DataSource_Memory taking a std::string - - Placing the same Filter in multiple Pipes triggers an exception - - The configure script accepts --docdir and --libdir - - Merged doc/rngs.txt into the main API document - - Thanks to Joel Low for several bug reports on early tarballs of 1.4.11 - -* 1.4.10, 2005-12-18 - - Added an implementation of KASUMI, the block cipher used in 3G phones - - Refactored Pipe; output queues are now managed by a distinct class - - Made certain Filter facilities only available to subclasses of Fanout_Filter - - There is no longer any overhead in Pipe for a message that has been read out - - It is now possible to generate RSA keys as small as 128 bits - - Changed some of the core classes to derive from Algorithm as a virtual base - - Changed Randpool to use HMAC instead of a plain hash as the mixing function - - Fixed a bug in the allocators; found and fixed by Matthew Gregan - - Enabled the use of binary file I/O, when requested by the application - - The OpenSSL engine's block cipher code was missing some deallocation calls - - Disabled the es_ftw module on NetBSD, due to header problems there - - Fixed a problem preventing tm_hard from building on MacOS X on PowerPC - - Some cleanups for the modules that use inline assembler - - config.h is now stored in build/ instead of build/include/botan/ - - The header util.h was split into bit_ops.h, parsing.h, and util.h - - Cleaned up some redundant include directives - -* 1.4.9, 2005-11-06 - - Added the IBM-created AES candidate algorithm MARS - - Added the South Korean block cipher SEED - - Added the stream cipher Turing - - Added the new hash function FORK-256 - - Deprecated the ISAAC stream cipher - - Twofish and RC6 are significantly faster with GCC - - Much better support for 64-bit PowerPC - - Added support for high-resolution PowerPC timers - - Fixed a bug in the configure script causing problems on FreeBSD - - Changed ANSI X9.31 to support arbitrary block ciphers - - Make the configure script a bit less noisy - - Added more test vectors for some algorithms, including all the AES finalists - - Various cosmetic source code cleanups - -* 1.4.8, 2005-10-16 - - Resolved a bad performance problem in the allocators; fix by Matt Johnston - - Worked around a Visual Studio 2003 compilation problem introduced in 1.4.7 - - Renamed OMAC to CMAC to match the official NIST naming - - Added single byte versions of update() to PK_Signer and PK_Verifier - - Removed the unused reverse_bits and reverse_bytes functions - -* 1.4.7, 2005-09-25 - - Fixed major performance problems with recent versions of GNU C++ - - Added an implementation of the X9.31 PRNG - - Removed the X9.17 and FIPS 186-2 PRNG algorithms - - Changed defaults to use X9.31 PRNGs as global PRNG objects - - Documentation updates to reflect the PRNG changes - - Some cleanups related to the engine code - - Removed two useless headers, base_eng.h and secalloc.h - - Removed PK_Verifier::valid_signature - - Fixed configure/build system bugs affecting MacOS X builds - - Added support for the EKOPath x86-64 compiler - - Added missing destructor for BlockCipherModePaddingMethod - - Fix some build problems with Visual C++ 2005 beta - - Fix some build problems with Visual C++ 2003 Workshop - -* 1.4.6, 2005-03-13 - - Fix an error in the shutdown code introduced in 1.4.5 - - Setting base/pkcs8_tries to 0 disables the builtin fail-out - - Support for XMPP identifiers in X.509 certificates - - Duplicate entries in X.509 DNs are removed - - More fixes for Borland C++, from Friedemann Kleint - - Add a workaround for buggy iostreams - -* 1.4.5, 2005-02-26 - - Add support for AES encryption of private keys - - Minor fixes for PBES2 parameter decoding - - Internal cleanups for global state variables - - GCC 3.x version detection was broken in non-English locales - - Work around a Sun Forte bug affecting mem_pool.h - - Several fixes for Borland C++ 5.5, from Friedemann Kleint - - Removed inclusion of init.h into base.h - - Fixed a major bug in reading from certificate stores - - Cleaned up a couple of mutex leaks - - Removed some left-over debugging code - - Removed SSL3_MAC, SSL3_PRF, and TLS_PRF - -* 1.4.4, 2004-12-02 - - Further tweaks to the pooling allocator - - Modified EMSA3 to support SSL/TLS signatures - - Changes to support Qt/QCA, from Justin Karneges - - Moved mux_qt module code into mod_qt - - Fixes for HP-UX from Mike Desjardins - -* 1.4.3, 2004-11-06 - - Split up SecureAllocator into Allocator and Pooling_Allocator - - Memory locking allocators are more likely to be used - - Fixed the placement of includes in some modules - - Fixed broken installation procedure - - Fixes in configure script to support alternate install programs - - Modules can specify the minimum version they support - -* 1.4.2, 2004-10-31 - - Fixed a major CRL handling bug - - Cipher and hash operations can be offloaded to engines - - Added support for cipher and hash offload in OpenSSL engine - - Improvements for 64-bit CPUs without a widening multiply instruction - - Support for SHA2-* and Whirlpool with EMSA2 - - Fixed a long-standing build problem with conflicting include files - - Fixed some examples that hadn't been updated for 1.4.x - - Portability fixes for Solaris, *BSD, HP-UX, and others - - Lots of fixes and cleanups in the configure script - - Updated the Gentoo ebuild file - -* 1.4.1, 2004-10-10 - - Fixed major errors in the X.509 and PKCS #8 copy_key functions - - Added a LAST_MESSAGE meta-message number for Pipe - - Added new aliases (3DES and DES-EDE) for Triple-DES - - Added some new functions to PK_Verifier - - Cleaned up the KDF interface - - Disabled tm_posix on *BSD due to header issues - - Fixed a build problem on PowerPC with GNU C++ pre-3.4 - -* 1.4.0, 2004-06-26 - - Added the FIPS 186 RNG back - - Added copy_key functions for X.509 public keys and PKCS #8 private keys - - Fixed PKCS #1 signatures with RIPEMD-128 - - Moved some code around to avoid warnings with Sun ONE compiler - - Fixed a bug in botan-config affecting OpenBSD - - Fixed some build problems on Tru64, HP-UX - - Fixed compile problems with Intel C++, Compaq C++ - -* 1.3.14, 2004-06-12 - - Added support for AEP's AEP1000/AEP2000 crypto cards - - Added a Mutex module using Qt, from Justin Karneges - - Added support for engine loading in LibraryInitializer - - Tweaked SecureAllocator, giving 20% better performance under heavy load - - Added timer and memory locking modules for Win32 (tm_win32, ml_win32) - - Renamed PK_Engine to Engine_Core - - Improved the Karatsuba cutoff points - - Fixes for compiling with GCC 3.4 and Sun C++ 5.5 - - Fixes for Linux/s390, OpenBSD, and Solaris - - Added support for Linux/s390x - - The configure script was totally broken for 'generic' OS - - Removed Montgomery reduction due to bugs - - Removed an unused header, pkcs8alg.h - - check --validate returns an error code if any tests failed - - Removed duplicate entry in Unix command list for es_unix - - Moved the Cert_Usage enumeration into X509_Store - - Added new timing methods for PK benchmarks, clock_gettime and RDTSC - - Fixed a few minor bugs in the configure script - - Removed some deprecated functions from x509cert.h and pkcs10.h - - Removed the 'minimal' module, has to be updated for Engine support - - Changed MP_WORD_BITS macro to BOTAN_MP_WORD_BITS to clean up namespace - - Documentation updates - -* 1.3.13, 2004-05-15 - - Major fixes for Cygwin builds - - Minor MacOS X install fixes - - The configure script is a little better at picking the right modules - - Removed ml_unix from the 'unix' module set for Cygwin compatibility - - Fixed a stupid compile problem in pkcs10.h - -* 1.3.12, 2004-05-02 - - Added ability to remove old entries from CRLs - - Swapped the first two arguments of X509_CA::update_crl() - - Added an < operator for MemoryRegion, so it can be used as a std::map key - - Changed X.509 searching by DNS name from substring to full string compares - - Renamed a few X509_Certificate and PKCS10_Request member functions - - Fixed a problem when decoding some PKCS #10 requests - - Hex_Decoder would not check inputs, reported by Vaclav Ovsik - - Changed default CRL expire time from 30 days to 7 days - - X509_CRL's default PEM header is now "X509 CRL", for OpenSSL compatibility - - Corrected errors in the API doc, fixes from Ken Perano - - More documentation about the Pipe/Filter code - -* 1.3.11, 2004-04-01 - - Fixed two show-stopping bugs in PKCS10_Request - - Added some sanity checks in Pipe/Filter - - The DNS and URI entries would get swapped in subjectAlternativeNames - - MAC_Filter is now willing to not take a key at creation time - - Setting the expiration times of certs and CRLs is more flexible - - Fixed problems building on AIX with GCC - - Fixed some problems in the tutorial pointed out by Dominik Vogt - - Documentation updates - -* 1.3.10, 2004-03-27 - - Added support for OpenPGP's ASCII armor format - - Cleaned up the RNG system; seeding is much more flexible - - Added simple autoconfiguration abilities to configure.pl - - Fixed a GCC 2.95.x compile problem - - Updated the example configuration file - - Documentation updates - -* 1.3.9, 2004-03-07 - - Added an engine using OpenSSL (requires 0.9.7 or later) - - X509_Certificate would lose email addresses stored in the DN - - Fixed a missing initialization in a BigInt constructor - - Fixed several Visual C++ compile problems - - Fixed some BeOS build problems - - Fixed the WiderWake benchmark - -* 1.3.8, 2003-12-30 - - Internal changes to PK algorithms to divide data and algorithms - - DSA/DH/NR/ElGamal constructors accept taking just the private key again - - ElGamal keys now support being imported/exported as ASN.1 objects - - Much more consistent and complete error checking in PK algorithms - - Support for arbitrary backends (engines) for PK operations - - Added Montgomery reductions - - Added an engine that uses GNU MP (requires 4.1 or later) - - Removed the obsolete mp_gmp module - - Moved several initialization/shutdown functions to init.h - - Major refactoring of the memory containers - - New non-locking container, MemoryVector - - Fixed 64-bit problems in BigInt::set_bit/clear_bit - - Renamed PK_Key::check_params() to check_key() - - Some incompatible changes to OctetString - - Added version checking macros in version.h - - Removed the fips140 module pending rewrite - - Added some functions and hooks to help GUIs - - Moved more shared code into MDx_HashFunction - - Added a policy hook for specifying the encoding of X.509 strings - -* 1.3.7, 2003-12-12 - - Fixed a big security problem in es_unix - - Fixed several stability problems in es_unix - - Expanded the list of programs es_unix will try to use - - SecureAllocator now only preallocates blocks in special cases - - Added a special case in Global_RNG::seed for forcing a full poll - - Removed the FIPS 186 RNG added in 1.3.5 pending further testing - - Configure updates for PowerPC CPUs - - Removed the (never tested) VAX support - - Added support for S/390 Linux - -* 1.3.6, 2003-12-07 - - Added a new module 'minimal', which disables most algorithms - - SecureAllocator allocates a few blocks at startup - - A few minor MPI cleanups - - RPM spec file cleanups and fixes - -* 1.3.5, 2003-11-30 - - Major improvements in ASN.1 string handling - - Added partial support for ASN.1 UTF8 STRINGs and BMP STRINGs - - Added partial support for the X.509v3 certificate policies extension - - Centralized the handling of character set information - - Added FIPS 140-2 startup self tests - - Added a module (fips140) for doing extra FIPS 140-2 tests - - Added FIPS 186-2 RNG - - Improved ASN.1 BIT STRING handling - - Removed a memory leak in PKCS10_Request - - The encoding of DirectoryString now follows PKIX guidelines - - Fixed some of the character set dependencies - - Fixed a DER encoding error for tags greater than 30 - - The BER decoder can now handle tags larger than 30 - - Fixed tm_hard.cpp to recognize SPARC on more systems - - Workarounds for a GCC 2.95.x bug in x509find.cpp - - RPM changed to install into /usr instead of /usr/local - - Added support for QNX - -* 1.2.8, 2003-11-21 - - Merged several important bug fixes from 1.3.x - -* 1.3.4, 2003-11-21 - - Added a module that does certain MPI operations using GNU MP - - Added the X9.42 Diffie-Hellman PRF - - The Zlib and Bzip2 objects now use custom allocators - - Added member functions for directly hashing/MACing SecureVectors - - Minor optimizations to the MPI addition and subtraction algorithms - - Some cleanups in the low-level MPI code - - Created separate AES-{128,192,256} objects - -* 1.3.3, 2003-11-17 - - The library can now be repeatedly initialized and shutdown without crashing - - Fixed an off-by-one error in the CTS code - - Fixed an error in the EMSA4 verification code - - Fixed a memory leak in mutex.cpp (pointed out by James Widener) - - Fixed a memory leak in Pthread_Mutex - - Fixed several memory leaks in the testing code - - Bulletproofed the EMSA/EME/KDF/MGF retrieval functions - - Minor cleanups in SecureAllocator - - Removed a needless mutex guarding the (stateless) global timer - - Fixed a piece of bash-specific code in botan-config - - X.509 objects report more information about decoding errors - - Cleaned up some of the exception handling - - Updated the example config file with new OIDSs - - Moved the build instructions into a separate document, building.tex - -* 1.3.2, 2003-11-13 - - Fixed a bug preventing DSA signatures from verifying on X.509 objects - - Made the X509_Store search routines more efficient and flexible - - Added a function to X509_PublicKey to do easy public/private key matching - - Added support for decoding indefinite length BER data - - Changed Pipe's peek() to take an offset - - Removed Filter::set_owns in favor of the new incr_owns function - - Removed BigInt::zero() and BigInt::one() - - Renamed the PEM related options from base/pem_* to pem/* - - Added an option to specify the line width when encoding PEM - - Removed the "rng/safe_longterm" option; it's always on now - - Changed the cipher used for RNG super-encryption from ARC4 to WiderWake4+1 - - Cleaned up the base64/hex encoders and decoders - - Added an ASN.1/BER decoder as an example - - AES had its internals marked 'public' in previous versions - - Changed the value of the ASN.1 NO_OBJECT enum - - Various new hacks in the configure script - - Removed the already nominal support for SunOS - -* 1.3.1, 2003-11-04 - - Generalized a few pieces of the DER encoder - - PKCS8::load_key would fail if handed an unencrypted key - - Added a failsafe so PKCS #8 key decoding can't go into an infinite loop - -* 1.3.0, 2003-11-02 - - Major redesign of the PKCS #8 private key import/export system - - Added a small amount of UI interface code for getting passphrases - - Added heuristics that tell if a key, cert, etc is stored as PEM or BER - - Removed CS-Cipher, SHARK, ThreeWay, MD5-MAC, and EMAC - - Removed certain deprecated constructors of RSA, DSA, DH, RW, NR - - Made PEM decoding more forgiving of extra text before the header - -* 1.2.7, 2003-10-31 - - Added support for reading configuration files - - Added constructors so NR and RW keys can be imported easily - - Fixed mp_asm64, which was completely broken in 1.2.6 - - Removed tm_hw_ia32 module; replaced by tm_hard - - Added support for loading certain oddly formed RSA certificates - - Fixed spelling of NON_REPUDIATION enum - - Renamed the option default_to_ca to v1_assume_ca - - Fixed a minor bug in X.509 certificate generation - - Fixed a latent bug in the OID lookup code - - Updated the RPM spec file - - Added to the tutorial - -* 1.2.6, 2003-07-04 - - Major performance increase for PK algorithms on most 64-bit systems - - Cleanups in the low-level MPI code to support asm implementations - - Fixed build problems with some versions of Compaq's C++ compiler - - Removed useless constructors for NR public and private keys - - Removed support for the patch_file directive in module files - - Removed several deprecated functions - -* 1.2.5, 2003-06-22 - - Fixed a tricky and long-standing memory leak in Pipe - - Major cleanups and fixes in the memory allocation system - - Removed alloc_mlock, which has been superseded by the ml_unix module - - Removed a denial of service vulnerability in X509_Store - - Fixed compilation problems with VS .NET 2003 and Codewarrior 8 - - Added another variant of PKCS8::load_key, taking a memory buffer - - Fixed various minor/obscure bugs which occurred when MP_WORD_BITS != 32 - - BigInt::operator%=(word) was a no-op if the input was a power of 2 - - Fixed portability problems in BigInt::to_u32bit - - Fixed major bugs in SSL3-MAC - - Cleaned up some messes in the PK algorithms - - Cleanups and extensions for OMAC and EAX - - Made changes to the entropy estimation function - - Added a 'beos' module set for use on BeOS - - Officially deprecated a few X509:: and PKCS8:: functions - - Moved the contents of primes.h to numthry.h - - Moved the contents of x509opt.h to x509self.h - - Removed the (empty) desx.h header - - Documentation updates - -* 1.2.4, 2003-05-29 - - Fixed a bug in EMSA1 affecting NR signature verification - - Fixed a few latent bugs in BigInt related to word size - - Removed an unused function, mp_add2_nc, from the MPI implementation - - Reorganized the core MPI files - -* 1.2.3, 2003-05-20 - - Fixed a bug that prevented DSA/NR key generation - - Fixed a bug that prevented importing some root CA certs - - Fixed a bug in the BER decoder when handing optional bit or byte strings - - Fixed the encoding of authorityKeyIdentifier in X509_CA - - Added a sanity check in PBKDF2 for zero length passphrases - - Added versions of X509::load_key and PKCS8::load_key that take a file name - - X509_CA generates 128 bit serial numbers now - - Added tests to check PK key generation - - Added a simplistic X.509 CA example - - Cleaned up some of the examples - -* 1.2.2, 2003-05-13 - - Add checks to prevent any BigInt bugs from revealing an RSA or RW key - - Changed the interface of Global_RNG::seed - - Major improvements for the es_unix module - - Added another Win32 entropy source, es_win32 - - The Win32 CryptoAPI entropy source can now poll multiple providers - - Improved the BeOS entropy source - - Renamed pipe_unixfd module to fd_unix - - Fixed a file descriptor leak in the EGD module - - Fixed a few locking bugs - -* 1.2.1, 2003-05-06 - - Added ANSI X9.23 compatible CBC padding - - Added an entropy source using Win32 CryptoAPI - - Removed the Pipe I/O operators taking a FILE* - - Moved the BigInt encoding/decoding functions into the BigInt class - - Integrated several fixes for VC++ 7 (from Hany Greiss) - - Fixed the configure.pl script for Windows builds - -* 1.2.0, 2003-04-28 - - Tweaked the Karatsuba cut-off points - - Increased the allowed keylength of HMAC and Blowfish - - Removed the 'mpi_ia32' module, pending rewrite - - Workaround a GCC 2.95.x bug in eme1.cpp - -* 1.1.13, 2003-04-22 - - Added OMAC - - Added EAX authenticated cipher mode - - Diffie-Hellman would not do blinding in some cases - - Optimized the OFB and CTR modes - - Corrected Skipjack's word ordering, as per NIST clarification - - Support for all subject/issuer attribute types required by RFC 3280 - - The removeFromCRL CRL reason code is now handled correctly - - Increased the flexibility of the allocators - - Renamed Rijndael to AES, created aes.h, deleted rijndael.h - - Removed support for the 'no_timer' LibraryInitializer option - - Removed 'es_pthr' module, pending further testing - - Cleaned up get_ciph.cpp - -* 1.1.12, 2003-04-15 - - Fixed a ASN.1 string encoding bug - - Fixed a pair of X509_DN encoding problems - - Base64_Decoder and Hex_Decoder can now validate input - - Removed support for the LibraryInitializer option 'egd_path' - - Added tests for DSA X.509 and PKCS #8 key formats - - Removed a long deprecated feature of DH_PrivateKey's constructor - - Updated the RPM .spec file - - Major documentation updates - -* 1.1.11, 2003-04-07 - - Added PKCS #10 certificate requests - - Changed X509_Store searching interface to be more flexible - - Added a generic Certificate_Store interface - - Added a function for generating self-signed X.509 certs - - Cleanups and changes to X509_CA - - New examples for PKCS #10 and self-signed certificates - - Some documentation updates - -* 1.1.10, 2003-04-03 - - X509_CA can now generate new X.509 CRLs - - Added blinding for RSA, RW, DH, and ElGamal to prevent timing attacks - - More certificate and CRL extensions/attributes are supported - - Better DN handling in X.509 certificates/CRLs - - Added a DataSink hierarchy (suggested by Jim Darby) - - Consolidated SecureAllocator and ManagedAllocator - - Many cleanups and generalizations - - Added a (slow) pthreads based EntropySource - - Fixed some threading bugs - -* 1.1.9, 2003-02-25 - - Added support for using X.509v2 CRLs - - Fixed several bugs in the path validation algorithm - - Certificates can be verified for a particular usage - - Algorithm for comparing distinguished names now follows X.509 - - Cleaned up the code for the es_beos, es_ftw, es_unix modules - - Documentation updates - -* 1.1.8, 2003-01-29 - - Fixes for the certificate path validation algorithm in X509_Store - - Fixed a bug affecting X509_Certificate::is_ca_cert() - - Added a general configuration interface for policy issues - - Cleanups and API changes in the X.509 CA, cert, and store code - - Made various options available for X509_CA users - - Changed X509_Time's interface to work around time_t problems - - Fixed a theoretical weakness in Randpool's entropy mixing function - - Fixed problems compiling with GCC 2.95.3 and GCC 2.96 - - Fixed a configure bug (reported by Jon Wilson) affecting MinGW - -* 1.1.7, 2003-01-12 - - Fixed an obscure but dangerous bug in SecureVector::swap - - Consolidated SHA-384 and SHA-512 to save code space - - Added SSL3-MAC and SSL3-PRF - - Documentation updates, including a new tutorial - -* 1.0.2, 2003-01-12 - - Fixed an obscure SEGFAULT causing bug in Pipe - - Fixed an obscure but dangerous bug in SecureVector::swap - -* 1.1.6, 2002-12-10 - - Initial support for X.509v3 certificates and CAs - - Major redesign/rewrite of the ASN.1 encoding/decoding code - - Added handling for DSA/NR signatures encoded as DER SEQUENCEs - - Documented the generic cipher lookup interface - - Added an (untested) entropy source for BeOS - - Various cleanups and bug fixes - -* 1.1.5, 2002-11-17 - - Added the discrete logarithm integrated encryption system (DLIES) - - Various optimizations for BigInt - - Added support for assembler optimizations in modules - - Added BigInt x86 optimizations module (mpi_ia32) - -* 1.1.4, 2002-11-10 - - Speedup of 15-30% for PK algorithms - - Implemented the PBES2 encryption scheme - - Fixed a potential bug in decoding RSA and RW private keys - - Changed the DL_Group class interface to handle different formats better - - Added support for PKCS #3 encoded DH parameters - - X9.42 DH parameters use a PEM label of 'X942 DH PARAMETERS' - - Added key pair consistency checking - - Fixed a compatibility problem with gcc 2.96 (pointed out by Hany Greiss) - - A botan-config script is generated at configure time - - Documentation updates - -* 1.1.3, 2002-11-03 - - Added a generic public/private key loading interface - - Fixed a small encoding bug in RSA, RW, and DH - - Changed the PK encryption/decryption interface classes - - ECB supports using padding methods - - Added a function-based interface for library initialization - - Added support for RIPEMD-128 and Tiger PKCS#1 v1.5 signatures - - The cipher mode benchmarks now use 128-bit AES instead of DES - - Removed some obsolete typedefs - - Removed OpenCL support (opencl.h, the OPENCL_* macros, etc) - - Added tests for PKCS #8 encoding/decoding - - Added more tests for ECB and CBC - -* 1.1.2, 2002-10-21 - - Support for PKCS #8 encoded RSA, DSA, and DH private keys - - Support for Diffie-Hellman X.509 public keys - - Major reorganization of how X.509 keys are handled - - Added PKCS #5 v2.0's PBES1 encryption scheme - - Added a generic cipher lookup interface - - Added the WiderWake4+1 stream cipher - - Added support for sync-able stream ciphers - - Added a 'paranoia level' option for the LibraryInitializer - - More security for RNG output meant for long term keys - - Added documentation for some of the new 1.1.x features - - CFB's feedback argument is now specified in bits - - Renamed CTR class to CTR_BE - - Updated the RSA and DSA examples to use X.509 and PKCS #8 key formats - -* 1.1.1, 2002-10-15 - - Added the Korean hash function HAS-160 - - Partial support for RSA and DSA X.509 public keys - - Added a mostly functional BER encoder/decoder - - Added support for non-deterministic MAC functions - - Initial support for PEM encoding/decoding - - Internal cleanups in the PK algorithms - - Several new convenience functions in Pipe - - Fixed two nasty bugs in Pipe - - Messed with the entropy sources for es_unix - - Discrete logarithm groups are checked for safety more closely now - - For compatibility with GnuPG, ElGamal now supports DSA-style groups - -* 1.1.0, 2002-09-14 - - Added entropy estimation to the RNGs - - Improved the overall design of both Randpool and ANSI_X917_RNG - - Added a separate RNG for nonce generation - - Added window exponentiation support in power_mod - - Added a get_s2k function and the PKCS #5 S2K algorithms - - Added the TLSv1 PRF - - Replaced BlockCipherModeIV typedef with InitializationVector class - - Renamed PK_Key_Agreement_Scheme to PK_Key_Agreement - - Renamed SHA1 -> SHA_160 and SHA2_x -> SHA_x - - Added support for RIPEMD-160 PKCS#1 v1.5 signatures - - Changed the key agreement scheme interface - - Changed the S2K and KDF interfaces - - Better SCAN compatibility for HAVAL, Tiger, MISTY1, SEAL, RC5, SAFER-SK - - Added support for variable-pass Tiger - - Major speedup for Rabin-Williams key generation - -* 1.0.1, 2002-09-14 - - Fixed a minor bug in Randpool::random() - - Added some new aliases and typedefs for 1.1.x compatibility - - The 4096-bit RSA benchmark key was decimal instead of hex - - EMAC was returning an incorrect name - -* 1.0.0, 2002-08-26 - - Octal I/O of BigInt is now supported - - Fixed portability problems in the es_egd module - - Generalized IV handling in the block cipher modes - - Added Karatsuba multiplication and k-ary exponentiation - - Fixed a problem in the multiplication routines - -* 0.9.2, 2002-08-18 - - DH_PrivateKey::public_value() was returning the wrong value - - Various BigInt optimizations - - The filters.h header now includes hex.h and base64.h - - Moved Counter mode to ctr.h - - Fixed a couple minor problems with VC++ 7 - - Fixed problems with the RPM spec file - -* 0.9.1, 2002-08-10 - - Grand rename from OpenCL to Botan - - Major optimizations for the PK algorithms - - Added ElGamal encryption - - Added Whirlpool - - Tweaked memory allocation parameters - - Improved the method of seeding the global RNG - - Moved pkcs1.h to eme_pkcs.h - - Added more test vectors for some algorithms - - Fixed error reporting in the BigInt tests - - Removed Default_Timer, it was pointless - - Added some new example applications - - Removed some old examples that weren't that interesting - - Documented the compression modules - -* 0.9.0, 2002-08-03 - - EMSA4 supports variable salt size - - PK_* can take a string naming the encoding method to use - - Started writing some internals documentation - -* 0.8.7, 2002-07-30 - - Fixed bugs in EME1 and EMSA4 - - Fixed a potential crash at shutdown - - Cipher modes returned an ill-formed name - - Removed various deprecated types and headers - - Cleaned up the Pipe interface a bit - - Minor additions to the documentation - - First stab at a Visual C++ makefile (doc/Makefile.vc7) - -* 0.8.6, 2002-07-25 - - Added EMSA4 (aka PSS) - - Brought the manual up to date; many corrections and additions - - Added a parallel hash function construction - - Lookup supports all available algorithms now - - Lazy initialization of the lookup tables - - Made more discrete logarithm groups available through get_dl_group() - - StreamCipher_Filter supports seeking (if the underlying cipher does) - - Minor optimization for GCD calculations - - Renamed SAFER_SK128 to SAFER_SK - - Removed many previously deprecated functions - - Some now-obsolete functions, headers, and types have been deprecated - - Fixed some bugs in DSA prime generation - - DL_Group had a constructor for DSA-style prime gen but it wasn't defined - - Reversed the ordering of the two arguments to SEAL's constructor - - Fixed a threading problem in the PK algorithms - - Fixed a minor memory leak in lookup.cpp - - Fixed pk_types.h (it was broken in 0.8.5) - - Made validation tests more verbose - - Updated the check and example applications - -* 0.8.5, 2002-07-21 - - Major changes to constructors for DL-based cryptosystems (DSA, NR, DH) - - Added a DL_Group class - - Reworking of the pubkey internals - - Support in lookup for aliases and PK algorithms - - Renamed CAST5 to CAST_128 and CAST256 to CAST_256 - - Added EMSA1 - - Reorganization of header files - - LibraryInitializer will install new allocator types if requested - - Fixed a bug in Diffie-Hellman key generation - - Did a workaround in pipe.cpp for GCC 2.95.x on Linux - - Removed some debugging code from init.cpp that made FTW ES useless - - Better checking for invalid arguments in the PK algorithms - - Reduced Base64 and Hex default line length (if line breaking is used) - - Fixes for HP's aCC compiler - - Cleanups in BigInt - -* 0.8.4, 2002-07-14 - - Added Nyberg-Rueppel signatures - - Added Diffie-Hellman key exchange (kex interface is subject to change) - - Added KDF2 - - Enhancements to the lookup API - - Many things formerly taking pointers to algorithms now take names - - Speedups for prime generation - - LibraryInitializer has support for seeding the global RNG - - Reduced SAFER-SK128 memory consumption - - Reversed the ordering of public and private key values in DSA constructor - - Fixed serious bugs in MemoryMapping_Allocator - - Fixed memory leak in Lion - - FTW_EntropySource was not closing the files it read - - Fixed line breaking problem in Hex_Encoder - -* 0.8.3, 2002-06-09 - - Added DSA and Rabin-Williams signature schemes - - Added EMSA3 - - Added PKCS#1 v1.5 encryption padding - - Added Filters for PK algorithms - - Added a Keyed_Filter class - - LibraryInitializer processes arguments now - - Major revamp of the PK interface classes - - Changed almost all of the Filters for non-template operation - - Changed HMAC, Lion, Luby-Rackoff to non-template classes - - Some fairly minor BigInt optimizations - - Added simple benchmarking for PK algorithms - - Added hooks for fixed base and fixed exponent modular exponentiation - - Added some examples for using RSA - - Numerous bugfixes and cleanups - - Documentation updates - -* 0.8.2, 2002-05-18 - - Added an (experimental) algorithm lookup interface - - Added code for directly testing BigInt - - Added SHA2-384 - - Optimized SHA2-512 - - Major optimization for Adler32 (thanks to Dan Nicolaescu) - - Various minor optimizations in BigInt and related areas - - Fixed two bugs in X9.19 MAC, both reported by Darren Starsmore - - Fixed a bug in BufferingFilter - - Made a few fixes for MacOS X - - Added a workaround in configure.pl for GCC 2.95.x - - Better support for PowerPC, ARM, and Alpha - - Some more cleanups - -* 0.8.1, 2002-05-06 - - Major code cleanup (check doc/deprecated.txt) - - Various bugs fixed, including several portability problems - - Renamed MessageAuthCode to MessageAuthenticationCode - - A replacement for X917 is in x917_rng.h - - Changed EMAC to non-template class - - Added ANSI X9.19 compatible CBC-MAC - - TripleDES now supports 128 bit keys - -* 0.8.0, 2002-04-24 - - Merged BigInt: many bugfixes and optimizations since alpha2 - - Added RSA (rsa.h) - - Added EMSA2 (emsa2.h) - - Lots of new interface code for public key algorithms (pk_base.h, pubkey.h) - - Changed some interfaces, including SymmetricKey, to support the global rng - - Fixed a serious bug in ManagedAllocator - - Renamed RIPEMD128 to RIPEMD_128 and RIPEMD160 to RIPEMD_160 - - Removed some deprecated stuff - - Added a global random number generator (rng.h) - - Added clone functions to most of the basic algorithms - - Added a library initializer class (init.h) - - Version macros in version.h - - Moved the base classes from opencl.h to base.h - - Renamed the bzip2 module to comp_bzip2 and zlib to comp_zlib - - Documentation updates for the new stuff (still incomplete) - - Many new deprecated things: check doc/deprecated.txt - -* 0.7.10, 2002-04-07 - - Added EGD_EntropySource module (es_egd) - - Added a file tree walking EntropySource (es_ftw) - - Added MemoryLocking_Allocator module (alloc_mlock) - - Renamed the pthr_mux, unix_rnd, and mmap_mem modules - - Changed timer mechanism; the clock method can be switched on the fly. - - Renamed MmapDisk_Allocator to MemoryMapping_Allocator - - Renamed ent_file.h to es_file.h (ent_file.h is around, but deprecated) - - Fixed several bugs in MemoryMapping_Allocator - - Added more default sources for Unix_EntropySource - - Changed SecureBuffer to use same allocation methods as SecureVector - - Added bigint_divcore into mp_core to support BigInt alpha2 release - - Removed some Pipe functions deprecated since 0.7.8 - - Some fixes for the configure program - -* 0.7.9, 2002-03-19 - - Memory allocation substantially revamped - - Added memory allocation method based on mmap(2) in the mmap_mem module - - Added ECB and CTS block cipher modes (ecb.h, cts.h) - - Added a Mutex interface (mutex.h) - - Added module pthr_mux, implementing the Mutex interface - - Added Threaded Filter interface (thr_filt.h) - - All algorithms can now by keyed with SymmetricKey objects - - More testing occurs with --validate (expected failures) - - Fixed two bugs reported by Hany Greiss, in Luby-Rackoff and RC6 - - Fixed a buffering bug in Bzip_Decompress and Zlib_Decompress - - Made X917 safer (and about 1/3 as fast) - - Documentation updates - -* 0.7.8, 2002-02-28 - - More capabilities for Pipe, inspired by SysV STREAMS, including peeking, - better buffering, and stack ops. NOT BACKWARDS COMPATIBLE: SEE DOCUMENTATION - - Added a BufferingFilter class - - Added popen() based EntropySource for generic Unix systems (unix_rnd) - - Moved 'devrand' module into main distribution (ent_file.h), renamed to - File_EntropySource, and changed interface somewhat. - - Made Randpool somewhat more conservative and also 25% faster - - Minor fixes and updates for the configure script - - Added some tweaks for memory allocation - - Documentation updates for the new Pipe interface - - Fixed various minor bugs - - Added a couple of new example programs (stack and hasher2) - -* 0.7.7, 2001-11-24 - - Filter::send now works in the constructor of a Filter subclass - - You may now have to include <opencl/pipe.h> explicitly in some code - - Added preliminary PK infrastructure classes in pubkey.h and pkbase.h - - Enhancements to SecureVector (append, destroy functions) - - New infrastructure for secure memory allocation - - Added IEEE P1363 primitives MGF1, EME1, KDF1 - - Rijndael optimizations and cleanups - - Changed CipherMode<B> to BlockCipherMode(B*) - - Fixed a nasty bug in pipe_unixfd - - Added portions of the BigInt code into the main library - - Support for VAX, SH, POWER, PowerPC-64, Intel C++ - -* 0.7.6, 2001-10-14 - - Fixed several serious bugs in SecureVector created in 0.7.5 - - Square optimizations - - Fixed shared objects on MacOS X and HP-UX - - Fixed static libs for KCC 4.0; works with KCC 3.4g as well - - Full support for Athlon and K6 processors using GCC - - Added a table of prime numbers < 2**16 (primes.h) - - Some minor documentation updates - -* 0.7.5, 2001-08-19 - - Split checksum.h into adler32.h, crc24.h, and crc32.h - - Split modes.h into cbc.h, cfb.h, and ofb.h - - CBC_wPadding* has been replaced by CBC_Encryption and CBC_Decryption - - Added OneAndZeros and NoPadding methods for CBC - - Added Lion, a very fast block cipher construction - - Added an S2K base class (s2k.h) and an OpenPGP_S2K class (pgp_s2k.h) - - Basic types (ciphers, hashes, etc) know their names now (call name()) - - Changed the EntropySource type somewhat - - Big speed-ups for ISAAC, Adler32, CRC24, and CRC32 - - Optimized CAST-256, DES, SAFER-SK, Serpent, SEAL, MD2, and RIPEMD-160 - - Some semantics of SecureVector have changed slightly - - The mlock module has been removed for the time being - - Added string handling functions for hashes and MACs - - Various non-user-visible cleanups - - Shared library soname is now set to the full version number - -* 0.7.4, 2001-07-15 - - New modules: Zlib, gettimeofday and x86 RTC timers, Unix I/O for Pipe - - Fixed a vast number of errors in the config script/makefile/specfile - - Pipe now has a stdio(3) interface as well as C++ iostreams - - ARC4 supports skipping the first N bytes of the cipher stream (ala MARK4) - - Bzip2 supports decompressing multiple concatenated streams, and flushing - - Added a simple 'overall average' score to the benchmarks - - Fixed a small bug in the POSIX timer module - - Removed a very-unlikely-to-occur bug in most of the hash functions - - filtbase.h now includes <iosfwd>, not <iostream> - - Minor documentation updates - -* 0.7.3, 2001-06-08 - - Fix build problems on Solaris/SPARC - - Fix build problems with Perl versions < 5.6 - - Fixed some stupid code that broke on a few compilers - - Added string handling functions to Pipe - - MISTY1 optimizations - -* 0.7.2, 2001-06-03 - - Build system supports modules - - Added modules for mlock, a /dev/random EntropySource, POSIX1.b timers - - Added Bzip2 compression filter, contributed by Peter Jones - - GNU make no longer required (tested with 4.4BSD pmake and Solaris make) - - Fixed minor bug in several of the hash functions - - Various other minor fixes and changes - - Updates to the documentation - -* 0.7.1, 2001-05-16 - - Rewrote configure script: more consistent and complete - - Made it easier to find out parameters of types at run time (opencl.h) - - New functions for finding the version being used (version.h) - - New SymmetricKey interface for Filters (symkey.h) - - InvalidKeyLength now records what the invalid key length was - - Optimized DES, CS-Cipher, MISTY1, Skipjack, XTEA - - Changed GOST to use correct S-box ordering (incompatible change) - - Benchmark code was almost totally rewritten - - Many more entries in the test vector file - - Fixed minor and idiotic bug in check.cpp - -* 0.7.0, 2001-03-01 - - First public release - diff --git a/botan/doc/pgpkeys.asc b/botan/doc/pgpkeys.asc deleted file mode 100644 index 378230f..0000000 --- a/botan/doc/pgpkeys.asc +++ /dev/null @@ -1,83 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v2.0.9 (GNU/Linux) - -mQGiBDqZbS4RBACH3vOrWo72lWh/lbECfIfGdtl+YDgyGMB2BiGDJG7Kzbg9IB2e -no0Du+omligWpgWlYdkiJ+/wpCJlBxd/P3rEegp822aeV1eD3E03wxWUvhyWgy+8 -I8POrcCjC9RkrTGTl5RiFdaRVCG93vzmJFUJoI1Kt0F5AnTJXJm4VgNo0wCg4F/M -jN7YfhrUroE8ksTGPiCeNocD/R6wGZ0FFtYHdK5W19u/vM9JfAXxoK+OmDheFSVL -oIWVCXacwvbVQ15MfdQxaRyZmkWD9jgm2Omr8II6iK12B3WLRb96bkQzC0Sd25Xm -2tLKUDBwK0meG/8cRj3hE4WFF6VBdhWNtRhbby6Le9JHC+ylMrHwMy+HHXl5a2gf -ycCmA/9LU5GukTKfaBz9OPrVkMf2n0RbdBgn5hxtDeZ5iV6JMosEGobMnZ77n44M -VdGk6NWlMZqmwy6tJg2CdKPiQtjJaPuIR6qM0rtc8tpnhJSqq2c3KNOcaTennJsc -H3MNtT6FeZH1pZOhcmLjs7wb267NgR89vBQd2l46qWYSaBCASbQWQm90YW4gRGlz -dHJpYnV0aW9uIEtleYhiBBMRAgAaBQsHCgMEAxUDAgMWAgECF4ACGQEFAkkXKWoA -EgdlR1BHAAEBCRCmPyy9+gL7zKhdAKCfZvYBJeZaVW+Cq8S463bbw9vtJACg29tp -zrPhPtU4baw3ngVFUjUcLCyJAhwEEAECAAYFAkkq4q8ACgkQXA+W6E7BbWuJmg/+ -NTxLCg0I527bNowv/pEBrN26Aghwu3/Gn6QrRz2bFQ1A/8LNw2w8eKY0w/b5ieiC -kYy/DmkcDFkspmtaVvA0A+hK/NIIEbFqllKnTQ2BK5EdqQxS+OuBZN4BbJJ2XzKD -6bUcmIEpzymVah/r49D09VG7TQeBequcER9DumSuKhDM10Jt594tkjUo8E7BO8Np -54T2MXX3Nk839eZLihnSh5Cnj6pmLlr/4Tx8iXQTuk2CKkOWxCXaE1CJlUnaXTTy -T16na7PdWPKUR1x2cNY9uL+r5RwSRebV2iV3620MzFHYIAbFYrRdew8HnBnzrwgE -gk4z8fFFSDwIkkGVIkZMqchyWQySJ8UIQpUPVM0/EA+ejgMbLx/Xt6ONIZQiq9Cc -8AaPsoEXFlQHRFN65BB8GIYUdraw/yHwTWX4UNtyNNTq6zgwnsvik6ZJN7RNdgea -rZavW8svXsDZgwEVDI3ps19B1yD0AxC/IJ9uqxqTKn+dYciiZJCMBUTITb6lVs6b -SnMNqdllE2z591cQH02rInHH25WiMjoPeboUozLZ7tyWZtv7/CP4a+IcNqB7LmET -qNTWki3cAnLw5UfPVYrnunI5jHG2eFCjHk3cGAM/AcWRs+wqRfUAqzjs/rRUH8QD -n4vADnCuKHle3dRFq3Dy+fCZe/7yEmeAyJ8FbmSQRgOZAgsEQX8lLwEQALecnQ3J -k1iajTjKoUryWAs8orDTBxiOkYQuwD1g01Geu5XMcDx0ykqPPer1688QN2P/4Lc6 -zN4B0h3SNn8zmz9MI9afCaL3DPynogKX4/zPvSSAITiSytClKNbpSRoqjpdXeoUU -cW7gs8+d81bYJtgBtATtVHDZXzDO32wbPT1Zi+IdI+19R84tgWZBDgLYdQIaUa+G -+j14Gdubc4nFfP6h/UmWC7r6xo0TeQsNLUv2c9nyMeUUKeKZwBar0349sWKihjLf -ne9TXPgdEpg0C9fYAlxTOBa+hIbESVie/4BxtvSHk+wWFpRZtBkS43SDF5qZY0TX -uZJmt3YhiX/zlRut1nhLtqxzNVMIZtNZkD4MrMl7+mHManITkCMBS5NmpmXdlBES -Si+cPVMD91fEAuILczJj/VCUl1pn83kIlD9wxDNQcFdMzuicvFneEszW7UCdvPUC -3UcFQcsxAuYUEPr/H9Qraogm8/UE7+fTb8pTSt06KsZR3nMLLMKICcgLpraDQENZ -GCcK8js82FsB+6ccQ5WB1nMDfdDbYNyRKv/bgPmKxOw74jo24wSeio4zFHBzVXYQ -CLleO52H+w5jz4vEXhC3IEqoLhJHAIW41yl3pqx1qeZ0XwOfGP67nQzI+YhUn59+ -OBngAVQ8rdfWxopzVTI7oRlQafFbTyN/sReTAAYptC5KYWNrIExsb3lkIChTaWdu -aW5nIEtleSkgPGxsb3lkQHJhbmRvbWJpdC5uZXQ+iQIuBBMBAgAYAhsDAh4BAheA -BQJBgDp5AwsJAgQVAgMIAAoJEFwPluhOwW1roTQP+QFzRSVwJYzHUebr1nQSS65b -/9EeX3tSI8ZnKEMAIAYn3YvnYhZxKwdFvCWKZJXfPcaJqv+xWEvArsYEbj6n4AJw -73V27USLqvqNnBleeQluM1nm8AYvmukHXUDmTOCRhqL1rK70DKTRB3Q08sgnmuRF -8sMuG6TRPm8zk9N87zI8fYbT7hWxoO6E9wXPOr+4cYirmtbPY0Ni5bWvd/JrRzWa -2e/UVrpvoBE6kPaF6mxK8oDTGmRr+yKjEsxsTKYQJbguzDYtjEvjoDxScYfegk7n -5PdOGyhjDV/EjC/I7HcJNDVg72szmNLaNskoiHZaEiiTKD60gWFRwQJfNRYiZk0J -x1707wNZCzjKVkeD5U8x4uWchkWjXft0XdCYsKdZQ/GTepcIwz683wicdCVAMcUt -vy43i5DaPelOV22TqL6coLoelso1AURHAwfgBc/cqCsweUVotNA8SvsYMTaXuNMm -578Cs44AEXrWY0sLFCYEu6rA47HV7FXoaruK7Qjo/IopqsLd42g7HBR993tEl7j5 -3lK0VGHdFI0I4kw/tWSVXqH5vK12WLg0mc+21KGoLjkGSdPsKNUP2xhZaiK8fAB9 -2WonnGMAVUXwQ4Tu9gGzA4KzjZv5RLWvOnbRc8Vh1ppXXoSrlRkHJXT6wHfNDrvf -ZJuOruFauUJmw1CEQcKyiQEiBBABAgAMBQJBugFKBQMAEnUAAAoJEJcQuJvKV618 -KrcIAJ0f1Js973k2ednThL7Fy1B68KZ/DOpbWqB8R53oJ/aaIU0TpXqKFN+amy1N -qrC2lLh7DebBJkan+UNJ6l/uj6cR0q+D1VeDjrFKgS9D7WwjXthik6Ph/nMnd9jz -TH7+8CxN3h0BAlaysxbM/gXjPYd/z05yYdtMayE/hnUhG1ysKrWdVzZv68qBesi+ -h0Z5b7IsfdlTtBi+0Y/wNDiOl8dg7UIkNjYveNgv02yR6InQEnAW6ESEiJ5/p4fi -CPtyTk3Hz8biM4I7oTKPNYhnpp7LxVMQbeWck3mb9Yjr2uqjNMiFuBHslmAZvtBn -hj55BU0GwM7ukMNkQLWICfftXGmIRgQTEQIABgUCQjkXLAAKCRBG+5XZXjRWKC0P -AKCHLrGe1Lz/4sxvKhROPiGFAEOPoACfRYNAzEZJ2iqeb6JxQuu3gxH3XVuZAQsE -QYPWPQEIAMfE8mQ9yMkT7gOWKzHaFVzQOPokjUxIuuQzxH7Zs6FVRJ96vE9PUQw+ -F+sB04dMCWjK9FOEnO2dmw0qp8svj0YZwEt0QYBU2SzWkbftN7N7kvHVci7MkWuj -MvayoHLkLqcekWB3W1wPrxFqHbCnS7ZxH2jBd/Uiop0R+6jrrX4xO/vBMHXiEpXv -mcHtk7rrvpIRlEgtgz7tEnAoAoSYQ8lzqER/3hVef15w3NpOUeBiSOHP11ss53eh -31e+5TD4sxHV3AGozFu9H3QyJeNt50MSRsCtxkH1g4Ai8Rf+ULeppbhcm3iLAdaX -9hVkR8Aty9DLB7YIOsfmE7v3jB30ykEABim0FkJvdGFuIERpc3RyaWJ1dGlvbiBL -ZXmJATQEEwECAB4FAkGD1j0CGwMGCwkIBwMCAxUCAwMWAgECHgECF4AACgkQYhHr -8e+637yzmAf/VTzFHTY/JoehmaXmoQflhDT2gvHCRi1cWv0g1nxPMLAgN44KHRQp -ckgO8edO6QYI9zTxwa+WQxt+WqX8qv8/MAKjhqsLIB/XBF2+FwW6RXcO9t7gwKDY -6ufUuN7Lju0CIZrXYVUqSdwLzwG6MiTc170aYranq1riRtmtRwhubvIMRo3bkxZX -RPWHpm535h7Cfos7AKj+kq/Q3IlBhnmuSLS2H05rceLQ37VHi/xJOqqRZiJndSPy -gP3uKII1fOaLu74YKGSerXeWtCzzA5XzCZRov0z74CnTRKwT5u5hf4zp9doMi+DV -sjtXTqXDHM8snA2tvPASNW67uK+v7WnZmYkCHAQTAQIABgUCQYPWUgAKCRBcD5bo -TsFta+r9EACWVis7YcaGkKKgRB/5ox8rM36XVhMXdh/hnnGHt5rapbbRRkRHRcWU -8WIcFO1A59+TfwNNd8gN1MEt/5aX5KHWVKHBDexJgIxm6Dm1pisYHf/dnYQPM18h -mqqwNlKY97hFkPpHd7enrtc/SvGbQhhLXYlpwBrdMl76e9xJLnnrRQksxegGPo8c -r+C9HTs1Lwa8zzBxyBwYBYX+0moDkDShEhuXx6mEOXrGvQanJuIvpoIwGH+62E65 -MbJGlwWpw/MAtm2jFhBIhGV0bqJCFp9zIgdNgfskBaPr0oilbuJQZqP0Iqe/6CCt -4XkS51yWZqxjLAFpEpvDec4PGw3witKf/koGon9X8C035+nEjLBrWy18Q91vw2US -yLI+mm9diMAS8pY2gomfxBO2VwYHJryZykjCYQkccRA1tHteRj4gqTObo0Ak47y5 -MnplTWwi40oP7K2cfhCRBmMioxmYES4xsHEupfRBo3xr1Jq9q0t688WTT1NXHPMP -oueF9mKZCf2pa9aHsqBmWTm3sCaNQKGubCDBEUmJUyndmSatJyYM7NVYoUp6EfqM -ACFuTNdBsjKMh7aWVikQpbJDfA1BIU3lZeqgjgrghVAWkEOBfhG0IVZj+RVCJpsq -oTJ8asY2VreArSCyr/VnLEnfuH/QpgvCiCbepo3E34DJt4SaAOO2Zg== -=QyrG ------END PGP PUBLIC KEY BLOCK----- diff --git a/botan/doc/scripts/comba.py b/botan/doc/scripts/comba.py deleted file mode 100644 index ce3cfed..0000000 --- a/botan/doc/scripts/comba.py +++ /dev/null @@ -1,65 +0,0 @@ -#!/usr/bin/python - -import sys - -def comba_indexes(N): - - indexes = [] - - for i in xrange(0, 2*N): - x = [] - - for j in xrange(max(0, i-N+1), min(N, i+1)): - x += [(j,i-j)] - indexes += [sorted(x)] - - return indexes - -def comba_sqr_indexes(N): - - indexes = [] - - for i in xrange(0, 2*N): - x = [] - - for j in xrange(max(0, i-N+1), min(N, i+1)): - if j < i-j: - x += [(j,i-j)] - else: - x += [(i-j,j)] - indexes += [sorted(x)] - - return indexes - -def comba_multiply_code(N): - indexes = comba_indexes(N) - - for (i,idx) in zip(range(0, len(indexes)), indexes): - for pair in idx: - print "word3_muladd(&w2, &w1, &w0, x[%2d], y[%2d]);" % (pair) - print "z[%2d] = w0; w0 = w1; w1 = w2; w2 = 0;" % (i) - -def comba_square_code(N): - indexes = comba_sqr_indexes(N) - - for (rnd,idx) in zip(range(0, len(indexes)), indexes): - for (i,pair) in zip(range(0, len(idx)), idx): - if pair[0] == pair[1]: - print " word3_muladd(&w2, &w1, &w0, x[%2d], x[%2d]);" % (pair) - elif i % 2 == 0: - print " word3_muladd_2(&w2, &w1, &w0, x[%2d], x[%2d]);" % (pair[0], pair[1]) - if rnd < len(idx)-2: - print " z[%2d] = w0; w0 = w1; w1 = w2; w2 = 0;\n" % (rnd) - elif rnd == len(idx)-1: - print " z[%2d] = w0;\n" % (rnd) - else: - print " z[%2d] = w1;\n" % (rnd) - -def main(args = None): - if args is None: - args = sys.argv - #comba_square_code(int(args[1])) - comba_multiply_code(int(args[1])) - -if __name__ == '__main__': - sys.exit(main()) diff --git a/botan/doc/scripts/combine_bmarks.pl b/botan/doc/scripts/combine_bmarks.pl deleted file mode 100644 index b643649..0000000 --- a/botan/doc/scripts/combine_bmarks.pl +++ /dev/null @@ -1,120 +0,0 @@ -#!/usr/bin/perl -w - -use strict; - -my %results; -my %pk; - -my %pk_algos; -my %algos; - -my %filename_to_desc; - -for my $filename (@ARGV) { - - open IN, "<$filename" or die "Couldn't read $filename ($!)\n"; - - my $desc = <IN>; - chomp $desc; - - $results{$desc} = {}; - - while(<IN>) { - if(/(.*): +(.*) Mbytes\/sec/) { - $results{$desc}{$1} = $2; - $algos{$1} = undef; - } - if(/(.*): (.*) ops \/ second \((.*)\)/) { - my $alg = "$1"; - $alg = "$alg $3" if defined($3); - $pk{$desc}{$alg} = $2; - $pk_algos{$alg} = undef; - } - } -} - - -sub print_table { - my @columns = sort keys %results; - - print "\n<P>All results are in MiB / second:\n"; - print "<TABLE BORDER CELLSPACING=1>\n<THEAD>\n"; - - my %col_index = (); - - my $line = "<TR><TH>Algorithm "; - - foreach my $col (@columns) { - $col_index{$col} = length($line); - $line .= "<TH>" . $col . " "; - } - - $line .= "\n<TBODY>\n"; - - print $line; - - $line = ''; - - foreach my $algo (sort keys %algos) { - $line = " <TR><TH>$algo "; - - for my $col (@columns) { - my $result = $results{$col}{$algo}; - $result = "-" if not defined($result); - - $result = "<TH>$result"; - - $line .= ' ' while(length($line) < ($col_index{$col})); - $line .= $result; - - } - - print $line, "\n"; - $line = ''; - } - - print "</TABLE>\n"; -} - - -sub print_pk_table { - my @columns = sort keys %pk; - - print "\n<P>All results are in operations per second:\n"; - print "<TABLE BORDER CELLSPACING=1>\n<THEAD>\n"; - - my %col_index = (); - - my $line = "<TR><TH>Algorithm "; - - foreach my $col (@columns) { - $col_index{$col} = length($line); - $line .= "<TH>" . $col . " "; - } - - $line .= "\n<TBODY>\n"; - - print $line; - - foreach my $algo (sort keys %pk_algos) { - my $line = " <TR><TH>$algo "; - - for my $col (@columns) { - my $result = $pk{$col}{$algo}; - $result = '-' if not defined($result); - - $result = "<TH>$result"; - - $line .= ' ' while(length($line) < ($col_index{$col})); - $line .= $result; - - } - - print $line, "\n"; - } - - print "</TABLE>\n"; -} - -print_table(); -print_pk_table(); diff --git a/botan/doc/scripts/dist.sh b/botan/doc/scripts/dist.sh deleted file mode 100644 index 9629446..0000000 --- a/botan/doc/scripts/dist.sh +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/bash - -# This is probably only useful if run on my machine, which is not -# exactly ideal - -SELECTOR=h:net.randombit.botan.1_8 -KEY_ID=EFBADFBC -MTN_DB=/storage/mtn/botan.mtn -WEB_DIR=~/projects/www -DIST_DIR=~/Botan-dist - -# You shouldn't have to change anything after this -mkdir -p $DIST_DIR -cd $DIST_DIR - -mtn -d $MTN_DB checkout -r $SELECTOR Botan - -VERSION=$(Botan/configure.py --version) - -mv Botan Botan-$VERSION - -cd Botan-$VERSION -rm -rf _MTN -rm -f .mtn-ignore - -# Build docs -cd doc - -for doc in api tutorial building -do - latex $doc.tex - latex $doc.tex - dvips $doc.dvi -o - pdflatex $doc.tex - pdflatex $doc.tex - cp $doc.pdf $DIST_DIR - mv $doc.ps $DIST_DIR - # Clean up after TeX - rm -f $doc.aux $doc.log $doc.dvi $doc.toc -done - -cp log.txt ../.. - -cd .. # topdir -cd .. # now in DIST_DIR - -tar -cf Botan-$VERSION.tar Botan-$VERSION - -bzip2 -9 -k Botan-$VERSION.tar -gzip -9 Botan-$VERSION.tar - -rm -rf Botan-$VERSION - -mv Botan-$VERSION.tar.gz Botan-$VERSION.tgz -mv Botan-$VERSION.tar.bz2 Botan-$VERSION.tbz - -echo "*****************************************************" -read -a PASSWORD -p "Enter PGP password (or ^C to skip signatures): " - -echo $PASSWORD | gpg --batch --armor -b --passphrase-fd 0 -u $KEY_ID Botan-$VERSION.tgz -echo $PASSWORD | gpg --batch --armor -b --passphrase-fd 0 -u $KEY_ID Botan-$VERSION.tbz - -mv Botan-$VERSION.tgz* $WEB_DIR/files/botan/v1.8 -mv Botan-$VERSION.tbz* $WEB_DIR/files/botan/v1.8 diff --git a/botan/doc/scripts/primes.py b/botan/doc/scripts/primes.py deleted file mode 100644 index cf4d139..0000000 --- a/botan/doc/scripts/primes.py +++ /dev/null @@ -1,63 +0,0 @@ -#!/usr/bin/env python - -import sys - -def gcd(x,y): - if x <= 0 or y <= 0: - raise ValueError, "Arguments must be positive integers" - g = y - while x > 0: - g = x - x = y % x - y = g - return g - - -def gen_primes(): - primes = [2,3,5,7,11] - - # Primes < 11351 fit into less than 256x64 bits - for i in xrange(1+primes[-1], 11351+1): - for prime in primes: - if gcd(i, prime) != 1: - break - else: - primes.append(i) - - return primes - -def extract_product(primes): - product = 1 - - used = set() - - for prime in sorted(primes, reverse=True): - if product * prime < 2**64: - product *= prime - used.add(prime) - - primes -= used - - return product - -def main(): - primes = gen_primes() - - primes.sort() - primes.reverse() - - primes = set(primes) - - while len(primes): - print "0x%016X, " % extract_product(primes) - - #product = 1 - #for prime in primes: - # product *= prime - - # if product >= 2**64: - # print "%016X" % (product/prime) - # product = prime - -if __name__ == '__main__': - sys.exit(main()) diff --git a/botan/doc/scripts/print_deps.py b/botan/doc/scripts/print_deps.py deleted file mode 100644 index b92c433..0000000 --- a/botan/doc/scripts/print_deps.py +++ /dev/null @@ -1,70 +0,0 @@ -#!/usr/bin/python - -""" -Analyze the botan source tree and print the module interdependencies - -(C) 2009 Jack Lloyd -Distributed under the terms of the Botan license -""" - -import os -import os.path -import sys -import re - -def find_deps_in(filename): - # By convention #include's with spaces before them are - # always wrapped in #ifdef blocks - regexp = re.compile('^#include <botan/(.*)>') - - for line in open(filename).readlines(): - match = regexp.match(line) - if match != None: - yield match.group(1) - -def get_dependencies(dirname): - all_dirdeps = {} - file_homes = {} - - is_sourcefile = re.compile('\.(cpp|h|S)$') - - for (dirpath, dirnames, filenames) in os.walk('src'): - dirdeps = set() - for filename in filenames: - if is_sourcefile.search(filename) != None: - file_homes[filename] = os.path.basename(dirpath) - - for dep in find_deps_in(os.path.join(dirpath, filename)): - if dep not in filenames and dep != 'build.h': - dirdeps.add(dep) - - dirdeps = sorted(dirdeps) - if dirdeps != []: - all_dirdeps[dirpath] = dirdeps - - return (all_dirdeps, file_homes) - -def main(): - (all_dirdeps, file_homes) = get_dependencies('src') - - def interesting_dep_for(dirname): - def interesting_dep(dep): - if dep == 'utils': - return False # everything depends on it - - # block/serpent depends on block, etc - if dirname.find('/%s/' % (dep)) > 0: - return False - return True - return interesting_dep - - for dirname in sorted(all_dirdeps.keys()): - depdirs = sorted(set(map(lambda x: file_homes[x], all_dirdeps[dirname]))) - - depdirs = filter(interesting_dep_for(dirname), depdirs) - - if depdirs != []: - print "%s: %s" % (dirname, ' '.join(depdirs)) - -if __name__ == '__main__': - sys.exit(main()) diff --git a/botan/doc/scripts/update_deps.py b/botan/doc/scripts/update_deps.py deleted file mode 100644 index 61aa887..0000000 --- a/botan/doc/scripts/update_deps.py +++ /dev/null @@ -1,41 +0,0 @@ -#!/usr/bin/python - -import sys -import re -import os.path - -def update_requires(dir, deps): - lines = map(lambda x: x.strip(), - open(os.path.join(dir, 'info.txt')).readlines()) - - if '<requires>' in lines: - start = lines.index('<requires>') - - while lines.pop(start) != '</requires>': - pass - - while lines[-1] == '': - lines = lines[:-1] - - if len(deps) > 0: - lines.append('') - lines.append('<requires>') - for dep in deps: - lines.append(dep) - lines.append('</requires>') - lines.append('') - - lines = "\n".join(lines).replace("\n\n\n", "\n\n") - - output = open(os.path.join(dir, 'info.txt'), 'w') - output.write(lines) - output.close() - -def main(): - for line in sys.stdin.readlines(): - (dirname, deps) = line.split(':') - deps = deps.strip().split(' ') - update_requires(dirname, deps) - -if __name__ == '__main__': - sys.exit(main()) diff --git a/botan/doc/thanks.txt b/botan/doc/thanks.txt deleted file mode 100644 index caa2fb5..0000000 --- a/botan/doc/thanks.txt +++ /dev/null @@ -1,49 +0,0 @@ - -The following people (sorted alphabetically) contributed bug reports, useful -information, or were generally just helpful people to talk to: - -Jeff B -Rickard Bondesson -Mike Desjardins -Matthew Gregan -Hany Greiss -Friedemann Kleint -Ying-Chieh Liao -Dan Nicolaescu -Vaclav Ovsik -Ken Perano -Darren Starsmore -Kaushik Veeraraghavan -Dominik Vogt -James Widener - -Cerulean Studios, creators of the Trillian instant messaging client, -has provided financial assistance to the project. - -Barry Kavanagh of AEP Systems Ltd kindly provided an AEP2000 crypto card and -drivers, enabling the creation of Botan's AEP engine module. - -In addition, the following people have unknowingly contributed help: - - Dean Gaudet <dean@arctic.org> wrote the SSE2 implementation of SHA-1 - - The implementation of DES is based off a public domain implementation by Phil - Karn from 1994 (he, in turn, credits Richard Outerbridge and Jim Gillogly). - - Rijndael and Square are based on the reference implementations written by - the inventors, Joan Daemen and Vincent Rijmen. - - The Serpent S-boxes used were discovered by Dag Arne Osvik and detailed in - his paper "Speeding Up Serpent". - - Matthew Skala's public domain twofish.c (as given in GnuPG 0.9.8) provided - the basis for my Twofish code (particularly the key schedule). - - Some of the hash functions (MD5, SHA-1, etc) use an optimized implementation - of one of the boolean functions, which was discovered by Colin Plumb. - - The design of Randpool takes some of it's design principles from those - suggested by Eric A. Young in his SSLeay documentation, Peter Gutmann's paper - "Software Generation of Practically Strong Random Numbers", and the paper - "Cryptanalytic Attacks on Pseudorandom Number Generators", by Kelsey, - Schneier, Wagner, and Hall. diff --git a/botan/doc/tutorial.pdf b/botan/doc/tutorial.pdf Binary files differdeleted file mode 100644 index 2a68d62..0000000 --- a/botan/doc/tutorial.pdf +++ /dev/null diff --git a/botan/doc/tutorial.tex b/botan/doc/tutorial.tex deleted file mode 100644 index 9229cb8..0000000 --- a/botan/doc/tutorial.tex +++ /dev/null @@ -1,883 +0,0 @@ -\documentclass{article} - -\setlength{\textwidth}{6.5in} % 1 inch side margins -\setlength{\textheight}{9in} % ~1 inch top and bottom margins - -\setlength{\headheight}{0in} -\setlength{\topmargin}{0in} -\setlength{\headsep}{0in} - -\setlength{\oddsidemargin}{0in} -\setlength{\evensidemargin}{0in} - -\title{\textbf{Botan Tutorial}} -\author{Jack Lloyd \\ - \texttt{lloyd@randombit.net}} -\date{2009/07/08} - -\newcommand{\filename}[1]{\texttt{#1}} -\newcommand{\manpage}[2]{\texttt{#1}(#2)} - -\newcommand{\macro}[1]{\texttt{#1}} - -\newcommand{\function}[1]{\textbf{#1}} -\newcommand{\type}[1]{\texttt{#1}} -\renewcommand{\arg}[1]{\textsl{#1}} -\newcommand{\variable}[1]{\textsl{#1}} - -\begin{document} - -\maketitle - -\tableofcontents - -\parskip=5pt -\pagebreak - -\section{Introduction} - -This document essentially sets up various simple scenarios and then -shows how to solve the problems using Botan. It's fairly simple, and -doesn't cover many of the available APIs and algorithms, especially -the more obscure or unusual ones. It is a supplement to the API -documentation and the example applications, which are included in the -distribution. - -To quote the Perl man page: '``There's more than one way to do it.'' -Divining how many more is left as an exercise to the reader.' - -This is \emph{not} a general introduction to cryptography, and most simple -terms and ideas are not explained in any great detail. - -Finally, most of the code shown in this tutorial has not been tested, it was -just written down from memory. If you find errors, please let me know. - -\section{Initializing the Library} - -The first step to using Botan is to create a \type{LibraryInitializer} object, -which handles creating various internal structures, and also destroying them at -shutdown. Essentially: - -\begin{verbatim} -#include <botan/botan.h> -/* include other headers here */ - -int main() - { - LibraryInitializer init; - /* now do stuff */ - return 0; - } -\end{verbatim} - -\section{Hashing a File} - -\section{Symmetric Cryptography} - -\subsection{Encryption with a passphrase} - -Probably the most common crypto problem is encrypting a file (or some data that -is in-memory) using a passphrase. There are a million ways to do this, most of -them bad. In particular, you have to protect against weak passphrases, -people reusing a passphrase many times, accidental and deliberate modification, -and a dozen other potential problems. - -We'll start with a simple method that is commonly used, and show the problems -that can arise. Each subsequent solution will modify the previous one to -prevent one or more common problems, until we arrive at a good version. - -In these examples, we'll always use Serpent in Cipher-Block Chaining -(CBC) mode. Whenever we need a hash function, we'll use SHA-256, since -that is a common and well-known hash that is thought to be secure. - -In all examples, we choose to derive the Initialization Vector (IV) from the -passphrase. Another (probably more common) alternative is to generate the IV -randomly and include it at the beginning of the message. Either way is -acceptable, and can be secure. The method used here was chosen to make for more -interesting examples (because it's harder to get right), and may not be an -appropriate choice for some environments. - -First, some notation. The passphrase is stored as a \type{std::string} named -\variable{passphrase}. The input and output files (\variable{infile} and -\variable{outfile}) are of types \type{std::ifstream} and \type{std::ofstream} -(respectively). - -\subsubsection{First try} - -We hash the passphrase with SHA-256, and use the resulting hash to key -Serpent. To generate the IV, we prepend a single '0' character to the -passphrase, hash it, and truncate it to 16 bytes (which is Serpent's -block size). - -\begin{verbatim} - HashFunction* hash = get_hash("SHA-256"); - - SymmetricKey key = hash->process(passphrase); - SecureVector<byte> raw_iv = hash->process('0' + passphrase); - InitializationVector iv(raw_iv, 16); - - Pipe pipe(get_cipher("Serpent/CBC/PKCS7", key, iv, ENCRYPTION)); - - pipe.start_msg(); - infile >> pipe; - pipe.end_msg(); - outfile << pipe; -\end{verbatim} - -\subsubsection{Problem 1: Buffering} - -There is a problem with the above code, if the input file is fairly large as -compared to available memory. Specifically, all the encrypted data is stored -in memory, and then flushed to \variable{outfile} in a single go at the very -end. If the input file is big (say, a gigabyte), this will be most problematic. - -The solution is to use a \type{DataSink} to handle the output for us (writing -to \arg{outfile} will be implicit with writing to the \type{Pipe}). We can do -this by replacing the last few lines with: - -\begin{verbatim} - Pipe pipe(get_cipher("Serpent/CBC/PKCS7", key, iv, ENCRYPTION), - new DataSink_Stream(outfile)); - - pipe.start_msg(); - infile >> pipe; - pipe.end_msg(); -\end{verbatim} - -\subsubsection{Problem 2: Deriving the key and IV} - -Hash functions like SHA-256 are deterministic; if the same passphrase -is supplied twice, then the key (and in our case, the IV) will be the -same. This is very dangerous, and could easily open the whole system -up to attack. What we need to do is introduce a salt (or nonce) into -the generation of the key from the passphrase. This will mean that the -key will not be the same each time the same passphrase is typed in by -a user. - -There is another problem with using a bare hash function to derive -keys. While it's inconceivable (based on our current understanding of -thermodynamics and theories of computation) that an attacker could -brute-force a 256-bit key, it would be fairly simple for them to -compute the SHA-256 hashes of various common passwords ('password', -the name of the dog, the significant other's middle name, favorite -sports team) and try those as keys. So we want to slow the attacker -down if we can, and an easy way to do that is to iterate the hash -function a bunch of times (say, 1024 to 4096 times). This will involve -only a small amount of effort for a legitimate user (since they only -have to compute the hashes once, when they type in their passphrase), -but an attacker, trying out a large list of potential passphrases, -will be seriously annoyed (and slowed down) by this. - -In this iteration of the example, we'll kill these two birds with one -stone, and derive the key from the passphrase using a S2K (string to -key) algorithm (these are also often called PBKDF algorithms, for -Password-Based Key Derivation Function). In this example, we use -PBKDF2 with Hash Message Authentication Code (HMAC(SHA-256)), which is -specified in PKCS \#5. We replace the first four lines of code from -the first example with: - -\begin{verbatim} - S2K* s2k = get_s2k("PBKDF2(SHA-256)"); - // hard-coded iteration count for simplicity; should be sufficient - s2k->set_iterations(4096); - // 8 octets == 64-bit salt; again, good enough - s2k->new_random_salt(8); - SecureVector<byte> the_salt = s2k->current_salt(); - - // 48 octets == 32 for key + 16 for IV - SecureVector<byte> key_and_IV = s2k->derive_key(48, passphrase).bits_of(); - - SymmetricKey key(key_and_IV, 32); - InitializationVector iv(key_and_IV + 32, 16); -\end{verbatim} - -To complete the example, we have to remember to write out the salt (stored in -\variable{the\_salt}) at the beginning of the file. The receiving side needs to -know this value in order to restore it (by calling the \variable{s2k} object's -\function{change\_salt} function) so it can derive the same key and IV from the -passphrase. - -\subsubsection{Problem 3: Protecting against modification} - -As it is, an attacker can undetectably alter the message while it is -in transit. It is vital to remember that encryption does not imply -authentication (except when using special modes that are specifically -designed to provide authentication along with encryption, like OCB and -EAX). For this purpose, we will append a message authentication code -to the encrypted message. Specifically, we will generate an extra 256 -bits of key data, and use it to key the ``HMAC(SHA-256)'' MAC -function. We don't want to have the MAC and the cipher to share the -same key; that is very much a no-no. - -\begin{verbatim} - // 80 octets == 32 for cipher key + 16 for IV + 32 for hmac key - SecureVector<byte> keys_and_IV = s2k->derive_key(80, passphrase); - - SymmetricKey key(keys_and_IV, 32); - InitializationVector iv(keys_and_IV + 32, 16); - SymmetricKey mac_key(keys_and_IV + 32 + 16, 32); - - Pipe pipe(new Fork( - new Chain( - get_cipher("Serpent/CBC/PKCS7", key, iv, ENCRYPTION), - new DataSink_Stream(outfile) - ), - new MAC_Filter("HMAC(SHA-256)", mac_key) - ) - ); - - pipe.start_msg(); - infile >> pipe; - pipe.end_msg(); - - // now read the MAC from message #2. Message numbers start from 0 - SecureVector<byte> hmac = pipe.read_all(1); - outfile.write((const char*)hmac.ptr(), hmac.size()); -\end{verbatim} - -The receiver can check the size of the file (in bytes), and since it knows how -long the MAC is, can figure out how many bytes of ciphertext there are. Then it -reads in that many bytes, sending them to a Serpent/CBC decryption object -(which could be obtained by calling \verb|get_cipher| with an argument of -\type{DECRYPTION} instead of \type{ENCRYPTION}), and storing the final bytes to -authenticate the message with. - -\subsubsection{Problem 4: Cleaning up the key generation} - -The method used to derive the keys and IV is rather inelegant, and it would be -nice to clean that up a bit, algorithmically speaking. A nice solution for this -is to generate a master key from the passphrase and salt, and then generate the -two keys and the IV (the cryptovariables) from that. - -Starting from the master key, we derive the cryptovariables using a KDF -algorithm, which is designed, among other things, to ``separate'' keys so that -we can derive several different keys from the single master key. For this -purpose, we will use KDF2, which is a generally useful KDF function (defined in -IEEE 1363a, among other standards). The use of different labels (``cipher -key'', etc) makes sure that each of the three derived variables will have -different values. - -\begin{verbatim} - S2K* s2k = get_s2k("PBKDF2(SHA-256)"); - // hard-coded iteration count for simplicity; should be sufficient - s2k->set_iterations(4096); - // 8 octet == 64-bit salt; again, good enough - s2k->new_random_salt(8); - // store the salt so we can write it to a file later - SecureVector<byte> the_salt = s2k->current_salt(); - - SymmetricKey master_key = s2k->derive_key(48, passphrase); - - KDF* kdf = get_kdf("KDF2(SHA-256)"); - - SymmetricKey key = kdf->derive_key(32, master_key, "cipher key"); - SymmetricKey mac_key = kdf->derive_key(32, master_key, "hmac key"); - InitializationVector iv = kdf->derive_key(16, master_key, "cipher iv"); -\end{verbatim} - -\subsubsection{Final version} - -Here is the final version of the encryption code, with all the changes we've -made: - -\begin{verbatim} - S2K* s2k = get_s2k("PBKDF2(SHA-256)"); - s2k->set_iterations(4096); - s2k->new_random_salt(8); - SecureVector<byte> the_salt = s2k->current_salt(); - - SymmetricKey master_key = s2k->derive_key(48, passphrase); - - KDF* kdf = get_kdf("KDF2(SHA-256)"); - - SymmetricKey key = kdf->derive_key(32, master_key, "cipher key"); - SymmetricKey mac_key = kdf->derive_key(32, masterkey, "hmac key"); - InitializationVector iv = kdf->derive_key(16, masterkey, "cipher iv"); - - Pipe pipe(new Fork( - new Chain( - get_cipher("Serpent/CBC/PKCS7", key, iv, ENCRYPTION), - new DataSink_Stream(outfile) - ), - new MAC_Filter("HMAC(SHA-256)", mac_key) - ) - ); - - outfile.write((const char*)the_salt.ptr(), the_salt.size()); - - pipe.start_msg(); - infile >> pipe; - pipe.end_msg(); - - SecureVector<byte> hmac = pipe.read_all(1); - outfile.write((const char*)hmac.ptr(), hmac.size()); -\end{verbatim} - -\subsubsection{Another buffering technique} - -Sometimes the use of \type{DataSink\_Stream} is not practical for whatever -reason. In this case, an alternate buffering mechanism might be useful. Here is -some code which will write all the processed data as quickly as possible, so -that memory pressure is reduced in the case of large inputs. - -\begin{verbatim} - pipe.start_msg(); - SecureBuffer<byte, 1024> buffer; - while(infile.good()) - { - infile.read((char*)buffer.ptr(), buffer.size()); - u32bit got_from_infile = infile.gcount(); - pipe.write(buffer, got_from_infile); - - if(infile.eof()) - pipe.end_msg(); - - while(pipe.remaining() > 0) - { - u32bit buffered = pipe.read(buffer, buffer.size()); - outfile.write((const char*)buffer.ptr(), buffered); - } - } - if(infile.bad() || (infile.fail() && !infile.eof())) - throw Some_Exception(); -\end{verbatim} - -\pagebreak - -\subsection{Authentication} - -After doing the encryption routines, doing message authentication keyed off a -passphrase is not very difficult. In fact it's much easier than the encryption -case, for the following reasons: a) we only need one key, and b) we don't have -to store anything, so all the input can be done in a single step without -worrying about it taking up a lot of memory if the input file is large. - -In this case, we'll hex-encode the salt and the MAC, and output them both to -standard output (the salt followed by the MAC). - -\begin{verbatim} - S2K* s2k = get_s2k("PBKDF2(SHA-256)"); - s2k->set_iterations(4096); - s2k->new_random_salt(8); - OctetString the_salt = s2k->current_salt(); - - SymmetricKey hmac_key = s2k->derive_key(32, passphrase); - - Pipe pipe(new MAC_Filter("HMAC(SHA-256)", mac_key), - new Hex_Encoder - ); - - std::cout << the_salt.to_string(); // hex encoded - - pipe.start_msg(); - infile >> pipe; - pipe.end_msg(); - std::cout << pipe.read_all_as_string() << std::endl; -\end{verbatim} - -\subsection{User Authentication} - -Doing user authentication off a shared passphrase is fairly easy. Essentially, -a challenge-response protocol is used - the server sends a random challenge, -and the client responds with an appropriate response to the challenge. The idea -is that only someone who knows the passphrase can generate or check to see if a -response is valid. - -Let's say we use 160-bit (20 byte) challenges, which seems fairly -reasonable. We can create this challenge using the global random -number generator (RNG): - -\begin{verbatim} - byte challenge[20]; - Global_RNG::randomize(challenge, sizeof(challenge), Nonce); - // send challenge to client -\end{verbatim} - -After reading the challenge, the client generates a response based on -the challenge and the passphrase. In this case, we will do it by -repeatedly hashing the challenge, the passphrase, and (if applicable) -the previous digest. We iterate this construction 4096 times, to make -brute force attacks on the passphrase hard to do. Since we are already -using 160-bit challenges, a 160-bit response seems warranted, so we'll -use SHA-1. - -\begin{verbatim} - HashFunction* hash = get_hash("SHA-1"); - SecureVector<byte> digest; - for(u32bit j = 0; j != 4096; j++) - { - hash->update(digest, digest.size()); - hash->update(passphrase); - hash->update(challenge, challenge.size()); - digest = hash->final(); - } - delete hash; - // send value of digest to the server -\end{verbatim} - -Upon receiving the response from the client, the server computes what the -response should have been based on the challenge it sent out, and the -passphrase. If the two responses match, the client is authenticated. -Otherwise, it is not. - -An alternate method is to use PBKDF2 again, using the challenge as the salt. In -this case, the response could (for example) be the hash of the key produced by -PBKDF2. There is no reason to have an explicit iteration loop, as PBKDF2 is -designed to prevent dictionary attacks (assuming PBKDF2 is set up for a large -iteration count internally). - -\pagebreak - -\section{Public Key Cryptography} - -\subsection{Basic Operations} - -In this section, we'll assume we have a \type{X509\_PublicKey*} named -\arg{pubkey}, and, if necessary, a private key type (a -\type{PKCS8\_PrivateKey*}) named \arg{privkey}. A description of these types, -how to create them, and related details appears later in this tutorial. In this -section, we will use various functions that are defined in -\filename{look\_pk.h} -- you will have to include this header explicitly. - -\subsubsection{Encryption} - -Basically, pick an encoding method, create a \type{PK\_Encryptor} (with -\function{get\_pk\_encryptor}()), and use it. But first we have to make sure -the public key can actually be used for public key encryption. For encryption -(and decryption), the key could be RSA, ElGamal, or (in future versions) some -other public key encryption scheme, like Rabin or an elliptic curve scheme. - -\begin{verbatim} - PK_Encrypting_Key* key = dynamic_cast<PK_Encrypting_Key*>(pubkey); - if(!key) - error(); - PK_Encryptor* enc = get_pk_encryptor(*key, "EME1(SHA-256)"); - - byte msg[] = { /* ... */ }; - - // will also accept a SecureVector<byte> as input - SecureVector<byte> ciphertext = enc->encrypt(msg, sizeof(msg)); -\end{verbatim} - -\subsubsection{Decryption} - -This is essentially the same as the encryption operation, but using a private -key instead. One major difference is that the decryption operation can fail due -to the fact that the ciphertext was invalid (most common padding schemes, such -as ``EME1(SHA-256)'', include various pieces of redundancy, which are checked -after decryption). - -\begin{verbatim} - PK_Decrypting_Key* key = dynamic_cast<PK_Decrypting_Key*>(privkey); - if(!key) - error(); - PK_Decryptor* dec = get_pk_decryptor(*key, "EME1(SHA-256)"); - - byte msg[] = { /* ... */ }; - - SecureVector<byte> plaintext; - - try { - // will also accept a SecureVector<byte> as input - plaintext = dec->decrypt(msg, sizeof(msg)); - } - catch(Decoding_Error) - { - /* the ciphertext was invalid */ - } -\end{verbatim} - -\subsubsection{Signature Generation} - -There is one difficulty with signature generation that does not occur with -encryption or decryption. Specifically, there are various padding methods which -can be useful for different signature algorithms, and not all are appropriate -for all signature schemes. The following table breaks down what algorithms -support which encodings: - -\begin{tabular}{|c|c|c|} \hline -Signature Algorithm & Usable Encoding Methods & Preferred Encoding(s) \\ \hline -DSA / NR & EMSA1 & EMSA1 \\ \hline -RSA & EMSA1, EMSA2, EMSA3, EMSA4 & EMSA3, EMSA4 \\ \hline -Rabin-Williams & EMSA2, EMSA4 & EMSA2, EMSA4 \\ \hline -\end{tabular} - -For new applications, use EMSA4 with both RSA and Rabin-Williams, as it is -significantly more secure than the alternatives. However, most current -applications/libraries only support EMSA2 with Rabin-Williams and EMSA3 with -RSA. Given this, you may be forced to use less secure encoding methods for the -near future. In these examples, we punt on the problem, and hard-code using -EMSA1 with SHA-256. - -\begin{verbatim} - PK_Signing_Key* key = dynamic_cast<PK_Signing_Key*>(privkey); - if(!key) - error(); - PK_Signer* signer = get_pk_signer(*key, "EMSA1(SHA-256)"); - - byte msg[] = { /* ... */ }; - - /* - You can also repeatedly call update(const byte[], u32bit), followed - by a call to signature(), which will return the final signature of - all the data that was passed through update(). sign_message() is - just a stub that calls update() once, and returns the value of - signature(). - */ - - SecureVector<byte> signature = signer->sign_message(msg, sizeof(msg)); -\end{verbatim} - -\pagebreak - -\subsubsection{Signature Verification} - -In addition to all the problems with choosing the correct padding method, -there is yet another complication with verifying a signature. Namely, there are -two varieties of signature algorithms - those providing message recovery (that -is, the value that was signed can be directly recovered by someone verifying -the signature), and those without message recovery (the verify operation simply -returns if the signature was valid, without telling you exactly what was -signed). This leads to two slightly different implementations of the -verification operation, which user code has to work with. As you can see -however, the implementation is still not at all difficult. - -\begin{verbatim} - PK_Verifier* verifier = 0; - - PK_Verifying_with_MR_Key* key1 = - dynamic_cast<PK_Verifying_with_MR_Key*>(pubkey); - PK_Verifying_wo_MR_Key* key2 = - dynamic_cast<PK_Verifying_wo_MR_Key*>(pubkey); - - if(key1) - verifier = get_pk_verifier(*key1, "EMSA1(SHA-256)"); - else if(key2) - verifier = get_pk_verifier(*key2, "EMSA1(SHA-256)"); - else - error(); - - byte msg[] = { /* ... */ }; - byte sig[] = { /* ... */ }; - - /* - Like PK_Signer, you can also do repeated calls to - void update(const byte some_data[], u32bit length) - followed by a call to - bool check_signature(const byte the_sig[], u32bit length) - which will return true (valid signature) or false (bad signature). - The function verify_message() is a simple wrapper around update() and - check_signature(). - - */ - bool is_valid = verifier->verify_message(msg, sizeof(msg), sig, sizeof(sig)); -\end{verbatim} - -\subsubsection{Key Agreement} - -WRITEME - -\pagebreak - -\subsection{Working with Keys} - -\subsubsection{Reading Public Keys (X.509 format)} - -There are two separate ways to read X.509 public keys. Remember that the X.509 -public keys are simply that: public keys. There is no associated information -(such as the owner of that key) included with the public key itself. If you -need that kind of information, you'll need to use X.509 certificates. - -However, there are surely times when a simple public key is sufficient. The -most obvious is when the key is implicitly trusted, for example if access -and/or modification of it is controlled by something else (like filesystem -ACLs). In other cases, it is a perfectly reasonable proposition to use them -over the network as an anonymous key exchange mechanism. This is, admittedly, -vulnerable to man-in-the-middle attacks, but it's simple enough that it's hard -to mess up (see, for example, Peter Guttman's paper ``Lessons Learned in -Implementing and Deploying Crypto Software'' in Usenix '02). - -The way to load a key is basically to set up a \type{DataSource} and then call -\function{X509::load\_key}, which will return a \type{X509\_PublicKey*}. For -example: - -\begin{verbatim} - DataSource_Stream somefile("somefile.pem"); // has 3 public keys - X509_PublicKey* key1 = X509::load_key(somefile); - X509_PublicKey* key2 = X509::load_key(somefile); - X509_PublicKey* key3 = X509::load_key(somefile); - // Now we have them all loaded. Huzah! -\end{verbatim} - -At this point you can use \function{dynamic\_cast} to find the operations the -key supports (by seeing if a cast to \type{PK\_Encrypting\_Key}, -\type{PK\_Verifying\_with\_MR\_Key}, or \type{PK\_Verifying\_wo\_MR\_Key} -succeeds). - -There is a variant of \function{X509::load\_key} (and of -\function{PKCS8::load\_key}, described in the next section) which take a -filename (as a \type{std::string}). These are just convenience functions which -create the appropriate \type{DataSource} for you and call the main -\function{X509::load\_key}. - -\subsubsection{Reading Private Keys (PKCS \#8 format)} - -This is very similar to reading raw public keys, with the difference that the -key may be encrypted with a user passphrase: - -\begin{verbatim} - // rng is a RandomNumberGenerator, like AutoSeeded_RNG - - DataSource_Stream somefile("somefile"); - std::string a_passphrase = /* get from the user */ - PKCS8_PrivateKey* key = PKCS8::load_key(somefile, rng, a_passphrase); -\end{verbatim} - -You can, by the way, convert a \type{PKCS8\_PrivateKey} to a -\type{X509\_PublicKey} simply by casting it (with \function{dynamic\_cast}), as -the private key type is derived from \type{X509\_PublicKey}. As with -\type{X509\_PublicKey}, you can use \function{dynamic\_cast} to figure out what -operations the private key is capable of; in particular, you can attempt to -cast it to \type{PK\_Decrypting\_Key}, \type{PK\_Signing\_Key}, or -\type{PK\_Key\_Agreement\_Key}. - -Sometimes you can get away with having a static passphrase passed to -\function{load\_key}. Typically, however, you'll have to do some user -interaction to get the appropriate passphrase. In that case you'll want to use -the \type{UI} related interface, which is fully described in the API -documentation. - -\subsubsection{Generating New Private Keys} - -Generate a new private key is the one operation which requires you to -explicitly name the type of key you are working with. There are (currently) two -kinds of public key algorithms in Botan: ones based on the integer -factorization (IF) problem (RSA and Rabin-Williams), and ones based on the -discrete logarithm (DL) problem (DSA, Diffie-Hellman, Nyberg-Rueppel, and -ElGamal). Since discrete logarithm parameters (primes and generators) can be -shared among many keys, there is the notion of these being a combined type -(called \type{DL\_Group}). - -To create a new DL-based private key, simply pass a desired \type{DL\_Group} to -the constructor of the private key - a new public/private key pair will be -generated. Since in IF-based algorithms, the modulus used isn't shared by other -keys, we don't use this notion. You can create a new key by passing in a -\type{u32bit} telling how long (in bits) the key should be. - -There are quite a few ways to get a \type{DL\_Group} object. The best is to use -the function \function{get\_dl\_group}, which takes a string naming a group; it -will either return that group, if it knows about it, or throw an -exception. Names it knows about include ``IETF-n'' where n is 768, 1024, 1536, -2048, 3072, or 4096, and ``DSA-n'', where n is 512, 768, or 1024. The IETF -groups are the ones specified for use with IPSec, and the DSA ones are the -default DSA parameters specified by Java's JCE. For DSA and Nyberg-Rueppel, use -the ``DSA-n'' groups, and for Diffie-Hellman and ElGamal, use the ``IETF-n'' -groups. - -You can also generate a new random group. This is not recommend, because it is -very slow, particularly for ``safe'' primes, which are needed for -Diffie-Hellman and ElGamal. - -Some examples: - -\begin{verbatim} - RSA_PrivateKey rsa1(512); // 512-bit RSA key - RSA_PrivateKey rsa2(2048); // 2048-bit RSA key - - RW_PrivateKey rw1(1024); // 1024-bit Rabin-Williams key - RW_PrivateKey rw2(1536); // 1536-bit Rabin-Williams key - - DSA_PrivateKey dsa(get_dl_group("DSA-512")); // 512-bit DSA key - DH_PrivateKey dh(get_dl_group("IETF-4096")); // 4096-bit DH key - NR_PrivateKey nr(get_dl_group("DSA-1024")); // 1024-bit NR key - ElGamal_PrivateKey elg(get_dl_group("IETF-1536")); // 1536-bit ElGamal key -\end{verbatim} - -To export your newly created private key, use the PKCS \#8 routines in -\filename{pkcs8.h}: - -\begin{verbatim} - std::string a_passphrase = /* get from the user */ - std::string the_key = PKCS8::PEM_encode(rsa2, a_passphrase); -\end{verbatim} - -You can read the key back in using \function{PKCS8::load\_key}, described in -the section ``Reading Private Keys (PKCS \#8 format)'', above. Unfortunately, -this only works with keys that have an assigned algorithm identifier and -standardized format. Currently this is only the RSA, DSA, DH, and ElGamal -algorithms, though RW and NR keys can also be imported and exported by -assigning them an OID (this can be done either through a configuration file, or -by calling the function \function{OIDS::add\_oid} in \filename{oids.h}). Be -aware that the OID and format for ElGamal keys is not exactly standard, but -there does exist at least one other crypto library which will accept the -format. - -The raw public can be exported using: - -\begin{verbatim} - std::string the_public_key = X509::PEM_encode(rsa2); -\end{verbatim} - -\pagebreak - -\section{X.509v3 Certificates} - -Using certificates is rather complicated, so only the very basic mechanisms are -going to be covered here. The section ``Setting up a CA'' goes into reasonable -detail about CRLs and certificate requests, but there is a lot that isn't -covered (else this section would get quite long and complicated). - -\subsection{Importing and Exporting Certificates} - -Importing and exporting X.509 certificates is easy. Simply call the constructor -with either a \type{DataSource\&}, or the name of a file: - -\begin{verbatim} - X509_Certificate cert1("cert1.pem"); - - /* This file contains two certificates, concatenated */ - DataSource_Stream in("certs2_and_3.pem"); - - X509_Certificate cert2(in); // read the first cert - X509_Certificate cert3(in); // read the second cert -\end{verbatim} - -Exporting the certificate is a simple matter of calling the member function -\function{PEM\_encode}(), which returns a \type{std::string} containing the -certificate in PEM encoding. - -\begin{verbatim} - std::cout << cert3.PEM_encode(); - some_ostream_object << cert1.PEM_encode(); - std::string cert2_str = cert2.PEM_encode(); -\end{verbatim} - -\subsection{Verifying Certificates} - -Verifying a certificate requires that we build up a chain of trust, starting -from the root (usually a commercial CA), down through some number of -intermediate CAs, and finally reaching the actual certificate in -question. Thus, to verify, we actually have to have all those certificates -on hand (or at the very least, know where we can get the ones we need). - -The class which handles both storing certificates, and verifying them, is -called \type{X509\_Store}. We'll start by assuming that we have all the -certificates we need, and just want to verify a cert. This is done by calling -the member function \function{validate\_cert}, which takes the -\type{X509\_Certificate} in question, and an optional argument of type -\type{Cert\_Usage} (which is ignored here; read the section in the API doc -titled ``Verifying Certificates for information). It returns an enum; -\type{X509\_Code}, which, for most purposes, is either \type{VERIFIED}, or -something else (which specifies what circumstance caused the certificate to be -considered invalid). Really, that's it. - -Now, how to let \type{X509\_Store} know about all those certificates and CRLs -we have lying around? The simplest method is to add them directly, using the -functions \function{add\_cert}, \function{add\_certs}, -\function{add\_trusted\_certs}, and \function{add\_crl}; for details, consult -the API doc or read the \filename{x509stor.h} header. There is also a much more -elegant and powerful method: \type{Certificate\_Store}s. A certificate store -refers to an object that knows how to retrieve certificates from some external -source (a file, an LDAP directory, a HTTP server, a SQL database, or anything -else). By calling the function \function{add\_new\_certstore}, you can register -a new certificate store, which \type{X509\_Store} will use to find certificates -it needs. Thus, you can get away with only adding whichever root CA cert(s) you -want to use, letting some online source handle the storage of all intermediate -X.509 certificates. The API documentation has a more complete discussion of -\type{Certificate\_Store}. - -\subsection{Setting up a CA} - -WRITEME - -\pagebreak - -\section{Special Topics} - -This chapter is for subjects that don't really fit into the API documentation -or into other chapters of the tutorial. - -\subsection{GUIs} - -There is nothing particularly special about using Botan in a GUI-based -application. However there are a few tricky spots, as well as a few ways to -take advantage of an event-based application. - -\subsubsection{Initialization} - -Generally you will create the \type{LibraryInitializer} somewhere in -\texttt{main}, before entering the event loop. One problem is that some GUI -libraries take over \texttt{main} and drop you right into the event loop; the -question then is how to initialize the library? The simplest way is probably to -have a static flag that marks if you have already initialized the library or -not. When you enter the event loop, check to see if this flag has not been set, -and if so, initialize the library using the function-based initializers. Using -\type{LibraryInitializer} obviously won't work in this case, since it would be -destroyed as soon as the current event handler finished. You then deinitialize -the library whenever your application is signaled to quit. - -\subsubsection{Interacting With the Library} - -In the simple case, the user will do stuff asynchronously, and then in response -your code will do things like encrypt a file or whatever, which can all be done -synchronously, since the data is right there for you. An application doing -something like this is basically going to look exactly like a command line -application that uses Botan, the only major difference being that the calls to -the library are inside event handlers. - -Much harder is something like an SSH client, where you're acting as a layer -between two asynchronous things (the user and the network). This actually isn't -restricted to GUIs at all (text-mode SSH clients have to deal with most of the -same problems), but it is probably more common with a GUI app. The following -discussion is fairly vague, but hopefully somewhat useful. - -There are a few facilities in Botan that are primarily designed to be used by -applications based on an event loop. See the section ``User Interfaces'' in the -main API doc for details. - -\subsubsection{Entropy} - -One nice advantage of using a GUI is opening a new method of gathering entropy -for the library. This is especially handy on Windows, where the available -sources of entropy are pretty questionable. In many versions, -\texttt{CryptGenRandom} is really rather poor, and the Toolhelp functions may -not provide much data on a small system (such as a handheld). For example, in -GTK+, you can use the following callback to get information about mouse -movements: - -\begin{verbatim} -static gint add_entropy(GtkWidget* widget, GdkEventMotion* event) - { - if(event) - Global_RNG::add_entropy(event, sizeof(GdkEventMotion)); - return FALSE; - } -\end{verbatim} - -And then register it with your main GTK window (presumably named -\variable{window}) as follows: - -\begin{verbatim} -gtk_signal_connect(GTK_OBJECT(window), "motion_notify_event", - GTK_SIGNAL_FUNC(add_entropy), NULL); - -gtk_widget_set_events(window, GDK_POINTER_MOTION_MASK); -\end{verbatim} - -Even though we're catching all mouse movements, and hashing the results into -the entropy pool, this doesn't use up more than a few percent of even a -relatively slow desktop CPU. Note that in the case of using X over a network, -catching all mouse events would cause large amounts of X traffic over the -network, which might make your application slow, or even unusable (I haven't -tried it, though). - -This could be made nicer if the collection function did something like -calculating deltas between each run, storing them into a buffer, and then when -enough of them have been added, hashing them and send them all to the PRNG in -one shot. This would not only reduce load, but also prevent the PRNG from -overestimating the amount of entropy it's getting, since its estimates don't -(can't) take history into account. For example, you could move the mouse back -and forth one pixel, and the PRNG would think it was getting a full load of -entropy each time, when actually it was getting (at best) a bit or two. - -\end{document} |