changes

常用的64位密码加密算法

       -- changed the MSVC makefile to build with a warning level of three, no warnings!

January 8th, 2002
v0.26  -- updated SHA-256 to use ROR() for a rotate so 64-bit machines won't corrupt
          the output
       -- Changed #include <> to #include "" for local .h files as per Richard Heathfields' suggestions.
       -- Fixed bug in MPI [well bug in MSVC] that compiled code incorrectly in mp_set_int()
          I added a work around that catches the error and continues normally.

January 8th, 2002
v0.25  -- Added a stupid define so MSVC 6.00 can build the library.
       -- Big thanks to sci.crypt and "Ajay K. Agrawal" for helping me port this to MSVC

January 7th, 2002
v0.24  -- Sped up Blowfish by unrolling and removing the swaps.
       -- Made the code comply with more traditional ANSI C standards
          Should compile with MSVC with less errors
       -- moved the demos and documentation into their own directories
          so you can easily build the library with other tool chains
          by compiling the files in the root
       -- converted functions with length of outputs to use 
          "unsigned long" so 16-bit platforms will like this library more.

January 5th, 2002
v0.23  -- Fixed a small error in the MPI config it should build fine anywhere.

January 4th, 2002
v0.22  -- faster gf_mul() code
       -- gf_shl() and gf_shr() are safe on 64-bit platforms now
       -- Fixed an error in the hashes that Brian Gladman found.  
          Basically if the message has exactly 56 bytes left to be 
          compressed I handled them incorrectly.

January 4th, 2002
v0.21  -- sped up the ECC code by removing redundant divisions in the 
          point add and double routines.  I also extract the bits more
          efficiently in "ecc_mulmod()" now.
       -- sped up [and documented] the rand_prime() function.  Now it just
          makes a random integer and increments by two until a prime is found
          This is faster since it doesn't require alot of calls to the PRNG and
          it doesn't require loading huge integers over and over.  rand_prime()
          can also make primes congruent to 3 mod 4 [i.e for a blum integer]
       -- added a gf_sqrt() function that finds square roots in a GF(2^w) field
       -- fixed a bug in gf_div() that would return the wrong results if the divisor had a greator
          divisor than the dividend.

January 4th, 2002
v0.20  -- Added the fixed MPI back in so RSA and DH are much faster again

v0.19  -- Updated the manual to reflect the fact that Brian Gladman wrote the AES and Serpent code.
       -- DH, ECC and RSA signature/decryption functions check if the key is private
       -- new DH signature/verification code works just like the RSA/ECC versions

January 3rd, 2002
v0.18  -- Added way more comments to each .C file 
       -- fixed a bug in cbc_decrypt(pt, ct, key) where pt == ct [i.e same buffer]
       -- fixed RC5 so it reads the default rounds out of the cipher_descriptor table
       -- cleaned up ecc_export()
       -- Cleaned up dh_import() and ecc_import() which also perform more 
          error checking now
       -- Fixed a serious flaw in rsa_import() with private keys.

January 2nd, 2002
v0.17  -- Fixed a bug in the random prime generator that fixes the wrong bits to one
       -- ECC and DH code verify that the moduli and orders are in fact prime.  That 
          slows down the test routines alot but what are you gonna do? 
       -- Fixed a huge bug in the mp_exptmod() function which incorrectly calculates g^x mod p for some
          values of p.  I replaced it with a slow function.  Once the author of MPI fixes his faster routine
          I will switch back.
  
January 1st, 2002 [whoa new year!]
v0.16  -- Improved GF division code that is faster.
       -- documented the GF code

December 31st, 2001
v0.15  -- A 1792-bit and 2048-bit DH setting was added.  Took me all night to 
          find a 1792 and 2048-bit strong prime but what the heck
       -- Library now has polynomial-basis GF(2^w) routines I wrote myself.  Can be used to perform
          ECC over GF(2^w) later on....
       -- Fixed a bug with the defines that allows it to build in windows
       
December 30th, 2001
v0.14  -- Fixed the xxx_encrypt() packet routines to make an IV of appropriate size 
          for the cipher used.  It was defaulting to making a 256-bit IV...
       -- base64_encode() now appends a NULL byte, um "duh" stupid mistake now fixed...
       -- spell checked the manual again... :-)

December 30th, 2001
v0.13  -- Switching back to older copy of MPI since it works! arrg..
       -- Added sign/verify functions for ECC
       -- all signature verification routines default to invalid signatures.
       -- Changed all calls to memset to zeromem.  Fixed up some buffer problems 
          in other routines.  All calls to zeromem let the compiler determine the size
          of the data to wipe.

December 29th, 2001
v0.12  -- Imported a new version of MPI [the bignum library] that should
          be a bit more stable [if you want to write your own bignum
          routines with the library that is...]
       -- Manual has way more info
       -- hash_file() clears stack now [like it should]
       -- The artificial cap on the hash input size of 2^32 bits has been
          removed.  Basically I was too lazy todo 64-bit math before
          [don't ask why... I can't remember].  Anyways the hashes
          support the size of 2^64 bits [if you ever use that many bits in a message
          that's just wierd...]
       -- The hashes now wipe the "hash_state" after the digest is computed.  This helps
          prevent the internal state of the hash being leaked accidently [i.e stack problems]

December 29th, 2001
v0.11  -- Made #define's so you can trim the library down by removing
          ciphers, hashs, modes of operation, prngs, and even PK algorithms
          For example, the library with rijndael+ctr+sha1+ECC is 91KB compared
          to the 246kb the full library takes.
       -- Added ECC packet routines for encrypt/decrypt/sign/verify much akin to
          the RSA packet routines.
       -- ECC now compresses the public key, a ECC-192 public key takes 33 bytes 
          for example....

December 28th, 2001
v0.10  -- going to restart the manual from scratch to make it more 
          clear and professional
       -- Added ECC over Z/pZ.  Basically provides as much as DH
          except its faster since the numbers are smaller.  For example,
          A comparable 256-bit ECC key provides as much security as expected
          from a DH key over 1024-bits.
       -- Cleaned up the DH code to not export the symbol "sets[]"
       -- Fixed a bug in the DH code that would not make the correct size 
          random string if you made the key short.  For instance if you wanted 
          a 512-bit DH key it would make a 768-bit one but only make up 512-bits 
          for the exponent... now it makes the full 768 bits [or whatever the case 
          is]
       -- Fixed another ***SERIOUS*** bug in the DH code that would default to 768-bit
          keys by mistake.

December 25th, 2001
v0.09  -- Includes a demo program called file_crypt which shows off
          how to use the library to make a command line tool which
          allows the user to encode/decode a file with any
          hash (on the passphrase) and cipher in CTR mode.
       -- Switched everything to use typedef's now to clear up the code.
       -- Added AES (128/192 and 256 bit key modes)

December 24th, 2001
v0.08  -- fixed a typo in the manual. MPI stores its bignums in
          BIG endian not little.
       -- Started adding a RNG to the library.  Right now it tries
          to open /dev/random and if that fails it uses either the 
          MS CSP or the clock drift RNG.  It also allows callbacks 
          since the drift RNG is slow (about 3.5 bytes/sec)
       -- the RNG can also automatically setup a PRNG as well now

v0.07  -- Added basic DH routines sufficient to 
          negotiate shared secrets 
          [see the manual for a complete example!]
       -- Fixed rsa_import to detect when the input
          could be corrupt.  
       -- added more to the manual.

December 22nd, 2001
v0.06  -- Fixed some formatting errors in 
          the hash functions [just source code cleaning]
       -- Fixed a typo in the error message for sha256 :-)
       -- Fixed an error in base64_encode() that 
          would fail to catch all buffer overruns
       -- Test program times the RSA and symmetric cipher 
          routines for kicks...
       -- Added the "const" modifier to alot of routines to 
          clear up the purpose of each function.
       -- Changed the name of the library to "TomCrypt" 
          following a suggestion from a sci.crypt reader....

v0.05  -- Fixed the ROL/ROR macro to be safe on platforms 
          where unsigned long is not 32-bits
       -- I have added a bit more to the documentation 
          manual "crypt.pdf" provided.
       -- I have added a makefile for LCC-Win32.  It should be 
          easy to port to other LCC platforms by changing a few lines.
       -- Ran a spell checker over the manual.
       -- Changed the header and library from "crypt" to "mycrypt" to not
          clash with the *nix package "crypt".

v0.04  -- Fixed a bug in the RC5,RC6,Blowfish key schedules
          where if the key was not a multiple of 4 bytes it would
          not get loaded correctly.

December 21st, 2001

v0.03  -- Added Serpent to the list of ciphers.

v0.02  -- Changed RC5 to only allow 12 to 24 rounds
       -- Added more to the manual.

v0.01  -- We will call this the first version.