» Tuesday, 20 February A.D. 2007
ironclad release
I released a new version of Ironclad today, now with a real home page. And real documentation, too!
So, what's new?
- HTML documentation! Granted, there were docstrings on most exported functions, but I gather than people rarely look at docstrings. Writing the documentation also forced me to clarify a lot of things. I hope the new documentation is helpful.
- The internal guts of ciphers has been redone. Previously,
defining a new cipher required defining numerous methods--most of them
coming from the internal function ENCRYPT-WITH-MODE, on
which I defined a method for each (cipher,encryption-mode)
combination. This generated a lot of bloated code for questionable
value.
The big epiphany for me was realizing that I could rewrite ENCRYPT-WITH-MODE to simply dispatch on (block-size,encryption-mode). This dramatically cuts down on the number of methods required but enables the methods to be specialized for known block sizes. (Known block sizes enable generation of more efficient code in many places and was one of the key motivators for the previous scheme.) I don't believe things are much slower; the code is certainly shorter and the FASL sizes on x86 SBCL are ~25% smaller, maybe more.
- CLOSy-er internals. The aforementioned ENCRYPT-WITH-MODE is one example of this. MAKE-CIPHER used to be this awful mess of generated methods; now it basically dispatches to make-instance. As a bonus, things like reinitialize-instance now start to become natural; it should already work on cipher objects (this is not mentioned in the documentation, unfortunately) and I think it would be nice to extend it to digests and MACs as well (if not further). (Making digests become CLOS objects rather than the structures they are now might have some performance implications, but I don't think there would be that much of a regression.)
- MORE TESTS. Most algorithms in the library now come with tests. There are still a few externally visible functions that need tests, but the test coverage is better than before. (It also fixed a few bugs in some ciphers.)
- A rewritten test suite that doesn't suck tremendous resources to compile or run. Virtually all of the interesting tests are now relegated to test vector files that are read rather than being compiled and loaded. This change cuts down on the needed resources and enables some nice abstraction to take place; see testfuns.lisp for the details.
- The CMAC MAC algorithm has been added, as have (very raw) RSA encryption routines.
- PRODUCE-DIGEST can now take a user-supplied buffer in which to place the computed digest. This cuts down on the amount of consing digesting applications might need to do, although further improvements are possible.
- A few bugfixes. CTR mode on SBCL should be fixed and the SHA* implementations should now cooperate with recent versions of CLISP. (Older versions of CLISP are broken with respect to their handling of LOOP...FINALLY.)
posted by Nate @ 12:57PM