aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Instead of having two asm_macr.h files being switched in based on modulelloyd2009-11-1412-16/+8
| | | | build magic, name them asm_macr_ARCH.h. Change all including files accordingly.
* Fix comment typolloyd2009-11-141-1/+1
|
* Make factorization in FPE more even (was neglecting powers of 2 sincelloyd2009-11-142-7/+42
| | | | | | 2 is not in the primes table). Also ensure that a >= b; this guarantees that log_a(b) is <= 1 and thus only 3 rounds (instead of 8 used before) is sufficient.
* Document adding FPElloyd2009-11-131-0/+1
|
* Extend FPE example to encrypt credit card numbers with valid Luhn checksumslloyd2009-11-131-8/+120
| | | | onto other CCNs with valid checksums.
* Fix FPE decryption; off by one in the round numberslloyd2009-11-131-2/+2
|
* propagate from branch 'net.randombit.botan' (head ↵lloyd2009-11-134-0/+227
|\ | | | | | | | | | | 586495311cff277e7a24b4116c987b79036d94e6) to branch 'net.randombit.botan.fpe' (head c6e8324b12e509ac1303078d5e716f08c53acff5)
| * propagate from branch 'net.randombit.botan' (head ↵lloyd2009-11-064-0/+227
| |\ | | | | | | | | | | | | | | | 0cb3295ee48403828c652064fbf72ddb6edbe13c) to branch 'net.randombit.botan.fpe' (head 954d50f368db4be7d98c5c32c474bc54ec5ea7f3)
| | * Add format preserving encryption, design is FE1/FD1 from the paperlloyd2009-11-054-0/+227
| | | | | | | | | | | | | | | | | | Format-Preserving Encryption (http://eprint.iacr.org/2009/251). This doesn't implement the rank functions which are necessary for the actual format-preserving part, though that would be nice to add to the example.
* | | Cleanups in the Square implementationlloyd2009-11-111-30/+38
| | |
* | | Remove some CPU specific workarounds for things GCC didn't know about, likelloyd2009-11-111-9/+5
| | | | | | | | | | | | the Alpha EV67 and MIPS R10000.
* | | Rename the UltraSPARC submodels; remove UltraSPARC II since it is functionallylloyd2009-11-111-6/+4
| | | | | | | | | | | | the same as an UltraSPARC for optimization purposes.
* | | Make em64t just an alias for amd64; add nocona as a submodel. Also addlloyd2009-11-111-1/+3
| | | | | | | | | | | | x64 as another arch alias since some people seem to use it.
* | | Switch from -O2/-O for lib/check to -O3/-O2 with gcclloyd2009-11-111-2/+2
| | |
* | | Double the speed of Skipjack on my Core2, mostly due to better inlining.lloyd2009-11-113-82/+100
| | |
* | | Inline all of the AES tables into an anon namespace in aes.cpp. Turns outlloyd2009-11-113-411/+399
| | | | | | | | | | | | to give a 3-7% speed improvement on Core2 with GCC.
* | | Almost double the speed of MARS; from 55 MiB/s to 102 on my Core2. lloyd2009-11-113-231/+216
| | |
* | | Slightly cleaner SHA-256 F1 func; ~1% fasterlloyd2009-11-101-3/+3
| | |
* | | Use memcpy for bulk loads if algorithm endianness matches CPU endianess.lloyd2009-11-101-0/+9
| | |
* | | Remove SSE4 dependency in AES-192 key schedule, and also avoid requiringlloyd2009-11-102-26/+25
| | | | | | | | | | | | an extra 4 words at the end of EK for writing (unused) values.
* | | Add AES-192 using AES-NI. Tested OK with Intel's simulator.lloyd2009-11-104-10/+277
| | | | | | | | | | | | | | | | | | | | | Currently requires SSE4.1 for _mm_extract_epi32 for the key schedule, it would be nice to remove this dependency, though all currently known/scheduled chips with AES-NI (Intel Westmere and Sandy Bridge, and AMD Bulldozer) are supposed to include SSE 4.1 so this is not a huge problem.
* | | Also #undef bool after including <altivec.h>lloyd2009-11-101-0/+1
| | |
* | | Clean up cpuid test proglloyd2009-11-101-11/+18
| | |
* | | Rename CPUID::has_intel_aes to has_aes_intel, and add CPUID::has_aes_via,lloyd2009-11-103-5/+17
| | | | | | | | | | | | which is currently just a stub returning false.
* | | Add unrolled versions of AES-NI code that will handle 4 blocks in parallel.lloyd2009-11-101-12/+176
| | | | | | | | | | | | | | | No noticable change under the simulator (no surprises there), but should help a lot with pipelining on real hardware.
* | | Fix errors in the AES-256 key schedule for the AES-NI version. Now passeslloyd2009-11-104-198/+171
| | | | | | | | | | | | | | | | | | | | | | | | | | | tests under Intel's emulator. Document and enable in the engine. Merge both versions to aes_intel.cpp - some shared code and much similiar structure which might be sharable via macros.
* | | Add AES-256 using AES-NIlloyd2009-11-103-3/+243
| | |
* | | Make the AES implementation using Intel's AES instruction extension official;lloyd2009-11-104-7/+9
| | | | | | | | | | | | testing with Intel's emulator shows all green.
* | | Split the AES vectors into 3 specifically named AES-128, AES-192, andlloyd2009-11-101-1651/+1650
| | | | | | | | | | | | | | | | | | AES-256 blocks, plus a handful remaining in a general AES block. This is necessary for any implementation which only supports a particular key size, since otherwise no tests at all will run on that implementation.
* | | Add Nehalem/Westmere tags for ICClloyd2009-11-101-3/+7
| | |
* | | Make set_all_values in {ECDSA,ECKAEG}_{Public,Private}Key all non-virtual;lloyd2009-11-102-6/+6
| | | | | | | | | | | | | | | | | | | | | virtual-ness not needed, and was overriding/overloading by argument which doesn't actually work in C++ and only happened to work because it was only ever used with the version implemented in that same class. ICC was warning, too. Make non-virtual.
* | | Cleanups - remove emails from source files, they should only live inlloyd2009-11-1019-62/+39
| | | | | | | | | | | | credits.txt and thanks.txt. Remove some various bits of formatting weirdness.
* | | Remove my email address from the copyright headers in the tss files, notlloyd2009-11-102-2/+2
| | | | | | | | | | | | | | | | | | included elsewhere and my preference is for the only emails to be in credits.txt since emails change more often than names and I'd prefer them not to be constantly either wrong or needing updates.
* | | In creating X.509 certificates and PKCS #10 requests, let (actually: require)lloyd2009-11-0910-39/+91
|/ / | | | | | | | | | | | | the user to specify the hash function to use, instead of always using SHA-1. This was a sensible default a few years ago, when there wasn't a ~2^60 attack on SHA-1 and support for SHA-2 was pretty much nil, but using something else makes a lot more sense these days.
* | Clean up aes_128_key_expansionlloyd2009-11-061-24/+18
| |
* | Respect --with-isa when choosing what to enablelloyd2009-11-061-3/+4
| |
* | GCC doesn't know what Nehalem or Westmere are, though it does know aboutlloyd2009-11-061-0/+3
| | | | | | | | | | the AES and PCLMUL instructions. Oddness. For the time being, compile Nehalem and Westmere as Core2 + extras, probably close enough.
* | Dename unused length fieldlloyd2009-11-061-1/+1
| |
* | Add a new need_isa marker for info.txt that lets a module dependlloyd2009-11-066-25/+31
| | | | | | | | | | | | | | | | | | | | | | | | on a particular ISA extension rather than a list of CPUs. Much easier to edit and audit, too. Add markers on the AES-NI code and SHA-1/SSE2. Serpent and XTEA don't need it because they are generic and only depend on simd_32 which will silenty swap out a scalar version if SSE2/AltiVec isn't enabled (since it turns out on supersclar processors just doing 4 blocks in parallel can be a win even in GPRs). Add pentium3 to the list of CPUs with rdtsc, was missing. Odd!
* | Add a complete but untested AES-128 using the AES-NI intrinsics.lloyd2009-11-063-68/+147
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | From looking at how key gen works in particular, it seems easiest to provide only AES-128, AES-192, and AES-256 and not a general AES class that can accept any key length. This also has the bonus of allowing full loop unrolling which may be a win (how much so will depend on the latency/throughput of the AES instructions which is currently unknown). No block interleaving, though of course it works very nicely here, simply due to the desire to keep things simple until what is currently here can actually be tested. (Intel has an emulator that is supposed to work but just crashes on my machine...) I'm not entirely sure if byte swapping is required. Intel has a white paper out that suggests it isn't (and really it would have been stupid of them to not build this into the aes instructions), but who knows. If it turns out to be necessary there is a pretty fast bswap instruction for SSE anyway.
* | Stub for AES class using Intel's AES-NI instructions and an engine forlloyd2009-11-067-0/+238
| | | | | | | | | | providing it. Also stubs in the engine for VIA's AES instructions, but needs CPUID checking also.
* | The default_submodel option was used by configure.pl but configure.pylloyd2009-11-0617-39/+8
| | | | | | | | | | | | ignores this unless it can detect (or is asked to use) a specific model; otherwise it compiles for the baseline ISA. Remove the default_submodel entries in the arch files.
* | The code for handling SIMD ISA extensions actually works fine for generallloyd2009-11-066-35/+44
| | | | | | | | | | | | | | | | ISA extensions (say, Intel's AES-NI, for instance) so change everything to reflect that. Also rename some of the amd64 models, and add entries for k10, nehalem, and westmere processors.
* | Make it possible to explicitly enable SIMD extensions.lloyd2009-11-061-19/+28
| | | | | | | | | | | | | | | | | | There is no point, as far as I can see, of being able to explicitly disable a SIMD or other ISA extension, because if you are compiling for that particular CPU the compiler might well choose to insert CPU-specific instructions anyway. For instance if one is compiling on a P4 but wants to disable SSE2, the right thing to do is compile for (say) an i686 which ensures that no P4 instructions will be emitted.
* | Tick to 1.9.3-devlloyd2009-11-066-37/+27
| | | | | | | | | | Rename BOTAN_UNALIGNED_LOADSTOR_OK to BOTAN_UNALIGNED_MEMORY_ACCESS_OK which is somewhat more clear as to the point.
* | Generate SIMD macro flags for build.h from data in build-data/arch forlloyd2009-11-066-6/+70
|/ | | | | | SSE2, SSSE3, NEON, and AltiVec. Add entries for Intel Atom, POWER6 and POWER7, and the Cortex A8 and A9.
* Add an andc operation, in SSE2 and AltiVec, may be useful for Serpent sboxeslloyd2009-11-044-4/+22
|
* Set BOTAN_TARGET_CPU_HAS_SSE2 macro if amd64. Not set at all for any 32-bitlloyd2009-11-041-0/+3
| | | | | x86 currently. This should be fixed. But it's an improvement over having to always set it manually, at least.
* Indent and avoid one extra assignmentlloyd2009-11-041-3/+2
|
* propagate from branch 'net.randombit.botan.1_8' (head ↵lloyd2009-11-03559-6939/+13364
|\ | | | | | | | | | | 6e8c18515725a70923b34118951252723dd4c29a) to branch 'net.randombit.botan' (head 77ba4ea5a4be36d6d029bcc852b2271edff0d679)
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-14 23:14:52 +0000