aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/block/aes
Commit message (Collapse)AuthorAgeFilesLines
* Add message to BOTAN_ARG_CHECK and use it more widelyJack Lloyd2018-05-131-2/+1
|
* Unroll ARMv8 AES instructions by 4 to allow pipeliningJack Lloyd2018-02-251-84/+307
| | | | Runs as much as 50% faster for bulk operations. Improves GCM by 10%
* Implement decryptionJack Lloyd2018-02-232-43/+148
|
* AES encryption using POWER8 intrinsicsJack Lloyd2018-02-234-0/+296
|
* ABI for Aarch64 cryptoJack Lloyd2018-01-121-3/+1
|
* Constify variables in AES-NI codeJack Lloyd2017-11-181-104/+104
|
* Add checks that keyed algorithms are actually keyed before useJack Lloyd2017-10-261-0/+12
| | | | | Previously calling update or encrypt without calling set_key first would result in invalid outputs or else crashing.
* Convert http:// links to https:// where possibleJack Lloyd2017-10-241-1/+1
|
* Correct usage of std::aligned_storageJack Lloyd2017-10-151-6/+6
| | | | This ended up allocating 256 KiB!
* Additional final annotationsJack Lloyd2017-10-151-3/+3
|
* Use overaligned storage for AES T-TableJack Lloyd2017-10-141-32/+56
| | | | | This improves performance by ~ .5 cycle/byte. Also it ensures that our cache reading countermeasure works as expected.
* Reduce AES to using a single T-tableJack Lloyd2017-10-131-127/+78
| | | | | | | | | Should have significantly better cache characteristics, though it would be nice to verify this. It reduces performance somewhat but less than I expected, at least on Skylake. I need to check this across more platforms to make sure t won't hurt too badly.
* Add compile-time rotation functionsJack Lloyd2017-10-121-30/+30
| | | | | | | | | | | | | | | | | The problem with asm rol/ror is the compiler can't schedule effectively. But we only need asm in the case when the rotation is variable, so distinguish the two cases. If a compile time constant, then static_assert that the rotation is in the correct range and do the straightforward expression knowing the compiler will probably do the right thing. Otherwise do a tricky expression that both GCC and Clang happen to have recognize. Avoid the reduction case; instead require that the rotation be in range (this reverts 2b37c13dcf). Remove the asm rotations (making this branch illnamed), because now both Clang and GCC will create a roll without any extra help. Remove the reduction/mask by the word size for the variable case. The compiler can't optimize that it out well, but it's easy to ensure it is valid in the callers, especially now that the variable input cases are easy to grep for.
* Fix some cast warnings from SonarJack Lloyd2017-10-011-1/+1
|
* Change this code so Sonar understands div by zero can't happenJack Lloyd2017-09-301-2/+3
|
* Header file cleanupsJack Lloyd2017-09-211-1/+0
| | | | Some help from include-what-you-use
* Change header guard format to BOTAN_FOO_H_Jack Lloyd2017-09-201-2/+2
| | | | | | ISO C++ reserves names with double underscores in them Closes #512
* Add API stability annotations.Jack Lloyd2017-09-191-3/+3
| | | | | Defined in build.h, all equal to BOTAN_DLL so ties into existing system for exporting symbols.
* Add support for AES extensions on ARMv8Jack Lloyd2017-09-034-0/+367
| | | | Based on the patch in GH #1146
* Remove BOTAN_PARALLEL_FOR from T-table AESJack Lloyd2017-08-221-1/+1
| | | | GH #1077
* Notify callers of parallel ops for AES, IDEA, Noekeon, SHACAL2 and ThreefishJack Lloyd2017-08-142-0/+22
|
* Handle IV carryover in CBC, CFB, and stream ciphersJack Lloyd2017-05-131-0/+12
| | | | | | Allow an empty nonce to mean "continue using the current cipher state". GH #864
* Remove "Dirty hack" for multiple defines in lex_me_harder()Simon Warta2017-04-023-3/+9
|
* Fix various SunCC and Solaris warnings and build problems.Jack Lloyd2017-01-241-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | Based on build output sent by @noloader. If RLIMIT_MEMLOCK is not defined, assume regular user is not able to call mlock. This probably also affected Clang/GCC on Solaris. Work around resolution issue in SIMD_4x32 where it finds ambiguity between arg taking uint32_t and __m128i. This is probably some artifact of how SunCC represents vector types, and seems highly bogus in general but is easy to work around here. Change constructor taking a single value to instead be `SIMD_4x32::splat` function. The SIMD class is internal, so no API implications. Fix various warnings about lambda functions that were missing return types and which were not a single return statement. AIUI C++11 doesn't guarantee that lambda return type will be deduced in that situation, though in practice every compiler including SunCC seems to handle it. Disable AVX2 usage, since SunCC's intrinsics seem to be broken - its _mm_loadu_si256 takes non-const pointer. Rename a few variables in the tests to avoid shadowed var warnings.
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-184-121/+121
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* Fix clang-analyzer warning in AES codeJack Lloyd2016-12-161-6/+4
| | | | | | The previous assert had been already put there for the benefit of clang-analyzer, but in Clang 3.9 it does not help. Instead test X value directly, which works.
* Add Cilk/OpenMP supportJack Lloyd2016-11-262-26/+26
|
* Move ISA optimized versions under the main algo dirJack Lloyd2016-11-034-0/+1435
| | | | | | | | Previously it made sense for them to be in distinct dirs because they were standalone. However with #580 that is no longer the case, so move them to subdirs. Configure knows that anything underneath a directory has a dependency on the parent dir, so update info.txt files accordingly to remove explicit dependencies where set.
* Change T::provider to return std::stringJack Lloyd2016-09-152-6/+6
|
* Add T::provider() to allow user to inquire about implementation usedJack Lloyd2016-09-152-0/+27
| | | | | For block ciphers, stream ciphers, hashes, MACs, and cipher modes. Cipher_Mode already had it, with a slightly different usage.
* Merge optimized implementations into base classJack Lloyd2016-09-152-0/+162
| | | | | | | | | | Various algorithms had an optimized implementation (for SSE2, AVX2, etc) which was offered alongside the 'base' implementation. This is admittedly very useful for testing, but it breaks user expectations in bad ways. See GH #477 for background. Now encrypting with `AES_128` (say) just runs whatever implementation is best on the current processor/build.
* These vectors can be constJack Lloyd2016-09-091-2/+2
|
* added an assert for aes key length >= 4 in aes_key_schedule to prevent ↵Daniel Neus2016-03-021-0/+6
| | | | division by zero found by clang-analyzer
* Add final attribute to many classesJack Lloyd2016-01-101-3/+3
| | | | | | | In some cases this can offer better optimization, via devirtualization. And it lets the user know the class is not intended for derivation. Some discussion in GH #402
* Mass-prefix member vars with m_René Korthaus2016-01-082-27/+27
|
* Improve side channel attack resistance of table based AES implJack Lloyd2015-11-291-414/+147
|
* Fix static lib registration for block, hash, mac, stream, kdfJack Lloyd2015-09-101-5/+1
| | | | | | | | | | | The support problems from having static libraries not work in the obvious way will be endless trouble. Instead have each set of registrations tag along in a source file for the basic type, at the cost of some extra ifdefs. On shared libs this is harmless - everything is going into the shared object anyway. With static libs, this means pulling in a single block cipher pulls in the text of all the them. But that's still strictly better than the amalgamation (which is really pulling in everything), and it works (unlike status quo).
* block: Add missing overridesDaniel Seither2015-07-301-18/+18
|
* lib/block: Convert &vec[0] to vec.data()Simon Warta2015-06-271-2/+2
|
* Add a runtime map of string->func() which when called returnlloyd2015-01-281-2/+5
| | | | | | | | | | | | | | | | | Transforms and BlockCiphers. Registration for all types is done at startup but is very cheap as just a std::function and a std::map entry are created, no actual objects are created until needed. This is a huge improvement over Algorithm_Factory which used T::clone() as the function and thus kept a prototype object of each type in memory. Replace existing lookup mechanisms for ciphers, AEADs, and compression to use the transform lookup. The existing Engine framework remains in place for BlockCipher, but the engines now just call to the registry instead of having hardcoded lookups. s/Transformation/Transform/ with typedefs for compatability. Remove lib/selftest code (for runtime selftesting): not the right approach.
* Ensure all files have copyright and license info.lloyd2015-01-102-2/+2
| | | | | Update license header line to specify the terms and refer to the file, neither of which it included before.
* Move lib into srclloyd2014-01-103-0/+830
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-14 06:20:10 +0000