aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/block/aes
Commit message (Collapse)AuthorAgeFilesLines
* Optimize AES vperm implementationJack Lloyd2020-01-201-68/+68
| | | | | | | | | | | | | Mostly by avoiding strange corner cases in compiler code generation rather than anything clever. Improves Skylake x86 by 1.08x encrypt/no change for decrypt Improves ARMv7 (Pi2) by 1.2x encrypt/1.42x decrypt Improves Aarch64 (Cortex-A53) by 1.45x encrypt/2.15x decrypt Improves POWER8 by 18x encrypt/19.5x decrypt Crazy POWER8 improvement due to the fact that shuffle function was not being inlined properly by GCC 9 due to differing ISA enablement
* Clean up handling of POWER ISA extensionsJack Lloyd2019-12-122-12/+12
| | | | See #2226
* Avoid shadow warning in AES vperm codeJack Lloyd2019-12-051-10/+9
|
* Fix some MSVC warningsJack Lloyd2019-10-181-1/+1
|
* Merge CLMUL and PMULL codeJack Lloyd2019-09-251-34/+3
| | | | Same algorithms were used just using SSSE3 vs NEON
* Fix AES vperm in single file amalgamationJack Lloyd2019-09-121-3/+11
| | | | Nothing enabled ssse3 in that case.
* Merge GH #2061 Add header deprecation warningsJack Lloyd2019-09-081-0/+2
|\
| * Deprecate many publically available headersJack Lloyd2019-09-061-0/+2
| |
* | Disable vperm AES on big-endian systemsJack Lloyd2019-09-071-0/+2
| | | | | | | | | | All the constants need to be tweaked and possibly other changes are required.
* | Add support for vector permute AES using AltiVecJack Lloyd2019-09-072-0/+26
| | | | | | | | Slower than T-tables on the machines I've tried, but constant time.
* | In aes_vperm avoid loading from data segmentJack Lloyd2019-09-061-17/+12
|/ | | | I do not understand the mechanism but this is slightly faster.
* Merge GH #2096 Unroll POWER8 AES instructions by 4xJack Lloyd2019-09-041-105/+328
|\
| * Unroll POWER8 AES instructions by 4xJack Lloyd2019-09-041-105/+328
| | | | | | | | Improves performance by 20-30% on POWER9
* | Make ssse3/sse2 dependencies explicit rather than implicitJack Lloyd2019-09-041-0/+2
| | | | | | | | Previously --disable-sse2/--disable-ssse3 would not work as expected
* | Add build supportJack Lloyd2019-09-041-2/+13
| |
* | Some cleanupsJack Lloyd2019-09-041-54/+52
| |
* | Unroll blocks by 2xJack Lloyd2019-09-032-70/+188
| |
* | Support NEON for AES vector permutesJack Lloyd2019-09-014-110/+154
|/ | | | Rename aes_ssse3 -> aes_vperm
* Build fixesJack Lloyd2019-08-311-2/+1
|
* Abstract the AES SSSE3 implementation to support other SIMDJack Lloyd2019-08-312-449/+333
|
* Report parallism for AES when hardware is availableJack Lloyd2019-07-051-0/+14
|
* Make the ISA list a listJack Lloyd2019-04-174-4/+12
|
* Remove some unnecessary assertsJack Lloyd2019-01-223-34/+0
| | | | Now this is checked at the higher level
* Avoid including rotate.h in bswap.hJack Lloyd2018-12-211-0/+1
| | | | | | | It was only needed for one case which is easily hardcoded. Include rotate.h in all the source files that actually use rotr/rotl but implicitly picked it up via loadstor.h -> bswap.h -> rotate.h include chain.
* Make a few simple functions constexprJack Lloyd2018-10-011-9/+9
| | | | This is primarily just to verify that C++11 constexpr works.
* Remove support for Visual C++ 2013Jack Lloyd2018-10-011-2/+2
| | | | Closes GH #1557
* Remove unneeded load_on autoJack Lloyd2018-09-042-4/+0
| | | | It is the default...
* Prefetch AES tables during the key scheduleJack Lloyd2018-07-061-8/+27
| | | | | | | | Also prefetch SD during decryption since both TD and SD are used there. Need for prefetch in the key schedule identified in the paper "Eliminating Timing Side-Channel Leaks using Program Repair" by Guo, Schaumont, Wang
* Add message to BOTAN_ARG_CHECK and use it more widelyJack Lloyd2018-05-131-2/+1
|
* Unroll ARMv8 AES instructions by 4 to allow pipeliningJack Lloyd2018-02-251-84/+307
| | | | Runs as much as 50% faster for bulk operations. Improves GCM by 10%
* Implement decryptionJack Lloyd2018-02-232-43/+148
|
* AES encryption using POWER8 intrinsicsJack Lloyd2018-02-234-0/+296
|
* ABI for Aarch64 cryptoJack Lloyd2018-01-121-3/+1
|
* Constify variables in AES-NI codeJack Lloyd2017-11-181-104/+104
|
* Add checks that keyed algorithms are actually keyed before useJack Lloyd2017-10-261-0/+12
| | | | | Previously calling update or encrypt without calling set_key first would result in invalid outputs or else crashing.
* Convert http:// links to https:// where possibleJack Lloyd2017-10-241-1/+1
|
* Correct usage of std::aligned_storageJack Lloyd2017-10-151-6/+6
| | | | This ended up allocating 256 KiB!
* Additional final annotationsJack Lloyd2017-10-151-3/+3
|
* Use overaligned storage for AES T-TableJack Lloyd2017-10-141-32/+56
| | | | | This improves performance by ~ .5 cycle/byte. Also it ensures that our cache reading countermeasure works as expected.
* Reduce AES to using a single T-tableJack Lloyd2017-10-131-127/+78
| | | | | | | | | Should have significantly better cache characteristics, though it would be nice to verify this. It reduces performance somewhat but less than I expected, at least on Skylake. I need to check this across more platforms to make sure t won't hurt too badly.
* Add compile-time rotation functionsJack Lloyd2017-10-121-30/+30
| | | | | | | | | | | | | | | | | The problem with asm rol/ror is the compiler can't schedule effectively. But we only need asm in the case when the rotation is variable, so distinguish the two cases. If a compile time constant, then static_assert that the rotation is in the correct range and do the straightforward expression knowing the compiler will probably do the right thing. Otherwise do a tricky expression that both GCC and Clang happen to have recognize. Avoid the reduction case; instead require that the rotation be in range (this reverts 2b37c13dcf). Remove the asm rotations (making this branch illnamed), because now both Clang and GCC will create a roll without any extra help. Remove the reduction/mask by the word size for the variable case. The compiler can't optimize that it out well, but it's easy to ensure it is valid in the callers, especially now that the variable input cases are easy to grep for.
* Fix some cast warnings from SonarJack Lloyd2017-10-011-1/+1
|
* Change this code so Sonar understands div by zero can't happenJack Lloyd2017-09-301-2/+3
|
* Header file cleanupsJack Lloyd2017-09-211-1/+0
| | | | Some help from include-what-you-use
* Change header guard format to BOTAN_FOO_H_Jack Lloyd2017-09-201-2/+2
| | | | | | ISO C++ reserves names with double underscores in them Closes #512
* Add API stability annotations.Jack Lloyd2017-09-191-3/+3
| | | | | Defined in build.h, all equal to BOTAN_DLL so ties into existing system for exporting symbols.
* Add support for AES extensions on ARMv8Jack Lloyd2017-09-034-0/+367
| | | | Based on the patch in GH #1146
* Remove BOTAN_PARALLEL_FOR from T-table AESJack Lloyd2017-08-221-1/+1
| | | | GH #1077
* Notify callers of parallel ops for AES, IDEA, Noekeon, SHACAL2 and ThreefishJack Lloyd2017-08-142-0/+22
|
* Handle IV carryover in CBC, CFB, and stream ciphersJack Lloyd2017-05-131-0/+12
| | | | | | Allow an empty nonce to mean "continue using the current cipher state". GH #864