aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/block
Commit message (Collapse)AuthorAgeFilesLines
* Handle IV carryover in CBC, CFB, and stream ciphersJack Lloyd2017-05-131-0/+12
| | | | | | Allow an empty nonce to mean "continue using the current cipher state". GH #864
* Content:Tomasz Frydrych2017-04-031-1/+1
| | | | | | | | | * fixes for deprecated constructions in c++11 and later (explicit rule of 3/5 or implicit rule of 0 and other violations) * `default` specifier instead of `{}` in some places(probably all) * removal of unreachable code (for example `return` after `throw`) * removal of compilation unit only visible, but not used functions * fix for `throw()` specifier - used instead `BOTAN_NOEXCEPT` * removed not needed semicolons
* Remove "Dirty hack" for multiple defines in lex_me_harder()Simon Warta2017-04-0224-25/+72
|
* Fix incorrect password truncation in bcrypt password hashing.Jack Lloyd2017-03-241-7/+11
| | | | | | | | | | The 56 char bound is bogus; Blowfish itself allows at most 448 bits in the key schedule, but Bcrypt's modification allows up to 72 chars for the password. Bug pointed out by Solar Designer. Also reject work factors 0...3 since all other extant bcrypt implementations require at least work factor 4. Adds more bcrypt tests generated by crypt_bcrypt and OpenBSD's version.
* Remove some commented out code from NoekeonJack Lloyd2017-01-281-13/+0
| | | | | | It was bogus and so potentially confusing [ci skip]
* Add BOTAN_UNUSED in creator functionsJack Lloyd2017-01-271-0/+3
| | | | | | If all (say) stream ciphers are disabled, avoid unused arg warning. [ci skip]
* Fix various SunCC and Solaris warnings and build problems.Jack Lloyd2017-01-244-18/+25
| | | | | | | | | | | | | | | | | | | | | | | | Based on build output sent by @noloader. If RLIMIT_MEMLOCK is not defined, assume regular user is not able to call mlock. This probably also affected Clang/GCC on Solaris. Work around resolution issue in SIMD_4x32 where it finds ambiguity between arg taking uint32_t and __m128i. This is probably some artifact of how SunCC represents vector types, and seems highly bogus in general but is easy to work around here. Change constructor taking a single value to instead be `SIMD_4x32::splat` function. The SIMD class is internal, so no API implications. Fix various warnings about lambda functions that were missing return types and which were not a single return statement. AIUI C++11 doesn't guarantee that lambda return type will be deduced in that situation, though in practice every compiler including SunCC seems to handle it. Disable AVX2 usage, since SunCC's intrinsics seem to be broken - its _mm_loadu_si256 takes non-const pointer. Rename a few variables in the tests to avoid shadowed var warnings.
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-1848-702/+702
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* Fix clang-analyzer warning in AES codeJack Lloyd2016-12-161-6/+4
| | | | | | The previous assert had been already put there for the benefit of clang-analyzer, but in Clang 3.9 it does not help. Instead test X value directly, which works.
* Remove <source> block from info.txt filesJack Lloyd2016-12-082-8/+0
| | | | | | Kind of a vestigial thing from an earlier iteration of the module design, and never useful to specify anymore since taking all the cpp files is what you want exactly 100% of the time.
* Inline Twofish::rs_mul into its only callerJack Lloyd2016-12-082-24/+19
|
* Rename Serpent SIMD and Twofish SBOX source filesJack Lloyd2016-12-082-0/+0
| | | | Some attempt at consistency
* Add Cilk/OpenMP supportJack Lloyd2016-11-2611-251/+204
|
* Remove blowfish table source file.Jack Lloyd2016-11-031-190/+0
| | | | | Split commit with 4c777878 because, no git, I did not rename blfs_tab.cpp -> blowfish.cpp
* Inline Blowfish tables to blowfish.cppJack Lloyd2016-11-032-3/+182
| | | | Only needed there.
* Move ISA optimized versions under the main algo dirJack Lloyd2016-11-0312-8/+0
| | | | | | | | Previously it made sense for them to be in distinct dirs because they were standalone. However with #580 that is no longer the case, so move them to subdirs. Configure knows that anything underneath a directory has a dependency on the parent dir, so update info.txt files accordingly to remove explicit dependencies where set.
* Remove alias logic from SCAN_NameJack Lloyd2016-10-211-30/+30
| | | | | | This required taking a global lock and doing a map lookup each time an algorithm was requested (and so many times during a TLS handshake).
* Remove Algo_RegistryJack Lloyd2016-10-216-96/+184
| | | | | | | I repent my use of global constructors. I repent my use of global locks. Hopefully I will never touch this code again. :)
* Improve block doxygen [ci skip]René Korthaus2016-10-191-3/+6
|
* Add ISA annotations to functions using SIMD, AES, etcJack Lloyd2016-10-144-0/+39
| | | | | | | | Also emit `#pragma GCC target` in the ISA specific amalgamation files. This allows compiling without any special compiler flags, at least with GCC 6.2 and Clang 3.8. The ISA annotations are ignored in MSVC, which just emits whatever instruction the intrinsic requires.
* Missing inline specifierJack Lloyd2016-10-021-1/+1
|
* Change T::provider to return std::stringJack Lloyd2016-09-1511-16/+15
|
* Add T::provider() to allow user to inquire about implementation usedJack Lloyd2016-09-1511-0/+88
| | | | | For block ciphers, stream ciphers, hashes, MACs, and cipher modes. Cipher_Mode already had it, with a slightly different usage.
* Add cpuid overload to test frameworkJack Lloyd2016-09-151-3/+3
|
* Merge optimized implementations into base classJack Lloyd2016-09-1526-633/+413
| | | | | | | | | | Various algorithms had an optimized implementation (for SSE2, AVX2, etc) which was offered alongside the 'base' implementation. This is admittedly very useful for testing, but it breaks user expectations in bad ways. See GH #477 for background. Now encrypting with `AES_128` (say) just runs whatever implementation is best on the current processor/build.
* These vectors can be constJack Lloyd2016-09-091-2/+2
|
* Remove XTEA SIMD implJack Lloyd2016-09-023-165/+0
| | | | | Testing showed no actual speedup on either i7 (SSE2) or POWER7 (Altivec), so it is just dead weight.
* Remove deprecated ciphers MARS, RC2, RC5, RC6, SAFER-SK and TEAJack Lloyd2016-09-0219-1478/+0
| | | | | XTEA was also deprecated but has been spared, it does seem to be somewhat common (eg, included in the Go x/crypto library)
* Threefish-512 AVX2 optimizationsJack Lloyd2016-08-101-76/+165
| | | | | | | | | | | Remove loop variable R, instead derive from macro param constant Support 2 block parallel decrypt, improves raw perf from 456 MB/s to 710 MB/s for decrypt. Switch to alternate key schedule for encrypt. Uses 3 ymm registers instead of 9 at the cost of more computation. Not much faster on Skylake, unclear if this is worthwhile.
* Empty the key/tweak containers which is used to signal the key was setJack Lloyd2016-04-151-3/+3
| | | | Fix exception message
* Merge branch 'master' into clang-analyzerDaniel Neus2016-03-065-6/+6
|\
| * cppcheck fixes: Class 'X' has a constructor with 1 argument that is not ↵Daniel Neus2016-03-055-6/+6
| | | | | | | | explicit.
* | added an assert for aes key length >= 4 in aes_key_schedule to prevent ↵Daniel Neus2016-03-021-0/+6
| | | | | | | | division by zero found by clang-analyzer
* | fix dead assignment / redundant computation in block/aes_ssse3/aes_ssse3.cpp ↵Daniel Neus2016-03-021-2/+0
|/ | | | in aes_schedule_transform found by clang-analyzer
* Avoid some Wshadows in GCC 4.8Jack Lloyd2016-02-201-2/+2
| | | | | | | | | | | | | | | In GCC 4.7 and 4.8, Wshadow also warns if a local variable conflicts with a member function. This was changed in GCC 4.9 (GCC bugzilla 57709) but causes a lot of warnings on Travis which is on 4.8. Clang's Wshadow behaves like GCC 4.9 The worst offendor was Exception's constructor argument being named `what` which conflicts with the member function of the same name, being in a public header this causes so many warnings the Travis log files are truncated. This fixes Exception and a couple of others. Fixing all cases would be a slog that I'm not up for right at the moment.
* Add final attribute to many classesJack Lloyd2016-01-1027-36/+36
| | | | | | | In some cases this can offer better optimization, via devirtualization. And it lets the user know the class is not intended for derivation. Some discussion in GH #402
* Mass-prefix member vars with m_René Korthaus2016-01-0848-666/+666
|
* Use valgrind's memcheck API for checking const time annotationsJack Lloyd2016-01-031-1/+32
| | | | | | | Has the same effect as using ctgrind, but without requiring a custom-compiled valgrind binary. Add ct checking annotations to the SSSE3 AES code.
* Add cast to a suspcious looking (but actually ok in this case) shift in MARSJack Lloyd2016-01-011-1/+1
| | | | j is never more than 30 in this loop
* Drop seed_tabJack Lloyd2016-01-011-192/+0
| | | | | (Two part commit with 64caa9a to work around git's insane implied rename system)
* Inline SEED's sbox tablesJack Lloyd2016-01-012-33/+203
| | | | Simpler, and a bit faster also it seems (but not fast)
* Merge the openssl code together.Jack Lloyd2015-12-192-219/+0
| | | | | | | Having the code diffused all over the place was ugly and would not scale well to multiple alternative providers. GH #368
* Reroot the exception hierarchy into a toplevel Exception classJack Lloyd2015-12-112-3/+3
| | | | | | | | As the alternatives are unfortunate for applications trying to catch all library errors, and it seems deriving from std::runtime_error causes problems with MSVC DLLs (GH #340) Effectively reverts 2837e915d82e43
* Improve side channel attack resistance of table based AES implJack Lloyd2015-11-291-414/+147
|
* Make Montgomery reduction constant time.Jack Lloyd2015-10-242-20/+20
| | | | | | | | | | | | | | It was already close, but the carry loop would break early and selecting which value to copy out was indexed on the borrow bit. Have the carry loop run through, and add a const-time conditional copy operation and use that to copy the output. Convert ct_utils to CT namespace. Templatize the utils, which I was hesitant to do initially but is pretty useful when dealing with arbitrary word sizes. Remove the poison macros, replace with inline funcs which reads cleaner at the call site.
* Break up openssl providerJack Lloyd2015-10-192-0/+219
| | | | | | For RSA, RC4, and ECDSA put the openssl versions in the same directory as the base version. They just rely on a macro check for the openssl module to test for the desire to use OpenSSL.
* Make PKCS #1 and OAEP decoding constant time to avoid oracle attacksJack Lloyd2015-10-162-13/+34
| | | | | | | | via timing channels. Add annotations for checking constant-time code using ctgrind to PKCS #1 and OAEP, as well as IDEA and Curve25519 which were already written as constant time code.
* Delete Camellia sbox header.Jack Lloyd2015-09-222-550/+1
| | | | Two part commit with bd99a4f to work around git's insane rename system.
* Inline Camellia sbox tables to source fileJack Lloyd2015-09-221-3/+530
|
* Move check for SIMD instructions to CPUIDJack Lloyd2015-09-211-7/+3
| | | | | | Avoids needing to include simd_32 to see if SIMD is disabled. This had caused a build break on Linux x86-32 as SSE2 must be enabled on a per-file basis.