aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/hash
Commit message (Collapse)AuthorAgeFilesLines
* Avoid math on booleansJack Lloyd2017-08-291-3/+3
| | | | Sonar find
* Modify GOST-34.11 hash to avoid a GCC miscompilation.Jack Lloyd2017-08-131-1/+4
| | | | | | | | | | | | For whatever reason GCC 7 on i386 miscompiles this loop under -O3. I was not able to reduce the bug to a small testcase - extracting the problem section of the code to its own file, it behaves correctly. Also oddly, I was never able to repro this using Arch's gcc-multilib i386 compiler. But when compiled with the 'native' i386 compiler in a chroot it immediately fails. See GH #1148 and GH #882
* Remove STREEBOG_AX and STREEBOG_C from header.Daniel Wyatt2017-08-041-4/+0
| | | | (Missed hunk in previous commit)
* streebog: Addressing review comments.Daniel Wyatt2017-08-043-852/+46
|
* Add Streebog hash (GOST R 34.11-2012).Daniel Wyatt2017-08-045-0/+1934
|
* Merge GH #1094 Add initial BearSSL providerJack Lloyd2017-08-021-1/+16
|\
| * BearSSL: implement PR feedback and compare ECGroup OID namePatrick Wildt2017-07-051-6/+6
| | | | | | | | | | | | | | This commit implements the feedback from @securitykernel on the PR and also changes the EC Group comparison to use the OID, akin to OpenSSL. The EC Group comparison was needed before GH #1093 was merged, but now we can go use the OpenSSL variant.
| * BearSSL: Initial support and hash testsPatrick Wildt2017-07-051-1/+16
| | | | | | | | | | | | | | | | | | BearSSL is an implementation of the SSL/TLS protocol in C aiming to be correct and secure, small and highly portable. Thus making it nicer to be included in a rather sparse bootloader. This commit adds support for BearSSL's hash routines only, with more stuff coming up in following commits. The goal is to be able to test BearSSL using Botan's extensive testsuite.
* | Use native compiler versioning of MSVCSimon Warta2017-07-312-2/+2
|/ | | | | | | | | | | | | | | | While using marketing names like 2013, 2015 etc. is more convenient at first sight, it requires keeping a table about all supported compiler versions, as there is no formular to calculate between the representations. Keeping a list of compilers leads to the following issue: if one version of Botan is released in 2017, requiring MSVS 2015 for one module, this source can be compiled using MSVS 2015 and 2017 but not a future version like 2019. Also preview/development versions of MSVC that may use an intermediate version number cannot be handled with the marketing name table because they may be unknown to the general public.
* Cleanups in SM3 codeJack Lloyd2017-06-291-81/+25
| | | | | | | | T[] variable is actually a constant, so precompute it in SM3_TJ W1 expansion is very simple and can just be done inline. Somewhat faster on my machine.
* Maintainer mode fixes: old style casts, missing override, unused functionsJack Lloyd2017-06-083-36/+13
|
* fix doxygen build: hide method definitions with ifdefs where theZoltan Gyarmati2017-06-084-0/+8
| | | | | | | function declaration is already hidden, fix some param names in doxygen comments, fixes #1067 This work was sponsored by Ribose Inc (@riboseinc).
* Merge GH #1056 Add HashFunction::copy_state and port to OpenSSL 1.1.0Jack Lloyd2017-05-2241-0/+202
|\
| * Fix for old GCC and ClangJack Lloyd2017-05-222-2/+2
| | | | | | | | | | They don't understand unique_ptr<Derived> to unique_ptr<Base> without help https://stackoverflow.com/questions/22018115/converting-stdunique-ptrderived-to-stdunique-ptrbase
| * Add HashFunction::copy_stateJack Lloyd2017-05-2241-0/+177
| | | | | | | | See GH #1037
* | Disable ARMv8 SHA extensions on 32-bitJack Lloyd2017-05-222-2/+2
| | | | | | | | | | | | | | Works everywhere but Apple Clang. Could handle this with a hack to configure but running ARMv8 in 32-bit mode is rare and suboptimal, and it would be better to deal with this using compile-time feature detection.
* | Change SHA-2 to use a single convention for CPU extnJack Lloyd2017-05-203-9/+8
| |
* | Set minimum compiler versions for ARMv8 SHA intrinsicsJack Lloyd2017-05-202-0/+10
| |
* | Small cleanups for ARM SHA codeJack Lloyd2017-05-204-16/+24
| | | | | | | | | | | | | | Fix for new define syntax, remove old style casts. Add some randomly generated longer SHA-256 vectors, previously had precisely zero multiblock tests.
* | Add SHA-256 using ARMv8 instructionsJack Lloyd2017-05-204-35/+240
| | | | | | | | Based on patch from Jeffrey Walton in GH #841
* | Add ARMv8 SHA-1 supportJack Lloyd2017-05-204-0/+222
|/ | | | | | Based on patch from Jeffrey Walton in GH #840 Only tested in qemu so far.
* Set minimum compiler versions for SHA intrinsicsJack Lloyd2017-05-192-0/+12
|
* Add support for Intel SHA-1/SHA-2 instructionsJack Lloyd2017-05-198-1/+465
| | | | Based on GH #807 and #808
* Merge GH #966 Add SM3 hash functionJack Lloyd2017-04-054-0/+334
|\
| * Re-roll two loops in SM3 hash compression function that are causing test ↵Daniel Wyatt2017-04-041-94/+32
| | | | | | | | failures for some compilers.
| * Unroll loops in SM3 hash compress_n.Daniel Wyatt2017-04-032-65/+241
| |
| * Fix info.txt date and update to new format.Daniel Wyatt2017-04-031-1/+3
| |
| * Merge remote-tracking branch 'origin/master' into sm3Daniel Wyatt2017-04-0321-21/+63
| |\
| * | Add SM3 hash functionDaniel Wyatt2017-04-034-0/+218
| | |
* | | Content:Tomasz Frydrych2017-04-032-2/+2
| |/ |/| | | | | | | | | | | | | | | * fixes for deprecated constructions in c++11 and later (explicit rule of 3/5 or implicit rule of 0 and other violations) * `default` specifier instead of `{}` in some places(probably all) * removal of unreachable code (for example `return` after `throw`) * removal of compilation unit only visible, but not used functions * fix for `throw()` specifier - used instead `BOTAN_NOEXCEPT` * removed not needed semicolons
* | Remove "Dirty hack" for multiple defines in lex_me_harder()Simon Warta2017-04-0221-21/+63
|/
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-1843-365/+365
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* Avoid unneeded code - previous conditionals handle these casesJack Lloyd2016-11-251-8/+0
|
* Adds SHAKE support for XMSSMatthias Gierlings2016-11-251-0/+8
| | | | | | | - Enables code for shake support - Creating SHAKE hash function by name now allows to select output size of 256 Bit for SHAKE128 and 512 Bit for SHAKE256. - Adds *self-generated*, unverified test vectors for XMSS/SHAKE.
* Add SHAKE-128 and SHAKE-256 as hash functionsJack Lloyd2016-11-107-75/+279
|
* Move ISA optimized versions under the main algo dirJack Lloyd2016-11-032-4/+0
| | | | | | | | Previously it made sense for them to be in distinct dirs because they were standalone. However with #580 that is no longer the case, so move them to subdirs. Configure knows that anything underneath a directory has a dependency on the parent dir, so update info.txt files accordingly to remove explicit dependencies where set.
* Correct name for Comb4PJack Lloyd2016-10-271-1/+1
|
* Remove alias logic from SCAN_NameJack Lloyd2016-10-211-50/+62
| | | | | | This required taking a global lock and doing a map lookup each time an algorithm was requested (and so many times during a TLS handshake).
* Remove Algo_RegistryJack Lloyd2016-10-2110-121/+181
| | | | | | | I repent my use of global constructors. I repent my use of global locks. Hopefully I will never touch this code again. :)
* Merge GH #669 Add SHA-3, SHAKE-128, and BoringSSL-mode NewHopeJack Lloyd2016-10-207-91/+315
|\
| * Add proper SHA-3Jack Lloyd2016-10-197-91/+315
| | | | | | | | | | | | | | | | | | | | Kind of a copy and paste of Keccak, but only a single copy of the permutation at least. Keccak depends on SHA-3 instead of the reverse, so that SHA-3 can be enabled without also bringing in an unapproved hash function. Updates newhope code and removes API function newhope_hash which was an unofficial SHA-3-256.
* | Improve stream doxygen [ci skip]René Korthaus2016-10-191-1/+1
| |
* | Improve hash doxygen [ci skip]René Korthaus2016-10-191-3/+12
|/
* Add ISA annotations to functions using SIMD, AES, etcJack Lloyd2016-10-141-0/+1
| | | | | | | | Also emit `#pragma GCC target` in the ISA specific amalgamation files. This allows compiling without any special compiler flags, at least with GCC 6.2 and Clang 3.8. The ISA annotations are ignored in MSVC, which just emits whatever instruction the intrinsic requires.
* Change T::provider to return std::stringJack Lloyd2016-09-151-2/+1
|
* Add T::provider() to allow user to inquire about implementation usedJack Lloyd2016-09-151-0/+7
| | | | | For block ciphers, stream ciphers, hashes, MACs, and cipher modes. Cipher_Mode already had it, with a slightly different usage.
* Merge optimized implementations into base classJack Lloyd2016-09-156-75/+47
| | | | | | | | | | Various algorithms had an optimized implementation (for SSE2, AVX2, etc) which was offered alongside the 'base' implementation. This is admittedly very useful for testing, but it breaks user expectations in bad ways. See GH #477 for background. Now encrypting with `AES_128` (say) just runs whatever implementation is best on the current processor/build.
* Merge GH #613 NewHope R-LWE key exchangeJack Lloyd2016-09-052-6/+9
|\
| * Add NEWHOPE KEM schemeJack Lloyd2016-08-302-6/+9
| | | | | | | | | | | | | | | | | | | | Provides conjectured 200-bit security against a quantum attacker. Based on the public domain reference implementation at https://github.com/tpoeppelmann/newhope and bit-for-bit compatible with that version. Test vectors generated by the reference testvector.c
* | Remove deprecated hashes MD2, HAS-160, and RIPEMD-128Jack Lloyd2016-09-0210-600/+0
|/