aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/mac
Commit message (Collapse)AuthorAgeFilesLines
* GCM and CTR optimizationsJack Lloyd2017-10-183-6/+17
| | | | | | | | | | | In CTR, special case for counter widths of special interest. In GHASH, uses a 4x reduction technique suggested by Intel. Split out GHASH to its own source file and header. With these changes GCM is over twice as fast on Skylake and about 50% faster on Westmere.
* GMAC optimizationJack Lloyd2017-10-152-21/+32
| | | | | Avoid copying inputs needlessly, on Skylake doubles performance (from 1 GB/s -> 2 GB/s)
* Optimize GCMJack Lloyd2017-10-132-23/+27
| | | | | | | | | | By allowing multiple blocks for clmul, slight speedup there though still far behind optimum. Precompute a table of multiples of H, 3-4x faster on systems without clmul (and still no secret indexes). Refactor GMAC to not derive from GHASH
* Add compile-time rotation functionsJack Lloyd2017-10-121-6/+6
| | | | | | | | | | | | | | | | | The problem with asm rol/ror is the compiler can't schedule effectively. But we only need asm in the case when the rotation is variable, so distinguish the two cases. If a compile time constant, then static_assert that the rotation is in the correct range and do the straightforward expression knowing the compiler will probably do the right thing. Otherwise do a tricky expression that both GCC and Clang happen to have recognize. Avoid the reduction case; instead require that the rotation be in range (this reverts 2b37c13dcf). Remove the asm rotations (making this branch illnamed), because now both Clang and GCC will create a roll without any extra help. Remove the reduction/mask by the word size for the variable case. The compiler can't optimize that it out well, but it's easy to ensure it is valid in the callers, especially now that the variable input cases are easy to grep for.
* Avoid bogus declarations in GMACJack Lloyd2017-09-301-25/+3
| | | | | These functions are declared/defined on MessageAuthenticationCode, and call the start_msg virtual.
* Address some MSVC warningsJack Lloyd2017-09-301-4/+3
|
* Make poly_dbl.h a submodule of utilsJack Lloyd2017-09-271-0/+4
| | | | | Only required by a few modules and if none of them are in use then the whole thing can just be skipped from the build.
* Better tests for SIVJack Lloyd2017-09-242-5/+8
| | | | | | | | | | | | Correct errors in the AEAD tests that assumed process/update always return something - that isn't true for SIV Minor optimizations in CMAC and CTR to cache the block size instead of making a zillion virtual calls for it. Generalize SIV slightly to where it could support a non-128 bit cipher, but don't pull the trigger on it since I can't find any implementations to crosscheck with.
* Apply final annotations to the library alsoJack Lloyd2017-09-221-1/+1
| | | | | Done by a perl script which converted all classes to final, followed by selective reversion where it caused compilation failures.
* More include header cleanupsJack Lloyd2017-09-211-0/+1
|
* Header file cleanupsJack Lloyd2017-09-211-6/+2
| | | | Some help from include-what-you-use
* Change header guard format to BOTAN_FOO_H_Jack Lloyd2017-09-208-16/+16
| | | | | | ISO C++ reserves names with double underscores in them Closes #512
* Add API stability annotations.Jack Lloyd2017-09-198-8/+8
| | | | | Defined in build.h, all equal to BOTAN_DLL so ties into existing system for exporting symbols.
* Use constant_time_compare instead of same_memJack Lloyd2017-09-161-1/+1
| | | | New name, same great operation
* Simplify polynomial doubling codeJack Lloyd2017-09-051-5/+3
| | | | | | | | | | GCC and Clang generate effectively identical code for a template with parameters, vs completely unrolled code as was used previously. Add a little-endian variant so XTS can use it. This extends XTS support to cover 256 and 512-bit ciphers. I was not able to find another implementation that supports both XTS and ciphers with large blocks, so the XTS test vectors are self-generated.
* Fix various MSVC warningsJack Lloyd2017-08-312-3/+7
| | | | Based on VC2017 output
* Improve polynomial doubling code, move to utilJack Lloyd2017-08-151-36/+6
| | | | | | | | | Now does 64-bits at a time instead of 8 bits, and avoids conditional timing channel on the XOR carry. Confirmed that at least GCC 7 and Clang 4 on x86-64 compile the functions without conditional jumps. Also removes CMAC as a dependency of OCB, which only needed it in order to call CMAC::poly_double
* Content:Tomasz Frydrych2017-04-031-1/+1
| | | | | | | | | * fixes for deprecated constructions in c++11 and later (explicit rule of 3/5 or implicit rule of 0 and other violations) * `default` specifier instead of `{}` in some places(probably all) * removal of unreachable code (for example `return` after `throw`) * removal of compilation unit only visible, but not used functions * fix for `throw()` specifier - used instead `BOTAN_NOEXCEPT` * removed not needed semicolons
* Remove "Dirty hack" for multiple defines in lex_me_harder()Simon Warta2017-04-028-8/+24
|
* Add BOTAN_UNUSED in creator functionsJack Lloyd2017-01-271-0/+3
| | | | | | If all (say) stream ciphers are disabled, avoid unused arg warning. [ci skip]
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-1816-112/+112
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* Add MAC::start_msg, update GMACJack Lloyd2016-10-283-14/+53
| | | | | | | | GMAC needs a per-message nonce specified with `start`, and other MACs are capable of using nonces (Skein-MAC, for instance) so move this API up to MAC class. Change GMAC::clone to clone the owned cipher.
* Implements GMAC with GHASH.Matthias Gierlings2016-10-283-44/+109
| | | | | Adds support for Galois Message Authentication Code calculation based on GHASH, rather than GCM_Mode.
* Added implementation for GMACMatthias Gierlings2016-10-275-1/+184
| | | | | | - Added GMAC class - Integrated GMAC into MAC-Class test bench. Run GMAC tests using ./botan-test mac
* Remove alias logic from SCAN_NameJack Lloyd2016-10-211-3/+3
| | | | | | This required taking a global lock and doing a map lookup each time an algorithm was requested (and so many times during a TLS handshake).
* Remove Algo_RegistryJack Lloyd2016-10-218-73/+101
| | | | | | | I repent my use of global constructors. I repent my use of global locks. Hopefully I will never touch this code again. :)
* Fix doxygen warnings [ci skip]René Korthaus2016-10-191-1/+0
|
* Minor doxygen fixes [ci skip]René Korthaus2016-10-192-2/+2
|
* Improve stream doxygen [ci skip]René Korthaus2016-10-191-1/+1
|
* Improve mac doxygen [ci skip]René Korthaus2016-10-191-4/+6
|
* Change T::provider to return std::stringJack Lloyd2016-09-151-2/+1
|
* Add T::provider() to allow user to inquire about implementation usedJack Lloyd2016-09-151-0/+8
| | | | | For block ciphers, stream ciphers, hashes, MACs, and cipher modes. Cipher_Mode already had it, with a slightly different usage.
* fix SipHash::clear() and MAC test improvementsDaniel Neus2016-07-201-3/+4
| | | | | | | | Fix for SipHash::clear() which does not clear the complete state. Test additions: - add a test for MessageAuthenticationCode::verify_mac() - test MessageAuthenticationCode::clear()
* Merge GH #446 add --module-policy optionJack Lloyd2016-03-061-0/+2
|\
| * Add option --module-policyJack Lloyd2016-03-061-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A module policy is a file specifying three types of modules: ones which are required, ones which are prohibited, and ones which should be used if otherwise available (this is mostly for platform specific modules). Finally there are whatever modules which exist in the library of which the policy makes no mention. These will be included if an explicit dependency of some other module pulls them in (so there is no reason to mention base, utils, ... in the file) but skipped otherwise. For example policy 'sane' does not mention 'utils' or 'twofish' either way. Since utils is a dependency of other modules which are included, but Twofish does not. However unlike an explicitly prohibited module, not mentioned can still be requested as part of the build (here with --enable-module=twofish) Also fixes some test bugs noticed by compiling in different build configs. DLIES test didn't check that the KDF and MAC existed. Adds a typedef for MessageAuthenticationCode because typing it twice in a single line in the DLIES test made me think it's way too long. :) Also fix some fuzzer build problems. Due to a copy and paste bug the PKCS certificate (it was not). Inspired by GH #439
* | Remaining cppcheck fixes that are not covered by GH #444Daniel Neus2016-03-051-1/+1
|/
* cppcheck fixes: Class 'X' has a constructor with 1 argument that is not ↵Daniel Neus2016-03-054-4/+4
| | | | explicit.
* Add final attribute to many classesJack Lloyd2016-01-106-6/+6
| | | | | | | In some cases this can offer better optimization, via devirtualization. And it lets the user know the class is not intended for derivation. Some discussion in GH #402
* Reroot the exception hierarchy into a toplevel Exception classJack Lloyd2015-12-111-1/+1
| | | | | | | | As the alternatives are unfortunate for applications trying to catch all library errors, and it seems deriving from std::runtime_error causes problems with MSVC DLLs (GH #340) Effectively reverts 2837e915d82e43
* Remove use of lookup.h in favor of new T::create API.Jack Lloyd2015-09-214-12/+9
|
* Address some review comments by Simon. GH #279Jack Lloyd2015-09-211-1/+1
|
* Internal header cleanupsJack Lloyd2015-09-199-49/+3
| | | | Only user-visible change is the removal of get_byte.h
* Handle dependencies re static linking. GH #279Jack Lloyd2015-09-176-0/+28
| | | | | | | | | | | | | | Previously we were hanging on the type destructors to pull in the relevant objects. However that fails in many simple cases where the object is never deleted. For every type involved in the algo registry add static create and providers functions to access the algo registry. Modify lookup.h to be inline and call those functions, and move a few to sub-headers (eg, get_pbkdf going to pbkdf.h). So accessing the registry involves going through the same file that handles the initialization, so there is no way to end up with missing objs.
* Fix static lib registration for block, hash, mac, stream, kdfJack Lloyd2015-09-108-14/+56
| | | | | | | | | | | The support problems from having static libraries not work in the obvious way will be endless trouble. Instead have each set of registrations tag along in a source file for the basic type, at the cost of some extra ifdefs. On shared libs this is harmless - everything is going into the shared object anyway. With static libs, this means pulling in a single block cipher pulls in the text of all the them. But that's still strictly better than the amalgamation (which is really pulling in everything), and it works (unlike status quo).
* mac: Add missing overridesDaniel Seither2015-07-306-47/+47
|
* Remove duplicate definition of MessageAuthenticationCode::name()Daniel Seither2015-07-301-6/+0
| | | | The original definition is in the base class SymmetricAlgorithm.
* Make Botan compile when only some modules are enabledSimon Warta2015-07-031-0/+2
| | | | Fixes #146.
* s/auto/size_t/Simon Warta2015-07-031-1/+1
|
* More changes for use with debug STLSimon Warta2015-06-301-1/+5
|
* lib/mac: Convert &vec[0] to vec.data()Simon Warta2015-06-255-8/+8
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-27 21:06:20 +0000