| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|
|
|
|
| |
Rearranging this code seems to let both GCC and Clang do a little
better on the core loop, 4-7% depending on buffer size on my i7-6700k
|
| |
|
| |
|
|
|
|
| |
We use the internal util API now
|
| |
|
| |
|
| |
|
|
|
|
|
| |
The previous limit of 512 bytes meant that TLS was unable to
negotiate using FFDHE-6144 or FFDHE-8192 groups.
|
| |
|
| |
|
|
|
|
| |
Needed for the create calls
|
| |
|
|
|
|
|
| |
Previously calling update or encrypt without calling set_key first
would result in invalid outputs or else crashing.
|
|
|
|
|
|
|
|
|
|
|
| |
In CTR, special case for counter widths of special interest.
In GHASH, uses a 4x reduction technique suggested by Intel.
Split out GHASH to its own source file and header.
With these changes GCM is over twice as fast on Skylake and about
50% faster on Westmere.
|
|
|
|
|
| |
Avoid copying inputs needlessly, on Skylake doubles performance
(from 1 GB/s -> 2 GB/s)
|
|
|
|
|
|
|
|
|
|
| |
By allowing multiple blocks for clmul, slight speedup there though still
far behind optimum.
Precompute a table of multiples of H, 3-4x faster on systems without clmul
(and still no secret indexes).
Refactor GMAC to not derive from GHASH
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The problem with asm rol/ror is the compiler can't schedule effectively.
But we only need asm in the case when the rotation is variable, so distinguish
the two cases. If a compile time constant, then static_assert that the rotation
is in the correct range and do the straightforward expression knowing the compiler
will probably do the right thing. Otherwise do a tricky expression that both
GCC and Clang happen to have recognize. Avoid the reduction case; instead
require that the rotation be in range (this reverts 2b37c13dcf).
Remove the asm rotations (making this branch illnamed), because now both Clang
and GCC will create a roll without any extra help.
Remove the reduction/mask by the word size for the variable case. The compiler
can't optimize that it out well, but it's easy to ensure it is valid in the callers,
especially now that the variable input cases are easy to grep for.
|
|
|
|
|
| |
These functions are declared/defined on MessageAuthenticationCode,
and call the start_msg virtual.
|
| |
|
|
|
|
|
| |
Only required by a few modules and if none of them are in use
then the whole thing can just be skipped from the build.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Correct errors in the AEAD tests that assumed process/update always
return something - that isn't true for SIV
Minor optimizations in CMAC and CTR to cache the block size instead
of making a zillion virtual calls for it.
Generalize SIV slightly to where it could support a non-128 bit
cipher, but don't pull the trigger on it since I can't find any
implementations to crosscheck with.
|
|
|
|
|
| |
Done by a perl script which converted all classes to final, followed
by selective reversion where it caused compilation failures.
|
| |
|
|
|
|
| |
Some help from include-what-you-use
|
|
|
|
|
|
| |
ISO C++ reserves names with double underscores in them
Closes #512
|
|
|
|
|
| |
Defined in build.h, all equal to BOTAN_DLL so ties into existing
system for exporting symbols.
|
|
|
|
| |
New name, same great operation
|
|
|
|
|
|
|
|
|
|
| |
GCC and Clang generate effectively identical code for a template
with parameters, vs completely unrolled code as was used previously.
Add a little-endian variant so XTS can use it. This extends XTS support
to cover 256 and 512-bit ciphers. I was not able to find another
implementation that supports both XTS and ciphers with large blocks,
so the XTS test vectors are self-generated.
|
|
|
|
| |
Based on VC2017 output
|
|
|
|
|
|
|
|
|
| |
Now does 64-bits at a time instead of 8 bits, and avoids conditional
timing channel on the XOR carry. Confirmed that at least GCC 7 and
Clang 4 on x86-64 compile the functions without conditional jumps.
Also removes CMAC as a dependency of OCB, which only needed it in
order to call CMAC::poly_double
|
|
|
|
|
|
|
|
|
| |
* fixes for deprecated constructions in c++11 and later (explicit rule of 3/5 or implicit rule of 0 and other violations)
* `default` specifier instead of `{}` in some places(probably all)
* removal of unreachable code (for example `return` after `throw`)
* removal of compilation unit only visible, but not used functions
* fix for `throw()` specifier - used instead `BOTAN_NOEXCEPT`
* removed not needed semicolons
|
| |
|
|
|
|
|
|
| |
If all (say) stream ciphers are disabled, avoid unused arg warning.
[ci skip]
|
|
|
|
|
|
| |
Renames a couple of functions for somewhat better name consistency,
eg make_u32bit becomes make_uint32. The old typedefs remain for now
since probably lots of application code uses them.
|
|
|
|
|
|
|
|
| |
GMAC needs a per-message nonce specified with `start`, and other
MACs are capable of using nonces (Skein-MAC, for instance) so move
this API up to MAC class.
Change GMAC::clone to clone the owned cipher.
|
|
|
|
|
| |
Adds support for Galois Message Authentication Code calculation based on
GHASH, rather than GCM_Mode.
|
|
|
|
|
|
| |
- Added GMAC class
- Integrated GMAC into MAC-Class test bench. Run GMAC tests using
./botan-test mac
|
|
|
|
|
|
| |
This required taking a global lock and doing a map lookup each
time an algorithm was requested (and so many times during a TLS
handshake).
|
|
|
|
|
|
|
| |
I repent my use of global constructors.
I repent my use of global locks.
Hopefully I will never touch this code again.
:)
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
For block ciphers, stream ciphers, hashes, MACs, and cipher modes.
Cipher_Mode already had it, with a slightly different usage.
|
|
|
|
|
|
|
|
| |
Fix for SipHash::clear() which does not clear the complete state.
Test additions:
- add a test for MessageAuthenticationCode::verify_mac()
- test MessageAuthenticationCode::clear()
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A module policy is a file specifying three types of modules: ones which
are required, ones which are prohibited, and ones which should be used
if otherwise available (this is mostly for platform specific modules).
Finally there are whatever modules which exist in the library of which
the policy makes no mention. These will be included if an explicit
dependency of some other module pulls them in (so there is no reason
to mention base, utils, ... in the file) but skipped otherwise.
For example policy 'sane' does not mention 'utils' or 'twofish' either
way. Since utils is a dependency of other modules which are included,
but Twofish does not. However unlike an explicitly prohibited module,
not mentioned can still be requested as part of the build (here with
--enable-module=twofish)
Also fixes some test bugs noticed by compiling in different build
configs. DLIES test didn't check that the KDF and MAC existed. Adds a
typedef for MessageAuthenticationCode because typing it twice in a
single line in the DLIES test made me think it's way too long. :) Also
fix some fuzzer build problems. Due to a copy and paste bug the PKCS
certificate (it was not).
Inspired by GH #439
|