aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/mac
Commit message (Collapse)AuthorAgeFilesLines
* Add CT::Mask typeJack Lloyd2018-11-281-4/+4
|
* Cleanups in Poly1305Jack Lloyd2018-11-091-23/+23
|
* Optimization for Poly1305Jack Lloyd2018-09-201-17/+24
| | | | | Rearranging this code seems to let both GCC and Clang do a little better on the core loop, 4-7% depending on buffer size on my i7-6700k
* Add message to BOTAN_ARG_CHECK and use it more widelyJack Lloyd2018-05-135-8/+13
|
* Make stream, block, hash and cipher mode base classes optionalJack Lloyd2018-01-124-1/+10
|
* Deprecate CMAC::poly_doubleJack Lloyd2017-12-281-1/+7
| | | | We use the internal util API now
* Avoid undefined behavior in SipHashJack Lloyd2017-12-231-1/+9
|
* Code formatting tweak in Poly1305 codeJack Lloyd2017-12-031-5/+5
|
* Avoid calling lookup("DES") twice when clone will do the job.Jack Lloyd2017-12-031-1/+1
|
* Increase HMAC key size limit to 4096 bytes.Jack Lloyd2017-11-282-5/+7
| | | | | The previous limit of 512 bytes meant that TLS was unable to negotiate using FFDHE-6144 or FFDHE-8192 groups.
* Add a function for checking if poly_double_n supports a particular sizeJack Lloyd2017-11-181-2/+1
|
* Minor SIV/CMAC optimizationsJack Lloyd2017-11-021-10/+11
|
* Include <memory> in base type headersJack Lloyd2017-10-291-0/+1
| | | | Needed for the create calls
* Remove needless virtual on GMAC destructorJack Lloyd2017-10-261-1/+1
|
* Add checks that keyed algorithms are actually keyed before useJack Lloyd2017-10-265-7/+22
| | | | | Previously calling update or encrypt without calling set_key first would result in invalid outputs or else crashing.
* GCM and CTR optimizationsJack Lloyd2017-10-183-6/+17
| | | | | | | | | | | In CTR, special case for counter widths of special interest. In GHASH, uses a 4x reduction technique suggested by Intel. Split out GHASH to its own source file and header. With these changes GCM is over twice as fast on Skylake and about 50% faster on Westmere.
* GMAC optimizationJack Lloyd2017-10-152-21/+32
| | | | | Avoid copying inputs needlessly, on Skylake doubles performance (from 1 GB/s -> 2 GB/s)
* Optimize GCMJack Lloyd2017-10-132-23/+27
| | | | | | | | | | By allowing multiple blocks for clmul, slight speedup there though still far behind optimum. Precompute a table of multiples of H, 3-4x faster on systems without clmul (and still no secret indexes). Refactor GMAC to not derive from GHASH
* Add compile-time rotation functionsJack Lloyd2017-10-121-6/+6
| | | | | | | | | | | | | | | | | The problem with asm rol/ror is the compiler can't schedule effectively. But we only need asm in the case when the rotation is variable, so distinguish the two cases. If a compile time constant, then static_assert that the rotation is in the correct range and do the straightforward expression knowing the compiler will probably do the right thing. Otherwise do a tricky expression that both GCC and Clang happen to have recognize. Avoid the reduction case; instead require that the rotation be in range (this reverts 2b37c13dcf). Remove the asm rotations (making this branch illnamed), because now both Clang and GCC will create a roll without any extra help. Remove the reduction/mask by the word size for the variable case. The compiler can't optimize that it out well, but it's easy to ensure it is valid in the callers, especially now that the variable input cases are easy to grep for.
* Avoid bogus declarations in GMACJack Lloyd2017-09-301-25/+3
| | | | | These functions are declared/defined on MessageAuthenticationCode, and call the start_msg virtual.
* Address some MSVC warningsJack Lloyd2017-09-301-4/+3
|
* Make poly_dbl.h a submodule of utilsJack Lloyd2017-09-271-0/+4
| | | | | Only required by a few modules and if none of them are in use then the whole thing can just be skipped from the build.
* Better tests for SIVJack Lloyd2017-09-242-5/+8
| | | | | | | | | | | | Correct errors in the AEAD tests that assumed process/update always return something - that isn't true for SIV Minor optimizations in CMAC and CTR to cache the block size instead of making a zillion virtual calls for it. Generalize SIV slightly to where it could support a non-128 bit cipher, but don't pull the trigger on it since I can't find any implementations to crosscheck with.
* Apply final annotations to the library alsoJack Lloyd2017-09-221-1/+1
| | | | | Done by a perl script which converted all classes to final, followed by selective reversion where it caused compilation failures.
* More include header cleanupsJack Lloyd2017-09-211-0/+1
|
* Header file cleanupsJack Lloyd2017-09-211-6/+2
| | | | Some help from include-what-you-use
* Change header guard format to BOTAN_FOO_H_Jack Lloyd2017-09-208-16/+16
| | | | | | ISO C++ reserves names with double underscores in them Closes #512
* Add API stability annotations.Jack Lloyd2017-09-198-8/+8
| | | | | Defined in build.h, all equal to BOTAN_DLL so ties into existing system for exporting symbols.
* Use constant_time_compare instead of same_memJack Lloyd2017-09-161-1/+1
| | | | New name, same great operation
* Simplify polynomial doubling codeJack Lloyd2017-09-051-5/+3
| | | | | | | | | | GCC and Clang generate effectively identical code for a template with parameters, vs completely unrolled code as was used previously. Add a little-endian variant so XTS can use it. This extends XTS support to cover 256 and 512-bit ciphers. I was not able to find another implementation that supports both XTS and ciphers with large blocks, so the XTS test vectors are self-generated.
* Fix various MSVC warningsJack Lloyd2017-08-312-3/+7
| | | | Based on VC2017 output
* Improve polynomial doubling code, move to utilJack Lloyd2017-08-151-36/+6
| | | | | | | | | Now does 64-bits at a time instead of 8 bits, and avoids conditional timing channel on the XOR carry. Confirmed that at least GCC 7 and Clang 4 on x86-64 compile the functions without conditional jumps. Also removes CMAC as a dependency of OCB, which only needed it in order to call CMAC::poly_double
* Content:Tomasz Frydrych2017-04-031-1/+1
| | | | | | | | | * fixes for deprecated constructions in c++11 and later (explicit rule of 3/5 or implicit rule of 0 and other violations) * `default` specifier instead of `{}` in some places(probably all) * removal of unreachable code (for example `return` after `throw`) * removal of compilation unit only visible, but not used functions * fix for `throw()` specifier - used instead `BOTAN_NOEXCEPT` * removed not needed semicolons
* Remove "Dirty hack" for multiple defines in lex_me_harder()Simon Warta2017-04-028-8/+24
|
* Add BOTAN_UNUSED in creator functionsJack Lloyd2017-01-271-0/+3
| | | | | | If all (say) stream ciphers are disabled, avoid unused arg warning. [ci skip]
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-1816-112/+112
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* Add MAC::start_msg, update GMACJack Lloyd2016-10-283-14/+53
| | | | | | | | GMAC needs a per-message nonce specified with `start`, and other MACs are capable of using nonces (Skein-MAC, for instance) so move this API up to MAC class. Change GMAC::clone to clone the owned cipher.
* Implements GMAC with GHASH.Matthias Gierlings2016-10-283-44/+109
| | | | | Adds support for Galois Message Authentication Code calculation based on GHASH, rather than GCM_Mode.
* Added implementation for GMACMatthias Gierlings2016-10-275-1/+184
| | | | | | - Added GMAC class - Integrated GMAC into MAC-Class test bench. Run GMAC tests using ./botan-test mac
* Remove alias logic from SCAN_NameJack Lloyd2016-10-211-3/+3
| | | | | | This required taking a global lock and doing a map lookup each time an algorithm was requested (and so many times during a TLS handshake).
* Remove Algo_RegistryJack Lloyd2016-10-218-73/+101
| | | | | | | I repent my use of global constructors. I repent my use of global locks. Hopefully I will never touch this code again. :)
* Fix doxygen warnings [ci skip]René Korthaus2016-10-191-1/+0
|
* Minor doxygen fixes [ci skip]René Korthaus2016-10-192-2/+2
|
* Improve stream doxygen [ci skip]René Korthaus2016-10-191-1/+1
|
* Improve mac doxygen [ci skip]René Korthaus2016-10-191-4/+6
|
* Change T::provider to return std::stringJack Lloyd2016-09-151-2/+1
|
* Add T::provider() to allow user to inquire about implementation usedJack Lloyd2016-09-151-0/+8
| | | | | For block ciphers, stream ciphers, hashes, MACs, and cipher modes. Cipher_Mode already had it, with a slightly different usage.
* fix SipHash::clear() and MAC test improvementsDaniel Neus2016-07-201-3/+4
| | | | | | | | Fix for SipHash::clear() which does not clear the complete state. Test additions: - add a test for MessageAuthenticationCode::verify_mac() - test MessageAuthenticationCode::clear()
* Merge GH #446 add --module-policy optionJack Lloyd2016-03-061-0/+2
|\
| * Add option --module-policyJack Lloyd2016-03-061-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A module policy is a file specifying three types of modules: ones which are required, ones which are prohibited, and ones which should be used if otherwise available (this is mostly for platform specific modules). Finally there are whatever modules which exist in the library of which the policy makes no mention. These will be included if an explicit dependency of some other module pulls them in (so there is no reason to mention base, utils, ... in the file) but skipped otherwise. For example policy 'sane' does not mention 'utils' or 'twofish' either way. Since utils is a dependency of other modules which are included, but Twofish does not. However unlike an explicitly prohibited module, not mentioned can still be requested as part of the build (here with --enable-module=twofish) Also fixes some test bugs noticed by compiling in different build configs. DLIES test didn't check that the KDF and MAC existed. Adds a typedef for MessageAuthenticationCode because typing it twice in a single line in the DLIES test made me think it's way too long. :) Also fix some fuzzer build problems. Due to a copy and paste bug the PKCS certificate (it was not). Inspired by GH #439