aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/modes/aead/ocb
Commit message (Collapse)AuthorAgeFilesLines
* OCB optimizationsJack Lloyd2019-09-282-20/+23
| | | | | | | Mostly avoiding/caching dynamic allocations. Also in speed, increment the IV from the low end which demonstrates OCB's enhanced handling of that case.
* Deprecate many publically available headersJack Lloyd2019-09-061-0/+2
|
* Rename Integrity_Failure to Invalid_Authentication_TagJack Lloyd2019-01-181-1/+1
| | | | | | | | | This makes the meaning and usage more clear. Add a specific error type so invalid tags can be distinguished without having to catch that specific type. See also #1813
* Make significant_words const time alsoJack Lloyd2018-12-231-3/+3
| | | | | | Only used in one place, where const time doesn't matter, but can't hurt. Remove low_bit, can be replaced by ctz.
* Fix some MSVC warningsJack Lloyd2018-09-301-3/+3
|
* In EAX, CCM, OCB verify nonce is set before processingJack Lloyd2018-08-171-0/+4
|
* Fix crashes when modes were used unkeyed.Jack Lloyd2018-08-051-4/+10
| | | | Fix crashes in OCB, GCM and CFB when called without a key being set.
* Add message to BOTAN_ARG_CHECK and use it more widelyJack Lloyd2018-05-131-4/+6
|
* Make stream, block, hash and cipher mode base classes optionalJack Lloyd2018-01-121-0/+1
|
* OCB optimizationsJack Lloyd2017-10-132-58/+90
| | | | | | With fast AES-NI, gets down to about 2 cycles per byte which is pretty good compared to the ~5.5 cpb of 2.3, still a long way off the best stiched impls which run at ~0.6 cpb.
* OCB optimizationsJack Lloyd2017-10-122-48/+52
| | | | From ~5 cbp to ~2.5 cbp on Skylake
* Address some MSVC warningsJack Lloyd2017-09-301-1/+1
|
* Make poly_dbl.h a submodule of utilsJack Lloyd2017-09-271-0/+4
| | | | | Only required by a few modules and if none of them are in use then the whole thing can just be skipped from the build.
* Apply final annotations to the library alsoJack Lloyd2017-09-221-1/+1
| | | | | Done by a perl script which converted all classes to final, followed by selective reversion where it caused compilation failures.
* More include header cleanupsJack Lloyd2017-09-212-1/+2
|
* Change header guard format to BOTAN_FOO_H_Jack Lloyd2017-09-201-2/+2
| | | | | | ISO C++ reserves names with double underscores in them Closes #512
* Add API stability annotations.Jack Lloyd2017-09-191-3/+3
| | | | | Defined in build.h, all equal to BOTAN_DLL so ties into existing system for exporting symbols.
* Merge GH #1205 Support large blocks in OCB modeJack Lloyd2017-09-192-62/+134
|\
| * Change wide block OCBJack Lloyd2017-09-151-29/+0
| | | | | | | | | | Ted Krovetz confirmed there were bugs in the reference code for blocks > 128 bits so these values should be the correct ones.
| * Add alternate form for matching OCB ref codeJack Lloyd2017-09-111-4/+30
| |
| * Support larger block sizes in OCBJack Lloyd2017-09-102-59/+134
| | | | | | | | | | | | This doesn't match the draft-3 test vectors and may be bogus. [ci skip]
* | Use constant_time_compare instead of same_memJack Lloyd2017-09-161-1/+1
|/ | | | New name, same great operation
* Simplify polynomial doubling codeJack Lloyd2017-09-051-2/+2
| | | | | | | | | | GCC and Clang generate effectively identical code for a template with parameters, vs completely unrolled code as was used previously. Add a little-endian variant so XTS can use it. This extends XTS support to cover 256 and 512-bit ciphers. I was not able to find another implementation that supports both XTS and ciphers with large blocks, so the XTS test vectors are self-generated.
* Improve polynomial doubling code, move to utilJack Lloyd2017-08-152-6/+4
| | | | | | | | | Now does 64-bits at a time instead of 8 bits, and avoids conditional timing channel on the XOR carry. Confirmed that at least GCC 7 and Clang 4 on x86-64 compile the functions without conditional jumps. Also removes CMAC as a dependency of OCB, which only needed it in order to call CMAC::poly_double
* Update OCB ref to RFC, and add new test vectorsJack Lloyd2017-06-121-2/+2
|
* Add assertion to ensure key is set in OCB_Encryption::encrypt.Daniel Wyatt2017-06-091-0/+2
| | | | Otherwise we just SIGSEGV.
* Remove "Dirty hack" for multiple defines in lex_me_harder()Simon Warta2017-04-021-1/+3
|
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-182-50/+50
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* Add test for various functions previously missed (T::clone, PBKDF::name, ↵Jack Lloyd2016-11-261-1/+1
| | | | | | | AEAD::output_length) Fix a bug in CCM, GCM, and OCB decryption which caused `output_length(tag_size())` to fail even though empty plaintexts are certainly defined for all three modes.
* Cipher_Mode and AEAD_Mode improvementsDaniel Neus2016-11-082-2/+13
| | | | | | | | | | | | See PR #552 - Add Cipher_Mode::reset() which resets just the message specific state and allows encrypting again under the existing key - In Cipher_Mode::clear() (at some planes) use cipher->clear() instead of resetting the pointer which would make the cipher object unusable - EAX_Decryption::output_length() bugfix?! Now its possible to decrypt an empty ciphertext (just a tag) - Bugfix for GCM_Decryption::finish() - set tag length in GCM_Mode::name() - Cipher_Mode tests: add tests for reset()and process() - AEAD_Mode tests: add tests for reset(), clear(), update() and process()
* Remove Algo_RegistryJack Lloyd2016-10-211-1/+1
| | | | | | | I repent my use of global constructors. I repent my use of global locks. Hopefully I will never touch this code again. :)
* Cipher_Mode API improvementsJack Lloyd2016-09-012-70/+52
| | | | | | | | | | | | | | | | | | | | The Cipher_Mode::update API is more general than needed to just support ciphers (this is due to it previously being an API of Transform which before 8b85b780515 was Cipher_Mode's base class) Define a less general interface `process` which either processes the blocks in-place, producing exactly as much output as there was input, or (SIV/CCM case) saves the entire message for processing in `finish`. These two uses cover all current or anticipated cipher modes. Leaves `update` for compatability with existing callers; all that is needed is an inline function forwarding to `process`. Removes the return type from `start` - in all cipher implementations, this always returned an empty vector. Adds BOTAN_ARG_CHECK macro; right now BOTAN_ASSERT is being used for argument checking in some places, which is not right at all.
* cppcheck fixes: Class 'X' has a constructor with 1 argument that is not ↵Daniel Neus2016-03-051-1/+1
| | | | explicit.
* Add final attribute to many classesJack Lloyd2016-01-101-2/+2
| | | | | | | In some cases this can offer better optimization, via devirtualization. And it lets the user know the class is not intended for derivation. Some discussion in GH #402
* Reroot the exception hierarchy into a toplevel Exception classJack Lloyd2015-12-111-2/+2
| | | | | | | | As the alternatives are unfortunate for applications trying to catch all library errors, and it seems deriving from std::runtime_error causes problems with MSVC DLLs (GH #340) Effectively reverts 2837e915d82e43
* Same treatment for cipher modesJack Lloyd2015-09-101-2/+0
|
* lib/modes: Convert &vec[0] to vec.data()Simon Warta2015-06-241-23/+23
|
* Clean up root dir, remove some unneeded dependencieslloyd2015-02-052-2/+0
|
* Add a runtime map of string->func() which when called returnlloyd2015-01-281-3/+3
| | | | | | | | | | | | | | | | | Transforms and BlockCiphers. Registration for all types is done at startup but is very cheap as just a std::function and a std::map entry are created, no actual objects are created until needed. This is a huge improvement over Algorithm_Factory which used T::clone() as the function and thus kept a prototype object of each type in memory. Replace existing lookup mechanisms for ciphers, AEADs, and compression to use the transform lookup. The existing Engine framework remains in place for BlockCipher, but the engines now just call to the registry instead of having hardcoded lookups. s/Transformation/Transform/ with typedefs for compatability. Remove lib/selftest code (for runtime selftesting): not the right approach.
* Ensure all files have copyright and license info.lloyd2015-01-102-2/+2
| | | | | Update license header line to specify the terms and refer to the file, neither of which it included before.
* OCB cleanup and additional testslloyd2014-11-072-51/+46
|
* Replace Transformatio::nstart with start_raw so we can do a full setlloyd2014-11-052-3/+3
| | | | of overloads in the base class with the same name.
* Fix various warnings from VC++ 2014 and add missing includelloyd2014-10-311-3/+3
|
* Guess I won't be needing theselloyd2014-01-181-1/+0
|
* Use unique_ptr instead of bare pointers and explicit delete in block, mac, hash.lloyd2014-01-181-1/+1
| | | | m_ namespaced everything while I'm in there. Changed CMAC poly_double signature.
* Split off the keyed interfaces of transform to Keyed_Transformlloyd2014-01-181-3/+3
| | | | | Remove the unhelpful 'Algorithm' base class which had previously acted more or less as a global base.
* Move lib into srclloyd2014-01-103-0/+562
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-22 06:20:05 +0000