| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Went from 27 to 20 cycles per byte on Skylake (with clmul disabled)
|
|
|
|
|
|
|
|
|
|
| |
By allowing multiple blocks for clmul, slight speedup there though still
far behind optimum.
Precompute a table of multiples of H, 3-4x faster on systems without clmul
(and still no secret indexes).
Refactor GMAC to not derive from GHASH
|
|
|
|
|
|
| |
With fast AES-NI, gets down to about 2 cycles per byte which is
pretty good compared to the ~5.5 cpb of 2.3, still a long way off
the best stiched impls which run at ~0.6 cpb.
|
|
|
|
| |
From ~5 cbp to ~2.5 cbp on Skylake
|
| |
|
|
|
|
| |
Still slower but notably faster at least with AES-NI
|
|
|
|
| |
Sonar
|
| |
|
| |
|
|
|
|
|
| |
Only required by a few modules and if none of them are in use
then the whole thing can just be skipped from the build.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Correct errors in the AEAD tests that assumed process/update always
return something - that isn't true for SIV
Minor optimizations in CMAC and CTR to cache the block size instead
of making a zillion virtual calls for it.
Generalize SIV slightly to where it could support a non-128 bit
cipher, but don't pull the trigger on it since I can't find any
implementations to crosscheck with.
|
| |
|
|
|
|
|
| |
Done by a perl script which converted all classes to final, followed
by selective reversion where it caused compilation failures.
|
| |
|
|
|
|
| |
Some help from include-what-you-use
|
|
|
|
|
|
| |
ISO C++ reserves names with double underscores in them
Closes #512
|
| |
|
|
|
|
|
| |
Defined in build.h, all equal to BOTAN_DLL so ties into existing
system for exporting symbols.
|
|\ |
|
| |
| |
| |
| |
| | |
Ted Krovetz confirmed there were bugs in the reference code for
blocks > 128 bits so these values should be the correct ones.
|
| | |
|
| |
| |
| |
| |
| |
| | |
This doesn't match the draft-3 test vectors and may be bogus.
[ci skip]
|
| |
| |
| |
| | |
New name, same great operation
|
| | |
|
| | |
|
| | |
|
| | |
|
|/
|
|
|
|
| |
Test data generated by 1.10 so hopefully no further issues here.
GH #1200
|
|
|
|
|
|
|
|
|
|
| |
GCC and Clang generate effectively identical code for a template
with parameters, vs completely unrolled code as was used previously.
Add a little-endian variant so XTS can use it. This extends XTS support
to cover 256 and 512-bit ciphers. I was not able to find another
implementation that supports both XTS and ciphers with large blocks,
so the XTS test vectors are self-generated.
|
|
|
|
| |
Contributed in GH #842
|
| |
|
|
|
|
| |
Based on VC2017 output
|
|
|
|
|
|
|
|
|
| |
Now does 64-bits at a time instead of 8 bits, and avoids conditional
timing channel on the XOR carry. Confirmed that at least GCC 7 and
Clang 4 on x86-64 compile the functions without conditional jumps.
Also removes CMAC as a dependency of OCB, which only needed it in
order to call CMAC::poly_double
|
| |
|
|
|
|
| |
Otherwise we just SIGSEGV.
|
|
|
|
|
|
| |
Allow an empty nonce to mean "continue using the current cipher state".
GH #864
|
|
|
|
|
|
| |
Use the OpenSSL provider to implement AES CBC mode. Also pass down
the provider to the encryption layer if there is no matching OpenSSL
mode. Add a test with empty nonce.
|
|
|
|
|
|
|
|
|
| |
* fixes for deprecated constructions in c++11 and later (explicit rule of 3/5 or implicit rule of 0 and other violations)
* `default` specifier instead of `{}` in some places(probably all)
* removal of unreachable code (for example `return` after `throw`)
* removal of compilation unit only visible, but not used functions
* fix for `throw()` specifier - used instead `BOTAN_NOEXCEPT`
* removed not needed semicolons
|
| |
|
|
|
|
|
|
| |
Renames a couple of functions for somewhat better name consistency,
eg make_u32bit becomes make_uint32. The old typedefs remain for now
since probably lots of application code uses them.
|
| |
|
|
|
|
|
|
| |
The unpad functions return the blocksize as padding position, if the padding is invalid.
.
|
|
|
|
|
|
|
| |
Not a good thing to offer at this level. If you know what you
are doing for the strange special case where it is necessary,
the raw BlockCipher interface is available and probably more
convenient.
|
| |
|
|
|
|
|
|
|
| |
AEAD::output_length)
Fix a bug in CCM, GCM, and OCB decryption which caused `output_length(tag_size())`
to fail even though empty plaintexts are certainly defined for all three modes.
|
| |
|
| |
|
| |
|