aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/stream/chacha
Commit message (Collapse)AuthorAgeFilesLines
* Avoid including rotate.h in bswap.hJack Lloyd2018-12-211-0/+1
| | | | | | | It was only needed for one case which is easily hardcoded. Include rotate.h in all the source files that actually use rotr/rotl but implicitly picked it up via loadstor.h -> bswap.h -> rotate.h include chain.
* Slight simplification to ChaCha loopJack Lloyd2018-11-211-7/+13
|
* Remove needless memset operationJack Lloyd2018-11-171-1/+0
|
* Use vzeroupper/vzeroall to transition between AVX and SSE states.Jack Lloyd2018-11-101-0/+4
| | | | | | | | Otherwise some CPUs suffer serious stalls. Using vzeroall on exit also has the nice effect that we don't have to worry about register contents leaking. HT to @noloader for doing the background research on this.
* Optimize AVX2 ChaChaJack Lloyd2018-11-051-236/+181
| | | | | | Using the same transposition trick used for SSE2 in #1728 On my Skylake desktop about 5-10% faster depending on buffer sizes.
* Add ChaCha using SIMD_4x32Jack Lloyd2018-11-049-608/+236
| | | | | | | | | | | This allows supporting SSE2, NEON and AltiVec in a single codebase, so drop the NEON and SSE2 code. This new impl avoids having to do shuffles with every round and so is about 10% faster on Skylake. Also, fix bugs in both baseline and AVX2 implementations when the low counter overflowed. The SSE2 and NEON code were also buggy here.
* Add ChaCha in NEONJack Lloyd2018-10-264-0/+324
| | | | | Originally written by Jeffrey Walton for Crypto++, which was in turn based on my SSE2 ChaCha.
* In ChaCha AVX2/SSE2 code s/input/state/Jack Lloyd2018-10-262-80/+79
| | | | | It is confusing as while the stream cipher state is the input to the permutation, the stream cipher has an unrelated input (the text).
* Remove unused variableJack Lloyd2018-08-261-1/+0
|
* Add AVX2 version of ChaChaJack Lloyd2018-08-264-12/+304
|
* Add StreamCipher::write_keystreamJack Lloyd2018-08-082-0/+20
| | | | | Avoids the XOR operation. Only implemented for ChaCha20 currently, everything else defaults to memset-to-zero + xor-cipher
* De-inline functions from stream cipher headersJack Lloyd2018-08-082-7/+19
|
* Add StreamCipher::default_iv_lengthJack Lloyd2018-08-082-2/+6
|
* Add support for XChaChaJack Lloyd2018-08-073-41/+126
|
* Avoid crash in ChaCha20+Salsa if set_iv called without a key setJack Lloyd2018-08-071-0/+2
|
* Add message to BOTAN_ARG_CHECK and use it more widelyJack Lloyd2018-05-131-2/+3
|
* Support seeking in Salsa20Jack Lloyd2017-11-141-4/+1
| | | | Add a test that StreamCipher::seek throws if not keyed.
* Add checks that keyed algorithms are actually keyed before useJack Lloyd2017-10-261-0/+2
| | | | | Previously calling update or encrypt without calling set_key first would result in invalid outputs or else crashing.
* Convert http:// links to https:// where possibleJack Lloyd2017-10-241-1/+1
|
* Add compile-time rotation functionsJack Lloyd2017-10-121-6/+6
| | | | | | | | | | | | | | | | | The problem with asm rol/ror is the compiler can't schedule effectively. But we only need asm in the case when the rotation is variable, so distinguish the two cases. If a compile time constant, then static_assert that the rotation is in the correct range and do the straightforward expression knowing the compiler will probably do the right thing. Otherwise do a tricky expression that both GCC and Clang happen to have recognize. Avoid the reduction case; instead require that the rotation be in range (this reverts 2b37c13dcf). Remove the asm rotations (making this branch illnamed), because now both Clang and GCC will create a roll without any extra help. Remove the reduction/mask by the word size for the variable case. The compiler can't optimize that it out well, but it's easy to ensure it is valid in the callers, especially now that the variable input cases are easy to grep for.
* Use explicit on more single-argument constructorsJack Lloyd2017-09-301-1/+1
|
* Change header guard format to BOTAN_FOO_H_Jack Lloyd2017-09-201-2/+2
| | | | | | ISO C++ reserves names with double underscores in them Closes #512
* Add API stability annotations.Jack Lloyd2017-09-191-1/+1
| | | | | Defined in build.h, all equal to BOTAN_DLL so ties into existing system for exporting symbols.
* Remove "Dirty hack" for multiple defines in lex_me_harder()Simon Warta2017-04-022-2/+6
|
* Support zero-length IV in ChaChaJack Lloyd2017-02-022-3/+17
| | | | Equivalent to an 8 byte all-zero IV, same handling as Salsa.
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-183-37/+37
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* Fix dead stores in chacha_sse2_x4Never2016-11-251-6/+3
|
* Address some Coverity warningsJack Lloyd2016-10-221-1/+1
| | | | Nothing exciting.
* Improve stream doxygen [ci skip]René Korthaus2016-10-191-1/+2
|
* Add ISA annotations to functions using SIMD, AES, etcJack Lloyd2016-10-141-0/+1
| | | | | | | | Also emit `#pragma GCC target` in the ISA specific amalgamation files. This allows compiling without any special compiler flags, at least with GCC 6.2 and Clang 3.8. The ISA annotations are ignored in MSVC, which just emits whatever instruction the intrinsic requires.
* Maintainer mode fixes.Jack Lloyd2016-09-211-1/+1
| | | | | | Mostly unused args and missing override notations. Fix DH - load_check calls were commented out for debugging.
* Change T::provider to return std::stringJack Lloyd2016-09-152-2/+2
|
* Add T::provider() to allow user to inquire about implementation usedJack Lloyd2016-09-152-0/+14
| | | | | For block ciphers, stream ciphers, hashes, MACs, and cipher modes. Cipher_Mode already had it, with a slightly different usage.
* Remove bogus declJack Lloyd2016-09-051-2/+0
|
* Merge GH #613 NewHope R-LWE key exchangeJack Lloyd2016-09-051-1/+1
|\
| * Add NEWHOPE KEM schemeJack Lloyd2016-08-301-1/+1
| | | | | | | | | | | | | | | | | | | | Provides conjectured 200-bit security against a quantum attacker. Based on the public domain reference implementation at https://github.com/tpoeppelmann/newhope and bit-for-bit compatible with that version. Test vectors generated by the reference testvector.c
* | Avoid _mm_set_epi64x which is missing on 32-bit MSVC 12Jack Lloyd2016-09-021-8/+8
| |
* | Correct macro checkJack Lloyd2016-09-012-2/+2
| |
* | Missing increment in SSE2 version, broke ChaCha20Poly1305 testsJack Lloyd2016-09-011-0/+3
| | | | | | | | But not any ChaCha20 tests due to no long test inputs. Add one.
* | 4x interleaved SSE2Jack Lloyd2016-09-011-67/+225
| |
* | ChaCha 4 waysJack Lloyd2016-09-013-129/+153
| |
* | SSE2 ChaChaJack Lloyd2016-09-014-6/+111
|/
* Adding StreamCipher::seek interface, supporting seek in ChaCha, and also ↵SimCog2016-06-182-4/+28
| | | | adding ChaCha8 support
* Add support for ChaCha(12)Jack Lloyd2016-04-092-8/+32
|
* Add final attribute to many classesJack Lloyd2016-01-101-1/+1
| | | | | | | In some cases this can offer better optimization, via devirtualization. And it lets the user know the class is not intended for derivation. Some discussion in GH #402
* Internal header cleanupsJack Lloyd2015-09-191-1/+1
| | | | Only user-visible change is the removal of get_byte.h
* Fix static lib registration for block, hash, mac, stream, kdfJack Lloyd2015-09-101-2/+0
| | | | | | | | | | | The support problems from having static libraries not work in the obvious way will be endless trouble. Instead have each set of registrations tag along in a source file for the basic type, at the cost of some extra ifdefs. On shared libs this is harmless - everything is going into the shared object anyway. With static libs, this means pulling in a single block cipher pulls in the text of all the them. But that's still strictly better than the amalgamation (which is really pulling in everything), and it works (unlike status quo).
* stream: Add missing overridesDaniel Seither2015-07-301-8/+8
|
* lib/stream: Convert &vec[0] to vec.data()Simon Warta2015-06-231-2/+2
|
* Clean up root dir, remove some unneeded dependencieslloyd2015-02-051-2/+0
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-14 18:53:45 +0000