| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|\ |
|
| | |
|
|/
|
|
| |
This is in the hot path for GCM
|
|
|
|
| |
The last 4 bytes are always overwritten in this loop.
|
|
|
|
| |
static_casts for the compiler god
|
|
|
|
|
|
|
|
| |
We don't need to read each block since we know what is there
Improves CTR perf with AES-NI by 5-6%, also helps GCM
GH #969
|
|
|
|
|
| |
When used with AES-128 on Skylake (AES-NI), improves GCM performance
by 10% on small messages and 5% on 1K messages.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Add a test that StreamCipher::seek throws if not keyed.
|
|
|
|
|
| |
Previously calling update or encrypt without calling set_key first
would result in invalid outputs or else crashing.
|
|
|
|
|
|
|
|
|
| |
Prohibit very small counter widths (under 4 bytes), since they lead
to trivial keystream reuse.
Add tests.
Fix clone which always returned an object with a block-wide counter.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In CTR, special case for counter widths of special interest.
In GHASH, uses a 4x reduction technique suggested by Intel.
Split out GHASH to its own source file and header.
With these changes GCM is over twice as fast on Skylake and about
50% faster on Westmere.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Correct errors in the AEAD tests that assumed process/update always
return something - that isn't true for SIV
Minor optimizations in CMAC and CTR to cache the block size instead
of making a zillion virtual calls for it.
Generalize SIV slightly to where it could support a non-128 bit
cipher, but don't pull the trigger on it since I can't find any
implementations to crosscheck with.
|
|
|
|
|
|
| |
ISO C++ reserves names with double underscores in them
Closes #512
|
|
|
|
|
| |
Defined in build.h, all equal to BOTAN_DLL so ties into existing
system for exporting symbols.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
Renames a couple of functions for somewhat better name consistency,
eg make_u32bit becomes make_uint32. The old typedefs remain for now
since probably lots of application code uses them.
|
|
|
|
|
|
|
| |
I repent my use of global constructors.
I repent my use of global locks.
Hopefully I will never touch this code again.
:)
|
| |
|
|
|
|
| |
adding ChaCha8 support
|
|
|
|
|
|
|
|
|
| |
GCM is defined as having a 32-bit counter, but CTR_BE incremented the
counter across the entire block. This caused incorrect results if
a very large message (2**39 bits) was processed, or if the GHASH
derived nonce ended up having a counter field near to 2**32
Thanks to Juraj Somorovsky for the bug report and repro.
|
|
|
|
| |
warnings.
|
|
|
|
| |
explicit.
|
|
|
|
|
|
|
| |
In some cases this can offer better optimization, via devirtualization.
And it lets the user know the class is not intended for derivation.
Some discussion in GH #402
|
| |
|
|
|
|
| |
Only user-visible change is the removal of get_byte.h
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously we were hanging on the type destructors to pull in
the relevant objects. However that fails in many simple cases
where the object is never deleted.
For every type involved in the algo registry add static create
and providers functions to access the algo registry. Modify
lookup.h to be inline and call those functions, and move
a few to sub-headers (eg, get_pbkdf going to pbkdf.h). So
accessing the registry involves going through the same file
that handles the initialization, so there is no way to end up
with missing objs.
|
|
|
|
|
|
|
|
|
|
|
| |
The support problems from having static libraries not work in the
obvious way will be endless trouble. Instead have each set of
registrations tag along in a source file for the basic type, at the
cost of some extra ifdefs. On shared libs this is harmless -
everything is going into the shared object anyway. With static libs,
this means pulling in a single block cipher pulls in the text of all
the them. But that's still strictly better than the amalgamation
(which is really pulling in everything), and it works (unlike status quo).
|
| |
|
| |
|
|
|
|
|
|
| |
Fix two memory leaks (in TLS and modes) caused by calling get_foo and
then cloning the result before saving it (leaking the original object),
a holdover from the conversion between construction techniques in 1.11.14
|
|
|
|
| |
No performance impact afaict.
|
| |
|
| |
|
|
|
|
|
| |
Update license header line to specify the terms and refer to the file,
neither of which it included before.
|
| |
|
| |
|
|
|