aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/stream
Commit message (Collapse)AuthorAgeFilesLines
* Merge GH #613 NewHope R-LWE key exchangeJack Lloyd2016-09-051-1/+1
|\
| * Add NEWHOPE KEM schemeJack Lloyd2016-08-301-1/+1
| | | | | | | | | | | | | | | | | | | | Provides conjectured 200-bit security against a quantum attacker. Based on the public domain reference implementation at https://github.com/tpoeppelmann/newhope and bit-for-bit compatible with that version. Test vectors generated by the reference testvector.c
* | Avoid _mm_set_epi64x which is missing on 32-bit MSVC 12Jack Lloyd2016-09-021-8/+8
| |
* | Correct macro checkJack Lloyd2016-09-012-2/+2
| |
* | Missing increment in SSE2 version, broke ChaCha20Poly1305 testsJack Lloyd2016-09-011-0/+3
| | | | | | | | But not any ChaCha20 tests due to no long test inputs. Add one.
* | 4x interleaved SSE2Jack Lloyd2016-09-011-67/+225
| |
* | ChaCha 4 waysJack Lloyd2016-09-013-129/+153
| |
* | SSE2 ChaChaJack Lloyd2016-09-014-6/+111
|/
* Make Stream_Cipher::set_iv() pure virtualRené Korthaus2016-07-204-7/+9
| | | | | | | | | | It provided a default implementation that only checked that the length was correct, but ignored the actual data and did not notify the caller, which seemed like a rather odd behaviour. The only implementation that used this default implementation, RC4, now throws an exception.
* Adding StreamCipher::seek interface, supporting seek in ChaCha, and also ↵SimCog2016-06-1811-4/+59
| | | | adding ChaCha8 support
* Fix GCM counter incrementJack Lloyd2016-05-232-2/+18
| | | | | | | | | GCM is defined as having a 32-bit counter, but CTR_BE incremented the counter across the entire block. This caused incorrect results if a very large message (2**39 bits) was processed, or if the GHASH derived nonce ended up having a counter field near to 2**32 Thanks to Juraj Somorovsky for the bug report and repro.
* Add explicit static_cast operations to eliminate implicit cast compiler ↵Dan Brown2016-04-271-1/+1
| | | | warnings.
* Remove Transform base classJack Lloyd2016-04-211-1/+0
| | | | | | | | | | | | | | | | | | | | | | With sufficient squinting, Transform provided an abstract base interface that covered both cipher modes and compression algorithms. However it mapped on neither of them particularly well. In addition this API had the same problem that has made me dislike the Pipe/Filter API: given a Transform&, what does it do when you put bits in? Maybe it encrypts. Maybe it compresses. It's a floor wax and a dessert topping! Currently the Cipher_Mode interface is left mostly unchanged, with the APIs previously on Transform just moved down the type hierarchy. I think there are some definite improvements possible here, wrt handling of in-place encryption, but left for a later commit. The compression API is split into two types, Compression_Algorithm and Decompression_Algorithm. Compression_Algorithm's start() call takes the compression level, allowing varying compressions with a single object. And flushing the compression state is moved to a bool param on `Compression_Algorithm::update`. All the nonsense WRT compression algorithms having zero length nonces, input granularity rules, etc as a result of using the Transform interface goes away.
* Add support for ChaCha(12)Jack Lloyd2016-04-093-9/+33
|
* cppcheck fixes: Class 'X' has a constructor with 1 argument that is not ↵Daniel Neus2016-03-054-4/+4
| | | | explicit.
* Add final attribute to many classesJack Lloyd2016-01-105-5/+5
| | | | | | | In some cases this can offer better optimization, via devirtualization. And it lets the user know the class is not intended for derivation. Some discussion in GH #402
* Mass-prefix member vars with m_René Korthaus2016-01-082-47/+47
|
* initialize private members in rc4 headerDaniel Neus2015-12-232-5/+4
|
* some trivial compiler/PVS-Studio warning fixesDaniel Neus2015-12-221-1/+1
|
* Merge the openssl code together.Jack Lloyd2015-12-191-73/+0
| | | | | | | Having the code diffused all over the place was ugly and would not scale well to multiple alternative providers. GH #368
* Update and consolidate the test framework.Jack Lloyd2015-11-111-1/+13
| | | | | | | | | | | The tests previously had used 4 to 6 different schemes internally (the vec file reader framework, Catch, the old InSiTo Boost.Test tests, the PK/BigInt tests which escaped the rewrite in 1.11.7, plus a number of one-offs). Converge on a design that works everywhere, and update all the things. Fix also a few bugs found by the test changes: SHA-512-256 name incorrect, OpenSSL RC4 name incorrect, signature of FFI function botan_pubkey_destroy was wrong.
* Break up openssl providerJack Lloyd2015-10-191-0/+61
| | | | | | For RSA, RC4, and ECDSA put the openssl versions in the same directory as the base version. They just rely on a macro check for the openssl module to test for the desire to use OpenSSL.
* Remove use of lookup.h in favor of new T::create API.Jack Lloyd2015-09-212-6/+4
|
* Address some review comments by Simon. GH #279Jack Lloyd2015-09-212-6/+6
|
* Internal header cleanupsJack Lloyd2015-09-198-43/+5
| | | | Only user-visible change is the removal of get_byte.h
* Handle dependencies re static linking. GH #279Jack Lloyd2015-09-174-0/+28
| | | | | | | | | | | | | | Previously we were hanging on the type destructors to pull in the relevant objects. However that fails in many simple cases where the object is never deleted. For every type involved in the algo registry add static create and providers functions to access the algo registry. Modify lookup.h to be inline and call those functions, and move a few to sub-headers (eg, get_pbkdf going to pbkdf.h). So accessing the registry involves going through the same file that handles the initialization, so there is no way to end up with missing objs.
* Fix static lib registration for block, hash, mac, stream, kdfJack Lloyd2015-09-107-16/+65
| | | | | | | | | | | The support problems from having static libraries not work in the obvious way will be endless trouble. Instead have each set of registrations tag along in a source file for the basic type, at the cost of some extra ifdefs. On shared libs this is harmless - everything is going into the shared object anyway. With static libs, this means pulling in a single block cipher pulls in the text of all the them. But that's still strictly better than the amalgamation (which is really pulling in everything), and it works (unlike status quo).
* stream: Add missing overridesDaniel Seither2015-07-305-38/+38
|
* lib/stream: Convert &vec[0] to vec.data()Simon Warta2015-06-234-10/+10
|
* Fix various bugs found by Coverity scanner.lloyd2015-05-152-2/+2
| | | | | | | Uninitialized variables, missing divide by zero checks, missing virtual destructor, etc. Only thing serious is bug in TLS maximum fragment decoder; missing breaks in switch statement meant receiver would treat any negotiated max frament as 4k limit.
* Hide Algorithm_Factory and use the functions in lookup.h internally.lloyd2015-03-042-2/+2
| | | | | | Fix two memory leaks (in TLS and modes) caused by calling get_foo and then cloning the result before saving it (leaking the original object), a holdover from the conversion between construction techniques in 1.11.14
* Reduce the CTR_BE buffer down to just a few blocks.lloyd2015-02-171-14/+16
| | | | No performance impact afaict.
* Move Cipher_Mode enum out of types.h, move stream cipher mode to new headerlloyd2015-02-051-2/+1
|
* Clean up root dir, remove some unneeded dependencieslloyd2015-02-053-12/+0
|
* Enable OpenSSL for providing ciphers and hashes again.lloyd2015-02-051-0/+1
|
* Remove algo factory, engines, global RNG, global state, etc.lloyd2015-02-044-36/+10
| | | | | | | | | | | | | | | Convert all uses of Algorithm_Factory and the engines to using Algo_Registry The shared pool of entropy sources remains but is moved to EntropySource. With that and few remaining initializations (default OIDs and aliases) moved elsewhere, the global state is empty and init and shutdown are no-ops. Remove almost all of the headers and code for handling the global state, except LibraryInitializer which remains as a compatability stub. Update seeding for blinding so only one hacky almost-global RNG instance needs to be setup instead of across all pubkey uses (it uses either the system RNG or an AutoSeeded_RNG if the system RNG is not available).
* Add missing files. Remove cipher lookup from engine code.lloyd2015-02-011-0/+33
|
* Use registry for streams and MACs. Start updating callers.lloyd2015-01-3110-9/+61
|
* Ensure all files have copyright and license info.lloyd2015-01-1012-12/+12
| | | | | Update license header line to specify the terms and refer to the file, neither of which it included before.
* Decruftlloyd2014-12-312-15/+1
|
* Support 96 bit nonces in ChaCha20 as specified in ↵lloyd2014-12-292-3/+12
| | | | draft-irtf-cfrg-chacha20-poly1305-03
* Remove unused includelloyd2014-02-131-1/+0
|
* Add ChaChalloyd2014-01-315-77/+285
|
* Guess I won't be needing theselloyd2014-01-182-2/+0
|
* More unique_ptrlloyd2014-01-184-127/+67
|
* Move lib into srclloyd2014-01-1015-0/+910