aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/stream
Commit message (Collapse)AuthorAgeFilesLines
* Appease SonarJack Lloyd2017-10-191-1/+1
|
* Further optimizations, and split out GHASH reduction codeJack Lloyd2017-10-181-8/+11
|
* GCM and CTR optimizationsJack Lloyd2017-10-182-47/+99
| | | | | | | | | | | In CTR, special case for counter widths of special interest. In GHASH, uses a 4x reduction technique suggested by Intel. Split out GHASH to its own source file and header. With these changes GCM is over twice as fast on Skylake and about 50% faster on Westmere.
* Add compile-time rotation functionsJack Lloyd2017-10-122-16/+16
| | | | | | | | | | | | | | | | | The problem with asm rol/ror is the compiler can't schedule effectively. But we only need asm in the case when the rotation is variable, so distinguish the two cases. If a compile time constant, then static_assert that the rotation is in the correct range and do the straightforward expression knowing the compiler will probably do the right thing. Otherwise do a tricky expression that both GCC and Clang happen to have recognize. Avoid the reduction case; instead require that the rotation be in range (this reverts 2b37c13dcf). Remove the asm rotations (making this branch illnamed), because now both Clang and GCC will create a roll without any extra help. Remove the reduction/mask by the word size for the variable case. The compiler can't optimize that it out well, but it's easy to ensure it is valid in the callers, especially now that the variable input cases are easy to grep for.
* Use explicit on more single-argument constructorsJack Lloyd2017-09-301-1/+1
|
* Better tests for SIVJack Lloyd2017-09-242-12/+14
| | | | | | | | | | | | Correct errors in the AEAD tests that assumed process/update always return something - that isn't true for SIV Minor optimizations in CMAC and CTR to cache the block size instead of making a zillion virtual calls for it. Generalize SIV slightly to where it could support a non-128 bit cipher, but don't pull the trigger on it since I can't find any implementations to crosscheck with.
* Further build/test fixes for restricted configurationsJack Lloyd2017-09-241-0/+4
|
* Change header guard format to BOTAN_FOO_H_Jack Lloyd2017-09-207-14/+14
| | | | | | ISO C++ reserves names with double underscores in them Closes #512
* Add API stability annotations.Jack Lloyd2017-09-197-7/+7
| | | | | Defined in build.h, all equal to BOTAN_DLL so ties into existing system for exporting symbols.
* Refactor: remove big-endian addition code duplicationRené Meusel2017-04-132-18/+27
|
* Refactor: use ::seek(0) in CTR_BE::set_iv()René Meusel2017-04-131-18/+1
|
* Add implementation of CTR_BE::seek()René Meusel2017-04-132-2/+31
|
* Content:Tomasz Frydrych2017-04-031-1/+1
| | | | | | | | | * fixes for deprecated constructions in c++11 and later (explicit rule of 3/5 or implicit rule of 0 and other violations) * `default` specifier instead of `{}` in some places(probably all) * removal of unreachable code (for example `return` after `throw`) * removal of compilation unit only visible, but not used functions * fix for `throw()` specifier - used instead `BOTAN_NOEXCEPT` * removed not needed semicolons
* Remove "Dirty hack" for multiple defines in lex_me_harder()Simon Warta2017-04-028-8/+24
|
* Support zero-length IV in ChaChaJack Lloyd2017-02-022-3/+17
| | | | Equivalent to an 8 byte all-zero IV, same handling as Salsa.
* Add BOTAN_UNUSED in creator functionsJack Lloyd2017-01-271-0/+3
| | | | | | If all (say) stream ciphers are disabled, avoid unused arg warning. [ci skip]
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-1814-120/+120
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* Fix dead stores in chacha_sse2_x4Never2016-11-251-6/+3
|
* Add SHAKE-128 and SHAKE-256 as hash functionsJack Lloyd2016-11-103-11/+11
|
* Salsa20 accepts empty IVsJack Lloyd2016-10-302-4/+9
| | | | Treats it as an all-zero 64-bit IV. GH #697
* Merge GH #668: Remove Algo_Registry and associated global locksJack Lloyd2016-10-248-64/+99
|\
| * Remove alias logic from SCAN_NameJack Lloyd2016-10-212-4/+8
| | | | | | | | | | | | This required taking a global lock and doing a map lookup each time an algorithm was requested (and so many times during a TLS handshake).
| * Remove Algo_RegistryJack Lloyd2016-10-218-62/+93
| | | | | | | | | | | | | | I repent my use of global constructors. I repent my use of global locks. Hopefully I will never touch this code again. :)
* | Address some Coverity warningsJack Lloyd2016-10-221-1/+1
|/ | | | Nothing exciting.
* Merge GH #669 Add SHA-3, SHAKE-128, and BoringSSL-mode NewHopeJack Lloyd2016-10-205-1/+149
|\
| * Add SHAKE-128 as stream cipherJack Lloyd2016-10-195-1/+149
| | | | | | | | | | Updates NewHope to use that instead of the hard-coded SHAKE-128, and adds toggle for BoringSSL compat mode using AES-128/CTR + SHA-256.
* | Fix doxygen warnings [ci skip]René Korthaus2016-10-191-1/+1
| |
* | Minor doxygen fixes [ci skip]René Korthaus2016-10-192-2/+2
| |
* | Improve stream doxygen [ci skip]René Korthaus2016-10-192-5/+24
|/
* Add ISA annotations to functions using SIMD, AES, etcJack Lloyd2016-10-141-0/+1
| | | | | | | | Also emit `#pragma GCC target` in the ISA specific amalgamation files. This allows compiling without any special compiler flags, at least with GCC 6.2 and Clang 3.8. The ISA annotations are ignored in MSVC, which just emits whatever instruction the intrinsic requires.
* Maintainer mode fixes.Jack Lloyd2016-09-211-1/+1
| | | | | | Mostly unused args and missing override notations. Fix DH - load_check calls were commented out for debugging.
* Change T::provider to return std::stringJack Lloyd2016-09-153-4/+3
|
* Add T::provider() to allow user to inquire about implementation usedJack Lloyd2016-09-153-0/+21
| | | | | For block ciphers, stream ciphers, hashes, MACs, and cipher modes. Cipher_Mode already had it, with a slightly different usage.
* Remove bogus declJack Lloyd2016-09-051-2/+0
|
* Merge GH #613 NewHope R-LWE key exchangeJack Lloyd2016-09-051-1/+1
|\
| * Add NEWHOPE KEM schemeJack Lloyd2016-08-301-1/+1
| | | | | | | | | | | | | | | | | | | | Provides conjectured 200-bit security against a quantum attacker. Based on the public domain reference implementation at https://github.com/tpoeppelmann/newhope and bit-for-bit compatible with that version. Test vectors generated by the reference testvector.c
* | Avoid _mm_set_epi64x which is missing on 32-bit MSVC 12Jack Lloyd2016-09-021-8/+8
| |
* | Correct macro checkJack Lloyd2016-09-012-2/+2
| |
* | Missing increment in SSE2 version, broke ChaCha20Poly1305 testsJack Lloyd2016-09-011-0/+3
| | | | | | | | But not any ChaCha20 tests due to no long test inputs. Add one.
* | 4x interleaved SSE2Jack Lloyd2016-09-011-67/+225
| |
* | ChaCha 4 waysJack Lloyd2016-09-013-129/+153
| |
* | SSE2 ChaChaJack Lloyd2016-09-014-6/+111
|/
* Make Stream_Cipher::set_iv() pure virtualRené Korthaus2016-07-204-7/+9
| | | | | | | | | | It provided a default implementation that only checked that the length was correct, but ignored the actual data and did not notify the caller, which seemed like a rather odd behaviour. The only implementation that used this default implementation, RC4, now throws an exception.
* Adding StreamCipher::seek interface, supporting seek in ChaCha, and also ↵SimCog2016-06-1811-4/+59
| | | | adding ChaCha8 support
* Fix GCM counter incrementJack Lloyd2016-05-232-2/+18
| | | | | | | | | GCM is defined as having a 32-bit counter, but CTR_BE incremented the counter across the entire block. This caused incorrect results if a very large message (2**39 bits) was processed, or if the GHASH derived nonce ended up having a counter field near to 2**32 Thanks to Juraj Somorovsky for the bug report and repro.
* Add explicit static_cast operations to eliminate implicit cast compiler ↵Dan Brown2016-04-271-1/+1
| | | | warnings.
* Remove Transform base classJack Lloyd2016-04-211-1/+0
| | | | | | | | | | | | | | | | | | | | | | With sufficient squinting, Transform provided an abstract base interface that covered both cipher modes and compression algorithms. However it mapped on neither of them particularly well. In addition this API had the same problem that has made me dislike the Pipe/Filter API: given a Transform&, what does it do when you put bits in? Maybe it encrypts. Maybe it compresses. It's a floor wax and a dessert topping! Currently the Cipher_Mode interface is left mostly unchanged, with the APIs previously on Transform just moved down the type hierarchy. I think there are some definite improvements possible here, wrt handling of in-place encryption, but left for a later commit. The compression API is split into two types, Compression_Algorithm and Decompression_Algorithm. Compression_Algorithm's start() call takes the compression level, allowing varying compressions with a single object. And flushing the compression state is moved to a bool param on `Compression_Algorithm::update`. All the nonsense WRT compression algorithms having zero length nonces, input granularity rules, etc as a result of using the Transform interface goes away.
* Add support for ChaCha(12)Jack Lloyd2016-04-093-9/+33
|
* cppcheck fixes: Class 'X' has a constructor with 1 argument that is not ↵Daniel Neus2016-03-054-4/+4
| | | | explicit.
* Add final attribute to many classesJack Lloyd2016-01-105-5/+5
| | | | | | | In some cases this can offer better optimization, via devirtualization. And it lets the user know the class is not intended for derivation. Some discussion in GH #402
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-27 11:22:21 +0000