aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/stream
Commit message (Collapse)AuthorAgeFilesLines
* Remove macro usage from Salsa20Jack Lloyd2022-02-121-27/+32
|
* Remove macro usage from ChaChaJack Lloyd2022-02-121-27/+28
|
* More clang-tidy fixesJack Lloyd2022-02-101-1/+1
|
* Fix build problemsJack Lloyd2022-02-091-2/+2
|
* Fix clang-tidy readability-named-parameterJack Lloyd2022-02-063-5/+5
|
* Fix some Clang warningsJack Lloyd2022-01-271-1/+1
| | | | See GH #2886
* Remove the OpenSSL providerJack Lloyd2021-10-282-13/+2
| | | | | | | | Starting in OpenSSL 3.0, most of the functionality which we need to implement the OpenSSL provider is deprecated. Rather than reimplement the whole provider in order to allow it to continue to work in the future, just remove it. Efforts would be better spent doing more optimization work rather than chasing OpenSSL's API changes.
* Add StreamCipher::new_objectJack Lloyd2021-04-0314-35/+35
|
* Add BlockCipher::new_objectJack Lloyd2021-04-031-0/+8
|
* Use make_unique in type factory functionsJack Lloyd2021-04-031-7/+7
|
* Make scan_name.h, cpuid.h and http_util.h internalJack Lloyd2020-11-282-2/+2
|
* Remove deprecated headers, make more headers internalJack Lloyd2020-11-0615-39/+27
| | | | | | | | | Now modules default to internal headers instead of defaulting to public; making a new public API should be a visible and intentional choice. Brings the public header count from over 300 to around 150. Also removes the deprecated tls_blocking interface
* Add SHACAL2 AVX2Jack Lloyd2019-11-141-24/+19
| | | | About 2x faster on Skylake
* Optimize CTR_BE::seekJack Lloyd2019-09-261-1/+20
|
* Merge GH #2061 Add header deprecation warningsJack Lloyd2019-09-086-0/+12
|\
| * Deprecate many publically available headersJack Lloyd2019-09-066-0/+12
| |
* | Optimizations for CTR_BE::add_counterJack Lloyd2019-09-061-14/+9
|/ | | | This is in the hot path for GCM
* Avoid pointless writeJack Lloyd2019-07-051-1/+1
| | | | The last 4 bytes are always overwritten in this loop.
* Add a compatability shim for libsodiumJack Lloyd2019-06-152-5/+3
| | | | | Not complete, just trying to hit the most commonly used APIs plus the ones that are easy to do.
* Make the ISA list a listJack Lloyd2019-04-171-1/+3
|
* Fixes for minimized buildsJack Lloyd2019-02-161-0/+4
| | | | Various configurations would fail build or test, fix that.
* Support arbitrary key lengths in SHAKE-128 cipherJack Lloyd2019-02-132-22/+14
| | | | | We need this for Kyber, which uses 34 byte inputs to XOF when computing the public matrix.
* Avoid including rotate.h in bswap.hJack Lloyd2018-12-212-0/+2
| | | | | | | It was only needed for one case which is easily hardcoded. Include rotate.h in all the source files that actually use rotr/rotl but implicitly picked it up via loadstor.h -> bswap.h -> rotate.h include chain.
* Silence MSVC warningsJack Lloyd2018-12-041-2/+2
| | | | static_casts for the compiler god
* Make exceptions easier to translate to error codesJack Lloyd2018-11-231-1/+1
| | | | | | | | | | | Avoid throwing base Botan::Exception type, as it is difficult to determine what the error is in that case. Add Exception::error_code and Exception::error_type which allows (for error code) more information about the error and (for error type) allows knowing the error type without requiring a sequence of catches. See GH #1742
* Simplify Salsa20 xor loopJack Lloyd2018-11-211-4/+7
|
* Slight simplification to ChaCha loopJack Lloyd2018-11-211-7/+13
|
* Remove needless memset operationJack Lloyd2018-11-171-1/+0
|
* Use vzeroupper/vzeroall to transition between AVX and SSE states.Jack Lloyd2018-11-101-0/+4
| | | | | | | | Otherwise some CPUs suffer serious stalls. Using vzeroall on exit also has the nice effect that we don't have to worry about register contents leaking. HT to @noloader for doing the background research on this.
* Add some missing includesJack Lloyd2018-11-081-0/+1
| | | | This is not exhaustive. See GH #1733
* Optimize AVX2 ChaChaJack Lloyd2018-11-051-236/+181
| | | | | | Using the same transposition trick used for SSE2 in #1728 On my Skylake desktop about 5-10% faster depending on buffer sizes.
* Add ChaCha using SIMD_4x32Jack Lloyd2018-11-049-608/+236
| | | | | | | | | | | This allows supporting SSE2, NEON and AltiVec in a single codebase, so drop the NEON and SSE2 code. This new impl avoids having to do shuffles with every round and so is about 10% faster on Skylake. Also, fix bugs in both baseline and AVX2 implementations when the low counter overflowed. The SSE2 and NEON code were also buggy here.
* Add ChaCha in NEONJack Lloyd2018-10-264-0/+324
| | | | | Originally written by Jeffrey Walton for Crypto++, which was in turn based on my SSE2 ChaCha.
* In ChaCha AVX2/SSE2 code s/input/state/Jack Lloyd2018-10-262-80/+79
| | | | | It is confusing as while the stream cipher state is the input to the permutation, the stream cipher has an unrelated input (the text).
* Remove unused variableJack Lloyd2018-08-261-1/+0
|
* Add AVX2 version of ChaChaJack Lloyd2018-08-264-12/+304
|
* Optimize computation of CTR input blocksJack Lloyd2018-08-101-8/+13
| | | | | | | | We don't need to read each block since we know what is there Improves CTR perf with AES-NI by 5-6%, also helps GCM GH #969
* Specialize CTR::seek for 4-byte countersJack Lloyd2018-08-101-5/+19
| | | | | When used with AES-128 on Skylake (AES-NI), improves GCM performance by 10% on small messages and 5% on 1K messages.
* Add StreamCipher::write_keystreamJack Lloyd2018-08-083-0/+31
| | | | | Avoids the XOR operation. Only implemented for ChaCha20 currently, everything else defaults to memset-to-zero + xor-cipher
* De-inline functions from stream cipher headersJack Lloyd2018-08-0812-52/+127
|
* Add StreamCipher::default_iv_lengthJack Lloyd2018-08-088-11/+26
|
* Add support for XChaChaJack Lloyd2018-08-073-41/+126
|
* Fix a bug in XSalsa20Jack Lloyd2018-08-072-19/+43
| | | | | | | | If you called set_key, then set_iv, then set_iv again without having previously reset the key, you would end up with a garbled state buffer that depended on the value of the first IV. This only affected 192-bit Salsa nonces, not other sizes.
* Avoid crash in ChaCha20+Salsa if set_iv called without a key setJack Lloyd2018-08-072-0/+4
|
* Add Scrypt key dervation functionJack Lloyd2018-05-162-7/+12
|
* Add message to BOTAN_ARG_CHECK and use it more widelyJack Lloyd2018-05-136-4/+10
|
* Make stream, block, hash and cipher mode base classes optionalJack Lloyd2018-01-122-0/+8
|
* FIX: add carry bit to correct half-padRené Meusel2018-01-051-1/+1
|
* Fix RC4 name in case of skipped bytesJack Lloyd2017-12-281-3/+6
| | | | | | | | | | Add a test to detect that. Add test that stream ciphers throw if they are asked to use a nonce of a size they don't support. Remove "In = 00...00" blocks since that's implicit in the stream cipher tests.
* Accept ChaCha20 as a nameJack Lloyd2017-12-181-0/+6
|